def test_app_service_environment_create(self, ase_client_factory_mock, network_client_factory_mock, resource_client_factory_mock, deployment_name_mock): ase_name = 'mock_ase_name' rg_name = 'mock_rg_name' vnet_name = 'mock_vnet_name' subnet_name = 'mock_subnet_name' deployment_name = 'mock_deployment_name' ase_client = mock.MagicMock() ase_client_factory_mock.return_value = ase_client resource_client_mock = mock.MagicMock() resource_client_factory_mock.return_value = resource_client_mock deployment_name_mock.return_value = deployment_name network_client = mock.MagicMock() network_client_factory_mock.return_value = network_client subnet = Subnet(id=1, address_prefix='10.10.10.10/25') network_client.subnets.get.return_value = subnet # assert that ValidationError raised when called with small subnet with self.assertRaises(ValidationError): create_appserviceenvironment_arm( self.mock_cmd, resource_group_name=rg_name, name=ase_name, subnet=subnet_name, vnet_name=vnet_name, ignore_network_security_group=True, ignore_route_table=True, location='westeurope') subnet = Subnet(id=1, address_prefix='10.10.10.10/24') network_client.subnets.get.return_value = subnet create_appserviceenvironment_arm(self.mock_cmd, resource_group_name=rg_name, name=ase_name, subnet=subnet_name, vnet_name=vnet_name, ignore_network_security_group=True, ignore_route_table=True, location='westeurope') # Assert create_or_update is called with correct rg and deployment name resource_client_mock.deployments.create_or_update.assert_called_once() self.assertEqual( resource_client_mock.deployments.create_or_update.call_args[0][0], rg_name) self.assertEqual( resource_client_mock.deployments.create_or_update.call_args[0][1], deployment_name)
def create_virtual_network(self, network_client, parameters, network_name, subnet_name): """ Creates the network resources, such as Virtual network and Subnet. Args: network_client: A NetworkManagementClient instance. parameters: A dict, containing all the parameters necessary to authenticate this user with Azure. network_name: The name to use for the Virtual Network resource. subnet_name: The name to use for the Subnet resource. Returns: A Subnet instance from the Virtual Network created. """ group_name = parameters[self.PARAM_RESOURCE_GROUP] region = parameters[self.PARAM_ZONE] verbose = parameters[self.PARAM_VERBOSE] AppScaleLogger.verbose( "Creating/Updating the Virtual Network '{}'".format(network_name), verbose) address_space = AddressSpace(address_prefixes=['10.1.0.0/16']) subnet1 = Subnet(name=subnet_name, address_prefix='10.1.0.0/24') result = network_client.virtual_networks.create_or_update( group_name, network_name, VirtualNetwork(location=region, address_space=address_space, subnets=[subnet1])) self.sleep_until_update_operation_done(result, network_name, verbose) subnet = network_client.subnets.get(group_name, network_name, subnet_name) return subnet
def set_lb_frontend_ip_configuration(resource_group_name, load_balancer_name, item_name, private_ip_address=None, private_ip_address_allocation=None, public_ip_address=None, subnet=None, virtual_network_name=None): # pylint: disable=unused-argument ncf = _network_client_factory() lb = ncf.load_balancers.get(resource_group_name, load_balancer_name) item = _get_property(lb.frontend_ip_configurations, item_name) if private_ip_address == '': item.private_ip_allocation_method = private_ip_address_allocation item.private_ip_address = None elif private_ip_address is not None: item.private_ip_allocation_method = private_ip_address_allocation item.private_ip_address = private_ip_address if subnet == '': item.subnet = None elif subnet is not None: item.subnet = Subnet(subnet) if public_ip_address == '': item.public_ip_address = None elif public_ip_address is not None: item.public_ip_address = PublicIPAddress(public_ip_address) return ncf.load_balancers.create_or_update(resource_group_name, load_balancer_name, lb)
def test_app_service_environment_v3_zone_create(self, ase_client_factory_mock, network_client_factory_mock, resource_client_factory_mock, deployment_name_mock): ase_name = 'mock_ase_name' rg_name = 'mock_rg_name' vnet_name = 'mock_vnet_name' subnet_name = 'mock_subnet_name' deployment_name = 'mock_deployment_name' ase_client = mock.MagicMock() ase_client_factory_mock.return_value = ase_client resource_client_mock = mock.MagicMock() resource_client_factory_mock.return_value = resource_client_mock deployment_name_mock.return_value = deployment_name network_client = mock.MagicMock() network_client_factory_mock.return_value = network_client subnet = Subnet(id=1, address_prefix='10.10.10.10/24') hosting_delegation = Delegation(id=1, service_name='Microsoft.Web/hostingEnvironments') subnet.delegations = [hosting_delegation] network_client.subnets.get.return_value = subnet create_appserviceenvironment_arm(self.mock_cmd, resource_group_name=rg_name, name=ase_name, subnet=subnet_name, vnet_name=vnet_name, kind='ASEv3', location='westeurope', zone_redundant=True) # Assert begin_create_or_update is called with correct rg and deployment name resource_client_mock.deployments.begin_create_or_update.assert_called_once() call_args = resource_client_mock.deployments.begin_create_or_update.call_args self.assertEqual(call_args[0][0], rg_name) self.assertEqual(call_args[0][1], deployment_name)
def create_nic_ip_config( resource_group_name, network_interface_name, ip_config_name, subnet=None, virtual_network_name=None, public_ip_address=None, load_balancer_name=None, # pylint: disable=unused-argument load_balancer_backend_address_pool_ids=None, load_balancer_inbound_nat_rule_ids=None, private_ip_address=None, private_ip_address_allocation='dynamic', private_ip_address_version='ipv4'): ncf = _network_client_factory() nic = ncf.network_interfaces.get(resource_group_name, network_interface_name) nic.ip_configurations.append( NetworkInterfaceIPConfiguration( name=ip_config_name, subnet=Subnet(subnet) if subnet else None, public_ip_address=PublicIPAddress(public_ip_address) if public_ip_address else None, load_balancer_backend_address_pools= load_balancer_backend_address_pool_ids, load_balancer_inbound_nat_rules=load_balancer_inbound_nat_rule_ids, private_ip_address=private_ip_address, private_ip_allocation_method=private_ip_address_allocation, private_ip_address_version=private_ip_address_version)) return ncf.network_interfaces.create_or_update(resource_group_name, network_interface_name, nic)
