diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index eef2d49d302..7642db5b941 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -200,4 +200,6 @@ /src/serial-console/ @adrianabedon -/src/dataprotection/ @sambitratha \ No newline at end of file +/src/dataprotection/ @sambitratha + +/src/authV2/ @mkarmark diff --git a/src/authV2/HISTORY.rst b/src/authV2/HISTORY.rst new file mode 100644 index 00000000000..8c34bccfff8 --- /dev/null +++ b/src/authV2/HISTORY.rst @@ -0,0 +1,8 @@ +.. :changelog: + +Release History +=============== + +0.1.0 +++++++ +* Initial release. \ No newline at end of file diff --git a/src/authV2/README.rst b/src/authV2/README.rst new file mode 100644 index 00000000000..33022948174 --- /dev/null +++ b/src/authV2/README.rst @@ -0,0 +1,5 @@ +Microsoft Azure CLI 'authV2' Extension +========================================== + +This package is for the 'authV2' extension. +i.e. 'az authV2' \ No newline at end of file diff --git a/src/authV2/azext_authV2/__init__.py b/src/authV2/azext_authV2/__init__.py new file mode 100644 index 00000000000..0a5c6daac80 --- /dev/null +++ b/src/authV2/azext_authV2/__init__.py @@ -0,0 +1,28 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +from azure.cli.core import AzCommandsLoader + +from azext_authV2._help import helps # pylint: disable=unused-import + + +class Authv2CommandsLoader(AzCommandsLoader): + + def __init__(self, cli_ctx=None): + from azure.cli.core.commands import CliCommandType + authV2_custom = CliCommandType(operations_tmpl='azext_authV2.custom#{}') + super().__init__(cli_ctx=cli_ctx, custom_command_type=authV2_custom) + + def load_command_table(self, args): + from azext_authV2.commands import load_command_table + load_command_table(self, args) + return self.command_table + + def load_arguments(self, command): + from azext_authV2._params import load_arguments + load_arguments(self, command) + + +COMMAND_LOADER_CLS = Authv2CommandsLoader diff --git a/src/authV2/azext_authV2/_help.py b/src/authV2/azext_authV2/_help.py new file mode 100644 index 00000000000..239d4b92c0c --- /dev/null +++ b/src/authV2/azext_authV2/_help.py @@ -0,0 +1,311 @@ +# coding=utf-8 +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +from knack.help_files import helps # pylint: disable=unused-import + +helps['webapp auth'] = """ +type: group +short-summary: Manage webapp authentication and authorization in the v2 format. +""" + +helps['webapp auth show'] = """ +type: command +short-summary: Show the authentication settings for the webapp in the v2 format. +examples: + - name: Show the authentication settings for the webapp. (autogenerated) + text: az webapp auth show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth update'] = """ +type: command +short-summary: Update the authentication settings for the webapp in the v2 format. +examples: + - name: Update the client ID of the AAD provider already configured + text: > + az webapp auth update -g myResourceGroup --name MyWebApp --set identityProviders.azureActiveDirectory.registration.clientId=my-client-id + - name: Pin the runtime version of the app to 1.4.7 + text: > + az webapp auth update -g myResourceGroup --name MyWebApp --runtime-version 1.4.7 + - name: Configure the app with file based authentication by setting the config file path + text: > + az webapp auth update -g myResourceGroup --name MyWebApp --config-file-path D:\\home\\site\\wwwroot\\auth.json + - name: Configure the app to allow unauthenticated requests to hit the app. + text: > + az webapp auth update -g myResourceGroup --name MyWebApp --unauthenticated-client-action AllowAnonymous + - name: Configure the app to redirect unauthenticated requests to the Facebook provider + text: > + az webapp auth update -g myResourceGroup --name MyWebApp --redirect-provider Facebook + - name: Configure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO + text: > + az webapp auth update -g myResourceGroup --name MyWebApp --proxy-convention Standard +""" + +helps['webapp auth set'] = """ +type: command +short-summary: Sets the authentication settings for the webapp in the v2 format, overwriting any existing settings. +examples: + - name: Set the json saved in file auth.json as the auth settings for the web app, overwriting any existing settings. + text: > + az webapp auth set -g myResourceGroup --name MyWebApp --body @auth.json +""" + +helps['webapp auth config-version'] = """ +type: group +short-summary: Manage the state of the configuration version for the authentication settings for the webapp. Configuration version v1 refers to the /authSettings endpoints whereas v2 refers to the /authSettingsV2 endpoints. +""" + +helps['webapp auth config-version show'] = """ +type: command +short-summary: Show the configuration version of the authentication settings for the webapp. Configuration version v1 refers to the /authSettings endpoints whereas v2 refers to the /authSettingsV2 endpoints. +examples: + - name: Show the configuration version of the authentication settings for the webapp (autogenerated) + text: > + az webapp auth config-version show --name MyWebApp --resource-group MyResourceGroup +""" + +helps['webapp auth config-version revert'] = """ +type: command +short-summary: Reverts the configuration version of the authentication settings for the webapp from v2 to v1 (classic). +examples: + - name: Revert the configuration version of the authentication settings for the webapp from v2 to v1 (classic) (autogenerated) + text: > + az webapp auth config-version revert --name MyWebApp --resource-group MyResourceGroup +""" + +helps['webapp auth config-version upgrade'] = """ +type: command +short-summary: Upgrades the configuration version of the authentication settings for the webapp from v1 (classic) to v2. +examples: + - name: Upgrades the configuration version of the authentication settings for the webapp from v1 (classic) to v2 (autogenerated) + text: > + az webapp auth config-version upgrade --name MyWebApp --resource-group MyResourceGroup +""" + +helps['webapp auth-classic'] = """ +type: group +short-summary: Manage webapp authentication and authorization in the classic format. +""" + +helps['webapp auth-classic show'] = """ +type: command +short-summary: Show the authentication settings for the webapp in the classic format. +examples: + - name: Show the authentication settings for the webapp. (autogenerated) + text: az webapp auth-classic show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth-classic update'] = """ +type: command +short-summary: Update the authentication settings for the webapp in the classic format. +examples: + - name: Enable Azure Active Directory by enabling authentication and setting Azure Active Directory-associated parameters. Default provider is set to AAD. Must have created a AAD service principal beforehand. + text: > + az webapp auth-classic update -g myResourceGroup --name MyWebApp --enabled true \\ + --action LoginWithAzureActiveDirectory \\ + --aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \\ + --aad-client-id my-client-id --aad-client-secret very_secret_password \\ + --aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/ + - name: Enable Facebook authentication by setting FB-associated parameters and turning on public-profile and email scopes; allow anonymous users + text: > + az webapp auth-classic update -g myResourceGroup --name MyWebApp --action AllowAnonymous \\ + --facebook-app-id my_fb_id --facebook-app-secret my_fb_secret \\ + --facebook-oauth-scopes public_profile email +""" + +helps['webapp auth apple'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Apple identity provider. +""" + +helps['webapp auth apple show'] = """ +type: command +short-summary: Show the authentication settings for the Apple identity provider. +examples: + - name: Show the authentication settings for the Apple identity provider. (autogenerated) + text: az webapp auth apple show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth apple update'] = """ +type: command +short-summary: Update the client id and client secret for the Apple identity provider. +examples: + - name: Update the client id and client secret for the Apple identity provider. + text: > + az webapp auth apple update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password +""" + +helps['webapp auth facebook'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Facebook identity provider. +""" + +helps['webapp auth facebook show'] = """ +type: command +short-summary: Show the authentication settings for the Facebook identity provider. +examples: + - name: Show the authentication settings for the Facebook identity provider. (autogenerated) + text: az webapp auth facebook show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth facebook update'] = """ +type: command +short-summary: Update the app id and app secret for the Facebook identity provider. +examples: + - name: Update the app id and app secret for the Facebook identity provider. + text: > + az webapp auth facebook update -g myResourceGroup --name MyWebApp \\ + --app-id my-client-id --app-secret very_secret_password +""" + +helps['webapp auth github'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the GitHub identity provider. +""" + +helps['webapp auth github show'] = """ +type: command +short-summary: Show the authentication settings for the GitHub identity provider. +examples: + - name: Show the authentication settings for the GitHub identity provider. (autogenerated) + text: az webapp auth github show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth github update'] = """ +type: command +short-summary: Update the client id and client secret for the GitHub identity provider. +examples: + - name: Update the client id and client secret for the GitHub identity provider. + text: > + az webapp auth github update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password +""" + +helps['webapp auth google'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Google identity provider. +""" + +helps['webapp auth google show'] = """ +type: command +short-summary: Show the authentication settings for the Google identity provider. +examples: + - name: Show the authentication settings for the Google identity provider. (autogenerated) + text: az webapp auth google show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth google update'] = """ +type: command +short-summary: Update the client id and client secret for the Google identity provider. +examples: + - name: Update the client id and client secret for the Google identity provider. + text: > + az webapp auth google update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password +""" + +helps['webapp auth microsoft'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Microsoft identity provider. +""" + +helps['webapp auth microsoft show'] = """ +type: command +short-summary: Show the authentication settings for the Azure Active Directory identity provider. +examples: + - name: Show the authentication settings for the Azure Active Directory identity provider. (autogenerated) + text: az webapp auth microsoft show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth microsoft update'] = """ +type: command +short-summary: Update the client id and client secret for the Azure Active Directory identity provider. +examples: + - name: Update the open id issuer, client id and client secret for the Azure Active Directory identity provider. + text: > + az webapp auth microsoft update -g myResourceGroup --name MyWebApp \\ + --client-id my-client-id --client-secret very_secret_password \\ + --issuer https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/ +""" + +helps['webapp auth openid-connect'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the