summaryrefslogtreecommitdiffstats
path: root/ansible_collections/azure/azcollection/plugins/module_utils
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/azure/azcollection/plugins/module_utils')
-rw-r--r--ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py266
-rw-r--r--ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common_rest.py2
2 files changed, 99 insertions, 169 deletions
diff --git a/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py b/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py
index 9c0e6e839..79b5167b1 100644
--- a/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py
+++ b/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py
@@ -15,10 +15,6 @@ import inspect
import traceback
import json
-try:
- from azure.graphrbac import GraphRbacManagementClient
-except Exception:
- pass
from os.path import expanduser
from ansible.module_utils.basic import \
@@ -53,6 +49,7 @@ AZURE_COMMON_ARGS = dict(
log_path=dict(type='str', no_log=True),
x509_certificate_path=dict(type='path', no_log=True),
thumbprint=dict(type='str', no_log=True),
+ disable_instance_discovery=dict(type='bool', default=False),
)
AZURE_CREDENTIAL_ENV_MAPPING = dict(
@@ -67,7 +64,8 @@ AZURE_CREDENTIAL_ENV_MAPPING = dict(
cert_validation_mode='AZURE_CERT_VALIDATION_MODE',
adfs_authority_url='AZURE_ADFS_AUTHORITY_URL',
x509_certificate_path='AZURE_X509_CERTIFICATE_PATH',
- thumbprint='AZURE_THUMBPRINT'
+ thumbprint='AZURE_THUMBPRINT',
+ disable_instance_discovery='AZURE_DISABLE_INSTANCE_DISCOVERY'
)
@@ -114,7 +112,28 @@ AZURE_API_PROFILES = {
'ManagementLockClient': '2016-09-01',
'DataLakeStoreAccountManagementClient': '2016-11-01',
'NotificationHubsManagementClient': '2016-03-01',
- 'EventHubManagementClient': '2018-05-04'
+ 'EventHubManagementClient': '2021-11-01',
+ 'GenericRestClient': 'latest',
+ 'DnsManagementClient': '2018-05-01',
+ 'PrivateDnsManagementClient': 'latest',
+ 'ContainerServiceClient': '2022-02-01',
+ 'SqlManagementClient': 'latest',
+ 'ContainerRegistryManagementClient': '2021-09-01',
+ 'MarketplaceOrderingAgreements': 'latest',
+ 'TrafficManagerManagementClient': 'latest',
+ 'MonitorManagementClient': '2016-03-01',
+ 'LogAnalyticsManagementClient': 'latest',
+ 'ServiceBusManagementClient': 'latest',
+ 'AutomationClient': 'latest',
+ 'IotHubClient': 'latest',
+ 'RecoveryServicesBackupClient': 'latest',
+ 'DataFactoryManagementClient': 'latest',
+ 'KeyVaultManagementClient': '2021-10-01',
+ 'HDInsightManagementClient': 'latest',
+ 'DevTestLabsClient': 'latest',
+ 'CosmosDBManagementClient': 'latest',
+ 'CdnManagementClient': '2017-04-02',
+ 'BatchManagementClient': 'latest',
},
'2019-03-01-hybrid': {
'StorageManagementClient': '2017-10-01',
@@ -220,11 +239,8 @@ except ImportError:
try:
from enum import Enum
- from msrestazure.azure_active_directory import AADTokenCredentials
- from msrestazure.azure_active_directory import MSIAuthentication
from azure.mgmt.core.tools import parse_resource_id, resource_id, is_valid_resource_id
from azure.cli.core import cloud as azure_cloud
- from azure.common.credentials import ServicePrincipalCredentials, UserPassCredentials
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.resource.resources import ResourceManagementClient
from azure.mgmt.managementgroups import ManagementGroupsAPI as ManagementGroupsClient
@@ -240,11 +256,11 @@ try:
from azure.mgmt.marketplaceordering import MarketplaceOrderingAgreements
from azure.mgmt.trafficmanager import TrafficManagerManagementClient
from azure.storage.blob import BlobServiceClient
- from msal.application import ClientApplication, ConfidentialClientApplication
from azure.mgmt.authorization import AuthorizationManagementClient
from azure.mgmt.sql import SqlManagementClient
from azure.mgmt.servicebus import ServiceBusManagementClient