def run_action(credentials, rule, entity, params): logging.info(f'{__file__} - ${run_action.__name__} started') subscription_id = entity['accountNumber'] server_group_name = entity['resourceGroup']['name'] sql_server_name = entity['name'] sql_server_region = entity['region'] logging.info( f'{__file__} - subscription_id : {subscription_id} - server_group_name : {server_group_name} - sql_server : {sql_server_name}') if not subscription_id or not credentials: return raise_credentials_error() try: network_client = NetworkManagementClient(credentials,subscription_id) sql_client = SqlManagementClient(credentials, subscription_id) vnets = network_client.virtual_networks.list_all() acls = [] endpoint_params = [ServiceEndpointPropertiesFormat(service='Microsoft.Sql', locations=["*"])] subnet_path = "" for v in vnets: vnet_name = v.name vnet_nsg_split = v.id.split('/') vnet_nsg = vnet_nsg_split[4] subnets = v.subnets vnet_region = v.location if sql_server_region == vnet_region: logging.info(f'Regions match - applying ACLs to {vnet_name}') for s in subnets: subnet_path = s.id subnet_name = s.name subnet_address_prefix = s.address_prefix service_endpoint_list = s.service_endpoints firewall_rule_name = vnet_name + "-" + subnet_name + " auto-generated rule" logging.info(f'Subnet path : {subnet_path} Subnet Name : {subnet_name} Subnet CIDR : {subnet_address_prefix} Endpoint list : {service_endpoint_list}') # Create storage endpoint if doesn't exist if not service_endpoint_list: network_client.subnets.begin_create_or_update(resource_group_name=vnet_nsg, virtual_network_name=vnet_name, subnet_name=subnet_name, subnet_parameters=Subnet(address_prefix=subnet_address_prefix, service_endpoints=endpoint_params)) else: logging.info(f'Service Endpoint for subnet {subnet_name} already exists, not creating') logging.info(*service_endpoint_list) acls.append(VirtualNetworkRule(virtual_network_subnet_id=subnet_path)) sql_client.virtual_network_rules.begin_create_or_update(server_group_name, sql_server_name, firewall_rule_name, parameters=VirtualNetworkRule( virtual_network_subnet_id=subnet_path, ignore_missing_vnet_service_endpoint=False)) logging.info(f'Azure SQL firewall rule {firewall_rule_name} set successfully on : {sql_server_name}') else: logging.info(f'Regions do not match - skipping {vnet_name}') except (HttpResponseError, ResourceExistsError) as e: logging.info(f'An error occured : {e}')
def create_ase_inbound_services(cmd, resource_group_name, name, subnet, vnet_name=None, skip_dns=False): ase_client = _get_ase_client_factory(cmd.cli_ctx) ase = ase_client.get(resource_group_name, name) if not ase: raise ResourceNotFoundError( "App Service Environment '{}' not found.".format(name)) inbound_subnet_id = _validate_subnet_id(cmd.cli_ctx, subnet, vnet_name, resource_group_name) inbound_vnet_id = _get_vnet_id_from_subnet(cmd.cli_ctx, inbound_subnet_id) if ase.kind.lower() == 'asev3': _ensure_subnet_private_endpoint_network_policy(cmd.cli_ctx, inbound_subnet_id, False) network_client = _get_network_client_factory(cmd.cli_ctx) pls_connection = PrivateLinkServiceConnection( private_link_service_id=ase.id, group_ids=['hostingEnvironments'], request_message='Link from CLI', name='{}-private-connection'.format(name)) private_endpoint = PrivateEndpoint(location=ase.location, tags=None, subnet=Subnet(id=inbound_subnet_id)) private_endpoint.private_link_service_connections = [pls_connection] poller = network_client.private_endpoints.begin_create_or_update( resource_group_name, '{}-private-endpoint'.format(name), private_endpoint) LongRunningOperation(cmd.cli_ctx)(poller) ase_pe = poller.result() nic_name = parse_resource_id(ase_pe.network_interfaces[0].id)['name'] nic = network_client.network_interfaces.get(resource_group_name, nic_name) inbound_ip_address = nic.ip_configurations[0].private_ip_address elif ase.kind.lower() == 'asev2': if ase.internal_load_balancing_mode == 0: raise ValidationError( 'Private DNS Zone is not relevant for External ASEv2.') ase_vip_info = ase_client.get_vip_info(resource_group_name, name) inbound_ip_address = ase_vip_info.internal_ip_address if not skip_dns: _ensure_ase_private_dns_zone(cmd.cli_ctx, resource_group_name=resource_group_name, name=name, inbound_vnet_id=inbound_vnet_id, inbound_ip_address=inbound_ip_address)
def create_vnet(credentials, subscription_id, **kwargs): """ Create a Batch account :param credentials: msrestazure.azure_active_directory.AdalAuthentication :param subscription_id: str :param **resource_group: str :param **virtual_network_name: str :param **subnet_name: str :param **region: str """ network_client = NetworkManagementClient(credentials, subscription_id) resource_group_name = kwargs.get("resource_group", DefaultSettings.resource_group) virtual_network_name = kwargs.get("virtual_network_name", DefaultSettings.virtual_network_name) subnet_name = kwargs.get("subnet_name", DefaultSettings.subnet_name) # get vnet, and subnet if they exist virtual_network = subnet = None try: virtual_network = network_client.virtual_networks.get( resource_group_name=resource_group_name, virtual_network_name=virtual_network_name, ) except CloudError as e: pass if virtual_network: confirmation_prompt = "A virtual network with the same name ({}) was found. \n"\ "Please note that the existing address space and subnets may be changed or destroyed. \n"\ "Do you want to use this virtual network? (y/n): ".format(virtual_network_name) deny_error = AccountSetupError( "Virtual network already exists, not recreating.") unrecognized_input_error = AccountSetupError("Input not recognized.") prompt_for_confirmation(confirmation_prompt, deny_error, unrecognized_input_error) virtual_network = network_client.virtual_networks.create_or_update( resource_group_name=resource_group_name, virtual_network_name=kwargs.get("virtual_network_name", DefaultSettings.virtual_network_name), parameters=VirtualNetwork(location=kwargs.get("region", DefaultSettings.region), address_space=AddressSpace(["10.0.0.0/24"]))) virtual_network = virtual_network.result() subnet = network_client.subnets.create_or_update( resource_group_name=resource_group_name, virtual_network_name=virtual_network_name, subnet_name=subnet_name, subnet_parameters=Subnet(address_prefix='10.0.0.0/24')) return subnet.result().id
