def get_acr_service_client():
'''Returns the client for managing container registries.
'''
customized_api_version = get_acr_api_version()
if customized_api_version:
return get_mgmt_service_client(ContainerRegistryManagementClient,
api_version=customized_api_version)
else:
return get_mgmt_service_client(ContainerRegistryManagementClient)
def check_existence(cli_ctx, value, resource_group, provider_namespace, resource_type,
parent_name=None, parent_type=None):
# check for name or ID and set the type flags
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from msrestazure.azure_exceptions import CloudError
from msrestazure.tools import parse_resource_id
from azure.cli.core.profiles import ResourceType
resource_client = get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES).resources
id_parts = parse_resource_id(value)
rg = id_parts.get('resource_group', resource_group)
ns = id_parts.get('namespace', provider_namespace)
if parent_name and parent_type:
parent_path = '{}/{}'.format(parent_type, parent_name)
resource_name = id_parts.get('child_name_1', value)
resource_type = id_parts.get('child_type_1', resource_type)
else:
parent_path = ''
resource_name = id_parts['name']
resource_type = id_parts.get('type', resource_type)
api_version = _resolve_api_version(cli_ctx, provider_namespace, resource_type, parent_path)
try:
resource_client.get(rg, ns, parent_path, resource_type, resource_name, api_version)
return True
except CloudError:
return False
def resource_exists(resource_group, name, namespace, type, **_): # pylint: disable=redefined-builtin
''' Checks if the given resource exists. '''
odata_filter = "resourceGroup eq '{}' and name eq '{}'" \
" and resourceType eq '{}/{}'".format(resource_group, name, namespace, type)
client = get_mgmt_service_client(ResourceType.MGMT_RESOURCE_RESOURCES).resources
existing = len(list(client.list(filter=odata_filter))) == 1
return existing
def validate_client_parameters(namespace):
""" Retrieves storage connection parameters from environment variables and parses out
connection string into account name and key """
n = namespace
if not n.connection_string:
n.connection_string = az_config.get('storage', 'connection_string', None)
# if connection string supplied or in environment variables, extract account key and name
if n.connection_string:
conn_dict = validate_key_value_pairs(n.connection_string)
n.account_name = conn_dict['AccountName']
n.account_key = conn_dict['AccountKey']
# otherwise, simply try to retrieve the remaining variables from environment variables
if not n.account_name:
n.account_name = az_config.get('storage', 'account', None)
if not n.account_key:
n.account_key = az_config.get('storage', 'key', None)
if not n.sas_token:
n.sas_token = az_config.get('storage', 'sas_token', None)
# if account name is specified but no key, attempt to query
if n.account_name and not n.account_key:
scf = get_mgmt_service_client(StorageManagementClient)
acc = next((x for x in scf.storage_accounts.list() if x.name == n.account_name), None)
if acc:
from azure.cli.core.commands.arm import parse_resource_id
rg = parse_resource_id(acc.id)['resource_group']
n.account_key = \
scf.storage_accounts.list_keys(rg, n.account_name).keys[0].value # pylint: disable=no-member
else:
raise ValueError("Storage account '{}' not found.".format(n.account_name))
def cf_ni(_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.network import NetworkManagementClient
# TODO: Remove hard coded api-version once
# https://github.com/Azure/azure-rest-api-specs/issues/570
# is fixed.
return get_mgmt_service_client(NetworkManagementClient, api_version='2016-03-30').network_interfaces #pylint: disable=line-too-long
def _deploy_arm_template_core(resource_group_name, # pylint: disable=too-many-arguments
template_file=None, template_uri=None, deployment_name=None,
parameters=None, mode='incremental', validate_only=False,
no_wait=False):
DeploymentProperties, TemplateLink = get_sdk(ResourceType.MGMT_RESOURCE_RESOURCES,
'DeploymentProperties',
'TemplateLink',
mod='models')
parameters = parameters or {}
template = None
template_link = None
template_obj = None
if template_uri:
template_link = TemplateLink(uri=template_uri)
template_obj = shell_safe_json_parse(_urlretrieve(template_uri).decode('utf-8'))
else:
template = get_file_json(template_file)
template_obj = template
parameters = _get_missing_parameters(parameters, template_obj, _prompt_for_parameters)
properties = DeploymentProperties(template=template, template_link=template_link,
parameters=parameters, mode=mode)
smc = get_mgmt_service_client(ResourceType.MGMT_RESOURCE_RESOURCES)
if validate_only:
return smc.deployments.validate(resource_group_name, deployment_name, properties, raw=no_wait)
return smc.deployments.create_or_update(resource_group_name, deployment_name, properties, raw=no_wait)
def build_msi_role_assignment(vm_vmss_name, vm_vmss_resource_id, role_definition_id,
role_assignment_guid, identity_scope, is_vm=True):
from azure.cli.core.commands.arm import parse_resource_id
from azure.mgmt.authorization import AuthorizationManagementClient
from azure.cli.core.commands.client_factory import get_mgmt_service_client
result = parse_resource_id(identity_scope)
if result.get('type'): # is a resource id?