from azure.mgmt.rdbms.postgresql import PostgreSQLManagementClient
+ from azure.mgmt.rdbms.postgresql_flexibleservers import PostgreSQLManagementClient as PostgreSQLFlexibleManagementClient
from azure.mgmt.rdbms.mysql import MySQLManagementClient
from azure.mgmt.rdbms.mariadb import MariaDBManagementClient
from azure.mgmt.containerregistry import ContainerRegistryManagementClient
@@ -257,7 +273,11 @@ try:
from azure.mgmt.iothub import models as IoTHubModels
from azure.mgmt.resource.locks import ManagementLockClient
from azure.mgmt.recoveryservicesbackup import RecoveryServicesBackupClient
- import azure.mgmt.recoveryservicesbackup.models as RecoveryServicesBackupModels
+ try:
+ # Older versions of the library exposed the modules at the root of the package
+ import azure.mgmt.recoveryservicesbackup.models as RecoveryServicesBackupModels
+ except ImportError:
+ import azure.mgmt.recoveryservicesbackup.activestamp.models as RecoveryServicesBackupModels
from azure.mgmt.search import SearchManagementClient
from azure.mgmt.datalake.store import DataLakeStoreAccountManagementClient
import azure.mgmt.datalake.store.models as DataLakeStoreAccountModel
@@ -266,6 +286,8 @@ try:
from azure.mgmt.datafactory import DataFactoryManagementClient
import azure.mgmt.datafactory.models as DataFactoryModel
from azure.identity._credentials import client_secret, user_password, certificate, managed_identity
+ from azure.identity import AzureCliCredential
+ from msgraph import GraphServiceClient
except ImportError as exc:
Authentication = object
@@ -415,6 +437,7 @@ class AzureRMModuleBase(object):
self._mysql_client = None
self._mariadb_client = None
self._postgresql_client = None
+ self._postgresql_flexible_client = None
self._containerregistry_client = None
self._containerinstance_client = None
self._containerservice_client = None
@@ -484,8 +507,8 @@ class AzureRMModuleBase(object):
'''
self.module.fail_json(msg=msg, **kwargs)
- def deprecate(self, msg, version=None):
- self.module.deprecate(msg, version)
+ def deprecate(self, msg, version=None, collection_name='azure.azcollection'):
+ self.module.deprecate(msg, version, collection_name=collection_name)
def log(self, msg, pretty_print=False):
if pretty_print:
@@ -675,11 +698,15 @@ class AzureRMModuleBase(object):
self.fail("Error {0} has a provisioning state of {1}. Expecting state to be {2}.".format(
azure_object.name, azure_object.provisioning_state, AZURE_SUCCESS_STATE))
- def get_blob_service_client(self, resource_group_name, storage_account_name):
+ def get_blob_service_client(self, resource_group_name, storage_account_name, auth_mode='key'):
try:
self.log("Getting storage account detail")
account = self.storage_client.storage_accounts.get_properties(resource_group_name=resource_group_name, account_name=storage_account_name)
- account_keys = self.storage_client.storage_accounts.list_keys(resource_group_name=resource_group_name, account_name=storage_account_name)
+ if auth_mode == 'login' and self.azure_auth.credentials.get('credential'):
+ credential = self.azure_auth.credentials['credential']
+ else:
+ account_keys = self.storage_client.storage_accounts.list_keys(resource_group_name=resource_group_name, account_name=storage_account_name)
+ credential = account_keys.keys[0].value
except Exception as exc:
self.fail("Error getting storage account detail for {0}: {1}".format(storage_account_name, str(exc)))
@@ -687,7 +714,7 @@ class AzureRMModuleBase(object):
self.log("Create blob service client")
return BlobServiceClient(
account_url=account.primary_endpoints.blob,
- credential=account_keys.keys[0].value,
+ credential=credential,
)
except Exception as exc:
self.fail("Error creating blob service client for storage account {0} - {1}".format(storage_account_name, str(exc)))
@@ -854,14 +881,17 @@ class AzureRMModuleBase(object):
