From e7677299476f7bcff4945acc8c6f2a59136fb06b Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 10 Jun 2021 17:05:26 -0700 Subject: [PATCH 01/30] my changes batch 1 --- .github/CODEOWNERS | 4 +- src/authV2/HISTORY.rst | 8 + src/authV2/README.rst | 5 + src/authV2/azext_authV2/__init__.py | 32 +++ src/authV2/azext_authV2/_client_factory.py | 12 + src/authV2/azext_authV2/_help.py | 38 +++ src/authV2/azext_authV2/_params.py | 82 +++++++ src/authV2/azext_authV2/_validators.py | 20 ++ src/authV2/azext_authV2/azext_metadata.json | 5 + src/authV2/azext_authV2/commands.py | 26 +++ src/authV2/azext_authV2/custom.py | 220 ++++++++++++++++++ src/authV2/azext_authV2/tests/__init__.py | 5 + .../azext_authV2/tests/latest/__init__.py | 5 + .../tests/latest/test_authV2_scenario.py | 40 ++++ src/authV2/setup.cfg | 0 src/authV2/setup.py | 58 +++++ 16 files changed, 559 insertions(+), 1 deletion(-) create mode 100644 src/authV2/HISTORY.rst create mode 100644 src/authV2/README.rst create mode 100644 src/authV2/azext_authV2/__init__.py create mode 100644 src/authV2/azext_authV2/_client_factory.py create mode 100644 src/authV2/azext_authV2/_help.py create mode 100644 src/authV2/azext_authV2/_params.py create mode 100644 src/authV2/azext_authV2/_validators.py create mode 100644 src/authV2/azext_authV2/azext_metadata.json create mode 100644 src/authV2/azext_authV2/commands.py create mode 100644 src/authV2/azext_authV2/custom.py create mode 100644 src/authV2/azext_authV2/tests/__init__.py create mode 100644 src/authV2/azext_authV2/tests/latest/__init__.py create mode 100644 src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py create mode 100644 src/authV2/setup.cfg create mode 100644 src/authV2/setup.py diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index eef2d49d302..40ec4079b4c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -200,4 +200,6 @@ /src/serial-console/ @adrianabedon -/src/dataprotection/ @sambitratha \ No newline at end of file +/src/dataprotection/ @sambitratha + +/src/azext_authV2/ @mkarmark diff --git a/src/authV2/HISTORY.rst b/src/authV2/HISTORY.rst new file mode 100644 index 00000000000..8c34bccfff8 --- /dev/null +++ b/src/authV2/HISTORY.rst @@ -0,0 +1,8 @@ +.. :changelog: + +Release History +=============== + +0.1.0 +++++++ +* Initial release. \ No newline at end of file diff --git a/src/authV2/README.rst b/src/authV2/README.rst new file mode 100644 index 00000000000..33022948174 --- /dev/null +++ b/src/authV2/README.rst @@ -0,0 +1,5 @@ +Microsoft Azure CLI 'authV2' Extension +========================================== + +This package is for the 'authV2' extension. +i.e. 'az authV2' \ No newline at end of file diff --git a/src/authV2/azext_authV2/__init__.py b/src/authV2/azext_authV2/__init__.py new file mode 100644 index 00000000000..62f8543b96d --- /dev/null +++ b/src/authV2/azext_authV2/__init__.py @@ -0,0 +1,32 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +from azure.cli.core import AzCommandsLoader + +from azext_authV2._help import helps # pylint: disable=unused-import + + +class Authv2CommandsLoader(AzCommandsLoader): + + def __init__(self, cli_ctx=None): + from azure.cli.core.commands import CliCommandType + from azext_authV2._client_factory import cf_authV2 + authV2_custom = CliCommandType( + operations_tmpl='azext_authV2.custom#{}', + client_factory=cf_authV2) + super(Authv2CommandsLoader, self).__init__(cli_ctx=cli_ctx, + custom_command_type=authV2_custom) + + def load_command_table(self, args): + from azext_authV2.commands import load_command_table + load_command_table(self, args) + return self.command_table + + def load_arguments(self, command): + from azext_authV2._params import load_arguments + load_arguments(self, command) + + +COMMAND_LOADER_CLS = Authv2CommandsLoader diff --git a/src/authV2/azext_authV2/_client_factory.py b/src/authV2/azext_authV2/_client_factory.py new file mode 100644 index 00000000000..f7f7a165866 --- /dev/null +++ b/src/authV2/azext_authV2/_client_factory.py @@ -0,0 +1,12 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +def cf_authV2(cli_ctx, *_): + + from azure.cli.core.commands.client_factory import get_mgmt_service_client + # TODO: Replace CONTOSO with the appropriate label and uncomment + # from azure.mgmt.CONTOSO import CONTOSOManagementClient + # return get_mgmt_service_client(cli_ctx, CONTOSOManagementClient) + return None diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py new file mode 100644 index 00000000000..e5363847d71 --- /dev/null +++ b/src/authV2/azext_authV2/_help.py @@ -0,0 +1,38 @@ +# coding=utf-8 +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +from knack.help_files import helps # pylint: disable=unused-import + + +helps['authV2'] = """ + type: group + short-summary: Commands to manage Authv2s. +""" + +helps['authV2 create'] = """ + type: command + short-summary: Create a Authv2. +""" + +helps['authV2 list'] = """ + type: command + short-summary: List Authv2s. +""" + +# helps['authV2 delete'] = """ +# type: command +# short-summary: Delete a Authv2. +# """ + +# helps['authV2 show'] = """ +# type: command +# short-summary: Show details of a Authv2. +# """ + +# helps['authV2 update'] = """ +# type: command +# short-summary: Update a Authv2. +# """ diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py new file mode 100644 index 00000000000..e18f8c111bc --- /dev/null +++ b/src/authV2/azext_authV2/_params.py @@ -0,0 +1,82 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- +# pylint: disable=line-too-long + +from knack.arguments import CLIArgumentType +from azure.cli.core.commands.parameters import (get_three_state_flag, get_enum_type) +from azure.mgmt.web.models import BuiltInAuthenticationProvider + +AUTH_TYPES = { + 'AllowAnonymous': 'na', + 'LoginWithAzureActiveDirectory': BuiltInAuthenticationProvider.azure_active_directory, + 'LoginWithFacebook': BuiltInAuthenticationProvider.facebook, + 'LoginWithGoogle': BuiltInAuthenticationProvider.google, + 'LoginWithMicrosoftAccount': BuiltInAuthenticationProvider.microsoft_account, + 'LoginWithTwitter': BuiltInAuthenticationProvider.twitter} + +def load_arguments(self, _): + + from azure.cli.core.commands.parameters import tags_type + from azure.cli.core.commands.validators import get_default_location_from_resource_group + + authV2_name_type = CLIArgumentType(options_list='--authV2-name-name', help='Name of the Authv2.', id_part='name') + + with self.argument_context('webapp auth set') as c: + c.argument('body', options_list=['--body', '-b']) + + with self.argument_context('webapp auth update') as c: + c.argument('set_string', options_list=['--set']) + c.argument('enabled', options_list=['--enabled']) + c.argument('runtime_version', options_list=['--runtime-version']) + c.argument('config_file_path', options_list=['--config-file-path']) + c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action']) + c.argument('redirect_provider', options_list=['--redirect-provider']) + c.argument('enable_token_store', options_list=['--enable-token-store']) + c.argument('require_https', options_list=['--require-https']) + c.argument('proxy_convention', options_list=['--proxy-convention']) + c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header']) + c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header']) + + with self.argument_context('webapp authlegacy update') as c: + c.argument('enabled', arg_type=get_three_state_flag(return_label=True)) + c.argument('token_store_enabled', options_list=['--token-store'], + arg_type=get_three_state_flag(return_label=True), help='use App Service Token Store') + c.argument('action', arg_type=get_enum_type(AUTH_TYPES)) + c.argument('runtime_version', + help='Runtime version of the Authentication/Authorization feature in use for the current app') + c.argument('token_refresh_extension_hours', type=float, help="Hours, must be formattable into a float") + c.argument('allowed_external_redirect_urls', nargs='+', help="One or more urls (space-delimited).") + c.argument('client_id', options_list=['--aad-client-id'], arg_group='Azure Active Directory', + help='Application ID to integrate AAD organization account Sign-in into your web app') + c.argument('client_secret', options_list=['--aad-client-secret'], arg_group='Azure Active Directory', + help='AAD application secret') + c.argument('client_secret_setting_name', options_list=['--aad-client-secret-setting-name'], arg_group='Azure Active Directory', + help='The app setting name that contains the client secret of the relying party application.') + c.argument('client_secret_certificate_thumbprint', options_list=['--aad-client-secret-certificate-thumbprint', '--thumbprint'], arg_group='Azure Active Directory', + help='Alternative to AAD Client Secret, thumbprint of a certificate used for signing purposes') + c.argument('allowed_audiences', nargs='+', options_list=['--aad-allowed-token-audiences'], + arg_group='Azure Active Directory', help="One or more token audiences (space-delimited).") + c.argument('issuer', options_list=['--aad-token-issuer-url'], + help='This url can be found in the JSON output returned from your active directory endpoint using your tenantID. The endpoint can be queried from `az cloud show` at \"endpoints.activeDirectory\". ' + 'The tenantID can be found using `az account show`. Get the \"issuer\" from the JSON at //.well-known/openid-configuration.', + arg_group='Azure Active Directory') + c.argument('facebook_app_id', arg_group='Facebook', + help="Application ID to integrate Facebook Sign-in into your web app") + c.argument('facebook_app_secret', arg_group='Facebook', help='Facebook Application client secret') + c.argument('facebook_oauth_scopes', nargs='+', + help="One or more facebook authentication scopes (space-delimited).", arg_group='Facebook') + c.argument('twitter_consumer_key', arg_group='Twitter', + help='Application ID to integrate Twitter Sign-in into your web app') + c.argument('twitter_consumer_secret', arg_group='Twitter', help='Twitter Application client secret') + c.argument('google_client_id', arg_group='Google', + help='Application ID to integrate Google Sign-in into your web app') + c.argument('google_client_secret', arg_group='Google', help='Google Application client secret') + c.argument('google_oauth_scopes', nargs='+', help="One or more Google authentication scopes (space-delimited).", + arg_group='Google') + c.argument('microsoft_account_client_id', arg_group='Microsoft', + help="AAD V2 Application ID to integrate Microsoft account Sign-in into your web app") + c.argument('microsoft_account_client_secret', arg_group='Microsoft', help='AAD V2 Application client secret') + c.argument('microsoft_account_oauth_scopes', nargs='+', + help="One or more Microsoft authentification scopes (space-delimited).", arg_group='Microsoft') diff --git a/src/authV2/azext_authV2/_validators.py b/src/authV2/azext_authV2/_validators.py new file mode 100644 index 00000000000..821630f5f34 --- /dev/null +++ b/src/authV2/azext_authV2/_validators.py @@ -0,0 +1,20 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + + +def example_name_or_id_validator(cmd, namespace): + # Example of a storage account name or ID validator. + # See: https://github.com/Azure/azure-cli/blob/dev/doc/authoring_command_modules/authoring_commands.md#supporting-name-or-id-parameters + from azure.cli.core.commands.client_factory import get_subscription_id + from msrestazure.tools import is_valid_resource_id, resource_id + if namespace.storage_account: + if not is_valid_resource_id(namespace.RESOURCE): + namespace.storage_account = resource_id( + subscription=get_subscription_id(cmd.cli_ctx), + resource_group=namespace.resource_group_name, + namespace='Microsoft.Storage', + type='storageAccounts', + name=namespace.storage_account + ) diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json new file mode 100644 index 00000000000..eb4d80aad57 --- /dev/null +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -0,0 +1,5 @@ +{ + "azext.isPreview": true, + "azext.minCliCoreVersion": "2.0.67", + "azext.maxCliCoreVersion": "2.25.0" +} \ No newline at end of file diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py new file mode 100644 index 00000000000..c564031afb9 --- /dev/null +++ b/src/authV2/azext_authV2/commands.py @@ -0,0 +1,26 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +# pylint: disable=line-too-long +from azure.cli.core.commands import CliCommandType +from azext_authV2._client_factory import cf_authV2 + + +def load_command_table(self, _): + + # TODO: Add command type here + # authV2_sdk = CliCommandType( + # operations_tmpl='.operations#None.{}', + # client_factory=cf_authV2) + with self.command_group('webapp auth') as g: + g.custom_show_command('show', 'get_auth_settings_v2') + g.custom_command('set', 'set_auth_settings_v2') + g.custom_command('update', 'update_auth_settings_v2') + g.custom_command('revert', 'revert_to_auth_settings') + + with self.command_group('webapp authlegacy') as g: + g.custom_show_command('show', 'get_auth_settings') + g.custom_command('update', 'update_auth_settings') + diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py new file mode 100644 index 00000000000..40697052eb0 --- /dev/null +++ b/src/authV2/azext_authV2/custom.py @@ -0,0 +1,220 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- +from datetime import datetime +import time +import uuid +import os + +from azure.cli.core.util import sdk_no_wait +from azure.cli.core.profiles import ResourceType, get_sdk +from azure.cli.core.commands.client_factory import get_mgmt_service_client, get_data_service_client +from azure.mgmt.compute.models import ResourceIdentityType +from msrestazure.tools import parse_resource_id +from msrestazure.azure_exceptions import CloudError + +from knack.log import get_logger + +from knack.util import CLIError +import json +from azure.cli.core.util import send_raw_request +from azure.cli.core.profiles import get_sdk, supported_api_version, ResourceType +from azure.cli.command_modules.appservice._appservice_utils import _generic_site_operation + +def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): + from azure.cli.core.commands.client_factory import get_subscription_id + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "GET", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name)) + return r.json() + +def set_auth_settings_v2(cmd, resource_group_name, name, body=None, slot=None): # pylint: disable=unused-argument + if body is None: + json_object = None + else: + json_object = json.loads(body) + final_json = { + "properties": json_object + } + from azure.cli.core.commands.client_factory import get_subscription_id + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json() + +def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, enabled=None, # pylint: disable=unused-argument + runtime_version=None, config_file_path=None, unauthenticated_client_action=None, # pylint: disable=unused-argument + redirect_provider=None, enable_token_store=None, require_https=None, # pylint: disable=unused-argument + proxy_convention=None, proxy_custom_host_header=None, proxy_custom_proto_header=None, slot=None): # pylint: disable=unused-argument + from azure.cli.core.commands.client_factory import get_subscription_id + sub_id = get_subscription_id(cmd.cli_ctx) + getr = send_raw_request(cmd.cli_ctx, "GET", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name)) + existing_auth = getr.json()["properties"] + if set_string is not None: + split1 = set_string.split("=") + fieldName = split1[0] + fieldValue = split1[1] + split2 = fieldName.split(".") + split2length = len(split2) + currentObj = existing_auth + for field in split2: + if split2[split2length-1] == field: + currentObj[field] = fieldValue + else: + if field not in currentObj.keys(): + currentObj[field] = {} + currentObj = currentObj[field] + if enabled is not None: + if "platform" not in existing_auth.keys(): + existing_auth["platform"] = {} + existing_auth["platform"]["enabled"] = enabled + + if runtime_version is not None: + if "platform" not in existing_auth.keys(): + existing_auth["platform"] = {} + existing_auth["platform"]["runtimeVersion"] = runtime_version + + if config_file_path is not None: + if "platform" not in existing_auth.keys(): + existing_auth["platform"] = {} + existing_auth["platform"]["configFilePath"] = config_file_path + + if unauthenticated_client_action is not None: + if "globalValidation" not in existing_auth.keys(): + existing_auth["globalValidation"] = {} + existing_auth["globalValidation"]["unauthenticatedClientAction"] = unauthenticated_client_action + + if redirect_provider is not None: + if "globalValidation" not in existing_auth.keys(): + existing_auth["globalValidation"] = {} + existing_auth["globalValidation"]["redirectToProvider"] = redirect_provider + + if enable_token_store is not None: + if "login" not in existing_auth.keys(): + existing_auth["login"] = {} + if "tokenStore" not in existing_auth["login"].keys(): + existing_auth["login"]["tokenStore"] = {} + existing_auth["login"]["tokenStore"]["enabled"] = enable_token_store + + if require_https is not None: + if "httpSettings" not in existing_auth.keys(): + existing_auth["httpSettings"] = {} + existing_auth["httpSettings"]["requireHttps"] = require_https + + if proxy_convention is not None: + if "httpSettings" not in existing_auth.keys(): + existing_auth["httpSettings"] = {} + if "forwardProxy" not in existing_auth["httpSettings"].keys(): + existing_auth["httpSettings"]["forwardProxy"] = {} + existing_auth["httpSettings"]["forwardProxy"]["convention"] = proxy_convention + + if proxy_custom_host_header is not None: + if "httpSettings" not in existing_auth.keys(): + existing_auth["httpSettings"] = {} + if "forwardProxy" not in existing_auth["httpSettings"].keys(): + existing_auth["httpSettings"]["forwardProxy"] = {} + existing_auth["httpSettings"]["forwardProxy"]["customHostHeaderName"] = proxy_custom_host_header + + if proxy_custom_proto_header is not None: + if "httpSettings" not in existing_auth.keys(): + existing_auth["httpSettings"] = {} + if "forwardProxy" not in existing_auth["httpSettings"].keys(): + existing_auth["httpSettings"]["forwardProxy"] = {} + existing_auth["httpSettings"]["forwardProxy"]["customProtoHeaderName"] = proxy_custom_proto_header + + json_object = existing_auth + final_json = { + "properties": json_object + } + + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json() + +def is_auth_v2_app(cmd, resource_group_name, name, slot=None): + from azure.cli.core.commands.client_factory import get_subscription_id + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "POST", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name)) + return r.json()["properties"]["configVersion"] == "v2" + +def get_auth_settings(cmd, resource_group_name, name, slot=None): + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get_auth_settings', slot) + +def is_auth_runtime_version_valid(runtime_version=None): + if runtime_version is None: + return True + if runtime_version.startswith("~") and len(runtime_version) > 1: + try: + int(runtime_version[1:]) + except ValueError: + return False + return True + split_versions = runtime_version.split('.') + if len(split_versions) != 3: + return False + for version in split_versions: + try: + int(version) + except ValueError: + return False + return True + +def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + + set_auth_settings_v2(cmd, resource_group_name, name, None, slot) + + update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, site_auth_settings.runtime_version, + site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, site_auth_settings.client_secret, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, site_auth_settings.facebook_app_id, + site_auth_settings.facebook_app_secret, site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, site_auth_settings.twitter_consumer_secret, + site_auth_settings.google_client_id, site_auth_settings.google_client_secret, + site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, + site_auth_settings.microsoft_account_client_secret, + site_auth_settings.microsoft_account_o_auth_scopes, slot) + +def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument + client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument + token_refresh_extension_hours=None, # pylint: disable=unused-argument + allowed_external_redirect_urls=None, client_secret=None, # pylint: disable=unused-argument + client_secret_certificate_thumbprint=None, # pylint: disable=unused-argument + allowed_audiences=None, issuer=None, facebook_app_id=None, # pylint: disable=unused-argument + facebook_app_secret=None, facebook_oauth_scopes=None, # pylint: disable=unused-argument + twitter_consumer_key=None, twitter_consumer_secret=None, # pylint: disable=unused-argument + google_client_id=None, google_client_secret=None, # pylint: disable=unused-argument + google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument + microsoft_account_client_secret=None, # pylint: disable=unused-argument + microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument + github_client_id=None, github_client_secret=None, # pylint: disable=unused-argument + client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument + google_client_secret_setting_name=None, microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument + twitter_consume_secret_setting_name=None, github_client_secret_setting_name=None): # pylint: disable=unused-argument + if is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp authlegacy update when the app is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') + + auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + from azure.cli.core.profiles import ResourceType + UnauthenticatedClientAction = cmd.get_models('UnauthenticatedClientAction', resource_type=ResourceType.MGMT_RESOURCE_RESOURCES) + if action == 'AllowAnonymous': + auth_settings.unauthenticated_client_action = UnauthenticatedClientAction.allow_anonymous + elif action: + auth_settings.unauthenticated_client_action = UnauthenticatedClientAction.redirect_to_login_page + auth_settings.default_provider = AUTH_TYPES[action] + # validate runtime version + if not is_auth_runtime_version_valid(runtime_version): + raise CLIError('Usage Error: --runtime-version set to invalid value') + + import inspect + frame = inspect.currentframe() + bool_flags = ['enabled', 'token_store_enabled'] + # note: getargvalues is used already in azure.cli.core.commands. + # and no simple functional replacement for this deprecating method for 3.5 + args, _, _, values = inspect.getargvalues(frame) # pylint: disable=deprecated-method + + for arg in args[2:]: + if values.get(arg, None): + setattr(auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') + + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/__init__.py b/src/authV2/azext_authV2/tests/__init__.py new file mode 100644 index 00000000000..2dcf9bb68b3 --- /dev/null +++ b/src/authV2/azext_authV2/tests/__init__.py @@ -0,0 +1,5 @@ +# ----------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# ----------------------------------------------------------------------------- \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/__init__.py b/src/authV2/azext_authV2/tests/latest/__init__.py new file mode 100644 index 00000000000..2dcf9bb68b3 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/__init__.py @@ -0,0 +1,5 @@ +# ----------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# ----------------------------------------------------------------------------- \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py new file mode 100644 index 00000000000..65bbca8741b --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py @@ -0,0 +1,40 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +import os +import unittest + +from azure_devtools.scenario_tests import AllowLargeResponse +from azure.cli.testsdk import (ScenarioTest, ResourceGroupPreparer) + + +TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) + + +class Authv2ScenarioTest(ScenarioTest): + + @ResourceGroupPreparer(name_prefix='cli_test_authV2') + def test_authV2(self, resource_group): + + self.kwargs.update({ + 'name': 'test1' + }) + + self.cmd('authV2 create -g {rg} -n {name} --tags foo=doo', checks=[ + self.check('tags.foo', 'doo'), + self.check('name', '{name}') + ]) + self.cmd('authV2 update -g {rg} -n {name} --tags foo=boo', checks=[ + self.check('tags.foo', 'boo') + ]) + count = len(self.cmd('authV2 list').get_output_in_json()) + self.cmd('authV2 show - {rg} -n {name}', checks=[ + self.check('name', '{name}'), + self.check('resourceGroup', '{rg}'), + self.check('tags.foo', 'boo') + ]) + self.cmd('authV2 delete -g {rg} -n {name}') + final_count = len(self.cmd('authV2 list').get_output_in_json()) + self.assertTrue(final_count, count - 1) \ No newline at end of file diff --git a/src/authV2/setup.cfg b/src/authV2/setup.cfg new file mode 100644 index 00000000000..e69de29bb2d diff --git a/src/authV2/setup.py b/src/authV2/setup.py new file mode 100644 index 00000000000..2fa52672585 --- /dev/null +++ b/src/authV2/setup.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + + +from codecs import open +from setuptools import setup, find_packages +try: + from azure_bdist_wheel import cmdclass +except ImportError: + from distutils import log as logger + logger.warn("Wheel is not available, disabling bdist_wheel hook") + +# TODO: Confirm this is the right version number you want and it matches your +# HISTORY.rst entry. +VERSION = '0.1.0' + +# The full list of classifiers is available at +# https://pypi.python.org/pypi?%3Aaction=list_classifiers +CLASSIFIERS = [ + 'Development Status :: 4 - Beta', + 'Intended Audience :: Developers', + 'Intended Audience :: System Administrators', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', + 'License :: OSI Approved :: MIT License', +] + +# TODO: Add any additional SDK dependencies here +DEPENDENCIES = [] + +with open('README.rst', 'r', encoding='utf-8') as f: + README = f.read() +with open('HISTORY.rst', 'r', encoding='utf-8') as f: + HISTORY = f.read() + +setup( + name='authV2', + version=VERSION, + description='Microsoft Azure Command-Line Tools Authv2 Extension', + # TODO: Update author and email, if applicable + author='Microsoft Corporation', + author_email='azpycli@microsoft.com', + # TODO: change to your extension source code repo if the code will not be put in azure-cli-extensions repo + url='https://github.com/Azure/azure-cli-extensions/tree/master/src/authV2', + long_description=README + '\n\n' + HISTORY, + license='MIT', + classifiers=CLASSIFIERS, + packages=find_packages(), + install_requires=DEPENDENCIES, + package_data={'azext_authV2': ['azext_metadata.json']}, +) \ No newline at end of file From 8c243d2b10a022353b71220e17bbfbef2a06f8d0 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Fri, 11 Jun 2021 12:35:41 -0700 Subject: [PATCH 02/30] upgrade mostly works now too --- src/authV2/azext_authV2/_params.py | 8 +++ src/authV2/azext_authV2/commands.py | 1 + src/authV2/azext_authV2/custom.py | 89 +++++++++++++++++++++++++---- 3 files changed, 88 insertions(+), 10 deletions(-) diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index e18f8c111bc..8746d583598 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -65,18 +65,26 @@ def load_arguments(self, _): c.argument('facebook_app_id', arg_group='Facebook', help="Application ID to integrate Facebook Sign-in into your web app") c.argument('facebook_app_secret', arg_group='Facebook', help='Facebook Application client secret') + c.argument('facebook_app_secret_setting_name', arg_group='Facebook', help='The app setting name that contains the app secret used for Facebook Login.') c.argument('facebook_oauth_scopes', nargs='+', help="One or more facebook authentication scopes (space-delimited).", arg_group='Facebook') c.argument('twitter_consumer_key', arg_group='Twitter', help='Application ID to integrate Twitter Sign-in into your web app') c.argument('twitter_consumer_secret', arg_group='Twitter', help='Twitter Application client secret') + c.argument('twitter_consumer_secret_setting_name', arg_group='Twitter', help='The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.') c.argument('google_client_id', arg_group='Google', help='Application ID to integrate Google Sign-in into your web app') c.argument('google_client_secret', arg_group='Google', help='Google Application client secret') + c.argument('google_client_secret_setting_name', arg_group='Google', help='The app setting name that contains the client secret associated with the Google web application.') c.argument('google_oauth_scopes', nargs='+', help="One or more Google authentication scopes (space-delimited).", arg_group='Google') c.argument('microsoft_account_client_id', arg_group='Microsoft', help="AAD V2 Application ID to integrate Microsoft account Sign-in into your web app") c.argument('microsoft_account_client_secret', arg_group='Microsoft', help='AAD V2 Application client secret') + c.argument('microsoft_account_client_secret_setting_name', arg_group='Microsoft', help='The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.') c.argument('microsoft_account_oauth_scopes', nargs='+', help="One or more Microsoft authentification scopes (space-delimited).", arg_group='Microsoft') + c.argument('git_hub_client_id', arg_group='GitHub', help="The Client Id of the GitHub app used for login.") + c.argument('git_hub_client_secret', arg_group='GitHub', help="The Client Secret of the GitHub app used for login.") + c.argument('git_hub_client_secret_setting_name', arg_group='GitHub', help="The app setting name that contains the client secret of the Github app used for GitHub Login.") + c.argument('git_hub_o_auth_scopes', arg_group='GitHub', help="The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication.") diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index c564031afb9..daaeef82daf 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -19,6 +19,7 @@ def load_command_table(self, _): g.custom_command('set', 'set_auth_settings_v2') g.custom_command('update', 'update_auth_settings_v2') g.custom_command('revert', 'revert_to_auth_settings') + g.custom_command('upgrade', 'upgrade_to_auth_settings_v2') with self.command_group('webapp authlegacy') as g: g.custom_show_command('show', 'get_auth_settings') diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 40697052eb0..7e5106ebcfe 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -21,9 +21,10 @@ from azure.cli.core.util import send_raw_request from azure.cli.core.profiles import get_sdk, supported_api_version, ResourceType from azure.cli.command_modules.appservice._appservice_utils import _generic_site_operation +from azure.cli.command_modules.appservice.custom import update_app_settings +from azure.cli.core.commands.client_factory import get_subscription_id def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): - from azure.cli.core.commands.client_factory import get_subscription_id sub_id = get_subscription_id(cmd.cli_ctx) r = send_raw_request(cmd.cli_ctx, "GET", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name)) return r.json() @@ -36,19 +37,15 @@ def set_auth_settings_v2(cmd, resource_group_name, name, body=None, slot=None): final_json = { "properties": json_object } - from azure.cli.core.commands.client_factory import get_subscription_id sub_id = get_subscription_id(cmd.cli_ctx) r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json() + return r.json() def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, enabled=None, # pylint: disable=unused-argument runtime_version=None, config_file_path=None, unauthenticated_client_action=None, # pylint: disable=unused-argument redirect_provider=None, enable_token_store=None, require_https=None, # pylint: disable=unused-argument proxy_convention=None, proxy_custom_host_header=None, proxy_custom_proto_header=None, slot=None): # pylint: disable=unused-argument - from azure.cli.core.commands.client_factory import get_subscription_id - sub_id = get_subscription_id(cmd.cli_ctx) - getr = send_raw_request(cmd.cli_ctx, "GET", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name)) - existing_auth = getr.json()["properties"] + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if set_string is not None: split1 = set_string.split("=") fieldName = split1[0] @@ -157,7 +154,65 @@ def is_auth_runtime_version_valid(runtime_version=None): return False return True +def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + settings = [] + if site_auth_settings.client_secret is not None: + settings.append('MICROSOFT_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.client_secret) + site_auth_settings.client_secret_setting_name = 'MICROSOFT_PROVIDER_AUTHENTICATION_SECRET' + if site_auth_settings.facebook_app_secret is not None: + settings.append('FACEBOOK_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.facebook_app_secret) + site_auth_settings.facebook_app_secret_setting_name = 'FACEBOOK_PROVIDER_AUTHENTICATION_SECRET' + if site_auth_settings.git_hub_client_secret is not None: + settings.append('GITHUB_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.git_hub_client_secret) + site_auth_settings.git_hub_client_secret_setting_name = 'GITHUB_PROVIDER_AUTHENTICATION_SECRET' + if site_auth_settings.google_client_secret is not None: + settings.append('GOOGLE_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.google_client_secret) + site_auth_settings.google_client_secret_setting_name = 'GOOGLE_PROVIDER_AUTHENTICATION_SECRET' + if site_auth_settings.microsoft_account_client_secret is not None: + settings.append('MSA_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.microsoft_account_client_secret) + site_auth_settings.microsoft_account_client_secret_setting_name = 'MSA_PROVIDER_AUTHENTICATION_SECRET' + if site_auth_settings.twitter_consumer_secret is not None: + settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.twitter_consumer_secret) + site_auth_settings.twitter_consumer_secret_setting_name = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' + if len(settings) > 0: + update_app_settings(cmd, resource_group_name, name, settings, slot) + print("hiiiiiii") + remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot) + print("byeeeeee") + update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, site_auth_settings.runtime_version, + site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, None, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, site_auth_settings.facebook_app_id, + None, site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, None, + site_auth_settings.google_client_id, None, + site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, + None, + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, None, site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, site_auth_settings.git_hub_client_secret_setting_name) + +def upgrade_to_auth_settings_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + if is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp auth upgrade when the app is using auth v2.') + prep_auth_settings_for_v2(cmd, resource_group_name, name, slot) + site_auth_settings_v2 = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + final_json = { + "properties": site_auth_settings_v2 + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json() + def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + if not is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp auth revert when the app is using auth v1.') + site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) set_auth_settings_v2(cmd, resource_group_name, name, None, slot) @@ -173,7 +228,21 @@ def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylin site_auth_settings.google_client_id, site_auth_settings.google_client_secret, site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, site_auth_settings.microsoft_account_client_secret, - site_auth_settings.microsoft_account_o_auth_scopes, slot) + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, site_auth_settings.git_hub_client_secret_setting_name) + +def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + auth_settings.client_secret = "" + auth_settings.facebook_app_secret = "" + auth_settings.git_hub_client_secret = "" + auth_settings.google_client_secret = "" + auth_settings.microsoft_account_client_secret = "" + auth_settings.twitter_consumer_secret_setting_name = "" + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument @@ -187,10 +256,10 @@ def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=No google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument microsoft_account_client_secret=None, # pylint: disable=unused-argument microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument - github_client_id=None, github_client_secret=None, # pylint: disable=unused-argument + git_hub_client_id=None, git_hub_client_secret=None, git_hub_o_auth_scopes=None, # pylint: disable=unused-argument