def create_or_update_mediaservice(client, resource_group_name, account_name, storage_accounts=None,
location=None, mi_system_assigned=False, mi_user_assigned=None,
disable_public_network=False, default_action=None, ip_allow_list=None,
tags=None):
media_service = MediaService(location=location, storage_accounts=storage_accounts,
tags=tags,
public_network_access='Disabled' if disable_public_network else 'Enabled')
if mi_system_assigned or mi_user_assigned:
identity = MediaServiceIdentity(type='')
identity.type = 'SystemAssigned' if mi_system_assigned else ''
user_id_dict = {}
if mi_user_assigned:
identity.type = ','.join([identity.type, 'UserAssigned']) if identity.type else 'UserAssigned'
for user_id in mi_user_assigned:
user_id_dict[user_id] = {}
identity.user_assigned_identities = user_id_dict
media_service.identity = identity
if default_action:
media_service.key_delivery = KeyDelivery(access_control=AccessControl(default_action=default_action,
ip_allow_list=ip_allow_list
if default_action == 'Deny' else []))
else:
media_service.key_delivery = KeyDelivery(access_control=AccessControl(default_action="Allow",
ip_allow_list=[]))
return client.create_or_update(resource_group_name, account_name, media_service)
def set_encryption(client,
resource_group_name,
account_name,
key_type=None,
current_key_id=None,
key_identifier=None):
try:
account_info = client.get(
resource_group_name, account_name
) if resource_group_name else client.get_by_subscription(account_name)
if key_type == 'CustomerKey':
key_vault_props = KeyVaultProperties(
key_identifier=key_identifier,
current_key_identifier=current_key_id)
else:
key_vault_props = None
encryption = AccountEncryption(type=key_type,
key_vault_properties=key_vault_props)
media_service = MediaService(
location=account_info.location,
identity=account_info.identity,
storage_accounts=account_info.storage_accounts,
encryption=encryption)
return client.create_or_update(resource_group_name, account_name,
media_service)
except HttpResponseError as ex:
recommendation = ''
if ex.message == '(BadRequest) Access to the Customer Key was forbidden.':
recommendation = 'Please use the Azure Portal to grant the key vault access to the media account.'\
'For more information please visit https://aka.ms/keyvaultaccess'
raise BadRequestError(ex, recommendation)
def create_or_update_mediaservice(client, resource_group_name, account_name, storage_accounts=None,
location=None,
tags=None):
media_service = MediaService(location=location, storage_accounts=storage_accounts, tags=tags)
return client.create_or_update(resource_group_name, account_name, media_service)
def create_or_update_mediaservice(client, resource_group_name, account_name, storage_accounts=None,
location=None,
tags=None):
from azure.mgmt.media.models import MediaService
media_service = MediaService(location=location, storage_accounts=storage_accounts, tags=tags)
return client.create_or_update(resource_group_name, account_name, media_service)
def set_mediaservice_trusted_storage(client, resource_group_name, account_name,
storage_auth):
ams = client.get(resource_group_name, account_name)
media_service = MediaService(location=ams.location,
storage_accounts=ams.storage_accounts,
storage_authentication=storage_auth)
return client.create_or_update(resource_group_name, account_name,
media_service)
def set_encryption(client,
resource_group_name,
account_name,
key_type=None,
current_key_id=None,
key_identifier=None,
system_assigned=None,
user_assigned=None):
try:
account_info: MediaService = client.get(resource_group_name, account_name)\
if resource_group_name else client.get_by_subscription(account_name)
if key_type == AccountEncryptionKeyType.CUSTOMER_KEY:
key_vault_props = KeyVaultProperties(
key_identifier=key_identifier,
current_key_identifier=current_key_id)
if user_assigned:
identity = ResourceIdentity(
use_system_assigned_identity=False,
user_assigned_identity=user_assigned)
elif system_assigned:
identity = ResourceIdentity(use_system_assigned_identity=True,
user_assigned_identity=None)
else:
identity = None
encryption = AccountEncryption(
type=key_type,
key_vault_properties=key_vault_props,
identity=identity)
else:
encryption = AccountEncryption(type=key_type,
key_vault_properties=None,
identity=None)
media_service: MediaService = MediaService(
location=account_info.location,
storage_accounts=account_info.storage_accounts,
key_delivery=account_info.key_delivery,
identity=account_info.identity,
encryption=encryption,
storage_authentication=account_info.storage_authentication,
name=account_info.name,
public_network_access=account_info.public_network_access)
return client.create_or_update(resource_group_name, account_name,
media_service)
except HttpResponseError as ex:
recommendation = ''
if ex.message == '(BadRequest) Access to the Customer Key was forbidden.':
recommendation = 'Please use the Azure Portal to grant the key vault access to the media account.'\
'For more information please visit https://aka.ms/keyvaultaccess'
raise BadRequestError(ex, recommendation)
def create_or_update_mediaservice(client,
resource_group_name,
account_name,
storage_accounts=None,
location=None,
assign_identity=False,
tags=None):
identity = 'SystemAssigned' if assign_identity else 'None'
media_service = MediaService(location=location,
storage_accounts=storage_accounts,
identity=MediaServiceIdentity(type=identity),
tags=tags)
return client.create_or_update(resource_group_name, account_name,
media_service)
def remove_mediaservice_secondary_storage(client, resource_group_name, account_name, storage_account):
ams = client.get(resource_group_name, account_name)
storage_accounts_filtered = list(filter(lambda s: storage_account not in s.id and 'Secondary' in s.type,
ams.storage_accounts))