# wrap basic strings in a dict that just defines the default
return dict(default_api_version=profile_raw)
- def get_graphrbac_client(self, tenant_id):
- cred = self.azure_auth.azure_credentials
- base_url = self.azure_auth._cloud_environment.endpoints.active_directory_graph_resource_id
- client = GraphRbacManagementClient(cred, tenant_id, base_url)
+ # The graphrbac has deprecated, migrate to msgraph
+ # def get_graphrbac_client(self, tenant_id):
+ # cred = self.azure_auth.azure_credentials
+ # base_url = self.azure_auth._cloud_environment.endpoints.active_directory_graph_resource_id
+ # client = GraphRbacManagementClient(cred, tenant_id, base_url)
+ # return client
- return client
+ def get_msgraph_client(self):
+ return GraphServiceClient(self.azure_auth.azure_credential_track2)
- def get_mgmt_svc_client(self, client_type, base_url=None, api_version=None, suppress_subscription_id=False, is_track2=False):
+ def get_mgmt_svc_client(self, client_type, base_url=None, api_version=None, suppress_subscription_id=False):
self.log('Getting management service client {0}'.format(client_type.__name__))
self.check_client_version(client_type)
@@ -883,16 +913,10 @@ class AzureRMModuleBase(object):
# Some management clients do not take a subscription ID as parameters.
if suppress_subscription_id:
- if is_track2:
- client_kwargs = dict(credential=self.azure_auth.azure_credential_track2, base_url=base_url, credential_scopes=[base_url + ".default"])
- else:
- client_kwargs = dict(credentials=self.azure_auth.azure_credentials, base_url=base_url)
+ client_kwargs = dict(credential=self.azure_auth.azure_credential_track2, base_url=base_url, credential_scopes=[base_url + ".default"])
else:
- if is_track2:
- client_kwargs = dict(credential=self.azure_auth.azure_credential_track2,
- subscription_id=mgmt_subscription_id, base_url=base_url, credential_scopes=[base_url + ".default"])
- else:
- client_kwargs = dict(credentials=self.azure_auth.azure_credentials, subscription_id=mgmt_subscription_id, base_url=base_url)
+ client_kwargs = dict(credential=self.azure_auth.azure_credential_track2,
+ subscription_id=mgmt_subscription_id, base_url=base_url, credential_scopes=[base_url + ".default"])
api_profile_dict = {}
@@ -926,13 +950,8 @@ class AzureRMModuleBase(object):
setattr(client, '_ansible_models', importlib.import_module(client_type.__module__).models)
client.models = types.MethodType(_ansible_get_models, client)
- if not is_track2:
- client.config = self.add_user_agent(client.config)
- if self.azure_auth._cert_validation_mode == 'ignore':
- client.config.session_configuration_callback = self._validation_ignore_callback
- else:
- if self.azure_auth._cert_validation_mode == 'ignore':
- client._config.session_configuration_callback = self._validation_ignore_callback
+ if self.azure_auth._cert_validation_mode == 'ignore':
+ client._config.session_configuration_callback = self._validation_ignore_callback
return client
@@ -992,7 +1011,6 @@ class AzureRMModuleBase(object):
if not self._storage_client:
self._storage_client = self.get_mgmt_svc_client(StorageManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2021-06-01')
return self._storage_client
@@ -1006,7 +1024,6 @@ class AzureRMModuleBase(object):
if not self._authorization_client:
self._authorization_client = self.get_mgmt_svc_client(AuthorizationManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2020-04-01-preview')
return self._authorization_client
@@ -1021,7 +1038,6 @@ class AzureRMModuleBase(object):
self._subscription_client = self.get_mgmt_svc_client(SubscriptionClient,
base_url=self._cloud_environment.endpoints.resource_manager,
suppress_subscription_id=True,
- is_track2=True,
api_version='2019-11-01')
return self._subscription_client
@@ -1036,7 +1052,6 @@ class AzureRMModuleBase(object):
