| 1234567891011121314151617181920212223242526272829303132 |
- def run(self, terms, variables, **kwargs):
- self.set_options(direct=kwargs)
- credentials = {}
- credentials['azure_client_id'] = self.get_option('azure_client_id', None)
- credentials['azure_secret'] = self.get_option('azure_secret', None)
- credentials['azure_tenant'] = self.get_option('azure_tenant', 'common')
- if credentials['azure_client_id'] is None or credentials['azure_secret'] is None:
- raise AnsibleError("Must specify azure_client_id and azure_secret")
- _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD
- if self.get_option('azure_cloud_environment', None) is not None:
- cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(credentials['azure_cloud_environment'])
- try:
- azure_credentials = ServicePrincipalCredentials(client_id=credentials['azure_client_id'],
- secret=credentials['azure_secret'],
- tenant=credentials['azure_tenant'],
- resource=_cloud_environment.endpoints.active_directory_graph_resource_id)
- client = GraphRbacManagementClient(azure_credentials, credentials['azure_tenant'],
- base_url=_cloud_environment.endpoints.active_directory_graph_resource_id)
- response = list(client.service_principals.list(filter="appId eq '{0}'".format(credentials['azure_client_id'])))
- sp = response[0]
- return sp.object_id.split(',')
- except CloudError as ex:
- raise AnsibleError("Failed to get service principal object id: %s" % to_native(ex))
- return False
|