name = '{}/Microsoft.Authorization/{}'.format(result['name'], role_assignment_guid)
assignment_type = '{}/{}/providers/roleAssignments'.format(result['namespace'], result['type'])
else:
name = role_assignment_guid
assignment_type = 'Microsoft.Authorization/roleAssignments'
# pylint: disable=line-too-long
msi_rp_api_version = '2015-08-31-PREVIEW'
authorization_api_version = get_mgmt_service_client(AuthorizationManagementClient).api_version
return {
'name': name,
'type': assignment_type,
'apiVersion': authorization_api_version,
'dependsOn': [
'Microsoft.Compute/{}/{}'.format('virtualMachines' if is_vm else 'virtualMachineScaleSets', vm_vmss_name)
],
'properties': {
'roleDefinitionId': role_definition_id,
'principalId': "[reference('{}/providers/Microsoft.ManagedIdentity/Identities/default', '{}').principalId]".format(
vm_vmss_resource_id, msi_rp_api_version),
'scope': identity_scope
}
}
def resolve_role_id(cli_ctx, role, scope):
import uuid
client = get_mgmt_service_client(cli_ctx, ResourceType.MGMT_AUTHORIZATION).role_definitions
role_id = None
if re.match(r'/subscriptions/[^/]+/providers/Microsoft.Authorization/roleDefinitions/',
role, re.I):
role_id = role
else:
try:
uuid.UUID(role)
role_id = '/subscriptions/{}/providers/Microsoft.Authorization/roleDefinitions/{}'.format(
client.config.subscription_id, role)
except ValueError:
pass
if not role_id: # retrieve role id
role_defs = list(client.list(scope, "roleName eq '{}'".format(role)))
if not role_defs:
raise CLIError("Role '{}' doesn't exist.".format(role))
if len(role_defs) > 1:
ids = [r.id for r in role_defs]
err = "More than one role matches the given name '{}'. Please pick an id from '{}'"
raise CLIError(err.format(role, ids))
role_id = role_defs[0].id
return role_id
def _validate_vm_create_storage_account(namespace):
if namespace.storage_account:
storage_id = parse_resource_id(namespace.storage_account)
rg = storage_id.get('resource_group', namespace.resource_group_name)
if check_existence(storage_id['name'], rg, 'Microsoft.Storage', 'storageAccounts'):
# 1 - existing storage account specified
namespace.storage_account_type = 'existing'
logger.debug("using specified existing storage account '%s'", storage_id['name'])
else:
# 2 - params for new storage account specified
namespace.storage_account_type = 'new'
logger.debug("specified storage account '%s' not found and will be created", storage_id['name'])
else:
from azure.cli.core.profiles import ResourceType
from azure.cli.core.commands.client_factory import get_mgmt_service_client
storage_client = get_mgmt_service_client(ResourceType.MGMT_STORAGE).storage_accounts
# find storage account in target resource group that matches the VM's location
sku_tier = 'Premium' if 'Premium' in namespace.storage_sku else 'Standard'
account = next(
(a for a in storage_client.list_by_resource_group(namespace.resource_group_name)
if a.sku.tier.value == sku_tier and a.location == namespace.location), None)
if account:
# 3 - nothing specified - find viable storage account in target resource group
namespace.storage_account = account.name
namespace.storage_account_type = 'existing'
logger.debug("suitable existing storage account '%s' will be used", account.name)
else:
# 4 - nothing specified - create a new storage account
namespace.storage_account_type = 'new'
logger.debug('no suitable storage account found. One will be created.')