self._management_group_client = self.get_mgmt_svc_client(ManagementGroupsClient,
base_url=self._cloud_environment.endpoints.resource_manager,
suppress_subscription_id=True,
- is_track2=True,
api_version='2020-05-01')
return self._management_group_client
@@ -1046,7 +1061,6 @@ class AzureRMModuleBase(object):
if not self._network_client:
self._network_client = self.get_mgmt_svc_client(NetworkManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2021-03-01')
return self._network_client
@@ -1061,7 +1075,6 @@ class AzureRMModuleBase(object):
if not self._resource_client:
self._resource_client = self.get_mgmt_svc_client(ResourceManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2019-10-01')
return self._resource_client
@@ -1076,7 +1089,6 @@ class AzureRMModuleBase(object):
if not self._image_client:
self._image_client = self.get_mgmt_svc_client(ComputeManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2021-04-01')
return self._image_client
@@ -1091,7 +1103,6 @@ class AzureRMModuleBase(object):
if not self._compute_client:
self._compute_client = self.get_mgmt_svc_client(ComputeManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2021-04-01')
return self._compute_client
@@ -1106,7 +1117,6 @@ class AzureRMModuleBase(object):
if not self._dns_client:
self._dns_client = self.get_mgmt_svc_client(DnsManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2018-05-01')
return self._dns_client
@@ -1121,7 +1131,6 @@ class AzureRMModuleBase(object):
if not self._private_dns_client:
self._private_dns_client = self.get_mgmt_svc_client(
PrivateDnsManagementClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._private_dns_client
@@ -1136,7 +1145,6 @@ class AzureRMModuleBase(object):
if not self._web_client:
self._web_client = self.get_mgmt_svc_client(WebSiteManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2021-03-01')
return self._web_client
@@ -1146,7 +1154,6 @@ class AzureRMModuleBase(object):
if not self._containerservice_client:
self._containerservice_client = self.get_mgmt_svc_client(ContainerServiceClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2017-07-01')
return self._containerservice_client
@@ -1161,7 +1168,6 @@ class AzureRMModuleBase(object):
if not self._managedcluster_client:
self._managedcluster_client = self.get_mgmt_svc_client(ContainerServiceClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2022-02-01')
return self._managedcluster_client
@@ -1170,16 +1176,22 @@ class AzureRMModuleBase(object):
self.log('Getting SQL client')
if not self._sql_client:
self._sql_client = self.get_mgmt_svc_client(SqlManagementClient,
- base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True)
+ base_url=self._cloud_environment.endpoints.resource_manager)
return self._sql_client
@property
+ def postgresql_flexible_client(self):
+ self.log('Getting PostgreSQL client')
+ if not self._postgresql_flexible_client:
+ self._postgresql_flexible_client = self.get_mgmt_svc_client(PostgreSQLFlexibleManagementClient,
+ base_url=self._cloud_environment.endpoints.resource_manager)
+ return self._postgresql_flexible_client
+
+ @property
def postgresql_client(self):
self.log('Getting PostgreSQL client')
if not self._postgresql_client:
self._postgresql_client = self.get_mgmt_svc_client(PostgreSQLManagementClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._postgresql_client
@@ -1188,7 +1200,6 @@ class AzureRMModuleBase(object):
self.log('Getting MySQL client')
if not self._mysql_client:
self._mysql_client = self.get_mgmt_svc_client(MySQLManagementClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._mysql_client
@@ -1197,7 +1208,6 @@ class AzureRMModuleBase(object):
self.log('Getting MariaDB client')
if not self._mariadb_client:
self._mariadb_client = self.get_mgmt_svc_client(MariaDBManagementClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._mariadb_client