custom OpenID Connect identity providers. +""" + +helps['webapp auth openid-connect show'] = """ +type: command +short-summary: Show the authentication settings for the custom OpenID Connect identity provider. +examples: + - name: Show the authentication settings for the custom OpenID Connect identity provider. (autogenerated) + text: az webapp auth openid-connect show --name MyWebApp --resource-group MyResourceGroup \\ + --provider-name myOpenIdConnectProvider + crafted: true +""" + +helps['webapp auth openid-connect add'] = """ +type: command +short-summary: Configure a new custom OpenID Connect identity provider. +examples: + - name: Configure a new custom OpenID Connect identity provider. + text: > + az webapp auth openid-connect add -g myResourceGroup --name MyWebApp \\ + --provider-name myOpenIdConnectProvider --client-id my-client-id \\ + --client-secret-setting-name MY_SECRET_APP_SETTING \\ + --openid-configuration https://myopenidprovider.net/.well-known/openid-configuration +""" + +helps['webapp auth openid-connect update'] = """ +type: command +short-summary: Update the client id and client secret setting name for an existing custom OpenID Connect identity provider. +examples: + - name: Update the client id and client secret setting name for an existing custom OpenID Connect identity provider. + text: > + az webapp auth openid-connect update -g myResourceGroup --name MyWebApp \\ + --provider-name myOpenIdConnectProvider --client-id my-client-id \\ + --client-secret-setting-name MY_SECRET_APP_SETTING +""" + +helps['webapp auth openid-connect remove'] = """ +type: command +short-summary: Removes an existing custom OpenID Connect identity provider. +examples: + - name: Removes an existing custom OpenID Connect identity provider. + text: > + az webapp auth openid-connect remove --name MyWebApp --resource-group MyResourceGroup \\ + --provider-name myOpenIdConnectProvider +""" + +helps['webapp auth twitter'] = """ +type: group +short-summary: Manage webapp authentication and authorization of the Twitter identity provider. +""" + +helps['webapp auth twitter show'] = """ +type: command +short-summary: Show the authentication settings for the Twitter identity provider. +examples: + - name: Show the authentication settings for the Twitter identity provider. (autogenerated) + text: az webapp auth twitter show --name MyWebApp --resource-group MyResourceGroup + crafted: true +""" + +helps['webapp auth twitter update'] = """ +type: command +short-summary: Update the consumer key and consumer secret for the Twitter identity provider. +examples: + - name: Update the consumer key and consumer secret for the Twitter identity provider. + text: > + az webapp auth twitter update -g myResourceGroup --name MyWebApp \\ + --consumer-key my-client-id --consumer-secret very_secret_password +""" diff --git a/src/authV2/azext_authV2/_params.py b/src/authV2/azext_authV2/_params.py new file mode 100644 index 00000000000..328f3ccba92 --- /dev/null +++ b/src/authV2/azext_authV2/_params.py @@ -0,0 +1,231 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- +# pylint: disable=line-too-long + +from knack.arguments import CLIArgumentType + +from azure.cli.core.commands.parameters import (resource_group_name_type, get_resource_name_completion_list, + get_three_state_flag, get_enum_type) +from azure.cli.command_modules.appservice._params import AUTH_TYPES +from azure.cli.core.local_context import LocalContextAttribute, LocalContextAction + +UNAUTHENTICATED_CLIENT_ACTION = ['RedirectToLoginPage', 'AllowAnonymous', 'RejectWith401', 'RejectWith404'] +FORWARD_PROXY_CONVENTION = ['NoProxy', 'Standard', 'Custom'] + + +def load_arguments(self, _): + webapp_name_arg_type = CLIArgumentType(configured_default='web', options_list=['--name', '-n'], metavar='NAME', + completer=get_resource_name_completion_list('Microsoft.Web/sites'), + id_part='name', + help="name of the web app.", + local_context_attribute=LocalContextAttribute(name='web_name', actions=[ + LocalContextAction.GET])) + + with self.argument_context('webapp auth') as c: + c.argument('resource_group_name', arg_type=resource_group_name_type) + c.argument('slot', options_list=['--slot', '-s'], + help="the name of the slot. Default to the productions slot if not specified") + c.argument('name', arg_type=webapp_name_arg_type) + + with self.argument_context('webapp auth-classic') as c: + c.argument('resource_group_name', arg_type=resource_group_name_type) + c.argument('slot', options_list=['--slot', '-s'], + help="the name of the slot. Default to the productions slot if not specified") + c.argument('name', arg_type=webapp_name_arg_type) + + with self.argument_context('webapp auth set') as c: + c.argument('body', options_list=['--body', '-b'], + help='JSON representation of the configuration settings for the Azure App Service Authentication / Authorization V2 feature.') + + with self.argument_context('webapp auth update') as c: + c.argument('set_string', options_list=['--set'], + help='Value of a specific field within the configuration settings for the Azure App Service Authentication / Authorization V2 feature.') + c.argument('enabled', options_list=['--enabled'], arg_type=get_three_state_flag(return_label=True), + help='true if the Authentication / Authorization feature is enabled for the current app; otherwise, false.') + c.argument('runtime_version', options_list=['--runtime-version'], + help='The RuntimeVersion of the Authentication / Authorization feature in use for the current app.') + c.argument('config_file_path', options_list=['--config-file-path'], + help='The path of the config file containing auth settings if they come from a file.') + c.argument('unauthenticated_client_action', options_list=['--unauthenticated-client-action', '--action'], + arg_type=get_enum_type(UNAUTHENTICATED_CLIENT_ACTION), + help='The action to take when an unauthenticated client attempts to access the app.') + c.argument('redirect_provider', options_list=['--redirect-provider'], + help='The default authentication provider to use when multiple providers are configured.') + c.argument('enable_token_store', options_list=['--enable-token-store'], arg_type=get_three_state_flag(return_label=True), + help='true to durably store platform-specific security tokens that are obtained during login flows; otherwise, false.') + c.argument('require_https', options_list=['--require-https'], arg_type=get_three_state_flag(return_label=True), + help='false if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.') + c.argument('proxy_convention', options_list=['--proxy-convention'], arg_type=get_enum_type(FORWARD_PROXY_CONVENTION), + help='The convention used to determine the url of the request made.') + c.argument('proxy_custom_host_header', options_list=['--proxy-custom-host-header', '--custom-host-header'], + help='The name of the header containing the host of the request.') + c.argument('proxy_custom_proto_header', options_list=['--proxy-custom-proto-header', '--custom-proto-header'], + help='The name of the header containing the scheme of the request.') + + with self.argument_context('webapp auth microsoft update') as c: + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of this relying party application, known as the client_id.') + c.argument('client_secret', options_list=['--client-secret'], + help='AAD application secret') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret of the relying party application.') + c.argument('issuer', options_list=['--issuer'], + help='The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application.') + c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences', '--allowed-audiences'], + help='The configuration settings of the allowed list of audiences from which to validate the JWT token.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + + with self.argument_context('webapp auth facebook update') as c: + c.argument('app_id', options_list=['--app-id'], + help='The App ID of the app used for login.') + c.argument('app_secret', options_list=['--app-secret'], + help='The app secret.') + c.argument('app_secret_setting_name', options_list=['--app-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the app secret.') + c.argument('graph_api_version', options_list=['--graph-api-version'], + help='The version of the Facebook api to be used while logging in.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + + with self.argument_context('webapp auth github update') as c: + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('client_secret', options_list=['--client-secret'], + help='The client secret.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + + with self.argument_context('webapp auth google update') as c: + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret', options_list=['--client-secret'], + help='The client secret.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + c.argument('allowed_token_audiences', options_list=['--allowed-token-audiences', '--allowed-audiences'], + help='The configuration settings of the allowed list of audiences from which to validate the JWT token.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + + with self.argument_context('webapp auth twitter update') as c: + c.argument('consumer_key', options_list=['--consumer-key'], + help='The OAuth 1.0a consumer key of the Twitter application used for sign-in.') + c.argument('consumer_secret', options_list=['--consumer-secret'], + help='The consumer secret.') + c.argument('consumer_secret_setting_name', options_list=['--consumer-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the OAuth 1.0a consumer secret of the Twitter.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + + with self.argument_context('webapp auth apple update') as c: + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret', options_list=['--client-secret'], + help='The client secret.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + + with self.argument_context('webapp auth openid-connect show') as c: + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') + + with self.argument_context('webapp auth openid-connect add') as c: + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('openid_configuration', options_list=['--openid-configuration'], + help='The endpoint that contains all the configuration endpoints for the provider.