client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument google_client_secret_setting_name=None, microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument - twitter_consume_secret_setting_name=None, github_client_secret_setting_name=None): # pylint: disable=unused-argument + twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): raise CLIError('Usage Error: Cannot use command az webapp authlegacy update when the app is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') From 81acd92447d7b75444f424bf8784d276da9d3a50 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Fri, 11 Jun 2021 16:43:47 -0700 Subject: [PATCH 03/30] finished all the built in providers --- src/authV2/azext_authV2/_params.py | 34 +++- src/authV2/azext_authV2/commands.py | 29 +++- src/authV2/azext_authV2/custom.py | 235 +++++++++++++++++++++++++++- 3 files changed, 292 insertions(+), 6 deletions(-) diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index 8746d583598..08fa56f2a87 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -39,7 +39,39 @@ def load_arguments(self, _): c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header']) c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header']) - with self.argument_context('webapp authlegacy update') as c: + with self.argument_context('webapp auth microsoft update') as c: + c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('issuer', options_list=['--issuer']) + c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) + + with self.argument_context('webapp auth facebook update') as c: + c.argument('app_id', options_list=['--app-id']) + c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name']) + c.argument('graph_api_version', options_list=['--graph-api-version']) + c.argument('scopes', options_list=['--scopes']) + + with self.argument_context('webapp auth github update') as c: + c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('scopes', options_list=['--scopes']) + + with self.argument_context('webapp auth google update') as c: + c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('scopes', options_list=['--scopes']) + c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) + + with self.argument_context('webapp auth twitter update') as c: + c.argument('consumer_key', options_list=['--consumer-key']) + c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name']) + + with self.argument_context('webapp auth apple update') as c: + c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('scopes', options_list=['--scopes']) + + with self.argument_context('webapp auth-classic update') as c: c.argument('enabled', arg_type=get_three_state_flag(return_label=True)) c.argument('token_store_enabled', options_list=['--token-store'], arg_type=get_three_state_flag(return_label=True), help='use App Service Token Store') diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index daaeef82daf..d5664deaf53 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -18,10 +18,37 @@ def load_command_table(self, _): g.custom_show_command('show', 'get_auth_settings_v2') g.custom_command('set', 'set_auth_settings_v2') g.custom_command('update', 'update_auth_settings_v2') + + with self.command_group('webapp auth config-version') as g: + g.custom_show_command('show', 'get_config_version') g.custom_command('revert', 'revert_to_auth_settings') g.custom_command('upgrade', 'upgrade_to_auth_settings_v2') + + with self.command_group('webapp auth microsoft') as g: + g.custom_show_command('show', 'get_aad_settings') + g.custom_command('update', 'update_aad_settings') - with self.command_group('webapp authlegacy') as g: + with self.command_group('webapp auth facebook') as g: + g.custom_show_command('show', 'get_facebook_settings') + g.custom_command('update', 'update_facebook_settings') + + with self.command_group('webapp auth github') as g: + g.custom_show_command('show', 'get_github_settings') + g.custom_command('update', 'update_github_settings') + + with self.command_group('webapp auth google') as g: + g.custom_show_command('show', 'get_google_settings') + g.custom_command('update', 'update_google_settings') + + with self.command_group('webapp auth twitter') as g: + g.custom_show_command('show', 'get_twitter_settings') + g.custom_command('update', 'update_twitter_settings') + + with self.command_group('webapp auth apple') as g: + g.custom_show_command('show', 'get_apple_settings') + g.custom_command('update', 'update_apple_settings') + + with self.command_group('webapp auth-classic') as g: g.custom_show_command('show', 'get_auth_settings') g.custom_command('update', 'update_auth_settings') diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 7e5106ebcfe..d43af2e2ae1 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -177,9 +177,7 @@ def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pyli site_auth_settings.twitter_consumer_secret_setting_name = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' if len(settings) > 0: update_app_settings(cmd, resource_group_name, name, settings, slot) - print("hiiiiiii") remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot) - print("byeeeeee") update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, site_auth_settings.client_id, site_auth_settings.token_store_enabled, site_auth_settings.runtime_version, site_auth_settings.token_refresh_extension_hours, @@ -209,6 +207,15 @@ def upgrade_to_auth_settings_v2(cmd, resource_group_name, name, slot=None): # p r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) return r.json() +def get_config_version(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + isV2 = is_auth_v2_app(cmd, resource_group_name, name, slot) + config_version = "v1" + if isV2: + config_version = "v2" + return { + "configVersion": config_version + } + def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument if not is_auth_v2_app(cmd, resource_group_name, name, slot): raise CLIError('Usage Error: Cannot use command az webapp auth revert when the app is using auth v1.') @@ -261,7 +268,7 @@ def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=No google_client_secret_setting_name=None, microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): - raise CLIError('Usage Error: Cannot use command az webapp authlegacy update when the app is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') + raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) from azure.cli.core.profiles import ResourceType @@ -286,4 +293,224 @@ def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=No if values.get(arg, None): setattr(auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') - return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) \ No newline at end of file + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) + +def get_aad_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "azureActiveDirectory" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["azureActiveDirectory"] + +def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + issuer=None, allowed_token_audiences=None): # pylint: disable=unused-argument + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "azureActiveDirectory" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["azureActiveDirectory"] = {} + if client_id is not None or client_secret_setting_name is not None or issuer is not None: + if "registration" not in existing_auth["identityProviders"]["azureActiveDirectory"].keys(): + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"] = {} + if allowed_token_audiences is not None: + if "validation" not in existing_auth["identityProviders"]["azureActiveDirectory"].keys(): + existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] = {} + + if client_id is not None: + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientId"] = client_id + if client_secret_setting_name is not None: + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if issuer is not None: + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["openIdIssuer"] = issuer + if allowed_token_audiences is not None: + existing_auth["identityProviders"]["azureActiveDirectory"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") + final_json = { + "properties": existing_auth + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["azureActiveDirectory"] + +def get_facebook_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "facebook" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["facebook"] + +def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + app_id=None, app_secret_setting_name=None, # pylint: disable=unused-argument + graph_api_version=None, scopes=None): # pylint: disable=unused-argument + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "facebook" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["facebook"] = {} + if app_id is not None or app_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["facebook"].keys(): + existing_auth["identityProviders"]["facebook"]["registration"] = {} + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["facebook"].keys(): + existing_auth["identityProviders"]["facebook"]["login"] = {} + + if app_id is not None: + existing_auth["identityProviders"]["facebook"]["registration"]["appId"] = app_id + if app_secret_setting_name is not None: + existing_auth["identityProviders"]["facebook"]["registration"]["appSecretSettingName"] = app_secret_setting_name + if graph_api_version is not None: + existing_auth["identityProviders"]["facebook"]["graphApiVersion"] = graph_api_version + if scopes is not None: + existing_auth["identityProviders"]["facebook"]["login"]["scopes"] = scopes.split(",") + final_json = { + "properties": existing_auth + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["facebook"] + +def get_github_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "gitHub" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["gitHub"] + +def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None): # pylint: disable=unused-argument + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "gitHub" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["gitHub"] = {} + if client_id is not None or client_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["gitHub"].keys(): + existing_auth["identityProviders"]["gitHub"]["registration"] = {} + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["gitHub"].keys(): + existing_auth["identityProviders"]["gitHub"]["login"] = {} + + if client_id is not None: + existing_auth["identityProviders"]["gitHub"]["registration"]["clientId"] = client_id + if client_secret_setting_name is not None: + existing_auth["identityProviders"]["gitHub"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if scopes is not None: + existing_auth["identityProviders"]["gitHub"]["login"]["scopes"] = scopes.split(",") + final_json = { + "properties": existing_auth + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["gitHub"] + +def get_google_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "google" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["google"] + +def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None, allowed_token_audiences=None): # pylint: disable=unused-argument + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "google" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["google"] = {} + if client_id is not None or client_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["google"].keys(): + existing_auth["identityProviders"]["google"]["registration"] = {} + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["google"].keys(): + existing_auth["identityProviders"]["google"]["login"] = {} + if allowed_token_audiences is not None: + if "validation" not in existing_auth["identityProviders"]["google"].keys(): + existing_auth["identityProviders"]["google"]["validation"] = {} + + if client_id is not None: + existing_auth["identityProviders"]["google"]["registration"]["clientId"] = client_id + if client_secret_setting_name is not None: + existing_auth["identityProviders"]["google"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if scopes is not None: + existing_auth["identityProviders"]["google"]["login"]["scopes"] = scopes.split(",") + if allowed_token_audiences is not None: + existing_auth["identityProviders"]["google"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") + final_json = { + "properties": existing_auth + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["google"] + +def get_twitter_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "twitter" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["twitter"] + +def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + consumer_key=None, consumer_secret_setting_name=None): # pylint: disable=unused-argument + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "twitter" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["twitter"] = {} + if consumer_key is not None or consumer_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["twitter"].keys(): + existing_auth["identityProviders"]["twitter"]["registration"] = {} + + if consumer_key is not None: + existing_auth["identityProviders"]["twitter"]["registration"]["consumerKey"] = client_id + if consumer_secret_setting_name is not None: + existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = client_secret_setting_name + final_json = { + "properties": existing_auth + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["twitter"] + +def get_apple_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "apple" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["apple"] + +def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None): # pylint: disable=unused-argument + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "apple" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["apple"] = {} + if client_id is not None or client_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["apple"].keys(): + existing_auth["identityProviders"]["apple"]["registration"] = {} + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["apple"].keys(): + existing_auth["identityProviders"]["apple"]["login"] = {} + + if client_id is not None: + existing_auth["identityProviders"]["apple"]["registration"]["clientId"] = client_id + if client_secret_setting_name is not None: + existing_auth["identityProviders"]["apple"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if scopes is not None: + existing_auth["identityProviders"]["apple"]["login"]["scopes"] = scopes.split(",") + final_json = { + "properties": existing_auth + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["apple"] + From 24bd0bb5fa58e9fea0601c5fe84bd2e11f214e46 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Fri, 11 Jun 2021 17:55:44 -0700 Subject: [PATCH 04/30] oidc done --- src/authV2/azext_authV2/_params.py | 20 ++++++ src/authV2/azext_authV2/commands.py | 6 ++ src/authV2/azext_authV2/custom.py | 101 ++++++++++++++++++++++++++++ 3 files changed, 127 insertions(+) diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index 08fa56f2a87..f464d9ba144 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -70,6 +70,26 @@ def load_arguments(self, _): c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('scopes', options_list=['--scopes']) + + with self.argument_context('webapp auth oidc show') as c: + c.argument('provider_name', options_list=['--provider-name']) + + with self.argument_context('webapp auth oidc add') as c: + c.argument('provider_name', options_list=['--provider-name']) + c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('openid_configuration', options_list=['--openid-configuration']) + c.argument('scopes', options_list=['--scopes']) + + with self.argument_context('webapp auth oidc update') as c: + c.argument('provider_name', options_list=['--provider-name']) + c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('openid_configuration', options_list=['--openid-configuration']) + c.argument('scopes', options_list=['--scopes']) + + with self.argument_context('webapp auth oidc remove') as c: + c.argument('provider_name', options_list=['--provider-name']) with self.argument_context('webapp auth-classic update') as c: c.argument('enabled', arg_type=get_three_state_flag(return_label=True)) diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index d5664deaf53..175641e9af8 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -48,6 +48,12 @@ def load_command_table(self, _): g.custom_show_command('show', 'get_apple_settings') g.custom_command('update', 'update_apple_settings') + with self.command_group('webapp auth oidc') as g: + g.custom_show_command('show', 'get_oidc_provider_settings') + g.custom_command('add', 'add_oidc_provider_settings') + g.custom_command('update', 'update_oidc_provider_settings') + g.custom_command('remove', 'remove_oidc_provider_settings') + with self.command_group('webapp auth-classic') as g: g.custom_show_command('show', 'get_auth_settings') g.custom_command('update', 'update_auth_settings') diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index d43af2e2ae1..aeeb9af767d 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -514,3 +514,104 @@ def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) return r.json()["properties"]["identityProviders"]["apple"] +def get_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + return auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] + +def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + auth_settings["identityProviders"] = {} + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + auth_settings["identityProviders"]["customOpenIdConnectProviders"] = {} + if provider_name in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has already been configured: ' + provider_name + '. Please use az webapp auth oidc update to update the provider.') + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] = { + "registration": { + "clientId": client_id, + "clientCredential": { + "clientSecretSettingName": client_secret_setting_name + }, + "openIdConnectConfiguration": { + "wellKnownOpenIdConfiguration": openid_configuration + } + } + } + if scopes is not None: + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = {} + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(',') + + final_json = { + "properties": auth_settings + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["customOpenIdConnectProviders"][provider_name] + +def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + + if client_id is not None or client_secret_setting_name is not None or openid_configuration is not None: + if "registration" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name].keys(): + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"] = {} + + if client_secret_setting_name is not None: + if "clientCredential" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"].keys(): + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientCredential"] = {} + + if openid_configuration is not None: + if "openIdConnectConfiguration" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"].keys(): + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["openIdConnectConfiguration"] = {} + + if scopes is not None: + if "login" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name].keys(): + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = {} + + if client_id is not None: + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientId"] = client_id + if client_secret_setting_name is not None: + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientCredential"]["clientSecretSettingName"] = client_secret_setting_name + if openid_configuration is not None: + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["openIdConnectConfiguration"]["wellKnownOpenIdConfiguration"] = openid_configuration + if scopes is not None: + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(",") + final_json = { + "properties": auth_settings + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return r.json()["properties"]["identityProviders"]["customOpenIdConnectProviders"][provider_name] + +def remove_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + auth_settings["identityProviders"]["customOpenIdConnectProviders"].pop(provider_name, None) + final_json = { + "properties": auth_settings + } + sub_id = get_subscription_id(cmd.cli_ctx) + r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + return {} + + From f1c66d2cd7bd4d2721313742cf243ec6bb99d689 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 14 Jun 2021 22:29:42 -0700 Subject: [PATCH 05/30] more work --- src/authV2/azext_authV2/_help.py | 117 +++++++++++++++++++++++------ src/authV2/azext_authV2/_params.py | 13 ++-- 2 files changed, 104 insertions(+), 26 deletions(-) diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py index e5363847d71..e0eb72f65cb 100644 --- a/src/authV2/azext_authV2/_help.py +++ b/src/authV2/azext_authV2/_help.py @@ -6,33 +6,108 @@ from knack.help_files import helps # pylint: disable=unused-import +helps['webapp auth'] = """ +type: group +short-summary: Manage webapp authentication and authorization in the v2 format. +""" -helps['authV2'] = """ - type: group - short-summary: Commands to manage Authv2s. +helps['webapp auth show'] = """ +type: command +short-summary: Show the authentication settings for the webapp in the v2 format. +examples: + - name: Show the authentication settings for the webapp. (autogenerated) + text: az webapp auth show --name MyWebApp --resource-group MyResourceGroup + crafted: true """ -helps['authV2 create'] = """ - type: command - short-summary: Create a Authv2. +helps['webapp auth update'] = """ +type: command +short-summary: Update the authentication settings for the webapp in the v2 format. +examples: + - name: Update the client ID of the AAD provider already configured + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --set identityProviders.azureActiveDirectory.registration.clientId=ecbacb08-df8b-450d-82b3-3fced03f2b27 + - name: Enable authentication on the app + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --enabled true + - name: Pin the runtime version of the app to 1.4.7 + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --runtime-version 1.4.7 + - name: Configure the app with file based authentication by setting the config file path + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --config-file-path auth.json + - name: Configure the app to redirect to AzureActiveDirectory's login page for unauthenticated requests + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --unauthenticated-client-action RedirectToLoginPage --redirect-provider AzureActiveDirectory + - name: Configure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --proxy-convention Standard """ -helps['authV2 list'] = """ - type: command - short-summary: List Authv2s. +helps['webapp auth set'] = """ +type: command +short-summary: Sets the authentication settings for the webapp in the v2 format. +examples: + - name: Set the json saved in file auth.json as the auth settings for the web app. + text: > + az webapp auth set -g myResourceGroup -n myUniqueApp --body @auth.json """ -# helps['authV2 delete'] = """ -# type: command -# short-summary: Delete a Authv2. -# """ +helps['webapp auth config-version show'] = """ +type: command +short-summary: Show the configuration version of the authentication settings for the webapp. +examples: + - name: Show the configuration version of the authentication settings for the webapp (autogenerated) + text: > + az webapp auth config-version show --name MyWebApp --resource-group MyResourceGroup +""" -# helps['authV2 show'] = """ -# type: command -# short-summary: Show details of a Authv2. -# """ +helps['webapp auth config-version revert'] = """ +type: command +short-summary: Reverts the configuration version of the authentication settings for the webapp from v2 to v1 (classic). +examples: + - name: Revert the configuration version of the authentication settings for the webapp from v2 to v1 (classic) (autogenerated) + text: > + az webapp auth config-version revert --name MyWebApp --resource-group MyResourceGroup +""" + +helps['webapp auth config-version upgrade'] = """ +type: command +short-summary: Upgrades the configuration version of the authentication settings for the webapp from v1 (classic) to v2. +examples: + - name: Upgrades the configuration version of the authentication settings for the webapp from v1 (classic) to v2 (autogenerated) + text: > + az webapp auth config-version upgrade --name MyWebApp --resource-group MyResourceGroup +""" + +helps['webapp auth-classic'] = """ +type: group +short-summary: Manage webapp authentication and authorization in the classic format. +""" + +helps['webapp auth-classic show'] = """ +type: command +short-summary: Show the authentification settings for the webapp in the classic format. +examples: + - name: Show the authentification settings for the webapp. (autogenerated) + text: az webapp auth show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" -# helps['authV2 update'] = """ -# type: command -# short-summary: Update a Authv2. -# """ +helps['webapp auth-classic update'] = """ +type: command +short-summary: Update the authentication settings for the webapp in the classic format. +examples: + - name: Enable AAD by enabling authentication and setting AAD-associated parameters. Default provider is set to AAD. Must have created a AAD service principal beforehand. + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --enabled true \\ + --action LoginWithAzureActiveDirectory \\ + --aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \\ + --aad-client-id ecbacb08-df8b-450d-82b3-3fced03f2b27 --aad-client-secret very_secret_password \\ + --aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/ + - name: Allow Facebook authentication by setting FB-associated parameters and turning on public-profile and email scopes; allow anonymous users + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --action AllowAnonymous \\ + --facebook-app-id my_fb_id --facebook-app-secret my_fb_secret \\ + --facebook-oauth-scopes public_profile email +""" \ No newline at end of file diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index f464d9ba144..babd7292207 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -8,6 +8,9 @@ from azure.cli.core.commands.parameters import (get_three_state_flag, get_enum_type) from azure.mgmt.web.models import BuiltInAuthenticationProvider +UNAUTHENTICATED_CLIENT_ACTION = ['RedirectToLoginPage', 'AllowAnonymous', 'RejectWith401', 'RejectWith404'] +FORWARD_PROXY_CONVENTION = ['NoProxy', 'Standard', 'Custom'] + AUTH_TYPES = { 'AllowAnonymous': 'na', 'LoginWithAzureActiveDirectory': BuiltInAuthenticationProvider.azure_active_directory, @@ -28,14 +31,14 @@ def load_arguments(self, _): with self.argument_context('webapp auth update') as c: c.argument('set_string', options_list=['--set']) - c.argument('enabled', options_list=['--enabled']) + c.argument('enabled', options_list=['--enabled'], arg_type=get_three_state_flag(return_label=True)) c.argument('runtime_version', options_list=['--runtime-version']) c.argument('config_file_path', options_list=['--config-file-path']) - c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action']) + c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action'], arg_type=get_enum_type(UNAUTHENTICATED_CLIENT_ACTION)) c.argument('redirect_provider', options_list=['--redirect-provider']) - c.argument('enable_token_store', options_list=['--enable-token-store']) - c.argument('require_https', options_list=['--require-https']) - c.argument('proxy_convention', options_list=['--proxy-convention']) + c.argument('enable_token_store', options_list=['--enable-token-store'], arg_type=get_three_state_flag(return_label=True)) + c.argument('require_https', options_list=['--require-https'], arg_type=get_three_state_flag(return_label=True)) + c.argument('proxy_convention', options_list=['--proxy-convention'], arg_type=get_enum_type(FORWARD_PROXY_CONVENTION)) c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header']) c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header']) From 68c5c3981e524d3d0562e80bb263e2902214c97a Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 14 Jun 2021 22:53:45 -0700 Subject: [PATCH 06/30] secret prompts added --- src/authV2/azext_authV2/_params.py | 2 + src/authV2/azext_authV2/custom.py | 93 +++++++++++++++++++++++++++--- 2 files changed, 88 insertions(+), 7 deletions(-) diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index babd7292207..c7d48fc5636 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -57,7 +57,9 @@ def load_arguments(self, _): with self.argument_context('webapp auth github update') as c: c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('client_secret', options_list=['--client-secret']) c.argument('scopes', options_list=['--scopes']) + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('webapp auth google update') as c: c.argument('client_id', options_list=['--client-id']) diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index aeeb9af767d..783ed8ac35e 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -15,7 +15,7 @@ from msrestazure.azure_exceptions import CloudError from knack.log import get_logger - +from knack.prompting import c from knack.util import CLIError import json from azure.cli.core.util import send_raw_request @@ -305,7 +305,15 @@ def get_aad_settings(cmd, resource_group_name, name, slot=None): def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - issuer=None, allowed_token_audiences=None): # pylint: disable=unused-argument + issuer=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + return + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} @@ -322,6 +330,11 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientSecretSettingName"] = 'MICROSOFT_PROVIDER_AUTHENTICATION_SECRET' + settings = [] + settings.append('MICROSOFT_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) if issuer is not None: existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["openIdIssuer"] = issuer if allowed_token_audiences is not None: @@ -343,7 +356,15 @@ def get_facebook_settings(cmd, resource_group_name, name, slot=None): def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument app_id=None, app_secret_setting_name=None, # pylint: disable=unused-argument - graph_api_version=None, scopes=None): # pylint: disable=unused-argument + graph_api_version=None, scopes=None, app_secret=None, yes=False): # pylint: disable=unused-argument + if app_secret is not None and app_secret_setting_name is not None: + raise CLIError('Usage Error: --app-secret and --app-secret-setting-name cannot both be configured to non empty strings') + + if app_secret is not None and not yes: + msg = 'Configuring --app-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + return + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} @@ -360,6 +381,11 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin existing_auth["identityProviders"]["facebook"]["registration"]["appId"] = app_id if app_secret_setting_name is not None: existing_auth["identityProviders"]["facebook"]["registration"]["appSecretSettingName"] = app_secret_setting_name + if app_secret is not None: + existing_auth["identityProviders"]["facebook"]["registration"]["appSecretSettingName"] = 'FACEBOOK_PROVIDER_AUTHENTICATION_SECRET' + settings = [] + settings.append('FACEBOOK_PROVIDER_AUTHENTICATION_SECRET=' + app_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) if graph_api_version is not None: existing_auth["identityProviders"]["facebook"]["graphApiVersion"] = graph_api_version if scopes is not None: @@ -381,7 +407,15 @@ def get_github_settings(cmd, resource_group_name, name, slot=None): def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - scopes=None): # pylint: disable=unused-argument + scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + return + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} @@ -398,6 +432,11 @@ def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: existing_auth["identityProviders"]["gitHub"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: existing_auth["identityProviders"]["gitHub"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + existing_auth["identityProviders"]["gitHub"]["registration"]["clientSecretSettingName"] = 'GITHUB_PROVIDER_AUTHENTICATION_SECRET' + settings = [] + settings.append('GITHUB_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["gitHub"]["login"]["scopes"] = scopes.split(",") final_json = { @@ -417,7 +456,15 @@ def get_google_settings(cmd, resource_group_name, name, slot=None): def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - scopes=None, allowed_token_audiences=None): # pylint: disable=unused-argument + scopes=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + return + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} @@ -437,6 +484,11 @@ def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: existing_auth["identityProviders"]["google"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: existing_auth["identityProviders"]["google"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + existing_auth["identityProviders"]["google"]["registration"]["clientSecretSettingName"] = 'GOOGLE_PROVIDER_AUTHENTICATION_SECRET' + settings = [] + settings.append('GOOGLE_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["google"]["login"]["scopes"] = scopes.split(",") if allowed_token_audiences is not None: @@ -457,7 +509,16 @@ def get_twitter_settings(cmd, resource_group_name, name, slot=None): return auth_settings["identityProviders"]["twitter"] def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument - consumer_key=None, consumer_secret_setting_name=None): # pylint: disable=unused-argument + consumer_key=None, consumer_secret_setting_name=None, # pylint: disable=unused-argument + consumer_secret=None, yes=False): # pylint: disable=unused-argument + if consumer_secret is not None and consumer_secret_setting_name is not None: + raise CLIError('Usage Error: --consumer-secret and --consumer-secret-setting-name cannot both be configured to non empty strings') + + if consumer_secret is not None and not yes: + msg = 'Configuring --consumer-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + return + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} @@ -471,6 +532,11 @@ def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint existing_auth["identityProviders"]["twitter"]["registration"]["consumerKey"] = client_id if consumer_secret_setting_name is not None: existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = client_secret_setting_name + if consumer_secret is not None: + existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' + settings = [] + settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) final_json = { "properties": existing_auth } @@ -488,7 +554,15 @@ def get_apple_settings(cmd, resource_group_name, name, slot=None): def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - scopes=None): # pylint: disable=unused-argument + scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + return + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} @@ -505,6 +579,11 @@ def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: existing_auth["identityProviders"]["apple"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: existing_auth["identityProviders"]["apple"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + existing_auth["identityProviders"]["apple"]["registration"]["clientSecretSettingName"] = 'APPLE_PROVIDER_AUTHENTICATION_SECRET' + settings = [] + settings.append('APPLE_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["apple"]["login"]["scopes"] = scopes.split(",") final_json = { From ee57ba3862577999f0cfda0448b093c08eaa67b4 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Tue, 15 Jun 2021 13:08:22 -0700 Subject: [PATCH 07/30] finish work --- src/authV2/azext_authV2/custom.py | 223 ++++++++++++++---------------- 1 file changed, 101 insertions(+), 122 deletions(-) diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 783ed8ac35e..36a2f015e77 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -15,7 +15,7 @@ from msrestazure.azure_exceptions import CloudError from knack.log import get_logger -from knack.prompting import c +from knack.prompting import prompt_y_n from knack.util import CLIError import json from azure.cli.core.util import send_raw_request @@ -24,22 +24,45 @@ from azure.cli.command_modules.appservice.custom import update_app_settings from azure.cli.core.commands.client_factory import get_subscription_id +#region rest calls def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "GET", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name)) + request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name) + if slot is not None: + request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) + r = send_raw_request(cmd.cli_ctx, "GET", request_url) return r.json() +def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_settings_v2, slot=None): # pylint: disable=unused-argument + final_json = { + "properties": site_auth_settings_v2 + } + sub_id = get_subscription_id(cmd.cli_ctx) + + requestUrl = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name) + if slot is not None: + requestUrl = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) + + r = send_raw_request(cmd.cli_ctx, "PUT", requestUrl, None, None, json.dumps(final_json)) + return r.json()["properties"] + +def is_auth_v2_app(cmd, resource_group_name, name, slot=None): + from azure.cli.core.commands.client_factory import get_subscription_id + sub_id = get_subscription_id(cmd.cli_ctx) + request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name) + if slot is not None: + request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) + r = send_raw_request(cmd.cli_ctx, "POST", request_url) + return r.json()["properties"]["configVersion"] == "v2" +#endregion + +#region webapp auth def set_auth_settings_v2(cmd, resource_group_name, name, body=None, slot=None): # pylint: disable=unused-argument if body is None: json_object = None else: json_object = json.loads(body) - final_json = { - "properties": json_object - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json() + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot) def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, enabled=None, # pylint: disable=unused-argument runtime_version=None, config_file_path=None, unauthenticated_client_action=None, # pylint: disable=unused-argument @@ -119,22 +142,50 @@ def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, ena existing_auth["httpSettings"]["forwardProxy"]["customProtoHeaderName"] = proxy_custom_proto_header json_object = existing_auth - final_json = { - "properties": json_object - } - - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json() + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot) +#endregion -def is_auth_v2_app(cmd, resource_group_name, name, slot=None): - from azure.cli.core.commands.client_factory import get_subscription_id - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "POST", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name)) - return r.json()["properties"]["configVersion"] == "v2" +#region webapp auth config-version +def upgrade_to_auth_settings_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + if is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp auth upgrade when the app is using auth v2.') + prep_auth_settings_for_v2(cmd, resource_group_name, name, slot) + site_auth_settings_v2 = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_settings_v2, slot) -def get_auth_settings(cmd, resource_group_name, name, slot=None): - return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get_auth_settings', slot) +def get_config_version(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + isV2 = is_auth_v2_app(cmd, resource_group_name, name, slot) + config_version = "v1" + if isV2: + config_version = "v2" + return { + "configVersion": config_version + } + +def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + if not is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp auth revert when the app is using auth v1.') + site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + set_auth_settings_v2(cmd, resource_group_name, name, None, slot) + update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, site_auth_settings.runtime_version, + site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, site_auth_settings.client_secret, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, site_auth_settings.facebook_app_id, + site_auth_settings.facebook_app_secret, site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, site_auth_settings.twitter_consumer_secret, + site_auth_settings.google_client_id, site_auth_settings.google_client_secret, + site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, + site_auth_settings.microsoft_account_client_secret, + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, site_auth_settings.git_hub_client_secret_setting_name) +#endregion +#region helper methods def is_auth_runtime_version_valid(runtime_version=None): if runtime_version is None: return True @@ -195,52 +246,6 @@ def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pyli site_auth_settings.google_client_secret_setting_name, site_auth_settings.microsoft_account_client_secret_setting_name, site_auth_settings.twitter_consumer_secret_setting_name, site_auth_settings.git_hub_client_secret_setting_name) -def upgrade_to_auth_settings_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument - if is_auth_v2_app(cmd, resource_group_name, name, slot): - raise CLIError('Usage Error: Cannot use command az webapp auth upgrade when the app is using auth v2.') - prep_auth_settings_for_v2(cmd, resource_group_name, name, slot) - site_auth_settings_v2 = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] - final_json = { - "properties": site_auth_settings_v2 - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json() - -def get_config_version(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument - isV2 = is_auth_v2_app(cmd, resource_group_name, name, slot) - config_version = "v1" - if isV2: - config_version = "v2" - return { - "configVersion": config_version - } - -def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument - if not is_auth_v2_app(cmd, resource_group_name, name, slot): - raise CLIError('Usage Error: Cannot use command az webapp auth revert when the app is using auth v1.') - - site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) - - set_auth_settings_v2(cmd, resource_group_name, name, None, slot) - - update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, - site_auth_settings.client_id, site_auth_settings.token_store_enabled, site_auth_settings.runtime_version, - site_auth_settings.token_refresh_extension_hours, - site_auth_settings.allowed_external_redirect_urls, site_auth_settings.client_secret, - site_auth_settings.client_secret_certificate_thumbprint, - site_auth_settings.allowed_audiences, site_auth_settings.issuer, site_auth_settings.facebook_app_id, - site_auth_settings.facebook_app_secret, site_auth_settings.facebook_o_auth_scopes, - site_auth_settings.twitter_consumer_key, site_auth_settings.twitter_consumer_secret, - site_auth_settings.google_client_id, site_auth_settings.google_client_secret, - site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, - site_auth_settings.microsoft_account_client_secret, - site_auth_settings.microsoft_account_o_auth_scopes, slot, - site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, site_auth_settings.git_hub_o_auth_scopes, - site_auth_settings.client_secret_setting_name, site_auth_settings.facebook_app_secret_setting_name, - site_auth_settings.google_client_secret_setting_name, site_auth_settings.microsoft_account_client_secret_setting_name, - site_auth_settings.twitter_consumer_secret_setting_name, site_auth_settings.git_hub_client_secret_setting_name) - def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) auth_settings.client_secret = "" @@ -250,6 +255,11 @@ def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): auth_settings.microsoft_account_client_secret = "" auth_settings.twitter_consumer_secret_setting_name = "" return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) +#endregion + +#region webapp auth-classic +def get_auth_settings(cmd, resource_group_name, name, slot=None): + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get_auth_settings', slot) def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument @@ -294,7 +304,9 @@ def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=No setattr(auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) +#endregion +#region webapp auth microsoft def get_aad_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -339,13 +351,10 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["openIdIssuer"] = issuer if allowed_token_audiences is not None: existing_auth["identityProviders"]["azureActiveDirectory"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") - final_json = { - "properties": existing_auth - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["azureActiveDirectory"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["azureActiveDirectory"] +#endregion +#region webapp auth facebook def get_facebook_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -390,13 +399,10 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin existing_auth["identityProviders"]["facebook"]["graphApiVersion"] = graph_api_version if scopes is not None: existing_auth["identityProviders"]["facebook"]["login"]["scopes"] = scopes.split(",") - final_json = { - "properties": existing_auth - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["facebook"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["facebook"] +#endregion +#region webapp auth github def get_github_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -439,13 +445,10 @@ def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["gitHub"]["login"]["scopes"] = scopes.split(",") - final_json = { - "properties": existing_auth - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["gitHub"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["gitHub"] +#endregion +#region webapp auth google def get_google_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -493,13 +496,10 @@ def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: existing_auth["identityProviders"]["google"]["login"]["scopes"] = scopes.split(",") if allowed_token_audiences is not None: existing_auth["identityProviders"]["google"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") - final_json = { - "properties": existing_auth - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["google"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["google"] +#endregion +#region webapp auth twitter def get_twitter_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -537,13 +537,10 @@ def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint settings = [] settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) - final_json = { - "properties": existing_auth - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["twitter"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["twitter"] +#endregion +#region webapp auth apple def get_apple_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -586,13 +583,10 @@ def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["apple"]["login"]["scopes"] = scopes.split(",") - final_json = { - "properties": existing_auth - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["apple"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["apple"] +#endregion +#region webapp auth oidc def get_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -628,12 +622,7 @@ def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, sl auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = {} auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(',') - final_json = { - "properties": auth_settings - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["customOpenIdConnectProviders"][provider_name] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument @@ -670,12 +659,7 @@ def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["openIdConnectConfiguration"]["wellKnownOpenIdConfiguration"] = openid_configuration if scopes is not None: auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(",") - final_json = { - "properties": auth_settings - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) - return r.json()["properties"]["identityProviders"]["customOpenIdConnectProviders"][provider_name] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] def remove_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] @@ -686,11 +670,6 @@ def remove_oidc_provider_settings(cmd, resource_group_name, name, provider_name, if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) auth_settings["identityProviders"]["customOpenIdConnectProviders"].pop(provider_name, None) - final_json = { - "properties": auth_settings - } - sub_id = get_subscription_id(cmd.cli_ctx) - r = send_raw_request(cmd.cli_ctx, "PUT", "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name), None, None, json.dumps(final_json)) + update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) return {} - - +#endregion \ No newline at end of file From 0ae2027a66d9cdf95edb34b5ecd4b07f1de2d843 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Tue, 15 Jun 2021 14:12:33 -0700 Subject: [PATCH 08/30] style fixes --- src/authV2/azext_authV2/__init__.py | 2 +- src/authV2/azext_authV2/_help.py | 2 +- src/authV2/azext_authV2/_params.py | 34 +-- src/authV2/azext_authV2/commands.py | 24 +- src/authV2/azext_authV2/custom.py | 353 ++++++++++++++++------------ src/authV2/setup.py | 2 +- 6 files changed, 219 insertions(+), 198 deletions(-) diff --git a/src/authV2/azext_authV2/__init__.py b/src/authV2/azext_authV2/__init__.py index 62f8543b96d..0e903681298 100644 --- a/src/authV2/azext_authV2/__init__.py +++ b/src/authV2/azext_authV2/__init__.py @@ -17,7 +17,7 @@ def __init__(self, cli_ctx=None): operations_tmpl='azext_authV2.custom#{}', client_factory=cf_authV2) super(Authv2CommandsLoader, self).__init__(cli_ctx=cli_ctx, - custom_command_type=authV2_custom) + custom_command_type=authV2_custom) def load_command_table(self, args): from azext_authV2.commands import load_command_table diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py index e0eb72f65cb..d34027faa5b 100644 --- a/src/authV2/azext_authV2/_help.py +++ b/src/authV2/azext_authV2/_help.py @@ -110,4 +110,4 @@ az webapp auth update -g myResourceGroup -n myUniqueApp --action AllowAnonymous \\ --facebook-app-id my_fb_id --facebook-app-secret my_fb_secret \\ --facebook-oauth-scopes public_profile email -""" \ No newline at end of file +""" diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index c7d48fc5636..1c568374640 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -4,28 +4,14 @@ # -------------------------------------------------------------------------------------------- # pylint: disable=line-too-long -from knack.arguments import CLIArgumentType from azure.cli.core.commands.parameters import (get_three_state_flag, get_enum_type) -from azure.mgmt.web.models import BuiltInAuthenticationProvider +from azure.cli.command_modules.appservice._params import AUTH_TYPES UNAUTHENTICATED_CLIENT_ACTION = ['RedirectToLoginPage', 'AllowAnonymous', 'RejectWith401', 'RejectWith404'] FORWARD_PROXY_CONVENTION = ['NoProxy', 'Standard', 'Custom'] -AUTH_TYPES = { - 'AllowAnonymous': 'na', - 'LoginWithAzureActiveDirectory': BuiltInAuthenticationProvider.azure_active_directory, - 'LoginWithFacebook': BuiltInAuthenticationProvider.facebook, - 'LoginWithGoogle': BuiltInAuthenticationProvider.google, - 'LoginWithMicrosoftAccount': BuiltInAuthenticationProvider.microsoft_account, - 'LoginWithTwitter': BuiltInAuthenticationProvider.twitter} def load_arguments(self, _): - - from azure.cli.core.commands.parameters import tags_type - from azure.cli.core.commands.validators import get_default_location_from_resource_group - - authV2_name_type = CLIArgumentType(options_list='--authV2-name-name', help='Name of the Authv2.', id_part='name') - with self.argument_context('webapp auth set') as c: c.argument('body', options_list=['--body', '-b']) @@ -41,36 +27,36 @@ def load_arguments(self, _): c.argument('proxy_convention', options_list=['--proxy-convention'], arg_type=get_enum_type(FORWARD_PROXY_CONVENTION)) c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header']) c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header']) - + with self.argument_context('webapp auth microsoft update') as c: c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('issuer', options_list=['--issuer']) c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) - + with self.argument_context('webapp auth facebook update') as c: c.argument('app_id', options_list=['--app-id']) c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name']) c.argument('graph_api_version', options_list=['--graph-api-version']) c.argument('scopes', options_list=['--scopes']) - + with self.argument_context('webapp auth github update') as c: c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('client_secret', options_list=['--client-secret']) c.argument('scopes', options_list=['--scopes']) c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') - + with self.argument_context('webapp auth google update') as c: c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('scopes', options_list=['--scopes']) c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) - + with self.argument_context('webapp auth twitter update') as c: c.argument('consumer_key', options_list=['--consumer-key']) c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name']) - + with self.argument_context('webapp auth apple update') as c: c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) @@ -78,7 +64,7 @@ def load_arguments(self, _): with self.argument_context('webapp auth oidc show') as c: c.argument('provider_name', options_list=['--provider-name']) - + with self.argument_context('webapp auth oidc add') as c: c.argument('provider_name', options_list=['--provider-name']) c.argument('client_id', options_list=['--client-id']) @@ -92,10 +78,10 @@ def load_arguments(self, _): c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('openid_configuration', options_list=['--openid-configuration']) c.argument('scopes', options_list=['--scopes']) - + with self.argument_context('webapp auth oidc remove') as c: c.argument('provider_name', options_list=['--provider-name']) - + with self.argument_context('webapp auth-classic update') as c: c.argument('enabled', arg_type=get_three_state_flag(return_label=True)) c.argument('token_store_enabled', options_list=['--token-store'], diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index 175641e9af8..b81686a3375 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -4,16 +4,7 @@ # -------------------------------------------------------------------------------------------- # pylint: disable=line-too-long -from azure.cli.core.commands import CliCommandType -from azext_authV2._client_factory import cf_authV2 - - def load_command_table(self, _): - - # TODO: Add command type here - # authV2_sdk = CliCommandType( - # operations_tmpl='.operations#None.{}', - # client_factory=cf_authV2) with self.command_group('webapp auth') as g: g.custom_show_command('show', 'get_auth_settings_v2') g.custom_command('set', 'set_auth_settings_v2') @@ -23,7 +14,7 @@ def load_command_table(self, _): g.custom_show_command('show', 'get_config_version') g.custom_command('revert', 'revert_to_auth_settings') g.custom_command('upgrade', 'upgrade_to_auth_settings_v2') - + with self.command_group('webapp auth microsoft') as g: g.custom_show_command('show', 'get_aad_settings') g.custom_command('update', 'update_aad_settings') @@ -31,30 +22,29 @@ def load_command_table(self, _): with self.command_group('webapp auth facebook') as g: g.custom_show_command('show', 'get_facebook_settings') g.custom_command('update', 'update_facebook_settings') - + with self.command_group('webapp auth github') as g: g.custom_show_command('show', 'get_github_settings') g.custom_command('update', 'update_github_settings') - + with self.command_group('webapp auth google') as g: g.custom_show_command('show', 'get_google_settings') g.custom_command('update', 'update_google_settings') - + with self.command_group('webapp auth twitter') as g: g.custom_show_command('show', 'get_twitter_settings') g.custom_command('update', 'update_twitter_settings') - + with self.command_group('webapp auth apple') as g: g.custom_show_command('show', 'get_apple_settings') g.custom_command('update', 'update_apple_settings') - + with self.command_group('webapp auth oidc') as g: g.custom_show_command('show', 'get_oidc_provider_settings') g.custom_command('add', 'add_oidc_provider_settings') g.custom_command('update', 'update_oidc_provider_settings') g.custom_command('remove', 'remove_oidc_provider_settings') - + with self.command_group('webapp auth-classic') as g: g.custom_show_command('show', 'get_auth_settings') g.custom_command('update', 'update_auth_settings') - diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 36a2f015e77..bae42b16498 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -2,29 +2,18 @@ # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. See License.txt in the project root for license information. # -------------------------------------------------------------------------------------------- -from datetime import datetime -import time -import uuid -import os - -from azure.cli.core.util import sdk_no_wait -from azure.cli.core.profiles import ResourceType, get_sdk -from azure.cli.core.commands.client_factory import get_mgmt_service_client, get_data_service_client -from azure.mgmt.compute.models import ResourceIdentityType -from msrestazure.tools import parse_resource_id -from msrestazure.azure_exceptions import CloudError - -from knack.log import get_logger +import json from knack.prompting import prompt_y_n from knack.util import CLIError -import json from azure.cli.core.util import send_raw_request -from azure.cli.core.profiles import get_sdk, supported_api_version, ResourceType from azure.cli.command_modules.appservice._appservice_utils import _generic_site_operation from azure.cli.command_modules.appservice.custom import update_app_settings +from azure.cli.command_modules.appservice._params import AUTH_TYPES from azure.cli.core.commands.client_factory import get_subscription_id -#region rest calls +# region rest calls + + def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): sub_id = get_subscription_id(cmd.cli_ctx) request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name) @@ -33,10 +22,11 @@ def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): r = send_raw_request(cmd.cli_ctx, "GET", request_url) return r.json() -def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_settings_v2, slot=None): # pylint: disable=unused-argument + +def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_settings_v2, slot=None): # pylint: disable=unused-argument final_json = { "properties": site_auth_settings_v2 - } + } sub_id = get_subscription_id(cmd.cli_ctx) requestUrl = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name) @@ -46,17 +36,19 @@ def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_ r = send_raw_request(cmd.cli_ctx, "PUT", requestUrl, None, None, json.dumps(final_json)) return r.json()["properties"] + def is_auth_v2_app(cmd, resource_group_name, name, slot=None): - from azure.cli.core.commands.client_factory import get_subscription_id sub_id = get_subscription_id(cmd.cli_ctx) - request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name) + request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name) if slot is not None: - request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) + request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) r = send_raw_request(cmd.cli_ctx, "POST", request_url) - return r.json()["properties"]["configVersion"] == "v2" -#endregion + return r.json()["properties"]["configVersion"] == "v2" +# endregion + +# region webapp auth + -#region webapp auth def set_auth_settings_v2(cmd, resource_group_name, name, body=None, slot=None): # pylint: disable=unused-argument if body is None: json_object = None @@ -64,10 +56,12 @@ def set_auth_settings_v2(cmd, resource_group_name, name, body=None, slot=None): json_object = json.loads(body) return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot) -def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, enabled=None, # pylint: disable=unused-argument - runtime_version=None, config_file_path=None, unauthenticated_client_action=None, # pylint: disable=unused-argument + +def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, enabled=None, # pylint: disable=unused-argument + runtime_version=None, config_file_path=None, unauthenticated_client_action=None, # pylint: disable=unused-argument redirect_provider=None, enable_token_store=None, require_https=None, # pylint: disable=unused-argument - proxy_convention=None, proxy_custom_host_header=None, proxy_custom_proto_header=None, slot=None): # pylint: disable=unused-argument + proxy_convention=None, proxy_custom_host_header=None, # pylint: disable=unused-argument + proxy_custom_proto_header=None, slot=None): # pylint: disable=unused-argument existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if set_string is not None: split1 = set_string.split("=") @@ -77,7 +71,7 @@ def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, ena split2length = len(split2) currentObj = existing_auth for field in split2: - if split2[split2length-1] == field: + if split2[split2length - 1] == field: currentObj[field] = fieldValue else: if field not in currentObj.keys(): @@ -87,17 +81,17 @@ def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, ena if "platform" not in existing_auth.keys(): existing_auth["platform"] = {} existing_auth["platform"]["enabled"] = enabled - + if runtime_version is not None: if "platform" not in existing_auth.keys(): existing_auth["platform"] = {} existing_auth["platform"]["runtimeVersion"] = runtime_version - + if config_file_path is not None: if "platform" not in existing_auth.keys(): existing_auth["platform"] = {} existing_auth["platform"]["configFilePath"] = config_file_path - + if unauthenticated_client_action is not None: if "globalValidation" not in existing_auth.keys(): existing_auth["globalValidation"] = {} @@ -107,19 +101,19 @@ def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, ena if "globalValidation" not in existing_auth.keys(): existing_auth["globalValidation"] = {} existing_auth["globalValidation"]["redirectToProvider"] = redirect_provider - + if enable_token_store is not None: if "login" not in existing_auth.keys(): existing_auth["login"] = {} if "tokenStore" not in existing_auth["login"].keys(): existing_auth["login"]["tokenStore"] = {} existing_auth["login"]["tokenStore"]["enabled"] = enable_token_store - + if require_https is not None: if "httpSettings" not in existing_auth.keys(): existing_auth["httpSettings"] = {} existing_auth["httpSettings"]["requireHttps"] = require_https - + if proxy_convention is not None: if "httpSettings" not in existing_auth.keys(): existing_auth["httpSettings"] = {} @@ -133,19 +127,21 @@ def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, ena if "forwardProxy" not in existing_auth["httpSettings"].keys(): existing_auth["httpSettings"]["forwardProxy"] = {} existing_auth["httpSettings"]["forwardProxy"]["customHostHeaderName"] = proxy_custom_host_header - + if proxy_custom_proto_header is not None: if "httpSettings" not in existing_auth.keys(): existing_auth["httpSettings"] = {} if "forwardProxy" not in existing_auth["httpSettings"].keys(): existing_auth["httpSettings"]["forwardProxy"] = {} existing_auth["httpSettings"]["forwardProxy"]["customProtoHeaderName"] = proxy_custom_proto_header - + json_object = existing_auth return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot) -#endregion +# endregion + +# region webapp auth config-version + -#region webapp auth config-version def upgrade_to_auth_settings_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): raise CLIError('Usage Error: Cannot use command az webapp auth upgrade when the app is using auth v2.') @@ -153,6 +149,7 @@ def upgrade_to_auth_settings_v2(cmd, resource_group_name, name, slot=None): # p site_auth_settings_v2 = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_settings_v2, slot) + def get_config_version(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument isV2 = is_auth_v2_app(cmd, resource_group_name, name, slot) config_version = "v1" @@ -160,7 +157,8 @@ def get_config_version(cmd, resource_group_name, name, slot=None): # pylint: di config_version = "v2" return { "configVersion": config_version - } + } + def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument if not is_auth_v2_app(cmd, resource_group_name, name, slot): @@ -168,24 +166,31 @@ def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylin site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) set_auth_settings_v2(cmd, resource_group_name, name, None, slot) update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, - site_auth_settings.client_id, site_auth_settings.token_store_enabled, site_auth_settings.runtime_version, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, + site_auth_settings.runtime_version, site_auth_settings.token_refresh_extension_hours, site_auth_settings.allowed_external_redirect_urls, site_auth_settings.client_secret, site_auth_settings.client_secret_certificate_thumbprint, - site_auth_settings.allowed_audiences, site_auth_settings.issuer, site_auth_settings.facebook_app_id, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, + site_auth_settings.facebook_app_id, site_auth_settings.facebook_app_secret, site_auth_settings.facebook_o_auth_scopes, site_auth_settings.twitter_consumer_key, site_auth_settings.twitter_consumer_secret, - site_auth_settings.google_client_id, site_auth_settings.google_client_secret, + site_auth_settings.google_client_id, site_auth_settings.google_client_secret, site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, site_auth_settings.microsoft_account_client_secret, site_auth_settings.microsoft_account_o_auth_scopes, slot, - site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, site_auth_settings.git_hub_o_auth_scopes, - site_auth_settings.client_secret_setting_name, site_auth_settings.facebook_app_secret_setting_name, - site_auth_settings.google_client_secret_setting_name, site_auth_settings.microsoft_account_client_secret_setting_name, - site_auth_settings.twitter_consumer_secret_setting_name, site_auth_settings.git_hub_client_secret_setting_name) -#endregion + site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, + site_auth_settings.git_hub_o_auth_scopes, site_auth_settings.client_secret_setting_name, + site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, + site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, + site_auth_settings.git_hub_client_secret_setting_name) +# endregion + +# region helper methods + -#region helper methods def is_auth_runtime_version_valid(runtime_version=None): if runtime_version is None: return True @@ -205,7 +210,8 @@ def is_auth_runtime_version_valid(runtime_version=None): return False return True -def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + +def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) settings = [] if site_auth_settings.client_secret is not None: @@ -230,23 +236,27 @@ def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pyli update_app_settings(cmd, resource_group_name, name, settings, slot) remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot) update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, - site_auth_settings.client_id, site_auth_settings.token_store_enabled, site_auth_settings.runtime_version, - site_auth_settings.token_refresh_extension_hours, - site_auth_settings.allowed_external_redirect_urls, None, - site_auth_settings.client_secret_certificate_thumbprint, - site_auth_settings.allowed_audiences, site_auth_settings.issuer, site_auth_settings.facebook_app_id, - None, site_auth_settings.facebook_o_auth_scopes, - site_auth_settings.twitter_consumer_key, None, - site_auth_settings.google_client_id, None, - site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, - None, - site_auth_settings.microsoft_account_o_auth_scopes, slot, - site_auth_settings.git_hub_client_id, None, site_auth_settings.git_hub_o_auth_scopes, - site_auth_settings.client_secret_setting_name, site_auth_settings.facebook_app_secret_setting_name, - site_auth_settings.google_client_secret_setting_name, site_auth_settings.microsoft_account_client_secret_setting_name, - site_auth_settings.twitter_consumer_secret_setting_name, site_auth_settings.git_hub_client_secret_setting_name) - -def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + site_auth_settings.client_id, site_auth_settings.token_store_enabled, + site_auth_settings.runtime_version, site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, None, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, + site_auth_settings.facebook_app_id, None, site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, None, + site_auth_settings.google_client_id, None, + site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, + None, + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, None, site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, + site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, + site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, + site_auth_settings.git_hub_client_secret_setting_name) + + +def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) auth_settings.client_secret = "" auth_settings.facebook_app_secret = "" @@ -254,35 +264,42 @@ def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): auth_settings.google_client_secret = "" auth_settings.microsoft_account_client_secret = "" auth_settings.twitter_consumer_secret_setting_name = "" - return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) -#endregion + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, + 'update_auth_settings', slot, auth_settings) +# endregion + +# region webapp auth-classic + -#region webapp auth-classic def get_auth_settings(cmd, resource_group_name, name, slot=None): return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get_auth_settings', slot) + def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument - client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument - token_refresh_extension_hours=None, # pylint: disable=unused-argument - allowed_external_redirect_urls=None, client_secret=None, # pylint: disable=unused-argument - client_secret_certificate_thumbprint=None, # pylint: disable=unused-argument - allowed_audiences=None, issuer=None, facebook_app_id=None, # pylint: disable=unused-argument - facebook_app_secret=None, facebook_oauth_scopes=None, # pylint: disable=unused-argument - twitter_consumer_key=None, twitter_consumer_secret=None, # pylint: disable=unused-argument - google_client_id=None, google_client_secret=None, # pylint: disable=unused-argument - google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument - microsoft_account_client_secret=None, # pylint: disable=unused-argument - microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument - git_hub_client_id=None, git_hub_client_secret=None, git_hub_o_auth_scopes=None, # pylint: disable=unused-argument - client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument - google_client_secret_setting_name=None, microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument - twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument + client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument + token_refresh_extension_hours=None, # pylint: disable=unused-argument + allowed_external_redirect_urls=None, client_secret=None, # pylint: disable=unused-argument + client_secret_certificate_thumbprint=None, # pylint: disable=unused-argument + allowed_audiences=None, issuer=None, facebook_app_id=None, # pylint: disable=unused-argument + facebook_app_secret=None, facebook_oauth_scopes=None, # pylint: disable=unused-argument + twitter_consumer_key=None, twitter_consumer_secret=None, # pylint: disable=unused-argument + google_client_id=None, google_client_secret=None, # pylint: disable=unused-argument + google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument + microsoft_account_client_secret=None, # pylint: disable=unused-argument + microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument + git_hub_client_id=None, git_hub_client_secret=None, # pylint: disable=unused-argument + git_hub_o_auth_scopes=None, # pylint: disable=unused-argument + client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument + google_client_secret_setting_name=None, # pylint: disable=unused-argument + microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument + twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') - + auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) from azure.cli.core.profiles import ResourceType - UnauthenticatedClientAction = cmd.get_models('UnauthenticatedClientAction', resource_type=ResourceType.MGMT_RESOURCE_RESOURCES) + UnauthenticatedClientAction = cmd.get_models('UnauthenticatedClientAction', + resource_type=ResourceType.MGMT_RESOURCE_RESOURCES) if action == 'AllowAnonymous': auth_settings.unauthenticated_client_action = UnauthenticatedClientAction.allow_anonymous elif action: @@ -303,10 +320,13 @@ def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=No if values.get(arg, None): setattr(auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') - return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) -#endregion + return _generic_site_operation(cmd.cli_ctx, resource_group_name, + name, 'update_auth_settings', slot, auth_settings) +# endregion + +# region