@@ -1207,7 +1217,6 @@ class AzureRMModuleBase(object):
if not self._containerregistry_client:
self._containerregistry_client = self.get_mgmt_svc_client(ContainerRegistryManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2021-09-01')
return self._containerregistry_client
@@ -1218,7 +1227,6 @@ class AzureRMModuleBase(object):
if not self._containerinstance_client:
self._containerinstance_client = self.get_mgmt_svc_client(ContainerInstanceManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2018-06-01')
return self._containerinstance_client
@@ -1228,7 +1236,6 @@ class AzureRMModuleBase(object):
self.log('Getting marketplace agreement client')
if not self._marketplace_client:
self._marketplace_client = self.get_mgmt_svc_client(MarketplaceOrderingAgreements,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._marketplace_client
@@ -1237,7 +1244,6 @@ class AzureRMModuleBase(object):
self.log('Getting traffic manager client')
if not self._traffic_manager_management_client:
self._traffic_manager_management_client = self.get_mgmt_svc_client(TrafficManagerManagementClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._traffic_manager_management_client
@@ -1247,8 +1253,7 @@ class AzureRMModuleBase(object):
if not self._monitor_autoscale_settings_client:
self._monitor_autoscale_settings_client = self.get_mgmt_svc_client(MonitorManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- api_version="2015-04-01",
- is_track2=True)
+ api_version="2015-04-01")
return self._monitor_autoscale_settings_client
@property
@@ -1257,8 +1262,7 @@ class AzureRMModuleBase(object):
if not self._monitor_log_profiles_client:
self._monitor_log_profiles_client = self.get_mgmt_svc_client(MonitorManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- api_version="2016-03-01",
- is_track2=True)
+ api_version="2016-03-01")
return self._monitor_log_profiles_client
@property
@@ -1267,8 +1271,7 @@ class AzureRMModuleBase(object):
if not self._monitor_diagnostic_settings_client:
self._monitor_diagnostic_settings_client = self.get_mgmt_svc_client(MonitorManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- api_version="2021-05-01-preview",
- is_track2=True)
+ api_version="2021-05-01-preview")
return self._monitor_diagnostic_settings_client
@property
@@ -1276,7 +1279,6 @@ class AzureRMModuleBase(object):
self.log('Getting log analytics client')
if not self._log_analytics_client:
self._log_analytics_client = self.get_mgmt_svc_client(LogAnalyticsManagementClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._log_analytics_client
@@ -1290,7 +1292,6 @@ class AzureRMModuleBase(object):
self.log('Getting servicebus client')
if not self._servicebus_client:
self._servicebus_client = self.get_mgmt_svc_client(ServiceBusManagementClient,
- is_track2=True,
api_version="2021-06-01-preview",
base_url=self._cloud_environment.endpoints.resource_manager)
return self._servicebus_client
@@ -1304,8 +1305,7 @@ class AzureRMModuleBase(object):
self.log('Getting automation client')
if not self._automation_client:
self._automation_client = self.get_mgmt_svc_client(AutomationClient,
- base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True)
+ base_url=self._cloud_environment.endpoints.resource_manager)
return self._automation_client
@property
@@ -1317,7 +1317,6 @@ class AzureRMModuleBase(object):
self.log('Getting iothub client')
if not self._IoThub_client:
self._IoThub_client = self.get_mgmt_svc_client(IotHubClient,
- is_track2=True,
api_version='2018-04-01',
base_url=self._cloud_environment.endpoints.resource_manager)
return self._IoThub_client
@@ -1332,7 +1331,6 @@ class AzureRMModuleBase(object):
if not self._lock_client:
self._lock_client = self.get_mgmt_svc_client(ManagementLockClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2016-09-01')
return self._lock_client