primary_storage_account = list(filter(lambda s: 'Primary' in s.type, ams.storage_accounts))[0]
storage_accounts_filtered.append(primary_storage_account)
media_service = MediaService(name=ams.name, location=ams.location, key_delivery=ams.key_delivery,
identity=ams.identity, encryption=ams.encryption,
storage_accounts=storage_accounts_filtered,
storage_authentication=ams.storage_authentication,
public_network_access=ams.public_network_access)
return client.create_or_update(resource_group_name, account_name, media_service)
def set_mediaservice_trusted_storage(client, resource_group_name, account_name, storage_auth, storage_account_id=None,
system_assigned=False, user_assigned=None):
ams: MediaService = client.get(resource_group_name, account_name)\
if resource_group_name else client.get_by_subscription(account_name)
if storage_auth == 'ManagedIdentity' and storage_account_id is None:
error_msg = 'Please specify a storage account id for the storage account whose identity you would like to set'
raise ValidationError(error_msg)
for storage_account in ams.storage_accounts:
if storage_auth == 'ManagedIdentity':
if storage_account.id.lower() == storage_account_id.lower():
storage_account.identity = ResourceIdentity(use_system_assigned_identity=system_assigned,
user_assigned_identity=user_assigned)
else:
storage_account.identity = None
media_service = MediaService(name=ams.name, location=ams.location, key_delivery=ams.key_delivery,
identity=ams.identity, encryption=ams.encryption,
storage_accounts=ams.storage_accounts, storage_authentication=storage_auth,
public_network_access=ams.public_network_access)
return client.create_or_update(resource_group_name, account_name, media_service)
def add_mediaservice_secondary_storage(client, resource_group_name, account_name, storage_account,
system_assigned=False, user_assigned=None):
ams = client.get(resource_group_name, account_name)
if (system_assigned is False and user_assigned is None and ams.storage_authentication == 'ManagedIdentity'):
error_msg = 'Please specify either system assigned identity or a user assigned identity'
raise ValidationError(error_msg)
storage_accounts_filtered = list(filter(lambda s: storage_account in s.id, ams.storage_accounts))
storage_account_secondary = StorageAccount(type='Secondary', id=storage_account)
if ams.storage_authentication == 'ManagedIdentity':
storage_account_secondary.identity = ResourceIdentity(use_system_assigned_identity=system_assigned,
user_assigned_identity=user_assigned)
if not storage_accounts_filtered:
ams.storage_accounts.append(storage_account_secondary)
media_service = MediaService(name=ams.name, location=ams.location, key_delivery=ams.key_delivery,
identity=ams.identity, encryption=ams.encryption,
storage_accounts=ams.storage_accounts,
storage_authentication=ams.storage_authentication,
public_network_access=ams.public_network_access)
return client.create_or_update(resource_group_name, account_name, media_service)
parameters = MediaService(
location=account_location,
storage_accounts=[
StorageAccount(
# This should point to an already created storage account that is Blob storage General purpose v2.
# Recommend to use ZRS or Geo redundant ZRS in regions that support availability zones
type=StorageAccountType.PRIMARY,
id=f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Storage/storageAccounts/{storage_account_name}",
# Set the user assigned managed identity resource and set system assigned to false here.
identity=ResourceIdentity(
user_assigned_identity=managed_identity_resource,
use_system_assigned_identity=False
)
)
],
# Sets the account encryption used. This can be changed to customer key and point to a key vault key.
encryption=AccountEncryption(
type="SystemKey",
# Optional settings if using key vault encryption key and managed identity
# identity = ResourceIdentity(
# user_assigned_identity = managed_identity_resource,
# use_system_assigned_identity = False
# ),
# key_vault_properties = KeyVaultProperties(
# key_identifier = ""
# )
),
# Enables user or system assigned managed identity when accessing storage - a.k.a - trusted storage.
storage_authentication="ManagedIdentity",
identity=MediaServiceIdentity(
type="UserAssigned",
user_assigned_identities={
"managed_identity_resource": {}
}
),
# If you plan to use a private network and do not want any streaming to
# go out to the public internet, you can disable this account setting.
public_network_access="Enabled",
key_delivery=KeyDelivery(
access_control=AccessControl(
default_action=DefaultAction.ALLOW,
ip_allow_list=[
# List the IPv3 addresses to Allow or Deny based on the defaulot action.
# "10.0.0.1/32", you can use the CIDR IPv3 format,
# "127.0.0.1" or a single individual IPv4 address as well
]
)
)
)
storage_account = storage_async_operation.result()
print(storage_account)
create_storage(resource_group, storage_account_name, stor_avail_params,
stor_account_params)
# Set up the values for you Media Services account
parameters = MediaService(
location=account_location,
storage_accounts=[
StorageAccount(
type=StorageAccountType.PRIMARY,
id=
f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Storage/storageAccounts/{storage_account_name}"
)
],
key_delivery=KeyDelivery(access_control=AccessControl(
default_action=DefaultAction.ALLOW,
ip_allow_list=[
# List the IPv3 addresses to Allow or Deny based on the default action.
# "10.0.0.1/32", you can use the CIDR IPv3 format,
# "127.0.0.1" or a single individual IPv4 address as well
])))
availability = client.locations.check_name_availability(
account_location,
parameters=CheckNameAvailabilityInput(
name=account_name, type="Microsoft.Media/mediaservices"))
if not availability.name_available:
print(f"The account with the name {account_name} is not available.")