webapp auth microsoft + -#region webapp auth microsoft def get_aad_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -315,6 +335,7 @@ def get_aad_settings(cmd, resource_group_name, name, slot=None): return {} return auth_settings["identityProviders"]["azureActiveDirectory"] + def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument issuer=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument @@ -324,11 +345,11 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di if client_secret is not None and not yes: msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - return + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): - existing_auth["identityProviders"] = {} + existing_auth["identityProviders"] = {} if "azureActiveDirectory" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["azureActiveDirectory"] = {} if client_id is not None or client_secret_setting_name is not None or issuer is not None: @@ -337,7 +358,7 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di if allowed_token_audiences is not None: if "validation" not in existing_auth["identityProviders"]["azureActiveDirectory"].keys(): existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] = {} - + if client_id is not None: existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: @@ -352,9 +373,11 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di if allowed_token_audiences is not None: existing_auth["identityProviders"]["azureActiveDirectory"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["azureActiveDirectory"] -#endregion +# endregion + +# region webapp auth facebook + -#region webapp auth facebook def get_facebook_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -363,20 +386,21 @@ def get_facebook_settings(cmd, resource_group_name, name, slot=None): return {} return auth_settings["identityProviders"]["facebook"] + def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument - app_id=None, app_secret_setting_name=None, # pylint: disable=unused-argument - graph_api_version=None, scopes=None, app_secret=None, yes=False): # pylint: disable=unused-argument + app_id=None, app_secret_setting_name=None, # pylint: disable=unused-argument + graph_api_version=None, scopes=None, app_secret=None, yes=False): # pylint: disable=unused-argument if app_secret is not None and app_secret_setting_name is not None: raise CLIError('Usage Error: --app-secret and --app-secret-setting-name cannot both be configured to non empty strings') if app_secret is not None and not yes: msg = 'Configuring --app-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - return + raise CLIError('Usage Error: --app-secret cannot be used without agreeing to add app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): - existing_auth["identityProviders"] = {} + existing_auth["identityProviders"] = {} if "facebook" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["facebook"] = {} if app_id is not None or app_secret_setting_name is not None: @@ -385,7 +409,7 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin if scopes is not None: if "login" not in existing_auth["identityProviders"]["facebook"].keys(): existing_auth["identityProviders"]["facebook"]["login"] = {} - + if app_id is not None: existing_auth["identityProviders"]["facebook"]["registration"]["appId"] = app_id if app_secret_setting_name is not None: @@ -400,9 +424,11 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin if scopes is not None: existing_auth["identityProviders"]["facebook"]["login"]["scopes"] = scopes.split(",") return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["facebook"] -#endregion +# endregion + +# region webapp auth github + -#region webapp auth github def get_github_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -411,20 +437,21 @@ def get_github_settings(cmd, resource_group_name, name, slot=None): return {} return auth_settings["identityProviders"]["gitHub"] + def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument - client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument if client_secret is not None and client_secret_setting_name is not None: raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') if client_secret is not None and not yes: msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - return - + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): - existing_auth["identityProviders"] = {} + existing_auth["identityProviders"] = {} if "gitHub" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["gitHub"] = {} if client_id is not None or client_secret_setting_name is not None: @@ -433,7 +460,7 @@ def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: if scopes is not None: if "login" not in existing_auth["identityProviders"]["gitHub"].keys(): existing_auth["identityProviders"]["gitHub"]["login"] = {} - + if client_id is not None: existing_auth["identityProviders"]["gitHub"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: @@ -446,9 +473,11 @@ def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: if scopes is not None: existing_auth["identityProviders"]["gitHub"]["login"]["scopes"] = scopes.split(",") return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["gitHub"] -#endregion +# endregion + +# region webapp auth google + -#region webapp auth google def get_google_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -457,20 +486,21 @@ def get_google_settings(cmd, resource_group_name, name, slot=None): return {} return auth_settings["identityProviders"]["google"] + def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument - client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - scopes=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument if client_secret is not None and client_secret_setting_name is not None: raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') if client_secret is not None and not yes: msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - return + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): - existing_auth["identityProviders"] = {} + existing_auth["identityProviders"] = {} if "google" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["google"] = {} if client_id is not None or client_secret_setting_name is not None: @@ -482,7 +512,7 @@ def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: if allowed_token_audiences is not None: if "validation" not in existing_auth["identityProviders"]["google"].keys(): existing_auth["identityProviders"]["google"]["validation"] = {} - + if client_id is not None: existing_auth["identityProviders"]["google"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: @@ -497,9 +527,11 @@ def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: if allowed_token_audiences is not None: existing_auth["identityProviders"]["google"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["google"] -#endregion +# endregion + +# region webapp auth twitter + -#region webapp auth twitter def get_twitter_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -508,39 +540,42 @@ def get_twitter_settings(cmd, resource_group_name, name, slot=None): return {} return auth_settings["identityProviders"]["twitter"] + def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument - consumer_key=None, consumer_secret_setting_name=None, # pylint: disable=unused-argument - consumer_secret=None, yes=False): # pylint: disable=unused-argument + consumer_key=None, consumer_secret_setting_name=None, # pylint: disable=unused-argument + consumer_secret=None, yes=False): # pylint: disable=unused-argument if consumer_secret is not None and consumer_secret_setting_name is not None: raise CLIError('Usage Error: --consumer-secret and --consumer-secret-setting-name cannot both be configured to non empty strings') if consumer_secret is not None and not yes: msg = 'Configuring --consumer-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - return + raise CLIError('Usage Error: --consumer-secret cannot be used without agreeing to add app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): - existing_auth["identityProviders"] = {} + existing_auth["identityProviders"] = {} if "twitter" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["twitter"] = {} if consumer_key is not None or consumer_secret_setting_name is not None: if "registration" not in existing_auth["identityProviders"]["twitter"].keys(): existing_auth["identityProviders"]["twitter"]["registration"] = {} - + if consumer_key is not None: - existing_auth["identityProviders"]["twitter"]["registration"]["consumerKey"] = client_id + existing_auth["identityProviders"]["twitter"]["registration"]["consumerKey"] = consumer_key if consumer_secret_setting_name is not None: - existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = client_secret_setting_name + existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = consumer_secret_setting_name if consumer_secret is not None: existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' settings = [] - settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + consumer_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["twitter"] -#endregion +# endregion + +# region webapp auth apple + -#region webapp auth apple def get_apple_settings(cmd, resource_group_name, name, slot=None): auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): @@ -549,20 +584,21 @@ def get_apple_settings(cmd, resource_group_name, name, slot=None): return {} return auth_settings["identityProviders"]["apple"] + def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument - client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument if client_secret is not None and client_secret_setting_name is not None: raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') if client_secret is not None and not yes: msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - return + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): - existing_auth["identityProviders"] = {} + existing_auth["identityProviders"] = {} if "apple" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["apple"] = {} if client_id is not None or client_secret_setting_name is not None: @@ -571,7 +607,7 @@ def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: if scopes is not None: if "login" not in existing_auth["identityProviders"]["apple"].keys(): existing_auth["identityProviders"]["apple"]["login"] = {} - + if client_id is not None: existing_auth["identityProviders"]["apple"]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: @@ -584,22 +620,26 @@ def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: if scopes is not None: existing_auth["identityProviders"]["apple"]["login"]["scopes"] = scopes.split(",") return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["apple"] -#endregion +# endregion + +# region webapp auth oidc -#region webapp auth oidc -def get_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument + +def get_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) return auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] -def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument - client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - openid_configuration=None, scopes=None): # pylint: disable=unused-argument + +def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): auth_settings["identityProviders"] = {} @@ -621,12 +661,13 @@ def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, sl if scopes is not None: auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = {} auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(',') - - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] -def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument - client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - openid_configuration=None, scopes=None): # pylint: disable=unused-argument + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] + + +def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) @@ -638,19 +679,19 @@ def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, if client_id is not None or client_secret_setting_name is not None or openid_configuration is not None: if "registration" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name].keys(): auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"] = {} - + if client_secret_setting_name is not None: if "clientCredential" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"].keys(): auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientCredential"] = {} - + if openid_configuration is not None: if "openIdConnectConfiguration" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"].keys(): auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["openIdConnectConfiguration"] = {} - + if scopes is not None: if "login" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name].keys(): auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = {} - + if client_id is not None: auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientId"] = client_id if client_secret_setting_name is not None: @@ -659,17 +700,21 @@ def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["openIdConnectConfiguration"]["wellKnownOpenIdConfiguration"] = openid_configuration if scopes is not None: auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(",") - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] -def remove_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument + +def remove_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) auth_settings["identityProviders"]["customOpenIdConnectProviders"].pop(provider_name, None) - update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot) return {} -#endregion \ No newline at end of file +# endregion diff --git a/src/authV2/setup.py b/src/authV2/setup.py index 2fa52672585..1654d75625d 100644 --- a/src/authV2/setup.py +++ b/src/authV2/setup.py @@ -55,4 +55,4 @@ packages=find_packages(), install_requires=DEPENDENCIES, package_data={'azext_authV2': ['azext_metadata.json']}, -) \ No newline at end of file +) From 798a64e30658adce276946add9301547aa9ff692 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Tue, 15 Jun 2021 14:35:35 -0700 Subject: [PATCH 09/30] more style fixes --- src/authV2/azext_authV2/custom.py | 53 ++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 18 deletions(-) diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index bae42b16498..71ccfa119dd 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -14,11 +14,22 @@ # region rest calls -def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): +def get_resource_id(cmd, resource_group_name, name, slot): sub_id = get_subscription_id(cmd.cli_ctx) - request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name) + resource_id = "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}".format( + sub_id, + resource_group_name, + name) if slot is not None: - request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettingsV2/list?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) + resource_id = resource_id + "/slots" + slot + + +def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): + resource_id = get_resource_id(cmd, resource_group_name, name, slot) + request_url = "https://management.azure.com/{}/{}?api-version={}".format( + resource_id, + "config/authSettingsV2/list", + "2020-12-01") r = send_raw_request(cmd.cli_ctx, "GET", request_url) return r.json() @@ -27,21 +38,22 @@ def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_ final_json = { "properties": site_auth_settings_v2 } - sub_id = get_subscription_id(cmd.cli_ctx) - requestUrl = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name) - if slot is not None: - requestUrl = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettingsV2?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) - - r = send_raw_request(cmd.cli_ctx, "PUT", requestUrl, None, None, json.dumps(final_json)) + resource_id = get_resource_id(cmd, resource_group_name, name, slot) + request_url = "https://management.azure.com/{}/{}?api-version={}".format( + resource_id, + "config/authSettingsV2", + "2020-12-01") + r = send_raw_request(cmd.cli_ctx, "PUT", request_url, None, None, json.dumps(final_json)) return r.json()["properties"] def is_auth_v2_app(cmd, resource_group_name, name, slot=None): - sub_id = get_subscription_id(cmd.cli_ctx) - request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name) - if slot is not None: - request_url = "https://management.azure.com/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}/slots/{}/config/authSettings/list?api-version=2020-12-01".format(sub_id, resource_group_name, name, slot) + resource_id = get_resource_id(cmd, resource_group_name, name, slot) + request_url = "https://management.azure.com/{}/{}?api-version={}".format( + resource_id, + "config/authSettings/list", + "2020-12-01") r = send_raw_request(cmd.cli_ctx, "POST", request_url) return r.json()["properties"]["configVersion"] == "v2" # endregion @@ -294,7 +306,8 @@ def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=No microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): - raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') + raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app ' + 'is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) from azure.cli.core.profiles import ResourceType @@ -340,12 +353,14 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument issuer=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument if client_secret is not None and client_secret_setting_name is not None: - raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be ' + 'configured to non empty strings') if client_secret is not None and not yes: msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings ' + 'to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): @@ -391,12 +406,14 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin app_id=None, app_secret_setting_name=None, # pylint: disable=unused-argument graph_api_version=None, scopes=None, app_secret=None, yes=False): # pylint: disable=unused-argument if app_secret is not None and app_secret_setting_name is not None: - raise CLIError('Usage Error: --app-secret and --app-secret-setting-name cannot both be configured to non empty strings') + raise CLIError('Usage Error: --app-secret and --app-secret-setting-name cannot both be configured ' + 'to non empty strings') if app_secret is not None and not yes: msg = 'Configuring --app-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - raise CLIError('Usage Error: --app-secret cannot be used without agreeing to add app settings to the web app.') + raise CLIError('Usage Error: --app-secret cannot be used without agreeing to add app ' + 'settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): From 846201f1d55ba0dcdc52f41e89a027325c4167f2 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Wed, 16 Jun 2021 23:06:35 -0700 Subject: [PATCH 10/30] pylint passed --- src/authV2/azext_authV2/commands.py | 2 +- src/authV2/azext_authV2/custom.py | 351 ++++++++++++++++------------ 2 files changed, 206 insertions(+), 147 deletions(-) diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index b81686a3375..a91ee682c9a 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -47,4 +47,4 @@ def load_command_table(self, _): with self.command_group('webapp auth-classic') as g: g.custom_show_command('show', 'get_auth_settings') - g.custom_command('update', 'update_auth_settings') + g.custom_command('update', 'update_auth_classic_settings') diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 71ccfa119dd..da83ff30e98 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -8,6 +8,7 @@ from azure.cli.core.util import send_raw_request from azure.cli.command_modules.appservice._appservice_utils import _generic_site_operation from azure.cli.command_modules.appservice.custom import update_app_settings +from azure.cli.command_modules.appservice.custom import update_auth_settings from azure.cli.command_modules.appservice._params import AUTH_TYPES from azure.cli.core.commands.client_factory import get_subscription_id @@ -22,6 +23,7 @@ def get_resource_id(cmd, resource_group_name, name, slot): name) if slot is not None: resource_id = resource_id + "/slots" + slot + return resource_id def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): @@ -75,20 +77,8 @@ def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, ena proxy_convention=None, proxy_custom_host_header=None, # pylint: disable=unused-argument proxy_custom_proto_header=None, slot=None): # pylint: disable=unused-argument existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] - if set_string is not None: - split1 = set_string.split("=") - fieldName = split1[0] - fieldValue = split1[1] - split2 = fieldName.split(".") - split2length = len(split2) - currentObj = existing_auth - for field in split2: - if split2[split2length - 1] == field: - currentObj[field] = fieldValue - else: - if field not in currentObj.keys(): - currentObj[field] = {} - currentObj = currentObj[field] + existing_auth = set_field_in_auth_settings(existing_auth, set_string) + if enabled is not None: if "platform" not in existing_auth.keys(): existing_auth["platform"] = {} @@ -121,31 +111,9 @@ def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, ena existing_auth["login"]["tokenStore"] = {} existing_auth["login"]["tokenStore"]["enabled"] = enable_token_store - if require_https is not None: - if "httpSettings" not in existing_auth.keys(): - existing_auth["httpSettings"] = {} - existing_auth["httpSettings"]["requireHttps"] = require_https - - if proxy_convention is not None: - if "httpSettings" not in existing_auth.keys(): - existing_auth["httpSettings"] = {} - if "forwardProxy" not in existing_auth["httpSettings"].keys(): - existing_auth["httpSettings"]["forwardProxy"] = {} - existing_auth["httpSettings"]["forwardProxy"]["convention"] = proxy_convention - - if proxy_custom_host_header is not None: - if "httpSettings" not in existing_auth.keys(): - existing_auth["httpSettings"] = {} - if "forwardProxy" not in existing_auth["httpSettings"].keys(): - existing_auth["httpSettings"]["forwardProxy"] = {} - existing_auth["httpSettings"]["forwardProxy"]["customHostHeaderName"] = proxy_custom_host_header - - if proxy_custom_proto_header is not None: - if "httpSettings" not in existing_auth.keys(): - existing_auth["httpSettings"] = {} - if "forwardProxy" not in existing_auth["httpSettings"].keys(): - existing_auth["httpSettings"]["forwardProxy"] = {} - existing_auth["httpSettings"]["forwardProxy"]["customProtoHeaderName"] = proxy_custom_proto_header + existing_auth = update_http_settings_in_auth_settings(existing_auth, require_https, + proxy_convention, proxy_custom_host_header, + proxy_custom_proto_header) json_object = existing_auth return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot) @@ -203,6 +171,54 @@ def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylin # region helper methods +def set_field_in_auth_settings(auth_settings, set_string): + if set_string is not None: + split1 = set_string.split("=") + fieldName = split1[0] + fieldValue = split1[1] + split2 = fieldName.split(".") + split2length = len(split2) + for field in split2: + if split2[split2length - 1] == field: + auth_settings[field] = fieldValue + else: + if field not in auth_settings.keys(): + auth_settings[field] = {} + auth_settings = auth_settings[field] + return auth_settings + + +def update_http_settings_in_auth_settings(auth_settings, require_https, proxy_convention, + proxy_custom_host_header, proxy_custom_proto_header): + if require_https is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + auth_settings["httpSettings"]["requireHttps"] = require_https + + if proxy_convention is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + if "forwardProxy" not in auth_settings["httpSettings"].keys(): + auth_settings["httpSettings"]["forwardProxy"] = {} + auth_settings["httpSettings"]["forwardProxy"]["convention"] = proxy_convention + + if proxy_custom_host_header is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + if "forwardProxy" not in auth_settings["httpSettings"].keys(): + auth_settings["httpSettings"]["forwardProxy"] = {} + auth_settings["httpSettings"]["forwardProxy"]["customHostHeaderName"] = proxy_custom_host_header + + if proxy_custom_proto_header is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + if "forwardProxy" not in auth_settings["httpSettings"].keys(): + auth_settings["httpSettings"]["forwardProxy"] = {} + auth_settings["httpSettings"]["forwardProxy"]["customProtoHeaderName"] = proxy_custom_proto_header + + return auth_settings + + def is_auth_runtime_version_valid(runtime_version=None): if runtime_version is None: return True @@ -287,54 +303,29 @@ def get_auth_settings(cmd, resource_group_name, name, slot=None): return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get_auth_settings', slot) -def update_auth_settings(cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument - client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument - token_refresh_extension_hours=None, # pylint: disable=unused-argument - allowed_external_redirect_urls=None, client_secret=None, # pylint: disable=unused-argument - client_secret_certificate_thumbprint=None, # pylint: disable=unused-argument - allowed_audiences=None, issuer=None, facebook_app_id=None, # pylint: disable=unused-argument - facebook_app_secret=None, facebook_oauth_scopes=None, # pylint: disable=unused-argument - twitter_consumer_key=None, twitter_consumer_secret=None, # pylint: disable=unused-argument - google_client_id=None, google_client_secret=None, # pylint: disable=unused-argument - google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument - microsoft_account_client_secret=None, # pylint: disable=unused-argument - microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument - git_hub_client_id=None, git_hub_client_secret=None, # pylint: disable=unused-argument - git_hub_o_auth_scopes=None, # pylint: disable=unused-argument - client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument - google_client_secret_setting_name=None, # pylint: disable=unused-argument - microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument - twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument +def update_auth_classic_settings(cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument + client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument + token_refresh_extension_hours=None, # pylint: disable=unused-argument + allowed_external_redirect_urls=None, client_secret=None, # pylint: disable=unused-argument + client_secret_certificate_thumbprint=None, # pylint: disable=unused-argument + allowed_audiences=None, issuer=None, facebook_app_id=None, # pylint: disable=unused-argument + facebook_app_secret=None, facebook_oauth_scopes=None, # pylint: disable=unused-argument + twitter_consumer_key=None, twitter_consumer_secret=None, # pylint: disable=unused-argument + google_client_id=None, google_client_secret=None, # pylint: disable=unused-argument + google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument + microsoft_account_client_secret=None, # pylint: disable=unused-argument + microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument + git_hub_client_id=None, git_hub_client_secret=None, # pylint: disable=unused-argument + git_hub_o_auth_scopes=None, # pylint: disable=unused-argument + client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument + google_client_secret_setting_name=None, # pylint: disable=unused-argument + microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument + twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app ' 'is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') - auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) - from azure.cli.core.profiles import ResourceType - UnauthenticatedClientAction = cmd.get_models('UnauthenticatedClientAction', - resource_type=ResourceType.MGMT_RESOURCE_RESOURCES) - if action == 'AllowAnonymous': - auth_settings.unauthenticated_client_action = UnauthenticatedClientAction.allow_anonymous - elif action: - auth_settings.unauthenticated_client_action = UnauthenticatedClientAction.redirect_to_login_page - auth_settings.default_provider = AUTH_TYPES[action] - # validate runtime version - if not is_auth_runtime_version_valid(runtime_version): - raise CLIError('Usage Error: --runtime-version set to invalid value') - - import inspect - frame = inspect.currentframe() - bool_flags = ['enabled', 'token_store_enabled'] - # note: getargvalues is used already in azure.cli.core.commands. - # and no simple functional replacement for this deprecating method for 3.5 - args, _, _, values = inspect.getargvalues(frame) # pylint: disable=deprecated-method - - for arg in args[2:]: - if values.get(arg, None): - setattr(auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') - - return _generic_site_operation(cmd.cli_ctx, resource_group_name, - name, 'update_auth_settings', slot, auth_settings) + return update_auth_settings(**locals()) # endregion # region webapp auth microsoft @@ -363,31 +354,42 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di 'to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} + validation = {} if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} if "azureActiveDirectory" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["azureActiveDirectory"] = {} - if client_id is not None or client_secret_setting_name is not None or issuer is not None: + if (client_id is not None or client_secret is not None or + client_secret_setting_name is not None or issuer is not None): if "registration" not in existing_auth["identityProviders"]["azureActiveDirectory"].keys(): existing_auth["identityProviders"]["azureActiveDirectory"]["registration"] = {} + registration = existing_auth["identityProviders"]["azureActiveDirectory"]["registration"] if allowed_token_audiences is not None: if "validation" not in existing_auth["identityProviders"]["azureActiveDirectory"].keys(): existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] = {} + validation = existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] if client_id is not None: - existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientId"] = client_id + registration["clientId"] = client_id if client_secret_setting_name is not None: - existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + registration["clientSecretSettingName"] = client_secret_setting_name if client_secret is not None: - existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["clientSecretSettingName"] = 'MICROSOFT_PROVIDER_AUTHENTICATION_SECRET' + registration["clientSecretSettingName"] = 'MICROSOFT_PROVIDER_AUTHENTICATION_SECRET' settings = [] settings.append('MICROSOFT_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if issuer is not None: - existing_auth["identityProviders"]["azureActiveDirectory"]["registration"]["openIdIssuer"] = issuer + registration["openIdIssuer"] = issuer if allowed_token_audiences is not None: - existing_auth["identityProviders"]["azureActiveDirectory"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["azureActiveDirectory"] + validation["allowedAudiences"] = allowed_token_audiences.split(",") + existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] = validation + if (client_id is not None or client_secret is not None or + client_secret_setting_name is not None or issuer is not None): + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["azureActiveDirectory"] # endregion # region webapp auth facebook @@ -416,23 +418,25 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin 'settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} if "facebook" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["facebook"] = {} - if app_id is not None or app_secret_setting_name is not None: + if app_id is not None or app_secret is not None or app_secret_setting_name is not None: if "registration" not in existing_auth["identityProviders"]["facebook"].keys(): existing_auth["identityProviders"]["facebook"]["registration"] = {} + registration = existing_auth["identityProviders"]["facebook"]["registration"] if scopes is not None: if "login" not in existing_auth["identityProviders"]["facebook"].keys(): existing_auth["identityProviders"]["facebook"]["login"] = {} if app_id is not None: - existing_auth["identityProviders"]["facebook"]["registration"]["appId"] = app_id + registration["appId"] = app_id if app_secret_setting_name is not None: - existing_auth["identityProviders"]["facebook"]["registration"]["appSecretSettingName"] = app_secret_setting_name + registration["appSecretSettingName"] = app_secret_setting_name if app_secret is not None: - existing_auth["identityProviders"]["facebook"]["registration"]["appSecretSettingName"] = 'FACEBOOK_PROVIDER_AUTHENTICATION_SECRET' + registration["appSecretSettingName"] = 'FACEBOOK_PROVIDER_AUTHENTICATION_SECRET' settings = [] settings.append('FACEBOOK_PROVIDER_AUTHENTICATION_SECRET=' + app_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) @@ -440,7 +444,11 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin existing_auth["identityProviders"]["facebook"]["graphApiVersion"] = graph_api_version if scopes is not None: existing_auth["identityProviders"]["facebook"]["login"]["scopes"] = scopes.split(",") - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["facebook"] + if app_id is not None or app_secret is not None or app_secret_setting_name is not None: + existing_auth["identityProviders"]["facebook"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["facebook"] # endregion # region webapp auth github @@ -459,37 +467,45 @@ def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument if client_secret is not None and client_secret_setting_name is not None: - raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot ' + 'both be configured to non empty strings') if client_secret is not None and not yes: msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add ' + 'app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} if "gitHub" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["gitHub"] = {} - if client_id is not None or client_secret_setting_name is not None: + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: if "registration" not in existing_auth["identityProviders"]["gitHub"].keys(): existing_auth["identityProviders"]["gitHub"]["registration"] = {} + registration = existing_auth["identityProviders"]["gitHub"]["registration"] if scopes is not None: if "login" not in existing_auth["identityProviders"]["gitHub"].keys(): existing_auth["identityProviders"]["gitHub"]["login"] = {} if client_id is not None: - existing_auth["identityProviders"]["gitHub"]["registration"]["clientId"] = client_id + registration["clientId"] = client_id if client_secret_setting_name is not None: - existing_auth["identityProviders"]["gitHub"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + registration["clientSecretSettingName"] = client_secret_setting_name if client_secret is not None: - existing_auth["identityProviders"]["gitHub"]["registration"]["clientSecretSettingName"] = 'GITHUB_PROVIDER_AUTHENTICATION_SECRET' + registration["clientSecretSettingName"] = 'GITHUB_PROVIDER_AUTHENTICATION_SECRET' settings = [] settings.append('GITHUB_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["gitHub"]["login"]["scopes"] = scopes.split(",") - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["gitHub"] + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + existing_auth["identityProviders"]["gitHub"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["gitHub"] # endregion # region webapp auth google @@ -508,21 +524,26 @@ def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument scopes=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument if client_secret is not None and client_secret_setting_name is not None: - raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot ' + 'both be configured to non empty strings') if client_secret is not None and not yes: msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add ' + 'app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} + validation = {} if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} if "google" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["google"] = {} - if client_id is not None or client_secret_setting_name is not None: + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: if "registration" not in existing_auth["identityProviders"]["google"].keys(): existing_auth["identityProviders"]["google"]["registration"] = {} + registration = existing_auth["identityProviders"]["google"]["registration"] if scopes is not None: if "login" not in existing_auth["identityProviders"]["google"].keys(): existing_auth["identityProviders"]["google"]["login"] = {} @@ -531,19 +552,24 @@ def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: existing_auth["identityProviders"]["google"]["validation"] = {} if client_id is not None: - existing_auth["identityProviders"]["google"]["registration"]["clientId"] = client_id + registration["clientId"] = client_id if client_secret_setting_name is not None: - existing_auth["identityProviders"]["google"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + registration["clientSecretSettingName"] = client_secret_setting_name if client_secret is not None: - existing_auth["identityProviders"]["google"]["registration"]["clientSecretSettingName"] = 'GOOGLE_PROVIDER_AUTHENTICATION_SECRET' + registration["clientSecretSettingName"] = 'GOOGLE_PROVIDER_AUTHENTICATION_SECRET' settings = [] settings.append('GOOGLE_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["google"]["login"]["scopes"] = scopes.split(",") if allowed_token_audiences is not None: - existing_auth["identityProviders"]["google"]["validation"]["allowedAudiences"] = allowed_token_audiences.split(",") - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["google"] + validation["allowedAudiences"] = allowed_token_audiences.split(",") + existing_auth["identityProviders"]["google"]["validation"] = validation + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + existing_auth["identityProviders"]["google"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["google"] # endregion # region webapp auth twitter @@ -562,32 +588,39 @@ def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint consumer_key=None, consumer_secret_setting_name=None, # pylint: disable=unused-argument consumer_secret=None, yes=False): # pylint: disable=unused-argument if consumer_secret is not None and consumer_secret_setting_name is not None: - raise CLIError('Usage Error: --consumer-secret and --consumer-secret-setting-name cannot both be configured to non empty strings') + raise CLIError('Usage Error: --consumer-secret and --consumer-secret-setting-name cannot ' + 'both be configured to non empty strings') if consumer_secret is not None and not yes: msg = 'Configuring --consumer-secret will add app settings to the web app. Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - raise CLIError('Usage Error: --consumer-secret cannot be used without agreeing to add app settings to the web app.') + raise CLIError('Usage Error: --consumer-secret cannot be used without agreeing ' + 'to add app settings to the web app.') + registration = {} existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} if "twitter" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["twitter"] = {} - if consumer_key is not None or consumer_secret_setting_name is not None: + if consumer_key is not None or consumer_secret is not None or consumer_secret_setting_name is not None: if "registration" not in existing_auth["identityProviders"]["twitter"].keys(): existing_auth["identityProviders"]["twitter"]["registration"] = {} + registration = existing_auth["identityProviders"]["twitter"]["registration"] if consumer_key is not None: - existing_auth["identityProviders"]["twitter"]["registration"]["consumerKey"] = consumer_key + registration["consumerKey"] = consumer_key if consumer_secret_setting_name is not None: - existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = consumer_secret_setting_name + registration["consumerSecretSettingName"] = consumer_secret_setting_name if consumer_secret is not None: - existing_auth["identityProviders"]["twitter"]["registration"]["consumerSecretSettingName"] = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' + registration["consumerSecretSettingName"] = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' settings = [] settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + consumer_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["twitter"] + if consumer_key is not None or consumer_secret is not None or consumer_secret_setting_name is not None: + existing_auth["identityProviders"]["twitter"]["registration"] = registration + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["twitter"] # endregion # region webapp auth apple @@ -606,37 +639,46 @@ def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument if client_secret is not None and client_secret_setting_name is not None: - raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be configured to non empty strings') + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name ' + 'cannot both be configured to non empty strings') if client_secret is not None and not yes: - msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + msg = 'Configuring --client-secret will add app settings to the web app. ' \ + 'Are you sure you want to continue?' if not prompt_y_n(msg, default="n"): - raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings to the web app.') + raise CLIError('Usage Error: --client-secret cannot be used without agreeing ' + 'to add app settings to the web app.') existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} if "identityProviders" not in existing_auth.keys(): existing_auth["identityProviders"] = {} if "apple" not in existing_auth["identityProviders"].keys(): existing_auth["identityProviders"]["apple"] = {} - if client_id is not None or client_secret_setting_name is not None: + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: if "registration" not in existing_auth["identityProviders"]["apple"].keys(): existing_auth["identityProviders"]["apple"]["registration"] = {} + registration = existing_auth["identityProviders"]["apple"]["registration"] if scopes is not None: if "login" not in existing_auth["identityProviders"]["apple"].keys(): existing_auth["identityProviders"]["apple"]["login"] = {} if client_id is not None: - existing_auth["identityProviders"]["apple"]["registration"]["clientId"] = client_id + registration["clientId"] = client_id if client_secret_setting_name is not None: - existing_auth["identityProviders"]["apple"]["registration"]["clientSecretSettingName"] = client_secret_setting_name + registration["clientSecretSettingName"] = client_secret_setting_name if client_secret is not None: - existing_auth["identityProviders"]["apple"]["registration"]["clientSecretSettingName"] = 'APPLE_PROVIDER_AUTHENTICATION_SECRET' + registration["clientSecretSettingName"] = 'APPLE_PROVIDER_AUTHENTICATION_SECRET' settings = [] settings.append('APPLE_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["apple"]["login"]["scopes"] = scopes.split(",") - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot)["identityProviders"]["apple"] + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + existing_auth["identityProviders"]["apple"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["apple"] # endregion # region webapp auth oidc @@ -648,9 +690,11 @@ def get_oidc_provider_settings(cmd, resource_group_name, name, provider_name, sl raise CLIError('Usage Error: The following custom OpenID Connect provider ' 'has not been configured: ' + provider_name) if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) return auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] @@ -663,7 +707,9 @@ def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, sl if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): auth_settings["identityProviders"]["customOpenIdConnectProviders"] = {} if provider_name in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has already been configured: ' + provider_name + '. Please use az webapp auth oidc update to update the provider.') + raise CLIError('Usage Error: The following custom OpenID Connect provider has already been ' + 'configured: ' + provider_name + '. Please use az webapp auth oidc update to ' + 'update the provider.') auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] = { "registration": { "clientId": client_id, @@ -676,10 +722,12 @@ def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, sl } } if scopes is not None: - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = {} - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(',') + login = {} + login["scopes"] = scopes.split(',') + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = login - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot) + return updated_auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument @@ -687,37 +735,48 @@ def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, openid_configuration=None, scopes=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): - raise CLIError('Usage Error: The following custom OpenID Connect provider has not been configured: ' + provider_name) + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + custom_open_id_connect_providers = auth_settings["identityProviders"]["customOpenIdConnectProviders"] + registration = {} if client_id is not None or client_secret_setting_name is not None or openid_configuration is not None: - if "registration" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name].keys(): - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"] = {} + if "registration" not in custom_open_id_connect_providers[provider_name].keys(): + custom_open_id_connect_providers[provider_name]["registration"] = {} + registration = custom_open_id_connect_providers[provider_name]["registration"] if client_secret_setting_name is not None: - if "clientCredential" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"].keys(): - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientCredential"] = {} + if "clientCredential" not in custom_open_id_connect_providers[provider_name]["registration"].keys(): + custom_open_id_connect_providers[provider_name]["registration"]["clientCredential"] = {} if openid_configuration is not None: - if "openIdConnectConfiguration" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"].keys(): - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["openIdConnectConfiguration"] = {} + if "openIdConnectConfiguration" not in custom_open_id_connect_providers[provider_name]["registration"].keys(): + custom_open_id_connect_providers[provider_name]["registration"]["openIdConnectConfiguration"] = {} if scopes is not None: if "login" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name].keys(): - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = {} + custom_open_id_connect_providers[provider_name]["login"] = {} if client_id is not None: - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientId"] = client_id + registration["clientId"] = client_id if client_secret_setting_name is not None: - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["clientCredential"]["clientSecretSettingName"] = client_secret_setting_name + registration["clientCredential"]["clientSecretSettingName"] = client_secret_setting_name if openid_configuration is not None: - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["registration"]["openIdConnectConfiguration"]["wellKnownOpenIdConfiguration"] = openid_configuration + registration["openIdConnectConfiguration"]["wellKnownOpenIdConfiguration"] = openid_configuration if scopes is not None: - auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"]["scopes"] = scopes.split(",") - return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot)["identityProviders"]["customOpenIdConnectProviders"][provider_name] + custom_open_id_connect_providers[provider_name]["login"]["scopes"] = scopes.split(",") + if client_id is not None or client_secret_setting_name is not None or openid_configuration is not None: + custom_open_id_connect_providers[provider_name]["registration"] = registration + auth_settings["identityProviders"]["customOpenIdConnectProviders"] = custom_open_id_connect_providers + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot) + return updated_auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] def remove_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument From cb9bdef3a7c762ceb0af6f70348199ead59de277 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Wed, 23 Jun 2021 14:41:38 -0700 Subject: [PATCH 11/30] address some of chris' comments --- src/authV2/azext_authV2/_help.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py index d34027faa5b..39229c083df 100644 --- a/src/authV2/azext_authV2/_help.py +++ b/src/authV2/azext_authV2/_help.py @@ -27,18 +27,18 @@ - name: Update the client ID of the AAD provider already configured text: > az webapp auth update -g myResourceGroup -n myUniqueApp --set identityProviders.azureActiveDirectory.registration.clientId=ecbacb08-df8b-450d-82b3-3fced03f2b27 - - name: Enable authentication on the app - text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --enabled true - name: Pin the runtime version of the app to 1.4.7 text: > az webapp auth update -g myResourceGroup -n myUniqueApp --runtime-version 1.4.7 - name: Configure the app with file based authentication by setting the config file path text: > az webapp auth update -g myResourceGroup -n myUniqueApp --config-file-path auth.json - - name: Configure the app to redirect to AzureActiveDirectory's login page for unauthenticated requests + - name: Configure the app to allow unauthenticated requests to hit the app. + text: > + az webapp auth update -g myResourceGroup -n myUniqueApp --unauthenticated-client-action AllowAnonymous + - name: Configure the app to redirect unauthenticated requests to the Facebook provider text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --unauthenticated-client-action RedirectToLoginPage --redirect-provider AzureActiveDirectory + az webapp auth update -g myResourceGroup -n myUniqueApp --redirect-provider Facebook - name: Configure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO text: > az webapp auth update -g myResourceGroup -n myUniqueApp --proxy-convention Standard @@ -46,9 +46,9 @@ helps['webapp auth set'] = """ type: command -short-summary: Sets the authentication settings for the webapp in the v2 format. +short-summary: Sets the authentication settings for the webapp in the v2 format, overwriting any existing settings. examples: - - name: Set the json saved in file auth.json as the auth settings for the web app. + - name: Set the json saved in file auth.json as the auth settings for the web app, overwriting any existing settings. text: > az webapp auth set -g myResourceGroup -n myUniqueApp --body @auth.json """ From 97022e5b74b5d15f24deae263015e5688bbfb897 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 12 Jul 2021 15:42:12 -0700 Subject: [PATCH 12/30] address PR comments, clean up --- src/authV2/azext_authV2/__init__.py | 8 +- src/authV2/azext_authV2/_client_factory.py | 12 --- src/authV2/azext_authV2/_help.py | 24 +++--- src/authV2/azext_authV2/_params.py | 13 ++- src/authV2/azext_authV2/_validators.py | 20 ----- src/authV2/azext_authV2/azext_metadata.json | 4 +- src/authV2/azext_authV2/commands.py | 8 +- src/authV2/azext_authV2/custom.py | 94 ++++++++++++--------- src/authV2/setup.py | 5 -- 9 files changed, 82 insertions(+), 106 deletions(-) delete mode 100644 src/authV2/azext_authV2/_client_factory.py delete mode 100644 src/authV2/azext_authV2/_validators.py diff --git a/src/authV2/azext_authV2/__init__.py b/src/authV2/azext_authV2/__init__.py index 0e903681298..0a5c6daac80 100644 --- a/src/authV2/azext_authV2/__init__.py +++ b/src/authV2/azext_authV2/__init__.py @@ -12,12 +12,8 @@ class Authv2CommandsLoader(AzCommandsLoader): def __init__(self, cli_ctx=None): from azure.cli.core.commands import CliCommandType - from azext_authV2._client_factory import cf_authV2 - authV2_custom = CliCommandType( - operations_tmpl='azext_authV2.custom#{}', - client_factory=cf_authV2) - super(Authv2CommandsLoader, self).__init__(cli_ctx=cli_ctx, - custom_command_type=authV2_custom) + authV2_custom = CliCommandType(operations_tmpl='azext_authV2.custom#{}') + super().__init__(cli_ctx=cli_ctx, custom_command_type=authV2_custom) def load_command_table(self, args): from azext_authV2.commands import load_command_table diff --git a/src/authV2/azext_authV2/_client_factory.py b/src/authV2/azext_authV2/_client_factory.py deleted file mode 100644 index f7f7a165866..00000000000 --- a/src/authV2/azext_authV2/_client_factory.py +++ /dev/null @@ -1,12 +0,0 @@ -# -------------------------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# -------------------------------------------------------------------------------------------- - -def cf_authV2(cli_ctx, *_): - - from azure.cli.core.commands.client_factory import get_mgmt_service_client - # TODO: Replace CONTOSO with the appropriate label and uncomment - # from azure.mgmt.CONTOSO import CONTOSOManagementClient - # return get_mgmt_service_client(cli_ctx, CONTOSOManagementClient) - return None diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py index 39229c083df..762ac86a019 100644 --- a/src/authV2/azext_authV2/_help.py +++ b/src/authV2/azext_authV2/_help.py @@ -26,22 +26,22 @@ examples: - name: Update the client ID of the AAD provider already configured text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --set identityProviders.azureActiveDirectory.registration.clientId=ecbacb08-df8b-450d-82b3-3fced03f2b27 + az webapp auth update -g myResourceGroup -n MyWebApp --set identityProviders.azureActiveDirectory.registration.clientId=ecbacb08-df8b-450d-82b3-3fced03f2b27 - name: Pin the runtime version of the app to 1.4.7 text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --runtime-version 1.4.7 + az webapp auth update -g myResourceGroup -n MyWebApp --runtime-version 1.4.7 - name: Configure the app with file based authentication by setting the config file path text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --config-file-path auth.json + az webapp auth update -g myResourceGroup -n MyWebApp --config-file-path D:\\home\\site\\wwwroot\\auth.json - name: Configure the app to allow unauthenticated requests to hit the app. text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --unauthenticated-client-action AllowAnonymous + az webapp auth update -g myResourceGroup -n MyWebApp --unauthenticated-client-action AllowAnonymous - name: Configure the app to redirect unauthenticated requests to the Facebook provider text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --redirect-provider Facebook + az webapp auth update -g myResourceGroup -n MyWebApp --redirect-provider Facebook - name: Configure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --proxy-convention Standard + az webapp auth update -g myResourceGroup -n MyWebApp --proxy-convention Standard """ helps['webapp auth set'] = """ @@ -50,12 +50,12 @@ examples: - name: Set the json saved in file auth.json as the auth settings for the web app, overwriting any existing settings. text: > - az webapp auth set -g myResourceGroup -n myUniqueApp --body @auth.json + az webapp auth set -g myResourceGroup -n MyWebApp --body @auth.json """ helps['webapp auth config-version show'] = """ type: command -short-summary: Show the configuration version of the authentication settings for the webapp. +short-summary: Show the configuration version of the authentication settings for the webapp. Configuration version v1 refers to the /authSettings endpoints whereas v2 refers to the /authSettingsV2 endpoints. examples: - name: Show the configuration version of the authentication settings for the webapp (autogenerated) text: > @@ -98,16 +98,16 @@ type: command short-summary: Update the authentication settings for the webapp in the classic format. examples: - - name: Enable AAD by enabling authentication and setting AAD-associated parameters. Default provider is set to AAD. Must have created a AAD service principal beforehand. + - name: Enable Azure Active Directory by enabling authentication and setting Azure Active Directory-associated parameters. Default provider is set to AAD. Must have created a AAD service principal beforehand. text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --enabled true \\ + az webapp auth update -g myResourceGroup -n MyWebApp --enabled true \\ --action LoginWithAzureActiveDirectory \\ --aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \\ --aad-client-id ecbacb08-df8b-450d-82b3-3fced03f2b27 --aad-client-secret very_secret_password \\ --aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/ - - name: Allow Facebook authentication by setting FB-associated parameters and turning on public-profile and email scopes; allow anonymous users + - name: Enable Facebook authentication by setting FB-associated parameters and turning on public-profile and email scopes; allow anonymous users text: > - az webapp auth update -g myResourceGroup -n myUniqueApp --action AllowAnonymous \\ + az webapp auth update -g myResourceGroup -n MyWebApp --action AllowAnonymous \\ --facebook-app-id my_fb_id --facebook-app-secret my_fb_secret \\ --facebook-oauth-scopes public_profile email """ diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index 1c568374640..fe812d821ad 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -30,12 +30,14 @@ def load_arguments(self, _): with self.argument_context('webapp auth microsoft update') as c: c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret', options_list=['--client-secret']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('issuer', options_list=['--issuer']) c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) with self.argument_context('webapp auth facebook update') as c: c.argument('app_id', options_list=['--app-id']) + c.argument('app_secret', options_list=['--app-secret']) c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name']) c.argument('graph_api_version', options_list=['--graph-api-version']) c.argument('scopes', options_list=['--scopes']) @@ -49,37 +51,40 @@ def load_arguments(self, _): with self.argument_context('webapp auth google update') as c: c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret', options_list=['--client-secret']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('scopes', options_list=['--scopes']) c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) with self.argument_context('webapp auth twitter update') as c: c.argument('consumer_key', options_list=['--consumer-key']) + c.argument('consumer_secret', options_list=['--consumer-secret']) c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name']) with self.argument_context('webapp auth apple update') as c: c.argument('client_id', options_list=['--client-id']) + c.argument('client_secret', options_list=['--client-secret']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('scopes', options_list=['--scopes']) - with self.argument_context('webapp auth oidc show') as c: + with self.argument_context('webapp auth openid-connect show') as c: c.argument('provider_name', options_list=['--provider-name']) - with self.argument_context('webapp auth oidc add') as c: + with self.argument_context('webapp auth openid-connect add') as c: c.argument('provider_name', options_list=['--provider-name']) c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('openid_configuration', options_list=['--openid-configuration']) c.argument('scopes', options_list=['--scopes']) - with self.argument_context('webapp auth oidc update') as c: + with self.argument_context('webapp auth openid-connect update') as c: c.argument('provider_name', options_list=['--provider-name']) c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('openid_configuration', options_list=['--openid-configuration']) c.argument('scopes', options_list=['--scopes']) - with self.argument_context('webapp auth oidc remove') as c: + with self.argument_context('webapp auth openid-connect remove') as c: c.argument('provider_name', options_list=['--provider-name']) with self.argument_context('webapp auth-classic update') as c: diff --git a/src/authV2/azext_authV2/_validators.py b/src/authV2/azext_authV2/_validators.py deleted file mode 100644 index 821630f5f34..00000000000 --- a/src/authV2/azext_authV2/_validators.py +++ /dev/null @@ -1,20 +0,0 @@ -# -------------------------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# -------------------------------------------------------------------------------------------- - - -def example_name_or_id_validator(cmd, namespace): - # Example of a storage account name or ID validator. - # See: https://github.com/Azure/azure-cli/blob/dev/doc/authoring_command_modules/authoring_commands.md#supporting-name-or-id-parameters - from azure.cli.core.commands.client_factory import get_subscription_id - from msrestazure.tools import is_valid_resource_id, resource_id - if namespace.storage_account: - if not is_valid_resource_id(namespace.RESOURCE): - namespace.storage_account = resource_id( - subscription=get_subscription_id(cmd.cli_ctx), - resource_group=namespace.resource_group_name, - namespace='Microsoft.Storage', - type='storageAccounts', - name=namespace.storage_account - ) diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json index eb4d80aad57..0b3d03f8101 100644 --- a/src/authV2/azext_authV2/azext_metadata.json +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -1,5 +1,3 @@ { - "azext.isPreview": true, - "azext.minCliCoreVersion": "2.0.67", - "azext.maxCliCoreVersion": "2.25.0" + "azext.isPreview": false } \ No newline at end of file diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index a91ee682c9a..272f176524c 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -39,10 +39,10 @@ def load_command_table(self, _): g.custom_show_command('show', 'get_apple_settings') g.custom_command('update', 'update_apple_settings') - with self.command_group('webapp auth oidc') as g: - g.custom_show_command('show', 'get_oidc_provider_settings') - g.custom_command('add', 'add_oidc_provider_settings') - g.custom_command('update', 'update_oidc_provider_settings') + with self.command_group('webapp auth openid-connect') as g: + g.custom_show_command('show', 'get_openid_connect_provider_settings') + g.custom_command('add', 'add_openid_connect_provider_settings') + g.custom_command('update', 'update_openid_connect_provider_settings') g.custom_command('remove', 'remove_oidc_provider_settings') with self.command_group('webapp auth-classic') as g: diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index da83ff30e98..2ee9b12bd93 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -9,9 +9,16 @@ from azure.cli.command_modules.appservice._appservice_utils import _generic_site_operation from azure.cli.command_modules.appservice.custom import update_app_settings from azure.cli.command_modules.appservice.custom import update_auth_settings -from azure.cli.command_modules.appservice._params import AUTH_TYPES from azure.cli.core.commands.client_factory import get_subscription_id +MICROSOFT_SECRET_SETTING_NAME = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET" +FACEBOOK_SECRET_SETTING_NAME = "FACEBOOK_PROVIDER_AUTHENTICATION_SECRET" +GITHUB_SECRET_SETTING_NAME = "GITHUB_PROVIDER_AUTHENTICATION_SECRET" +GOOGLE_SECRET_SETTING_NAME = "GOOGLE_PROVIDER_AUTHENTICATION_SECRET" +MSA_SECRET_SETTING_NAME = "MSA_PROVIDER_AUTHENTICATION_SECRET" +TWITTER_SECRET_SETTING_NAME = "TWITTER_PROVIDER_AUTHENTICATION_SECRET" + + # region rest calls @@ -171,20 +178,27 @@ def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylin # region helper methods +def set_field_in_auth_settings_recursive(field_name_split, field_value, auth_settings): + if len(field_name_split) == 1: + auth_settings[field_name_split[0]] = field_value + return auth_settings + + remaining_field_names = field_name_split[1:] + if field_name_split[0] not in auth_settings.keys(): + auth_settings[field_name_split[0]] = {} + auth_settings[field_name_split[0]] = set_field_in_auth_settings_recursive(remaining_field_names, + field_value, + auth_settings[field_name_split[0]]) + return auth_settings + + def set_field_in_auth_settings(auth_settings, set_string): if set_string is not None: split1 = set_string.split("=") fieldName = split1[0] fieldValue = split1[1] split2 = fieldName.split(".") - split2length = len(split2) - for field in split2: - if split2[split2length - 1] == field: - auth_settings[field] = fieldValue - else: - if field not in auth_settings.keys(): - auth_settings[field] = {} - auth_settings = auth_settings[field] + auth_settings = set_field_in_auth_settings_recursive(split2, fieldValue, auth_settings) return auth_settings @@ -243,23 +257,23 @@ def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pyl site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) settings = [] if site_auth_settings.client_secret is not None: - settings.append('MICROSOFT_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.client_secret) - site_auth_settings.client_secret_setting_name = 'MICROSOFT_PROVIDER_AUTHENTICATION_SECRET' + settings.append(MICROSOFT_SECRET_SETTING_NAME + '=' + site_auth_settings.client_secret) + site_auth_settings.client_secret_setting_name = MICROSOFT_SECRET_SETTING_NAME if site_auth_settings.facebook_app_secret is not None: - settings.append('FACEBOOK_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.facebook_app_secret) - site_auth_settings.facebook_app_secret_setting_name = 'FACEBOOK_PROVIDER_AUTHENTICATION_SECRET' + settings.append(FACEBOOK_SECRET_SETTING_NAME + '=' + site_auth_settings.facebook_app_secret) + site_auth_settings.facebook_app_secret_setting_name = FACEBOOK_SECRET_SETTING_NAME if site_auth_settings.git_hub_client_secret is not None: - settings.append('GITHUB_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.git_hub_client_secret) - site_auth_settings.git_hub_client_secret_setting_name = 'GITHUB_PROVIDER_AUTHENTICATION_SECRET' + settings.append(GITHUB_SECRET_SETTING_NAME + '=' + site_auth_settings.git_hub_client_secret) + site_auth_settings.git_hub_client_secret_setting_name = GITHUB_SECRET_SETTING_NAME if site_auth_settings.google_client_secret is not None: - settings.append('GOOGLE_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.google_client_secret) - site_auth_settings.google_client_secret_setting_name = 'GOOGLE_PROVIDER_AUTHENTICATION_SECRET' + settings.append(GOOGLE_SECRET_SETTING_NAME + '=' + site_auth_settings.google_client_secret) + site_auth_settings.google_client_secret_setting_name = GOOGLE_SECRET_SETTING_NAME if site_auth_settings.microsoft_account_client_secret is not None: - settings.append('MSA_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.microsoft_account_client_secret) - site_auth_settings.microsoft_account_client_secret_setting_name = 'MSA_PROVIDER_AUTHENTICATION_SECRET' + settings.append(MSA_SECRET_SETTING_NAME + '=' + site_auth_settings.microsoft_account_client_secret) + site_auth_settings.microsoft_account_client_secret_setting_name = MSA_SECRET_SETTING_NAME if site_auth_settings.twitter_consumer_secret is not None: - settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + site_auth_settings.twitter_consumer_secret) - site_auth_settings.twitter_consumer_secret_setting_name = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' + settings.append(TWITTER_SECRET_SETTING_NAME + '=' + site_auth_settings.twitter_consumer_secret) + site_auth_settings.twitter_consumer_secret_setting_name = TWITTER_SECRET_SETTING_NAME if len(settings) > 0: update_app_settings(cmd, resource_group_name, name, settings, slot) remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot) @@ -375,9 +389,9 @@ def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: di if client_secret_setting_name is not None: registration["clientSecretSettingName"] = client_secret_setting_name if client_secret is not None: - registration["clientSecretSettingName"] = 'MICROSOFT_PROVIDER_AUTHENTICATION_SECRET' + registration["clientSecretSettingName"] = MICROSOFT_SECRET_SETTING_NAME settings = [] - settings.append('MICROSOFT_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + settings.append(MICROSOFT_SECRET_SETTING_NAME + '=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if issuer is not None: registration["openIdIssuer"] = issuer @@ -436,9 +450,9 @@ def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylin if app_secret_setting_name is not None: registration["appSecretSettingName"] = app_secret_setting_name if app_secret is not None: - registration["appSecretSettingName"] = 'FACEBOOK_PROVIDER_AUTHENTICATION_SECRET' + registration["appSecretSettingName"] = FACEBOOK_SECRET_SETTING_NAME settings = [] - settings.append('FACEBOOK_PROVIDER_AUTHENTICATION_SECRET=' + app_secret) + settings.append(FACEBOOK_SECRET_SETTING_NAME + '=' + app_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if graph_api_version is not None: existing_auth["identityProviders"]["facebook"]["graphApiVersion"] = graph_api_version @@ -495,9 +509,9 @@ def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: if client_secret_setting_name is not None: registration["clientSecretSettingName"] = client_secret_setting_name if client_secret is not None: - registration["clientSecretSettingName"] = 'GITHUB_PROVIDER_AUTHENTICATION_SECRET' + registration["clientSecretSettingName"] = GITHUB_SECRET_SETTING_NAME settings = [] - settings.append('GITHUB_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + settings.append(GITHUB_SECRET_SETTING_NAME + '=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["gitHub"]["login"]["scopes"] = scopes.split(",") @@ -556,9 +570,9 @@ def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: if client_secret_setting_name is not None: registration["clientSecretSettingName"] = client_secret_setting_name if client_secret is not None: - registration["clientSecretSettingName"] = 'GOOGLE_PROVIDER_AUTHENTICATION_SECRET' + registration["clientSecretSettingName"] = GOOGLE_SECRET_SETTING_NAME settings = [] - settings.append('GOOGLE_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + settings.append(GOOGLE_SECRET_SETTING_NAME + '=' + client_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if scopes is not None: existing_auth["identityProviders"]["google"]["login"]["scopes"] = scopes.split(",") @@ -613,9 +627,9 @@ def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint if consumer_secret_setting_name is not None: registration["consumerSecretSettingName"] = consumer_secret_setting_name if consumer_secret is not None: - registration["consumerSecretSettingName"] = 'TWITTER_PROVIDER_AUTHENTICATION_SECRET' + registration["consumerSecretSettingName"] = TWITTER_SECRET_SETTING_NAME settings = [] - settings.append('TWITTER_PROVIDER_AUTHENTICATION_SECRET=' + consumer_secret) + settings.append(TWITTER_SECRET_SETTING_NAME + '=' + consumer_secret) update_app_settings(cmd, resource_group_name, name, settings, slot) if consumer_key is not None or consumer_secret is not None or consumer_secret_setting_name is not None: existing_auth["identityProviders"]["twitter"]["registration"] = registration @@ -681,10 +695,10 @@ def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: return updated_auth_settings["identityProviders"]["apple"] # endregion -# region webapp auth oidc +# region webapp auth openid-connect -def get_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument +def get_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): raise CLIError('Usage Error: The following custom OpenID Connect provider ' @@ -698,9 +712,9 @@ def get_oidc_provider_settings(cmd, resource_group_name, name, provider_name, sl return auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] -def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument - client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - openid_configuration=None, scopes=None): # pylint: disable=unused-argument +def add_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): auth_settings["identityProviders"] = {} @@ -730,9 +744,9 @@ def add_oidc_provider_settings(cmd, resource_group_name, name, provider_name, sl return updated_auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] -def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument - client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument - openid_configuration=None, scopes=None): # pylint: disable=unused-argument +def update_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): raise CLIError('Usage Error: The following custom OpenID Connect provider ' @@ -779,7 +793,7 @@ def update_oidc_provider_settings(cmd, resource_group_name, name, provider_name, return updated_auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] -def remove_oidc_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument +def remove_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] if "identityProviders" not in auth_settings.keys(): raise CLIError('Usage Error: The following custom OpenID Connect provider ' diff --git a/src/authV2/setup.py b/src/authV2/setup.py index 1654d75625d..ac531d25eb2 100644 --- a/src/authV2/setup.py +++ b/src/authV2/setup.py @@ -14,8 +14,6 @@ from distutils import log as logger logger.warn("Wheel is not available, disabling bdist_wheel hook") -# TODO: Confirm this is the right version number you want and it matches your -# HISTORY.rst entry. VERSION = '0.1.0' # The full list of classifiers is available at @@ -32,7 +30,6 @@ 'License :: OSI Approved :: MIT License', ] -# TODO: Add any additional SDK dependencies here DEPENDENCIES = [] with open('README.rst', 'r', encoding='utf-8') as f: @@ -44,10 +41,8 @@ name='authV2', version=VERSION, description='Microsoft Azure Command-Line Tools Authv2 Extension', - # TODO: Update author and email, if applicable author='Microsoft