Use MSAL Server (#1468)

DeploymentCloud/Deployment.Common/scripts/msalmsiserver.py

@@ -15,15 +15,15 @@ This script exposes a local http endpoint which the spark jobs can call to get t
 Note that since it's a local endpoint, it's accessible only from within the cluster and not from outside.
 
 Usage:
-http://localhost:40382/managed/identity/oauth2/token?resource=<resourceid>&api-version=2018-11-01
+http://localhost:40381/managed/identity/oauth2/token?resource=<resourceid>&api-version=2018-11-01
 
 Example:
-curl -H "Metadata: true" -X GET "http://localhost:40382/managed/identity/oauth2/token?resource=https://vault.azure.net&api-version=2018-11-01"
+curl -H "Metadata: true" -X GET "http://localhost:40381/managed/identity/oauth2/token?resource=https://vault.azure.net&api-version=2018-11-01"
 """
 
 class Constants(object):
     loopback_address = '127.0.0.1'
-    server_port = 40382
+    server_port = 40381
     token_url_path = '/managed/identity/oauth2/token'
     header_metadata = 'Metadata'
     query_resource = 'resource'

DeploymentCloud/Deployment.Common/scripts/msiserver.py

@@ -66,7 +66,7 @@ class ManagedIdentityHandler(BaseHTTPRequestHandler):
     def _acquire_token(self, resource):
         cluster_manifest = self._get_cluster_manifest()
         msi_settings = json.loads(cluster_manifest.settings['managedServiceIdentity'])
-# assuming there is only 1 MSI associated with the cluster, get the first one
+        # assuming there is only 1 MSI associated with the cluster, get the first one
         msi_setting = list(msi_settings.values())[0]
 
         thumbprint = msi_setting['thumbprint']

DeploymentCloud/Deployment.Common/scripts/startmsalmsiserverservice.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+echo "Install Python Packages"
+pip install msal
+
+echo "Remove the existing files if they exist"
+sudo rm -f /usr/hdinsight/msalmsiserver.py
+sudo rm -f /etc/systemd/system/msalmsiserverapp.service
+
+echo "Download the files from HDFS/Blob storage"
+sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserver.py /usr/hdinsight/msalmsiserver.py
+sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserverapp.service /etc/systemd/system/msalmsiserverapp.service
+
+echo "Change the permission of the file"
+sudo chmod 644 /etc/systemd/system/msalmsiserverapp.service
+
+echo "Reload the systemd manager configuration to apply the changes"
+sudo systemctl daemon-reload
+
+echo "Enable MSAL service to start on boot"
+sudo systemctl enable msalmsiserverapp.service
+
+if sudo systemctl is-active --quiet msiserverapp.service; then
+    echo "ADAL service is running, ending it and starting MSAL service"
+    sudo systemctl stop msiserverapp.service
+    sudo systemctl start msalmsiserverapp.service
+elif sudo systemctl is-active --quiet msalmsiserverapp.service; then
+    echo "MSAL service is already running, restarting it"
+    sudo systemctl restart msalmsiserverapp.service
+else
+    echo "No service is running, starting MSAL service"
+    sudo systemctl start msalmsiserverapp.service
+fi
+
+echo "Script execution completed"

DeploymentCloud/Deployment.Common/scripts/startmsiserverservice.sh

@@ -1,35 +1,32 @@
 #!/bin/bash
 
-echo "Install Python Packages"
-pip install msal
-
 echo "Remove the existing files if they exist"
 sudo rm -f /usr/hdinsight/msiserver.py
 sudo rm -f /etc/systemd/system/msiserverapp.service
 
-sudo rm -f /usr/hdinsight/msalmsiserver.py
-sudo rm -f /etc/systemd/system/msalmsiserverapp.service
-
 echo "Download the files from HDFS/Blob storage"
 sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msiserver.py /usr/hdinsight/msiserver.py
 sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msiserverapp.service /etc/systemd/system/msiserverapp.service
 
-sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserver.py /usr/hdinsight/msalmsiserver.py
-sudo hdfs dfs -copyToLocal wasbs://scriptactions@$sparkBlobAccountName.blob.core.windows.net/msalmsiserverapp.service /etc/systemd/system/msalmsiserverapp.service
-
 echo "Change the permission of the file"
 sudo chmod 644 /etc/systemd/system/msiserverapp.service
-sudo chmod 644 /etc/systemd/system/msalmsiserverapp.service
 
 echo "Reload the systemd manager configuration to apply the changes"
 sudo systemctl daemon-reload
 
-echo "Enable the service to start on boot"
+echo "Enable ADAL service to start on boot"
 sudo systemctl enable msiserverapp.service
-sudo systemctl enable msalmsiserverapp.service
 
-echo "Start the service"
-sudo systemctl start msiserverapp.service
-sudo systemctl start msalmsiserverapp.service
+if sudo systemctl is-active --quiet msalmsiserverapp.service; then
+    echo "MSAL service is running, ending it and starting ADAL service"
+    sudo systemctl stop msalmsiserverapp.service
+    sudo systemctl start msiserverapp.service
+elif sudo systemctl is-active --quiet msiserverapp.service; then
+    echo "ADAL service is already running, restarting it"
+    sudo systemctl restart msiserverapp.service
+else
+    echo "No service is running, starting ADAL service"
+    sudo systemctl start msiserverapp.service
+fi
 
 echo "Script execution completed"