Adding ADAL wrapper to msrestazure #8
Conversation
|
@brettcannon also suggests: from msrestazure.azure_active_directory import AdalAuthentication
import adal
context = adal.AuthenticationContext('https://login.microsoftonline.com/common')
return AdalAuthentication(
context.acquire_token_with_username_password,
'https://management.core.windows.net/',
'unittest@myaccountoutlook.onmicrosoft.com',
'PASSWORD!!!',
'04b07795-8ddb-461a-bbee-02f9e1bf7b46' # Xplat CLI or yours
)IOW, use args/kwargs to avoid the lambda syntax |
|
Adding support for @brettcannon syntax. Now both syntax (lambda + args/kwargs) are supported the same, depending of the coders habits. |
| #pylint: disable=no-member | ||
| if (hasattr(err, 'error_response') and ('error_description' in err.error_response) | ||
| and ('AADSTS70008:' in err.error_response['error_description'])): | ||
| raise Expired("Credentials have expired due to inactivity. Please run 'az login'") |
There was a problem hiding this comment.
consider changing this error message, since this is not the CLI and they can't run az login.
|
|
| @@ -39,10 +39,16 @@ | |||
| MismatchingStateError, | |||
| OAuth2Error, | |||
| TokenExpiredError) | |||
| from requests import RequestException | |||
| from requests import ( | |||
| RequestException, | |||
There was a problem hiding this comment.
There's no need to make this span multiple lines. Same goes for other imports.
| @@ -525,3 +531,32 @@ def set_token(self, response_url): | |||
| raise_with_traceback(AuthenticationError, "", err) | |||
| else: | |||
| self.token = token | |||
|
|
|||
| class AdalAuthentication(Authentication):#pylint: disable=too-few-public-methods | |||
There was a problem hiding this comment.
Two spaces between : and #.
| @@ -525,3 +531,32 @@ def set_token(self, response_url): | |||
| raise_with_traceback(AuthenticationError, "", err) | |||
| else: | |||
| self.token = token | |||
|
|
|||
| class AdalAuthentication(Authentication):#pylint: disable=too-few-public-methods | |||
There was a problem hiding this comment.
Probably a docstring that explains what the class is about. Same goes for methods.
| def signed_session(self): | ||
| session = super(AdalAuthentication, self).signed_session() | ||
|
|
||
| import adal # Adal is not mandatory |
There was a problem hiding this comment.
If you make adal mandatory then this should move to the top of the file.
| if (hasattr(err, 'error_response') and ('error_description' in err.error_response) | ||
| and ('AADSTS70008:' in err.error_response['error_description'])): | ||
| raise Expired("Credentials have expired due to inactivity.") | ||
|
|
There was a problem hiding this comment.
Replace the blank line with an else: clause.
|
|
||
| header = "{} {}".format(scheme, token) | ||
| session.headers['Authorization'] = header | ||
| return session |
There was a problem hiding this comment.
Missing a newline at the end of the file.
|
|
||
| try: | ||
| raw_token = self._adal_method(*self._args, **self._kwargs) | ||
| scheme, token = raw_token['tokenType'], raw_token['accessToken'] |
There was a problem hiding this comment.
This should be moved outside of the try block as it won't trigger an AdalError.
|
@brettcannon I think I made the changes |
|
@lmazuel - not really, it's nice and simple :). |
| raise ConnectionError("Plug the network") | ||
| credentials = AdalAuthentication(connection_error) | ||
| with self.assertRaises(AuthenticationError) as cm: | ||
| session = credentials.signed_session() | ||
|
|
||
| if __name__ == '__main__': | ||
| unittest.main() |
There was a problem hiding this comment.
Missing a newline at the end of the file.
|
|
||
|
|
||
| class AdalAuthentication(Authentication): # pylint: disable=too-few-public-methods | ||
| """A wrapper to use ADAL for Python easily to authenticate on Azure. |
There was a problem hiding this comment.
Put the closing """ on the same line and have a newline between it and __init__().
There was a problem hiding this comment.
General question: should I PEP8 or/and flake8 or/and PyLint or/and mypy?
After discussion with @begoldsm, this allows people other than us (Python team or CLI team) to connect using ADAL, without forcing on ADAL features.
Samples:
This is a 99% copy/paste from CLI code, I almost didn't code anything here, just backport the code from @yugangw-msft. I didn't include ADAL in
install_requiresfor now on purpose, I think it's more interesting to do it inextra_requires. And be clear in the documentation. Also the main advantage here is that we don't own any ADAL features, so any new stuff can be used directly without changingmsrestazure.@annatisch @brettcannon what do you think?