public AzureContext(AzureSubscription subscription, AzureAccount account, AzureEnvironment environment, AzureTenant tenant)
{
Subscription = subscription;
Account = account;
Environment = environment;
Tenant = tenant;
}
public AzureContext(AzureSubscription subscription, AzureAccount account, AzureEnvironment environment, AzureTenant tenant)
{
Subscription = subscription;
Account = account;
Environment = environment;
Tenant = tenant;
}
public void ProfileSerializeDeserializeWorks()
{
var dataStore = new MockDataStore();
AzureSession.DataStore = dataStore;
var profilePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, AzureSession.ProfileFile);
var currentProfile = new AzureRMProfile(profilePath);
var tenantId = Guid.NewGuid().ToString();
var environment = new AzureEnvironment
{
Name = "testCloud",
Endpoints = { { AzureEnvironment.Endpoint.ActiveDirectory, "http://contoso.com" } }
};
var account = new AzureAccount
{
Id = "*****@*****.**",
Type = AzureAccount.AccountType.User,
Properties = { { AzureAccount.Property.Tenants, tenantId } }
};
var sub = new AzureSubscription
{
Account = account.Id,
Environment = environment.Name,
Id = new Guid(),
Name = "Contoso Test Subscription",
Properties = { { AzureSubscription.Property.Tenants, tenantId } }
};
var tenant = new AzureTenant
{
Id = new Guid(tenantId),
Domain = "contoso.com"
};
currentProfile.Context = new AzureContext(sub, account, environment, tenant);
currentProfile.Environments[environment.Name] = environment;
currentProfile.Context.TokenCache = new byte[] { 1, 2, 3, 4, 5, 6, 8, 9, 0 };
AzureRMProfile deserializedProfile;
// Round-trip the exception: Serialize and de-serialize with a BinaryFormatter
BinaryFormatter bf = new BinaryFormatter();
using (MemoryStream ms = new MemoryStream())
{
// "Save" object state
bf.Serialize(ms, currentProfile);
// Re-use the same stream for de-serialization
ms.Seek(0, 0);
// Replace the original exception with de-serialized one
deserializedProfile = (AzureRMProfile)bf.Deserialize(ms);
}
Assert.NotNull(deserializedProfile);
var jCurrentProfile = currentProfile.ToString();
var jDeserializedProfile = deserializedProfile.ToString();
Assert.Equal(jCurrentProfile, jDeserializedProfile);
}
/// <summary>
/// Creates new instance of AzureContext.
/// </summary>
/// <param name="account">The azure account object</param>
/// <param name="environment">The azure environment object</param>
/// <param name="tenant">The azure tenant object</param>
public AzureContext(AzureAccount account, AzureEnvironment environment, AzureTenant tenant)
: this(null, account, environment, tenant)
{
}
/// <summary>
/// Creates new instance of AzureContext.