def set_nic_ip_config( resource_group_name, network_interface_name, ip_config_name, subnet=None, virtual_network_name=None, public_ip_address=None, load_balancer_name=None, # pylint: disable=unused-argument load_balancer_backend_address_pool_ids=None, load_balancer_inbound_nat_rule_ids=None, private_ip_address=None, private_ip_address_allocation=None, # pylint: disable=unused-argument private_ip_address_version='ipv4'): ncf = _network_client_factory() nic = ncf.network_interfaces.get(resource_group_name, network_interface_name) ip_config = _get_property(nic.ip_configurations, ip_config_name) if private_ip_address == '': ip_config.private_ip_address = None ip_config.private_ip_allocation_method = 'dynamic' ip_config.private_ip_address_version = 'ipv4' elif private_ip_address is not None: ip_config.private_ip_address = private_ip_address ip_config.private_ip_allocation_method = 'static' if private_ip_address_version is not None: ip_config.private_ip_address_version = private_ip_address_version if subnet == '': ip_config.subnet = None elif subnet is not None: ip_config.subnet = Subnet(subnet) if public_ip_address == '': ip_config.public_ip_address = None elif public_ip_address is not None: ip_config.public_ip_address = PublicIPAddress(public_ip_address) if load_balancer_backend_address_pool_ids == '': ip_config.load_balancer_backend_address_pools = None elif load_balancer_backend_address_pool_ids is not None: ip_config.load_balancer_backend_address_pools = load_balancer_backend_address_pool_ids if load_balancer_inbound_nat_rule_ids == '': ip_config.load_balancer_inbound_nat_rules = None elif load_balancer_inbound_nat_rule_ids is not None: ip_config.load_balancer_inbound_nat_rules = load_balancer_inbound_nat_rule_ids return ncf.network_interfaces.create_or_update(resource_group_name, network_interface_name, nic)
def get_nic_params(self, controller_ip): location = self.configuration.get('location') vm_name = self.vm_json.get('name') try: return NetworkInterface( location=location, ip_configurations=[ NetworkInterfaceIPConfiguration( name='%s-%s' % (vm_name, controller_ip), private_ip_address=controller_ip, private_ip_allocation_method='Static', private_ip_address_version='IPv4', subnet=Subnet(id=self.subnet_id)) ]) except Exception as e: fail('Error while getting nic parameters %s' % str(e))
def create_lb_frontend_ip_configuration( resource_group_name, load_balancer_name, item_name, public_ip_address=None, subnet=None, virtual_network_name=None, private_ip_address=None, # pylint: disable=unused-argument private_ip_address_allocation='dynamic'): ncf = _network_client_factory() lb = ncf.load_balancers.get(resource_group_name, load_balancer_name) lb.frontend_ip_configurations.append( FrontendIPConfiguration( name=item_name, private_ip_address=private_ip_address, private_ip_allocation_method=private_ip_address_allocation, public_ip_address=PublicIPAddress(public_ip_address) if public_ip_address else None, subnet=Subnet(subnet) if subnet else None)) return ncf.load_balancers.create_or_update(resource_group_name, load_balancer_name, lb)
def create_subnet(resource_group_name, virtual_network_name, subnet_name, address_prefix='10.0.0.0/24', network_security_group=None): '''Create a virtual network (VNet) subnet :param str address_prefix: address prefix in CIDR format. :param str network_security_group: attach with existing network security group, both name or id are accepted. ''' ncf = _network_client_factory() subnet = Subnet(name=subnet_name, address_prefix=address_prefix) subnet.address_prefix = address_prefix if network_security_group: subnet.network_security_group = NetworkSecurityGroup( network_security_group) return ncf.subnets.create_or_update(resource_group_name, virtual_network_name, subnet_name, subnet)
def create_network_interface(network_client, region, group_name, interface_name, network_name, subnet_name, ip_name): result = network_client.virtual_networks.create_or_update( group_name, network_name, VirtualNetwork( location=region, address_space=AddressSpace( address_prefixes=[ '10.1.0.0/16', ], ), subnets=[ Subnet( name=subnet_name, address_prefix='10.1.0.0/24', ), ], ), ) print('Creating Virtual Network...') result.wait() # async operation subnet = network_client.subnets.get(group_name, network_name, subnet_name) result = network_client.public_ip_addresses.create_or_update( group_name, ip_name, PublicIPAddress( location=region, public_ip_allocation_method=IPAllocationMethod.dynamic, idle_timeout_in_minutes=4, ), ) print('Creating Subnet...') result.wait() # async operation # Creating Public IP public_ip_address = network_client.public_ip_addresses.get(group_name, ip_name) public_ip_id = public_ip_address.id print('Creating Public IP...') result.wait() # async operation result = network_client.network_interfaces.create_or_update( group_name, interface_name, NetworkInterface( location=region, ip_configurations=[ NetworkInterfaceIPConfiguration( name='default', private_ip_allocation_method=IPAllocationMethod.dynamic, subnet=subnet, public_ip_address=PublicIPAddress( id=public_ip_id, ), ), ], ), ) print('Creating Network Interface...') result.wait() # async operation network_interface = network_client.network_interfaces.get( group_name, interface_name, ) return network_interface.id
