microsoft
/
azure-cli
зеркало из https://github.com/microsoft/azure-cli.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

block login flows when inside the cloud console (#4268) 

* block login flows when inside the cloud console

* address review feedback

* block logout as well
This commit is contained in:
Yugang Wang 2017-08-23 11:05:16 -07:00 коммит произвёл GitHub
Родитель 0dc8eafd57
Коммит 42a936dbf3
1 изменённых файлов: 18 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

23
src/command_modules/azure-cli-profile/azure/cli/command_modules/profile/custom.py
Просмотреть файл

@ -13,6 +13,9 @@ from azure.cli.core.cloud import get_active_cloud
logger = get_az_logger(__name__) logger = get_az_logger(__name__)
_CLOUD_CONSOLE_ERR_TEMPLATE = ("Azure Cloud Shell relies on the user account it was initially launched under, "
"as a result 'az {}' is disabled.")
def load_subscriptions(all_clouds=False, refresh=False): def load_subscriptions(all_clouds=False, refresh=False):
profile = Profile() profile = Profile()
@ -91,6 +94,13 @@ def login(username=None, password=None, service_principal=None, tenant=None,
profile = Profile() profile = Profile()
if _in_cloud_console():
console_tokens = os.environ.get('AZURE_CONSOLE_TOKENS', None)
if console_tokens:
return profile.find_subscriptions_in_cloud_console(re.split(';|,', console_tokens))
else:
raise CLIError(_CLOUD_CONSOLE_ERR_TEMPLATE.format('login'))
if username: if username:
if not password: if not password:
# in a VM with managed service identity? # in a VM with managed service identity?
@ -102,11 +112,6 @@ def login(username=None, password=None, service_principal=None, tenant=None,
except NoTTYException: except NoTTYException:
raise CLIError('Please specify both username and password in non-interactive mode.') raise CLIError('Please specify both username and password in non-interactive mode.')
else: else:
# in a cloud console?
console_tokens = os.environ.get('AZURE_CONSOLE_TOKENS', None)
if console_tokens:
return profile.find_subscriptions_in_cloud_console(re.split(';|,', console_tokens))
interactive = True interactive = True
try: try:
@ -137,6 +142,9 @@ def login(username=None, password=None, service_principal=None, tenant=None,
def logout(username=None): def logout(username=None):
"""Log out to remove access to Azure subscriptions""" """Log out to remove access to Azure subscriptions"""
if _in_cloud_console():
raise CLIError(_CLOUD_CONSOLE_ERR_TEMPLATE.format('logout'))
profile = Profile() profile = Profile()
if not username: if not username:
username = profile.get_current_account_user() username = profile.get_current_account_user()
@ -146,3 +154,8 @@ def logout(username=None):
def list_locations(): def list_locations():
from azure.cli.core.commands.parameters import get_subscription_locations from azure.cli.core.commands.parameters import get_subscription_locations
return get_subscription_locations() return get_subscription_locations()
def _in_cloud_console():
import os
return os.environ.get('ACC_CLOUD', None)