public DataServiceCredential(IAuthenticationFactory authFactory, AzureContext context, AzureEnvironment.Endpoint resourceIdEndpoint)
{
if (authFactory == null)
throw new ArgumentNullException("authFactory");
if (context == null)
throw new ArgumentNullException("context");
_authenticationFactory = authFactory;
_context = context;
_endpointName = resourceIdEndpoint;
this.TenantId = GetTenantId(context);
}
/// <summary>
/// TODO: Migrate all code that references this method to use AzureContext
/// </summary>
/// <typeparam name="TClient"></typeparam>
/// <param name="subscription"></param>
/// <param name="endpoint"></param>
/// <returns></returns>
public virtual TClient CreateClient <TClient>(AzureSubscription subscription, AzureEnvironment.Endpoint endpoint) where TClient : ServiceClient <TClient>
{
if (subscription == null)
{
throw new ApplicationException(Resources.InvalidCurrentSubscription);
}
ProfileClient profileClient = new ProfileClient();
AzureContext context = new AzureContext
{
Subscription = subscription,
Environment = profileClient.GetEnvironmentOrDefault(subscription.Environment),
Account = profileClient.GetAccount(subscription.Account)
};
return(CreateClient <TClient>(context, endpoint));
}
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
return(new TokenCloudCredentials(context.Subscription.Id.ToString(), Token.AccessToken));
}
/// <summary>
/// Creates the client.
/// </summary>
/// <typeparam name="TClient">The type of the client.</typeparam>
/// <param name="profile">The profile.</param>
/// <param name="subscription">The subscription.</param>
/// <param name="endpoint">The endpoint.</param>
/// <returns></returns>
/// <exception cref="System.ApplicationException"></exception>
/// <exception cref="System.ArgumentException">
/// accountName
/// or
/// environment
/// </exception>
public virtual TClient CreateClient <TClient>(AzureSMProfile profile, AzureSubscription subscription, AzureEnvironment.Endpoint endpoint) where TClient : ServiceClient <TClient>
{
if (subscription == null)
{
throw new ApplicationException(Resources.InvalidDefaultSubscription);
}
if (!profile.Accounts.ContainsKey(subscription.Account))
{
throw new ArgumentException(string.Format("Account with name '{0}' does not exist.", subscription.Account), "accountName");
}
if (!profile.Environments.ContainsKey(subscription.Environment))
{
throw new ArgumentException(string.Format(Resources.EnvironmentNotFound, subscription.Environment));
}
AzureContext context = new AzureContext(subscription,
profile.Accounts[subscription.Account],
profile.Environments[subscription.Environment]);
TClient client = CreateClient <TClient>(context, endpoint);
foreach (IClientAction action in _actions.Values)
{
action.Apply <TClient>(client, profile, endpoint);
}
return(client);
}
public DataServiceCredential(IAuthenticationFactory authFactory, AzureContext context, AzureEnvironment.Endpoint resourceIdEndpoint)
{
if (authFactory == null)
{
throw new ArgumentNullException("authFactory");
}
if (context == null)
{
throw new ArgumentNullException("context");
}
var bundle = GetToken(authFactory, context, resourceIdEndpoint);
this.token = bundle.Item1;
}
public Rest.ServiceClientCredentials GetServiceClientCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
throw new System.NotImplementedException();
}
public TClient CreateClient <TClient>(AzureSMProfile profile, AzureSubscription subscription, AzureEnvironment.Endpoint endpoint) where TClient : ServiceClient <TClient>
{
if (subscription == null)
{
throw new ArgumentException(Microsoft.Azure.Commands.ResourceManager.Common.Properties.Resources.InvalidDefaultSubscription);
}
if (profile == null)
{
profile = new AzureSMProfile(Path.Combine(AzureSession.ProfileDirectory, AzureSession.ProfileFile));
}
SubscriptionCloudCredentials creds = new TokenCloudCredentials(subscription.Id.ToString(), "fake_token");
if (HttpMockServer.GetCurrentMode() != HttpRecorderMode.Playback)
{
ProfileClient profileClient = new ProfileClient(profile);
AzureContext context = new AzureContext(
subscription,
