msticpy.auth.azure_auth_core module

Azure KeyVault pre-authentication.

class msticpy.auth.azure_auth_core.AzCredentials(legacy, modern)

Bases: tuple

Create new instance of AzCredentials(legacy, modern)

count(value, /): Return number of occurrences of value.

index(value, start=0, stop=9223372036854775807, /)

Return first index of value.

Raises ValueError if the value is not present.

legacy: Alias for field number 0

modern: Alias for field number 1

class msticpy.auth.azure_auth_core.AzureCliStatus(value)

Bases: Enum

Enumeration for _check_cli_credentials return values.

CLI_NEEDS_SIGN_IN = 2

CLI_NOT_INSTALLED = 1

CLI_OK = 0

CLI_TOKEN_EXPIRED = 3

CLI_UNKNOWN_ERROR = 4

class msticpy.auth.azure_auth_core.AzureCloudConfig(cloud: Optional[str] = None, tenant_id: Optional[str] = None)

Bases: object

Azure Cloud configuration.

Initialize AzureCloudConfig from cloud or configuration.

Parameters

cloud (str, optional) – The cloud to retrieve configuration for. If not supplied, the cloud ID is read from configuration. If this is not available, it defaults to ‘global’.
tenant_id (str, optional) – The tenant to authenticate against. If not supplied, the tenant ID is read from configuration, or the default tenant for the identity.

property cloud_names: List[str]: Return a list of current cloud names.

property endpoints: msrestazure.azure_cloud.CloudEndpoints

Get a list of all the endpoints for an Azure cloud.

Returns: A dictionary of endpoints for the cloud.
Return type: dict
Raises: MsticpyAzureConfigError – If the cloud name is not valid.

static resolve_cloud_alias(alias) → Optional[str]: Return match of cloud alias or name.

property suffixes: msrestazure.azure_cloud.CloudSuffixes

Get a list of all the suffixes for an Azure cloud.

Returns: A dictionary of suffixes for the cloud.
Return type: dict
Raises: MsticpyAzureConfigError – If the cloud name is not valid.

property token_uri: str: Return the resource manager token URI.

msticpy.auth.azure_auth_core.az_connect_core(auth_methods: Optional[List[str]] = None, cloud: Optional[str] = None, tenant_id: Optional[str] = None, silent: bool = False, **kwargs) → AzCredentials

Authenticate using multiple authentication sources.

Parameters

auth_methods (List[str], optional) – List of authentication methods to try Possible options are: - “env” - to get authentication details from environment variables - “cli” - to use Azure CLI authentication details - “msi” - to user Managed Service Identity details - “vscode” - to use VSCode credentials - “powershell” - to use PowerShell credentials - “interactive” - to prompt for interactive login - “cache” - to use shared token cache credentials If not set, it will use the value defined in msticpyconfig.yaml. If this is not set, the default is [“env”, “cli”, “msi”, “interactive”]
cloud (str, optional) – What Azure cloud to connect to. By default it will attempt to use the cloud setting from config file. If this is not set it will default to Azure Public Cloud
tenant_id (str, optional) – The tenant to authenticate against. If not supplied, the tenant ID is read from configuration, or the default tenant for the identity.
silent (bool, optional) – Whether to display any output during auth process. Default is False.

Returns

Named tuple of: - legacy (ADAL) credentials - modern (MSAL) credentials

Return type

AzCredentials

Raises

CloudError – If chained token credential creation fails.

Notes

The function tries to obtain credentials from the following sources: - Azure Auth Environment variables - Azure CLI (if an active session is logged on) - Managed Service Identity - Interactive browser logon If the authentication is successful both ADAL (legacy) and MSAL (modern) credential types are returned.

msticpy.auth.azure_auth_core.check_cli_credentials() → Tuple[AzureCliStatus, Optional[str]]: Check to see if there is a CLI session with a valid AAD token.

msticpy.auth.azure_auth_core.default_auth_methods() → List[str]: Get the default (all) authentication options.

msticpy.auth.azure_auth_core.get_azure_config_value(key, default): Get a config value from Azure section.

msticpy.auth.azure_auth_core.only_interactive_cred(chained_cred: azure.identity.ChainedTokenCredential): Return True if only interactivebrowser credentials available.