def exec_module(self, **kwargs): nsg = None subnet = None for key in self.module_arg_spec: setattr(self, key, kwargs[key]) if self.state == 'present' and not CIDR_PATTERN.match( self.address_prefix_cidr): self.fail("Invalid address_prefix_cidr value {0}".format( self.address_prefix_cidr)) if self.security_group_name: nsg = self.get_security_group(self.security_group_name) results = dict() changed = False try: self.log('Fetching subnet {0}'.format(self.name)) subnet = self.network_client.subnets.get(self.resource_group, self.virtual_network_name, self.name) self.check_provisioning_state(subnet, self.state) results = subnet_to_dict(subnet) if self.state == 'present': if self.address_prefix_cidr: if results['address_prefix'] != self.address_prefix_cidr: self.log( "CHANGED: subnet {0} address_prefix_cidr".format( self.name)) changed = True results['address_prefix'] = self.address_prefix_cidr if self.security_group_name: if results['network_security_group'].get('id') != nsg.id: self.log("CHANGED: subnet {0} network security group". format(self.name)) changed = True results['network_security_group']['id'] = nsg.id results['network_security_group']['name'] = nsg.name elif self.state == 'absent': changed = True except CloudError: # the subnet does not exist if self.state == 'present': changed = True self.results['changed'] = changed self.results['state'] = results if not self.check_mode: if self.state == 'present' and changed: if not subnet: # create new subnet self.log('Creating subnet {0}'.format(self.name)) subnet = Subnet(address_prefix=self.address_prefix_cidr) if nsg: subnet.network_security_group = NetworkSecurityGroup( id=nsg.id, location=nsg.location, resource_guid=nsg.resource_guid) else: # update subnet self.log('Updating subnet {0}'.format(self.name)) subnet = Subnet(address_prefix=results['address_prefix']) if results['network_security_group'].get('id'): nsg = self.get_security_group( results['network_security_group']['name']) subnet.network_security_group = NetworkSecurityGroup( id=nsg.id, location=nsg.location, resource_guid=nsg.resource_guid) self.results['state'] = self.create_or_update_subnet(subnet) elif self.state == 'absent': # delete subnet self.delete_subnet() # the delete does not actually return anything. if no exception, then we'll assume # it worked. self.results['state']['status'] = 'Deleted' return self.results
def exec_module(self, **kwargs): for key in self.module_arg_spec.keys() + ['tags']: setattr(self, key, kwargs[key]) results = dict() changed = False nic = None subnet = None nsg = None pip = None resource_group = self.get_resource_group(self.resource_group) if not self.location: # Set default location self.location = resource_group.location if not NAME_PATTERN.match(self.name): self.fail( "Parameter error: name must begin with a letter or number, end with a letter or number " "and contain at least one number.") if self.state == 'present': if self.virtual_network_name and not self.subnet_name: self.fail( "Parameter error: a subnet is required when passing a virtual_network_name." ) if self.subnet_name and not self.virtual_network_name: self.fail( "Parameter error: virtual_network_name is required when passing a subnet value." ) if self.virtual_network_name and self.subnet_name: subnet = self.get_subnet(self.virtual_network_name, self.subnet_name) if self.public_ip_address_name: pip = self.get_public_ip_address(self.public_ip_address_name) if self.security_group_name: nsg = self.get_security_group(self.security_group_name) try: self.log('Fetching network interface {0}'.format(self.name)) nic = self.network_client.network_interfaces.get( self.resource_group, self.name) self.log('Network interface {0} exists'.format(self.name)) self.check_provisioning_state(nic, self.state) results = nic_to_dict(nic) self.log(results, pretty_print=True) if self.state == 'present': update_tags, results['tags'] = self.update_tags( results['tags']) if update_tags: changed = True if self.private_ip_address: if results['ip_configuration'][ 'private_ip_address'] != self.private_ip_address: self.log( "CHANGED: network interface {0} private ip".format( self.name)) changed = True results['ip_configuration'][ 'private_ip_address'] = self.private_ip_address if self.public_ip_address_name: if results['ip_configuration']['public_ip_address'].get( 'id') != pip.id: self.log( "CHANGED: network interface {0} public ip".format( self.name)) changed = True results['ip_configuration']['public_ip_address'][ 'id'] = pip.id results['ip_configuration']['public_ip_address'][ 'name'] = pip.name if self.security_group_name: if results['network_security_group'].get('id') != nsg.id: self.log( "CHANGED: network interface {0} network security group" .format(self.name)) changed = True results['network_security_group']['id'] = nsg.id results['network_security_group']['name'] = nsg.name if self.private_ip_allocation_method: if results['ip_configuration'][ 'private_ip_allocation_method'] != self.private_ip_allocation_method: self.log( "CHANGED: network interface {0} private ip allocation" .format(self.name)) changed = True results['ip_configuration'][ 'private_ip_allocation_method'] = self.private_ip_allocation_method if self.private_ip_allocation_method == 'Dynamic': results['ip_configuration'][ 'private_ip_address'] = None if self.subnet_name: if results['ip_configuration']['subnet'].get( 'id') != subnet.id: changed = True self.log( "CHANGED: network interface {0} subnet".format( self.name)) results['ip_configuration']['subnet']['id'] = subnet.id results['ip_configuration']['subnet'][ 'name'] = subnet.name results['ip_configuration']['subnet'][ 'virtual_network_name'] = self.virtual_network_name elif self.state == 'absent': self.log( "CHANGED: network interface {0} exists but requested state is 'absent'" .format(self.name)) changed = True except CloudError: self.log('Network interface {0} does not exist'.format(self.name)) if self.state == 'present': self.log( "CHANGED: network interface {0} does not exist but requested state is " "'present'".format(self.name)) changed = True self.results['changed'] = changed self.results['state'] = results if self.check_mode: return self.results if changed: if self.state == 'present': if not nic: # create network interface self.log("Creating network interface {0}.".format( self.name)) # check required parameters if not self.subnet_name: self.fail( "parameter error: subnet_name required when creating a network interface." ) if not self.virtual_network_name: self.fail( "parameter error: virtual_network_name