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + + with self.argument_context('webapp auth openid-connect update') as c: + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') + c.argument('client_id', options_list=['--client-id'], + help='The Client ID of the app used for login.') + c.argument('client_secret_setting_name', options_list=['--client-secret-setting-name', '--secret-setting'], + help='The app setting name that contains the client secret.') + c.argument('openid_configuration', options_list=['--openid-configuration'], + help='The endpoint that contains all the configuration endpoints for the provider.') + c.argument('scopes', options_list=['--scopes'], + help='A list of the scopes that should be requested while authenticating.') + + with self.argument_context('webapp auth openid-connect remove') as c: + c.argument('provider_name', options_list=['--provider-name'], required=True, + help='The name of the custom OpenID Connect provider.') + + with self.argument_context('webapp auth-classic update') as c: + c.argument('enabled', arg_type=get_three_state_flag(return_label=True), + help='true if the Authentication / Authorization feature is enabled for the current app; otherwise, false.') + c.argument('token_store_enabled', options_list=['--token-store'], + arg_type=get_three_state_flag(return_label=True), help='use App Service Token Store') + c.argument('action', arg_type=get_enum_type(AUTH_TYPES), + help='The action to take when an unauthenticated client attempts to access the app.') + c.argument('runtime_version', + help='Runtime version of the Authentication/Authorization feature in use for the current app') + c.argument('token_refresh_extension_hours', type=float, options_list=['--token-refresh-extension-hours', '--token-refresh-hours'], + help="Hours, must be formattable into a float") + c.argument('allowed_external_redirect_urls', options_list=['--allowed-redirect-urls'], nargs='+', + help="One or more urls (space-delimited).") + c.argument('client_id', options_list=['--aad-client-id'], arg_group='Azure Active Directory', + help='Application ID to integrate AAD organization account Sign-in into your web app') + c.argument('client_secret', options_list=['--aad-client-secret'], arg_group='Azure Active Directory', + help='AAD application secret') + c.argument('client_secret_setting_name', options_list=['--aad-client-secret-setting-name', '--aad-secret-setting'], arg_group='Azure Active Directory', + help='The app setting name that contains the client secret of the relying party application.') + c.argument('client_secret_certificate_thumbprint', options_list=['--aad-client-secret-certificate-thumbprint', '--thumbprint'], arg_group='Azure Active Directory', + help='Alternative to AAD Client Secret, thumbprint of a certificate used for signing purposes') + c.argument('allowed_audiences', nargs='+', options_list=['--aad-allowed-token-audiences', '--allowed-audiences'], + arg_group='Azure Active Directory', help="One or more token audiences (space-delimited).") + c.argument('issuer', options_list=['--aad-token-issuer-url'], + help='This url can be found in the JSON output returned from your active directory endpoint using your tenantID. The endpoint can be queried from `az cloud show` at \"endpoints.activeDirectory\". ' + 'The tenantID can be found using `az account show`. Get the \"issuer\" from the JSON at //.well-known/openid-configuration.', + arg_group='Azure Active Directory') + c.argument('facebook_app_id', arg_group='Facebook', + help="Application ID to integrate Facebook Sign-in into your web app") + c.argument('facebook_app_secret', arg_group='Facebook', help='Facebook Application client secret') + c.argument('facebook_app_secret_setting_name', arg_group='Facebook', options_list=['--facebook-app-secret-setting-name', '--fb-secret-setting'], + help='The app setting name that contains the app secret used for Facebook Login.') + c.argument('facebook_oauth_scopes', nargs='+', + help="One or more facebook authentication scopes (space-delimited).", arg_group='Facebook') + c.argument('twitter_consumer_key', arg_group='Twitter', + help='Application ID to integrate Twitter Sign-in into your web app') + c.argument('twitter_consumer_secret', arg_group='Twitter', options_list=['--twitter-consumer-secret', '--twitter-secret'], + help='Twitter Application client secret') + c.argument('twitter_consumer_secret_setting_name', arg_group='Twitter', options_list=['--twitter-consumer-secret-setting-name', '--twitter-secret-setting'], + help='The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.') + c.argument('google_client_id', arg_group='Google', + help='Application ID to integrate Google Sign-in into your web app') + c.argument('google_client_secret', arg_group='Google', help='Google Application client secret') + c.argument('google_client_secret_setting_name', arg_group='Google', options_list=['--google-client-secret-setting-name', '--google-secret-setting'], + help='The app setting name that contains the client secret associated with the Google web application.') + c.argument('google_oauth_scopes', nargs='+', help="One or more Google authentication scopes (space-delimited).", + arg_group='Google') + c.argument('microsoft_account_client_id', arg_group='Microsoft', options_list=['--microsoft-account-client-id', '--msa-client'], + help="AAD V2 Application ID to integrate Microsoft account Sign-in into your web app") + c.argument('microsoft_account_client_secret', arg_group='Microsoft', options_list=['--microsoft-account-client-secret', '--msa-secret'], + help='AAD V2 Application client secret') + c.argument('microsoft_account_client_secret_setting_name', arg_group='Microsoft', options_list=['--microsoft-account-client-secret-setting-name', '--msa-secret-setting'], + help='The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.') + c.argument('microsoft_account_oauth_scopes', nargs='+', options_list=['--microsoft-account-oauth-scopes', '--msa-scopes'], + help="One or more Microsoft authentification scopes (space-delimited).", arg_group='Microsoft') + c.argument('git_hub_client_id', options_list=['--github-client-id'], arg_group='GitHub', + help="The Client Id of the GitHub app used for login.") + c.argument('git_hub_client_secret', options_list=['--github-client-secret'], arg_group='GitHub', + help="The Client Secret of the GitHub app used for login.") + c.argument('git_hub_client_secret_setting_name', arg_group='GitHub', options_list=['--github-client-secret-setting-name', '--github-secret-setting'], + help="The app setting name that contains the client secret of the Github app used for GitHub Login.") + c.argument('git_hub_o_auth_scopes', options_list=['--github-oauth-scopes', '--github-scopes'], arg_group='GitHub', + help="The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication.") diff --git a/src/authV2/azext_authV2/azext_metadata.json b/src/authV2/azext_authV2/azext_metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/src/authV2/azext_authV2/azext_metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/src/authV2/azext_authV2/commands.py b/src/authV2/azext_authV2/commands.py new file mode 100644 index 00000000000..961fbaba953 --- /dev/null +++ b/src/authV2/azext_authV2/commands.py @@ -0,0 +1,50 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + + +def load_command_table(self, _): + with self.command_group('webapp auth') as g: + g.custom_show_command('show', 'get_auth_settings_v2') + g.custom_command('set', 'set_auth_settings_v2') + g.custom_command('update', 'update_auth_settings_v2') + + with self.command_group('webapp auth config-version') as g: + g.custom_show_command('show', 'get_config_version') + g.custom_command('revert', 'revert_to_auth_settings') + g.custom_command('upgrade', 'upgrade_to_auth_settings_v2') + + with self.command_group('webapp auth microsoft') as g: + g.custom_show_command('show', 'get_aad_settings') + g.custom_command('update', 'update_aad_settings') + + with self.command_group('webapp auth facebook') as g: + g.custom_show_command('show', 'get_facebook_settings') + g.custom_command('update', 'update_facebook_settings') + + with self.command_group('webapp auth github') as g: + g.custom_show_command('show', 'get_github_settings') + g.custom_command('update', 'update_github_settings') + + with self.command_group('webapp auth google') as g: + g.custom_show_command('show', 'get_google_settings') + g.custom_command('update', 'update_google_settings') + + with self.command_group('webapp auth twitter') as g: + g.custom_show_command('show', 'get_twitter_settings') + g.custom_command('update', 'update_twitter_settings') + + with self.command_group('webapp auth apple') as g: + g.custom_show_command('show', 'get_apple_settings') + g.custom_command('update', 'update_apple_settings') + + with self.command_group('webapp auth openid-connect') as g: + g.custom_show_command('show', 'get_openid_connect_provider_settings') + g.custom_command('add', 'add_openid_connect_provider_settings') + g.custom_command('update', 'update_openid_connect_provider_settings') + g.custom_command('remove', 'remove_openid_connect_provider_settings') + + with self.command_group('webapp auth-classic') as g: + g.custom_show_command('show', 'get_auth_settings') + g.custom_command('update', 'update_auth_classic_settings') diff --git a/src/authV2/azext_authV2/custom.py b/src/authV2/azext_authV2/custom.py new file mode 100644 index 00000000000..58c8200ae04 --- /dev/null +++ b/src/authV2/azext_authV2/custom.py @@ -0,0 +1,850 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- +import json +from knack.prompting import prompt_y_n +from knack.util import CLIError +from azure.cli.core.util import send_raw_request +from azure.cli.command_modules.appservice._appservice_utils import _generic_site_operation +from azure.cli.command_modules.appservice.custom import update_app_settings +from azure.cli.core.commands.client_factory import get_subscription_id +from azure.cli.command_modules.appservice._params import AUTH_TYPES + +MICROSOFT_SECRET_SETTING_NAME = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET" +FACEBOOK_SECRET_SETTING_NAME = "FACEBOOK_PROVIDER_AUTHENTICATION_SECRET" +GITHUB_SECRET_SETTING_NAME = "GITHUB_PROVIDER_AUTHENTICATION_SECRET" +GOOGLE_SECRET_SETTING_NAME = "GOOGLE_PROVIDER_AUTHENTICATION_SECRET" +MSA_SECRET_SETTING_NAME = "MSA_PROVIDER_AUTHENTICATION_SECRET" +TWITTER_SECRET_SETTING_NAME = "TWITTER_PROVIDER_AUTHENTICATION_SECRET" + + +# region rest calls + + +def get_resource_id(cmd, resource_group_name, name, slot): + sub_id = get_subscription_id(cmd.cli_ctx) + + # TODO: Replace ARM call with SDK API after fixing swagger issues + resource_id = "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Web/sites/{}".format( + sub_id, + resource_group_name, + name) + if slot is not None: + resource_id = resource_id + "/slots" + slot + return resource_id + + +def get_auth_settings_v2(cmd, resource_group_name, name, slot=None): + resource_id = get_resource_id(cmd, resource_group_name, name, slot) + management_hostname = cmd.cli_ctx.cloud.endpoints.resource_manager + request_url = "{}/{}/{}?api-version={}".format( + management_hostname.strip('/'), + resource_id, + "config/authSettingsV2/list", + "2020-12-01") + + # TODO: Replace ARM call with SDK API after fixing swagger issues + r = send_raw_request(cmd.cli_ctx, "GET", request_url) + return r.json() + + +def update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_settings_v2, slot=None): # pylint: disable=unused-argument + final_json = { + "properties": site_auth_settings_v2 + } + + resource_id = get_resource_id(cmd, resource_group_name, name, slot) + management_hostname = cmd.cli_ctx.cloud.endpoints.resource_manager + request_url = "{}/{}/{}?api-version={}".format( + management_hostname.strip('/'), + resource_id, + "config/authSettingsV2", + "2020-12-01") + + # TODO: Replace ARM call with SDK API after fixing swagger issues + r = send_raw_request(cmd.cli_ctx, "PUT", request_url, None, None, json.dumps(final_json)) + return r.json()["properties"] + + +def is_auth_v2_app(cmd, resource_group_name, name, slot=None): + resource_id = get_resource_id(cmd, resource_group_name, name, slot) + management_hostname = cmd.cli_ctx.cloud.endpoints.resource_manager + request_url = "{}/{}/{}?api-version={}".format( + management_hostname.strip('/'), + resource_id, + "config/authSettings/list", + "2020-12-01") + + # TODO: Replace ARM call with SDK API after fixing swagger issues + r = send_raw_request(cmd.cli_ctx, "POST", request_url) + return r.json()["properties"]["configVersion"] == "v2" +# endregion + +# region webapp auth + + +def set_auth_settings_v2(cmd, resource_group_name, name, body=None, slot=None): # pylint: disable=unused-argument + if body is None: + json_object = None + else: + json_object = json.loads(body) + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot) + + +def update_auth_settings_v2(cmd, resource_group_name, name, set_string=None, enabled=None, # pylint: disable=unused-argument + runtime_version=None, config_file_path=None, unauthenticated_client_action=None, # pylint: disable=unused-argument + redirect_provider=None, enable_token_store=None, require_https=None, # pylint: disable=unused-argument + proxy_convention=None, proxy_custom_host_header=None, # pylint: disable=unused-argument + proxy_custom_proto_header=None, slot=None): # pylint: disable=unused-argument + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + existing_auth = set_field_in_auth_settings(existing_auth, set_string) + + if enabled is not None: + if "platform" not in existing_auth.keys(): + existing_auth["platform"] = {} + existing_auth["platform"]["enabled"] = enabled + + if runtime_version is not None: + if "platform" not in existing_auth.keys(): + existing_auth["platform"] = {} + existing_auth["platform"]["runtimeVersion"] = runtime_version + + if config_file_path is not None: + if "platform" not in existing_auth.keys(): + existing_auth["platform"] = {} + existing_auth["platform"]["configFilePath"] = config_file_path + + if unauthenticated_client_action is not None: + if "globalValidation" not in existing_auth.keys(): + existing_auth["globalValidation"] = {} + existing_auth["globalValidation"]["unauthenticatedClientAction"] = unauthenticated_client_action + + if redirect_provider is not None: + if "globalValidation" not in existing_auth.keys(): + existing_auth["globalValidation"] = {} + existing_auth["globalValidation"]["redirectToProvider"] = redirect_provider + + if enable_token_store is not None: + if "login" not in existing_auth.keys(): + existing_auth["login"] = {} + if "tokenStore" not in existing_auth["login"].keys(): + existing_auth["login"]["tokenStore"] = {} + existing_auth["login"]["tokenStore"]["enabled"] = enable_token_store + + existing_auth = update_http_settings_in_auth_settings(existing_auth, require_https, + proxy_convention, proxy_custom_host_header, + proxy_custom_proto_header) + + json_object = existing_auth + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot) +# endregion + +# region webapp auth config-version + + +def upgrade_to_auth_settings_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + if is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp auth upgrade when the app is using auth v2.') + prep_auth_settings_for_v2(cmd, resource_group_name, name, slot) + site_auth_settings_v2 = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, site_auth_settings_v2, slot) + + +def get_config_version(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + isV2 = is_auth_v2_app(cmd, resource_group_name, name, slot) + config_version = "v1" + if isV2: + config_version = "v2" + return { + "configVersion": config_version + } + + +def revert_to_auth_settings(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + if not is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp auth revert when the app is using auth v1.') + site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + set_auth_settings_v2(cmd, resource_group_name, name, None, slot) + update_auth_classic_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, + site_auth_settings.runtime_version, + site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, site_auth_settings.client_secret, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, + site_auth_settings.facebook_app_id, + site_auth_settings.facebook_app_secret, site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, site_auth_settings.twitter_consumer_secret, + site_auth_settings.google_client_id, site_auth_settings.google_client_secret, + site_auth_settings.google_o_auth_scopes, + site_auth_settings.microsoft_account_client_id, + site_auth_settings.microsoft_account_client_secret, + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, site_auth_settings.git_hub_client_secret, + site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, + site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, + site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, + site_auth_settings.git_hub_client_secret_setting_name) +# endregion + +# region helper methods + + +def set_field_in_auth_settings_recursive(field_name_split, field_value, auth_settings): + if len(field_name_split) == 1: + auth_settings[field_name_split[0]] = field_value + return auth_settings + + remaining_field_names = field_name_split[1:] + if field_name_split[0] not in auth_settings.keys(): + auth_settings[field_name_split[0]] = {} + auth_settings[field_name_split[0]] = set_field_in_auth_settings_recursive(remaining_field_names, + field_value, + auth_settings[field_name_split[0]]) + return auth_settings + + +def set_field_in_auth_settings(auth_settings, set_string): + if set_string is not None: + split1 = set_string.split("=") + fieldName = split1[0] + fieldValue = split1[1] + split2 = fieldName.split(".") + auth_settings = set_field_in_auth_settings_recursive(split2, fieldValue, auth_settings) + return auth_settings + + +def update_http_settings_in_auth_settings(auth_settings, require_https, proxy_convention, + proxy_custom_host_header, proxy_custom_proto_header): + if require_https is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + auth_settings["httpSettings"]["requireHttps"] = require_https + + if proxy_convention is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + if "forwardProxy" not in auth_settings["httpSettings"].keys(): + auth_settings["httpSettings"]["forwardProxy"] = {} + auth_settings["httpSettings"]["forwardProxy"]["convention"] = proxy_convention + + if proxy_custom_host_header is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + if "forwardProxy" not in auth_settings["httpSettings"].keys(): + auth_settings["httpSettings"]["forwardProxy"] = {} + auth_settings["httpSettings"]["forwardProxy"]["customHostHeaderName"] = proxy_custom_host_header + + if proxy_custom_proto_header is not None: + if "httpSettings" not in auth_settings.keys(): + auth_settings["httpSettings"] = {} + if "forwardProxy" not in auth_settings["httpSettings"].keys(): + auth_settings["httpSettings"]["forwardProxy"] = {} + auth_settings["httpSettings"]["forwardProxy"]["customProtoHeaderName"] = proxy_custom_proto_header + + return auth_settings + + +def is_auth_runtime_version_valid(runtime_version=None): + if runtime_version is None: + return True + if runtime_version.startswith("~") and len(runtime_version) > 1: + try: + int(runtime_version[1:]) + except ValueError: + return False + return True + split_versions = runtime_version.split('.') + if len(split_versions) != 3: + return False + for version in split_versions: + try: + int(version) + except ValueError: + return False + return True + + +def prep_auth_settings_for_v2(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + site_auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + settings = [] + if site_auth_settings.client_secret is not None: + settings.append(MICROSOFT_SECRET_SETTING_NAME + '=' + site_auth_settings.client_secret) + site_auth_settings.client_secret_setting_name = MICROSOFT_SECRET_SETTING_NAME + if site_auth_settings.facebook_app_secret is not None: + settings.append(FACEBOOK_SECRET_SETTING_NAME + '=' + site_auth_settings.facebook_app_secret) + site_auth_settings.facebook_app_secret_setting_name = FACEBOOK_SECRET_SETTING_NAME + if site_auth_settings.git_hub_client_secret is not None: + settings.append(GITHUB_SECRET_SETTING_NAME + '=' + site_auth_settings.git_hub_client_secret) + site_auth_settings.git_hub_client_secret_setting_name = GITHUB_SECRET_SETTING_NAME + if site_auth_settings.google_client_secret is not None: + settings.append(GOOGLE_SECRET_SETTING_NAME + '=' + site_auth_settings.google_client_secret) + site_auth_settings.google_client_secret_setting_name = GOOGLE_SECRET_SETTING_NAME + if site_auth_settings.microsoft_account_client_secret is not None: + settings.append(MSA_SECRET_SETTING_NAME + '=' + site_auth_settings.microsoft_account_client_secret) + site_auth_settings.microsoft_account_client_secret_setting_name = MSA_SECRET_SETTING_NAME + if site_auth_settings.twitter_consumer_secret is not None: + settings.append(TWITTER_SECRET_SETTING_NAME + '=' + site_auth_settings.twitter_consumer_secret) + site_auth_settings.twitter_consumer_secret_setting_name = TWITTER_SECRET_SETTING_NAME + if len(settings) > 0: + update_app_settings(cmd, resource_group_name, name, settings, slot) + remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot) + update_auth_classic_settings(cmd, resource_group_name, name, site_auth_settings.enabled, None, + site_auth_settings.client_id, site_auth_settings.token_store_enabled, + site_auth_settings.runtime_version, site_auth_settings.token_refresh_extension_hours, + site_auth_settings.allowed_external_redirect_urls, None, + site_auth_settings.client_secret_certificate_thumbprint, + site_auth_settings.allowed_audiences, site_auth_settings.issuer, + site_auth_settings.facebook_app_id, None, + site_auth_settings.facebook_o_auth_scopes, + site_auth_settings.twitter_consumer_key, None, + site_auth_settings.google_client_id, None, + site_auth_settings.google_o_auth_scopes, + site_auth_settings.microsoft_account_client_id, + None, + site_auth_settings.microsoft_account_o_auth_scopes, slot, + site_auth_settings.git_hub_client_id, None, + site_auth_settings.git_hub_o_auth_scopes, + site_auth_settings.client_secret_setting_name, + site_auth_settings.facebook_app_secret_setting_name, + site_auth_settings.google_client_secret_setting_name, + site_auth_settings.microsoft_account_client_secret_setting_name, + site_auth_settings.twitter_consumer_secret_setting_name, + site_auth_settings.git_hub_client_secret_setting_name) + + +def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + auth_settings.client_secret = "" + auth_settings.facebook_app_secret = "" + auth_settings.git_hub_client_secret = "" + auth_settings.google_client_secret = "" + auth_settings.microsoft_account_client_secret = "" + auth_settings.twitter_consumer_secret_setting_name = "" + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, + 'update_auth_settings', slot, auth_settings) +# endregion + +# region webapp auth-classic + + +def get_auth_settings(cmd, resource_group_name, name, slot=None): + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get_auth_settings', slot) + + +def update_auth_classic_settings(cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument + client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument + token_refresh_extension_hours=None, # pylint: disable=unused-argument + allowed_external_redirect_urls=None, client_secret=None, # pylint: disable=unused-argument + client_secret_certificate_thumbprint=None, # pylint: disable=unused-argument + allowed_audiences=None, issuer=None, facebook_app_id=None, # pylint: disable=unused-argument + facebook_app_secret=None, facebook_oauth_scopes=None, # pylint: disable=unused-argument + twitter_consumer_key=None, twitter_consumer_secret=None, # pylint: disable=unused-argument + google_client_id=None, google_client_secret=None, # pylint: disable=unused-argument + google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument + microsoft_account_client_secret=None, # pylint: disable=unused-argument + microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument + git_hub_client_id=None, git_hub_client_secret=None, # pylint: disable=unused-argument + git_hub_o_auth_scopes=None, # pylint: disable=unused-argument + client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument + google_client_secret_setting_name=None, # pylint: disable=unused-argument + microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument + twitter_consumer_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument + if is_auth_v2_app(cmd, resource_group_name, name, slot): + raise CLIError('Usage Error: Cannot