public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(IAzureContext context, string targetEndpoint)
{
return(new TokenCloudCredentials(context.Subscription.Id.ToString(), Token.AccessToken));
}
/// <summary>
/// Constructs a ServiceObjective adapter
/// </summary>
/// <param name="profile">The current azure profile</param>
/// <param name="subscription">The current azure subscription</param>
public AzureSqlServerServiceObjectiveAdapter(IAzureContext context)
{
Context = context;
Communicator = new AzureSqlServerServiceObjectiveCommunicator(Context);
}
/// <summary>
/// Creates new ActiveDirectoryClient using WindowsAzureSubscription.
/// </summary>
/// <param name="context"></param>
public ActiveDirectoryClient(IAzureContext context)
{
GraphClient = AzureSession.Instance.ClientFactory.CreateArmClient <GraphRbacManagementClient>(
context, AzureEnvironment.Endpoint.Graph);
GraphClient.TenantID = context.Tenant.Id.ToString();
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
string resourceUrlOrId;
if (ParameterSetName == KnownResourceNameParameterSet)
{
if (ResourceTypeName == null)
{
ResourceTypeName = SupportedResourceNames.Arm;
}
if (!SupportedResourceNames.ResourceNameMap.ContainsKey(ResourceTypeName))
{
throw new ArgumentException(Properties.Resources.InvalidResourceTypeName.FormatInvariant(ResourceTypeName), nameof(ResourceTypeName));
}
resourceUrlOrId = SupportedResourceNames.ResourceNameMap[ResourceTypeName];
}
else
{
resourceUrlOrId = ResourceUrl;
}
IAzureContext context = DefaultContext;
if (TenantId == null)
{
TenantId = context.Tenant?.Id;
}
IAccessToken accessToken = AzureSession.Instance.AuthenticationFactory.Authenticate(
context.Account,
context.Environment,
TenantId,
null,
ShowDialog.Never,
null,
null,
resourceUrlOrId);
var result = new PSAccessToken()
{
Token = accessToken.AccessToken,
TenantId = TenantId,
UserId = accessToken.UserId,
};
result.ExpiresOn = (accessToken as MsalAccessToken)?.ExpiresOn ?? result.ExpiresOn;
if (result.ExpiresOn == default(DateTimeOffset))
{
try
{
var tokenParts = accessToken.AccessToken.Split('.');
var decodedToken = Base64UrlHelper.DecodeToString(tokenParts[1]);
var tokenDocument = JsonDocument.Parse(decodedToken);
int expSeconds = tokenDocument.RootElement.EnumerateObject()
.Where(p => p.Name == "exp")
.Select(p => p.Value.GetInt32())
.First();
result.ExpiresOn = UnixEpoch.AddSeconds(expSeconds);
}
catch (Exception e)//Ignore exception if fails to parse exp from token
{
WriteDebug("Unable to parse exp in token: " + e.ToString());
}
}
WriteObject(result);
}
/// <summary>
/// Constructs a Managed instance adapter
/// </summary>
/// <param name="context">The current azure profile</param>
public AzureSqlManagedInstanceAdapter(IAzureContext context)
{
Context = context;
Communicator = new AzureSqlManagedInstanceCommunicator(Context);
}
public TClient CreateArmClient <TClient>(IAzureContext context, string endpoint) where TClient : Microsoft.Rest.ServiceClient <TClient>
{
throw new NotImplementedException();
}
private static int HashContext(IAzureContext context)
{
return((context.Account.Id + context.Environment.Name + context.Subscription.Id + context.Tenant.Id).GetHashCode());
}
public OperationalInsightsClient(IAzureContext context)
{
OperationalInsightsManagementClient = AzureSession.Instance.ClientFactory.CreateArmClient <OperationalInsightsManagementClient>(
context,
AzureEnvironment.Endpoint.ResourceManager);
}
public Track2HsmClient(IAuthenticationFactory authFactory, IAzureContext context)
{
_credential = new Track2TokenCredential(new DataServiceCredential(authFactory, context, AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId));
_uriHelper = new VaultUriHelper(context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix));
}
public ServiceClientCredentials GetServiceClientCredentials(IAzureContext context, string targetEndpoint)
{
if (context.Account == null)
{
throw new AzPSArgumentException(Resources.ArmAccountNotFound, "context.Account", ErrorKind.UserError);
}
switch (context.Account.Type)
{
case AzureAccount.AccountType.Certificate:
throw new NotSupportedException(AzureAccount.AccountType.Certificate.ToString());
case AzureAccount.AccountType.AccessToken:
return(new RenewingTokenCredential(new ExternalAccessToken(GetEndpointToken(context.Account, targetEndpoint), () => GetEndpointToken(context.Account, targetEndpoint))));
}
string tenant = null;
if (context.Subscription != null && context.Account != null)
{
tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
.Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
.FirstOrDefault();
}
if (tenant == null && context.Tenant != null && new Guid(context.Tenant.Id) != Guid.Empty)
{
tenant = context.Tenant.Id.ToString();
}
if (tenant == null)
{
throw new ArgumentException(Resources.NoTenantInContext);
}
try
{
TracingAdapter.Information(Resources.UPNAuthenticationTrace,
context.Account.Id, context.Environment.Name, tenant);
IAccessToken token = null;
switch (context.Account.Type)
{
case AzureAccount.AccountType.ManagedService:
case AzureAccount.AccountType.User:
case AzureAccount.AccountType.ServicePrincipal:
case "ClientAssertion":
token = Authenticate(context.Account, context.Environment, tenant, null, ShowDialog.Never, null, context.Environment.GetTokenAudience(targetEndpoint));
break;
default:
throw new NotSupportedException(context.Account.Type.ToString());
}
TracingAdapter.Information(Resources.UPNAuthenticationTokenTrace,
token.LoginType, token.TenantId, token.UserId);
return(new RenewingTokenCredential(token));
}
catch (Exception ex)
{
TracingAdapter.Information(Resources.AdalAuthException, ex.Message);
throw new ArgumentException(Resources.InvalidArmContext, ex);
}
}
/// <summary>
/// Constructor for the instance pool adapter
/// </summary>
/// <param name="context">The Azure Context</param>
public AzureSqlInstancePoolAdapter(IAzureContext context)
{
Context = context;
Communicator = new AzureSqlInstancePoolCommunicator(Context);
}
public ServiceClientCredentials GetServiceClientCredentials(IAzureContext context)
{
return(GetServiceClientCredentials(context,
AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId));
}
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(IAzureContext context, string targetEndpoint)
{
if (context.Subscription == null)
{
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.InvalidDefaultSubscription
: Resources.NoSubscriptionInContext;
throw new ApplicationException(exceptionMessage);
}
if (context.Account == null)
{
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.AccountNotFound
: Resources.ArmAccountNotFound;
throw new ArgumentException(exceptionMessage);
}
switch (context.Account.Type)
{
case AzureAccount.AccountType.Certificate:
var certificate = AzureSession.Instance.DataStore.GetCertificate(context.Account.Id);
return(new CertificateCloudCredentials(context.Subscription.Id.ToString(), certificate));
case AzureAccount.AccountType.AccessToken:
return(new TokenCloudCredentials(context.Subscription.Id.ToString(), GetEndpointToken(context.Account, targetEndpoint)));
}
string tenant = null;
if (context.Subscription != null && context.Account != null)
{
tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
.Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
.FirstOrDefault();
}
if (tenant == null && context.Tenant != null && new Guid(context.Tenant.Id) != Guid.Empty)
{
tenant = context.Tenant.Id.ToString();
}
if (tenant == null)
{
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.TenantNotFound
: Resources.NoTenantInContext;
throw new ArgumentException(exceptionMessage);
}
try
{
TracingAdapter.Information(
Resources.UPNAuthenticationTrace,
context.Account.Id,
context.Environment.Name,
tenant);
var token = Authenticate(
context.Account,
context.Environment,
tenant,
null,
ShowDialog.Never,
null,
null,
context.Environment.GetTokenAudience(targetEndpoint));
TracingAdapter.Information(
Resources.UPNAuthenticationTokenTrace,
token.LoginType,
token.TenantId,
token.UserId);
return(new AccessTokenCredential(context.Subscription.GetId(), token));
}
catch (Exception ex)
{
TracingAdapter.Information(Resources.AdalAuthException, ex.Message);
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.InvalidSubscriptionState
: Resources.InvalidArmContext;
throw new ArgumentException(exceptionMessage, ex);
}
}
public ServiceClientCredentials GetServiceClientCredentials(IAzureContext context, string targetEndpoint)
{
throw new NotImplementedException();
}
public TClient CreateArmClient <TClient>(IAzureContext context, string endpoint) where TClient : Rest.ServiceClient <TClient>
{
return(string.Equals(endpoint, AzureEnvironment.Endpoint.Graph, StringComparison.OrdinalIgnoreCase) ?
_mockContext.GetGraphServiceClient <TClient>() :
_mockContext.GetServiceClient <TClient>());
}
/// <summary>
/// Constructs a ServiceObjective adapter
/// </summary>
/// <param name="profile">The current azure profile</param>
/// <param name="subscription">The current azure subscription</param>
public AzureSqlServerServiceObjectiveAdapter(IAzureContext context)
{
Context = context;
ServerCommunicator = new AzureSqlServerCommunicator(Context);
CapabilitiesCommunicator = new AzureSqlCapabilitiesCommunicator(Context);
}
/// <summary>
/// Create a storage context usign cloud storage account
/// </summary>
/// <param name="account">cloud storage account</param>
public AzureStorageContext(CloudStorageAccount account, string accountName = null, IAzureContext DefaultContext = null, DebugLogWriter logWriter = null)
{
StorageAccount = account;
TableStorageAccount = XTable.CloudStorageAccount.Parse(StorageAccount.ToString(true));
if (account.BlobEndpoint != null)
{
BlobEndPoint = account.BlobEndpoint.ToString();
}
if (account.TableEndpoint != null)
{
TableEndPoint = account.TableEndpoint.ToString();
}
if (account.QueueEndpoint != null)
{
QueueEndPoint = account.QueueEndpoint.ToString();
}
if (account.FileEndpoint != null)
{
FileEndPoint = account.FileEndpoint.ToString();
}
StorageAccountName = string.IsNullOrEmpty(accountName) ?