def _resolve_role_id(role, scope):
import uuid
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.authorization import AuthorizationManagementClient
client = get_mgmt_service_client(AuthorizationManagementClient).role_definitions
role_id = None
if re.match(r'/subscriptions/.+/providers/Microsoft.Authorization/roleDefinitions/',
role, re.I):
role_id = role
else:
try:
uuid.UUID(role)
role_id = '/subscriptions/{}/providers/Microsoft.Authorization/roleDefinitions/{}'.format(
client.config.subscription_id, role)
except ValueError:
pass
if not role_id: # retrieve role id
role_defs = list(client.list(scope, "roleName eq '{}'".format(role)))
if not role_defs:
raise CLIError("Role '{}' doesn't exist.".format(role))
elif len(role_defs) > 1:
ids = [r.id for r in role_defs]
err = "More than one role matches the given name '{}'. Please pick an id from '{}'"
raise CLIError(err.format(role, ids))
role_id = role_defs[0].id
return role_id
def get_postgresql_management_client(cli_ctx, **_):
from os import getenv
from azure.mgmt.rdbms.postgresql import PostgreSQLManagementClient
# Allow overriding resource manager URI using environment variable
# for testing purposes. Subscription id is also determined by environment
# variable.
rm_uri_override = getenv(RM_URI_OVERRIDE)
if rm_uri_override:
client_id = getenv(CLIENT_ID)
if client_id:
from azure.common.credentials import ServicePrincipalCredentials
credentials = ServicePrincipalCredentials(
client_id=client_id,
secret=getenv(CLIENT_SECRET),
tenant=getenv(TENANT_ID))
else:
from msrest.authentication import Authentication # pylint: disable=import-error
credentials = Authentication()
return PostgreSQLManagementClient(
subscription_id=getenv(SUB_ID_OVERRIDE),
base_url=rm_uri_override,
credentials=credentials)
else:
# Normal production scenario.
return get_mgmt_service_client(cli_ctx, PostgreSQLManagementClient)
def validate_location(namespace):
if not namespace.location:
from azure.mgmt.resource.resources import ResourceManagementClient
from azure.cli.core.commands.client_factory import get_mgmt_service_client
resource_client = get_mgmt_service_client(ResourceManagementClient)
rg = resource_client.resource_groups.get(namespace.resource_group_name)
namespace.location = rg.location # pylint: disable=no-member
def _validate_vm_create_storage_account(namespace):
if namespace.storage_account:
storage_id = parse_resource_id(namespace.storage_account)
rg = storage_id.get('resource_group', namespace.resource_group_name)
if check_existence(storage_id['name'], rg, 'Microsoft.Storage', 'storageAccounts'):
# 1 - existing storage account specified
namespace.storage_account_type = 'existing'
else:
# 2 - params for new storage account specified
namespace.storage_account_type = 'new'
else:
from azure.mgmt.storage import StorageManagementClient
from azure.cli.core.commands.client_factory import get_mgmt_service_client
storage_client = get_mgmt_service_client(StorageManagementClient).storage_accounts
# find storage account in target resource group that matches the VM's location
sku_tier = 'Premium' if 'Premium' in namespace.storage_sku else 'Standard'
account = next(
(a for a in storage_client.list_by_resource_group(namespace.resource_group_name)
if a.sku.tier.value == sku_tier and a.location == namespace.location), None)
if account:
# 3 - nothing specified - find viable storage account in target resource group
namespace.storage_account = account.name
namespace.storage_account_type = 'existing'
else:
# 4 - nothing specified - create a new storage account
namespace.storage_account_type = 'new'
def _get_resource_group_location(cli_ctx, resource_group_name):
from azure.mgmt.resource import ResourceManagementClient
from azure.cli.core.commands.client_factory import get_mgmt_service_client
client = get_mgmt_service_client(cli_ctx, ResourceManagementClient)
# pylint: disable=no-member
return client.resource_groups.get(resource_group_name).location
def create_application_package(
client,
resource_group_name,
account_name, # pylint:disable=too-many-arguments
application_id,
version,
package_file,
):
# create application if not exist
mgmt_client = get_mgmt_service_client(BatchManagementClient)
try:
mgmt_client.application.get(resource_group_name, account_name, application_id)
except Exception: # pylint:disable=broad-except
mgmt_client.application.create(resource_group_name, account_name, application_id)
result = client.create(resource_group_name, account_name, application_id, version)
# upload binary as application package
logger.info("Uploading %s to storage blob %s...", package_file, result.storage_url)
_upload_package_blob(package_file, result.storage_url)
# activate the application package
client.activate(resource_group_name, account_name, application_id, version, "zip")
return client.get(resource_group_name, account_name, application_id, version)
def process_nw_test_connectivity_namespace(cmd, namespace):
from msrestazure.tools import is_valid_resource_id, resource_id, parse_resource_id
compute_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_COMPUTE).virtual_machines
vm_name = parse_resource_id(namespace.source_resource)['name']
