From 511fd1b52b0ddbb517aa1660a6933b8f5d5c3c64 Mon Sep 17 00:00:00 2001 From: Jake Freck Date: Tue, 15 May 2018 16:56:13 -0700 Subject: [PATCH 1/4] start fix for existing aad application --- account_setup.py | 77 +++++++++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 30 deletions(-) diff --git a/account_setup.py b/account_setup.py index 2e1bd33a..0e81e126 100644 --- a/account_setup.py +++ b/account_setup.py @@ -8,7 +8,7 @@ import yaml from azure.common import credentials from azure.graphrbac import GraphRbacManagementClient -from azure.graphrbac.models import ApplicationCreateParameters, PasswordCredential, ServicePrincipalCreateParameters +from azure.graphrbac.models import ApplicationCreateParameters, ApplicationUpdateParameters, PasswordCredential, ServicePrincipalCreateParameters from azure.graphrbac.models.graph_error import GraphErrorException from azure.mgmt.authorization import AuthorizationManagementClient from azure.mgmt.batch import BatchManagementClient @@ -210,7 +210,24 @@ def create_aad_user(credentials, tenant_id, **kwargs): confirmation_prompt = "Previously created application with name {} found. "\ "Would you like to use it? (y/n): ".format(application.display_name) prompt_for_confirmation(confirmation_prompt, e, ValueError("Response not recognized. Please try again.")) - + password_credentials = list(graph_rbac_client.applications.list_password_credentials(application_object_id=application.object_id)) + password_credentials.append( + PasswordCredential( + end_date=datetime(2299, 12, 31, 0, 0, 0, 0, tzinfo=timezone.utc), + value=application_credential, + key_id=uuid.uuid4() + ) + ) + print(password_credentials) + print([password.__dict__ for password in password_credentials]) + graph_rbac_client.applications.patch( + application_object_id=application.object_id, + parameters=ApplicationUpdateParameters( + password_credentials=password_credentials + ) + ) + password_credentials = list(graph_rbac_client.applications.list_password_credentials(application_object_id=application.object_id)) + print(password_credentials) service_principal = next(graph_rbac_client.service_principals.list( filter="appId eq '{}'".format(application.app_id))) else: @@ -371,22 +388,22 @@ def stop(self): } print("Creating the Azure resources.") - # create resource group - with Spinner(): - resource_group_id = create_resource_group(creds, subscription_id, **kwargs) - kwargs["resource_group_id"] = resource_group_id - print("Created resource group.") + # # create resource group + # with Spinner(): + # resource_group_id = create_resource_group(creds, subscription_id, **kwargs) + # kwargs["resource_group_id"] = resource_group_id + # print("Created resource group.") - # create storage account - with Spinner(): - storage_account_id = create_storage_account(creds, subscription_id, **kwargs) - kwargs["storage_account_id"] = storage_account_id - print("Created Storage group.") + # # create storage account + # with Spinner(): + # storage_account_id = create_storage_account(creds, subscription_id, **kwargs) + # kwargs["storage_account_id"] = storage_account_id + # print("Created Storage group.") - # create batch account - with Spinner(): - batch_account_id = create_batch_account(creds, subscription_id, **kwargs) - print("Created Batch account.") + # # create batch account + # with Spinner(): + # batch_account_id = create_batch_account(creds, subscription_id, **kwargs) + # print("Created Batch account.") # create vnet with a subnet # subnet_id = create_vnet(creds, subscription_id) @@ -401,19 +418,19 @@ def stop(self): application_id, service_principal_object_id, application_credential = create_aad_user(aad_cred, tenant_id, **kwargs) print("Created Azure Active Directory service principal.") - with Spinner(): - create_role_assignment(creds, subscription_id, resource_group_id, service_principal_object_id) - print("Configured permsisions.") - - secrets = format_secrets( - **{ - "tenant_id": tenant_id, - "client_id": application_id, - "credential": application_credential, - # "subnet_id": subnet_id, - "batch_account_resource_id": batch_account_id, - "storage_account_resource_id": storage_account_id - } - ) + # with Spinner(): + # create_role_assignment(creds, subscription_id, resource_group_id, service_principal_object_id) + # print("Configured permsisions.") + + # secrets = format_secrets( + # **{ + # "tenant_id": tenant_id, + # "client_id": application_id, + # "credential": application_credential, + # # "subnet_id": subnet_id, + # "batch_account_resource_id": batch_account_id, + # "storage_account_resource_id": storage_account_id + # } + # ) print("\n# Copy the following into your .aztk/secrets.yaml file\n{}".format(secrets)) From 043a275827aef3d63c1c6685e12d36d204ad0665 Mon Sep 17 00:00:00 2001 From: Jake Freck Date: Mon, 21 May 2018 10:42:36 -0700 Subject: [PATCH 2/4] add start_date graph rbac client bug workaround --- account_setup.py | 60 +++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/account_setup.py b/account_setup.py index 0e81e126..aa49ae4a 100644 --- a/account_setup.py +++ b/account_setup.py @@ -189,6 +189,7 @@ def create_aad_user(credentials, tenant_id, **kwargs): display_name=display_name, password_credentials=[ PasswordCredential( + start_date=datetime(2000, 1, 1, 0, 0, 0, 0, tzinfo=timezone.utc), end_date=datetime(2299, 12, 31, 0, 0, 0, 0, tzinfo=timezone.utc), value=application_credential, key_id=uuid.uuid4() @@ -213,6 +214,7 @@ def create_aad_user(credentials, tenant_id, **kwargs): password_credentials = list(graph_rbac_client.applications.list_password_credentials(application_object_id=application.object_id)) password_credentials.append( PasswordCredential( + start_date=datetime(2000, 1, 1, 0, 0, 0, 0, tzinfo=timezone.utc), end_date=datetime(2299, 12, 31, 0, 0, 0, 0, tzinfo=timezone.utc), value=application_credential, key_id=uuid.uuid4() @@ -388,22 +390,22 @@ def stop(self): } print("Creating the Azure resources.") - # # create resource group - # with Spinner(): - # resource_group_id = create_resource_group(creds, subscription_id, **kwargs) - # kwargs["resource_group_id"] = resource_group_id - # print("Created resource group.") + # create resource group + with Spinner(): + resource_group_id = create_resource_group(creds, subscription_id, **kwargs) + kwargs["resource_group_id"] = resource_group_id + print("Created resource group.") - # # create storage account - # with Spinner(): - # storage_account_id = create_storage_account(creds, subscription_id, **kwargs) - # kwargs["storage_account_id"] = storage_account_id - # print("Created Storage group.") + # create storage account + with Spinner(): + storage_account_id = create_storage_account(creds, subscription_id, **kwargs) + kwargs["storage_account_id"] = storage_account_id + print("Created Storage group.") - # # create batch account - # with Spinner(): - # batch_account_id = create_batch_account(creds, subscription_id, **kwargs) - # print("Created Batch account.") + # create batch account + with Spinner(): + batch_account_id = create_batch_account(creds, subscription_id, **kwargs) + print("Created Batch account.") # create vnet with a subnet # subnet_id = create_vnet(creds, subscription_id) @@ -414,23 +416,23 @@ def stop(self): aad_cred, subscirption_id, tenant_id = profile.get_login_credentials( resource=AZURE_PUBLIC_CLOUD.endpoints.active_directory_graph_resource_id ) - application_id, service_principal_object_id, application_credential = create_aad_user(aad_cred, tenant_id, **kwargs) + print("Created Azure Active Directory service principal.") - # with Spinner(): - # create_role_assignment(creds, subscription_id, resource_group_id, service_principal_object_id) - # print("Configured permsisions.") - - # secrets = format_secrets( - # **{ - # "tenant_id": tenant_id, - # "client_id": application_id, - # "credential": application_credential, - # # "subnet_id": subnet_id, - # "batch_account_resource_id": batch_account_id, - # "storage_account_resource_id": storage_account_id - # } - # ) + with Spinner(): + create_role_assignment(creds, subscription_id, resource_group_id, service_principal_object_id) + print("Configured permsisions.") + + secrets = format_secrets( + **{ + "tenant_id": tenant_id, + "client_id": application_id, + "credential": application_credential, + # "subnet_id": subnet_id, + "batch_account_resource_id": batch_account_id, + "storage_account_resource_id": storage_account_id + } + ) print("\n# Copy the following into your .aztk/secrets.yaml file\n{}".format(secrets)) From 40ce862c81b074432c17ff1a60530d1a07076c1d Mon Sep 17 00:00:00 2001 From: Jake Freck Date: Mon, 21 May 2018 10:44:36 -0700 Subject: [PATCH 3/4] remove debug --- account_setup.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/account_setup.py b/account_setup.py index aa49ae4a..11b35c91 100644 --- a/account_setup.py +++ b/account_setup.py @@ -220,16 +220,12 @@ def create_aad_user(credentials, tenant_id, **kwargs): key_id=uuid.uuid4() ) ) - print(password_credentials) - print([password.__dict__ for password in password_credentials]) graph_rbac_client.applications.patch( application_object_id=application.object_id, parameters=ApplicationUpdateParameters( password_credentials=password_credentials ) ) - password_credentials = list(graph_rbac_client.applications.list_password_credentials(application_object_id=application.object_id)) - print(password_credentials) service_principal = next(graph_rbac_client.service_principals.list( filter="appId eq '{}'".format(application.app_id))) else: From 4caeed61a03cd251fa3364aa6b8b7f7035a8830f Mon Sep 17 00:00:00 2001 From: Jake Freck Date: Mon, 21 May 2018 12:32:20 -0700 Subject: [PATCH 4/4] typos --- account_setup.py | 4 ++-- account_setup.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/account_setup.py b/account_setup.py index 11b35c91..0ecf5454 100644 --- a/account_setup.py +++ b/account_setup.py @@ -269,7 +269,7 @@ def create_role_assignment(credentials, subscription_id, scope, principal_id): def format_secrets(**kwargs): ''' - Retuns the secrets for the created resources to be placed in secrets.yaml + Returns the secrets for the created resources to be placed in secrets.yaml The following form is returned: service_principal: @@ -396,7 +396,7 @@ def stop(self): with Spinner(): storage_account_id = create_storage_account(creds, subscription_id, **kwargs) kwargs["storage_account_id"] = storage_account_id - print("Created Storage group.") + print("Created Storage account.") # create batch account with Spinner(): diff --git a/account_setup.sh b/account_setup.sh index db050a2b..01cde2c9 100644 --- a/account_setup.sh +++ b/account_setup.sh @@ -1,8 +1,8 @@ #!/bin/bash -echo "Installing depdendencies..." && +echo "Installing dependencies..." && pip install --force-reinstall --upgrade --user pyyaml==3.12 azure==3.0.0 azure-cli-core==2.0.30 msrestazure==0.4.25 > /dev/null 2>&1 && -echo "Finished installing depdencies." && +echo "Finished installing dependencies." && echo "Getting account setup script..." && wget -q https://raw.githubusercontent.com/Azure/aztk/v0.7.0/account_setup.py -O account_setup.py && chmod 755 account_setup.py &&