Updated to use ServicePrincipalCredentials class and get rid of requests

This commit is contained in:
Laurent Mazuel 2016-03-14 11:22:33 -07:00
parent 027ae690c4
commit 112355d965

View file

@ -306,10 +306,8 @@ RETURN = '''
try: try:
import time import time
import yaml import yaml
import requests
import azure
from itertools import chain from itertools import chain
from azure.common.credentials import BasicTokenAuthentication from azure.common.credentials import ServicePrincipalCredentials
from azure.common.exceptions import CloudError from azure.common.exceptions import CloudError
from azure.mgmt.resource.resources.models import ( from azure.mgmt.resource.resources.models import (
DeploymentProperties, DeploymentProperties,
@ -329,35 +327,11 @@ except ImportError:
AZURE_URL = "https://management.azure.com" AZURE_URL = "https://management.azure.com"
def get_token(domain_or_tenant, client_id, client_secret):
"""
Get an Azure Active Directory token for a service principal
:param domain_or_tenant: The domain or tenant id of your Azure Active Directory instance
:param client_id: The client id of your application in Azure Active Directory
:param client_secret: One of the application secrets created in your Azure Active Directory application
:return: an authenticated bearer token to be used with requests to the API
"""
# the client id we can borrow from azure xplat cli
grant_type = 'client_credentials'
token_url = 'https://login.microsoftonline.com/{}/oauth2/token'.format(domain_or_tenant)
payload = {
'grant_type': grant_type,
'client_id': client_id,
'client_secret': client_secret,
'resource': 'https://management.core.windows.net/'
}
res = requests.post(token_url, data=payload)
return res.json()['access_token'] if res.status_code == 200 else None
def get_azure_connection_info(module): def get_azure_connection_info(module):
azure_url = module.params.get('azure_url') azure_url = module.params.get('azure_url')
tenant_or_domain = module.params.get('tenant_or_domain') tenant_id = module.params.get('tenant_id')
client_id = module.params.get('client_id') client_id = module.params.get('client_id')
client_secret = module.params.get('client_secret') client_secret = module.params.get('client_secret')
security_token = module.params.get('security_token')
resource_group_name = module.params.get('resource_group_name') resource_group_name = module.params.get('resource_group_name')
subscription_id = module.params.get('subscription_id') subscription_id = module.params.get('subscription_id')
@ -379,19 +353,13 @@ def get_azure_connection_info(module):
else: else:
resource_group_name = None resource_group_name = None
if not security_token: if not tenant_id:
if 'AZURE_SECURITY_TOKEN' in os.environ:
security_token = os.environ['AZURE_SECURITY_TOKEN']
else:
security_token = None
if not tenant_or_domain:
if 'AZURE_TENANT_ID' in os.environ: if 'AZURE_TENANT_ID' in os.environ:
tenant_or_domain = os.environ['AZURE_TENANT_ID'] tenant_id = os.environ['AZURE_TENANT_ID']
elif 'AZURE_DOMAIN' in os.environ: elif 'AZURE_DOMAIN' in os.environ:
tenant_or_domain = os.environ['AZURE_DOMAIN'] tenant_id = os.environ['AZURE_DOMAIN']
else: else:
tenant_or_domain = None tenant_id = None
if not client_id: if not client_id:
if 'AZURE_CLIENT_ID' in os.environ: if 'AZURE_CLIENT_ID' in os.environ:
@ -406,10 +374,9 @@ def get_azure_connection_info(module):
client_secret = None client_secret = None
return dict(azure_url=azure_url, return dict(azure_url=azure_url,
tenant_or_domain=tenant_or_domain, tenant_id=tenant_id,
client_id=client_id, client_id=client_id,
client_secret=client_secret, client_secret=client_secret,
security_token=security_token,
resource_group_name=resource_group_name, resource_group_name=resource_group_name,
subscription_id=subscription_id) subscription_id=subscription_id)
@ -593,9 +560,8 @@ def main():
azure_url=dict(default=AZURE_URL), azure_url=dict(default=AZURE_URL),
subscription_id=dict(), subscription_id=dict(),
client_secret=dict(no_log=True), client_secret=dict(no_log=True),
client_id=dict(), client_id=dict(required=True),
tenant_or_domain=dict(), tenant_id=dict(required=True),
security_token=dict(aliases=['access_token'], no_log=True),
resource_group_name=dict(required=True), resource_group_name=dict(required=True),
state=dict(default='present', choices=['present', 'absent']), state=dict(default='present', choices=['present', 'absent']),
template=dict(default=None, type='dict'), template=dict(default=None, type='dict'),
@ -619,24 +585,10 @@ def main():
conn_info = get_azure_connection_info(module) conn_info = get_azure_connection_info(module)
if conn_info['security_token'] is None and \ credentials = ServicePrincipalCredentials(client_id=conn_info['client_id'],
(conn_info['client_id'] is None or conn_info['client_secret'] is None or conn_info[ secret=conn_info['client_secret'],
'tenant_or_domain'] is None): tenant=conn_info['tenant_id'])
module.fail_json(msg='security token or client_id, client_secret and tenant_or_domain is required')
if conn_info['security_token'] is None:
conn_info['security_token'] = get_token(conn_info['tenant_or_domain'],
conn_info['client_id'],
conn_info['client_secret'])
if conn_info['security_token'] is None:
module.fail_json(msg='failed to retrieve a security token from Azure Active Directory')
credentials = BasicTokenAuthentication(
token = {
'access_token':conn_info['security_token']
}
)
subscription_id = conn_info['subscription_id'] subscription_id = conn_info['subscription_id']
resource_client = ResourceManagementClient(ResourceManagementClientConfiguration(credentials, subscription_id)) resource_client = ResourceManagementClient(ResourceManagementClientConfiguration(credentials, subscription_id))
network_client = NetworkManagementClient(NetworkManagementClientConfiguration(credentials, subscription_id)) network_client = NetworkManagementClient(NetworkManagementClientConfiguration(credentials, subscription_id))