required when creating a network interface." ) if not self.security_group_name: # create default security group nsg = self.create_default_securitygroup( self.resource_group, self.location, self.name, self.os_type, self.open_ports) if not pip and self.public_ip: # create a default public_ip pip = self.create_default_pip( self.resource_group, self.location, self.name, self.public_ip_allocation_method) nic = NetworkInterface( location=self.location, name=self.name, tags=self.tags, ip_configurations=[ NetworkInterfaceIPConfiguration( name='default', private_ip_allocation_method=self. private_ip_allocation_method, ) ]) nic.ip_configurations[0].subnet = Subnet(id=subnet.id) nic.network_security_group = NetworkSecurityGroup( id=nsg.id, name=nsg.name, location=nsg.location, resource_guid=nsg.resource_guid) if self.private_ip_address: nic.ip_configurations[ 0].private_ip_address = self.private_ip_address if pip: nic.ip_configurations[ 0].public_ip_address = PublicIPAddress( id=pip.id, name=pip.name, location=pip.location, resource_guid=pip.resource_guid) else: self.log("Updating network interface {0}.".format( self.name)) nic = NetworkInterface( location=results['location'], name=results['name'], tags=results['tags'], ip_configurations=[ NetworkInterfaceIPConfiguration( name=results['ip_configuration']['name'], private_ip_allocation_method=results[ 'ip_configuration'] ['private_ip_allocation_method'], ) ], ) subnet = self.get_subnet( results['ip_configuration']['subnet'] ['virtual_network_name'], results['ip_configuration']['subnet']['name']) nic.ip_configurations[0].subnet = Subnet(id=subnet.id) if results['ip_configuration'].get('private_ip_address'): nic.ip_configurations[0].private_ip_address = results[ 'ip_configuration']['private_ip_address'] if results['ip_configuration']['public_ip_address'].get( 'id'): pip = \ self.get_public_ip_address(results['ip_configuration']['public_ip_address']['name']) nic.ip_configurations[ 0].public_ip_address = PublicIPAddress( id=pip.id, name=pip.name, location=pip.location, resource_guid=pip.resource_guid) if results['network_security_group'].get('id'): nsg = self.get_security_group( results['network_security_group']['name']) nic.network_security_group = NetworkSecurityGroup( id=nsg.id, name=nsg.name, location=nsg.location, resource_guid=nsg.resource_guid) # See what actually gets sent to the API request = self.serialize_obj(nic, 'NetworkInterface') self.log(request, pretty_print=True) self.results['state'] = self.create_or_update_nic(nic) elif self.state == 'absent': self.log('Deleting network interface {0}'.format(self.name)) self.delete_nic() return self.results
def _start_container(self, resource_handler): log.debug('Starting Azure ACI') location = self.res['location'].lower() self.resource_client.resource_groups.create_or_update( self.res['resource_group'], {'location': self.res['location']}) container_group_name = unique_vmname(self.node_def) network_type = self.res['network_type'] network_profile = None if 'gpu_type' in self.res: count = self.res['gpu_count'] if 'gpu_count' in self.res else 1 gpu = GpuResource(count=count, sku=self.res['gpu_type']) container_resource_requests = ResourceRequests( memory_in_gb=self.res['memory'], cpu=self.res['cpu_cores'], gpu=gpu) else: container_resource_requests = ResourceRequests( memory_in_gb=self.res['memory'], cpu=self.res['cpu_cores']) container_resource_requirements = ResourceRequirements( requests=container_resource_requests) ports = [] ipports = [] for porte in self.res.get('ports', []): port = porte protocol = 'TCP' if isinstance(porte, str) and '/' in porte: (port, protocol) = port.split('/') port = int(port) ports.append(ContainerPort(port=port, protocol=protocol)) ipports.append(Port(protocol=protocol, port=port)) environment = [] if network_type.lower() == 'public': pubip_var = EnvironmentVariable(name='_OCCOPUS_ALLOCATED_FQDN', value='%s.%s.azurecontainer.io' % (container_group_name, location)) environment.append(pubip_var) for env in self.env: edata = env.split('=', 1) if len(edata) != 2: continue env_var = EnvironmentVariable(name=edata[0], value=edata[1]) environment.append(env_var) container = Container( name=container_group_name, image=self.res['image'], resources=container_resource_requirements, ports=ports, command=self.command if self.command is not None else None, environment_variables=environment) if network_type.lower() == 'public': group_ip_address = IpAddress(ports=ipports, dns_name_label=container_group_name, type='Public') self.vnet_name = None elif network_type.lower() == 'private': vnet_name = unique_vmname(self.node_def) + '-vnet' if self.res.get( 'vnet_name', None) == None else self.res['vnet_name'] self.vnet_name = vnet_name subnet_name = unique_vmname( self.node_def) + '-subnet' if self.res.get( 'subnet_name', None) == None else self.res['subnet_name'] network_profile_name = unique_vmname(self.node_def) + '-netprofile' if self.res.get('vnet_name', None) == None: log.debug('Creating vnet') async_vnet_creation = self.network_client.virtual_networks.create_or_update( self.res['resource_group'], vnet_name, { 'location': location, 'address_space': { 'address_prefixes': ['10.0.0.0/16'] } }) async_vnet_creation.wait() self.created_resources['virtual_network'] = vnet_name log.debug('Created vnet') if self.res.get('subnet_name', None) == None: # Create Subnet log.debug('Creating Subnet') aci_delegation_service_name = "Microsoft.ContainerInstance/containerGroups" aci_delegation = Delegation( name=aci_delegation_service_name, service_name=aci_delegation_service_name) subnet = Subnet(name=subnet_name, location=location, address_prefix='10.0.0.0/24', delegations=[aci_delegation]) subnet_info = self.network_client.subnets.create_or_update( self.res['resource_group'], vnet_name, subnet_name, subnet).result() self.created_resources['subnet'] = subnet_name log.debug('Creatied Subnet') else: subnet_info = self.network_client.subnets.get( self.res['resource_group'], vnet_name, subnet_name) default_network_profile_name = "aci-network-profile-{}-{}".format( vnet_name, subnet_name) network_profile_ops = self.network_client.network_profiles