profileClient.GetAccount(subscription.Account),
profileClient.GetEnvironmentOrDefault(subscription.Environment)
);
creds = AzureSession.AuthenticationFactory.GetSubscriptionCloudCredentials(context);
}
Uri endpointUri = profile.Environments[subscription.Environment].GetEndpointAsUri(endpoint);
return(CreateCustomClient <TClient>(creds, endpointUri));
}
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
throw new System.NotImplementedException();
}
public ServiceClientCredentials GetServiceClientCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
return new TokenCredentials(Token.AccessToken);
}
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
return new AccessTokenCredential(context.Subscription.Id, Token);
}
public ServiceClientCredentials GetServiceClientCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
return(new Microsoft.Rest.TokenCredentials(Token.AccessToken));
}
public DataServiceCredential(IAuthenticationFactory authFactory, AzureContext context, AzureEnvironment.Endpoint resourceIdEndpoint)
{
if (authFactory == null)
{
throw new ArgumentNullException("authFactory");
}
if (context == null)
{
throw new ArgumentNullException("context");
}
_authenticationFactory = authFactory;
_context = context;
_endpointName = resourceIdEndpoint;
this.TenantId = GetTenantId(context);
}
private static Tuple <IAccessToken, string> GetTokenInternal(string tenantId, IAuthenticationFactory authFactory, AzureContext context, AzureEnvironment.Endpoint resourceIdEndpoint)
{
if (string.IsNullOrWhiteSpace(tenantId))
{
throw new ArgumentException(KeyVaultProperties.Resources.NoTenantInContext);
}
try
{
var tokenCache = AzureSession.TokenCache;
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
tokenCache = new TokenCache(context.TokenCache);
}
var accesstoken = authFactory.Authenticate(context.Account, context.Environment, tenantId, null, ShowDialog.Never,
tokenCache, resourceIdEndpoint);
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
context.TokenCache = tokenCache.Serialize();
}
return(Tuple.Create(accesstoken, context.Environment.Endpoints[resourceIdEndpoint]));
}
catch (Exception ex)
{
throw new ArgumentException(KeyVaultProperties.Resources.InvalidSubscriptionState, ex);
}
}
public TClient CreateClient <TClient>(AzureProfile profile, AzureSubscription subscription, AzureEnvironment.Endpoint endpoint)
where TClient : ServiceClient <TClient>
{
SubscriptionCloudCredentials creds = new TokenCloudCredentials(subscription.Id.ToString(), "fake_token");
Uri endpointUri = (new ProfileClient(profile)).Profile.Environments[subscription.Environment].GetEndpointAsUri(endpoint);
return(CreateCustomClient <TClient>(creds, endpointUri));
}
private Tuple <IAccessToken, string> GetToken(IAuthenticationFactory authFactory, AzureContext context, AzureEnvironment.Endpoint resourceIdEndpoint)
{
if (context.Account == null)
{
throw new ArgumentException(KeyVaultProperties.Resources.ArmAccountNotFound);
}
if (context.Account.Type != AzureAccount.AccountType.User &&
context.Account.Type != AzureAccount.AccountType.ServicePrincipal)
{
throw new ArgumentException(string.Format(KeyVaultProperties.Resources.UnsupportedAccountType, context.Account.Type));
}
if (context.Subscription != null && context.Account != null)
{
TenantId = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
.Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
.FirstOrDefault();
}
if (string.IsNullOrWhiteSpace(TenantId) && context.Tenant != null && context.Tenant.Id != Guid.Empty)
{
TenantId = context.Tenant.Id.ToString();
}
if (string.IsNullOrWhiteSpace(TenantId))
{
throw new ArgumentException(KeyVaultProperties.Resources.NoTenantInContext);
}
try
{
var accesstoken = authFactory.Authenticate(context.Account, context.Environment, TenantId, null, ShowDialog.Auto,
resourceIdEndpoint);
return(Tuple.Create(accesstoken, context.Environment.Endpoints[resourceIdEndpoint]));
}
catch (Exception ex)
{
throw new ArgumentException(KeyVaultProperties.Resources.InvalidSubscriptionState, ex);
}
}
public AzureEnvironment.Endpoint GetTokenAudience(AzureEnvironment.Endpoint targetEndpoint)