/// </summary>
/// <param name="account">The azure account object</param>
/// <param name="environment">The azure environment object</param>
/// <param name="tenant">The azure tenant object</param>
public AzureContext(AzureAccount account, AzureEnvironment environment, AzureTenant tenant)
: this(null, account, environment, tenant)
{
}
private void SetupAzureEnvironmentFromEnvironmentVariables(AzureModule mode)
{
TestEnvironment currentEnvironment = null;
if (mode == AzureModule.AzureResourceManager)
{
currentEnvironment = new CSMTestEnvironmentFactory().GetTestEnvironment();
}
else
{
currentEnvironment = new RDFETestEnvironmentFactory().GetTestEnvironment();
}
if (currentEnvironment.UserName == null)
{
currentEnvironment.UserName = "******";
}
SetAuthenticationFactory(mode, currentEnvironment);
AzureEnvironment environment = new AzureEnvironment { Name = testEnvironmentName };
Debug.Assert(currentEnvironment != null);
environment.Endpoints[AzureEnvironment.Endpoint.ActiveDirectory] = currentEnvironment.Endpoints.AADAuthUri.AbsoluteUri;
environment.Endpoints[AzureEnvironment.Endpoint.Gallery] = currentEnvironment.Endpoints.GalleryUri.AbsoluteUri;
environment.Endpoints[AzureEnvironment.Endpoint.ServiceManagement] = currentEnvironment.BaseUri.AbsoluteUri;
environment.Endpoints[AzureEnvironment.Endpoint.ResourceManager] = currentEnvironment.Endpoints.ResourceManagementUri.AbsoluteUri;
environment.Endpoints[AzureEnvironment.Endpoint.Graph] = currentEnvironment.Endpoints.GraphUri.AbsoluteUri;
environment.Endpoints[AzureEnvironment.Endpoint.AzureDataLakeAnalyticsCatalogAndJobEndpointSuffix] = currentEnvironment.Endpoints.DataLakeAnalyticsJobAndCatalogServiceUri.OriginalString.Replace("https://", ""); // because it is just a sufix
environment.Endpoints[AzureEnvironment.Endpoint.AzureDataLakeStoreFileSystemEndpointSuffix] = currentEnvironment.Endpoints.DataLakeStoreServiceUri.OriginalString.Replace("https://", ""); // because it is just a sufix
if (!ProfileClient.Profile.Environments.ContainsKey(testEnvironmentName))
{
ProfileClient.AddOrSetEnvironment(environment);
}
if (!AzureRmProfileProvider.Instance.Profile.Environments.ContainsKey(testEnvironmentName))
{
AzureRmProfileProvider.Instance.Profile.Environments[testEnvironmentName] = environment;
}
if (currentEnvironment.SubscriptionId != null)
{
testSubscription = new AzureSubscription()
{
Id = new Guid(currentEnvironment.SubscriptionId),
Name = testSubscriptionName,
Environment = testEnvironmentName,
Account = currentEnvironment.UserName,
Properties = new Dictionary<AzureSubscription.Property, string>
{
{AzureSubscription.Property.Default, "True"},
{
AzureSubscription.Property.StorageAccount,
Environment.GetEnvironmentVariable("AZURE_STORAGE_ACCOUNT")
},
}
};
testAccount = new AzureAccount()
{
Id = currentEnvironment.UserName,
Type = AzureAccount.AccountType.User,
Properties = new Dictionary<AzureAccount.Property, string>
{
{AzureAccount.Property.Subscriptions, currentEnvironment.SubscriptionId},
}
};
ProfileClient.Profile.Subscriptions[testSubscription.Id] = testSubscription;
ProfileClient.Profile.Accounts[testAccount.Id] = testAccount;
ProfileClient.SetSubscriptionAsDefault(testSubscription.Name, testSubscription.Account);
var testTenant = new AzureTenant() { Id = Guid.NewGuid() };
if (!string.IsNullOrEmpty(currentEnvironment.Tenant))
{
Guid tenant;
if (Guid.TryParse(currentEnvironment.Tenant, out tenant))
{
testTenant.Id = tenant;
}
}
AzureRmProfileProvider.Instance.Profile.Context = new AzureContext(testSubscription, testAccount, environment, testTenant);
}
}
public void SavingProfileWorks()
{
string expected = @"{
""Environments"": {
""testCloud"": {
""Name"": ""testCloud"",
""OnPremise"": false,
""Endpoints"": {
""ActiveDirectory"": ""http://contoso.com""
}
}
},
""Context"": {
""Account"": {
""Id"": ""*****@*****.**"",
""Type"": 1,
""Properties"": {
""Tenants"": ""3c0ff8a7-e8bb-40e8-ae66-271343379af6""
}
},
""Subscription"": {
""Id"": ""00000000-0000-0000-0000-000000000000"",
