in python/az/aro/azext_aro/custom.py [0:0]
def cluster_application_update(cli_ctx,
oc,
client_id,
client_secret,
refresh_cluster_credentials):
# QUESTION: is there possible unification with the create path?
rp_client_sp_id = None
client_sp_id = None
random_id = generate_random_id()
# if any of these are set - we expect users to have access to fix rbac so we fail
# common for 1 and 2 flows
fail = client_id or client_secret or refresh_cluster_credentials
aad = AADManager(cli_ctx)
# check if we can see if RP service principal exists
try:
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
if not rp_client_sp_id:
raise ResourceNotFoundError("RP service principal not found.")
except GraphError as e:
if fail:
logger.error(e)
raise
logger.info(e)
# refresh_cluster_credentials refreshes cluster SP application.
# At firsts it tries to re-use existing application and generate new password.
# If application does not exist - creates new one
if refresh_cluster_credentials:
try:
app = aad.get_application_object_id_by_client_id(client_id or oc.service_principal_profile.client_id)
if not app:
# we were not able to find and applications, create new one
parts = parse_resource_id(oc.cluster_profile.resource_group_id)
cluster_resource_group = parts['resource_group']
client_id, client_secret = aad.create_application(cluster_resource_group or 'aro-' + random_id)
else:
client_secret = aad.add_password(app)
except GraphError as e:
logger.error(e)
raise
# attempt to get/create SP if one was not found.
try:
client_sp_id = aad.get_service_principal_id(client_id or oc.service_principal_profile.client_id)
except GraphError as e:
if fail:
logger.error(e)
raise
logger.info(e)
if fail and not client_sp_id:
client_sp_id = aad.create_service_principal(client_id or oc.service_principal_profile.client_id)
sp_obj_ids = [sp for sp in [rp_client_sp_id, client_sp_id] if sp]
ensure_resource_permissions(cli_ctx, oc, fail, sp_obj_ids)
return client_id, client_secret