@@ -1346,7 +1344,6 @@ class AzureRMModuleBase(object):
self.log('Getting recovery services backup client')
if not self._recovery_services_backup_client:
self._recovery_services_backup_client = self.get_mgmt_svc_client(RecoveryServicesBackupClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._recovery_services_backup_client
@@ -1360,7 +1357,6 @@ class AzureRMModuleBase(object):
if not self._search_client:
self._search_client = self.get_mgmt_svc_client(SearchManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2020-08-01')
return self._search_client
@@ -1370,7 +1366,6 @@ class AzureRMModuleBase(object):
if not self._datalake_store_client:
self._datalake_store_client = self.get_mgmt_svc_client(DataLakeStoreAccountManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2016-11-01')
return self._datalake_store_client
@@ -1385,7 +1380,6 @@ class AzureRMModuleBase(object):
self._notification_hub_client = self.get_mgmt_svc_client(
NotificationHubsManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2016-03-01')
return self._notification_hub_client
@@ -1396,7 +1390,6 @@ class AzureRMModuleBase(object):
self._event_hub_client = self.get_mgmt_svc_client(
EventHubManagementClient,
base_url=self._cloud_environment.endpoints.resource_manager,
- is_track2=True,
api_version='2021-11-01')
return self._event_hub_client
@@ -1405,7 +1398,6 @@ class AzureRMModuleBase(object):
self.log('Getting datafactory client...')
if not self._datafactory_client:
self._datafactory_client = self.get_mgmt_svc_client(DataFactoryManagementClient,
- is_track2=True,
base_url=self._cloud_environment.endpoints.resource_manager)
return self._datafactory_client
@@ -1425,7 +1417,8 @@ class AzureRMAuth(object):
def __init__(self, auth_source=None, profile=None, subscription_id=None, client_id=None, secret=None,
tenant=None, ad_user=None, password=None, cloud_environment='AzureCloud', cert_validation_mode='validate',
api_profile='latest', adfs_authority_url=None, fail_impl=None, is_ad_resource=False,
- x509_certificate_path=None, thumbprint=None, track1_cred=False, **kwargs):
+ x509_certificate_path=None, thumbprint=None, track1_cred=False,
+ disable_instance_discovery=False, **kwargs):
if fail_impl:
self._fail_impl = fail_impl
@@ -1448,7 +1441,8 @@ class AzureRMAuth(object):
api_profile=api_profile,
adfs_authority_url=adfs_authority_url,
x509_certificate_path=x509_certificate_path,
- thumbprint=thumbprint)
+ thumbprint=thumbprint,
+ disable_instance_discovery=disable_instance_discovery)
if not self.credentials:
if HAS_AZURE_CLI_CORE:
@@ -1467,6 +1461,12 @@ class AzureRMAuth(object):
if self._cert_validation_mode not in ['validate', 'ignore']:
self.fail('invalid cert_validation_mode: {0}'.format(self._cert_validation_mode))
+ # Disable instance discovery: module-arg, credential profile, env, "False"
+ self._disable_instance_discovery = disable_instance_discovery or \
+ self.credentials.get('disable_instance_discovery') or \
+ self._get_env('disable_instance_discovery') or \
+ False
+
# if cloud_environment specified, look up/build Cloud object
raw_cloud_env = self.credentials.get('cloud_environment')
if self.credentials.get('credentials') is not None and raw_cloud_env is not None:
@@ -1504,84 +1504,50 @@ class AzureRMAuth(object):
if self.credentials.get('auth_source') == 'msi':
# MSI Credentials
- if is_ad_resource or track1_cred:
- self.azure_credentials = self.credentials['credentials']
- self.azure_credential_track2 = self.credentials['credential']
+ self.azure_credential_track2 = self.credentials['credentials']
elif self.credentials.get('credentials') is not None:
# AzureCLI credentials
- if is_ad_resource or track1_cred:
- self.azure_credentials = self.credentials['credentials']
self.azure_credential_track2 = self.credentials['credentials']
