Ok I enabled MSI
And made this:
from azure.mgmt.network import NetworkManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.common.credentials import get_azure_cli_credentials
from azure.common.cloud import get_cli_active_cloud
import sys
#Script takes two arguments resource_group_name and public_ip_name and returns public IP of VM
def _get_azure_cli_credentials():
credentials, subscription_id = get_azure_cli_credentials()
cloud_environment = get_cli_active_cloud()
cli_credentials = {
'credentials': credentials,
'subscription_id': subscription_id,
'cloud_environment': cloud_environment
}
#print credentials
#print subscription_id
print cloud_environment
print cli_credentials
With it I get this:
{'endpoints': {'active_directory': 'https://login.microsoftonline.com',
'active_directory_data_lake_resource_id': 'https://datalake.azure.net/',
'active_directory_graph_resource_id': 'https://graph.windows.net/',
'active_directory_resource_id': 'https://management.core.windows.net/',
'batch_resource_id': 'https://batch.core.windows.net/',
'gallery': 'https://gallery.azure.com/',
'management': 'https://management.core.windows.net/',
'resource_manager': 'https://management.azure.com/',
'sql_management': 'https://management.core.windows.net:8443/',
'vm_image_alias_doc': 'https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json'},
'is_active': True,
'name': 'AzureCloud',
'profile': 'latest',
'suffixes': {'azure_datalake_analytics_catalog_and_job_endpoint': 'azuredatalakeanalytics.net',
'azure_datalake_store_file_system_endpoint': 'azuredatalakestore.net',
'keyvault_dns': '.vault.azure.net',
'sql_server_hostname': '.database.windows.net',
'storage_endpoint': 'core.windows.net'}}
{'credentials': <azure.cli.core.adal_authentication.AdalAuthentication object at 0x7f54884bac10>, 'subscription_id': 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', 'cloud_environment': <azure.cli.core.cloud.Cloud object at 0x7f54884ba410>}
subscription_id matches the one i temporally hardcoded but where should I search for the rest?
Also I've tried this:
from subprocess import call
import os
import subprocess
import requests
A=subprocess.Popen("curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F' -H Metadata:true", shell=True, stdout=subprocess.PIPE).stdout.read()
print "Printing A..."
print A
B=A.split(",")
C=B[0].split("\",\"")
D=C[0].split("\":\"")
token=D[1][0:len(D[1])-1]
print token
C=B[1].split("\",\"")
D=C[0].split("\":\"")
client_id=D[1][0:len(D[1])-1]
print client_id
it returns huuge token and some client_id but it doesn't match
and lastly i tried CLI 2.0
az account list
Which returns "id" that matches hardcoded subscription_id and "tenantId" that matches hardcoded tenant_id