o i:@sJddlmZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z m Z m Z ddl mZmZmZddlmZddlmZddlmZmZmZmZmZdd lmZeeZd Z d Z!gd Z"d Z#dZ$GdddZ%de&de efddZ'de&fddZ(de&de&fddZ)de&de e&fddZ*de e&de+de&fddZ,dS))datetimeN)AnyDictListOptional) AccessTokenAccessTokenInfoTokenRequestOptions)ClientAuthenticationError)CredentialUnavailableError) encode_base64resolve_tenant within_dacvalidate_tenant_idvalidate_scope) log_get_tokenzAzure Developer CLI could not be found. Please visit https://aka.ms/azure-dev for installation instructions and then,once installed, authenticate to your Azure account using 'azd auth login'.zClaims challenges are not supported by the Azure Developer CLI version you are using. Please update to version 1.18.1 or later.)authtokenz--outputjsonz --no-promptZazdz_Please run 'azd auth login' from a command prompt to authenticate before using this credential.c @seZdZdZdddddedeeeded dfd d Zdd d Z de d dfddZ d ddZ e ddddedeedeede d ef ddZe dddedeed efddZdddedeede d efddZdS)!AzureDeveloperCliCredentiala" Authenticates by requesting a token from the Azure Developer CLI. Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific to Azure developers. It allows users to authenticate as a user and/or a service principal against `Microsoft Entra ID <"https://learn.microsoft.com/entra/fundamentals/">`__. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of the logged-in user or service principal in Azure Developer CLI. It acts as the Azure Developer CLI logged-in user or service principal and executes an Azure CLI command underneath to authenticate the application against Microsoft Entra ID. To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the commands below: * Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user. * Run "azd auth login --client-id 'client_id' --client-secret 'client_secret' --tenant-id 'tenant_id'" to authenticate as a service principal. You may need to repeat this process after a certain time period, depending on the refresh token validity in your organization. Generally, the refresh token validity period is a few weeks to a few months. AzureDeveloperCliCredential will prompt you to sign in again. :keyword str tenant_id: Optional tenant to include in the token request. :keyword List[str] additionally_allowed_tenants: Specifies tenants in addition to the specified "tenant_id" for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application can access. :keyword int process_timeout: Seconds to wait for the Azure Developer CLI process to respond. Defaults to 10 seconds. .. admonition:: Example: .. literalinclude:: ../samples/credential_creation_code_snippets.py :start-after: [START azure_developer_cli_credential] :end-before: [END azure_developer_cli_credential] :language: python :dedent: 4 :caption: Create an AzureDeveloperCliCredential. N ) tenant_idadditionally_allowed_tenantsprocess_timeoutrrrreturncCs&|rt|||_|p g|_||_dSN)rr_additionally_allowed_tenants_process_timeout)selfrrrr!Z/home/app/Keep/.python/lib/python3.10/site-packages/azure/identity/_credentials/azd_cli.py__init__Ps   z$AzureDeveloperCliCredential.__init__cCs|Srr!r r!r!r" __enter__]z%AzureDeveloperCliCredential.__enter__argscGsdSrr!)r r'r!r!r"__exit__`r&z$AzureDeveloperCliCredential.__exit__cCsdS)z#Calling this method is unnecessary.Nr!r$r!r!r"closecsz!AzureDeveloperCliCredential.close)claimsrscopesr*kwargscOs>i}|r||d<|r||d<|j|d|i|}t|j|jS)aRequest an access token for `scopes`. This method is called automatically by Azure SDK clients. Applications calling this method directly must also handle token caching because this credential doesn't cache the tokens it acquires. :param str scopes: desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. :keyword str claims: additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure. :keyword str tenant_id: optional tenant to include in the token request. :return: An access token with the desired scopes. :rtype: ~azure.core.credentials.AccessToken :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure Developer CLI. :raises ~azure.core.exceptions.ClientAuthenticationError: the credential invoked the Azure Developer CLI but didn't receive an access token. rr*options)_get_token_baserr expires_on)r r*rr+r,r-Z token_infor!r!r" get_tokenfsz%AzureDeveloperCliCredential.get_token)r-r-cGs|j|d|iS)aRequest an access token for `scopes`. This is an alternative to `get_token` to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients. Applications calling this method directly must also handle token caching because this credential doesn't cache the tokens it acquires. :param str scopes: desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. :keyword options: A dictionary of options for the token request. Unknown options will be ignored. Optional. :paramtype options: ~azure.core.credentials.TokenRequestOptions :rtype: ~azure.core.credentials.AccessTokenInfo :return: An AccessTokenInfo instance containing information about the token. :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure Developer CLI. :raises ~azure.core.exceptions.ClientAuthenticationError: the credential invoked the Azure Developer CLI but didn't receive an access token. r-)r.)r r-r+r!r!r"get_token_infosz*AzureDeveloperCliCredential.get_token_infocOs|std|r |dnd}|r|dnd}|rt||D]}t|q t}|D]}|d|g7}q-td |j||jd|}|rK|d|g7}|rU|dt |g7}t ||j } t | } | st | } | rj| } n t| } d| d } tr}t| d t| d | S) NzMissing scope in request. rr*z--scope)Zdefault_tenantrrz --tenant-idz--claimsz-Unexpected output from Azure Developer CLI: 'z'. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/azdevclicredential/troubleshoot.messager!) ValueErrorgetrr COMMAND_LINEcopyrrrr _run_commandr parse_tokenextract_cli_error_messagesanitize_outputrr r )r r-r+r,rr*scope command_argsZtenantoutputrZ extractedr3Zsanitized_outputr!r!r"r.sF      z+AzureDeveloperCliCredential._get_token_base)rr)rN)__name__ __module__ __qualname____doc__strrrintr#r%rr(r)rrr0r rr1r.r!r!r!r"r(sV*    $"rr>rc CsPzt|}t|dd}|}t|dt|WSttfy'YdSw)anParse to an AccessToken. In particular, convert the "expiresOn" value to epoch seconds. This value is a naive local datetime as returned by datetime.fromtimestamp. :param str output: The output of the Azure Developer CLI command. :return: An AccessToken or None if the output isn't valid. :rtype: azure.core.credentials.AccessToken or None Z expiresOnz%Y-%m-%dT%H:%M:%SZrN) rloadsrstrptime timestamprrDKeyErrorr4)r>rdtr/r!r!r"r9s r9cCs.tjdrtjd}|stdd|SdS)aInvoke 'azd' from a directory controlled by the OS, not the executing program's directory. :return: The path to the directory. :rtype: str :raises ~azure.identity.CredentialUnavailableError: the SYSTEMROOT environment variable is not set. winZ SYSTEMROOTzJAzure Developer CLI credential expects a 'SystemRoot' environment variabler2z/bin)sysplatform startswithosenvironr5r )pathr!r!r"get_safe_working_dirs  rQcCstdd|S)zRedact tokens from CLI output to prevent error messages revealing them. :param str output: The output of the Azure Developer CLI command. :return: The output with tokens redacted. :rtype: str z\"token\": \"(.*?)(\"|$)z****)resub)r>r!r!r"r;sr;c Csg}|D]U}|}|sqzt|}Wn tjy Yqwt|tr[|d}t|trF|d}t|trF|rF| |q|d}t|tr[|r[| |q|s`dS|D]}d| vrpt |Sqbt |dkr}t |dSt |dS)a Extract a single, user-friendly message from azd consoleMessage JSON output. :param str output: The output from the Azure Developer CLI command. :return: A user-friendly error message if found, otherwise None. :rtype: Optional[str] Preference order: 1) A message containing "Suggestion" (case-insensitive) 2) The second message if multiple are present 3) The first message if only one exists Returns None if no messages can be parsed. datar3NZ suggestionr) splitlinesstriprrEJSONDecodeError isinstancedictr5rCappendlowerr;len)r>messageslineobjrTmsgr!r!r"r:s<           r:r=timeoutc Cstt}|s ttd|g|}z#t}tjtj|dt t j dd|d}t d|tj|fi|WStjy}zb|jdksM|jdurS|jdrSttd|d |jpYd |jp]d }d |vrmd |vrmttd|d |vrwttd|t|jp|d pt|jpd p|jrt|jnd}trt|d|t|d|d}~wty}z td|dd} | |d}~wty}ztdd} | |d}~ww)Nr2Ttrue)NO_COLOR)stderrstdincwduniversal_newlinesenvrcz4Executing subprocess with the following arguments %sz'azd' is not recognizedz{} {}rz,not logged in, run `azd auth login` to loginZAADSTSzunknown flag: --claimsz$Failed to invoke Azure Developer CLIzFailed to execute '{}'rz(Failed to invoke the Azure Developer CLI)shutilwhichEXECUTABLE_NAMEr CLI_NOT_FOUNDrQ subprocessPIPEDEVNULLr[rNrO_LOGGERdebug check_outputCalledProcessError returncoderfrMformatr> NOT_LOGGED_INUNKNOWN_CLAIMS_FLAGr:r;rr5r OSError Exception) r=rcZazd_pathr'Zworking_directoryr,exZ combined_textr3errorr!r!r"r83sR             r8)-rrloggingrNrRrlrprKtypingrrrrZazure.core.credentialsrrr Zazure.core.exceptionsr rr _internalr rrrrZ_internal.decoratorsr getLoggerr?rsrorzr6rnryrrCr9rQr;r:rDr8r!r!r!r"s:     + 0