def find_subscriptions_in_vm_with_msi(self, msi_port, identity_id=None):
import jwt
token, identity_id_type = Profile.get_msi_token(CLOUD.endpoints.active_directory_resource_id,
msi_port, identity_id, for_login=True)
logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
decode = jwt.decode(token, verify=False, algorithms=['RS256'])
tenant = decode['tid']
subscription_finder = SubscriptionFinder(self.auth_ctx_factory, None)
subscriptions = subscription_finder.find_from_raw_token(tenant, token)
if not subscriptions:
raise CLIError('No access was configured for the VM, hence no subscriptions were found')
base_name = '{}-{}'.format(identity_id_type, identity_id) if identity_id else identity_id_type
user = 'userAssignedIdentity' if identity_id else 'systemAssignedIdentity'
consolidated = Profile._normalize_properties(user, subscriptions, is_service_principal=True)
for s in consolidated:
# use a special name to trigger a special token acquisition
s[_SUBSCRIPTION_NAME] = "{}@{}".format(base_name, msi_port)
# key-off subscription name to allow accounts with same id(but under different identities)
self._set_subscriptions(consolidated, key_name=_SUBSCRIPTION_NAME)
return deepcopy(consolidated)
评论列表
文章目录
