Updated to use ServicePrincipalCredentials class and get rid of requests

9 years ago · 098a4c9ee4
parent ee6fc470db
commit 098a4c9ee4
1 changed files with 12 additions and 60 deletions
--- a/lib/ansible/modules/extras/cloud/azure/azure_deployment.py
+++ b/lib/ansible/modules/extras/cloud/azure/azure_deployment.py
@ -306,10 +306,8 @@ RETURN = '''
 try:
    import time
    import yaml
-    import requests
-    import azure
    from itertools import chain
-    from azure.common.credentials import BasicTokenAuthentication
+    from azure.common.credentials import ServicePrincipalCredentials
    from azure.common.exceptions import CloudError
    from azure.mgmt.resource.resources.models import (
        DeploymentProperties,
@ -329,35 +327,11 @@ except ImportError:
 AZURE_URL = "https://management.azure.com"


-def get_token(domain_or_tenant, client_id, client_secret):
-    """
-    Get an Azure Active Directory token for a service principal
-    :param domain_or_tenant: The domain or tenant id of your Azure Active Directory instance
-    :param client_id: The client id of your application in Azure Active Directory
-    :param client_secret: One of the application secrets created in your Azure Active Directory application
-    :return: an authenticated bearer token to be used with requests to the API
-    """
-    #  the client id we can borrow from azure xplat cli
-    grant_type = 'client_credentials'
-    token_url = 'https://login.microsoftonline.com/{}/oauth2/token'.format(domain_or_tenant)
-
-    payload = {
-        'grant_type': grant_type,
-        'client_id': client_id,
-        'client_secret': client_secret,
-        'resource': 'https://management.core.windows.net/'
-    }
-
-    res = requests.post(token_url, data=payload)
-    return res.json()['access_token'] if res.status_code == 200 else None
-
-
 def get_azure_connection_info(module):
    azure_url = module.params.get('azure_url')
-    tenant_or_domain = module.params.get('tenant_or_domain')
+    tenant_id = module.params.get('tenant_id')
    client_id = module.params.get('client_id')
    client_secret = module.params.get('client_secret')
-    security_token = module.params.get('security_token')
    resource_group_name = module.params.get('resource_group_name')
    subscription_id = module.params.get('subscription_id')

@ -379,19 +353,13 @@ def get_azure_connection_info(module):
        else:
            resource_group_name = None

-    if not security_token:
-        if 'AZURE_SECURITY_TOKEN' in os.environ:
-            security_token = os.environ['AZURE_SECURITY_TOKEN']
-        else:
-            security_token = None
-
-    if not tenant_or_domain:
+    if not tenant_id:
        if 'AZURE_TENANT_ID' in os.environ:
-            tenant_or_domain = os.environ['AZURE_TENANT_ID']
+            tenant_id = os.environ['AZURE_TENANT_ID']
        elif 'AZURE_DOMAIN' in os.environ:
-            tenant_or_domain = os.environ['AZURE_DOMAIN']
+            tenant_id = os.environ['AZURE_DOMAIN']
        else:
-            tenant_or_domain = None
+            tenant_id = None

    if not client_id:
        if 'AZURE_CLIENT_ID' in os.environ:
@ -406,10 +374,9 @@ def get_azure_connection_info(module):
            client_secret = None

    return dict(azure_url=azure_url,
-                tenant_or_domain=tenant_or_domain,
+                tenant_id=tenant_id,
                client_id=client_id,
                client_secret=client_secret,
-                security_token=security_token,
                resource_group_name=resource_group_name,
                subscription_id=subscription_id)

@ -593,9 +560,8 @@ def main():
        azure_url=dict(default=AZURE_URL),
        subscription_id=dict(),
        client_secret=dict(no_log=True),
-        client_id=dict(),
-        tenant_or_domain=dict(),
-        security_token=dict(aliases=['access_token'], no_log=True),
+        client_id=dict(required=True),
+        tenant_id=dict(required=True),
        resource_group_name=dict(required=True),
        state=dict(default='present', choices=['present', 'absent']),
        template=dict(default=None, type='dict'),
@ -619,24 +585,10 @@ def main():

    conn_info = get_azure_connection_info(module)

-    if conn_info['security_token'] is None and \
-            (conn_info['client_id'] is None or conn_info['client_secret'] is None or conn_info[
-                'tenant_or_domain'] is None):
-        module.fail_json(msg='security token or client_id, client_secret and tenant_or_domain is required')
-
-    if conn_info['security_token'] is None:
-        conn_info['security_token'] = get_token(conn_info['tenant_or_domain'],
-                                                conn_info['client_id'],
-                                                conn_info['client_secret'])
+    credentials = ServicePrincipalCredentials(client_id=conn_info['client_id'],
+                                              secret=conn_info['client_secret'],
+                                              tenant=conn_info['tenant_id'])

-    if conn_info['security_token'] is None:
-        module.fail_json(msg='failed to retrieve a security token from Azure Active Directory')
-
-    credentials = BasicTokenAuthentication(
-        token = {
-            'access_token':conn_info['security_token']
-        }
-    )
    subscription_id = conn_info['subscription_id']
    resource_client = ResourceManagementClient(ResourceManagementClientConfiguration(credentials, subscription_id))
    network_client = NetworkManagementClient(NetworkManagementClientConfiguration(credentials, subscription_id))