network_profile = NetworkProfile( name=default_network_profile_name, location=location, container_network_interface_configurations=[ ContainerNetworkInterfaceConfiguration( name="eth0", ip_configurations=[ IPConfigurationProfile(name="ipconfigprofile", subnet=subnet_info) ]) ]) network_profile = network_profile_ops.create_or_update( self.res['resource_group'], network_profile_name, network_profile).result() group_ip_address = IpAddress(ports=ipports, type='Private') else: errormsg = '[{0}] Network type "{1}" is not supported. Please use either "Public" or "Private"'.format( resource_handler.name, network_type) log.debug(errormsg) raise NodeCreationError(None, errormsg) cg_network_profile = None if network_profile: cg_network_profile = ContainerGroupNetworkProfile( id=network_profile.id) self.created_resources['network_profile'] = network_profile_name group = ContainerGroup(location=location, containers=[container], os_type=self.res['os_type'], ip_address=group_ip_address, network_profile=cg_network_profile) # Create the container group self.aci_client.container_groups.create_or_update( self.res['resource_group'], container_group_name, group) return container_group_name
def exec_module(self, **kwargs): """Main module execution method""" for key in list(self.module_args.keys()) + ['tags']: setattr(self, key, kwargs[key]) if self.state == 'absent': try: self.network_client.load_balancers.delete(resource_group_name=self.resource_group, load_balancer_name=self.name).wait() changed = True except CloudError: changed = False self.results['changed'] = changed return self.results # From now on, suppose state==present if bool(self.subnet_name) != bool(self.virtual_network_name): self.fail('subnet_name and virtual_network_name must come together. The current values are {0} and {1}'.format( self.subnet_name, self.virtual_network_name)) if not self.subnet_resource_group: self.subnet_resource_group = self.resource_group if self.protocol: if not self.frontend_port: self.fail('frontend_port is {0} but some of the following are missing: frontend_port, backend_port'.format(self.protocol)) if not self.backend_port: self.backend_port = self.frontend_port if self.nat_protocol: if not self.nat_frontend_port: self.fail("nat_protocol is {0} but some of the following are missing: nat_frontend_port, nat_backend_port".format(self.nat_protocol)) if not self.nat_backend_port: self.nat_backend_port = self.nat_frontend_port if not self.public_ip_address_name and (not self.subnet_name or not self.virtual_network_name): self.fail('subnet_name and virtual_network_name must be given when using priviate ip frontend!') if not self.public_ip_address_name and not self.private_ip_address and self.private_ip_allocation_method == 'Static': self.fail('private_ip_allocation_method must be Dynamic when neither public_ip_address_name nor private_ip_address is given!') results = dict() changed = False pip = None subnet = None load_balancer_props = dict() try: resource_group = self.get_resource_group(self.resource_group) except CloudError: self.fail('resource group {} not found'.format(self.resource_group)) if not self.location: self.location = resource_group.location load_balancer_props['location'] = self.location if self.subnet_name and self.virtual_network_name: subnet = get_subnet(self, self.subnet_resource_group, self.virtual_network_name, self.subnet_name) # handle present status try: # before we do anything, we need to attempt to retrieve the load balancer and compare with current parameters self.log('Fetching load balancer {}'.format(self.name)) load_balancer = self.network_client.load_balancers.get(self.resource_group, self.name) self.log('Load balancer {} exists'.format(self.name)) self.check_provisioning_state(load_balancer, self.state) results = load_balancer_to_dict(load_balancer) self.log(results, pretty_print=True) update_tags, load_balancer_props['tags'] = self.update_tags(results['tags']) if update_tags: changed = True # check difference with current status # check frontend ip configurations: subnet_id, name, public_ip_address, private_ip_address, private_ip_allocation_method. if not results['frontend_ip_configurations']: # a frontend must be there raise DiffErr('load balancer {0} frontend'.format(self.name)) if self.subnet_name and subnet.id != results['frontend_ip_configurations'][0]['subnet']['id']: raise DiffErr('load balancer {0} subnet id'.format(self.name)) if self.frontend_ip_config_name and self.frontend_ip_config_name != results['frontend_ip_configurations'][0]['name']: raise DiffErr('load balancer {0} probe request frontend_ip_config_name'.format(self.name)) if self.public_ip_address_name and self.public_ip_address_name != results['frontend_ip_configurations'][0]['public_ip_address']: raise DiffErr('load balancer {0} public ip'.format(self.name)) if self.private_ip_address and self.private_ip_address != results['frontend_ip_configurations'][0]['private_ip_address']: raise DiffErr('load balancer {0} private ip'.format(self.name)) if self.private_ip_allocation_method and self.private_ip_allocation_method != \ results['frontend_ip_configurations'][0]['private_ip_allocation_method']: raise DiffErr('load balancer {0} probe request private_ip_allocation_method'.format(self.name)) # check probe configurations: port, protocol, interval, number of probes, request_path, name if self.probe_protocol and not results['probes']: raise DiffErr('load balancer {0} probe'.format(self.name)) if self.probe_port and self.probe_port != results['probes'][0]['port']: raise DiffErr('load balancer {0} probe_port'.format(self.name)) if self.probe_protocol and self.probe_protocol != results['probes'][0]['protocol']: raise DiffErr('load balancer {0} probe_protocol'.format(self.name)) if self.probe_interval and self.probe_interval != results['probes'][0]['interval_in_seconds']: raise DiffErr('load balancer {0} probe_interval'.format(self.name)) if self.probe_fail_count and self.probe_fail_count != results['probes'][0]['number_of_probes']: raise DiffErr('load balancer {0} probe_fail_count'.format(self.name)) if self.probe_protocol == 'Http' and self.probe_request_path