def _ensure_subnet_delegation(cli_ctx, subnet_id, delegation_service_name):
network_client = _get_network_client_factory(cli_ctx)
subnet_id_parts = parse_resource_id(subnet_id)
vnet_resource_group = subnet_id_parts['resource_group']
vnet_name = subnet_id_parts['name']
subnet_name = subnet_id_parts['resource_name']
subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name,
subnet_name)
delegations = subnet_obj.delegations
delegated = False
for d in delegations:
if d.service_name.lower() == delegation_service_name.lower():
delegated = True
if not delegated:
subnet_obj.delegations = [
Delegation(name="delegation", service_name=delegation_service_name)
]
try:
poller = network_client.subnets.begin_create_or_update(
vnet_resource_group,
vnet_name,
subnet_name,
subnet_parameters=subnet_obj)
LongRunningOperation(cli_ctx)(poller)
except Exception:
err_msg = 'Subnet must be delegated to {}.'.format(
delegation_service_name)
rec_msg = 'Use: az network vnet subnet update --delegations "{}"'.format(
delegation_service_name)
validation_error = ValidationError(err_msg)
validation_error.set_recommendation(rec_msg)
raise validation_error
def _ensure_subnet_private_endpoint_network_policy(cli_ctx, subnet_id,
network_policy_enabled):
network_client = _get_network_client_factory(cli_ctx)
subnet_id_parts = parse_resource_id(subnet_id)
vnet_resource_group = subnet_id_parts['resource_group']
vnet_name = subnet_id_parts['name']
subnet_name = subnet_id_parts['resource_name']
subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name,
subnet_name)
target_state = 'Enabled' if network_policy_enabled else 'Disabled'
if subnet_obj.private_endpoint_network_policies != target_state:
subnet_obj.private_endpoint_network_policies = target_state
try:
poller = network_client.subnets.begin_create_or_update(
vnet_resource_group,
vnet_name,
subnet_name,
subnet_parameters=subnet_obj)
LongRunningOperation(cli_ctx)(poller)
except Exception:
err_msg = 'Subnet must have Private Endpoint Network Policy {}.'.format(
target_state)
rec_msg = 'Use: az network vnet subnet update --disable-private-endpoint-network-policies'
validation_error = ValidationError(err_msg)
validation_error.set_recommendation(rec_msg)
raise validation_error
def _ensure_route_table(cli_ctx, resource_group_name, ase_name, location,
subnet_id, force):
subnet_id_parts = parse_resource_id(subnet_id)
vnet_resource_group = subnet_id_parts['resource_group']
vnet_name = subnet_id_parts['name']
subnet_name = subnet_id_parts['resource_name']
ase_route_table_name = ase_name + '-Route-Table'
ase_route_name = ase_name + '-route'
network_client = _get_network_client_factory(cli_ctx)
subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name,
subnet_name)
if subnet_obj.route_table is None or force:
rt_list = network_client.route_tables.list(resource_group_name)
rt_found = False
for rt in list(rt_list):
if rt.name.lower() == ase_route_table_name.lower():
rt_found = True
break
if not rt_found:
logger.info('Ensure Route Table...')
ase_route_table = RouteTable(location=location)
poller = network_client.route_tables.begin_create_or_update(
resource_group_name, ase_route_table_name, ase_route_table)
LongRunningOperation(cli_ctx)(poller)
logger.info('Ensure Internet Route...')
internet_route = Route(address_prefix='0.0.0.0/0',
next_hop_type='Internet')
poller = network_client.routes.begin_create_or_update(
resource_group_name, ase_route_table_name, ase_route_name,
internet_route)
LongRunningOperation(cli_ctx)(poller)
rt = network_client.route_tables.get(resource_group_name,
ase_route_table_name)
if not subnet_obj.route_table or subnet_obj.route_table.id != rt.id:
logger.info('Associate Route Table with Subnet...')
subnet_obj.route_table = rt
poller = network_client.subnets.begin_create_or_update(
vnet_resource_group,
vnet_name,
subnet_name,
subnet_parameters=subnet_obj)
LongRunningOperation(cli_ctx)(poller)
else:
route_table_id_parts = parse_resource_id(subnet_obj.route_table.id)
rt_name = route_table_id_parts['name']
if rt_name.lower() != ase_route_table_name.lower():
err_msg = 'Route table already exists.'
rec_msg = 'Use --ignore-route-table to use existing route table ' \
'or --force-route-table to replace existing route table'
validation_error = ValidationError(err_msg)
validation_error.set_recommendation(rec_msg)
raise validation_error
def _validate_subnet_size(cli_ctx, subnet_id):
subnet_id_parts = parse_resource_id(subnet_id)
vnet_resource_group = subnet_id_parts['resource_group']
vnet_name = subnet_id_parts['name']
subnet_name = subnet_id_parts['resource_name']
network_client = _get_network_client_factory(cli_ctx)
subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name, subnet_name)
address = subnet_obj.address_prefix
size = int(address[address.index('/') + 1:])
if size > 24:
err_msg = 'Subnet size could cause scaling issues. Recommended size is at least /24.'
rec_msg = 'Use --ignore-subnet-size-validation to skip size test.'
validation_error = ValidationError(err_msg)
validation_error.set_recommendation(rec_msg)
raise validation_error