use command az webapp auth-classic update when the app ' + 'is using auth v2. If you wish to revert the app to v1, run az webapp auth revert') + + auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) + if action == 'AllowAnonymous': + auth_settings.unauthenticated_client_action = 'AllowAnonymous' + elif action: + auth_settings.unauthenticated_client_action = 'RedirectToLoginPage' + auth_settings.default_provider = AUTH_TYPES[action] + # validate runtime version + if not is_auth_runtime_version_valid(runtime_version): + raise CLIError('Usage Error: --runtime-version set to invalid value') + + import inspect + frame = inspect.currentframe() + bool_flags = ['enabled', 'token_store_enabled'] + # note: getargvalues is used already in azure.cli.core.commands. + # and no simple functional replacement for this deprecating method for 3.5 + args, _, _, values = inspect.getargvalues(frame) # pylint: disable=deprecated-method + + for arg in args[2:]: + if values.get(arg, None): + setattr(auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') + + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings) +# endregion + +# region webapp auth microsoft + + +def get_aad_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "azureActiveDirectory" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["azureActiveDirectory"] + + +def update_aad_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + issuer=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot both be ' + 'configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add app settings ' + 'to the web app.') + + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} + validation = {} + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "azureActiveDirectory" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["azureActiveDirectory"] = {} + if (client_id is not None or client_secret is not None or + client_secret_setting_name is not None or issuer is not None): + if "registration" not in existing_auth["identityProviders"]["azureActiveDirectory"].keys(): + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"] = {} + registration = existing_auth["identityProviders"]["azureActiveDirectory"]["registration"] + if allowed_token_audiences is not None: + if "validation" not in existing_auth["identityProviders"]["azureActiveDirectory"].keys(): + existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] = {} + validation = existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] + + if client_id is not None: + registration["clientId"] = client_id + if client_secret_setting_name is not None: + registration["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + registration["clientSecretSettingName"] = MICROSOFT_SECRET_SETTING_NAME + settings = [] + settings.append(MICROSOFT_SECRET_SETTING_NAME + '=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) + if issuer is not None: + registration["openIdIssuer"] = issuer + if allowed_token_audiences is not None: + validation["allowedAudiences"] = allowed_token_audiences.split(",") + existing_auth["identityProviders"]["azureActiveDirectory"]["validation"] = validation + if (client_id is not None or client_secret is not None or + client_secret_setting_name is not None or issuer is not None): + existing_auth["identityProviders"]["azureActiveDirectory"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["azureActiveDirectory"] +# endregion + +# region webapp auth facebook + + +def get_facebook_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "facebook" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["facebook"] + + +def update_facebook_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + app_id=None, app_secret_setting_name=None, # pylint: disable=unused-argument + graph_api_version=None, scopes=None, app_secret=None, yes=False): # pylint: disable=unused-argument + if app_secret is not None and app_secret_setting_name is not None: + raise CLIError('Usage Error: --app-secret and --app-secret-setting-name cannot both be configured ' + 'to non empty strings') + + if app_secret is not None and not yes: + msg = 'Configuring --app-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + raise CLIError('Usage Error: --app-secret cannot be used without agreeing to add app ' + 'settings to the web app.') + + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "facebook" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["facebook"] = {} + if app_id is not None or app_secret is not None or app_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["facebook"].keys(): + existing_auth["identityProviders"]["facebook"]["registration"] = {} + registration = existing_auth["identityProviders"]["facebook"]["registration"] + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["facebook"].keys(): + existing_auth["identityProviders"]["facebook"]["login"] = {} + + if app_id is not None: + registration["appId"] = app_id + if app_secret_setting_name is not None: + registration["appSecretSettingName"] = app_secret_setting_name + if app_secret is not None: + registration["appSecretSettingName"] = FACEBOOK_SECRET_SETTING_NAME + settings = [] + settings.append(FACEBOOK_SECRET_SETTING_NAME + '=' + app_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) + if graph_api_version is not None: + existing_auth["identityProviders"]["facebook"]["graphApiVersion"] = graph_api_version + if scopes is not None: + existing_auth["identityProviders"]["facebook"]["login"]["scopes"] = scopes.split(",") + if app_id is not None or app_secret is not None or app_secret_setting_name is not None: + existing_auth["identityProviders"]["facebook"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["facebook"] +# endregion + +# region webapp auth github + + +def get_github_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "gitHub" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["gitHub"] + + +def update_github_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot ' + 'both be configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add ' + 'app settings to the web app.') + + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "gitHub" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["gitHub"] = {} + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["gitHub"].keys(): + existing_auth["identityProviders"]["gitHub"]["registration"] = {} + registration = existing_auth["identityProviders"]["gitHub"]["registration"] + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["gitHub"].keys(): + existing_auth["identityProviders"]["gitHub"]["login"] = {} + + if client_id is not None: + registration["clientId"] = client_id + if client_secret_setting_name is not None: + registration["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + registration["clientSecretSettingName"] = GITHUB_SECRET_SETTING_NAME + settings = [] + settings.append(GITHUB_SECRET_SETTING_NAME + '=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) + if scopes is not None: + existing_auth["identityProviders"]["gitHub"]["login"]["scopes"] = scopes.split(",") + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + existing_auth["identityProviders"]["gitHub"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["gitHub"] +# endregion + +# region webapp auth google + + +def get_google_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "google" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["google"] + + +def update_google_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None, allowed_token_audiences=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name cannot ' + 'both be configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + raise CLIError('Usage Error: --client-secret cannot be used without agreeing to add ' + 'app settings to the web app.') + + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} + validation = {} + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "google" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["google"] = {} + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["google"].keys(): + existing_auth["identityProviders"]["google"]["registration"] = {} + registration = existing_auth["identityProviders"]["google"]["registration"] + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["google"].keys(): + existing_auth["identityProviders"]["google"]["login"] = {} + if allowed_token_audiences is not None: + if "validation" not in existing_auth["identityProviders"]["google"].keys(): + existing_auth["identityProviders"]["google"]["validation"] = {} + + if client_id is not None: + registration["clientId"] = client_id + if client_secret_setting_name is not None: + registration["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + registration["clientSecretSettingName"] = GOOGLE_SECRET_SETTING_NAME + settings = [] + settings.append(GOOGLE_SECRET_SETTING_NAME + '=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) + if scopes is not None: + existing_auth["identityProviders"]["google"]["login"]["scopes"] = scopes.split(",") + if allowed_token_audiences is not None: + validation["allowedAudiences"] = allowed_token_audiences.split(",") + existing_auth["identityProviders"]["google"]["validation"] = validation + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + existing_auth["identityProviders"]["google"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["google"] +# endregion + +# region webapp auth twitter + + +def get_twitter_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "twitter" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["twitter"] + + +def update_twitter_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + consumer_key=None, consumer_secret_setting_name=None, # pylint: disable=unused-argument + consumer_secret=None, yes=False): # pylint: disable=unused-argument + if consumer_secret is not None and consumer_secret_setting_name is not None: + raise CLIError('Usage Error: --consumer-secret and --consumer-secret-setting-name cannot ' + 'both be configured to non empty strings') + + if consumer_secret is not None and not yes: + msg = 'Configuring --consumer-secret will add app settings to the web app. Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + raise CLIError('Usage Error: --consumer-secret cannot be used without agreeing ' + 'to add app settings to the web app.') + + registration = {} + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "twitter" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["twitter"] = {} + if consumer_key is not None or consumer_secret is not None or consumer_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["twitter"].keys(): + existing_auth["identityProviders"]["twitter"]["registration"] = {} + registration = existing_auth["identityProviders"]["twitter"]["registration"] + + if consumer_key is not None: + registration["consumerKey"] = consumer_key + if consumer_secret_setting_name is not None: + registration["consumerSecretSettingName"] = consumer_secret_setting_name + if consumer_secret is not None: + registration["consumerSecretSettingName"] = TWITTER_SECRET_SETTING_NAME + settings = [] + settings.append(TWITTER_SECRET_SETTING_NAME + '=' + consumer_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) + if consumer_key is not None or consumer_secret is not None or consumer_secret_setting_name is not None: + existing_auth["identityProviders"]["twitter"]["registration"] = registration + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["twitter"] +# endregion + +# region webapp auth apple + + +def get_apple_settings(cmd, resource_group_name, name, slot=None): + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + return {} + if "apple" not in auth_settings["identityProviders"].keys(): + return {} + return auth_settings["identityProviders"]["apple"] + + +def update_apple_settings(cmd, resource_group_name, name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + scopes=None, client_secret=None, yes=False): # pylint: disable=unused-argument + if client_secret is not None and client_secret_setting_name is not None: + raise CLIError('Usage Error: --client-secret and --client-secret-setting-name ' + 'cannot both be configured to non empty strings') + + if client_secret is not None and not yes: + msg = 'Configuring --client-secret will add app settings to the web app. ' \ + 'Are you sure you want to continue?' + if not prompt_y_n(msg, default="n"): + raise CLIError('Usage Error: --client-secret cannot be used without agreeing ' + 'to add app settings to the web app.') + + existing_auth = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + registration = {} + if "identityProviders" not in existing_auth.keys(): + existing_auth["identityProviders"] = {} + if "apple" not in existing_auth["identityProviders"].keys(): + existing_auth["identityProviders"]["apple"] = {} + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + if "registration" not in existing_auth["identityProviders"]["apple"].keys(): + existing_auth["identityProviders"]["apple"]["registration"] = {} + registration = existing_auth["identityProviders"]["apple"]["registration"] + if scopes is not None: + if "login" not in existing_auth["identityProviders"]["apple"].keys(): + existing_auth["identityProviders"]["apple"]["login"] = {} + + if client_id is not None: + registration["clientId"] = client_id + if client_secret_setting_name is not None: + registration["clientSecretSettingName"] = client_secret_setting_name + if client_secret is not None: + registration["clientSecretSettingName"] = 'APPLE_PROVIDER_AUTHENTICATION_SECRET' + settings = [] + settings.append('APPLE_PROVIDER_AUTHENTICATION_SECRET=' + client_secret) + update_app_settings(cmd, resource_group_name, name, settings, slot) + if scopes is not None: + existing_auth["identityProviders"]["apple"]["login"]["scopes"] = scopes.split(",") + if client_id is not None or client_secret is not None or client_secret_setting_name is not None: + existing_auth["identityProviders"]["apple"]["registration"] = registration + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, existing_auth, slot) + return updated_auth_settings["identityProviders"]["apple"] +# endregion + +# region webapp auth openid-connect + + +def get_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + return auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] + + +def add_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + auth_settings["identityProviders"] = {} + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + auth_settings["identityProviders"]["customOpenIdConnectProviders"] = {} + if provider_name in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider has already been ' + 'configured: ' + provider_name + '. Please use az webapp auth oidc update to ' + 'update the provider.') + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] = { + "registration": { + "clientId": client_id, + "clientCredential": { + "clientSecretSettingName": client_secret_setting_name + }, + "openIdConnectConfiguration": { + "wellKnownOpenIdConfiguration": openid_configuration + } + } + } + if scopes is not None: + login = {} + login["scopes"] = scopes.split(',') + auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name]["login"] = login + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot) + return updated_auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] + + +def update_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None, # pylint: disable=unused-argument + client_id=None, client_secret_setting_name=None, # pylint: disable=unused-argument + openid_configuration=None, scopes=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + + custom_open_id_connect_providers = auth_settings["identityProviders"]["customOpenIdConnectProviders"] + registration = {} + if client_id is not None or client_secret_setting_name is not None or openid_configuration is not None: + if "registration" not in custom_open_id_connect_providers[provider_name].keys(): + custom_open_id_connect_providers[provider_name]["registration"] = {} + registration = custom_open_id_connect_providers[provider_name]["registration"] + + if client_secret_setting_name is not None: + if "clientCredential" not in custom_open_id_connect_providers[provider_name]["registration"].keys(): + custom_open_id_connect_providers[provider_name]["registration"]["clientCredential"] = {} + + if openid_configuration is not None: + if "openIdConnectConfiguration" not in custom_open_id_connect_providers[provider_name]["registration"].keys(): + custom_open_id_connect_providers[provider_name]["registration"]["openIdConnectConfiguration"] = {} + + if scopes is not None: + if "login" not in auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name].keys(): + custom_open_id_connect_providers[provider_name]["login"] = {} + + if client_id is not None: + registration["clientId"] = client_id + if client_secret_setting_name is not None: + registration["clientCredential"]["clientSecretSettingName"] = client_secret_setting_name + if openid_configuration is not None: + registration["openIdConnectConfiguration"]["wellKnownOpenIdConfiguration"] = openid_configuration + if scopes is not None: + custom_open_id_connect_providers[provider_name]["login"]["scopes"] = scopes.split(",") + if client_id is not None or client_secret_setting_name is not None or openid_configuration is not None: + custom_open_id_connect_providers[provider_name]["registration"] = registration + auth_settings["identityProviders"]["customOpenIdConnectProviders"] = custom_open_id_connect_providers + + updated_auth_settings = update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot) + return updated_auth_settings["identityProviders"]["customOpenIdConnectProviders"][provider_name] + + +def remove_openid_connect_provider_settings(cmd, resource_group_name, name, provider_name, slot=None): # pylint: disable=unused-argument + auth_settings = get_auth_settings_v2(cmd, resource_group_name, name, slot)["properties"] + if "identityProviders" not in auth_settings.keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + if "customOpenIdConnectProviders" not in auth_settings["identityProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + if provider_name not in auth_settings["identityProviders"]["customOpenIdConnectProviders"].keys(): + raise CLIError('Usage Error: The following custom OpenID Connect provider ' + 'has not been configured: ' + provider_name) + auth_settings["identityProviders"]["customOpenIdConnectProviders"].pop(provider_name, None) + update_auth_settings_v2_rest_call(cmd, resource_group_name, name, auth_settings, slot) + return {} +# endregion diff --git a/src/authV2/azext_authV2/tests/__init__.py b/src/authV2/azext_authV2/tests/__init__.py new file mode 100644 index 00000000000..2dcf9bb68b3 --- /dev/null +++ b/src/authV2/azext_authV2/tests/__init__.py @@ -0,0 +1,5 @@ +# ----------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# ----------------------------------------------------------------------------- \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/__init__.py b/src/authV2/azext_authV2/tests/latest/__init__.py new file mode 100644 index 00000000000..2dcf9bb68b3 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/__init__.py @@ -0,0 +1,5 @@ +# ----------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# ----------------------------------------------------------------------------- \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/authv2runtimeversionupdated.json b/src/authV2/azext_authV2/tests/latest/authv2runtimeversionupdated.json new file mode 100644 index 00000000000..3f569377203 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/authv2runtimeversionupdated.json @@ -0,0 +1,83 @@ +{ + "globalValidation": { + "requireAuthentication": true, + "unauthenticatedClientAction": "RedirectToLoginPage" + }, + "httpSettings": { + "forwardProxy": { + "convention": "NoProxy" + }, + "requireHttps": true, + "routes": { + "apiPrefix": "/.auth" + } + }, + "identityProviders": { + "apple": { + "enabled": true, + "login": {}, + "registration": {} + }, + "azureActiveDirectory": { + "enabled": true, + "login": { + "disableWWWAuthenticate": false + }, + "registration": {}, + "validation": { + "defaultAuthorizationPolicy": { + "allowedPrincipals": {} + }, + "jwtClaimChecks": {} + } + }, + "facebook": { + "enabled": true, + "login": {}, + "registration": {} + }, + "gitHub": { + "enabled": true, + "login": {}, + "registration": {} + }, + "google": { + "enabled": true, + "login": {}, + "registration": {}, + "validation": {} + }, + "legacyMicrosoftAccount": { + "enabled": true, + "login": {}, + "registration": {}, + "validation": {} + }, + "twitter": { + "enabled": true, + "registration": {} + } + }, + "login": { + "cookieExpiration": { + "convention": "FixedTime", + "timeToExpiration": "08:00:00" + }, + "nonce": { + "nonceExpirationInterval": "00:05:00", + "validateNonce": true + }, + "preserveUrlFragmentsForLogins": false, + "routes": {}, + "tokenStore": { + "azureBlobStorage": {}, + "enabled": false, + "fileSystem": {}, + "tokenRefreshExtensionHours": 72.0 + } + }, + "platform": { + "enabled": true, + "runtimeVersion": "1.2.8" + } +} \ No newline at end of file diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml new file mode 100644 index 00000000000..1fff09e62f5 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_auth.yaml @@ -0,0 +1,769 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Fri, 30 Jul 2021 04:17:20 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-plan000003", "type": "Microsoft.Web/serverfarms", + "location": "westus", "properties": {"skuName": "S1", "capacity": 1}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '159' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:21 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Fri, 30 Jul 2021 04:17:21 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus", "sku": {"name": "S1", "tier": "STANDARD", "capacity": + 1}, "properties": {"perSiteScaling": false, "isXenon": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '139' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":7489,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7489","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1728' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:27 GMT + etag: + - '"1D784F9CDA53B40"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":7489,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7489","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1654' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:28 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Microsoft.Web/sites", + "location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '361' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:28 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":7489,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7489","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1654' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:28 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Site"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '68' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Web/checknameavailability?api-version=2020-09-01 + response: + body: + string: '{"nameAvailable":true,"reason":"","message":""}' + headers: + cache-control: + - no-cache + content-length: + - '47' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:29 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003", + "reserved": false, "isXenon": false, "hyperV": false, "siteConfig": {"netFrameworkVersion": + "v4.6", "appSettings": [{"name": "WEBSITE_NODE_DEFAULT_VERSION", "value": "10.14.1"}], + "alwaysOn": true, "localMySqlEnabled": false, "http20Enabled": true}, "scmSiteAlsoStopped": + false, "httpsOnly": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '576' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002","name":"webapp-authentication-test000002","type":"Microsoft.Web/sites","kind":"app","location":"West + US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-169.