""Name"": ""Contoso Test Subscription"",
""Environment"": ""testCloud"",
""Account"": ""*****@*****.**"",
""State"": ""Enabled"",
""Properties"": {
""Tenants"": ""3c0ff8a7-e8bb-40e8-ae66-271343379af6""
}
},
""Environment"": {
""Name"": ""testCloud"",
""OnPremise"": false,
""Endpoints"": {
""ActiveDirectory"": ""http://contoso.com""
}
},
""Tenant"": {
""Id"": ""3c0ff8a7-e8bb-40e8-ae66-271343379af6"",
""Domain"": ""contoso.com""
},
""TokenCache"": ""AQIDBAUGCAkA""
}
}";
var path = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, AzureSession.ProfileFile);
var dataStore = new MockDataStore();
AzureSession.DataStore = dataStore;
AzureRMProfile profile = new AzureRMProfile(path);
var tenantId = new Guid("3c0ff8a7-e8bb-40e8-ae66-271343379af6");
var environment = new AzureEnvironment
{
Name = "testCloud",
Endpoints = { { AzureEnvironment.Endpoint.ActiveDirectory, "http://contoso.com" } }
};
var account = new AzureAccount
{
Id = "*****@*****.**",
Type = AzureAccount.AccountType.User,
Properties = { { AzureAccount.Property.Tenants, tenantId.ToString() } }
};
var sub = new AzureSubscription
{
Account = account.Id,
Environment = environment.Name,
Id = new Guid(),
Name = "Contoso Test Subscription",
State = "Enabled",
Properties = { { AzureSubscription.Property.Tenants, tenantId.ToString() } }
};
var tenant = new AzureTenant
{
Id = tenantId,
Domain = "contoso.com"
};
profile.Context = new AzureContext(sub, account, environment, tenant);
profile.Environments[environment.Name] = environment;
profile.Context.TokenCache = new byte[] { 1, 2, 3, 4, 5, 6, 8, 9, 0 };
profile.Save();
string actual = dataStore.ReadFileAsText(path);
Assert.Equal(expected, actual);
}
private static AzureTenant CreateTenantFromString(string tenantOrDomain, string accessTokenTenantId)
{
AzureTenant result = new AzureTenant();
Guid id;
if (Guid.TryParse(tenantOrDomain, out id))
{
result.Id = id;
}
else
{
result.Id = Guid.Parse(accessTokenTenantId);
result.Domain = tenantOrDomain;
}
return result;
}
private List<AzureTenant> ListAccountTenants(AzureAccount account, AzureEnvironment environment, SecureString password, ShowDialog promptBehavior)
{
List<AzureTenant> result = new List<AzureTenant>();
try
{
var commonTenantToken = AcquireAccessToken(account, environment, AuthenticationFactory.CommonAdTenant,
password, promptBehavior);
using (var subscriptionClient = AzureSession.ClientFactory.CreateCustomClient<SubscriptionClient>(
new TokenCloudCredentials(commonTenantToken.AccessToken),
environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager)))
{
//TODO: Fix subscription client to not require subscriptionId
result = account.MergeTenants(subscriptionClient.Tenants.List().TenantIds, commonTenantToken);
}
}
catch
{
WriteWarningMessage(string.Format(Microsoft.Azure.Commands.Profile.Properties.Resources.UnableToAqcuireToken, AuthenticationFactory.CommonAdTenant));
if (account.IsPropertySet(AzureAccount.Property.Tenants))
{
result =
account.GetPropertyAsArray(AzureAccount.Property.Tenants)
.Select(ti =>
{
var tenant = new AzureTenant();
Guid guid;
if (Guid.TryParse(ti, out guid))
{
tenant.Id = guid;
tenant.Domain = AccessTokenExtensions.GetDomain(account.Id);
}
else
{
tenant.Domain = ti;
}
return tenant;
}).ToList();
}
if (!result.Any())
{
throw;
}
}
return result;
}
private bool TryGetTenantSubscription(IAccessToken accessToken,
AzureAccount account,
AzureEnvironment environment,
string tenantId,
string subscriptionId,
string subscriptionName,
out AzureSubscription subscription,
out AzureTenant tenant)
{
using (var subscriptionClient = AzureSession.ClientFactory.CreateCustomClient<SubscriptionClient>(
new TokenCloudCredentials(accessToken.AccessToken),
environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager)))
{
Subscriptions.Models.Subscription subscriptionFromServer = null;
try
{
if (subscriptionId != null)
{
subscriptionFromServer = subscriptionClient.Subscriptions.Get(subscriptionId).Subscription;
}
else
{
var subscriptions = (subscriptionClient.Subscriptions.List().Subscriptions ??
