def get_action(self, values, option_string): # pylint: disable=no-self-use from azure.mgmt.servicebus.v2021_06_01_preview.models import KeyVaultProperties from azure.mgmt.servicebus.v2021_06_01_preview.models import UserAssignedIdentityProperties from azure.cli.core.azclierror import InvalidArgumentValueError from azure.cli.core import CLIError keyVaultObject = KeyVaultProperties() for (k, v) in (x.split('=', 1) for x in values): if k == 'key-name': keyVaultObject.key_name = v elif k == 'key-vault-uri': keyVaultObject.key_vault_uri = v if keyVaultObject.key_vault_uri.endswith('/'): keyVaultObject.key_vault_uri = keyVaultObject.key_vault_uri[:-1] elif k == 'key-version': keyVaultObject.key_version = v elif k == 'user-assigned-identity': keyVaultObject.identity = UserAssignedIdentityProperties() keyVaultObject.identity.user_assigned_identity = v if keyVaultObject.identity.user_assigned_identity.endswith('/'): keyVaultObject.identity.user_assigned_identity = keyVaultObject.identity.user_assigned_identity[:-1] else: raise InvalidArgumentValueError("Invalid Argument for:'{}' Only allowed arguments are 'key-name, key-vault-uri, key-version and user-assigned-identity'".format(option_string)) if (keyVaultObject.key_name is None) or (keyVaultObject.key_vault_uri is None): raise CLIError('key-name and key-vault-uri are mandatory properties') if keyVaultObject.key_version is None: keyVaultObject.key_version = '' return keyVaultObject
def create_metric_alert(client, resource_group_name, rule_name, scopes, condition, disabled=False, description=None, tags=None, actions=None, severity=2, window_size='5m', evaluation_frequency='1m', auto_mitigate=None, target_resource_type=None, target_resource_region=None): from azure.mgmt.monitor.models import ( MetricAlertResource, MetricAlertSingleResourceMultipleMetricCriteria, MetricAlertMultipleResourceMultipleMetricCriteria, MetricCriteria) from azure.cli.core import CLIError # generate names for the conditions for i, cond in enumerate(condition): cond.name = 'cond{}'.format(i) criteria = None resource_type, scope_type = _parse_resource_and_scope_type(scopes) if scope_type in ['resource_group', 'subscription']: if target_resource_type is None or target_resource_region is None: raise CLIError( '--target-resource-type and --target-resource-region must be provided.' ) criteria = MetricAlertMultipleResourceMultipleMetricCriteria( all_of=condition) else: if len(scopes) == 1 and isinstance(condition, MetricCriteria): criteria = MetricAlertSingleResourceMultipleMetricCriteria( all_of=condition) else: criteria = MetricAlertMultipleResourceMultipleMetricCriteria( all_of=condition) target_resource_type = resource_type target_resource_region = target_resource_region if target_resource_region else 'global' kwargs = { 'description': description, 'severity': severity, 'enabled': not disabled, 'scopes': scopes, 'evaluation_frequency': evaluation_frequency, 'window_size': window_size, 'criteria': criteria, 'target_resource_type': target_resource_type, 'target_resource_region': target_resource_region, 'actions': actions, 'tags': tags, 'location': 'global', 'auto_mitigate': auto_mitigate } return client.create_or_update(resource_group_name, rule_name, MetricAlertResource(**kwargs))
def parse_one_scope_with_action(scope, operation_on_scope): result = parse_resource_id(scope) if 'namespace' in result and 'resource_type' in result: operation_on_scope(result['namespace'], result['resource_type'], 'resource') elif 'resource_group' in result: # It's a resource group. operation_on_scope('', '', 'resource_group') elif 'subscription' in result: # It's a subscription. operation_on_scope('', '', 'subscription') else: raise CLIError('Scope must be a valid resource id.')