(account.Credentials is null ? null : account.Credentials.AccountName)
: accountName;
Context = this;
Name = String.Empty;
if (string.IsNullOrEmpty(StorageAccountName))
{
if (account.Credentials != null && account.Credentials.IsSAS)
{
StorageAccountName = "[SasToken]";
}
else if (account.Credentials != null && account.Credentials.IsToken)
{
StorageAccountName = "[AccessToken]";
}
else
{
StorageAccountName = "[Anonymous]";
}
}
if (account.Credentials != null && account.Credentials.IsToken)
{
Track2OauthToken = new AzureSessionCredential(DefaultContext, logWriter);
}
}
/// <summary>
/// Constructs a Server Key adapter
/// </summary>
/// <param name="context">The current AzureContext</param>
public AzureSqlServerKeyVaultKeyAdapter(IAzureContext context)
{
Context = context;
Communicator = new AzureSqlServerKeyVaultKeyCommunicator(Context);
}
public TClient CreateClient <TClient>(IAzureContext context, string endpoint) where TClient : Hyak.Common.ServiceClient <TClient>
{
throw new NotImplementedException();
}
/// <summary>
/// Constructs a database backup adapter
/// </summary>
/// <param name="profile">The current azure profile</param>
/// <param name="subscription">The current azure subscription</param>
public AzureSqlDatabaseBackupAdapter(IAzureContext context)
{
Context = context;
_subscription = context?.Subscription;
Communicator = new AzureSqlDatabaseBackupCommunicator(Context);
}
public ClientWrapper(IAzureContext context)
: this(AzureSession.Instance.ClientFactory.CreateArmClient<Client>(context, AzureEnvironment.Endpoint.ResourceManager))
{
}
public SqlVulnerabilityAssessmentRuleBaselineAdapter(IAzureContext context) : base(context)
{
Context = context;
Subscription = context?.Subscription;
VulnerabilityAssessmentCommunicator = new VulnerabilityAssessmentEndpointsCommunicator(Context);
}
/// <summary>
/// Constructs a outbound firewall rules adapter
/// </summary>
/// <param name="context">Context for Azure</param>
public AzureSqlServerOutboundFirewallRulesAdapter(IAzureContext context)
{
Context = context;
Communicator = new AzureSqlServerOutboundFirewallRulesCommunicator(Context);
}
/// <summary>
/// Constructs a Azure SQL Instance Active Directory administrator adapter
/// </summary>
/// <param name="profile">The current azure profile</param>
/// <param name="subscription">The current azure subscription</param>
public AzureSqlInstanceActiveDirectoryAdministratorAdapter(IAzureContext context)
{
Context = context;
Communicator = new AzureSqlInstanceActiveDirectoryAdministratorCommunicator(Context);
}
public VaultManagementClient(IAzureContext context)
{
KeyVaultManagementClient = AzureSession.Instance.ClientFactory.CreateArmClient <KeyVaultManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager);
}
/// <summary>
/// Lazy creation of a single instance of a resources client
/// </summary>
private ResourceManagementClient GetCurrentResourcesClient(IAzureContext context)
{
return(ResourcesClient ?? (ResourcesClient =
AzureSession.Instance.ClientFactory.CreateArmClient <ResourceManagementClient>(Context, AzureEnvironment.Endpoint.ResourceManager)));
}
public RedisCacheClient(IAzureContext context)
{
_client = AzureSession.Instance.ClientFactory.CreateArmClient <RedisManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager);
_insightsClient = AzureSession.Instance.ClientFactory.CreateClient <InsightsManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager);
_resourceManagementClient = AzureSession.Instance.ClientFactory.CreateArmClient <ResourceManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager);
}
/// <summary>
/// Initializes the client instance
/// </summary>
/// <param name="context"></param>
public WebsitesClient(IAzureContext context)
{
this.WrappedWebsitesClient = AzureSession.Instance.ClientFactory.CreateArmClient <WebSiteManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager);
}
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(IAzureContext context)
{
return(GetSubscriptionCloudCredentials(context, AzureEnvironment.Endpoint.ServiceManagement));
}
public Microsoft.Rest.ServiceClientCredentials GetServiceClientCredentials(IAzureContext context)
{
return(new Microsoft.Rest.TokenCredentials(Token.AccessToken));
}