new List<Microsoft.Azure.Subscriptions.Models.Subscription>())
.Where(s => "enabled".Equals(s.State, StringComparison.OrdinalIgnoreCase) ||
"warned".Equals(s.State, StringComparison.OrdinalIgnoreCase));
account.SetProperty(AzureAccount.Property.Subscriptions, subscriptions.Select(i => i.SubscriptionId).ToArray());
if (subscriptions.Any())
{
if (subscriptionName != null)
{
subscriptionFromServer = subscriptions.FirstOrDefault(
s => s.DisplayName.Equals(subscriptionName, StringComparison.OrdinalIgnoreCase));
}
else
{
if (subscriptions.Count() > 1)
{
WriteWarningMessage(string.Format(
"TenantId '{0}' contains more than one active subscription. First one will be selected for further use. " +
"To select another subscription, use Set-AzureRmContext.",
tenantId));
}
subscriptionFromServer = subscriptions.First();
}
}
}
}
catch (CloudException ex)
{
WriteWarningMessage(ex.Message);
}
if (subscriptionFromServer != null)
{
subscription = new AzureSubscription
{
Id = new Guid(subscriptionFromServer.SubscriptionId),
Account = accessToken.UserId,
Environment = environment.Name,
Name = subscriptionFromServer.DisplayName,
State = subscriptionFromServer.State,
Properties = new Dictionary<AzureSubscription.Property, string>
{
{ AzureSubscription.Property.Tenants, accessToken.TenantId }
}
};
tenant = new AzureTenant();
tenant.Id = new Guid(accessToken.TenantId);
tenant.Domain = accessToken.GetDomain();
return true;
}
subscription = null;
if (accessToken != null && accessToken.TenantId != null)
{
tenant = new AzureTenant();
tenant.Id = Guid.Parse(accessToken.TenantId);
if (accessToken.UserId != null)
{
var domain = accessToken.UserId.Split(new[] { '@' }, StringSplitOptions.RemoveEmptyEntries);
if (domain.Length == 2)
{
tenant.Domain = domain[1];
}
}
return true;
}
tenant = null;
return false;
}
}
private AzureTenant CreateTenant(string tenantIdOrDomain)
{
var tenant = new AzureTenant();
Guid tenantIdGuid;
if (Guid.TryParse(tenantIdOrDomain, out tenantIdGuid))
{
tenant.Id = tenantIdGuid;
}
else
{
tenant.Domain = tenantIdOrDomain;
}
return tenant;
}
public void CanConvertValidAzureTenants(string domain)
{
var oldTenant = new AzureTenant()
{
Domain = domain,
Id = Guid.NewGuid(),
};
var tenant = (PSAzureTenant)oldTenant;
Assert.Equal(oldTenant.Domain, tenant.Domain);
Assert.Equal(oldTenant.Id.ToString(), tenant.TenantId);
Assert.NotNull(tenant.ToString());
}
public void RefreshContextsFromCache()
{
// Authentication factory is already registered in `OnImport()`
AzureSession.Instance.TryGetComponent(
PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey,
out PowerShellTokenCacheProvider tokenCacheProvider);
string authority = null;
if (TryGetEnvironment(AzureSession.Instance.GetProperty(AzureSession.Property.Environment), out IAzureEnvironment sessionEnvironment))
{
authority = $"{sessionEnvironment.ActiveDirectoryAuthority}organizations";
}
var accounts = tokenCacheProvider.ListAccounts(authority);
if (!accounts.Any())
{
if (!Contexts.Any(c => c.Key != "Default" && c.Value.Account.Type == AzureAccount.AccountType.User))
{
// If there are no accounts in the cache, but we never had any existing contexts, return
return;
}
WriteWarningMessage($"No accounts found in the shared token cache; removing all user contexts.");