def cli_remove_identity(cmd, client, resource_group_name, namespace_name, system_assigned=None, user_assigned=None): namespace = client.get(resource_group_name, namespace_name) IdentityType = cmd.get_models('ManagedServiceIdentityType', resource_type=ResourceType.MGMT_EVENTHUB) from azure.cli.core import CLIError if namespace.identity is None: raise CLIError('The namespace does not have identity enabled') if system_assigned: if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED: namespace.identity.type = IdentityType.NONE if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED: namespace.identity.type = IdentityType.USER_ASSIGNED if user_assigned: if namespace.identity.type == IdentityType.USER_ASSIGNED: if namespace.identity.user_assigned_identities: for x in user_assigned: namespace.identity.user_assigned_identities.pop(x) # if all identities are popped off of the dictionary, we disable user assigned identity if len(namespace.identity.user_assigned_identities) == 0: namespace.identity.type = IdentityType.NONE namespace.identity.user_assigned_identities = None if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED: if namespace.identity.user_assigned_identities: for x in user_assigned: namespace.identity.user_assigned_identities.pop(x) # if all identities are popped off of the dictionary, we disable user assigned identity if len(namespace.identity.user_assigned_identities) == 0: namespace.identity.type = IdentityType.SYSTEM_ASSIGNED namespace.identity.user_assigned_identities = None client.begin_create_or_update(resource_group_name=resource_group_name, namespace_name=namespace_name, parameters=namespace).result() get_namespace = client.get(resource_group_name, namespace_name) return get_namespace
def _parse_resource_type(scopes): from msrestazure.tools import parse_resource_id from azure.cli.core import CLIError namespace = None resource_type = None for item in scopes: item_namespace = parse_resource_id(item)['namespace'] item_resource_type = parse_resource_id(item)['resource_type'] if namespace is None and resource_type is None: namespace = item_namespace resource_type = item_resource_type else: if namespace != item_namespace or resource_type != item_resource_type: raise CLIError( 'Multiple scopes should be the same resource type.') return namespace + '/' + resource_type
def _parse_resource_and_scope_type(scopes): from azure.mgmt.core.tools import parse_resource_id from knack.util import CLIError if not scopes: raise CLIError('scopes cannot be null.') namespace = '' resource_type = '' scope_type = None def validate_scope(item_namespace, item_resource_type, item_scope_type): if namespace != item_namespace or resource_type != item_resource_type or scope_type != item_scope_type: raise CLIError('Multiple scopes should be the same resource type.') def store_scope(item_namespace, item_resource_type, item_scope_type): nonlocal namespace nonlocal resource_type nonlocal scope_type namespace = item_namespace resource_type = item_resource_type scope_type = item_scope_type def parse_one_scope_with_action(scope, operation_on_scope): result = parse_resource_id(scope) if 'namespace' in result and 'resource_type' in result: operation_on_scope(result['namespace'], result['resource_type'], 'resource') elif 'resource_group' in result: # It's a resource group. operation_on_scope('', '', 'resource_group') elif 'subscription' in result: # It's a subscription. operation_on_scope('', '', 'subscription') else: raise CLIError('Scope must be a valid resource id.') # Store the resource type and scope type from first scope parse_one_scope_with_action(scopes[0], operation_on_scope=store_scope) # Validate the following scopes for item in scopes: parse_one_scope_with_action(item, operation_on_scope=validate_scope) return namespace + '/' + resource_type, scope_type
def cli_remove_encryption(client, resource_group_name, namespace_name, encryption_config): namespace = client.get(resource_group_name, namespace_name) from azure.cli.core import CLIError if namespace.encryption is None: raise CLIError('The namespace does not have encryption enabled') if namespace.encryption.key_vault_properties: for encryption_property in encryption_config: if encryption_property in namespace.encryption.key_vault_properties: namespace.encryption.key_vault_properties.remove(encryption_property) client.begin_create_or_update( resource_group_name=resource_group_name, namespace_name=namespace_name, parameters=namespace).result() get_namespace = client.get(resource_group_name, namespace_name) return get_namespace
def validate_scope(item_namespace, item_resource_type, item_scope_type): if namespace != item_namespace or resource_type != item_resource_type or scope_type != item_scope_type: raise CLIError('Multiple scopes should be the same resource type.')