and self.probe_request_path != results['probes'][0]['request_path']: raise DiffErr('load balancer {0} probe_request_path'.format(self.name)) if self.probe_name and self.probe_name != results['probes'][0]['name']: raise DiffErr('load balancer {0} probe request probe_name'.format(self.name)) # check load balancing rule configurations: protocol, distribution, frontend port, backend port, idle, name if self.protocol: if not results['load_balancing_rules']: raise DiffErr('load balancer {0} load balancing rule'.format(self.name)) if self.protocol != results['load_balancing_rules'][0]['protocol']: raise DiffErr('load balancer {0} probe request protocol'.format(self.name)) if self.load_distribution != results['load_balancing_rules'][0]['load_distribution']: raise DiffErr('load balancer {0} probe request load_distribution'.format(self.name)) if self.frontend_port and self.frontend_port != results['load_balancing_rules'][0]['frontend_port']: raise DiffErr('load balancer {0} probe request frontend_port'.format(self.name)) if self.backend_port != results['load_balancing_rules'][0]['backend_port']: raise DiffErr('load balancer {0} probe request backend_port'.format(self.name)) if self.idle_timeout != results['load_balancing_rules'][0]['idle_timeout_in_minutes']: raise DiffErr('load balancer {0} probe request idel_timeout'.format(self.name)) if self.load_balancing_rule_name != results['load_balancing_rules'][0]['name']: raise DiffErr('load balancer {0} probe request load_balancing_rule_name'.format(self.name)) # check backend address pool configuration: name only, which will be used by NIC module if self.backend_address_pool_name and not results['backend_address_pools']: raise DiffErr('load balancer {0} backend address pool'.format(self.name)) if self.backend_address_pool_name and self.backend_address_pool_name != results['backend_address_pools'][0]['name']: raise DiffErr('load balancer {0} probe request backend_address_pool_name'.format(self.name)) # check inbound nat rule: if self.nat_protocol: if not results['inbound_nat_rules']: raise DiffErr('load balancer {0} inbound nat rule'.format(self.name)) if self.nat_protocol != results['inbound_nat_rules'][0]['protocol']: raise DiffErr('load balancer {0} inbound nat_protocol'.format(self.name)) if self.nat_name != results['inbound_nat_rules'][0]['name']: raise DiffErr('load balancer {0} inbound nat_name'.format(self.name)) if self.nat_frontend_port != results['inbound_nat_rules'][0]['frontend_port']: raise DiffErr('load balancer {0} inbound nat_frontend_port'.format(self.name)) if self.nat_backend_port != results['inbound_nat_rules'][0]['backend_port']: raise DiffErr('load balancer {0} inbound nat_backend_port'.format(self.name)) except (IndexError, KeyError, DiffErr) as e: self.log('CHANGED: {0}'.format(e)) changed = True except CloudError: self.log('CHANGED: load balancer {} does not exist but requested status \'present\''.format(self.name)) changed = True if not changed or self.check_mode: self.results['changed'] = changed self.results['state'] = results return self.results # From now changed==True if self.tags: load_balancer_props['tags'] = self.tags frontend_ip_config_id = frontend_ip_configuration_id( subscription_id=self.subscription_id, resource_group_name=self.resource_group, load_balancer_name=self.name, name=self.frontend_ip_config_name ) if self.public_ip_address_name: pip = self.get_public_ip_address(self.public_ip_address_name) load_balancer_props['frontend_ip_configurations'] = [ FrontendIPConfiguration( name=self.frontend_ip_config_name, public_ip_address=pip ) ] elif self.private_ip_address or self.private_ip_allocation_method == 'Dynamic': load_balancer_props['frontend_ip_configurations'] = [ FrontendIPConfiguration( name=self.frontend_ip_config_name, private_ip_address=self.private_ip_address, private_ip_allocation_method=self.private_ip_allocation_method, subnet=get_subnet(self, self.subnet_resource_group, self.virtual_network_name, self.subnet_name) ) ] backend_addr_pool_id = backend_address_pool_id( subscription_id=self.subscription_id, resource_group_name=self.resource_group, load_balancer_name=self.name, name=self.backend_address_pool_name ) load_balancer_props['backend_address_pools'] = [BackendAddressPool(name=self.backend_address_pool_name)] prb_id = probe_id( subscription_id=self.subscription_id, resource_group_name=self.resource_group, load_balancer_name=self.name, name=self.probe_name ) if self.probe_protocol: load_balancer_props['probes'] = [ Probe( name=self.probe_name, protocol=self.probe_protocol, port=self.probe_port, interval_in_seconds=self.probe_interval, number_of_probes=self.probe_fail_count, request_path=self.probe_request_path ) ] if self.protocol: load_balancer_props['load_balancing_rules'] = [ LoadBalancingRule( name=self.load_balancing_rule_name, frontend_ip_configuration=SubResource(id=frontend_ip_config_id), backend_address_pool=SubResource(id=backend_addr_pool_id), probe=SubResource(id=prb_id), protocol=self.protocol, load_distribution=self.load_distribution, frontend_port=self.frontend_port, backend_port=self.backend_port, idle_timeout_in_minutes=self.idle_timeout, enable_floating_ip=False ) ] if self.nat_protocol: load_balancer_props['inbound_nat_rules'] = [ InboundNatRule( name=self.nat_name, frontend_ip_configuration=SubResource(id=frontend_ip_config_id), frontend_port=self.nat_frontend_port, backend_port=self.nat_backend_port, protocol=self.nat_protocol, enable_floating_ip=False ) ] if frontend_ip_config_id and self.natpool_protocol: load_balancer_props['inbound_nat_pools'] = [ InboundNatPool( name=self.inbound_nat_pool_name, frontend_ip_configuration=Subnet(id=frontend_ip_config_id), protocol=self.natpool_protocol, frontend_port_range_start=self.natpool_frontend_port_start, frontend_port_range_end=self.natpool_frontend_port_end, backend_port=self.natpool_backend_port ) ] self.results['changed'] = changed self.results['state'] = load_balancer_to_dict(LoadBalancer(**load_balancer_props)) try: self.network_client.load_balancers.create_or_update( resource_group_name=self.resource_group, load_balancer_name=self.name, parameters=LoadBalancer(**load_balancer_props) ).wait() except CloudError as err: self.fail('Error creating load balancer {}'.format(err)) return self.results