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-30T04:17:32.3966667","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.52","possibleInboundIpAddresses":"40.112.243.52","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-169.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"40.118.186.137,13.91.222.184,13.91.220.11,40.78.46.223,13.91.220.212,13.91.220.232,40.112.243.52","possibleOutboundIpAddresses":"40.118.186.137,13.91.222.184,13.91.220.11,40.78.46.223,13.91.220.212,13.91.220.232,13.64.56.213,13.91.221.50,13.91.223.191,40.78.40.124,13.91.218.228,13.91.219.84,13.91.219.115,13.91.219.125,13.91.219.197,13.91.219.250,13.91.219.253,104.42.127.227,13.91.223.12,13.91.217.83,13.91.217.141,13.64.63.13,40.85.157.232,13.91.221.86,13.91.221.222,40.118.185.193,104.210.49.140,13.91.219.111,13.91.216.202,13.91.221.1,40.112.243.52","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-169","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' + headers: + cache-control: + - no-cache + content-length: + - '6815' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:48 GMT + etag: + - '"1D784F9D18CAEA0"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '499' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"format": "WebDeploy"}' + headers: + Accept: + - application/xml + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '23' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/publishxml?api-version=2020-09-01 + response: + body: + string: + headers: + cache-control: + - no-cache + content-length: + - '1875' + content-type: + - application/xml + date: + - Fri, 30 Jul 2021 04:17:49 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth config-version show + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:49 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth show + Connection: + - keep-alive + ParameterSetName: + - -g -n + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettingsV2/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West + US","properties":{}}' + headers: + cache-control: + - no-cache + content-length: + - '341' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:49 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth update + Connection: + - keep-alive + ParameterSetName: + - -g -n --enabled --runtime-version + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettingsV2/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West + US","properties":{}}' + headers: + cache-control: + - no-cache + content-length: + - '341' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:50 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"properties": {"platform": {"enabled": "true", "runtimeVersion": "1.2.8"}}}' + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth update + Connection: + - keep-alive + Content-Length: + - '76' + Content-Type: + - application/json + ParameterSetName: + - -g -n --enabled --runtime-version + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettingsV2?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"platform":{"enabled":true,"runtimeVersion":"1.2.8"},"globalValidation":{"requireAuthentication":true,"unauthenticatedClientAction":"RedirectToLoginPage"},"identityProviders":{"azureActiveDirectory":{"enabled":true,"registration":{},"login":{"disableWWWAuthenticate":false},"validation":{"jwtClaimChecks":{},"defaultAuthorizationPolicy":{"allowedPrincipals":{}}}},"facebook":{"enabled":true,"registration":{},"login":{}},"gitHub":{"enabled":true,"registration":{},"login":{}},"google":{"enabled":true,"registration":{},"login":{},"validation":{}},"legacyMicrosoftAccount":{"enabled":true,"registration":{},"login":{},"validation":{}},"twitter":{"enabled":true,"registration":{}},"apple":{"enabled":true,"registration":{},"login":{}}},"login":{"routes":{},"tokenStore":{"enabled":false,"tokenRefreshExtensionHours":72.0,"fileSystem":{},"azureBlobStorage":{}},"preserveUrlFragmentsForLogins":false,"cookieExpiration":{"convention":"FixedTime","timeToExpiration":"08:00:00"},"nonce":{"validateNonce":true,"nonceExpirationInterval":"00:05:00"}},"httpSettings":{"requireHttps":true,"routes":{"apiPrefix":"/.auth"},"forwardProxy":{"convention":"NoProxy"}}}}' + headers: + cache-control: + - no-cache + content-length: + - '1490' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:50 GMT + etag: + - '"1D784F9DC7FB8C0"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml new file mode 100644 index 00000000000..ba1a8aaca83 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/recordings/test_authV2_authclassic.yaml @@ -0,0 +1,842 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Fri, 30 Jul 2021 04:17:19 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-plan000003", "type": "Microsoft.Web/serverfarms", + "location": "westus", "properties": {"skuName": "S1", "capacity": 1}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '159' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:20 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-resource/18.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_authV2000001?api-version=2021-04-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001","name":"cli_test_authV2000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2021-07-30T04:17:19Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '428' + content-type: + - application/json; charset=utf-8 + date: + - Fri, 30 Jul 2021 04:17:21 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus", "sku": {"name": "S1", "tier": "STANDARD", "capacity": + 1}, "properties": {"perSiteScaling": false, "isXenon": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - appservice plan create + Connection: + - keep-alive + Content-Length: + - '139' + Content-Type: + - application/json + ParameterSetName: + - -g -n --sku + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"westus","properties":{"serverFarmId":7488,"name":"webapp-authentication-plan000003","sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1},"workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":0,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7488","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1728' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:27 GMT + etag: + - '"1D784F9CD57EB95"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1197' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":7488,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7488","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1654' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:27 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Microsoft.Web/sites", + "location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '361' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/validate?api-version=2020-09-01 + response: + body: + string: '{"status":"Success","error":null}' + headers: + cache-control: + - no-cache + content-length: + - '33' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:27 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","name":"webapp-authentication-plan000003","type":"Microsoft.Web/serverfarms","kind":"app","location":"West + US","properties":{"serverFarmId":7488,"name":"webapp-authentication-plan000003","workerSize":"Default","workerSizeId":0,"workerTierName":null,"numberOfWorkers":1,"currentWorkerSize":"Default","currentWorkerSizeId":0,"currentNumberOfWorkers":1,"status":"Ready","webSpace":"cli_test_authV2000001-WestUSwebspace","subscription":"e7d12d69-614e-4bc8-98cb-c93ab4e91017","adminSiteName":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"maximumNumberOfWorkers":10,"planName":"VirtualDedicatedPlan","adminRuntimeSiteName":null,"computeMode":"Dedicated","siteMode":null,"geoRegion":"West + US","perSiteScaling":false,"elasticScaleEnabled":false,"maximumElasticWorkerCount":1,"numberOfSites":0,"hostingEnvironmentId":null,"isSpot":false,"spotExpirationTime":null,"freeOfferExpirationTime":null,"tags":null,"kind":"app","resourceGroup":"cli_test_authV2000001","reserved":false,"isXenon":false,"hyperV":false,"mdmId":"waws-prod-bay-169_7488","targetWorkerCount":0,"targetWorkerSizeId":0,"provisioningState":"Succeeded","webSiteId":null,"existingServerFarmIds":null,"kubeEnvironmentProfile":null,"zoneRedundant":false},"sku":{"name":"S1","tier":"Standard","size":"S1","family":"S","capacity":1}}' + headers: + cache-control: + - no-cache + content-length: + - '1654' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:28 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"name": "webapp-authentication-test000002", "type": "Site"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '68' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Web/checknameavailability?api-version=2020-09-01 + response: + body: + string: '{"nameAvailable":true,"reason":"","message":""}' + headers: + cache-control: + - no-cache + content-length: + - '47' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:29 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"location": "West US", "properties": {"serverFarmId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003", + "reserved": false, "isXenon": false, "hyperV": false, "siteConfig": {"netFrameworkVersion": + "v4.6", "appSettings": [{"name": "WEBSITE_NODE_DEFAULT_VERSION", "value": "10.14.1"}], + "alwaysOn": true, "localMySqlEnabled": false, "http20Enabled": true}, "scmSiteAlsoStopped": + false, "httpsOnly": false}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '576' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002","name":"webapp-authentication-test000002","type":"Microsoft.Web/sites","kind":"app","location":"West + US","properties":{"name":"webapp-authentication-test000002","state":"Running","hostNames":["webapp-authentication-test000002.azurewebsites.net"],"webSpace":"cli_test_authV2000001-WestUSwebspace","selfLink":"https://waws-prod-bay-169.api.azurewebsites.windows.net:454/subscriptions/00000000-0000-0000-0000-000000000000/webspaces/cli_test_authV2000001-WestUSwebspace/sites/webapp-authentication-test000002","repositorySiteName":"webapp-authentication-test000002","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"enabledHostNames":["webapp-authentication-test000002.azurewebsites.net","webapp-authentication-test000002.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":""},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"webapp-authentication-test000002.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"webapp-authentication-test000002.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"thumbprint":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003","reserved":false,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2021-07-30T04:17:31.8533333","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"","windowsFxVersion":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"azureStorageAccounts":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":1,"name":"Allow + all","description":"Allow all access"}],"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":false,"minTlsVersion":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0},"deploymentId":"webapp-authentication-test000002","slotName":null,"trafficManagerHostNames":null,"sku":"Standard","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":true,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"AF6AABC4B765DE1203CDD35D0582CD7D77F781F5252E7F65086E3E7D0F7A98C1","kind":"app","inboundIpAddress":"40.112.243.52","possibleInboundIpAddresses":"40.112.243.52","ftpUsername":"webapp-authentication-test000002\\$webapp-authentication-test000002","ftpsHostName":"ftps://waws-prod-bay-169.