def _get_clients(handler):
"""
Get the clients using newer methods from the CloudBolt main repo if this CB is running
a version greater than 9.2.2. These internal methods implicitly take care of much of the other
features in CloudBolt such as proxy and ssl verification.
Otherwise, manually instantiate clients without support for those other CloudBolt settings.
"""
set_progress("Connecting to Azure...")
import settings
from common.methods import is_version_newer
cb_version = settings.VERSION_INFO["VERSION"]
if is_version_newer(cb_version, "9.2.2"):
from resourcehandlers.azure_arm.azure_wrapper import configure_arm_client
wrapper = handler.get_api_wrapper()
mysql_client = configure_arm_client(wrapper,
mysql.MySQLManagementClient)
resource_client = wrapper.resource_client
else:
# TODO: Remove once versions <= 9.2.2 are no longer supported.
credentials = ServicePrincipalCredentials(client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id)
mysql_client = mysql.MySQLManagementClient(credentials,
handler.serviceaccount)
resource_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount)
set_progress("Connection to Azure established")
return mysql_client, resource_client
def discover_resources(**kwargs):
discovered_az_block_storages = []
discovered_az_block_storage_names = []
for handler in AzureARMHandler.objects.all():
set_progress('Connecting to Azure Block Storage \
for handler: {}'.format(handler))
credentials = ServicePrincipalCredentials(client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id)
azure_blob_client = storage.StorageManagementClient(
credentials, handler.serviceaccount)
azure_resources_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount)
set_progress("Connection to Azure established")
for st in azure_blob_client.storage_accounts.list():
if st.kind == 'BlobStorage':
if st.name not in discovered_az_block_storage_names:
discovered_az_block_storage_names.append(st.name)
discovered_az_block_storages.append({
'name':
st.name,
'azure_storage_blob_name':
st.name,
'resource_group_name':
st.id.split('/')[4],
'azure_location':
st.primary_location,
'azure_rh_id':
handler.id
})
return discovered_az_block_storages
def discover_resources(**kwargs):
discovered_azure_sql = []
for handler in AzureARMHandler.objects.all():
set_progress('Connecting to Azure sql \
DB for handler: {}'.format(handler))
credentials = ServicePrincipalCredentials(client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id)
azure_client = SqlManagementClient(credentials, handler.serviceaccount)
azure_resources_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount)
for resource_group in azure_resources_client.resource_groups.list():
try:
for server in azure_client.servers.list_by_resource_group(
resource_group.name)._get_next().json()['value']:
discovered_azure_sql.append({
'name':
server['name'],
'azure_server_name':
server['name'],
'resource_group_name':
resource_group.name,
'azure_rh_id':
handler.id
})
except CloudError:
continue
return discovered_azure_sql
def discover_resources(**kwargs):
discovered_virtual_nets = []
for handler in AzureARMHandler.objects.all():
set_progress("Connecting to Azure networks \
for handler: {}".format(handler))
credentials = ServicePrincipalCredentials(client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id)
network_client = NetworkManagementClient(credentials,
handler.serviceaccount)
azure_resources_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount)
for resource_group in azure_resources_client.resource_groups.list():
try:
for security_group in network_client.network_security_groups.list(
resource_group_name=resource_group.name):
discovered_virtual_nets.append({
"name":
"Azure NSG - " + security_group.as_dict()["name"],
"azure_network_security_group":
security_group.as_dict()["name"],
"azure_location":
security_group.as_dict()["location"],
"azure_rh_id":
handler.id,
"resource_group_name":
resource_group.name,
})
except CloudError as e:
set_progress("Azure Clouderror: {}".format(e))
continue
return discovered_virtual_nets
def discover_resources(**kwargs):
discovered_caches = []
for handler in AzureARMHandler.objects.all():
set_progress("Connecting To Azure...")
credentials = ServicePrincipalCredentials(
client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id,
)
redis_client = RedisManagementClient(
credentials,
handler.serviceaccount
)
set_progress("Connection to Azure established")
azure_resources_client = resources.ResourceManagementClient(credentials, handler.serviceaccount)
for resource_group in azure_resources_client.resource_groups.list():
try:
for cache in redis_client.redis.list_by_resource_group(resource_group.name)._get_next().json()['value']:
discovered_caches.append(
{
'name': 'Azure redis cache - ' + cache['name'],
'azure_redis_cache_name': cache['name'],
'resource_group_name': resource_group.name,
'azure_rh_id': handler.id
}
)
except CloudError as e:
set_progress('Azure Clouderror: {}'.format(e))
continue
return discovered_caches
def discover_resources(**kwargs):
discovered_virtual_nets = []
for handler in AzureARMHandler.objects.all():
set_progress('Connecting to Azure virtual networks \
for handler: {}'.format(handler))
credentials = ServicePrincipalCredentials(
client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id
)
network_client = NetworkManagementClient(credentials, handler.serviceaccount)
azure_resources_client = resources.ResourceManagementClient(credentials, handler.serviceaccount)
for resource_group in azure_resources_client.resource_groups.list():
try:
for virtual_net in network_client.virtual_networks.list(resource_group_name=resource_group.name):
discovered_virtual_nets.append(
{
'name': virtual_net.as_dict()['name'] + " - " + resource_group.name,