{
return(targetEndpoint == AzureEnvironment.Endpoint.Graph
? AzureEnvironment.Endpoint.GraphEndpointResourceId
: AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId);
}
public bool IsEndpointSet(AzureEnvironment.Endpoint endpoint)
{
return(Endpoints.IsPropertySet(endpoint));
}
/// <summary>
/// TODO: Migrate all code that references this method to use AzureContext
/// </summary>
/// <typeparam name="TClient"></typeparam>
/// <param name="subscription"></param>
/// <param name="endpoint"></param>
/// <returns></returns>
public virtual TClient CreateClient <TClient>(AzureProfile profile, AzureSubscription subscription, AzureEnvironment.Endpoint endpoint) where TClient : ServiceClient <TClient>
{
if (subscription == null)
{
throw new ApplicationException(Resources.InvalidDefaultSubscription);
}
ProfileClient profileClient = new ProfileClient(profile);
AzureContext context = new AzureContext(subscription,
profileClient.GetAccount(subscription.Account),
profileClient.GetEnvironmentOrDefault(subscription.Environment));
TClient client = CreateClient <TClient>(context, endpoint);
foreach (IClientAction action in actions.Values)
{
action.Apply <TClient>(client, profile, endpoint);
}
return(client);
}
public TClient CreateClient <TClient>(AzureSMProfile profile, AzureEnvironment.Endpoint endpoint) where TClient : ServiceClient <TClient>
{
return(CreateClient <TClient>(profile, profile.Context.Subscription, endpoint));
}
public ServiceClientCredentials GetServiceClientCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
if (context.Account == null)
{
throw new ArgumentException(Resources.ArmAccountNotFound);
}
if (context.Account.Type == AzureAccount.AccountType.Certificate)
{
throw new NotSupportedException(AzureAccount.AccountType.Certificate.ToString());
}
if (context.Account.Type == AzureAccount.AccountType.AccessToken)
{
return(new TokenCredentials(context.Account.GetProperty(AzureAccount.Property.AccessToken)));
}
string tenant = null;
if (context.Subscription != null && context.Account != null)
{
tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
.Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
.FirstOrDefault();
}
if (tenant == null && context.Tenant != null && context.Tenant.Id != Guid.Empty)
{
tenant = context.Tenant.Id.ToString();
}
if (tenant == null)
{
throw new ArgumentException(Resources.NoTenantInContext);
}
try
{
TracingAdapter.Information(Resources.UPNAuthenticationTrace,
context.Account.Id, context.Environment.Name, tenant);
// TODO: When we will refactor the code, need to add tracing
/*TracingAdapter.Information(Resources.UPNAuthenticationTokenTrace,
* token.LoginType, token.TenantId, token.UserId);*/
var env = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = context.Environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ActiveDirectory),
TokenAudience = context.Environment.GetEndpointAsUri(context.Environment.GetTokenAudience(targetEndpoint)),
ValidateAuthority = !context.Environment.OnPremise
};
var tokenCache = AzureSession.TokenCache;
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
tokenCache = new TokenCache(context.TokenCache);
}
ServiceClientCredentials result = null;
if (context.Account.Type == AzureAccount.AccountType.User)
{
result = Rest.Azure.Authentication.UserTokenProvider.CreateCredentialsFromCache(
AdalConfiguration.PowerShellClientId,
tenant,
context.Account.Id,
env,
tokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
}
else if (context.Account.Type == AzureAccount.AccountType.ServicePrincipal)
{
if (context.Account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
{
result = ApplicationTokenProvider.LoginSilentAsync(
tenant,
context.Account.Id,
new CertificateApplicationCredentialProvider(
context.Account.GetProperty(AzureAccount.Property.CertificateThumbprint)),
env,
tokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
}
else
{
result = ApplicationTokenProvider.LoginSilentAsync(
tenant,
context.Account.Id,
new KeyStoreApplicationCredentialProvider(tenant),
env,
tokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
