From 0f4bdd237b68354f9570cc713324c44839aa2c2f Mon Sep 17 00:00:00 2001 From: Feng Zhou Date: Tue, 26 Jan 2021 14:04:33 +0800 Subject: [PATCH 1/5] bump msal and msal-extensions --- src/azure-cli-core/azure/cli/core/_msal.py | 10 ++++------ src/azure-cli-core/setup.py | 4 ++-- src/azure-cli/requirements.py3.Darwin.txt | 2 ++ src/azure-cli/requirements.py3.Linux.txt | 2 ++ src/azure-cli/requirements.py3.windows.txt | 2 ++ 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/azure-cli-core/azure/cli/core/_msal.py b/src/azure-cli-core/azure/cli/core/_msal.py index 6c9960a68db..b6fba936a2a 100644 --- a/src/azure-cli-core/azure/cli/core/_msal.py +++ b/src/azure-cli-core/azure/cli/core/_msal.py @@ -19,16 +19,14 @@ def _acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family( def _acquire_token_silent_by_finding_specific_refresh_token( self, authority, scopes, query, - rt_remover=None, break_condition=lambda response: False, **kwargs): + rt_remover=None, break_condition=lambda response: False, + force_refresh=False, correlation_id=None, claims_challenge=None, **kwargs): refresh_token = kwargs.get('refresh_token', None) client = self._build_client(self.client_credential, authority) if 'refresh_token' in kwargs: kwargs.pop('refresh_token') - if 'force_refresh' in kwargs: - kwargs.pop('force_refresh') - if 'correlation_id' in kwargs: - kwargs.pop('correlation_id') - response = client.obtain_token_by_refresh_token(refresh_token, scope=scopes, **kwargs) + response = client.obtain_token_by_refresh_token( + {'refresh_token': refresh_token, 'credential_type': 'RefreshToken'}, scope=scopes, **kwargs) if "error" in response: raise CLIError("Get token failed. {error}: {error_description}".format(**response)) return response diff --git a/src/azure-cli-core/setup.py b/src/azure-cli-core/setup.py index c75441da71a..a027ad1a082 100644 --- a/src/azure-cli-core/setup.py +++ b/src/azure-cli-core/setup.py @@ -50,8 +50,8 @@ 'humanfriendly>=4.7,<10.0', 'jmespath', 'knack==0.8.0rc2', - 'msal~=1.0.0', - 'msal-extensions~=0.1.3', + 'msal~=1.3', + 'msal-extensions~=0.2', 'msrestazure>=0.6.3', 'paramiko>=2.0.8,<3.0.0', 'PyJWT', diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 878822df2df..a4d13958a40 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -106,6 +106,8 @@ jsmin==2.2.2 knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 +msal==1.8.0 +msal-extensions==0.3.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index 878822df2df..a4d13958a40 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -106,6 +106,8 @@ jsmin==2.2.2 knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 +msal==1.8.0 +msal-extensions==0.3.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index f960230452e..aff3ecc3901 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -105,6 +105,8 @@ jsmin==2.2.2 knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 +msal==1.8.0 +msal-extensions==0.3.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 From d337435516a333cb54dc11297ff88a6a2752477e Mon Sep 17 00:00:00 2001 From: Feng Zhou Date: Tue, 26 Jan 2021 15:40:23 +0800 Subject: [PATCH 2/5] bump portalocker --- src/azure-cli-telemetry/setup.py | 2 +- src/azure-cli/requirements.py3.Darwin.txt | 2 +- src/azure-cli/requirements.py3.Linux.txt | 2 +- src/azure-cli/requirements.py3.windows.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/azure-cli-telemetry/setup.py b/src/azure-cli-telemetry/setup.py index 8466c5ab0a5..f8d67387957 100755 --- a/src/azure-cli-telemetry/setup.py +++ b/src/azure-cli-telemetry/setup.py @@ -40,7 +40,7 @@ classifiers=CLASSIFIERS, install_requires=[ 'applicationinsights>=0.11.1,<0.12', - 'portalocker~=1.2', + 'portalocker~=1.6', ], packages=[ 'azure.cli.telemetry', diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index a4d13958a40..570fee4bd04 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -113,7 +113,7 @@ msrestazure==0.6.3 oauthlib==3.0.1 paramiko==2.6.0 pbr==5.3.1 -portalocker==1.4.0 +portalocker==1.7.1 psutil==5.7.2 pycparser==2.19 PyJWT==1.7.1 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index a4d13958a40..570fee4bd04 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -113,7 +113,7 @@ msrestazure==0.6.3 oauthlib==3.0.1 paramiko==2.6.0 pbr==5.3.1 -portalocker==1.4.0 +portalocker==1.7.1 psutil==5.7.2 pycparser==2.19 PyJWT==1.7.1 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index aff3ecc3901..b78084ca8e2 