pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sample create tenant itegration

Browse Source 
This integration works with the happy path, we'll need to expand some fields and handle error states more coherently.
This commit is contained in:
tomdds
2020-01-09 17:29:34 -05:00
parent ba47053a1c
commit 2ac333e0b7
5 changed files with 111 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
atst/domain/csp/cloud.py
View File

@@ -156,12 +156,31 @@ class TenantCSPPayload(BaseCSPPayload):
country_code: str
password_recovery_email_address: str
class Config:
fields = {
"user_id": "userId",
"domain_name": "domainName",
"first_name": "firstName",
"last_name": "lastName",
"country_code": "countryCode",
"password_recovery_email_address": "passwordRecoveryEmailAddress",
}
allow_population_by_field_name = True
class TenantCSPResult(BaseModel):
user_id: str
tenant_id: str
user_object_id: str
class Config:
allow_population_by_field_name = True
fields = {
"user_id": "userId",
"tenant_id": "tenantId",
"user_object_id": "objectId",
}
class BillingProfileAddress(BaseModel):
address: Dict
@@ -558,11 +577,15 @@ class AzureSDKProvider(object):
import azure.graphrbac as graphrbac
import azure.common.credentials as credentials
from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
import adal
import requests
self.subscription = subscription
self.authorization = authorization
self.adal = adal
self.graphrbac = graphrbac
self.credentials = credentials
self.requests = requests
# may change to a JEDI cloud
self.cloud = AZURE_PUBLIC_CLOUD
@@ -657,20 +680,31 @@ class AzureCloudProvider(CloudProviderInterface):
"role_name": role_assignment_id,
}
def create_tenant(self, payload):
# auth as SP that is allowed to create tenant? (tenant creation sp creds)
# create tenant with owner details (populated from portfolio point of contact, pw is generated)
def create_tenant(self, payload: TenantCSPPayload):
sp_token = self._get_sp_token(payload.creds)
if sp_token is None:
raise AuthenticationException("Could not resolve token for tenant creation")
# return tenant id, tenant owner id and tenant owner object id from:
response = {"tenantId": "string", "userId": "string", "objectId": "string"}
return self._ok(
{
"tenant_id": response["tenantId"],
"user_id": response["userId"],
"user_object_id": response["objectId"],
}
create_tenant_body = payload.dict(by_alias=True)
print(create_tenant_body)
create_tenant_headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {sp_token}",
}
result = self.sdk.requests.post(
"https://management.azure.com/providers/Microsoft.SignUp/createTenant?api-version=2020-01-01-preview",
json=create_tenant_body,
headers=create_tenant_headers,
)
if result.status_code == 200:
return self._ok(TenantCSPResult(**result.json()))
else:
return self._error(result.json())
def create_billing_owner(self, creds, tenant_admin_details):
# authenticate as tenant_admin
# create billing owner identity
@@ -838,6 +872,26 @@ class AzureCloudProvider(CloudProviderInterface):
if sub_id_match:
return sub_id_match.group(1)
def _get_sp_token(self, creds):
home_tenant_id = creds.get("home_tenant_id")
client_id = creds.get("client_id")
secret_key = creds.get("secret_key")
# TODO: Make endpoints consts or configs
authentication_endpoint = "https://login.microsoftonline.com/"
resource = "https://management.azure.com/"
context = self.sdk.adal.AuthenticationContext(
authentication_endpoint + home_tenant_id
)
# TODO: handle failure states here
token_response = context.acquire_token_with_client_credentials(
resource, client_id, secret_key
)
return token_response.get("accessToken", None)
def _get_credential_obj(self, creds, resource=None):
return self.sdk.credentials.ServicePrincipalCredentials(