Corporation', author_email='azpycli@microsoft.com', - # TODO: change to your extension source code repo if the code will not be put in azure-cli-extensions repo url='https://github.com/Azure/azure-cli-extensions/tree/master/src/authV2', long_description=README + '\n\n' + HISTORY, license='MIT', From 0ceb72f0746fa14934af9713de454b07f5d05d2c Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 12 Jul 2021 17:08:03 -0700 Subject: [PATCH 13/30] address some CI concerns --- src/authV2/azext_authV2/_help.py | 181 ++++++++++++++++++++++++++-- src/authV2/azext_authV2/_params.py | 63 ++++++---- src/authV2/azext_authV2/commands.py | 6 +- 3 files changed, 211 insertions(+), 39 deletions(-) diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py index 762ac86a019..def88991f92 100644 --- a/src/authV2/azext_authV2/_help.py +++ b/src/authV2/azext_authV2/_help.py @@ -26,22 +26,22 @@ examples: - name: Update the client ID of the AAD provider already configured text: > - az webapp auth update -g myResourceGroup -n MyWebApp --set identityProviders.azureActiveDirectory.registration.clientId=ecbacb08-df8b-450d-82b3-3fced03f2b27 + az webapp auth update -g myResourceGroup --name MyWebApp --set identityProviders.azureActiveDirectory.registration.clientId=my-client-id - name: Pin the runtime version of the app to 1.4.7 text: > - az webapp auth update -g myResourceGroup -n MyWebApp --runtime-version 1.4.7 + az webapp auth update -g myResourceGroup --name MyWebApp --runtime-version 1.4.7 - name: Configure the app with file based authentication by setting the config file path text: > - az webapp auth update -g myResourceGroup -n MyWebApp --config-file-path D:\\home\\site\\wwwroot\\auth.json + az webapp auth update -g myResourceGroup --name MyWebApp --config-file-path D:\\home\\site\\wwwroot\\auth.json - name: Configure the app to allow unauthenticated requests to hit the app. text: > - az webapp auth update -g myResourceGroup -n MyWebApp --unauthenticated-client-action AllowAnonymous + az webapp auth update -g myResourceGroup --name MyWebApp --unauthenticated-client-action AllowAnonymous - name: Configure the app to redirect unauthenticated requests to the Facebook provider text: > - az webapp auth update -g myResourceGroup -n MyWebApp --redirect-provider Facebook + az webapp auth update -g myResourceGroup --name MyWebApp --redirect-provider Facebook - name: Configure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO text: > - az webapp auth update -g myResourceGroup -n MyWebApp --proxy-convention Standard + az webapp auth update -g myResourceGroup --name MyWebApp --proxy-convention Standard """ helps['webapp auth set'] = """ @@ -50,7 +50,12 @@ examples: - name: Set the json saved in file auth.json as the auth settings for the web app, overwriting any existing settings. text: > - az webapp auth set -g myResourceGroup -n MyWebApp --body @auth.json + az webapp auth set -g myResourceGroup --name MyWebApp --body @auth.json +""" + +helps['webapp auth config-version'] = """ +type: group +short-summary: Manage the state of the configuration version for the authentication settings for the webapp. Configuration version v1 refers to the /authSettings endpoints whereas v2 refers to the /authSettingsV2 endpoints. """ helps['webapp auth config-version show'] = """ @@ -87,10 +92,10 @@ helps['webapp auth-classic show'] = """ type: command -short-summary: Show the authentification settings for the webapp in the classic format. +short-summary: Show the authentication settings for the webapp in the classic format. examples: - - name: Show the authentification settings for the webapp. (autogenerated) - text: az webapp auth show --name MyWebApp --resource-group MyResourceGroup + - name: Show the authentication settings for the webapp. (autogenerated) + text: az webapp auth-classic show --name MyWebApp --resource-group MyResourceGroup crafted: true """ @@ -100,14 +105,164 @@ examples: - name: Enable Azure Active Directory by enabling authentication and setting Azure Active Directory-associated parameters. Default provider is set to AAD. Must have created a AAD service principal beforehand. text: > - az webapp auth update -g myResourceGroup -n MyWebApp --enabled true \\ + az webapp auth-classic update -g myResourceGroup --name MyWebApp --enabled true \\ --action LoginWithAzureActiveDirectory \\ --aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \\ - --aad-client-id ecbacb08-df8b-450d-82b3-3fced03f2b27 --aad-client-secret very_secret_password \\ + --aad-client-id my-client-id --aad-client-secret very_secret_password \\ --aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/ - name: Enable Facebook authentication by setting FB-associated parameters and turning on public-profile and email scopes; allow anonymous users text: > - az webapp auth update -g myResourceGroup -n MyWebApp --action AllowAnonymous \\ + az webapp auth-classic update -g myResourceGroup --name MyWebApp --action AllowAnonymous \\ --facebook-app-id my_fb_id --facebook-app-secret my_fb_secret \\ --facebook-oauth-scopes public_profile email """ + +helps['webapp auth apple'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Apple identity provider. +""" + +helps['webapp auth apple show'] = """ +type: command +short-summary: Show the authentication settings for the Apple identity provider. +examples: + - name: Show the authentication settings for the Apple identity provider. (autogenerated) + text: az webapp auth apple show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth apple update'] = """ +type: command +short-summary: Update the client id and client secret for the Apple identity provider. +examples: + - name: Update the client id and client secret for the Apple identity provider. + text: > + az webapp auth apple update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password +""" + +helps['webapp auth facebook'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Facebook identity provider. +""" + +helps['webapp auth facebook show'] = """ +type: command +short-summary: Show the authentication settings for the Facebook identity provider. +examples: + - name: Show the authentication settings for the Facebook identity provider. (autogenerated) + text: az webapp auth facebook show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth facebook update'] = """ +type: command +short-summary: Update the app id and app secret for the Facebook identity provider. +examples: + - name: Update the app id and app secret for the Facebook identity provider. + text: > + az webapp auth facebook update -g myResourceGroup --name MyWebApp \\ + --app-id my-client-id --app-secret very_secret_password +""" + +helps['webapp auth github'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the GitHub identity provider. +""" + +helps['webapp auth github show'] = """ +type: command +short-summary: Show the authentication settings for the GitHub identity provider. +examples: + - name: Show the authentication settings for the GitHub identity provider. (autogenerated) + text: az webapp auth github show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth github update'] = """ +type: command +short-summary: Update the client id and client secret for the GitHub identity provider. +examples: + - name: Update the client id and client secret for the GitHub identity provider. + text: > + az webapp auth github update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password +""" + +helps['webapp auth google'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Google identity provider. +""" + +helps['webapp auth google show'] = """ +type: command +short-summary: Show the authentication settings for the Google identity provider. +examples: + - name: Show the authentication settings for the Google identity provider. (autogenerated) + text: az webapp auth google show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth google update'] = """ +type: command +short-summary: Update the client id and client secret for the Google identity provider. +examples: + - name: Update the client id and client secret for the Google identity provider. + text: > + az webapp auth google update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password +""" + +helps['webapp auth microsoft'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Microsoft identity provider. +""" + +helps['webapp auth microsoft show'] = """ +type: command +short-summary: Show the authentication settings for the Azure Active Directory identity provider. +examples: + - name: Show the authentication settings for the Azure Active Directory identity provider. (autogenerated) + text: az webapp auth microsoft show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth microsoft update'] = """ +type: command +short-summary: Update the client id and client secret for the Azure Active Directory identity provider. +examples: + - name: Update the open id issuer, client id and client secret for the Azure Active Directory identity provider. + text: > + az webapp auth microsoft update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password \\ + --issuer https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/ +""" + +helps['webapp auth openid-connect'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the custom OpenId Connect identity providers. +""" + +helps['webapp auth twitter'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Twitter identity provider. +""" + +helps['webapp auth twitter show'] = """ +type: command +short-summary: Show the authentication settings for the Twitter identity provider. +examples: + - name: Show the authentication settings for the Twitter identity provider. (autogenerated) + text: az webapp auth twitter show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth twitter update'] = """ +type: command +short-summary: Update the consumer key and consumer secret for the Twitter identity provider. +examples: + - name: Update the consumer key and consumer secret for the Twitter identity provider. + text: > + az webapp auth twitter update -g myResourceGroup --name MyWebApp \\ + --consumer-key my-client-id --consumer-secret very_secret_password +""" \ No newline at end of file diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index fe812d821ad..19d64792f6a 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -13,38 +13,55 @@ def load_arguments(self, _): with self.argument_context('webapp auth set') as c: - c.argument('body', options_list=['--body', '-b']) + c.argument('body',options_list=['--body', '-b'], + help='JSON representation of the configuration settings for the Azure App Service Authentication / Authorization V2 feature.') with self.argument_context('webapp auth update') as c: - c.argument('set_string', options_list=['--set']) - c.argument('enabled', options_list=['--enabled'], arg_type=get_three_state_flag(return_label=True)) - c.argument('runtime_version', options_list=['--runtime-version']) - c.argument('config_file_path', options_list=['--config-file-path']) - c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action'], arg_type=get_enum_type(UNAUTHENTICATED_CLIENT_ACTION)) - c.argument('redirect_provider', options_list=['--redirect-provider']) - c.argument('enable_token_store', options_list=['--enable-token-store'], arg_type=get_three_state_flag(return_label=True)) - c.argument('require_https', options_list=['--require-https'], arg_type=get_three_state_flag(return_label=True)) - c.argument('proxy_convention', options_list=['--proxy-convention'], arg_type=get_enum_type(FORWARD_PROXY_CONVENTION)) - c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header']) - c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header']) + c.argument('set_string', options_list=['--set'], + help='Value of a specific field within the configuration settings for the Azure App Service Authentication / Authorization V2 feature.') + c.argument('enabled', options_list=['--enabled'], arg_type=get_three_state_flag(return_label=True), + help='true if the Authentication / Authorization feature is enabled for the current app; otherwise, false.') + c.argument('runtime_version', options_list=['--runtime-version'], + help='The RuntimeVersion of the Authentication / Authorization feature in use for the current app.') + c.argument('config_file_path', options_list=['--config-file-path'], + help='The path of the config file containing auth settings if they come from a file.') + c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action'], arg_type=get_enum_type(UNAUTHENTICATED_CLIENT_ACTION), + help='The action to take when an unauthenticated client attempts to access the app.') + c.argument('redirect_provider', options_list=['--redirect-provider'], + help='The default authentication provider to use when multiple providers are configured.') + c.argument('enable_token_store', options_list=['--enable-token-store'], arg_type=get_three_state_flag(return_label=True), + help='true to durably store platform-specific security tokens that are obtained during login flows; otherwise, false.') + c.argument('require_https', options_list=['--require-https'], arg_type=get_three_state_flag(return_label=True), + help='false if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.') + c.argument('proxy_convention', options_list=['--proxy-convention'], arg_type=get_enum_type(FORWARD_PROXY_CONVENTION), + help='The convention used to determine the url of the request made.') + c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header'], + help='The name of the header containing the host of the request.') + c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header'], + help='The name of the header containing the scheme of the request.') with self.argument_context('webapp auth microsoft update') as c: - c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret', options_list=['--client-secret']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) - c.argument('issuer', options_list=['--issuer']) - c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of this relying party application, known as the client_id.') + c.argument('client_secret', options_list=['--client-secret'], + help='AAD application secret') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name'], + help='The app setting name that contains the client secret of the relying party application.') + c.argument('issuer', options_list=['--issuer'], + help='The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application.') + c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences'], + help='The configuration settings of the allowed list of audiences from which to validate the JWT token.') with self.argument_context('webapp auth facebook update') as c: c.argument('app_id', options_list=['--app-id']) c.argument('app_secret', options_list=['--app-secret']) - c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name']) + c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name', '--secret-setting-name']) c.argument('graph_api_version', options_list=['--graph-api-version']) c.argument('scopes', options_list=['--scopes']) with self.argument_context('webapp auth github update') as c: c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) c.argument('client_secret', options_list=['--client-secret']) c.argument('scopes', options_list=['--scopes']) c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') @@ -52,19 +69,19 @@ def load_arguments(self, _): with self.argument_context('webapp auth google update') as c: c.argument('client_id', options_list=['--client-id']) c.argument('client_secret', options_list=['--client-secret']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) c.argument('scopes', options_list=['--scopes']) c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) with self.argument_context('webapp auth twitter update') as c: c.argument('consumer_key', options_list=['--consumer-key']) c.argument('consumer_secret', options_list=['--consumer-secret']) - c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name']) + c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name', '--secret-setting-name']) with self.argument_context('webapp auth apple update') as c: c.argument('client_id', options_list=['--client-id']) c.argument('client_secret', options_list=['--client-secret']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) c.argument('scopes', options_list=['--scopes']) with self.argument_context('webapp auth openid-connect show') as c: @@ -73,7 +90,7 @@ def load_arguments(self, _): with self.argument_context('webapp auth openid-connect add') as c: c.argument('provider_name', options_list=['--provider-name']) c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) c.argument('openid_configuration', options_list=['--openid-configuration']) c.argument('scopes', options_list=['--scopes']) diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index 272f176524c..c2609f72a21 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -3,7 +3,7 @@ # Licensed under the MIT License. See License.txt in the project root for license information. # -------------------------------------------------------------------------------------------- -# pylint: disable=line-too-long + def load_command_table(self, _): with self.command_group('webapp auth') as g: g.custom_show_command('show', 'get_auth_settings_v2') @@ -43,8 +43,8 @@ def load_command_table(self, _): g.custom_show_command('show', 'get_openid_connect_provider_settings') g.custom_command('add', 'add_openid_connect_provider_settings') g.custom_command('update', 'update_openid_connect_provider_settings') - g.custom_command('remove', 'remove_oidc_provider_settings') + g.custom_command('remove', 'remove_openid_connect_provider_settings') with self.command_group('webapp auth-classic') as g: g.custom_show_command('show', 'get_auth_settings') - g.custom_command('update', 'update_auth_classic_settings') + g.custom_command('update', 'update_auth_classic_settings') \ No newline at end of file From a8f0df14b392334e9b0edf43f06631381c23760f Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 12 Jul 2021 20:56:37 -0700 Subject: [PATCH 14/30] more fixes --- src/authV2/azext_authV2/_help.py | 47 +++++++++++++++++++++++++++-- src/authV2/azext_authV2/_params.py | 29 ++++++++++++++---- src/authV2/azext_authV2/commands.py | 2 +- 3 files changed, 69 insertions(+), 9 deletions(-) diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py index def88991f92..239d4b92c0c 100644 --- a/src/authV2/azext_authV2/_help.py +++ b/src/authV2/azext_authV2/_help.py @@ -240,7 +240,50 @@ helps['webapp auth openid-connect'] = """ type: group -short-summary: Manage webapp authentication and authorization of the custom OpenId Connect identity providers. +short-summary: Manage webapp authentication and authorization of the custom OpenID Connect identity providers. +""" + +helps['webapp auth openid-connect show'] = """ +type: command +short-summary: Show the authentication settings for the custom OpenID Connect identity provider. +examples: + - name: Show the authentication settings for the custom OpenID Connect identity provider. (autogenerated) + text: az webapp auth openid-connect show --name MyWebApp --resource-group MyResourceGroup \\ + --provider-name myOpenIdConnectProvider + crafted: true +""" + +helps['webapp auth openid-connect add'] = """ +type: command +short-summary: Configure a new custom OpenID Connect identity provider. +examples: + - name: Configure a new custom OpenID Connect identity provider. + text: > + az webapp auth openid-connect add -g myResourceGroup --name MyWebApp \\ + --provider-name myOpenIdConnectProvider --client-id my-client-id \\ + --client-secret-setting-name MY_SECRET_APP_SETTING \\ + --openid-configuration https://myopenidprovider.net/.well-known/openid-configuration +""" + +helps['webapp auth openid-connect update'] = """ +type: command +short-summary: Update the client id and client secret setting name for an existing custom OpenID Connect identity provider. +examples: + - name: Update the client id and client secret setting name for an existing custom OpenID Connect identity provider. + text: > + az webapp auth openid-connect update -g myResourceGroup --name MyWebApp \\ + --provider-name myOpenIdConnectProvider --client-id my-client-id \\ + --client-secret-setting-name MY_SECRET_APP_SETTING +""" + +helps['webapp auth openid-connect remove'] = """ +type: command +short-summary: Removes an existing custom OpenID Connect identity provider. +examples: + - name: Removes an existing custom OpenID Connect identity provider. + text: > + az webapp auth openid-connect remove --name MyWebApp --resource-group MyResourceGroup \\ + --provider-name myOpenIdConnectProvider """ helps['webapp auth twitter'] = """ @@ -265,4 +308,4 @@ text: > az webapp auth twitter update -g myResourceGroup --name MyWebApp \\ --consumer-key my-client-id --consumer-secret very_secret_password -""" \ No newline at end of file +""" diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index 19d64792f6a..9908708d30d 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -4,16 +4,33 @@ # -------------------------------------------------------------------------------------------- # pylint: disable=line-too-long -from azure.cli.core.commands.parameters import (get_three_state_flag, get_enum_type) +from knack.arguments import CLIArgumentType + +from azure.cli.core.commands.parameters import (resource_group_name_type, get_resource_name_completion_list, + get_three_state_flag, get_enum_type) from azure.cli.command_modules.appservice._params import AUTH_TYPES +from azure.cli.core.local_context import LocalContextAttribute, LocalContextAction UNAUTHENTICATED_CLIENT_ACTION = ['RedirectToLoginPage', 'AllowAnonymous', 'RejectWith401', 'RejectWith404'] FORWARD_PROXY_CONVENTION = ['NoProxy', 'Standard', 'Custom'] def load_arguments(self, _): + webapp_name_arg_type = CLIArgumentType(configured_default='web', options_list=['--name', '-n'], metavar='NAME', + completer=get_resource_name_completion_list('Microsoft.Web/sites'), + id_part='name', + help="name of the web app.", + local_context_attribute=LocalContextAttribute(name='web_name', actions=[ + LocalContextAction.GET])) + + with self.argument_context('webapp auth') as c: + c.argument('resource_group_name', arg_type=resource_group_name_type) + c.argument('slot', options_list=['--slot', '-s'], + help="the name of the slot. Default to the productions slot if not specified") + c.argument('name', arg_type=webapp_name_arg_type) + with self.argument_context('webapp auth set') as c: - c.argument('body',options_list=['--body', '-b'], + c.argument('body', options_list=['--body', '-b'], help='JSON representation of the configuration settings for the Azure App Service Authentication / Authorization V2 feature.') with self.argument_context('webapp auth update') as c: @@ -85,24 +102,24 @@ def load_arguments(self, _): c.argument('scopes', options_list=['--scopes']) with self.argument_context('webapp auth openid-connect show') as c: - c.argument('provider_name', options_list=['--provider-name']) + c.argument('provider_name', options_list=['--provider-name'], required=True) with self.argument_context('webapp auth openid-connect add') as c: - c.argument('provider_name', options_list=['--provider-name']) + c.argument('provider_name', options_list=['--provider-name'], required=True) c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) c.argument('openid_configuration', options_list=['--openid-configuration']) c.argument('scopes', options_list=['--scopes']) with self.argument_context('webapp auth openid-connect update') as c: - c.argument('provider_name', options_list=['--provider-name']) + c.argument('provider_name', options_list=['--provider-name'], required=True) c.argument('client_id', options_list=['--client-id']) c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) c.argument('openid_configuration', options_list=['--openid-configuration']) c.argument('scopes', options_list=['--scopes']) with self.argument_context('webapp auth openid-connect remove') as c: - c.argument('provider_name', options_list=['--provider-name']) + c.argument('provider_name', options_list=['--provider-name'], required=True) with self.argument_context('webapp auth-classic update') as c: c.argument('enabled', arg_type=get_three_state_flag(return_label=True)) diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py index c2609f72a21..961fbaba953 100644 --- a/src/authV2/azext_authV2/commands.py +++ b/src/authV2/azext_authV2/commands.py @@ -47,4 +47,4 @@ def load_command_table(self, _): with self.command_group('webapp auth-classic') as g: g.custom_show_command('show', 'get_auth_settings') - g.custom_command('update', 'update_auth_classic_settings') \ No newline at end of file + g.custom_command('update', 'update_auth_classic_settings') From 63594dea2045fd6fbd5155a30ecd89e5799a1c10 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 12 Jul 2021 21:55:30 -0700 Subject: [PATCH 15/30] linter should pass --- src/authV2/azext_authV2/_params.py | 167 +++++++++++++++++++---------- src/authV2/azext_authV2/custom.py | 2 +- 2 files changed, 111 insertions(+), 58 deletions(-) diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index 9908708d30d..8ae3800f251 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -23,7 +23,7 @@ def load_arguments(self, _): local_context_attribute=LocalContextAttribute(name='web_name', actions=[ LocalContextAction.GET])) - with self.argument_context('webapp auth') as c: + with self.argument_context('webapp') as c: c.argument('resource_group_name', arg_type=resource_group_name_type) c.argument('slot', options_list=['--slot', '-s'], help="the name of the slot. Default to the productions slot if not specified") @@ -42,7 +42,8 @@ def load_arguments(self, _): help='The RuntimeVersion of the Authentication / Authorization feature in use for the current app.') c.argument('config_file_path', options_list=['--config-file-path'], help='The path of the config file containing auth settings if they come from a file.') - c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action'], arg_type=get_enum_type(UNAUTHENTICATED_CLIENT_ACTION), + c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action', '--action'], + arg_type=get_enum_type(UNAUTHENTICATED_CLIENT_ACTION), help='The action to take when an unauthenticated client attempts to access the app.') c.argument('redirect_provider', options_list=['--redirect-provider'], help='The default authentication provider to use when multiple providers are configured.') @@ -52,9 +53,9 @@ def load_arguments(self, _): help='false if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.') c.argument('proxy_convention', options_list=['--proxy-convention'], arg_type=get_enum_type(FORWARD_PROXY_CONVENTION), help='The convention used to determine the url of the request made.') - c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header'], + c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header', '--custom-host-header'], help='The name of the header containing the host of the request.') - c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header'], + c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header', '--custom-proto-header'], help='The name of the header containing the scheme of the request.') with self.argument_context('webapp auth microsoft update') as c: @@ -62,83 +63,125 @@ def load_arguments(self, _): help='The Client ID of this relying party application, known as the client_id.') c.argument('client_secret', options_list=['--client-secret'], help='AAD application secret') - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name'], + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], help='The app setting name that contains the client secret of the relying party application.') c.argument('issuer', options_list=['--issuer'], help='The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application.') - c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences'], + c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences', '--allowed-audiences'], help='The configuration settings of the allowed list of audiences from which to validate the JWT token.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('webapp auth facebook update') as c: - c.argument('app_id', options_list=['--app-id']) - c.argument('app_secret', options_list=['--app-secret']) - c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name', '--secret-setting-name']) - c.argument('graph_api_version', options_list=['--graph-api-version']) - c.argument('scopes', options_list=['--scopes']) + c.argument('app_id', options_list=['--app-id'], + help='The App ID of the app used for login.') + c.argument('app_secret', options_list=['--app-secret'], + help='The app secret.') + c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the app secret.') + c.argument('graph_api_version', options_list=['--graph-api-version'], + help='The version of the Facebook api to be used while logging in.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('webapp auth github update') as c: - c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) - c.argument('client_secret', options_list=['--client-secret']) - c.argument('scopes', options_list=['--scopes']) + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('client_secret', options_list=['--client-secret'], + help='The client secret.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('webapp auth google update') as c: - c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret', options_list=['--client-secret']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) - c.argument('scopes', options_list=['--scopes']) - c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences']) + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret', options_list=['--client-secret'], + help='The client secret.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences', '--allowed-audiences'], + help='The configuration settings of the allowed list of audiences from which to validate the JWT token.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('webapp auth twitter update') as c: - c.argument('consumer_key', options_list=['--consumer-key']) - c.argument('consumer_secret', options_list=['--consumer-secret']) - c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name', '--secret-setting-name']) + c.argument('consumer_key', options_list=['--consumer-key'], + help='The OAuth 1.0a consumer key of the Twitter application used for sign-in.') + c.argument('consumer_secret', options_list=['--consumer-secret'], + help='The consumer secret.') + c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the OAuth 1.0a consumer secret of the Twitter.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('webapp auth apple update') as c: - c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret', options_list=['--client-secret']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) - c.argument('scopes', options_list=['--scopes']) + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret', options_list=['--client-secret'], + help='The client secret.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('webapp auth openid-connect show') as c: - c.argument('provider_name', options_list=['--provider-name'], required=True) + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') with self.argument_context('webapp auth openid-connect add') as c: - c.argument('provider_name', options_list=['--provider-name'], required=True) - c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting-name']) - c.argument('openid_configuration', options_list=['--openid-configuration']) - c.argument('scopes', options_list=['--scopes']) + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('openid_configuration', options_list=['--openid-configuration'], + help='The endpoint that contains all the configuration endpoints for the provider.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') with self.argument_context('webapp auth openid-connect update') as c: - c.argument('provider_name', options_list=['--provider-name'], required=True) - c.argument('client_id', options_list=['--client-id']) - c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name']) - c.argument('openid_configuration', options_list=['--openid-configuration']) - c.argument('scopes', options_list=['--scopes']) + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('openid_configuration', options_list=['--openid-configuration'], + help='The endpoint that contains all the configuration endpoints for the provider.