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -112,7 +112,7 @@ msrestazure==0.6.3 oauthlib==3.0.1 paramiko==2.6.0 pbr==5.3.1 -portalocker==1.2.1 +portalocker==1.7.1 psutil==5.7.2 pycparser==2.19 PyJWT==1.7.1 From 1815d30d809b1ded586efdecb91391f1a7b91e78 Mon Sep 17 00:00:00 2001 From: Feng Zhou Date: Tue, 26 Jan 2021 17:37:25 +0800 Subject: [PATCH 3/5] remove msal-extensions --- src/azure-cli-core/setup.py | 1 - src/azure-cli/requirements.py3.Darwin.txt | 1 - src/azure-cli/requirements.py3.Linux.txt | 1 - src/azure-cli/requirements.py3.windows.txt | 1 - 4 files changed, 4 deletions(-) diff --git a/src/azure-cli-core/setup.py b/src/azure-cli-core/setup.py index a027ad1a082..6855271e069 100644 --- a/src/azure-cli-core/setup.py +++ b/src/azure-cli-core/setup.py @@ -51,7 +51,6 @@ 'jmespath', 'knack==0.8.0rc2', 'msal~=1.3', - 'msal-extensions~=0.2', 'msrestazure>=0.6.3', 'paramiko>=2.0.8,<3.0.0', 'PyJWT', diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 570fee4bd04..36b2a8ff980 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -107,7 +107,6 @@ knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 msal==1.8.0 -msal-extensions==0.3.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index 570fee4bd04..36b2a8ff980 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -107,7 +107,6 @@ knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 msal==1.8.0 -msal-extensions==0.3.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index b78084ca8e2..ee6c56db778 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -106,7 +106,6 @@ knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 msal==1.8.0 -msal-extensions==0.3.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 From 519c636a487f00d0376e204b6729b5e79c113c0e Mon Sep 17 00:00:00 2001 From: Feng Zhou Date: Mon, 15 Feb 2021 12:57:53 +0800 Subject: [PATCH 4/5] bump msal to 1.9.0 --- src/azure-cli-core/azure/cli/core/_msal.py | 32 ------------------- src/azure-cli-core/azure/cli/core/_profile.py | 20 ++++-------- .../azure/cli/core/tests/test_profile.py | 2 +- src/azure-cli-core/setup.py | 2 +- src/azure-cli/requirements.py3.Darwin.txt | 2 +- src/azure-cli/requirements.py3.Linux.txt | 2 +- src/azure-cli/requirements.py3.windows.txt | 2 +- 7 files changed, 11 insertions(+), 51 deletions(-) delete mode 100644 src/azure-cli-core/azure/cli/core/_msal.py diff --git a/src/azure-cli-core/azure/cli/core/_msal.py b/src/azure-cli-core/azure/cli/core/_msal.py deleted file mode 100644 index b6fba936a2a..00000000000 --- a/src/azure-cli-core/azure/cli/core/_msal.py +++ /dev/null @@ -1,32 +0,0 @@ -# -------------------------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# -------------------------------------------------------------------------------------------- -from knack.util import CLIError -from msal import ClientApplication - - -class AdalRefreshTokenBasedClientApplication(ClientApplication): - """ - This is added only for vmssh feature. - It is a temporary solution and will deprecate after MSAL adopted completely. - """ - def _acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family( - self, authority, scopes, account, **kwargs): - # pylint: disable=line-too-long - return self._acquire_token_silent_by_finding_specific_refresh_token( - authority, scopes, None, **kwargs) - - def _acquire_token_silent_by_finding_specific_refresh_token( - self, authority, scopes, query, - rt_remover=None, break_condition=lambda response: False, - force_refresh=False, correlation_id=None, claims_challenge=None, **kwargs): - refresh_token = kwargs.get('refresh_token', None) - client = self._build_client(self.client_credential, authority) - if 'refresh_token' in kwargs: - kwargs.pop('refresh_token') - response = client.obtain_token_by_refresh_token( - {'refresh_token': refresh_token, 'credential_type': 'RefreshToken'}, scope=scopes, **kwargs) - if "error" in response: - raise CLIError("Get token failed. {error}: {error_description}".format(**response)) - return response diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py index 9a11f577ab8..0fa1dc82cf7 100644 --- a/src/azure-cli-core/azure/cli/core/_profile.py +++ b/src/azure-cli-core/azure/cli/core/_profile.py @@ -622,12 +622,16 @@ def get_msal_token(self, scopes, data): This is added only for vmssh feature. It is a temporary solution and will deprecate after MSAL adopted completely. """ + from msal import ClientApplication + import posixpath account = self.get_subscription() username = account[_USER_ENTITY][_USER_NAME] tenant = account[_TENANT_ID] or 'common' _, refresh_token, _, _ = self.get_refresh_token() - certificate = self._creds_cache.retrieve_msal_token(tenant, scopes, data, refresh_token) - return username, certificate + authority = posixpath.join(self.cli_ctx.cloud.endpoints.active_directory, tenant) + app = ClientApplication(_CLIENT_ID, authority=authority) + result = app.acquire_token_by_refresh_token(refresh_token, scopes, data=data) + return username, result["access_token"] def get_refresh_token(self, resource=None, subscription=None): @@ -1071,18 +1075,6 @@ def retrieve_token_for_user(self, username, tenant, resource): self.persist_cached_creds() return (token_entry[_TOKEN_ENTRY_TOKEN_TYPE], token_entry[_ACCESS_TOKEN], token_entry) - def retrieve_msal_token(self, tenant, scopes, data, refresh_token): - """ - This is added only for vmssh feature. - It is a temporary solution and will deprecate after MSAL adopted completely. - """ - from azure.cli.core._msal import AdalRefreshTokenBasedClientApplication - tenant = tenant or 'organizations' - authority = self._ctx.cloud.endpoints.active_directory + '/' + tenant - app = AdalRefreshTokenBasedClientApplication(_CLIENT_ID, authority=authority) - result = app.acquire_token_silent(scopes, None, data=data, refresh_token=refresh_token) - - return result["access_token"] def retrieve_token_for_service_principal(self, sp_id, resource, tenant, use_cert_sn_issuer=False): self.load_adal_token_cache() diff --git a/src/azure-cli-core/azure/cli/core/tests/test_profile.py b/src/azure-cli-core/azure/cli/core/tests/test_profile.py index f879fafd3fa..71605d36321 100644 --- a/src/azure-cli-core/azure/cli/core/tests/test_profile.py +++ b/src/azure-cli-core/azure/cli/core/tests/test_profile.py @@ -1939,7 +1939,7 @@ def test_find_using_specific_tenant(self, _get_authorization_code_mock, mock_aut self.assertEqual(all_subscriptions[0].home_tenant_id, home_tenant) @mock.patch('azure.cli.core._profile.CredsCache.retrieve_token_for_user', autospec=True) - @mock.patch('azure.cli.core._msal.AdalRefreshTokenBasedClientApplication._acquire_token_silent_by_finding_specific_refresh_token', autospec=True) + @mock.patch('msal.ClientApplication.acquire_token_by_refresh_token', autospec=True) def test_get_msal_token(self, mock_acquire_token, mock_retrieve_token_for_user): """ This is added only for vmssh feature. diff --git a/src/azure-cli-core/setup.py b/src/azure-cli-core/setup.py index 6855271e069..3847074cd9c 100644 --- a/src/azure-cli-core/setup.py +++ b/src/azure-cli-core/setup.py @@ -50,7 +50,7 @@ 'humanfriendly>=4.7,<10.0', 'jmespath', 'knack==0.8.0rc2', - 'msal~=1.3', + 'msal~=1.9', 'msrestazure>=0.6.3', 'paramiko>=2.0.8,<3.0.0', 'PyJWT', diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 36b2a8ff980..d922bf04f80 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -106,7 +106,7 @@ jsmin==2.2.2 knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 -msal==1.8.0 +msal==1.9.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index 36b2a8ff980..d922bf04f80 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -106,7 +106,7 @@ jsmin==2.2.2 knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 -msal==1.8.0 +msal==1.9.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index ee6c56db778..3c0b7ae5cc9 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -105,7 +105,7 @@ jsmin==2.2.2 knack==0.8.0rc2 MarkupSafe==1.1.1 mock==4.0.2 -msal==1.8.0 +msal==1.9.0 msrest==0.6.18 msrestazure==0.6.3 oauthlib==3.0.1 From d3b8f51c14dc5d80bdc6fcfef5fd2a39b03ea028 Mon Sep 17 00:00:00 2001 From: Feng Zhou Date: Tue, 16 Feb 2021 20:20:41 +0800 Subject: [PATCH 5/5] fix style --- src/azure-cli-core/azure/cli/core/_profile.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py index 0fa1dc82cf7..7a060f7667a 100644 --- a/src/azure-cli-core/azure/cli/core/_profile.py +++ b/src/azure-cli-core/azure/cli/core/_profile.py @@ -1075,7 +1075,6 @@ def retrieve_token_for_user(self, username, tenant, resource): self.persist_cached_creds() return (token_entry[_TOKEN_ENTRY_TOKEN_TYPE], token_entry[_ACCESS_TOKEN], token_entry) - def retrieve_token_for_service_principal(self, sp_id, resource, tenant, use_cert_sn_issuer=False): self.load_adal_token_cache() matched = [x for x in self._service_principal_creds if sp_id == x[_SERVICE_PRINCIPAL_ID]]