def test_is_resource_name(self):
invalid_names = [
'',
'knights/ni',
'spam&eggs',
'i<3you',
'a' * 261,
]
for test in invalid_names:
assert not is_valid_resource_name(test)
valid_names = [
'abc-123',
' ', # no one said it had to be a good resource name.
'a' * 260,
]
for test in valid_names:
assert is_valid_resource_name(test)
def validate_private_dns_zone(db_context, server_name, private_dns_zone, private_dns_zone_suffix):
cmd = db_context.cmd
if db_context.command_group == 'postgres':
server_endpoint = cmd.cli_ctx.cloud.suffixes.postgresql_server_endpoint
else:
server_endpoint = cmd.cli_ctx.cloud.suffixes.mysql_server_endpoint
if private_dns_zone == server_name + server_endpoint:
raise ValidationError("private dns zone name cannot be same as the server's fully qualified domain name")
if private_dns_zone[-len(private_dns_zone_suffix):] != private_dns_zone_suffix:
raise ValidationError('The suffix of the private DNS zone should be "{}"'.format(private_dns_zone_suffix))
if _is_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \
or not _is_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone):
raise ValidationError("Check if the private dns zone name or Id is in correct format.")
def prepare_private_network(cmd, resource_group_name, server_name, vnet,
subnet, location, delegation_service_name,
vnet_address_pref, subnet_address_pref, yes):
nw_client = network_client_factory(cmd.cli_ctx)
resource_client = resource_client_factory(cmd.cli_ctx)
# Handle vnet and subnet prefix
if (vnet_address_pref is not None and subnet_address_pref is None) or \
(vnet_address_pref is None and subnet_address_pref is not None):
raise ValidationError(
"You need to provide both Vnet address prefix and Subnet address prefix."
)
if vnet_address_pref is None:
vnet_address_pref = DEFAULT_VNET_ADDRESS_PREFIX
if subnet_address_pref is None:
subnet_address_pref = DEFAULT_SUBNET_ADDRESS_PREFIX
# pylint: disable=too-many-nested-blocks
if subnet is not None and vnet is None:
if not is_valid_resource_id(subnet):
raise ValidationError(
"Incorrectly formed Subnet ID. If you are providing only --subnet (not --vnet), the Subnet parameter should be in resource ID format."
)
if 'child_name_1' not in parse_resource_id(subnet):
raise ValidationError(
"Incorrectly formed Subnet ID. Check if the Subnet ID is in the right format."
)
logger.warning(
"You have supplied a Subnet ID. Verifying its existence...")
subnet_result = process_private_network_with_id_input(
cmd, subnet, nw_client, resource_client, server_name, location,
delegation_service_name, vnet_address_pref, subnet_address_pref,
yes)
elif subnet is None and vnet is not None:
if is_valid_resource_id(vnet):
logger.warning(
"You have supplied a Vnet ID. Verifying its existence...")
subnet_result = process_private_network_with_id_input(
cmd, vnet, nw_client, resource_client, server_name, location,
delegation_service_name, vnet_address_pref,
subnet_address_pref, yes)
elif _is_resource_name(vnet) and is_valid_resource_name(vnet):
logger.warning(
"You have supplied a Vnet name. Verifying its existence...")
subnet_result = _create_vnet_subnet_delegation(
cmd, nw_client, resource_client, delegation_service_name,
resource_group_name, vnet, 'Subnet' + server_name, location,
server_name, vnet_address_pref, subnet_address_pref, yes)
else:
raise ValidationError("Incorrectly formed Vnet ID or Vnet name")
elif subnet is not None and vnet is not None:
if _is_resource_name(vnet) and _is_resource_name(subnet):
logger.warning(
"You have supplied a Vnet and Subnet name. Verifying its existence..."
