def __init__(self, credentialsProvider):
if not isinstance(credentialsProvider, ResourceCredentialsProvider):
raise Exception("Invalid Credentials Provider")
self.__credentialsProvider = credentialsProvider
self.__subscriptionClient = SubscriptionClient(credentialsProvider.getManagementCredentials())
self.__graphRbacClient = GraphRbacManagementClient(credentialsProvider.getGraphResourceCredentials(),
credentialsProvider.getConfig().getTenantId())
self.__subscriptionClient = SubscriptionClient(credentialsProvider.getManagementCredentials())
self.__identifierUrl = credentialsProvider.getConfig().getIdentifierUrl()
self.__config = credentialsProvider.getConfig()
self.__subScriptionList = None
def get_current_azure_subscription(credentials: Credentials, subscription_id: Optional[str]) -> List[Dict]:
try:
# Create the client
client = SubscriptionClient(credentials.arm_credentials)
# Get all the accessible subscriptions
sub = client.subscriptions.get(subscription_id)
except HttpResponseError as e:
logger.error(
f'failed to fetch subscription for the credentials \
The provided credentials do not have access to this subscription: {subscription_id} - \
{e}',
)
return []
return [
{
'id': sub.id,
'subscriptionId': sub.subscription_id,
'displayName': sub.display_name,
'state': sub.state,
},
]
def fetchTenants(self):
config = Config(self.__credentials, None, [], True, None, "",
self.__cloudType.name, [], True)
self.__subscriptionClient = SubscriptionClient(
CredentialsProviderFactory.getCredentialsForResource(
config, self.__managementResource))
for tenant in self.__subscriptionClient.tenants.list():
config = Config(self.__credentials, None, [], True,
str(tenant.tenant_id), "", self.__cloudType.name,
[], True)
tenantId = config.getTenantId()
credentials = CredentialsProviderFactory.getCredentialsForResource(
config, self.__graphResource)
tenantUtil = TenantUtil(credentials, tenantId)
tenantProperties = tenantUtil.getAdProperties()
if tenantProperties:
self.__tenantIdList.append({
"tenant": tenantId,
"details": tenantProperties
})
else:
logging.warn(
"Could not get Tenant description for tenant Id: " +
tenantId)
if len(self.__tenantIdList) == 0:
print "No Tenants Found"
exit(1)
def set_connect(self, secret_data):
subscription_id = secret_data['subscription_id']
os.environ["AZURE_SUBSCRIPTION_ID"] = subscription_id
os.environ["AZURE_TENANT_ID"] = secret_data['tenant_id']
os.environ["AZURE_CLIENT_ID"] = secret_data['client_id']
os.environ["AZURE_CLIENT_SECRET"] = secret_data['client_secret']
credential = DefaultAzureCredential()
self.compute_client = ComputeManagementClient(
credential=credential, subscription_id=subscription_id)
self.vm_compute_client = ComputeManagementClient(
credential=credential,
subscription_id=subscription_id,
expand='instanceView')
self.resource_client = ResourceManagementClient(
credential=credential, subscription_id=subscription_id)
self.network_client = NetworkManagementClient(
credential=credential, subscription_id=subscription_id)
self.subscription_client: SubscriptionClient = SubscriptionClient(
credential=credential)
self.sql_client = SqlManagementClient(credential=credential,
subscription_id=subscription_id)
self.monitor_client = MonitorManagementClient(
credential=credential, subscription_id=subscription_id)
def read(self):
"""Return an Azure virtual machine record.
Yields:
dict: An Azure virtual machine record.
"""
# pylint: disable=R0914
subscription_client = SubscriptionClient(self._credentials)
for i, sub in enumerate(subscription_client.subscriptions.list()):
subscription_id = str(sub.subscription_id)
_log.info(
'Found subscription #%d; subscription_id: %s; '
'display_name: %s', i, subscription_id, sub.display_name)
# Initialize Azure clients for the current subscription.
creds = self._credentials
compute_client = ComputeManagementClient(creds, subscription_id)
yield from _get_record(compute_client, subscription_id,
self._max_recs)
