msticpy.auth.azure_auth_core module

Azure KeyVault pre-authentication.

class msticpy.auth.azure_auth_core.AzCredentials(legacy, modern)

Bases: tuple

Create new instance of AzCredentials(legacy, modern)

count(value, /)

Return number of occurrences of value.

index(value, start=0, stop=9223372036854775807, /)

Return first index of value.

Raises ValueError if the value is not present.

legacy

Alias for field number 0

modern

Alias for field number 1

class msticpy.auth.azure_auth_core.AzureCliStatus(value)

Bases: Enum

Enumeration for _check_cli_credentials return values.

CLI_NEEDS_SIGN_IN = 2

CLI_NOT_INSTALLED = 1

CLI_OK = 0

CLI_TOKEN_EXPIRED = 3

CLI_UNKNOWN_ERROR = 4

class msticpy.auth.azure_auth_core.AzureCredEnvNames

Bases: object

Enumeration of Azure environment credential names.

AZURE_CLIENT_CERTIFICATE_PASSWORD = 'AZURE_CLIENT_CERTIFICATE_PASSWORD'

AZURE_CLIENT_CERTIFICATE_PATH = 'AZURE_CLIENT_CERTIFICATE_PATH'

AZURE_CLIENT_ID = 'AZURE_CLIENT_ID'

AZURE_CLIENT_SECRET = 'AZURE_CLIENT_SECRET'

AZURE_CLIENT_SEND_CERTIFICATE_CHAIN = 'AZURE_CLIENT_SEND_CERTIFICATE_CHAIN'

AZURE_PASSWORD = 'AZURE_PASSWORD'

AZURE_TENANT_ID = 'AZURE_TENANT_ID'

AZURE_USERNAME = 'AZURE_USERNAME'

msticpy.auth.azure_auth_core.az_connect_core(auth_methods: List[str] | None = None, cloud: str | None = None, tenant_id: str | None = None, silent: bool = False, **kwargs) → AzCredentials

Authenticate using multiple authentication sources.

Parameters:

• auth_methods (List[str], optional) – List of authentication methods to try For a list of possible authentication methods use the list_auth_methods function. If not set, it will use the value defined in msticpyconfig.yaml. If this is not set, the default is [“env”, “cli”, “msi”, “interactive”]

• cloud (str, optional) – What Azure cloud to connect to. By default it will attempt to use the cloud setting from config file. If this is not set it will default to Azure Public Cloud

• tenant_id (str, optional) – The tenant to authenticate against. If not supplied, the tenant ID is read from configuration, or the default tenant for the identity.

• silent (bool, optional) – Whether to display any output during auth process. Default is False.

• credential (AzureCredential) – If an Azure credential is passed, it will be used directly.

Returns:

Named tuple of: - legacy (ADAL) credentials - modern (MSAL) credentials

Return type:

AzCredentials

Raises:

MsticpyAzureConfigError – If chained token credential creation fails.

See also

list_auth_methods

Notes

The function tries to obtain credentials from the following sources: - Azure Auth Environment variables - Azure CLI (if an active session is logged on) - Managed Service Identity - Interactive browser logon - and others - see list_auth_methods for full list. If the authentication is successful both ADAL (legacy) and MSAL (modern) credential types are returned.

msticpy.auth.azure_auth_core.check_cli_credentials() → Tuple[AzureCliStatus, str | None]

Check to see if there is a CLI session with a valid AAD token.

msticpy.auth.azure_auth_core.list_auth_methods() → List[str]

Return list of accepted authentication methods.

msticpy.auth.azure_auth_core.only_interactive_cred(chained_cred: azure.identity.ChainedTokenCredential)

Return True if only interactive browser credentials available.