External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-28 00:08:44 -03:30
Code Issues Packages Projects Releases Wiki Activity

Support AzureCloud choices for azure keyvault

Browse Source
This commit is contained in:
Jake McDermott
2020-01-06 15:53:02 -05:00
parent bf3042e85a
commit 2b02b1affd
2 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
awx/main/credential_plugins/azure_kv.py
View File

@@ -3,6 +3,16 @@ from .plugin import CredentialPlugin
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from azure.keyvault import KeyVaultClient, KeyVaultAuthentication from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
from azure.common.credentials import ServicePrincipalCredentials from azure.common.credentials import ServicePrincipalCredentials
from msrestazure import azure_cloud
# https://github.com/Azure/msrestazure-for-python/blob/master/msrestazure/azure_cloud.py
clouds = [
vars(azure_cloud)[n]
for n in dir(azure_cloud)
if n.startswith("AZURE_") and n.endswith("_CLOUD")
]
default_cloud = vars(azure_cloud)["AZURE_PUBLIC_CLOUD"]
azure_keyvault_inputs = { azure_keyvault_inputs = {
@@ -24,6 +34,12 @@ azure_keyvault_inputs = {
'id': 'tenant', 'id': 'tenant',
'label': _('Tenant ID'), 'label': _('Tenant ID'),
'type': 'string' 'type': 'string'
}, {
'id': 'cloud_name',
'label': _('Cloud Environment'),
'help_text': _('Specify which azure cloud environment to use.'),
'choices': list(set([default_cloud.name] + [c.name for c in clouds])),
'default': default_cloud.name
}], }],
'metadata': [{ 'metadata': [{
'id': 'secret_field', 'id': 'secret_field',
@@ -36,12 +52,13 @@ azure_keyvault_inputs = {
'type': 'string', 'type': 'string',
'help_text': _('Used to specify a specific secret version (if left empty, the latest version will be used).'), 'help_text': _('Used to specify a specific secret version (if left empty, the latest version will be used).'),
}], }],
'required': ['url', 'client', 'secret', 'tenant', 'secret_field'], 'required': ['url', 'client', 'secret', 'tenant', 'cloud', 'secret_field'],
} }
def azure_keyvault_backend(**kwargs): def azure_keyvault_backend(**kwargs):
url = kwargs['url'] url = kwargs['url']
[cloud] = [c for c in clouds if c.name == kwargs['cloud_name']]
def auth_callback(server, resource, scope): def auth_callback(server, resource, scope):
credentials = ServicePrincipalCredentials( credentials = ServicePrincipalCredentials(
@@ -49,7 +66,7 @@ def azure_keyvault_backend(**kwargs):
client_id = kwargs['client'], client_id = kwargs['client'],
secret = kwargs['secret'], secret = kwargs['secret'],
tenant = kwargs['tenant'], tenant = kwargs['tenant'],
resource = "https://vault.azure.net", resource = f"https://{cloud.suffixes.keyvault_dns.split('.', 1).pop()}",
) )
token = credentials.token token = credentials.token
return token['token_type'], token['access_token'] return token['token_type'], token['access_token']

6
awx/main/tests/functional/test_credential_plugins.py Normal file
View File

@@ -0,0 +1,6 @@
def test_imported_azure_cloud_sdk_vars():
from awx.main.credential_plugins import azure_kv
assert len(azure_kv.clouds) > 0
assert all([hasattr(c, 'name') for c in azure_kv.clouds])
assert all([hasattr(c, 'suffixes') for c in azure_kv.clouds])
assert all([hasattr(c.suffixes, 'keyvault_dns') for c in azure_kv.clouds])