# Break after pulling data for self._max_subs number of
# subscriptions. Note that if self._max_subs is 0 or less,
# then the following condition never evaluates to True.
if i + 1 == self._max_subs:
_log.info('Ending subscriptions fetch due to '
'_max_subs: %d', self._max_subs)
break
def main():
credential = DefaultAzureCredential()
subscription_client = SubscriptionClient(credential)
subscription = subscription_client.subscriptions.list()
for subsc in subscription:
subscription_id = subsc.subscription_id
compute_client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id=subscription_id)
network_client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id=subscription_id)
monitor_client = MonitorClient(credential=DefaultAzureCredential(),
subscription_id=subscription_id)
# monitor = monitor_client.operations
# val = monitor.list().value
# for v in val:
# print(v.display.resource)
resource_client = ResourceManagementClient(credential, subscription_id)
resource_group = resource_client.resource_groups.list()
print(next(resource_group))
for rsc_g in resource_group:
resource_group_name = rsc_g.name
# rg_list = resource_client.resources.list_by_resource_group(resource_group_name)
compute = compute_client.virtual_machines.list(resource_group_name)
def create_arm_client_factory(config):
if arm_client_factory:
return arm_client_factory(config)
else:
return change_ssl_cert_verification(
SubscriptionClient(
config, base_url=CLOUD.endpoints.resource_manager))
def subscription_client(self):
if self._subscription_client is None:
with SingletonByArgsMeta.lock:
if self._subscription_client is None:
self._subscription_client = SubscriptionClient(self._service_credentials)
return self._subscription_client
def azresourcelist(
username: str = typer.Option(..., "-u", help="Username"),
password: str = typer.Option(...,
"-p",
prompt=True,
hide_input=True,
help="Password"),
):
"""Bruteforces password for an Azure account"""
resources = {}
cred = UsernamePasswordCredential("1950a258-227b-4e31-a9cf-717495945fc2",
username, password)
sub_client = SubscriptionClient(cred)
for sub in sub_client.subscriptions.list():
resources[sub.subscription_id] = [
r.id for r in ResourceManagementClient(
cred, sub.subscription_id).resources.list()
]
if not resources:
raise CommandUnsuccessfulError(f"Did not find resources as {username}")
typer.echo(pformat(resources, indent=4))
return {"resources": resources}
def get_all_azure_subscriptions(credentials: Credentials) -> List[Dict]:
try:
# Create the client
client = SubscriptionClient(credentials.arm_credentials)
# Get all the accessible subscriptions
subs = list(client.subscriptions.list())
except HttpResponseError as e:
logger.error(
f'failed to fetch subscriptions for the credentials \
The provided credentials do not have access to any subscriptions - \
{e}',
)
return []
subscriptions = []
for sub in subs:
subscriptions.append({
'id': sub.id,
'subscriptionId': sub.subscription_id,
'displayName': sub.display_name,
'state': sub.state,
})
return subscriptions
def fetchSubscriptions(self):
self.__subscriptionClient = SubscriptionClient(
credentials=CredentialsProviderFactory.getCredentialsForResource(
self.__config, self.__managementResource))
for subscription in self.__subscriptionClient.subscriptions.list():
if str(subscription.state) == 'SubscriptionState.enabled':
self.__subscriptionList.append(subscription)
def authenticate( client_id, secret, tenant ):
authentication_dict = {}
credentials = ServicePrincipalCredentials( client_id=client_id, secret = secret, tenant=tenant )
subscription_client = SubscriptionClient( credentials )
subscription = next( subscription_client.subscriptions.list() )
authentication_dict['credentials'] = credentials
authentication_dict['subscription_id'] = str( subscription.subscription_id )
return authentication_dict
def read(self):
"""Return an Azure cloud infrastructure configuration document.
Yields:
dict: A document of the type ``record_type``.
"""
# pylint: disable=R0914
subscription_client = SubscriptionClient(self._credentials)
for i, sub in enumerate(subscription_client.subscriptions.list()):
subscription_id = str(sub.subscription_id)
_log.info('Found subscription #%d; subscription_id: %s; '
'display_name: %s',
i, subscription_id, sub.display_name)
# Initialize Azure clients for the current subscription.
creds = self._credentials
compute_client = ComputeManagementClient(creds, subscription_id)
network_client = NetworkManagementClient(creds, subscription_id)
storage_client = StorageManagementClient(creds, subscription_id)
resource_client = ResourceManagementClient(creds, subscription_id)