}
}
else
{
throw new NotSupportedException(context.Account.Type.ToString());
}
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
context.TokenCache = tokenCache.Serialize();
}
return(result);
}
catch (Exception ex)
{
TracingAdapter.Information(Resources.AdalAuthException, ex.Message);
throw new ArgumentException(Resources.InvalidArmContext, ex);
}
}
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
return(new CertificateCloudCredentials(context.Subscription.Id.ToString(), Certificate));
}
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
if (context.Subscription == null)
{
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.InvalidDefaultSubscription
: Resources.NoSubscriptionInContext;
throw new ApplicationException(exceptionMessage);
}
if (context.Account == null)
{
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.AccountNotFound
: Resources.ArmAccountNotFound;
throw new ArgumentException(exceptionMessage);
}
if (context.Account.Type == AzureAccount.AccountType.Certificate)
{
var certificate = AzureSession.DataStore.GetCertificate(context.Account.Id);
return(new CertificateCloudCredentials(context.Subscription.Id.ToString(), certificate));
}
if (context.Account.Type == AzureAccount.AccountType.AccessToken)
{
return(new TokenCloudCredentials(context.Subscription.Id.ToString(), context.Account.GetProperty(AzureAccount.Property.AccessToken)));
}
string tenant = null;
if (context.Subscription != null && context.Account != null)
{
tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
.Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
.FirstOrDefault();
}
if (tenant == null && context.Tenant != null && context.Tenant.Id != Guid.Empty)
{
tenant = context.Tenant.Id.ToString();
}
if (tenant == null)
{
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.TenantNotFound
: Resources.NoTenantInContext;
throw new ArgumentException(exceptionMessage);
}
try
{
TracingAdapter.Information(Resources.UPNAuthenticationTrace,
context.Account.Id, context.Environment.Name, tenant);
var tokenCache = AzureSession.TokenCache;
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
tokenCache = new TokenCache(context.TokenCache);
}
var token = Authenticate(context.Account, context.Environment,
tenant, null, ShowDialog.Never, tokenCache, context.Environment.GetTokenAudience(targetEndpoint));
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
context.TokenCache = tokenCache.Serialize();
}
TracingAdapter.Information(Resources.UPNAuthenticationTokenTrace,
token.LoginType, token.TenantId, token.UserId);
return(new AccessTokenCredential(context.Subscription.Id, token));
}
catch (Exception ex)
{
TracingAdapter.Information(Resources.AdalAuthException, ex.Message);
var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement
? Resources.InvalidSubscriptionState
: Resources.InvalidArmContext;
throw new ArgumentException(exceptionMessage, ex);
}
}
public override TClient CreateClient <TClient>(AzureSubscription subscription, AzureEnvironment.Endpoint endpoint)
{
SubscriptionCloudCredentials creds = new TokenCloudCredentials(subscription.Id.ToString(), "fake_token");
if (HttpMockServer.GetCurrentMode() != HttpRecorderMode.Playback)
{
ProfileClient profileClient = new ProfileClient();
AzureContext context = new AzureContext()
{
Account = profileClient.GetAccount(subscription.Account),
Environment = profileClient.GetEnvironmentOrDefault(subscription.Environment),
Subscription = subscription
};
creds = authenticationFactory.GetSubscriptionCloudCredentials(context);
}
Uri endpointUri = (new ProfileClient()).Profile.Environments[subscription.Environment].GetEndpointAsUri(endpoint);
return(CreateCustomClient <TClient>(creds, endpointUri));
}
public TClient CreateClient <TClient>(AzureContext context, AzureEnvironment.Endpoint endpoint) where TClient : Hyak.Common.ServiceClient <TClient>
{
SubscriptionCloudCredentials creds = AzureSession.AuthenticationFactory.GetSubscriptionCloudCredentials(context);
return(CreateCustomClient <TClient>(creds, context.Environment.GetEndpointAsUri(endpoint)));
}