credentials, subscription_id = get_credentials() network_client = NetworkManagementClient(credentials, subscription_id) resource_client = ResourceManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) resource_group_params = {'location':LOCATION} resource_client.resource_groups.create_or_update(GROUP_NAME, resource_group_params) vnet_params = { 'location': LOCATION, 'address_space' : { 'address_prefixes': [VNET_AP] } } async_vnet_creation = network_client.virtual_networks.create_or_update(GROUP_NAME, VNET_NAME, vnet_params) async_vnet_creation.wait() ep = ServiceEndpointPropertiesFormat(service='Microsoft.Storage') ep_list = [ep] subnet = Subnet(address_prefix = SB_AP, service_endpoints = ep_list) async_vnet_subnet_creation = network_client.subnets.create_or_update(GROUP_NAME, VNET_NAME, SB_NAME, subnet) async_vnet_subnet_creation.wait() if async_vnet_subnet_creation.status() == 'Succeeded': sb_result = async_vnet_subnet_creation.result() virtual_network_resource_id = sb_result.id vr = VirtualNetworkRule(virtual_network_resource_id=virtual_network_resource_id) vnets = [vr] ns = NetworkRuleSet(bypass='******', virtual_network_rules=vnets, default_action='Deny') storage_client = StorageManagementClient(credentials, subscription_id) sku = Sku(name=SkuName.standard_lrs) st1 = StorageAccountCreateParameters(sku=sku, kind=Kind.storage, location=LOCATION, network_rule_set=ns) storage_async_operation = storage_client.storage_accounts.create(GROUP_NAME, STORAGE_ACCOUNT_NAME, st1, location=LOCATION) #stlist = storage_client.storage_accounts.list() print("Done")
def exec_module(self, **kwargs): """Main module execution method""" for key in self.module_args.keys(): setattr(self, key, kwargs[key]) results = dict() changed = False pip = None load_balancer_props = dict() try: resource_group = self.get_resource_group(self.resource_group) except CloudError: self.fail('resource group {} not found'.format( self.resource_group)) if not self.location: self.location = resource_group.location load_balancer_props['location'] = self.location if self.state == 'present': # handle present status frontend_ip_config_name = random_name('feipconfig') frontend_ip_config_id = frontend_ip_configuration_id( subscription_id=self.subscription_id, resource_group_name=self.resource_group, load_balancer_name=self.name, name=frontend_ip_config_name) if self.public_ip_address_name: pip = self.get_public_ip_address(self.public_ip_address_name) load_balancer_props['frontend_ip_configurations'] = [ FrontendIPConfiguration(name=frontend_ip_config_name, public_ip_address=pip) ] elif self.state == 'absent': try: self.network_client.load_balancers.delete( resource_group_name=self.resource_group, load_balancer_name=self.name).wait() changed = True except CloudError: changed = False self.results['changed'] = changed return self.results try: # before we do anything, we need to attempt to retrieve the load balancer # knowing whether or not it exists will tell us what to do in the future self.log('Fetching load balancer {}'.format(self.name)) load_balancer = self.network_client.load_balancers.get( self.resource_group, self.name) self.log('Load balancer {} exists'.format(self.name)) self.check_provisioning_state(load_balancer, self.state) results = load_balancer_to_dict(load_balancer) self.log(results, pretty_print=True) if self.state == 'present': update_tags, results['tags'] = self.update_tags( results['tags']) if update_tags: changed = True except CloudError: self.log('Load balancer {} does not exist'.format(self.name)) if self.state == 'present': self.log( 'CHANGED: load balancer {} does not exist but requested status \'present\'' .format(self.name)) changed = True backend_address_pool_name = random_name('beap') backend_addr_pool_id = backend_address_pool_id( subscription_id=self.subscription_id, resource_group_name=self.resource_group, load_balancer_name=self.name, name=backend_address_pool_name) load_balancer_props['backend_address_pools'] = [ BackendAddressPool(name=backend_address_pool_name) ] probe_name = random_name('probe') prb_id = probe_id(subscription_id=self.subscription_id, resource_group_name=self.resource_group, load_balancer_name=self.name, name=probe_name) if self.probe_protocol: load_balancer_props['probes'] = [ Probe(name=probe_name, protocol=self.probe_protocol, port=self.probe_port, interval_in_seconds=self.probe_interval, number_of_probes=self.probe_fail_count, request_path=self.probe_request_path) ] load_balancing_rule_name = random_name('lbr') if self.protocol: load_balancer_props['load_balancing_rules'] = [ LoadBalancingRule( name=load_balancing_rule_name, frontend_ip_configuration=SubResource( id=frontend_ip_config_id), backend_address_pool=SubResource(id=backend_addr_pool_id), probe=SubResource(id=prb_id), protocol=self.protocol, load_distribution=self.load_distribution, frontend_port=self.frontend_port, backend_port=self.backend_port, idle_timeout_in_minutes=self.idle_timeout, enable_floating_ip=False) ] inbound_nat_pool_name = random_name('inp') if frontend_ip_config_id and self.natpool_protocol: load_balancer_props['inbound_nat_pools'] = [ InboundNatPool( name=inbound_nat_pool_name, frontend_ip_configuration=Subnet(id=frontend_ip_config_id), protocol=self.natpool_protocol, frontend_port_range_start=self.natpool_frontend_port_start, frontend_port_range_end=self.natpool_frontend_port_end, backend_port=self.natpool_backend_port) ] self.results['changed'] = changed self.results['state'] = (results if results else load_balancer_to_dict( LoadBalancer(**load_balancer_props))) if self.check_mode: return self.results try: self.network_client.load_balancers.create_or_update( resource_group_name=self.resource_group, load_balancer_name=self.name, parameters=LoadBalancer(**load_balancer_props)).wait() except CloudError as err: self.fail('Error creating load balancer {}'.format(err)) return self.results
def create_subnet_object(address_prefix,nsg): return Subnet(address_prefix=address_prefix,network_security_group =nsg)