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') with self.argument_context('webapp auth openid-connect remove') as c: - c.argument('provider_name', options_list=['--provider-name'], required=True) + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') with self.argument_context('webapp auth-classic update') as c: - c.argument('enabled', arg_type=get_three_state_flag(return_label=True)) + c.argument('enabled', arg_type=get_three_state_flag(return_label=True), + help='true if the Authentication / Authorization feature is enabled for the current app; otherwise, false.') c.argument('token_store_enabled', options_list=['--token-store'], arg_type=get_three_state_flag(return_label=True), help='use App Service Token Store') - c.argument('action', arg_type=get_enum_type(AUTH_TYPES)) + c.argument('action', arg_type=get_enum_type(AUTH_TYPES), + help='The action to take when an unauthenticated client attempts to access the app.') c.argument('runtime_version', help='Runtime version of the Authentication/Authorization feature in use for the current app') - c.argument('token_refresh_extension_hours', type=float, help="Hours, must be formattable into a float") - c.argument('allowed_external_redirect_urls', nargs='+', help="One or more urls (space-delimited).") + c.argument('token_refresh_extension_hours', type=float, options_list=['--token-refresh-extension-hours', '--token-refresh-hours'], + help="Hours, must be formattable into a float") + c.argument('allowed_external_redirect_urls', options_list=['--allowed-redirect-urls'], nargs='+', + help="One or more urls (space-delimited).") c.argument('client_id', options_list=['--aad-client-id'], arg_group='Azure Active Directory', help='Application ID to integrate AAD organization account Sign-in into your web app') c.argument('client_secret', options_list=['--aad-client-secret'], arg_group='Azure Active Directory', help='AAD application secret') - c.argument('client_secret_setting_name', options_list=['--aad-client-secret-setting-name'], arg_group='Azure Active Directory', + c.argument('client_secret_setting_name', options_list=['--aad-client-secret-setting-name', '--aad-secret-setting'], arg_group='Azure Active Directory', help='The app setting name that contains the client secret of the relying party application.') c.argument('client_secret_certificate_thumbprint', options_list=['--aad-client-secret-certificate-thumbprint', '--thumbprint'], arg_group='Azure Active Directory', help='Alternative to AAD Client Secret, thumbprint of a certificate used for signing purposes') - c.argument('allowed_audiences', nargs='+', options_list=['--aad-allowed-token-audiences'], + c.argument('allowed_audiences', nargs='+', options_list=['--aad-allowed-token-audiences', '--allowed-audiences'], arg_group='Azure Active Directory', help="One or more token audiences (space-delimited).") c.argument('issuer', options_list=['--aad-token-issuer-url'], help='This url can be found in the JSON output returned from your active directory endpoint using your tenantID. The endpoint can be queried from `az cloud show` at \"endpoints.activeDirectory\". ' @@ -147,26 +190,36 @@ def load_arguments(self, _): c.argument('facebook_app_id', arg_group='Facebook', help="Application ID to integrate Facebook Sign-in into your web app") c.argument('facebook_app_secret', arg_group='Facebook', help='Facebook Application client secret') - c.argument('facebook_app_secret_setting_name', arg_group='Facebook', help='The app setting name that contains the app secret used for Facebook Login.') + c.argument('facebook_app_secret_setting_name', arg_group='Facebook', options_list=['--facebook-app-secret-setting-name', '--fb-secret-setting'], + help='The app setting name that contains the app secret used for Facebook Login.') c.argument('facebook_oauth_scopes', nargs='+', help="One or more facebook authentication scopes (space-delimited).", arg_group='Facebook') c.argument('twitter_consumer_key', arg_group='Twitter', help='Application ID to integrate Twitter Sign-in into your web app') - c.argument('twitter_consumer_secret', arg_group='Twitter', help='Twitter Application client secret') - c.argument('twitter_consumer_secret_setting_name', arg_group='Twitter', help='The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.') + c.argument('twitter_consumer_secret', arg_group='Twitter', options_list=['--twitter-consumer-secret', '--twitter-secret'], + help='Twitter Application client secret') + c.argument('twitter_consumer_secret_setting_name', arg_group='Twitter', options_list=['--twitter-consumer-secret-setting-name', '--twitter-secret-setting'], + help='The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.') c.argument('google_client_id', arg_group='Google', help='Application ID to integrate Google Sign-in into your web app') c.argument('google_client_secret', arg_group='Google', help='Google Application client secret') - c.argument('google_client_secret_setting_name', arg_group='Google', help='The app setting name that contains the client secret associated with the Google web application.') + c.argument('google_client_secret_setting_name', arg_group='Google', options_list=['--google-client-secret-setting-name', '--google-secret-setting'], + help='The app setting name that contains the client secret associated with the Google web application.') c.argument('google_oauth_scopes', nargs='+', help="One or more Google authentication scopes (space-delimited).", arg_group='Google') - c.argument('microsoft_account_client_id', arg_group='Microsoft', + c.argument('microsoft_account_client_id', arg_group='Microsoft', options_list=['--microsoft-account-client-id', '--msa-client'], help="AAD V2 Application ID to integrate Microsoft account Sign-in into your web app") - c.argument('microsoft_account_client_secret', arg_group='Microsoft', help='AAD V2 Application client secret') - c.argument('microsoft_account_client_secret_setting_name', arg_group='Microsoft', help='The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.') - c.argument('microsoft_account_oauth_scopes', nargs='+', + c.argument('microsoft_account_client_secret', arg_group='Microsoft', options_list=['--microsoft-account-client-secret', '--msa-secret'], + help='AAD V2 Application client secret') + c.argument('microsoft_account_client_secret_setting_name', arg_group='Microsoft', options_list=['--microsoft-account-client-secret-setting-name', '--msa-secret-setting'], + help='The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.') + c.argument('microsoft_account_oauth_scopes', nargs='+', options_list=['--microsoft-account-oauth-scopes', '--msa-scopes'], help="One or more Microsoft authentification scopes (space-delimited).", arg_group='Microsoft') - c.argument('git_hub_client_id', arg_group='GitHub', help="The Client Id of the GitHub app used for login.") - c.argument('git_hub_client_secret', arg_group='GitHub', help="The Client Secret of the GitHub app used for login.") - c.argument('git_hub_client_secret_setting_name', arg_group='GitHub', help="The app setting name that contains the client secret of the Github app used for GitHub Login.") - c.argument('git_hub_o_auth_scopes', arg_group='GitHub', help="The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication.") + c.argument('git_hub_client_id', options_list=['--github-client-id'], arg_group='GitHub', + help="The Client Id of the GitHub app used for login.") + c.argument('git_hub_client_secret', options_list=['--github-client-secret'], arg_group='GitHub', + help="The Client Secret of the GitHub app used for login.") + c.argument('git_hub_client_secret_setting_name', arg_group='GitHub', options_list=['--github-client-secret-setting-name', '--github-secret-setting'], + help="The app setting name that contains the client secret of the Github app used for GitHub Login.") + c.argument('git_hub_o_auth_scopes', options_list=['--github-oauth-scopes', '--github-scopes'], arg_group='GitHub', + help="The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication.") diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 2ee9b12bd93..8ebf572d2ca 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -334,7 +334,7 @@ def update_auth_classic_settings(cmd, resource_group_name, name, enabled=None, a client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument google_client_secret_setting_name=None, # pylint: disable=unused-argument microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument - twitter_consume_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument + twitter_consumer_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app ' 'is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') From 5be1ce4d63101cfae7baf2df5ffd9a2e36740261 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 12 Jul 2021 21:57:24 -0700 Subject: [PATCH 16/30] fix codeowners --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 40ec4079b4c..7642db5b941 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -202,4 +202,4 @@ /src/dataprotection/ @sambitratha -/src/azext_authV2/ @mkarmark +/src/authV2/ @mkarmark From ee4a9bd1caeedb1e5153f0a295b6bb188a6d1e7a Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 12 Jul 2021 22:21:49 -0700 Subject: [PATCH 17/30] linter should pass --- src/authV2/azext_authV2/_params.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index 8ae3800f251..6dabceebdc9 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -23,7 +23,13 @@ def load_arguments(self, _): local_context_attribute=LocalContextAttribute(name='web_name', actions=[ LocalContextAction.GET])) - with self.argument_context('webapp') as c: + with self.argument_context('webapp auth') as c: + c.argument('resource_group_name', arg_type=resource_group_name_type) + c.argument('slot', options_list=['--slot', '-s'], + help="the name of the slot. Default to the productions slot if not specified") + c.argument('name', arg_type=webapp_name_arg_type) + + with self.argument_context('webapp auth-classic') as c: c.argument('resource_group_name', arg_type=resource_group_name_type) c.argument('slot', options_list=['--slot', '-s'], help="the name of the slot. Default to the productions slot if not specified") From 7775937d8c12e5f94fdf75ce63ceab8e8891a28f Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Mon, 12 Jul 2021 22:33:01 -0700 Subject: [PATCH 18/30] linter should pass --- src/authV2/azext_authV2/_params.py | 2 +- src/service_name.json | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py index 6dabceebdc9..328f3ccba92 100644 --- a/src/authV2/azext_authV2/_params.py +++ b/src/authV2/azext_authV2/_params.py @@ -28,7 +28,7 @@ def load_arguments(self, _): c.argument('slot', options_list=['--slot', '-s'], help="the name of the slot. Default to the productions slot if not specified") c.argument('name', arg_type=webapp_name_arg_type) - + with self.argument_context('webapp auth-classic') as c: c.argument('resource_group_name', arg_type=resource_group_name_type) c.argument('slot', options_list=['--slot', '-s'], diff --git a/src/service_name.json b/src/service_name.json index 8fbe1d1286f..9ec593bd86a 100644 --- a/src/service_name.json +++ b/src/service_name.json @@ -414,6 +414,11 @@ "AzureServiceName": "Azure Data Explorer", "URL": "https://docs.microsoft.com/azure/data-explorer/" }, + { + "Command": "az webapp", + "AzureServiceName": "Azure App Service", + "URL": "" + }, { "Command": "az webpubsub", "AzureServiceName": "Azure Web PubSub", From bbbcf08d2ad3c93b167948bdada2daaa548e98cb Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Tue, 13 Jul 2021 12:30:41 -0700 Subject: [PATCH 19/30] really hope this passes the ci --- src/authV2/azext_authV2/custom.py | 110 ++- .../latest/authv2runtimeversionupdated.json | 83 ++ .../latest/recordings/test_authV2_auth.yaml | 769 ++++++++++++++++ .../recordings/test_authV2_authclassic.yaml | 846 ++++++++++++++++++ .../tests/latest/test_authV2_scenario.py | 92 +- 5 files changed, 1839 insertions(+), 61 deletions(-) create mode 100644 src/authV2/azext_authV2/tests/latest/authv2runtimeversionupdated.json create mode 100644 src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml create mode 100644 src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 8ebf572d2ca..9f5cf6bb9ab 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -8,8 +8,8 @@ from azure.cli.core.util import send_raw_request from azure.cli.command_modules.appservice._appservice_utils import _generic_site_operation from azure.cli.command_modules.appservice.custom import update_app_settings -from azure.cli.command_modules.appservice.custom import update_auth_settings from azure.cli.core.commands.client_factory import get_subscription_id +from azure.cli.command_modules.appservice._params import AUTH_TYPES MICROSOFT_SECRET_SETTING_NAME = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET" FACEBOOK_SECRET_SETTING_NAME = "FACEBOOK_PROVIDER_AUTHENTICATION_SECRET" @@ -152,27 +152,29 @@ def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylin raise CLIError('Usage Error: Cannot use command az webapp auth revert when the app is using auth v1.') site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) set_auth_settings_v2(cmd, resource_group_name, name, None, slot) - update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, - site_auth_settings.client_id, site_auth_settings.token_store_enabled, - site_auth_settings.runtime_version, - site_auth_settings.token_refresh_extension_hours, - site_auth_settings.allowed_external_redirect_urls, site_auth_settings.client_secret, - site_auth_settings.client_secret_certificate_thumbprint, - site_auth_settings.allowed_audiences, site_auth_settings.issuer, - site_auth_settings.facebook_app_id, - site_auth_settings.facebook_app_secret, site_auth_settings.facebook_o_auth_scopes, - site_auth_settings.twitter_consumer_key, site_auth_settings.twitter_consumer_secret, - site_auth_settings.google_client_id, site_auth_settings.google_client_secret, - site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, - site_auth_settings.microsoft_account_client_secret, - site_auth_settings.microsoft_account_o_auth_scopes, slot, - site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, - site_auth_settings.git_hub_o_auth_scopes, site_auth_settings.client_secret_setting_name, - site_auth_settings.facebook_app_secret_setting_name, - site_auth_settings.google_client_secret_setting_name, - site_auth_settings.microsoft_account_client_secret_setting_name, - site_auth_settings.twitter_consumer_secret_setting_name, - site_auth_settings.git_hub_client_secret_setting_name) + update_auth_classic_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, + site_auth_settings.runtime_version, + site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, site_auth_settings.client_secret, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, + site_auth_settings.facebook_app_id, + site_auth_settings.facebook_app_secret, site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, site_auth_settings.twitter_consumer_secret, + site_auth_settings.google_client_id, site_auth_settings.google_client_secret, + site_auth_settings.google_o_auth_scopes, + site_auth_settings.microsoft_account_client_id, + site_auth_settings.microsoft_account_client_secret, + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, + site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, + site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, + site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, + site_auth_settings.git_hub_client_secret_setting_name) # endregion # region helper methods @@ -277,25 +279,28 @@ def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pyl if len(settings) > 0: update_app_settings(cmd, resource_group_name, name, settings, slot) remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot) - update_auth_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, - site_auth_settings.client_id, site_auth_settings.token_store_enabled, - site_auth_settings.runtime_version, site_auth_settings.token_refresh_extension_hours, - site_auth_settings.allowed_external_redirect_urls, None, - site_auth_settings.client_secret_certificate_thumbprint, - site_auth_settings.allowed_audiences, site_auth_settings.issuer, - site_auth_settings.facebook_app_id, None, site_auth_settings.facebook_o_auth_scopes, - site_auth_settings.twitter_consumer_key, None, - site_auth_settings.google_client_id, None, - site_auth_settings.google_o_auth_scopes, site_auth_settings.microsoft_account_client_id, - None, - site_auth_settings.microsoft_account_o_auth_scopes, slot, - site_auth_settings.git_hub_client_id, None, site_auth_settings.git_hub_o_auth_scopes, - site_auth_settings.client_secret_setting_name, - site_auth_settings.facebook_app_secret_setting_name, - site_auth_settings.google_client_secret_setting_name, - site_auth_settings.microsoft_account_client_secret_setting_name, - site_auth_settings.twitter_consumer_secret_setting_name, - site_auth_settings.git_hub_client_secret_setting_name) + update_auth_classic_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, + site_auth_settings.runtime_version, site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, None, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, + site_auth_settings.facebook_app_id, None, + site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, None, + site_auth_settings.google_client_id, None, + site_auth_settings.google_o_auth_scopes, + site_auth_settings.microsoft_account_client_id, + None, + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, None, + site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, + site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, + site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, + site_auth_settings.git_hub_client_secret_setting_name) def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument @@ -339,7 +344,28 @@ def update_auth_classic_settings(cmd, resource_group_name, name, enabled=None, a raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app ' 'is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') - return update_auth_settings(**locals()) + auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + if action == 'AllowAnonymous': + auth_settings.unauthenticated_client_action = 'AllowAnonymous' + elif action: + auth_settings.unauthenticated_client_action = 'RedirectToLoginPage' + auth_settings.default_provider = AUTH_TYPES[action] + # validate runtime version + if not is_auth_runtime_version_valid(runtime_version): + raise CLIError('Usage Error: --runtime-version set to invalid value') + + import inspect + frame = inspect.currentframe() + bool_flags = ['enabled', 'token_store_enabled'] + # note: getargvalues is used already in azure.cli.core.commands. + # and no simple functional replacement for this deprecating method for 3.5 + args, _, _, values = inspect.getargvalues(frame) # pylint: disable=deprecated-method + + for arg in args[2:]: + if values.get(arg, None): + setattr(auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') + + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) # endregion # region webapp auth microsoft diff --git a/src/authV2/azext_authV2/tests/latest/authv2runtimeversionupdated.json b/src/authV2/azext_authV2/tests/latest/authv2runtimeversionupdated.json new file mode 100644 index 00000000000..3f569377203 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/authv2runtimeversionupdated.json @@ -0,0 +1,83 @@ +{ + "globalValidation": { + "requireAuthentication": true, + "unauthenticatedClientAction": "RedirectToLoginPage" + }, + "httpSettings": { + "forwardProxy": { + "convention": "NoProxy" + }, + "requireHttps": true, + "routes": { + "apiPrefix": "/.auth" + } + }, + "identityProviders": { + "apple": { + "enabled": true, + "login": {}, + "registration": {} + }, + "azureActiveDirectory": { + "enabled": true, + "login": { + "disableWWWAuthenticate": false + }, + "registration": {}, + "validation": { + "defaultAuthorizationPolicy": { + "allowedPrincipals": {} + }, + "jwtClaimChecks": {} + } + }, + "facebook": { + "enabled": true, + "login": {}, + "registration": {} + }, + "gitHub": { + "enabled": true, + "login": {}, + "registration": {} + }, + "google": { + "enabled": true, + "login": {}, + "registration": {}, + "validation": {} + }, + "legacyMicrosoftAccount": { + "enabled": true, + "login": {}, + "registration": {}, + "validation": {} + }, + "twitter": { + "enabled": true, + "registration": {} + } + }, + "login": { + "cookieExpiration": { + "convention": "FixedTime", + "timeToExpiration": "08:00:00" + }, + "nonce": { + "nonceExpirationInterval": "00:05:00", + "validateNonce": true + }, + "preserveUrlFragmentsForLogins": false, + "routes": {}, + "tokenStore": { + "azureBlobStorage": {}, + "enabled": false, + "fileSystem": {}, + "tokenRefreshExtensionHours": 72.0 + } + }, + "platform": { + "enabled": true, + "runtimeVersion": "1.2.8" + } +} \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml new file mode 100644 index 00000000000..fcd7d61abb0 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml @@ -0,0 +1,769 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-13T19:23:35Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 13 Jul 2021 19:23:36 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-plan000003", "type": "Microsoft.Web/serverfarms", + "location": "westus", "properties": {"skuName": "S1", "capacity": 1}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '159' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:37 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-13T19:23:35Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 13 Jul 2021 19:23:36 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus", "sku": {"name": "S1", "tier": "STANDARD", "capacity": + 1}, "properties": {"perSiteScaling": false, "isXenon": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '139' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":8601,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_8601","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1728' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:43 GMT + etag: + - '"1D7781C972E5895"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":8601,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_8601","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1654' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:44 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Microsoft.Web/sites", + "location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '361' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:44 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":8601,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_8601","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1654' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:44 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Site"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '68' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Web/checknameavailability?api-version=2020-09-01 + response: + body: + string: '{"nameAvailable":true,"reason":"","message":""}' + headers: + cache-control: + - no-cache + content-length: + - '47' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:45 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003", + "reserved": false, "isXenon": false, "hyperV": false, "siteConfig": {"netFrameworkVersion": + "v4.6", "appSettings": [{"name": "WEBSITE_NODE_DEFAULT_VERSION", "value": "10.14.1"}], + "alwaysOn": true, "localMySqlEnabled": false, "http20Enabled": true}, "scmSiteAlsoStopped": + false, "httpsOnly": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '576' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002","name":"webapp-authentication-test000002","type":"Microsoft.Web/sites","kind":"app","location":"West + US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-167.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-13T19:23:47.2066667","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.51","possibleInboundIpAddresses":"40.112.243.51","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-167.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.112.243.51","possibleOutboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.83.193.17,40.83.193.61,40.83.193.165,40.83.199.124,40.83.198.205,40.83.206.10,40.83.206.58,40.83.206.250,40.83.192.100,40.83.207.2,13.64.97.227,40.83.200.13,40.83.200.129,40.83.200.182,40.83.207.31,13.64.152.226,13.64.152.98,13.64.159.199,40.83.139.224,40.83.198.242,13.64.156.139,13.64.156.238,13.64.152.10,13.64.153.132,40.112.243.51","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-167","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' + headers: + cache-control: + - no-cache + content-length: + - '6804' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:02 GMT + etag: + - '"1D7781C9A81C955"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '499' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"format": "WebDeploy"}' + headers: + Accept: + - application/xml + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '23' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/publishxml?api-version=2020-09-01 + response: + body: + string: + headers: + cache-control: + - no-cache + content-length: + - '1875' + content-type: + - application/xml + date: + - Tue, 13 Jul 2021 19:24:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth config-version show + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth show + Connection: + - keep-alive + ParameterSetName: + - -g -n + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettingsV2/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West + US","properties":{}}' + headers: + cache-control: + - no-cache + content-length: + - '341' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth update + Connection: + - keep-alive + ParameterSetName: + - -g -n --enabled --runtime-version + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettingsV2/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West + US","properties":{}}' + headers: + cache-control: + - no-cache + content-length: + - '341' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:05 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"properties": {"platform": {"enabled": "true", "runtimeVersion": "1.2.8"}}}' + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth update + Connection: + - keep-alive + Content-Length: + - '76' + Content-Type: + - application/json + ParameterSetName: + - -g -n --enabled --runtime-version + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettingsV2?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"platform":{"enabled":true,"runtimeVersion":"1.2.8"},"globalValidation":{"requireAuthentication":true,"unauthenticatedClientAction":"RedirectToLoginPage"},"identityProviders":{"azureActiveDirectory":{"enabled":true,"registration":{},"login":{"disableWWWAuthenticate":false},"validation":{"jwtClaimChecks":{},"defaultAuthorizationPolicy":{"allowedPrincipals":{}}}},"facebook":{"enabled":true,"registration":{},"login":{}},"gitHub":{"enabled":true,"registration":{},"login":{}},"google":{"enabled":true,"registration":{},"login":{},"validation":{}},"legacyMicrosoftAccount":{"enabled":true,"registration":{},"login":{},"validation":{}},"twitter":{"enabled":true,"registration":{}},"apple":{"enabled":true,"registration":{},"login":{}}},"login":{"routes":{},"tokenStore":{"enabled":false,"tokenRefreshExtensionHours":72.0,"fileSystem":{},"azureBlobStorage":{}},"preserveUrlFragmentsForLogins":false,"cookieExpiration":{"convention":"FixedTime","timeToExpiration":"08:00:00"},"nonce":{"validateNonce":true,"nonceExpirationInterval":"00:05:00"}},"httpSettings":{"requireHttps":true,"routes":{"apiPrefix":"/.auth"},"forwardProxy":{"convention":"NoProxy"}}}}' + headers: + cache-control: + - no-cache + content-length: + - '1490' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:05 GMT + etag: + - '"1D7781CA551BB15"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml new file mode 100644 index 00000000000..2cc2f448ea4 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml @@ -0,0 +1,846 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-13T19:23:35Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 13 Jul 2021 19:23:36 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-plan000003", "type": "Microsoft.Web/serverfarms", + "location": "westus", "properties": {"skuName": "S1", "capacity": 1}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '159' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:36 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-13T19:23:35Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 13 Jul 2021 19:23:37 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus", "sku": {"name": "S1", "tier": "STANDARD", "capacity": + 1}, "properties": {"perSiteScaling": false, "isXenon": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '139' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":15974,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_15974","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1730' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:43 GMT + etag: + - '"1D7781C97DED6E0"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":15974,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_15974","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1656' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:43 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Microsoft.Web/sites", + "location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '361' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:44 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":15974,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_15974","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1656' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:46 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Site"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '68' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Web/checknameavailability?api-version=2020-09-01 + response: + body: + string: '{"nameAvailable":true,"reason":"","message":""}' + headers: + cache-control: + - no-cache + content-length: + - '47' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:23:46 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003", + "reserved": false, "isXenon": false, "hyperV": false, "siteConfig": {"netFrameworkVersion": + "v4.6", "appSettings": [{"name": "WEBSITE_NODE_DEFAULT_VERSION", "value": "10.14.1"}], + "alwaysOn": true, "localMySqlEnabled": false, "http20Enabled": true}, "scmSiteAlsoStopped": + false, "httpsOnly": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '576' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002","name":"webapp-authentication-test000002","type":"Microsoft.Web/sites","kind":"app","location":"West + US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-165.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-13T19:23:55.6266667","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.50","possibleInboundIpAddresses":"40.112.243.50","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-165.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"13.64.16.238,13.64.95.102,13.91.127.75,13.64.88.215,13.64.94.44,13.64.98.140,40.112.243.50","possibleOutboundIpAddresses":"13.64.16.238,13.64.95.102,13.91.127.75,13.64.88.215,13.64.94.44,13.64.98.140,13.64.96.65,104.42.62.244,40.83.192.17,13.64.20.59,40.118.236.199,13.64.102.109,13.64.19.226,13.64.19.242,13.64.102.124,13.64.23.132,13.91.126.184,13.64.101.210,13.91.121.195,13.93.182.126,13.93.183.129,13.64.101.106,13.93.183.68,13.64.18.241,13.93.176.127,13.93.179.244,13.93.192.138,13.91.133.139,23.100.36.18,23.100.37.252,40.112.243.50","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-165","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' + headers: + cache-control: + - no-cache + content-length: + - '6801' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:10 GMT + etag: + - '"1D7781C9FF05EEB"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '499' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"format": "WebDeploy"}' + headers: + Accept: + - application/xml + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '23' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/publishxml?api-version=2020-09-01 + response: + body: + string: + headers: + cache-control: + - no-cache + content-length: + - '1875' + content-type: + - application/xml + date: + - Tue, 13 Jul 2021 19:24:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth config-version show + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic show + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings/list?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11998' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic update + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version + --aad-client-id --aad-client-secret --aad-client-secret-certificate-thumbprint + --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-app-secret + --facebook-oauth-scopes + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:13 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic update + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version + --aad-client-id --aad-client-secret --aad-client-secret-certificate-thumbprint + --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-app-secret + --facebook-oauth-scopes + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings/list?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:14 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11997' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"properties": {"enabled": true, "runtimeVersion": "1.2.8", "unauthenticatedClientAction": + "RedirectToLoginPage", "tokenStoreEnabled": false, "defaultProvider": "Facebook", + "tokenRefreshExtensionHours": 7.2, "clientId": "aad_client_id", "clientSecret": + "aad_secret", "clientSecretCertificateThumbprint": "aad_thumbprint", "issuer": + "https://issuer_url", "allowedAudiences": ["https://audience1"], "facebookAppId": + "facebook_id", "facebookAppSecret": "facebook_secret"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic update + Connection: + - keep-alive + Content-Length: + - '469' + Content-Type: + - application/json + ParameterSetName: + - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version + --aad-client-id --aad-client-secret --aad-client-secret-certificate-thumbprint + --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-app-secret + --facebook-oauth-scopes + User-Agent: + - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":true,"runtimeVersion":"1.2.8","configVersion":"v1","unauthenticatedClientAction":"RedirectToLoginPage","tokenStoreEnabled":false,"allowedExternalRedirectUrls":null,"defaultProvider":"Facebook","tokenRefreshExtensionHours":7.2,"clientId":"aad_client_id","clientSecret":"aad_secret","clientSecretSettingName":null,"clientSecretCertificateThumbprint":"aad_thumbprint","issuer":"https://issuer_url","allowedAudiences":["https://audience1"],"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":"facebook_id","facebookAppSecret":"facebook_secret","facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1466' + content-type: + - application/json + date: + - Tue, 13 Jul 2021 19:24:15 GMT + etag: + - '"1D7781CAB365100"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py index 65bbca8741b..2b811c652a3 100644 --- a/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py +++ b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py @@ -7,8 +7,7 @@ import unittest from azure_devtools.scenario_tests import AllowLargeResponse -from azure.cli.testsdk import (ScenarioTest, ResourceGroupPreparer) - +from azure.cli.testsdk import (ScenarioTest, ResourceGroupPreparer, JMESPathCheck) TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) @@ -16,25 +15,80 @@ class Authv2ScenarioTest(ScenarioTest): @ResourceGroupPreparer(name_prefix='cli_test_authV2') - def test_authV2(self, resource_group): + def test_authV2_auth(self, resource_group): + webapp_name = self.create_random_name('webapp-authentication-test', 40) + plan_name = self.create_random_name('webapp-authentication-plan', 40) + self.cmd( + 'appservice plan create -g {} -n {} --sku S1'.format(resource_group, plan_name)) + self.cmd( + 'webapp create -g {} -n {} --plan {}'.format(resource_group, webapp_name, plan_name)) + self.cmd('webapp auth config-version show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('configVersion', 'v1') + ]) - self.kwargs.update({ - 'name': 'test1' - }) + # testing show command for newly created app and initial fields + self.cmd('webapp auth show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('properties', {}) + ]) - self.cmd('authV2 create -g {rg} -n {name} --tags foo=doo', checks=[ - self.check('tags.foo', 'doo'), - self.check('name', '{name}') + # # update and verify + self.cmd('webapp auth update -g {} -n {} --enabled true --runtime-version 1.2.8' + .format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('platform', "{'enabled': True, 'runtimeVersion': '1.2.8'}") ]) - self.cmd('authV2 update -g {rg} -n {name} --tags foo=boo', checks=[ - self.check('tags.foo', 'boo') + + + @ResourceGroupPreparer(name_prefix='cli_test_authV2') + def test_authV2_authclassic(self, resource_group): + webapp_name = self.create_random_name('webapp-authentication-test', 40) + plan_name = self.create_random_name('webapp-authentication-plan', 40) + self.cmd( + 'appservice plan create -g {} -n {} --sku S1'.format(resource_group, plan_name)) + self.cmd( + 'webapp create -g {} -n {} --plan {}'.format(resource_group, webapp_name, plan_name)) + self.cmd('webapp auth config-version show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('configVersion', 'v1') ]) - count = len(self.cmd('authV2 list').get_output_in_json()) - self.cmd('authV2 show - {rg} -n {name}', checks=[ - self.check('name', '{name}'), - self.check('resourceGroup', '{rg}'), - self.check('tags.foo', 'boo') + + # testing show command for newly created app and initial fields + self.cmd('webapp auth-classic show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('unauthenticatedClientAction', None), + JMESPathCheck('defaultProvider', None), + JMESPathCheck('enabled', False), + JMESPathCheck('tokenStoreEnabled', None), + JMESPathCheck('allowedExternalRedirectUrls', None), + JMESPathCheck('tokenRefreshExtensionHours', None), + JMESPathCheck('runtimeVersion', None), + JMESPathCheck('clientId', None), + JMESPathCheck('clientSecret', None), + JMESPathCheck('clientSecretCertificateThumbprint', None), + JMESPathCheck('allowedAudiences', None), + JMESPathCheck('issuer', None), + JMESPathCheck('facebookAppId', None), + JMESPathCheck('facebookAppSecret', None), + JMESPathCheck('facebookOauthScopes', None) ]) - self.cmd('authV2 delete -g {rg} -n {name}') - final_count = len(self.cmd('authV2 list').get_output_in_json()) - self.assertTrue(final_count, count - 1) \ No newline at end of file + + # update and verify + result = self.cmd('webapp auth-classic update -g {} -n {} --enabled true --action LoginWithFacebook ' + '--token-store false --token-refresh-extension-hours 7.2 --runtime-version 1.2.8 ' + '--aad-client-id aad_client_id --aad-client-secret aad_secret --aad-client-secret-certificate-thumbprint aad_thumbprint ' + '--aad-allowed-token-audiences https://audience1 --aad-token-issuer-url https://issuer_url ' + '--facebook-app-id facebook_id --facebook-app-secret facebook_secret ' + '--facebook-oauth-scopes public_profile email' + .format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck( + 'unauthenticatedClientAction', 'RedirectToLoginPage'), + JMESPathCheck('defaultProvider', 'Facebook'), + JMESPathCheck('enabled', True), + JMESPathCheck('tokenStoreEnabled', False), + JMESPathCheck('tokenRefreshExtensionHours', 7.2), + JMESPathCheck('runtimeVersion', '1.2.8'), + JMESPathCheck('clientId', 'aad_client_id'), + JMESPathCheck('clientSecret', 'aad_secret'), + JMESPathCheck('clientSecretCertificateThumbprint', 'aad_thumbprint'), + JMESPathCheck('issuer', 'https://issuer_url'), + JMESPathCheck('facebookAppId', 'facebook_id'), + JMESPathCheck('facebookAppSecret', 'facebook_secret')]).get_output_in_json() + + self.assertIn('https://audience1', result['allowedAudiences']) \ No newline at end of file From 144bb36894aa9acdbb087edc22394d16669c69d4 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Tue, 13 Jul 2021 14:14:33 -0700 Subject: [PATCH 20/30] fix credscan --- scripts/ci/credscan/CredScanSuppressions.json | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/ci/credscan/CredScanSuppressions.json b/scripts/ci/credscan/CredScanSuppressions.json index 7ba3b3ab067..22a421c4381 100644 --- a/scripts/ci/credscan/CredScanSuppressions.json +++ b/scripts/ci/credscan/CredScanSuppressions.json @@ -111,6 +111,12 @@ "src\\diskpool\\README.md" ], "_justification": "Faked password" - } + }, + { + "file": [ + "src\\authV2\\azext_authV2\\tests\\latest\\recordings\\test_authV2_authclassic.yaml" + ], + "_justification": "Fake secret" + }, ] } From 2208c78d6823e8b95a56ceaa73fb4c29b0868636 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 15 Jul 2021 11:37:16 -0700 Subject: [PATCH 21/30] address Sisira's comments --- src/authV2/azext_authV2/custom.