|
 |
bc94d5 |
From e339f304d4423a0e661d915f72ba88553b21d74a Mon Sep 17 00:00:00 2001
|
|
|
bc94d5 |
From: MSSedusch <sedusch@microsoft.com>
|
|
|
bc94d5 |
Date: Tue, 28 Sep 2021 12:23:37 +0000
|
|
|
bc94d5 |
Subject: [PATCH 1/2] add support for sovereign clouds and MSI
|
|
|
bc94d5 |
|
|
|
bc94d5 |
---
|
|
|
bc94d5 |
lib/azure_fence.py.py | 14 ++++++++------
|
|
|
bc94d5 |
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
|
bc94d5 |
|
|
|
bc94d5 |
diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py
|
|
|
bc94d5 |
index 1f38bd4ea..75b63fdad 100644
|
|
|
bc94d5 |
--- a/lib/azure_fence.py.py
|
|
|
bc94d5 |
+++ b/lib/azure_fence.py.py
|
|
|
bc94d5 |
@@ -286,11 +286,11 @@ def get_azure_credentials(config):
|
|
|
bc94d5 |
credentials = None
|
|
|
bc94d5 |
cloud_environment = get_azure_cloud_environment(config)
|
|
|
bc94d5 |
if config.UseMSI and cloud_environment:
|
|
|
bc94d5 |
- from msrestazure.azure_active_directory import MSIAuthentication
|
|
|
bc94d5 |
- credentials = MSIAuthentication(cloud_environment=cloud_environment)
|
|
|
bc94d5 |
+ from azure.identity import ManagedIdentityCredential
|
|
|
bc94d5 |
+ credentials = ManagedIdentityCredential(cloud_environment=cloud_environment)
|
|
|
bc94d5 |
elif config.UseMSI:
|
|
|
bc94d5 |
- from msrestazure.azure_active_directory import MSIAuthentication
|
|
|
bc94d5 |
- credentials = MSIAuthentication()
|
|
|
bc94d5 |
+ from azure.identity import ManagedIdentityCredential
|
|
|
bc94d5 |
+ credentials = ManagedIdentityCredential()
|
|
|
bc94d5 |
elif cloud_environment:
|
|
|
bc94d5 |
try:
|
|
|
bc94d5 |
# try to use new libraries ClientSecretCredential (azure.identity, based on azure.core)
|
|
|
bc94d5 |
@@ -340,7 +340,8 @@ def get_azure_compute_client(config):
|
|
|
bc94d5 |
compute_client = ComputeManagementClient(
|
|
|
bc94d5 |
credentials,
|
|
|
bc94d5 |
config.SubscriptionId,
|
|
|
bc94d5 |
- base_url=cloud_environment.endpoints.resource_manager
|
|
|
bc94d5 |
+ base_url=cloud_environment.endpoints.resource_manager,
|
|
|
bc94d5 |
+ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
|
|
bc94d5 |
)
|
|
|
bc94d5 |
else:
|
|
|
bc94d5 |
compute_client = ComputeManagementClient(
|
|
|
bc94d5 |
@@ -359,7 +360,8 @@ def get_azure_network_client(config):
|
|
|
bc94d5 |
network_client = NetworkManagementClient(
|
|
|
bc94d5 |
credentials,
|
|
|
bc94d5 |
config.SubscriptionId,
|
|
|
bc94d5 |
- base_url=cloud_environment.endpoints.resource_manager
|
|
|
bc94d5 |
+ base_url=cloud_environment.endpoints.resource_manager,
|
|
|
bc94d5 |
+ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
|
|
bc94d5 |
)
|
|
|
bc94d5 |
else:
|
|
|
bc94d5 |
network_client = NetworkManagementClient(
|
|
|
bc94d5 |
|
|
|
bc94d5 |
From f08f02a7561e78dd9c95c66ccdcf6246c5ee7d6a Mon Sep 17 00:00:00 2001
|
|
|
bc94d5 |
From: MSSedusch <sedusch@microsoft.com>
|
|
|
bc94d5 |
Date: Fri, 1 Oct 2021 15:28:39 +0000
|
|
|
bc94d5 |
Subject: [PATCH 2/2] compatiblity fix
|
|
|
bc94d5 |
|
|
|
bc94d5 |
---
|
|
|
bc94d5 |
lib/azure_fence.py.py | 54 ++++++++++++++++++++++++++++++-------------
|
|
|
bc94d5 |
1 file changed, 38 insertions(+), 16 deletions(-)
|
|
|
bc94d5 |
|
|
|
bc94d5 |
diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py
|
|
|
bc94d5 |
index 75b63fdad..5ca71eb42 100644
|
|
|
bc94d5 |
--- a/lib/azure_fence.py.py
|
|
|
bc94d5 |
+++ b/lib/azure_fence.py.py
|
|
|
bc94d5 |
@@ -286,11 +286,19 @@ def get_azure_credentials(config):
|
|
|
bc94d5 |
credentials = None
|
|
|
bc94d5 |
cloud_environment = get_azure_cloud_environment(config)
|
|
|
bc94d5 |