# Get iterators for each type of data.
vm_list = compute_client.virtual_machines.list_all()
app_gw_list = network_client.application_gateways.list_all()
lb_iter = network_client.load_balancers.list_all()
nic_list = network_client.network_interfaces.list_all()
nsg_list = network_client.network_security_groups.list_all()
pubip_list = network_client.public_ip_addresses.list_all()
storage_account_list = storage_client.storage_accounts.list()
resource_group_list = resource_client.resource_groups.list()
resource_list = resource_client.resources.list()
# Retrieve data using each iterator.
for doc in itertools.chain(
_get_doc(vm_list, 'virtual_machine', subscription_id),
_get_doc(app_gw_list, 'app_gateway', subscription_id),
_get_doc(lb_iter, 'lb', subscription_id),
_get_doc(nic_list, 'nic', subscription_id),
_get_doc(nsg_list, 'nsg', subscription_id),
_get_doc(pubip_list, 'public_ip', subscription_id),
_get_doc(storage_account_list, 'storage_account',
subscription_id),
_get_doc(resource_group_list, 'resource_group',
subscription_id),
_get_doc(resource_list, 'resource', subscription_id),
):
yield doc
# Break after pulling data for self._max_subs number of
# subscriptions. Note that if self._max_subs is 0 or less,
# then the following condition never evaluates to True.
if i + 1 == self._max_subs:
_log.info('Exiting read due to _max_subs: %d',
self._max_subs)
break
def find_subscription_by_name(sub_name, credentials):
subscriptionClient = SubscriptionClient(credentials)
subscriptions = subscriptionClient.subscriptions.list()
if subscriptions is not None:
for sub in subscriptions:
if sub_name.lower() == sub.display_name.lower():
return sub.subscription_id
return None
def __init__(self, subscription_id):
self.subscription_id = subscription_id
self.credentials = ServicePrincipalCredentials(
client_id=os.environ['AZURE_CLIENT_ID'],
secret=os.environ['AZURE_CLIENT_SECRET'],
tenant=os.environ['AZURE_TENANT_ID']
)
self.client = ResourceManagementClient(self.credentials, self.subscription_id)
self.subclient = SubscriptionClient(self.credentials)
def subscription_client(self):
if self._subscription_client is None:
with SingletonByArgsMeta.lock:
if self._subscription_client is None:
self._subscription_client = SubscriptionClient(
self._service_credentials)
self._subscription_client.config.add_user_agent(
self._tracking_id)
return self._subscription_client
def get_subscriptions(credentials):
"""Get the list of subscriptions
:param credentials:
"""
subs_dict = {}
subscriptionClient = SubscriptionClient(credentials)
for subscription in subscriptionClient.subscriptions.list():
subs_dict[subscription.subscription_id] = subscription.display_name
#print(subscription.subscription_id)
return subs_dict
def get_location_display_name(self) -> str:
credential = AzureCliCredential()
location_client = SubscriptionClient(
credential, subscription_id=self.get_subscription_id())
locations = location_client.subscriptions.list_locations(
self.get_subscription_id())
for location in locations:
if location.name == self.location:
return cast(str, location.display_name)
raise Exception("unknown location: %s", self.location)
def _get_default_subscription_id(self):
"""
Obtain subscription ID directly from Azure.
"""
try:
from azure.mgmt.resource import SubscriptionClient
except ImportError:
return ""
credential = self._get_credentials()
subscription_client = SubscriptionClient(credential)
subscription = next(subscription_client.subscriptions.list())
return subscription.subscription_id
def get_azure_credentials():
from msrestazure.azure_active_directory import MSIAuthentication
logger = logging.getLogger(__name__)
credentials = MSIAuthentication()
subscription_client = SubscriptionClient(credentials)
subscription = next(subscription_client.subscriptions.list())
subscription_id = subscription.subscription_id
'''
subscription_id = os.environ['AZURE_SUBSCRIPTION_ID']
'''
logger.debug(f"returning sub_id --> {subscription_id}")
return credentials, subscription_id
def get_clients_from_cli(subscription_id):
credentials, subscription_id, tenant_id = get_azure_cli_credentials(
resource=None, with_tenant=True, subscription_id=subscription_id)
print("creating subscription client")
subscription_client = SubscriptionClient(credentials)
print("creating compute client")
compute_client = ComputeManagementClient(credentials, subscription_id)
print("creating sql client")
sql_client = SqlManagementClient(credentials, subscription_client)
print("creating resource manager client")
rm_client = ResourceManagementClient(credentials, subscription_id)
return subscription_client, compute_client, rm_client, sql_client
def get_sub_list():
"""
This function returns a list of subscriptions available under the tenant ID
provided in the credentials object.