elif self.credentials.get('client_id') is not None and \
self.credentials.get('secret') is not None and \
self.credentials.get('tenant') is not None:
-
- graph_resource = self._cloud_environment.endpoints.active_directory_graph_resource_id
- rm_resource = self._cloud_environment.endpoints.resource_manager
- if is_ad_resource or track1_cred:
- self.azure_credentials = ServicePrincipalCredentials(client_id=self.credentials['client_id'],
- secret=self.credentials['secret'],
- tenant=self.credentials['tenant'],
- cloud_environment=self._cloud_environment,
- resource=graph_resource if self.is_ad_resource else rm_resource,
- verify=self._cert_validation_mode == 'validate')
self.azure_credential_track2 = client_secret.ClientSecretCredential(client_id=self.credentials['client_id'],
client_secret=self.credentials['secret'],
tenant_id=self.credentials['tenant'],
- authority=self._adfs_authority_url)
+ authority=self._adfs_authority_url,
+ disable_instance_discovery=self._disable_instance_discovery)
elif self.credentials.get('client_id') is not None and \
self.credentials.get('tenant') is not None and \
self.credentials.get('thumbprint') is not None and \
self.credentials.get('x509_certificate_path') is not None:
- if is_ad_resource or track1_cred:
- self.azure_credentials = self.acquire_token_with_client_certificate(
- self._adfs_authority_url,
- self.credentials['x509_certificate_path'],
- self.credentials['thumbprint'],
- self.credentials['client_id'],
- self.credentials['tenant'])
-
self.azure_credential_track2 = certificate.CertificateCredential(tenant_id=self.credentials['tenant'],
client_id=self.credentials['client_id'],
certificate_path=self.credentials['x509_certificate_path'],
- authority=self._adfs_authority_url)
+ authority=self._adfs_authority_url,
+ disable_instance_discovery=self._disable_instance_discovery)
elif self.credentials.get('ad_user') is not None and \
self.credentials.get('password') is not None and \
self.credentials.get('client_id') is not None and \
self.credentials.get('tenant') is not None:
- if is_ad_resource or track1_cred:
- self.azure_credentials = self.acquire_token_with_username_password(
- self._adfs_authority_url,
- self.credentials['ad_user'],
- self.credentials['password'],
- self.credentials['client_id'],
- self.credentials['tenant'])
self.azure_credential_track2 = user_password.UsernamePasswordCredential(username=self.credentials['ad_user'],
password=self.credentials['password'],
tenant_id=self.credentials.get('tenant'),
client_id=self.credentials.get('client_id'),
- authority=self._adfs_authority_url)
+ authority=self._adfs_authority_url,
+ disable_instance_discovery=self._disable_instance_discovery)
elif self.credentials.get('ad_user') is not None and self.credentials.get('password') is not None:
- tenant = self.credentials.get('tenant')
- if not tenant:
- tenant = 'common' # SDK default
-
- if is_ad_resource or track1_cred:
- self.azure_credentials = UserPassCredentials(self.credentials['ad_user'],
- self.credentials['password'],
- tenant=tenant,
- cloud_environment=self._cloud_environment,
- verify=self._cert_validation_mode == 'validate')
-
- client_id = self.credentials.get('client_id', '04b07795-8ddb-461a-bbee-02f9e1bf7b46')
+ client_id = self.credentials.get('client_id')
+ if client_id is None:
+ client_id = '04b07795-8ddb-461a-bbee-02f9e1bf7b46'
self.azure_credential_track2 = user_password.UsernamePasswordCredential(username=self.credentials['ad_user'],
password=self.credentials['password'],
tenant_id=self.credentials.get('tenant', 'organizations'),
client_id=client_id,
- authority=self._adfs_authority_url)
+ authority=self._adfs_authority_url,
+ disable_instance_discovery=self._disable_instance_discovery)
else:
self.fail("Failed to authenticate with provided credentials. Some attributes were missing. "