)
subnet_result = _create_vnet_subnet_delegation(
cmd, nw_client, resource_client, delegation_service_name,
resource_group_name, vnet, subnet, location, server_name,
vnet_address_pref, subnet_address_pref, yes)
else:
raise ValidationError(
"If you pass both --vnet and --subnet, consider passing names instead of IDs. If you want to use an existing subnet, please provide the subnet Id only (not vnet Id)."
)
else:
return None
return subnet_result.id
def prepare_private_dns_zone(cmd, database_engine, resource_group, server_name,
private_dns_zone, subnet_id, location):
from azure.mgmt.privatedns.models import SubResource
dns_suffix_client = cf_postgres_flexible_private_dns_zone_suffix_operations(
cmd.cli_ctx, '_')
private_dns_zone_suffix = dns_suffix_client.execute(database_engine)
vnet_sub, vnet_rg, vnet_name, _ = get_id_components(subnet_id)
private_dns_client = private_dns_client_factory(cmd.cli_ctx)
private_dns_link_client = private_dns_link_client_factory(cmd.cli_ctx)
resource_client = resource_client_factory(cmd.cli_ctx)
vnet_id = resource_id(subscription=vnet_sub,
resource_group=vnet_rg,
namespace='Microsoft.Network',
type='virtualNetworks',
name=vnet_name)
nw_client = network_client_factory(cmd.cli_ctx, subscription_id=vnet_sub)
vnet = nw_client.virtual_networks.get(vnet_rg, vnet_name)
from azure.mgmt.privatedns.models import VirtualNetworkLink
if private_dns_zone is None:
private_dns_zone = server_name + '.' + private_dns_zone_suffix
elif not _check_if_resource_name(
private_dns_zone) and is_valid_resource_id(private_dns_zone):
subscription, resource_group, private_dns_zone, _ = get_id_components(
private_dns_zone)
if private_dns_zone[-len(private_dns_zone_suffix
):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix for the private DNS zone should be "{}"'.format(
private_dns_zone_suffix))
if subscription != get_subscription_id(cmd.cli_ctx):
logger.warning(
'The provided private DNS zone ID is in different subscription from the server'
)
resource_client = resource_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_client = private_dns_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_link_client = private_dns_link_client_factory(
cmd.cli_ctx, subscription_id=subscription)
_resource_group_verify_and_create(resource_client, resource_group,
location)
elif _check_if_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \
or not _check_if_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone):
raise ValidationError(
"Check if the private dns zone name or id is in correct format.")
elif _check_if_resource_name(private_dns_zone) and private_dns_zone[
-len(private_dns_zone_suffix):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix for the private DNS zone should be "{}"'.format(
private_dns_zone_suffix))
link = VirtualNetworkLink(location='global',
virtual_network=SubResource(id=vnet.id))
link.registration_enabled = True
if not check_existence(resource_client, private_dns_zone, resource_group,
'Microsoft.Network', 'privateDnsZones'):
logger.warning('Creating a private dns zone %s..', private_dns_zone)
from azure.mgmt.privatedns.models import PrivateZone
private_zone = private_dns_client.create_or_update(
resource_group_name=resource_group,
private_zone_name=private_dns_zone,
parameters=PrivateZone(location='global'),
if_none_match='*').result()
private_dns_link_client.create_or_update(
resource_group_name=resource_group,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
else:
logger.warning('Using the existing private dns zone %s',
private_dns_zone)
private_zone = private_dns_client.get(
resource_group_name=resource_group,
private_zone_name=private_dns_zone)
# private dns zone link list
virtual_links = private_dns_link_client.list(
resource_group_name=resource_group,
private_zone_name=private_dns_zone)
link_exist_flag = False
for virtual_link in virtual_links:
if virtual_link.virtual_network.id == vnet_id:
link_exist_flag = True
break
if not link_exist_flag:
private_dns_link_client.create_or_update(
resource_group_name=resource_group,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
return private_zone.id
def prepare_private_dns_zone(cmd, database_engine, resource_group, server_name,