:return: list of strings
"""
subscriptionClient = SubscriptionClient(credentials)
sub_list = []
for subscription in subscriptionClient.subscriptions.list():
sub_list.append(subscription.subscription_id)
return sub_list
def _get_subscriptions(self):
"""Generate tuples of record types and subscriptions.
The yielded tuples when unpacked would become arguments for
:meth:`_get_resources`. Each such tuple represents a single unit
of work that :meth:`_get_resources` can work on independently in
its own worker thread.
Yields:
tuple: A tuple which when unpacked forms valid arguments for
:meth:`_get_resources`.
"""
try:
sub_client = SubscriptionClient(self._credentials)
sub_list = sub_client.subscriptions.list()
monitor_attributes = ('log_profile',)
tenant = self._tenant
for sub_index, sub in enumerate(sub_list):
sub = sub.as_dict()
_log.info('Found %s', util.outline_az_sub(sub_index,
sub, tenant))
# Each record type for each subscription is a unit of
# work that would be fed to _get_resources().
for attribute_type in monitor_attributes:
if attribute_type == 'log_profile':
sub['locations'] = []
locations = sub_client.subscriptions. \
list_locations(sub.get('subscription_id'))
for location in locations:
sub['locations'].append(location.as_dict()
.get('name'))
yield (attribute_type, sub_index, sub)
# Break after pulling data for self._max_subs number of
# subscriptions. Note that if self._max_subs is 0 or less,
# then the following condition never evaluates to True.
if sub_index + 1 == self._max_subs:
_log.info('Stopping subscriptions fetch due to '
'_max_subs: %d; tenant: %s', self._max_subs,
self._tenant)
break
except Exception as e:
_log.error('Failed to fetch subscriptions; %s; error: %s: %s',
util.outline_az_sub(sub_index, sub, tenant),
type(e).__name__, e)
def run_example():
"""MSI Authentication example."""
#
# Create System Assigned MSI Authentication
#
credentials = MSIAuthentication()
#
# Create User Assigned MSI Authentication, using client_id
#
credentials = MSIAuthentication(
client_id='00000000-0000-0000-0000-000000000000')
#
# Create User Assigned MSI Authentication, using object_id
#
credentials = MSIAuthentication(
object_id='00000000-0000-0000-0000-000000000000')
#
# Create User Assigned MSI Authentication, using msi_res_id
#
credentials = MSIAuthentication(
msi_res_id=
'/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/msiname'
)
#
# Create a Subscription client, and get the subscription ID attached to that credentials.
# This assumes there is only ONE subscription attached to this MSI token (most likely scenario)
#
subscription_client = SubscriptionClient(credentials)
subscription = next(subscription_client.subscriptions.list())
subscription_id = subscription.subscription_id
#
# Create a Resource Management client
#
resource_client = ResourceManagementClient(credentials, subscription_id)
#
# List resource groups as an example. The only limit is what role and policy
# are assigned to this MSI token.
#
for resource_group in resource_client.resource_groups.list():
print(resource_group.name)
def __init__(
self,
azure_subscription_id,
azure_tenant_id,
azure_application_id,
azure_application_key,
logger,
):
"""Init command.
