Skip to content

Commit

Permalink
Enforce usage of Azure CLI credential
Browse files Browse the repository at this point in the history
  • Loading branch information
JimMadge committed Sep 22, 2023
1 parent bfc3f65 commit 33e3d86
Showing 1 changed file with 4 additions and 7 deletions.
11 changes: 4 additions & 7 deletions data_safe_haven/external/interface/azure_authenticator.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
from typing import cast

from azure.core.exceptions import ClientAuthenticationError
from azure.identity import DefaultAzureCredential
from azure.identity import AzureCliCredential
from azure.mgmt.resource.subscriptions import SubscriptionClient
from azure.mgmt.resource.subscriptions.models import Subscription

Expand All @@ -17,17 +17,14 @@ class AzureAuthenticator:

def __init__(self, subscription_name: str) -> None:
self.subscription_name: str = subscription_name
self.credential_: DefaultAzureCredential | None = None
self.credential_: AzureCliCredential | None = None
self.subscription_id_: str | None = None
self.tenant_id_: str | None = None

@property
def credential(self) -> DefaultAzureCredential:
def credential(self) -> AzureCliCredential:
if not self.credential_:
self.credential_ = DefaultAzureCredential(
exclude_interactive_browser_credential=True,
exclude_shared_token_cache_credential=True, # this requires multiple approvals per sign-in
exclude_visual_studio_code_credential=True, # this often fails
self.credential_ = AzureCliCredential(
additionally_allowed_tenants=["*"],
)
return self.credential_
Expand Down

0 comments on commit 33e3d86

Please sign in to comment.