if config.UseMSI and cloud_environment:
|
|
|
bc94d5 |
- from azure.identity import ManagedIdentityCredential
|
|
|
bc94d5 |
- credentials = ManagedIdentityCredential(cloud_environment=cloud_environment)
|
|
|
bc94d5 |
+ try:
|
|
|
bc94d5 |
+ from azure.identity import ManagedIdentityCredential
|
|
|
bc94d5 |
+ credentials = ManagedIdentityCredential(cloud_environment=cloud_environment)
|
|
|
bc94d5 |
+ except ImportError:
|
|
|
bc94d5 |
+ from msrestazure.azure_active_directory import MSIAuthentication
|
|
|
bc94d5 |
+ credentials = MSIAuthentication(cloud_environment=cloud_environment)
|
|
|
bc94d5 |
elif config.UseMSI:
|
|
|
bc94d5 |
- from azure.identity import ManagedIdentityCredential
|
|
|
bc94d5 |
- credentials = ManagedIdentityCredential()
|
|
|
bc94d5 |
+ try:
|
|
|
bc94d5 |
+ from azure.identity import ManagedIdentityCredential
|
|
|
bc94d5 |
+ credentials = ManagedIdentityCredential()
|
|
|
bc94d5 |
+ except ImportError:
|
|
|
bc94d5 |
+ from msrestazure.azure_active_directory import MSIAuthentication
|
|
|
bc94d5 |
+ credentials = MSIAuthentication()
|
|
|
bc94d5 |
elif cloud_environment:
|
|
|
bc94d5 |
try:
|
|
|
bc94d5 |
# try to use new libraries ClientSecretCredential (azure.identity, based on azure.core)
|
|
|
bc94d5 |
@@ -337,12 +345,19 @@ def get_azure_compute_client(config):
|
|
|
bc94d5 |
credentials = get_azure_credentials(config)
|
|
|
bc94d5 |
|
|
|
bc94d5 |
if cloud_environment:
|
|
|
bc94d5 |
- compute_client = ComputeManagementClient(
|
|
|
bc94d5 |
- credentials,
|
|
|
bc94d5 |
- config.SubscriptionId,
|
|
|
bc94d5 |
- base_url=cloud_environment.endpoints.resource_manager,
|
|
|
bc94d5 |
- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
|
|
bc94d5 |
- )
|
|
|
bc94d5 |
+ try:
|
|
|
bc94d5 |
+ compute_client = ComputeManagementClient(
|
|
|
bc94d5 |
+ credentials,
|
|
|
bc94d5 |
+ config.SubscriptionId,
|
|
|
bc94d5 |
+ base_url=cloud_environment.endpoints.resource_manager,
|
|
|
bc94d5 |
+ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
|
|
bc94d5 |
+ )
|
|
|
bc94d5 |
+ except TypeError:
|
|
|
bc94d5 |
+ compute_client = ComputeManagementClient(
|
|
|
bc94d5 |
+ credentials,
|
|
|
bc94d5 |
+ config.SubscriptionId,
|
|
|
bc94d5 |
+ base_url=cloud_environment.endpoints.resource_manager
|
|
|
bc94d5 |
+ )
|
|
|
bc94d5 |
else:
|
|
|
bc94d5 |
compute_client = ComputeManagementClient(
|
|
|
bc94d5 |
credentials,
|
|
|
bc94d5 |
@@ -357,12 +372,19 @@ def get_azure_network_client(config):
|
|
|
bc94d5 |
credentials = get_azure_credentials(config)
|
|
|
bc94d5 |
|
|
|
bc94d5 |
if cloud_environment:
|
|
|
bc94d5 |
- network_client = NetworkManagementClient(
|
|
|
bc94d5 |
- credentials,
|
|
|
bc94d5 |
- config.SubscriptionId,
|
|
|
bc94d5 |
- base_url=cloud_environment.endpoints.resource_manager,
|
|
|
bc94d5 |
- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
|
|
bc94d5 |
- )
|
|
|
bc94d5 |
+ try:
|
|
|
bc94d5 |
+ network_client = NetworkManagementClient(
|
|
|
bc94d5 |
+ credentials,
|
|
|
bc94d5 |
+ config.SubscriptionId,
|
|
|
bc94d5 |
+ base_url=cloud_environment.endpoints.resource_manager,
|
|
|
bc94d5 |
+ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
|
|
bc94d5 |
+ )
|
|
|
bc94d5 |
+ except TypeError:
|
|
|
bc94d5 |
+ network_client = NetworkManagementClient(
|
|
|
bc94d5 |
+ credentials,
|
|
|
bc94d5 |
+ config.SubscriptionId,
|
|
|
bc94d5 |
+ base_url=cloud_environment.endpoints.resource_manager
|
|
|
bc94d5 |
+ )
|
|
|
bc94d5 |
else:
|
|
|
bc94d5 |
network_client = NetworkManagementClient(
|
|
|
bc94d5 |
credentials,
|