var removedContext = false;
foreach (var contextName in Contexts.Keys)
{
var context = Contexts[contextName];
if (context.Account.Type != AzureAccount.AccountType.User)
{
continue;
}
removedContext |= TryCacheRemoveContext(contextName);
}
// If no contexts were removed, return now to avoid writing to file later
if (!removedContext)
{
return;
}
}
else
{
var removedUsers = new HashSet <string>();
var updatedContext = false;
foreach (var contextName in Contexts.Keys)
{
var context = Contexts[contextName];
if ((string.Equals(contextName, "Default") && context.Account == null) || context.Account.Type != AzureAccount.AccountType.User)
{
continue;
}
if (accounts.Any(a => string.Equals(a.Username, context.Account.Id, StringComparison.OrdinalIgnoreCase)))
{
continue;
}
if (!removedUsers.Contains(context.Account.Id))
{
removedUsers.Add(context.Account.Id);
WriteWarningMessage(string.Format(Resources.UserMissingFromSharedTokenCache, context.Account.Id));
}
updatedContext |= TryCacheRemoveContext(contextName);
}
// Check to see if each account has at least one context
foreach (var account in accounts)
{
if (Contexts.Values.Where(v => v.Account != null && v.Account.Type == AzureAccount.AccountType.User)
.Any(v => string.Equals(v.Account.Id, account.Username, StringComparison.OrdinalIgnoreCase)))
{
continue;
}
WriteWarningMessage(string.Format(Resources.CreatingContextsWarning, account.Username));
var environment = sessionEnvironment ?? AzureEnvironment.PublicEnvironments
.Where(env => env.Value.ActiveDirectoryAuthority.Contains(account.Environment))
.Select(env => env.Value)
.FirstOrDefault();
var azureAccount = new AzureAccount()
{
Id = account.Username,
Type = AzureAccount.AccountType.User
};
List <IAccessToken> tokens = null;
try
{
tokens = tokenCacheProvider.GetTenantTokensForAccount(account, environment, WriteWarningMessage);
}
catch (Exception e)
{
//In SSO scenario, if the account from token cache has multiple tenants, e.g. MSA account, MSAL randomly picks up
//one tenant to ask for token, MSAL will throw exception if MSA home tenant is chosen. The exception is swallowed here as short term fix.
WriteWarningMessage(string.Format(Resources.NoTokenFoundWarning, account.Username));
EnqueueDebugMessage(e.ToString());
continue;
}
foreach (var token in tokens)
{
var azureTenant = new AzureTenant()
{
Id = token.TenantId
};
azureAccount.SetOrAppendProperty(AzureAccount.Property.Tenants, token.TenantId);
var subscriptions = tokenCacheProvider.GetSubscriptionsFromTenantToken(account, environment, token, WriteWarningMessage);
if (!subscriptions.Any())
{
subscriptions.Add(null);
}
foreach (var subscription in subscriptions)
{
var context = new AzureContext(subscription, azureAccount, environment, azureTenant);
if (!TryGetContextName(context, out string name))
{
WriteWarningMessage(string.Format(Resources.NoContextNameForSubscription, subscription.Id));
continue;
}
if (!TrySetContext(name, context))
{
WriteWarningMessage(string.Format(Resources.UnableToCreateContextForSubscription, subscription.Id));
}
else
{
updatedContext = true;
}
}
}
}
// If the context list was not updated, return now to avoid writing to file later
if (!updatedContext)
{
return;
}
}
Save(ProfilePath, false);
}