private_dns_zone, subnet_id, location):
dns_suffix_client = cf_postgres_flexible_private_dns_zone_suffix_operations(
cmd.cli_ctx, '_')
private_dns_zone_suffix = dns_suffix_client.execute(database_engine)
vnet_sub, vnet_rg, vnet_name, _ = get_id_components(subnet_id)
private_dns_client = private_dns_client_factory(cmd.cli_ctx)
private_dns_link_client = private_dns_link_client_factory(cmd.cli_ctx)
resource_client = resource_client_factory(cmd.cli_ctx)
vnet_id = resource_id(subscription=vnet_sub,
resource_group=vnet_rg,
namespace='Microsoft.Network',
type='virtualNetworks',
name=vnet_name)
nw_client = network_client_factory(cmd.cli_ctx, subscription_id=vnet_sub)
vnet = nw_client.virtual_networks.get(vnet_rg, vnet_name)
dns_rg = None
if private_dns_zone is None:
if 'private' in private_dns_zone_suffix:
private_dns_zone = server_name + '.' + private_dns_zone_suffix
else:
private_dns_zone = server_name + '.private.' + private_dns_zone_suffix
# resource ID input => check subscription and change client
elif not _check_if_resource_name(
private_dns_zone) and is_valid_resource_id(private_dns_zone):
subscription, dns_rg, private_dns_zone, _ = get_id_components(
private_dns_zone)
if private_dns_zone[-len(private_dns_zone_suffix
):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix of the private DNS zone should be "{}"'.format(
private_dns_zone_suffix))
if subscription != get_subscription_id(cmd.cli_ctx):
logger.warning(
'The provided private DNS zone ID is in different subscription from the server'
)
resource_client = resource_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_client = private_dns_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_link_client = private_dns_link_client_factory(
cmd.cli_ctx, subscription_id=subscription)
_resource_group_verify_and_create(resource_client, dns_rg, location)
# check Invalid resource ID or Name format
elif _check_if_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \
or not _check_if_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone):
raise ValidationError(
"Check if the private dns zone name or Id is in correct format.")
# Invalid resource name suffix check
elif _check_if_resource_name(private_dns_zone) and private_dns_zone[
-len(private_dns_zone_suffix):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix of the private DNS zone should be in "{}" format'.
format(private_dns_zone_suffix))
validate_private_dns_zone(cmd,
server_name=server_name,
private_dns_zone=private_dns_zone)
link = VirtualNetworkLink(location='global',
virtual_network=SubResource(id=vnet.id))
link.registration_enabled = False
# check existence DNS zone and change resource group
zone_exist_flag = False
if dns_rg is not None and check_existence(
resource_client, private_dns_zone, dns_rg, 'Microsoft.Network',
'privateDnsZones'):
zone_exist_flag = True
elif dns_rg is None and check_existence(
resource_client, private_dns_zone, resource_group,
'Microsoft.Network', 'privateDnsZones'):
zone_exist_flag = True
dns_rg = resource_group
elif dns_rg is None and check_existence(resource_client, private_dns_zone,
vnet_rg, 'Microsoft.Network',
'privateDnsZones'):
zone_exist_flag = True
dns_rg = vnet_rg
else:
dns_rg = vnet_rg
# create DNS zone if not exist
if not zone_exist_flag:
logger.warning('Creating a private dns zone %s in resource group "%s"',
private_dns_zone, dns_rg)
private_zone = private_dns_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
parameters=PrivateZone(location='global'),
if_none_match='*').result()
private_dns_link_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
else:
logger.warning(
'Using the existing private dns zone %s in resource group "%s"',
private_dns_zone, dns_rg)
private_zone = private_dns_client.get(
resource_group_name=dns_rg, private_zone_name=private_dns_zone)
virtual_links = private_dns_link_client.list(
resource_group_name=dns_rg, private_zone_name=private_dns_zone)
link_exist_flag = False
for virtual_link in virtual_links:
if virtual_link.virtual_network.id == vnet_id:
link_exist_flag = True
break
if not link_exist_flag:
private_dns_link_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
return private_zone.id