:param str azure_subscription_id:
:param str azure_tenant_id:
:param str azure_application_id:
:param str azure_application_key:
:param str azure_application_key:
:param logging.Logger logger:
"""
self._azure_subscription_id = azure_subscription_id
self._azure_tenant_id = azure_tenant_id
self._azure_application_id = azure_application_id
self._azure_application_key = azure_application_key
self._logger = logger
self._cached_storage_account_keys = {}
self._credentials = ServicePrincipalCredentials(
client_id=azure_application_id,
secret=azure_application_key,
tenant=azure_tenant_id,
)
self._subscription_client = SubscriptionClient(
credentials=self._credentials)
self._resource_client = ResourceManagementClient(
credentials=self._credentials,
subscription_id=self._azure_subscription_id)
self._compute_client = ComputeManagementClient(
credentials=self._credentials,
subscription_id=self._azure_subscription_id)
self._storage_client = StorageManagementClient(
credentials=self._credentials,
subscription_id=self._azure_subscription_id)
self._network_client = NetworkManagementClient(
credentials=self._credentials,
subscription_id=self._azure_subscription_id)
def azureInit():
# Create MSI Authentication
credentials = MSIAuthentication()
# Create a Subscription Client
subscription_client = SubscriptionClient(credentials)
subscription = next(subscription_client.subscriptions.list())
subscription_id = subscription.subscription_id
# Create a Resource Management client
resource_client = ResourceManagementClient(credentials, subscription_id)
# Create a Compute client
compute_client = ComputeManagementClient(credentials, subscription_id)
return (subscription_client, compute_client)
def set_connect(self, secret_data):
subscription_id = secret_data['subscription_id']
os.environ["AZURE_SUBSCRIPTION_ID"] = subscription_id
os.environ["AZURE_TENANT_ID"] = secret_data['tenant_id']
os.environ["AZURE_CLIENT_ID"] = secret_data['client_id']
os.environ["AZURE_CLIENT_SECRET"] = secret_data['client_secret']
credential = DefaultAzureCredential()
self.compute_client = ComputeManagementClient(
credential=credential, subscription_id=subscription_id)
self.resource_client = ResourceManagementClient(
credential=credential, subscription_id=subscription_id)
self.subscription_client: SubscriptionClient = SubscriptionClient(
credential=credential)
def main(req: func.HttpRequest) -> func.HttpResponse:
if "MSI_ENDPOINT" in os.environ:
credentials = MSIAuthentication()
else:
credentials, *_ = get_azure_cli_credentials()
subscription_client = SubscriptionClient(credentials)
subscription = next(subscription_client.subscriptions.list())
subscription_id = subscription.subscription_id
client = ResourceManagementClient(credentials, subscription_id)
resource_groups = [g.name for g in client.resource_groups.list()]
return func.HttpResponse(json.dumps(resource_groups),
mimetype="application/json")
def read(self):
"""Return an Azure virtual machine record.
Yields:
dict: An Azure virtual machine record.
"""
# pylint: disable=R0914
subscription_client = SubscriptionClient(self._credentials)
for i, sub in enumerate(subscription_client.subscriptions.list()):
subscription_id = str(sub.subscription_id)
_log.info('Found subscription #%d; subscription_id: %s; '
'display_name: %s',
i, subscription_id, sub.display_name)
# Initialize Azure clients for the current subscription.
creds = self._credentials
compute_client = ComputeManagementClient(creds, subscription_id)
# Get iterators for virtual machine data.
virtual_machines_iter = compute_client.virtual_machines.list_all()
# Retrieve data using iterator.
for vm_index, vm in enumerate(virtual_machines_iter):
rg_name = tools.parse_resource_id(vm.id)['resource_group']
vm_iv = compute_client.virtual_machines.instance_view(rg_name,
vm.name)
yield from _process_vm_instance_view(vm, vm_iv,
subscription_id)
# Break after pulling data for self._max_recs number of
# VMs for a subscriber. Note that if self._max_recs is 0 or
# less, then the following condition never evaluates to True.
if vm_index + 1 == self._max_recs:
_log.info('Exiting pull due to _max_recs: %d for '
'subscriber # %d; sub_id: %s; display_name: %s',
self._max_recs, i, subscription_id,
sub.display_name)
break
# Break after pulling data for self._max_subs number of
# subscriptions. Note that if self._max_subs is 0 or less,
# then the following condition never evaluates to True.
if i + 1 == self._max_subs:
_log.info('Ending subscriptions fetch due to '
'_max_subs: %d', self._max_subs)
break
def main():
"""Main function to get metrics"""
# azure_auth = os.environ.get("AZURE_AUTH")
# compute_client = get_management_client(azure_auth, ComputeManagementClient)
# credential = DefaultAzureCredential()
credential = CredentialWrapper()
subscription_client = SubscriptionClient(credential)
subscription = next(subscription_client.subscriptions.list())
print(subscription.subscription_id)
compute_client = ComputeManagementClient(
credentials=credential, subscription_id=subscription.subscription_id)
for virtual_machine in compute_client.virtual_machines.list_all():
print(f"{virtual_machine.name} {virtual_machine.id}")