o i$@sddlZddlZddlmZmZmZmZddlZddlm Z m Z m Z m Z ddl mZddlmZddlmZddlmZd d lmZd d lmZd d lmZeeeefZeeZGd ddZdS)N)OptionalUnionAnycast) AccessTokenAccessTokenInfoTokenRequestOptionsSupportsTokenInfo)CredentialUnavailableError)EnvironmentVariables) within_dac) log_get_token)CertificateCredential)ClientSecretCredential)UsernamePasswordCredentialc @seZdZdZdeddfddZdddZd eddfd d Zdd d Ze dddde de e de e dede f ddZ e ddde de edefddZdS)EnvironmentCredentialaA credential configured by environment variables. This credential is capable of authenticating as a service principal using a client secret or a certificate. Configuration is attempted in this order, using these environment variables: Service principal with secret: - **AZURE_TENANT_ID**: ID of the service principal's tenant. Also called its 'directory' ID. - **AZURE_CLIENT_ID**: the service principal's client ID - **AZURE_CLIENT_SECRET**: one of the service principal's client secrets - **AZURE_AUTHORITY_HOST**: authority of a Microsoft Entra endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud, which is the default when no value is given. Service principal with certificate: - **AZURE_TENANT_ID**: ID of the service principal's tenant. Also called its 'directory' ID. - **AZURE_CLIENT_ID**: the service principal's client ID - **AZURE_CLIENT_CERTIFICATE_PATH**: path to a PEM or PKCS12 certificate file including the private key. - **AZURE_CLIENT_CERTIFICATE_PASSWORD**: (optional) password of the certificate file, if any. - **AZURE_CLIENT_SEND_CERTIFICATE_CHAIN**: (optional) If True, the credential will send the public certificate chain in the x5c header of each token request's JWT. This is required for Subject Name/Issuer (SNI) authentication. Defaults to False. - **AZURE_AUTHORITY_HOST**: authority of a Microsoft Entra endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud, which is the default when no value is given. .. admonition:: Example: .. literalinclude:: ../samples/credential_creation_code_snippets.py :start-after: [START create_environment_credential] :end-before: [END create_environment_credential] :language: python :dedent: 4 :caption: Create an EnvironmentCredential. kwargsreturnNc Ksd|_tddtjDr&tdtjtjtjtjtjtj d||_nitddtj DrXt dtjtjtjtj tjtj tj tjttj tjdd||_n7tddtjDrtdtjtjtjtjtjtjtj tj dd ||_tjd tt rd nd d |jrtd|jjjdSttj tjtj}dd|D}|rt| drtj ntj!dd"|dStddS)Ncs |] }tj|duVqdSNosenvironget.0vr^/home/app/Keep/.python/lib/python3.10/site-packages/azure/identity/_credentials/environment.py ?z1EnvironmentCredential.__init__..) client_id client_secret tenant_idcsrrrrrrr r!Fr"F)r#r%Zcertificate_pathpasswordZsend_certificate_chaincsrrrrrrr r!Qr"T)r#usernamer&r%Z_silence_deprecation_warningzEnvironment is configured to use username and password authentication. This authentication method is deprecated, as it doesn't support multifactor authentication (MFA). For more details, see https://aka.ms/azsdk/identity/mfa.r ) stacklevelz Environment is configured for %scSsg|] }|tjvr|qSr)rrrrrr jsz2EnvironmentCredential.__init__..Z _within_dacz[Incomplete environment configuration for EnvironmentCredential. These variables are set: %sz, z#No environment configuration found.r)# _credentialallr ZCLIENT_SECRET_VARSrrrZAZURE_CLIENT_IDZAZURE_CLIENT_SECRETZAZURE_TENANT_IDZ CERT_VARSrZAZURE_CLIENT_CERTIFICATE_PATHrZ!AZURE_CLIENT_CERTIFICATE_PASSWORDboolZ#AZURE_CLIENT_SEND_CERTIFICATE_CHAINZUSERNAME_PASSWORD_VARSrZAZURE_USERNAMEZAZURE_PASSWORDwarningswarnDeprecationWarningr _LOGGERinfo __class____name__setlogloggingINFOWARNINGjoin)selfrZexpected_variablesZ set_variablesrrr __init__<sj              zEnvironmentCredential.__init__cCs|jr|j|Sr)r+ __enter__r;rrr r=ts zEnvironmentCredential.__enter__argscGs|jr |jj|dSdSr)r+__exit__)r;r?rrr r@yszEnvironmentCredential.__exit__cCs |dS)z)Close the credential's transport session.N)r@r>rrr close}s zEnvironmentCredential.closeclaimsr%scopesrCr%cOs,|js d}t|d|jj|||d|S)a@Request an access token for `scopes`. This method is called automatically by Azure SDK clients. :param str scopes: desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. :keyword str claims: additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure. :keyword str tenant_id: optional tenant to include in the token request. :return: An access token with the desired scopes. :rtype: ~azure.core.credentials.AccessToken :raises ~azure.identity.CredentialUnavailableError: environment variable configuration is incomplete EnvironmentCredential authentication unavailable. Environment variables are not fully configured. Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot this issue.messagerB)r+r get_token)r;rCr%rDrrGrrr rHs  zEnvironmentCredential.get_token)optionsrIcGs,|js d}t|dtt|jj|d|iS)aRequest an access token for `scopes`. This is an alternative to `get_token` to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients. :param str scopes: desired scope for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. :keyword options: A dictionary of options for the token request. Unknown options will be ignored. Optional. :paramtype options: ~azure.core.credentials.TokenRequestOptions :rtype: ~azure.core.credentials.AccessTokenInfo :return: An AccessTokenInfo instance containing information about the token. :raises ~azure.identity.CredentialUnavailableError: environment variable configuration is incomplete. rErFrI)r+r rr get_token_info)r;rIrDrGrrr rJs  z$EnvironmentCredential.get_token_info)rr)rN)r4 __module__ __qualname____doc__rr<r=r@rArstrrrrHrrrJrrrr rs*# 8  &r) r7rtypingrrrrr.Zazure.core.credentialsrrrr r _constantsr _internalr Z_internal.decoratorsrZ certificaterr$rZ user_passwordrZEnvironmentCredentialTypes getLoggerr4r1rrrrr s