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"40.118.186.137,13.91.222.184,13.91.220.11,40.78.46.223,13.91.220.212,13.91.220.232,40.112.243.52","possibleOutboundIpAddresses":"40.118.186.137,13.91.222.184,13.91.220.11,40.78.46.223,13.91.220.212,13.91.220.232,13.64.56.213,13.91.221.50,13.91.223.191,40.78.40.124,13.91.218.228,13.91.219.84,13.91.219.115,13.91.219.125,13.91.219.197,13.91.219.250,13.91.219.253,104.42.127.227,13.91.223.12,13.91.217.83,13.91.217.141,13.64.63.13,40.85.157.232,13.91.221.86,13.91.221.222,40.118.185.193,104.210.49.140,13.91.219.111,13.91.216.202,13.91.221.1,40.112.243.52","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-bay-169","cloningInfo":null,"hostingEnvironmentId":null,"tags":null,"resourceGroup":"cli_test_authV2000001","defaultHostName":"webapp-authentication-test000002.azurewebsites.net","slotSwapStatus":null,"keyVaultReferenceIdentity":"SystemAssigned","httpsOnly":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"AppServiceAppLogs,AppServiceAuditLogs,AppServiceConsoleLogs,AppServiceHTTPLogs,AppServiceIPSecAuditLogs,AppServicePlatformLogs,ScanLogs","storageAccountRequired":false,"virtualNetworkSubnetId":null}}' + headers: + cache-control: + - no-cache + content-length: + - '6815' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:47 GMT + etag: + - '"1D784F9D13E5A8B"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '499' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"format": "WebDeploy"}' + headers: + Accept: + - application/xml + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp create + Connection: + - keep-alive + Content-Length: + - '23' + Content-Type: + - application/json + ParameterSetName: + - -g -n --plan + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/publishxml?api-version=2020-09-01 + response: + body: + string: + headers: + cache-control: + - no-cache + content-length: + - '1875' + content-type: + - application/xml + date: + - Fri, 30 Jul 2021 04:17:48 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth config-version show + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:48 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic show + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings/list?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:49 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic update + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version + --aad-client-id --aad-client-secret-certificate-thumbprint --aad-allowed-token-audiences + --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes + User-Agent: + - python/3.8.10 (Windows-10-10.0.19043-SP0) AZURECLI/2.26.1 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authSettings/list?api-version=2020-12-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:49 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic update + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version + --aad-client-id --aad-client-secret-certificate-thumbprint --aad-allowed-token-audiences + --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings/list?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":false,"configVersion":"v1","unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1299' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:50 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-resource-requests: + - '11999' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"properties": {"enabled": true, "runtimeVersion": "1.2.8", "unauthenticatedClientAction": + "RedirectToLoginPage", "tokenStoreEnabled": false, "defaultProvider": "Facebook", + "tokenRefreshExtensionHours": 7.2, "clientId": "aad_client_id", "clientSecretCertificateThumbprint": + "aad_thumbprint", "issuer": "https://issuer_url", "allowedAudiences": ["https://audience1"], + "facebookAppId": "facebook_id"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - webapp auth-classic update + Connection: + - keep-alive + Content-Length: + - '399' + Content-Type: + - application/json + ParameterSetName: + - -g -n --enabled --action --token-store --token-refresh-extension-hours --runtime-version + --aad-client-id --aad-client-secret-certificate-thumbprint --aad-allowed-token-audiences + --aad-token-issuer-url --facebook-app-id --facebook-oauth-scopes + User-Agent: + - AZURECLI/2.26.1 azsdk-python-azure-mgmt-web/2.0.0 Python/3.8.10 (Windows-10-10.0.19043-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings?api-version=2020-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_authV2000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West + US","properties":{"enabled":true,"runtimeVersion":"1.2.8","configVersion":"v1","unauthenticatedClientAction":"RedirectToLoginPage","tokenStoreEnabled":false,"allowedExternalRedirectUrls":null,"defaultProvider":"Facebook","tokenRefreshExtensionHours":7.2,"clientId":"aad_client_id","clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":"aad_thumbprint","issuer":"https://issuer_url","allowedAudiences":["https://audience1"],"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":"facebook_id","facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1445' + content-type: + - application/json + date: + - Fri, 30 Jul 2021 04:17:51 GMT + etag: + - '"1D784F9DC99A960"' + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py new file mode 100644 index 00000000000..0f3432b2195 --- /dev/null +++ b/src/authV2/azext_authV2/tests/latest/test_authV2_scenario.py @@ -0,0 +1,89 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +import os +import unittest + +from azure_devtools.scenario_tests import AllowLargeResponse +from azure.cli.testsdk import (ScenarioTest, ResourceGroupPreparer, JMESPathCheck) + +TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) + + +class Authv2ScenarioTest(ScenarioTest): + + @ResourceGroupPreparer(name_prefix='cli_test_authV2') + def test_authV2_auth(self, resource_group): + webapp_name = self.create_random_name('webapp-authentication-test', 40) + plan_name = self.create_random_name('webapp-authentication-plan', 40) + self.cmd( + 'appservice plan create -g {} -n {} --sku S1'.format(resource_group, plan_name)) + self.cmd( + 'webapp create -g {} -n {} --plan {}'.format(resource_group, webapp_name, plan_name)) + self.cmd('webapp auth config-version show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('configVersion', 'v1') + ]) + + # testing show command for newly created app and initial fields + self.cmd('webapp auth show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('properties', {}) + ]) + + # # update and verify + self.cmd('webapp auth update -g {} -n {} --enabled true --runtime-version 1.2.8' + .format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('platform', "{'enabled': True, 'runtimeVersion': '1.2.8'}") + ]) + + + @ResourceGroupPreparer(name_prefix='cli_test_authV2') + def test_authV2_authclassic(self, resource_group): + webapp_name = self.create_random_name('webapp-authentication-test', 40) + plan_name = self.create_random_name('webapp-authentication-plan', 40) + self.cmd( + 'appservice plan create -g {} -n {} --sku S1'.format(resource_group, plan_name)) + self.cmd( + 'webapp create -g {} -n {} --plan {}'.format(resource_group, webapp_name, plan_name)) + self.cmd('webapp auth config-version show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('configVersion', 'v1') + ]) + + # testing show command for newly created app and initial fields + self.cmd('webapp auth-classic show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck('unauthenticatedClientAction', None), + JMESPathCheck('defaultProvider', None), + JMESPathCheck('enabled', False), + JMESPathCheck('tokenStoreEnabled', None), + JMESPathCheck('allowedExternalRedirectUrls', None), + JMESPathCheck('tokenRefreshExtensionHours', None), + JMESPathCheck('runtimeVersion', None), + JMESPathCheck('clientId', None), + JMESPathCheck('clientSecretCertificateThumbprint', None), + JMESPathCheck('allowedAudiences', None), + JMESPathCheck('issuer', None), + JMESPathCheck('facebookAppId', None), + JMESPathCheck('facebookOauthScopes', None) + ]) + + # update and verify + result = self.cmd('webapp auth-classic update -g {} -n {} --enabled true --action LoginWithFacebook ' + '--token-store false --token-refresh-extension-hours 7.2 --runtime-version 1.2.8 ' + '--aad-client-id aad_client_id --aad-client-secret-certificate-thumbprint aad_thumbprint ' + '--aad-allowed-token-audiences https://audience1 --aad-token-issuer-url https://issuer_url ' + '--facebook-app-id facebook_id --facebook-oauth-scopes public_profile email' + .format(resource_group, webapp_name)).assert_with_checks([ + JMESPathCheck( + 'unauthenticatedClientAction', 'RedirectToLoginPage'), + JMESPathCheck('defaultProvider', 'Facebook'), + JMESPathCheck('enabled', True), + JMESPathCheck('tokenStoreEnabled', False), + JMESPathCheck('tokenRefreshExtensionHours', 7.2), + JMESPathCheck('runtimeVersion', '1.2.8'), + JMESPathCheck('clientId', 'aad_client_id'), + JMESPathCheck('clientSecretCertificateThumbprint', 'aad_thumbprint'), + JMESPathCheck('issuer', 'https://issuer_url'), + JMESPathCheck('facebookAppId', 'facebook_id')]).get_output_in_json() + + self.assertIn('https://audience1', result['allowedAudiences']) \ No newline at end of file diff --git a/src/authV2/setup.cfg b/src/authV2/setup.cfg new file mode 100644 index 00000000000..e69de29bb2d diff --git a/src/authV2/setup.py b/src/authV2/setup.py new file mode 100644 index 00000000000..ac531d25eb2 --- /dev/null +++ b/src/authV2/setup.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python + +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + + +from codecs import open +from setuptools import setup, find_packages +try: + from azure_bdist_wheel import cmdclass +except ImportError: + from distutils import log as logger + logger.warn("Wheel is not available, disabling bdist_wheel hook") + +VERSION = '0.1.0' + +# The full list of classifiers is available at +# https://pypi.python.org/pypi?%3Aaction=list_classifiers +CLASSIFIERS = [ + 'Development Status :: 4 - Beta', + 'Intended Audience :: Developers', + 'Intended Audience :: System Administrators', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', + 'License :: OSI Approved :: MIT License', +] + +DEPENDENCIES = [] + +with open('README.rst', 'r', encoding='utf-8') as f: + README = f.read() +with open('HISTORY.rst', 'r', encoding='utf-8') as f: + HISTORY = f.read() + +setup( + name='authV2', + version=VERSION, + description='Microsoft Azure Command-Line Tools Authv2 Extension', + author='Microsoft Corporation', + author_email='azpycli@microsoft.com', + url='https://github.com/Azure/azure-cli-extensions/tree/master/src/authV2', + long_description=README + '\n\n' + HISTORY, + license='MIT', + classifiers=CLASSIFIERS, + packages=find_packages(), + install_requires=DEPENDENCIES, + package_data={'azext_authV2': ['azext_metadata.json']}, +) diff --git a/src/service_name.json b/src/service_name.json index 8fbe1d1286f..9ec593bd86a 100644 --- a/src/service_name.json +++ b/src/service_name.json @@ -414,6 +414,11 @@ "AzureServiceName": "Azure Data Explorer", "URL": "https://docs.microsoft.com/azure/data-explorer/" }, + { + "Command": "az webapp", + "AzureServiceName": "Azure App Service", + "URL": "" + }, { "Command": "az webpubsub", "AzureServiceName": "Azure Web PubSub",