@@ -1640,7 +1606,7 @@ class AzureRMAuth(object):
except Exception as exc:
self.fail("cloud_environment {0} could not be resolved: {1}".format(_cloud_environment, str(exc)), exception=traceback.format_exc())
- credentials = MSIAuthentication(client_id=client_id, cloud_environment=cloud_environment)
+ client_id = client_id or self._get_env('client_id')
credential = managed_identity.ManagedIdentityCredential(client_id=client_id, cloud_environment=cloud_environment)
subscription_id = subscription_id or self._get_env('subscription_id')
if not subscription_id:
@@ -1653,8 +1619,7 @@ class AzureRMAuth(object):
self.fail("Failed to get MSI token: {0}. "
"Please check whether your machine enabled MSI or grant access to any subscription.".format(str(exc)))
return {
- 'credentials': credentials,
- 'credential': credential,
+ 'credentials': credential,
'subscription_id': subscription_id,
'cloud_environment': cloud_environment,
'auth_source': 'msi'
@@ -1669,12 +1634,13 @@ class AzureRMAuth(object):
except Exception as exc:
self.fail("Failed to load CLI profile {0}.".format(str(exc)))
- credentials, subscription_id, tenant = profile.get_login_credentials(
- subscription_id=subscription_id, resource=resource)
+ cred, subscription_id, tenant = profile.get_login_credentials(
+ subscription_id=subscription_id)
cloud_environment = get_cli_active_cloud()
+ az_cli = AzureCliCredential()
cli_credentials = {
- 'credentials': credentials,
+ 'credentials': az_cli if self.is_ad_resource else cred,
'subscription_id': subscription_id,
'cloud_environment': cloud_environment
}
@@ -1762,42 +1728,6 @@ class AzureRMAuth(object):
return None
- def acquire_token_with_username_password(self, authority, username, password, client_id, tenant):
- authority_uri = authority
-
- if tenant is not None:
- authority_uri = authority + '/' + tenant
-
- context = ClientApplication(client_id=client_id, authority=authority_uri)
- base_url = self._cloud_environment.endpoints.resource_manager
- if not base_url.endswith("/"):
- base_url += "/"
- scopes = [base_url + ".default"]
- token_response = context.acquire_token_by_username_password(username, password, scopes)
-
- return AADTokenCredentials(token_response)
-
- def acquire_token_with_client_certificate(self, authority, x509_private_key_path, thumbprint, client_id, tenant):
- authority_uri = authority
-
- if tenant is not None:
- authority_uri = authority + '/' + tenant
-
- x509_private_key = None
- with open(x509_private_key_path, 'r') as pem_file:
- x509_private_key = pem_file.read()
-
- base_url = self._cloud_environment.endpoints.resource_manager
- if not base_url.endswith("/"):
- base_url += "/"
- scopes = [base_url + ".default"]
- client_credential = {"thumbprint": thumbprint, "private_key": x509_private_key}
- context = ConfidentialClientApplication(client_id=client_id, authority=authority_uri, client_credential=client_credential)
-
- token_response = context.acquire_token_for_client(scopes=scopes)
-
- return AADTokenCredentials(token_response)
-
def log(self, msg, pretty_print=False):
pass
# Use only during module development
diff --git a/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common_rest.py b/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common_rest.py
index 6acb1e7b9..bc740824f 100644
--- a/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common_rest.py
+++ b/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common_rest.py
@@ -82,7 +82,7 @@ class GenericRestClient(object):
response = self._client.send_request(request, **operation_config)
if response.status_code not in expected_status_codes:
- exp = SendRequestException(response, response.status_code)
+ exp = SendRequestException(response.text(), response.status_code)
raise exp
elif response.status_code == 202 and polling_timeout > 0:
def get_long_running_output(response):