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 9f5cf6bb9ab..85f3fddb40f 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -24,6 +24,8 @@ def get_resource_id(cmd, resource_group_name, name, slot): sub_id = get_subscription_id(cmd.cli_ctx) + + # TODO: Replace ARM call with SDK API after fixing swagger issues resource_id = "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}".format( sub_id, resource_group_name, @@ -35,10 +37,14 @@ def get_resource_id(cmd, resource_group_name, name, slot): def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): resource_id = get_resource_id(cmd, resource_group_name, name, slot) - request_url = "https://management.azure.com/{}/{}?api-version={}".format( + management_hostname = cmd.cli_ctx.cloud.endpoints.resource_manager + request_url = "{}/{}/{}?api-version={}".format( + management_hostname.strip('/'), resource_id, "config/authSettingsV2/list", "2020-12-01") + + # TODO: Replace ARM call with SDK API after fixing swagger issues r = send_raw_request(cmd.cli_ctx, "GET", request_url) return r.json() @@ -49,20 +55,28 @@ def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_ } resource_id = get_resource_id(cmd, resource_group_name, name, slot) - request_url = "https://management.azure.com/{}/{}?api-version={}".format( + management_hostname = cmd.cli_ctx.cloud.endpoints.resource_manager + request_url = "{}/{}/{}?api-version={}".format( + management_hostname.strip('/'), resource_id, "config/authSettingsV2", "2020-12-01") + + # TODO: Replace ARM call with SDK API after fixing swagger issues r = send_raw_request(cmd.cli_ctx, "PUT", request_url, None, None, json.dumps(final_json)) return r.json()["properties"] def is_auth_v2_app(cmd, resource_group_name, name, slot=None): resource_id = get_resource_id(cmd, resource_group_name, name, slot) - request_url = "https://management.azure.com/{}/{}?api-version={}".format( + management_hostname = cmd.cli_ctx.cloud.endpoints.resource_manager + request_url = "{}/{}/{}?api-version={}".format( + management_hostname.strip('/'), resource_id, "config/authSettings/list", "2020-12-01") + + # TODO: Replace ARM call with SDK API after fixing swagger issues r = send_raw_request(cmd.cli_ctx, "POST", request_url) return r.json()["properties"]["configVersion"] == "v2" # endregion From 1e927766bf644b37c2f85d808c416426a5e9b3d0 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 15 Jul 2021 11:45:48 -0700 Subject: [PATCH 22/30] fix static analysis --- src/authV2/azext_authV2/custom.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py index 85f3fddb40f..58c8200ae04 100644 --- a/src/authV2/azext_authV2/custom.py +++ b/src/authV2/azext_authV2/custom.py @@ -61,7 +61,7 @@ def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_ resource_id, "config/authSettingsV2", "2020-12-01") - + # TODO: Replace ARM call with SDK API after fixing swagger issues r = send_raw_request(cmd.cli_ctx, "PUT", request_url, None, None, json.dumps(final_json)) return r.json()["properties"] From cfa6adb0e1ebe67261f75f53e1a1ee561b8b90b8 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Tue, 27 Jul 2021 08:15:00 -0700 Subject: [PATCH 23/30] address Sisira's comments --- scripts/ci/credscan/CredScanSuppressions.json | 8 +------- src/authV2/azext_authV2/azext_metadata.json | 1 - .../recordings/test_authV2_authclassic.yaml | 20 +++++++++---------- .../tests/latest/test_authV2_scenario.py | 11 +++------- 4 files changed, 14 insertions(+), 26 deletions(-) diff --git a/scripts/ci/credscan/CredScanSuppressions.json b/scripts/ci/credscan/CredScanSuppressions.json index 22a421c4381..7ba3b3ab067 100644 --- a/scripts/ci/credscan/CredScanSuppressions.json +++ b/scripts/ci/credscan/CredScanSuppressions.json @@ -111,12 +111,6 @@ "src\\diskpool\\README.md" ], "_justification": "Faked password" - }, - { - "file": [ - "src\\authV2\\azext_authV2\\tests\\latest\\recordings\\test_authV2_authclassic.yaml" - ], - "_justification": "Fake secret" - }, + } ] } diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json index 0b3d03f8101..7a73a41bfdf 100644 --- a/src/authV2/azext_authV2/azext_metadata.json +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -1,3 +1,2 @@ { - "azext.isPreview": false } \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml index 2cc2f448ea4..216e8a71554 100644 --- a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml @@ -675,8 +675,8 @@ interactions: - '0' ParameterSetName: - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version - --aad-client-id --aad-client-secret --aad-client-secret-certificate-thumbprint - --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-app-secret + --aad-client-id --aad-client-secret-certificate-thumbprint + --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes User-Agent: - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 @@ -733,8 +733,8 @@ interactions: - '0' ParameterSetName: - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version - --aad-client-id --aad-client-secret --aad-client-secret-certificate-thumbprint - --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-app-secret + --aad-client-id --aad-client-secret-certificate-thumbprint + --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes User-Agent: - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) @@ -779,10 +779,10 @@ interactions: - request: body: '{"properties": {"enabled": true, "runtimeVersion": "1.2.8", "unauthenticatedClientAction": "RedirectToLoginPage", "tokenStoreEnabled": false, "defaultProvider": "Facebook", - "tokenRefreshExtensionHours": 7.2, "clientId": "aad_client_id", "clientSecret": - "aad_secret", "clientSecretCertificateThumbprint": "aad_thumbprint", "issuer": + "tokenRefreshExtensionHours": 7.2, "clientId": "aad_client_id", + "clientSecretCertificateThumbprint": "aad_thumbprint", "issuer": "https://issuer_url", "allowedAudiences": ["https://audience1"], "facebookAppId": - "facebook_id", "facebookAppSecret": "facebook_secret"}}' + "facebook_id"}}' headers: Accept: - application/json @@ -798,8 +798,8 @@ interactions: - application/json ParameterSetName: - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version - --aad-client-id --aad-client-secret --aad-client-secret-certificate-thumbprint - --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-app-secret + --aad-client-id --aad-client-secret-certificate-thumbprint + --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes User-Agent: - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) @@ -808,7 +808,7 @@ interactions: response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West - US","properties":{"enabled":true,"runtimeVersion":"1.2.8","configVersion":"v1","unauthenticatedClientAction":"RedirectToLoginPage","tokenStoreEnabled":false,"allowedExternalRedirectUrls":null,"defaultProvider":"Facebook","tokenRefreshExtensionHours":7.2,"clientId":"aad_client_id","clientSecret":"aad_secret","clientSecretSettingName":null,"clientSecretCertificateThumbprint":"aad_thumbprint","issuer":"https://issuer_url","allowedAudiences":["https://audience1"],"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":"facebook_id","facebookAppSecret":"facebook_secret","facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + US","properties":{"enabled":true,"runtimeVersion":"1.2.8","configVersion":"v1","unauthenticatedClientAction":"RedirectToLoginPage","tokenStoreEnabled":false,"allowedExternalRedirectUrls":null,"defaultProvider":"Facebook","tokenRefreshExtensionHours":7.2,"clientId":"aad_client_id","clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":"aad_thumbprint","issuer":"https://issuer_url","allowedAudiences":["https://audience1"],"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":"facebook_id","facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' headers: cache-control: - no-cache diff --git a/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py index 2b811c652a3..0f3432b2195 100644 --- a/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py +++ b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py @@ -60,22 +60,19 @@ def test_authV2_authclassic(self, resource_group): JMESPathCheck('tokenRefreshExtensionHours', None), JMESPathCheck('runtimeVersion', None), JMESPathCheck('clientId', None), - JMESPathCheck('clientSecret', None), JMESPathCheck('clientSecretCertificateThumbprint', None), JMESPathCheck('allowedAudiences', None), JMESPathCheck('issuer', None), JMESPathCheck('facebookAppId', None), - JMESPathCheck('facebookAppSecret', None), JMESPathCheck('facebookOauthScopes', None) ]) # update and verify result = self.cmd('webapp auth-classic update -g {} -n {} --enabled true --action LoginWithFacebook ' '--token-store false --token-refresh-extension-hours 7.2 --runtime-version 1.2.8 ' - '--aad-client-id aad_client_id --aad-client-secret aad_secret --aad-client-secret-certificate-thumbprint aad_thumbprint ' + '--aad-client-id aad_client_id --aad-client-secret-certificate-thumbprint aad_thumbprint ' '--aad-allowed-token-audiences https://audience1 --aad-token-issuer-url https://issuer_url ' - '--facebook-app-id facebook_id --facebook-app-secret facebook_secret ' - '--facebook-oauth-scopes public_profile email' + '--facebook-app-id facebook_id --facebook-oauth-scopes public_profile email' .format(resource_group, webapp_name)).assert_with_checks([ JMESPathCheck( 'unauthenticatedClientAction', 'RedirectToLoginPage'), @@ -85,10 +82,8 @@ def test_authV2_authclassic(self, resource_group): JMESPathCheck('tokenRefreshExtensionHours', 7.2), JMESPathCheck('runtimeVersion', '1.2.8'), JMESPathCheck('clientId', 'aad_client_id'), - JMESPathCheck('clientSecret', 'aad_secret'), JMESPathCheck('clientSecretCertificateThumbprint', 'aad_thumbprint'), JMESPathCheck('issuer', 'https://issuer_url'), - JMESPathCheck('facebookAppId', 'facebook_id'), - JMESPathCheck('facebookAppSecret', 'facebook_secret')]).get_output_in_json() + JMESPathCheck('facebookAppId', 'facebook_id')]).get_output_in_json() self.assertIn('https://audience1', result['allowedAudiences']) \ No newline at end of file From d732a0cfee83565577ae61b7d7178e3be359fa47 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Wed, 28 Jul 2021 15:49:15 -0700 Subject: [PATCH 24/30] try now --- .../latest/recordings/test_authV2_auth.yaml | 100 ++++++------- .../recordings/test_authV2_authclassic.yaml | 136 +++++++++--------- 2 files changed, 119 insertions(+), 117 deletions(-) diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml index fcd7d61abb0..1a37782ca75 100644 --- a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml @@ -13,12 +13,12 @@ interactions: ParameterSetName: - -g -n --sku User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-13T19:23:35Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-28T22:40:58Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -27,7 +27,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 13 Jul 2021 19:23:36 GMT + - Wed, 28 Jul 2021 22:41:04 GMT expires: - '-1' pragma: @@ -60,7 +60,7 @@ interactions: ParameterSetName: - -g -n --sku User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 response: @@ -74,7 +74,7 @@ interactions: content-type: - application/json date: - - Tue, 13 Jul 2021 19:23:37 GMT + - Wed, 28 Jul 2021 22:41:04 GMT expires: - '-1' pragma: @@ -112,12 +112,12 @@ interactions: ParameterSetName: - -g -n --sku User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-13T19:23:35Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-28T22:40:58Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -126,7 +126,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 13 Jul 2021 19:23:36 GMT + - Wed, 28 Jul 2021 22:41:04 GMT expires: - '-1' pragma: @@ -159,24 +159,24 @@ interactions: ParameterSetName: - -g -n --sku User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":8601,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_8601","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":19461,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_19461","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache content-length: - - '1728' + - '1730' content-type: - application/json date: - - Tue, 13 Jul 2021 19:23:43 GMT + - Wed, 28 Jul 2021 22:41:16 GMT etag: - - '"1D7781C972E5895"' + - '"1D78401AC3565D5"' expires: - '-1' pragma: @@ -194,7 +194,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1198' + - '1199' x-powered-by: - ASP.NET status: @@ -214,23 +214,23 @@ interactions: ParameterSetName: - -g -n --plan User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West - US","properties":{"serverFarmId":8601,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_8601","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + US","properties":{"serverFarmId":19461,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_19461","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache content-length: - - '1654' + - '1656' content-type: - application/json date: - - Tue, 13 Jul 2021 19:23:44 GMT + - Wed, 28 Jul 2021 22:41:17 GMT expires: - '-1' pragma: @@ -271,7 +271,7 @@ interactions: ParameterSetName: - -g -n --plan User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 response: @@ -285,7 +285,7 @@ interactions: content-type: - application/json date: - - Tue, 13 Jul 2021 19:23:44 GMT + - Wed, 28 Jul 2021 22:41:17 GMT expires: - '-1' pragma: @@ -323,23 +323,23 @@ interactions: ParameterSetName: - -g -n --plan User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West - US","properties":{"serverFarmId":8601,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_8601","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + US","properties":{"serverFarmId":19461,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_19461","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache content-length: - - '1654' + - '1656' content-type: - application/json date: - - Tue, 13 Jul 2021 19:23:44 GMT + - Wed, 28 Jul 2021 22:41:18 GMT expires: - '-1' pragma: @@ -379,7 +379,7 @@ interactions: ParameterSetName: - -g -n --plan User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Web/checknameavailability?api-version=2020-09-01 response: @@ -393,7 +393,7 @@ interactions: content-type: - application/json date: - - Tue, 13 Jul 2021 19:23:45 GMT + - Wed, 28 Jul 2021 22:41:19 GMT expires: - '-1' pragma: @@ -437,26 +437,26 @@ interactions: ParameterSetName: - -g -n --plan User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002?api-version=2020-09-01 response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002","name":"webapp-authentication-test000002","type":"Microsoft.Web/sites","kind":"app","location":"West - US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-167.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-13T19:23:47.2066667","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-165.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-28T22:41:23.5133333","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow all","description":"Allow all access"}],"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow - all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.51","possibleInboundIpAddresses":"40.112.243.51","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-167.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.112.243.51","possibleOutboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.83.193.17,40.83.193.61,40.83.193.165,40.83.199.124,40.83.198.205,40.83.206.10,40.83.206.58,40.83.206.250,40.83.192.100,40.83.207.2,13.64.97.227,40.83.200.13,40.83.200.129,40.83.200.182,40.83.207.31,13.64.152.226,13.64.152.98,13.64.159.199,40.83.139.224,40.83.198.242,13.64.156.139,13.64.156.238,13.64.152.10,13.64.153.132,40.112.243.51","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-167","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' + all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.50","possibleInboundIpAddresses":"40.112.243.50","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-165.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"13.64.16.238,13.64.95.102,13.91.127.75,13.64.88.215,13.64.94.44,13.64.98.140,40.112.243.50","possibleOutboundIpAddresses":"13.64.16.238,13.64.95.102,13.91.127.75,13.64.88.215,13.64.94.44,13.64.98.140,13.64.96.65,104.42.62.244,40.83.192.17,13.64.20.59,40.118.236.199,13.64.102.109,13.64.19.226,13.64.19.242,13.64.102.124,13.64.23.132,13.91.126.184,13.64.101.210,13.91.121.195,13.93.182.126,13.93.183.129,13.64.101.106,13.93.183.68,13.64.18.241,13.93.176.127,13.93.179.244,13.93.192.138,13.91.133.139,23.100.36.18,23.100.37.252,40.112.243.50","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-165","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' headers: cache-control: - no-cache content-length: - - '6804' + - '6801' content-type: - application/json date: - - Tue, 13 Jul 2021 19:24:02 GMT + - Wed, 28 Jul 2021 22:41:40 GMT etag: - - '"1D7781C9A81C955"' + - '"1D78401B1E61A80"' expires: - '-1' pragma: @@ -498,7 +498,7 @@ interactions: ParameterSetName: - -g -n --plan User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/publishxml?api-version=2020-09-01 response: @@ -506,18 +506,18 @@ interactions: string: headers: cache-control: - no-cache content-length: - - '1875' + - '2519' content-type: - application/xml date: - - Tue, 13 Jul 2021 19:24:11 GMT + - Wed, 28 Jul 2021 22:41:32 GMT expires: - '-1' pragma: @@ -566,7 +572,7 @@ interactions: ParameterSetName: - -g -n User-Agent: - - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 response: @@ -581,7 +587,7 @@ interactions: content-type: - application/json date: - - Tue, 13 Jul 2021 19:24:11 GMT + - Wed, 28 Jul 2021 22:41:32 GMT expires: - '-1' pragma: @@ -621,7 +627,7 @@ interactions: ParameterSetName: - -g -n User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings/list?api-version=2020-09-01 response: @@ -636,7 +642,7 @@ interactions: content-type: - application/json date: - - Tue, 13 Jul 2021 19:24:12 GMT + - Wed, 28 Jul 2021 22:41:33 GMT expires: - '-1' pragma: @@ -654,7 +660,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-resource-requests: - - '11998' + - '11999' x-powered-by: - ASP.NET status: @@ -675,11 +681,10 @@ interactions: - '0' ParameterSetName: - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version - --aad-client-id --aad-client-secret-certificate-thumbprint - --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id - --facebook-oauth-scopes + --aad-client-id --aad-client-secret-certificate-thumbprint --aad-allowed-token-audiences + --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes User-Agent: - - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.0 + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 response: @@ -694,7 +699,7 @@ interactions: content-type: - application/json date: - - Tue, 13 Jul 2021 19:24:13 GMT + - Wed, 28 Jul 2021 22:41:34 GMT expires: - '-1' pragma: @@ -733,11 +738,10 @@ interactions: - '0' ParameterSetName: - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version - --aad-client-id --aad-client-secret-certificate-thumbprint - --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id - --facebook-oauth-scopes + --aad-client-id --aad-client-secret-certificate-thumbprint --aad-allowed-token-audiences + --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: POST uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings/list?api-version=2020-09-01 response: @@ -752,7 +756,7 @@ interactions: content-type: - application/json date: - - Tue, 13 Jul 2021 19:24:14 GMT + - Wed, 28 Jul 2021 22:41:34 GMT expires: - '-1' pragma: @@ -770,7 +774,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-resource-requests: - - '11997' + - '11999' x-powered-by: - ASP.NET status: @@ -779,10 +783,9 @@ interactions: - request: body: '{"properties": {"enabled": true, "runtimeVersion": "1.2.8", "unauthenticatedClientAction": "RedirectToLoginPage", "tokenStoreEnabled": false, "defaultProvider": "Facebook", - "tokenRefreshExtensionHours": 7.2, "clientId": "aad_client_id", - "clientSecretCertificateThumbprint": "aad_thumbprint", "issuer": - "https://issuer_url", "allowedAudiences": ["https://audience1"], "facebookAppId": - "facebook_id"}}' + "tokenRefreshExtensionHours": 7.2, "clientId": "aad_client_id", "clientSecretCertificateThumbprint": + "aad_thumbprint", "issuer": "https://issuer_url", "allowedAudiences": ["https://audience1"], + "facebookAppId": "facebook_id"}}' headers: Accept: - application/json @@ -793,16 +796,15 @@ interactions: Connection: - keep-alive Content-Length: - - '469' + - '399' Content-Type: - application/json ParameterSetName: - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version - --aad-client-id --aad-client-secret-certificate-thumbprint - --aad-allowed-token-audiences --aad-token-issuer-url --facebook-app-id - --facebook-oauth-scopes + --aad-client-id --aad-client-secret-certificate-thumbprint --aad-allowed-token-audiences + --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes User-Agent: - - AZURECLI/2.26.0 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings?api-version=2020-09-01 response: @@ -813,13 +815,13 @@ interactions: cache-control: - no-cache content-length: - - '1466' + - '1445' content-type: - application/json date: - - Tue, 13 Jul 2021 19:24:15 GMT + - Wed, 28 Jul 2021 22:41:35 GMT etag: - - '"1D7781CAB365100"' + - '"1D78401B886E180"' expires: - '-1' pragma: @@ -837,7 +839,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1198' + - '1199' x-powered-by: - ASP.NET status: From 5d0eda73db1599a291129aa053448e38201c3be0 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 29 Jul 2021 13:25:15 -0700 Subject: [PATCH 25/30] try now --- src/authV2/azext_authV2/azext_metadata.json | 3 + .../latest/recordings/test_authV2_auth.yaml | 66 ++++++++--------- .../recordings/test_authV2_authclassic.yaml | 74 +++++++++---------- 3 files changed, 70 insertions(+), 73 deletions(-) diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json index 7a73a41bfdf..696d96f9cd9 100644 --- a/src/authV2/azext_authV2/azext_metadata.json +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -1,2 +1,5 @@ { + "azext.isPreview": true, + "azext.minCliCoreVersion": "2.0.67", + "azext.maxCliCoreVersion": "2.27.0" } \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml index 1a37782ca75..698e36c9c6e 100644 --- a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml @@ -18,7 +18,7 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-28T22:40:58Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-29T20:23:12Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -27,7 +27,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 28 Jul 2021 22:41:04 GMT + - Thu, 29 Jul 2021 20:23:18 GMT expires: - '-1' pragma: @@ -74,7 +74,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:04 GMT + - Thu, 29 Jul 2021 20:23:19 GMT expires: - '-1' pragma: @@ -117,7 +117,7 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-28T22:40:58Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-29T20:23:12Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -126,7 +126,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 28 Jul 2021 22:41:04 GMT + - Thu, 29 Jul 2021 20:23:19 GMT expires: - '-1' pragma: @@ -164,8 +164,8 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":19461,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_19461","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":11887,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_11887","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache @@ -174,9 +174,9 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:16 GMT + - Thu, 29 Jul 2021 20:23:23 GMT etag: - - '"1D78401AC3565D5"' + - '"1D784B7945892F5"' expires: - '-1' pragma: @@ -220,8 +220,8 @@ interactions: response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West - US","properties":{"serverFarmId":19461,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_19461","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + US","properties":{"serverFarmId":11887,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_11887","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache @@ -230,7 +230,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:17 GMT + - Thu, 29 Jul 2021 20:23:24 GMT expires: - '-1' pragma: @@ -285,7 +285,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:17 GMT + - Thu, 29 Jul 2021 20:23:24 GMT expires: - '-1' pragma: @@ -329,8 +329,8 @@ interactions: response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West - US","properties":{"serverFarmId":19461,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-165_19461","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + US","properties":{"serverFarmId":11887,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_11887","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache @@ -339,7 +339,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:18 GMT + - Thu, 29 Jul 2021 20:23:25 GMT expires: - '-1' pragma: @@ -393,7 +393,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:19 GMT + - Thu, 29 Jul 2021 20:23:25 GMT expires: - '-1' pragma: @@ -443,20 +443,20 @@ interactions: response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002","name":"webapp-authentication-test000002","type":"Microsoft.Web/sites","kind":"app","location":"West - US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-165.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-28T22:41:23.5133333","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-167.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-29T20:23:27.37","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow all","description":"Allow all access"}],"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow - all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.50","possibleInboundIpAddresses":"40.112.243.50","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-165.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"13.64.16.238,13.64.95.102,13.91.127.75,13.64.88.215,13.64.94.44,13.64.98.140,40.112.243.50","possibleOutboundIpAddresses":"13.64.16.238,13.64.95.102,13.91.127.75,13.64.88.215,13.64.94.44,13.64.98.140,13.64.96.65,104.42.62.244,40.83.192.17,13.64.20.59,40.118.236.199,13.64.102.109,13.64.19.226,13.64.19.242,13.64.102.124,13.64.23.132,13.91.126.184,13.64.101.210,13.91.121.195,13.93.182.126,13.93.183.129,13.64.101.106,13.93.183.68,13.64.18.241,13.93.176.127,13.93.179.244,13.93.192.138,13.91.133.139,23.100.36.18,23.100.37.252,40.112.243.50","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-165","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' + all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.51","possibleInboundIpAddresses":"40.112.243.51","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-167.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.112.243.51","possibleOutboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.83.193.17,40.83.193.61,40.83.193.165,40.83.199.124,40.83.198.205,40.83.206.10,40.83.206.58,40.83.206.250,40.83.192.100,40.83.207.2,13.64.97.227,40.83.200.13,40.83.200.129,40.83.200.182,40.83.207.31,13.64.152.226,13.64.152.98,13.64.159.199,40.83.139.224,40.83.198.242,13.64.156.139,13.64.156.238,13.64.152.10,13.64.153.132,40.112.243.51","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-167","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' headers: cache-control: - no-cache content-length: - - '6801' + - '6799' content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:40 GMT + - Thu, 29 Jul 2021 20:23:43 GMT etag: - - '"1D78401B1E61A80"' + - '"1D784B79709C340"' expires: - '-1' pragma: @@ -506,18 +506,18 @@ interactions: string: headers: cache-control: - no-cache content-length: - - '2519' + - '1875' content-type: - application/xml date: - - Wed, 28 Jul 2021 22:41:32 GMT + - Thu, 29 Jul 2021 20:24:03 GMT expires: - '-1' pragma: @@ -587,7 +581,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:32 GMT + - Thu, 29 Jul 2021 20:24:04 GMT expires: - '-1' pragma: @@ -642,7 +636,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:33 GMT + - Thu, 29 Jul 2021 20:24:04 GMT expires: - '-1' pragma: @@ -699,7 +693,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:34 GMT + - Thu, 29 Jul 2021 20:24:05 GMT expires: - '-1' pragma: @@ -756,7 +750,7 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:34 GMT + - Thu, 29 Jul 2021 20:24:06 GMT expires: - '-1' pragma: @@ -819,9 +813,9 @@ interactions: content-type: - application/json date: - - Wed, 28 Jul 2021 22:41:35 GMT + - Thu, 29 Jul 2021 20:24:08 GMT etag: - - '"1D78401B886E180"' + - '"1D784B7AE9A944B"' expires: - '-1' pragma: From 092cba85abb0a08c8b5684dab7ed083a32c7841f Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 29 Jul 2021 13:31:34 -0700 Subject: [PATCH 26/30] try now --- src/authV2/azext_authV2/azext_metadata.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json index 696d96f9cd9..a2f37531f6a 100644 --- a/src/authV2/azext_authV2/azext_metadata.json +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -1,5 +1,3 @@ { - "azext.isPreview": true, - "azext.minCliCoreVersion": "2.0.67", - "azext.maxCliCoreVersion": "2.27.0" + "azext.isPreview": true } \ No newline at end of file From 66a5c0c097eebcdedf3e0116b423bcbd992cb731 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 29 Jul 2021 13:52:58 -0700 Subject: [PATCH 27/30] try now --- src/authV2/azext_authV2/azext_metadata.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json index a2f37531f6a..696d96f9cd9 100644 --- a/src/authV2/azext_authV2/azext_metadata.json +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -1,3 +1,5 @@ { - "azext.isPreview": true + "azext.isPreview": true, + "azext.minCliCoreVersion": "2.0.67", + "azext.maxCliCoreVersion": "2.27.0" } \ No newline at end of file From 4f6284e7774b97f12e8cc5415e088e779a55ac87 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 29 Jul 2021 20:32:59 -0700 Subject: [PATCH 28/30] revert --- src/authV2/azext_authV2/azext_metadata.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json index 696d96f9cd9..7a73a41bfdf 100644 --- a/src/authV2/azext_authV2/azext_metadata.json +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -1,5 +1,2 @@ { - "azext.isPreview": true, - "azext.minCliCoreVersion": "2.0.67", - "azext.maxCliCoreVersion": "2.27.0" } \ No newline at end of file From 4b5ce91a0e3ac875bb74e51ced9fa6931ac002c0 Mon Sep 17 00:00:00 2001 From: Mitali Karmarkar Date: Thu, 29 Jul 2021 21:19:06 -0700 Subject: [PATCH 29/30] please --- .../latest/recordings/test_authV2_auth.yaml | 74 +++++++++---------- .../recordings/test_authV2_authclassic.yaml | 74 +++++++++---------- 2 files changed, 74 insertions(+), 74 deletions(-) diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml index 698e36c9c6e..22d46a3404e 100644 --- a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml @@ -18,7 +18,7 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-29T20:23:12Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -27,7 +27,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 29 Jul 2021 20:23:18 GMT + - Fri, 30 Jul 2021 04:17:20 GMT expires: - '-1' pragma: @@ -74,7 +74,7 @@ interactions: content-type: - application/json date: - - Thu, 29 Jul 2021 20:23:19 GMT + - Fri, 30 Jul 2021 04:17:21 GMT expires: - '-1' pragma: @@ -117,7 +117,7 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-29T20:23:12Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -126,7 +126,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 29 Jul 2021 20:23:19 GMT + - Fri, 30 Jul 2021 04:17:21 GMT expires: - '-1' pragma: @@ -164,19 +164,19 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":11887,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_11887","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":7489,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7489","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache content-length: - - '1730' + - '1728' content-type: - application/json date: - - Thu, 29 Jul 2021 20:23:23 GMT + - Fri, 30 Jul 2021 04:17:27 GMT etag: - - '"1D784B7945892F5"' + - '"1D784F9CDA53B40"' expires: - '-1' pragma: @@ -194,7 +194,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1198' x-powered-by: - ASP.NET status: @@ -220,17 +220,17 @@ interactions: response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West - US","properties":{"serverFarmId":11887,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_11887","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + US","properties":{"serverFarmId":7489,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7489","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache content-length: - - '1656' + - '1654' content-type: - application/json date: - - Thu, 29 Jul 2021 20:23:24 GMT + - Fri, 30 Jul 2021 04:17:28 GMT expires: - '-1' pragma: @@ -285,7 +285,7 @@ interactions: content-type: - application/json date: - - Thu, 29 Jul 2021 20:23:24 GMT + - Fri, 30 Jul 2021 04:17:28 GMT expires: - '-1' pragma: @@ -329,17 +329,17 @@ interactions: response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West - US","properties":{"serverFarmId":11887,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West - US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-167_11887","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + US","properties":{"serverFarmId":7489,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7489","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' headers: cache-control: - no-cache content-length: - - '1656' + - '1654' content-type: - application/json date: - - Thu, 29 Jul 2021 20:23:25 GMT + - Fri, 30 Jul 2021 04:17:28 GMT expires: - '-1' pragma: @@ -393,7 +393,7 @@ interactions: content-type: - application/json date: - - Thu, 29 Jul 2021 20:23:25 GMT + - Fri, 30 Jul 2021 04:17:29 GMT expires: - '-1' pragma: @@ -443,20 +443,20 @@ interactions: response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002","name":"webapp-authentication-test000002","type":"Microsoft.Web/sites","kind":"app","location":"West - US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-167.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-29T20:23:27.37","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-169.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-30T04:17:32.3966667","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow all","description":"Allow all access"}],"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow - all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.51","possibleInboundIpAddresses":"40.112.243.51","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-167.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.112.243.51","possibleOutboundIpAddresses":"104.42.127.143,157.56.167.51,13.64.94.96,13.64.97.113,13.64.101.6,13.64.103.54,40.83.193.17,40.83.193.61,40.83.193.165,40.83.199.124,40.83.198.205,40.83.206.10,40.83.206.58,40.83.206.250,40.83.192.100,40.83.207.2,13.64.97.227,40.83.200.13,40.83.200.129,40.83.200.182,40.83.207.31,13.64.152.226,13.64.152.98,13.64.159.199,40.83.139.224,40.83.198.242,13.64.156.139,13.64.156.238,13.64.152.10,13.64.153.132,40.112.243.51","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-167","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' + all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.52","possibleInboundIpAddresses":"40.112.243.52","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-169.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"40.118.186.137,13.91.222.184,13.91.220.11,40.78.46.223,13.91.220.212,13.91.220.232,40.112.243.52","possibleOutboundIpAddresses":"40.118.186.137,13.91.222.184,13.91.220.11,40.78.46.223,13.91.220.212,13.91.220.232,13.64.56.213,13.91.221.50,13.91.223.191,40.78.40.124,13.91.218.228,13.91.219.84,13.91.219.115,13.91.219.125,13.91.219.197,13.91.219.250,13.91.219.253,104.42.127.227,13.91.223.12,13.91.217.83,13.91.217.141,13.64.63.13,40.85.157.232,13.91.221.86,13.91.221.222,40.118.185.193,104.210.49.140,13.91.219.111,13.91.216.202,13.91.221.1,40.112.243.52","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-169","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' headers: cache-control: - no-cache content-length: - - '6799' + - '6815' content-type: - application/json date: - - Thu, 29 Jul 2021 20:23:43 GMT + - Fri, 30 Jul 2021 04:17:48 GMT etag: - - '"1D784B79709C340"' + - '"1D784F9D18CAEA0"' expires: - '-1' pragma: @@ -506,18 +506,18 @@ interactions: string: Date: Thu, 29 Jul 2021 21:36:26 -0700 Subject: [PATCH 30/30] now --- .../tests/latest/recordings/test_authV2_auth.yaml | 4 ++-- .../tests/latest/recordings/test_authV2_authclassic.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml index 22d46a3404e..1fff09e62f5 100644 --- a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml @@ -15,7 +15,7 @@ interactions: User-Agent: - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' @@ -114,7 +114,7 @@ interactions: User-Agent: - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml index e43ddd9e46a..ba1a8aaca83 100644 --- a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml @@ -15,7 +15,7 @@ interactions: User-Agent: - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' @@ -114,7 +114,7 @@ interactions: User-Agent: - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2020-10-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 response: body: string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}'