'azure_virtual_net_name': virtual_net.as_dict()['name'] + " - " + resource_group.name,
'vpn_adress_prefixes': ','.join(virtual_net.as_dict()['address_space']['address_prefixes']),
'azure_location': virtual_net.as_dict()['location'],
'azure_rh_id': handler.id,
'resource_group_name': resource_group.name,
}
)
except CloudError as e:
set_progress('Azure Clouderror: {}'.format(e))
continue
return discovered_virtual_nets
def discover_resources(**kwargs):
discovered_virtual_nets = []
for handler in AzureARMHandler.objects.all():
set_progress('Connecting to Azure networks \
for handler: {}'.format(handler))
credentials = ServicePrincipalCredentials(client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id)
network_client = NetworkManagementClient(credentials,
handler.serviceaccount)
azure_resources_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount)
for resource_group in azure_resources_client.resource_groups.list():
try:
for security_group in network_client.network_security_groups.list(
resource_group_name=resource_group.name):
for security_rule in network_client.security_rules.list(
resource_group_name=resource_group.name,
network_security_group_name=security_group.as_dict(
)['name']):
discovered_virtual_nets.append({
'name':
'Azure Security rule - ' +
security_group.as_dict()['name'] + " " +
security_rule.as_dict()['direction'],
'azure_network_security_group_name':
security_group.as_dict()['name'],
'azure_location':
security_group.as_dict()['location'],
'azure_rh_id':
handler.id,
'resource_group_name':
resource_group.name,
'azure_security_rule_protocol':
security_rule.as_dict()['protocol'],
'azure_security_rule_access':
security_rule.as_dict()['access'],
'azure_security_rule_direction':
security_rule.as_dict()['direction'],
'azure_security_rule_name':
security_rule.as_dict()['name'],
})
except CloudError as e:
set_progress('Azure Clouderror: {}'.format(e))
continue
return discovered_virtual_nets
def discover_resources(**kwargs):
discovered_azure_queues = []
for handler in AzureARMHandler.objects.all():
set_progress("Connecting to Azure sql \
DB for handler: {}".format(handler))
credentials = ServicePrincipalCredentials(client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id)
azure_client = storage.StorageManagementClient(credentials,
handler.serviceaccount)
azure_resources_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount)
for resource_group in azure_resources_client.resource_groups.list():
try:
for st in (
azure_client.storage_accounts.list_by_resource_group(
resource_group.name)._get_next().json()["value"]):
try:
res = azure_client.storage_accounts.list_keys(
resource_group.name, st["name"])
keys = res.keys
for queue in QueueService(
account_name=st["name"],
account_key=keys[1].value).list_queues():
discovered_azure_queues.append({
"name":
queue.name,
"azure_queue_name":
"Azure queues - " + queue.name,
"resource_group_name":
resource_group.name,
"azure_rh_id":
handler.id,
"azure_storage_account_name":
st["name"],
"azure_account_key":
keys[0].value,
"azure_account_key_fallback":
keys[1].value,
})
except: # noqa: E722
continue
except CloudError as e:
set_progress("Azure CloudError: {}".format(e))
continue
return discovered_azure_queues
def discover_resources(**kwargs):
discovered_azure_sql = []
for handler in AzureARMHandler.objects.all():
set_progress(
"Connecting to Azure sql \
DB for handler: {}".format(
handler
)
)
credentials = ServicePrincipalCredentials(
client_id=handler.client_id, secret=handler.secret, tenant=handler.tenant_id
)
azure_client = postgresql.PostgreSQLManagementClient(
credentials, handler.serviceaccount
)
azure_resources_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount
)
for resource_group in azure_resources_client.resource_groups.list():
for server in azure_client.servers.list()._get_next().json()["value"]:
try:
for db in azure_client.databases.list_by_server(
resource_group.name, server["name"]
):
if db.name in [
"information_schema",
"performance_schema",
"postgres",
]:
continue
discovered_azure_sql.append(
{
"name": server["name"],
"azure_server_name": server["name"],
"azure_database_name": db.name,
"resource_group_name": resource_group.name,
"azure_rh_id": handler.id,
}
)
except CloudError as e:
set_progress("Azure CloudError: {}".format(e))
continue
return discovered_azure_sql
def discover_resources(**kwargs):
discovered_azure_sql = []
for handler in AzureARMHandler.objects.all():
set_progress('Connecting to Azure storage \
files for handler: {}'.format(handler))
credentials = ServicePrincipalCredentials(
client_id=handler.client_id,
secret=handler.secret,
tenant=handler.tenant_id
)
azure_client = storage.StorageManagementClient(
credentials, handler.serviceaccount)
azure_resources_client = resources.ResourceManagementClient(
credentials, handler.serviceaccount)
for resource_group in azure_resources_client.resource_groups.list():
try:
for st in azure_client.storage_accounts.list_by_resource_group(resource_group.name)._get_next().json()['value']:
res = azure_client.storage_accounts.list_keys(
resource_group.name, st['name'])
keys = res.keys
file_service = FileService(
account_name=st['name'], account_key=keys[1].value)
for share in file_service.list_shares():
for file in file_service.list_directories_and_files(share_name=share.name).items:
if type(file) is File:
discovered_azure_sql.append(
{
'name': share.name + '-' + file.name,
'azure_storage_file_name': file.name,
'azure_file_identifier': share.name + '-' + file.name,
'azure_storage_file_share_name': share.name,
'resource_group_name': resource_group.name,
'azure_rh_id': handler.id,
'azure_storage_account_name': st['name'],
'azure_account_key': keys[0].value,
'azure_account_key_fallback': keys[1].value
}
)
except:
continue
return discovered_azure_sql