rg = namespace.resource_group_name or parse_resource_id(namespace.source_resource).get('resource_group', None)
if not rg:
raise CLIError('usage error: --source-resource ID | --source-resource NAME --resource-group NAME')
vm = compute_client.get(rg, vm_name)
namespace.location = vm.location # pylint: disable=no-member
get_network_watcher_from_location(remove=True)(cmd, namespace)
if namespace.source_resource and not is_valid_resource_id(namespace.source_resource):
namespace.source_resource = resource_id(
subscription=get_subscription_id(cmd.cli_ctx),
resource_group=rg,
namespace='Microsoft.Compute',
type='virtualMachines',
name=namespace.source_resource)
if namespace.dest_resource and not is_valid_resource_id(namespace.dest_resource):
namespace.dest_resource = resource_id(
subscription=get_subscription_id(cmd.cli_ctx),
resource_group=namespace.resource_group_name,
namespace='Microsoft.Compute',
type='virtualMachines',
name=namespace.dest_resource)
def _verify_keyvault_good_for_encryption(disk_vault_id, kek_vault_id, vmss, force):
def _report_client_side_validation_error(msg):
if force:
logger.warning(msg)
else:
raise CLIError(msg)
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.keyvault import KeyVaultManagementClient
client = get_mgmt_service_client(KeyVaultManagementClient).vaults
disk_vault_resource_info = parse_resource_id(disk_vault_id)
key_vault = client.get(disk_vault_resource_info['resource_group'], disk_vault_resource_info['name'])
# ensure vault has 'EnabledForDiskEncryption' permission
if not key_vault.properties.enabled_for_disk_encryption:
_report_client_side_validation_error("keyvault '{}' is not enabled for disk encryption. ".format(
disk_vault_resource_info['resource_name']))
if kek_vault_id:
kek_vault_info = parse_resource_id(kek_vault_id)
if disk_vault_resource_info['name'].lower() != kek_vault_info['name'].lower():
client.get(kek_vault_info['resource_group'], kek_vault_info['name'])
# verify subscription mataches
vmss_resource_info = parse_resource_id(vmss.id)
if vmss_resource_info['subscription'].lower() != disk_vault_resource_info['subscription'].lower():
_report_client_side_validation_error(
"VM scale set's subscription doesn't match keyvault's subscription. Encryption might fail")
# verify region matches
if key_vault.location.replace(' ', '').lower() != vmss.location.replace(' ', '').lower():
_report_client_side_validation_error(
"VM scale set's region doesn't match keyvault's region. Encryption might fail")
def deploy_arm_template(cli_ctx, resource_group_name, # pylint: disable=too-many-arguments
template_file=None, deployment_name=None,
parameters=None, mode=None):
DeploymentProperties, _ = get_sdk(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES,
'DeploymentProperties', 'TemplateLink', mod='models')
template = {}
# TODO: get_file_json() can return None if specified, otherwise it can throw an error.
template = get_file_json(template_file, preserve_order=True)
template_obj = template
# So template should always be a dict, otherwise this next line will fail.
template_obj['resources'] = template_obj.get('resources', [])
# template_obj is not used after this point, can remove it.
parameters = BotTemplateDeployer.__process_parameters(parameters) or {}
# Turn the template into JSON string, then load it back to a dict, list, etc.
template = json.loads(json.dumps(template))
parameters = json.loads(json.dumps(parameters))
properties = DeploymentProperties(template=template, template_link=None,
parameters=parameters, mode=mode)
smc = get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES)
return smc.deployments.create_or_update(resource_group_name, deployment_name, properties, raw=False)
def _auth_client_factory(scope=None):
subscription_id = None
if scope:
matched = re.match('/subscriptions/(?P<subscription>[^/]*)/', scope)
if matched:
subscription_id = matched.groupdict()['subscription']
return get_mgmt_service_client(AuthorizationManagementClient, subscription_id=subscription_id)
def get_resources_in_resource_group(resource_group_name, resource_type=None):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
rcf = get_mgmt_service_client(ResourceType.MGMT_RESOURCE_RESOURCES)
filter_str = "resourceType eq '{}'".format(resource_type) if resource_type else None
if supported_api_version(ResourceType.MGMT_RESOURCE_RESOURCES, max_api='2016-09-01'):
return list(rcf.resource_groups.list_resources(resource_group_name, filter=filter_str))
return list(rcf.resources.list_by_resource_group(resource_group_name, filter=filter_str))
def _deploy_arm_template_core(resource_group_name, template_file=None, template_uri=None,
deployment_name=None, parameters=None, mode='incremental',
validate_only=False, no_wait=False):
from azure.mgmt.resource.resources.models import DeploymentProperties, TemplateLink
if bool(template_uri) == bool(template_file):
raise CLIError('please provide either template file path or uri, but not both')
if parameters:
parameters = json.loads(parameters)
if parameters:
parameters = parameters.get('parameters', parameters)
template = None
template_link = None
if template_uri:
template_link = TemplateLink(uri=template_uri)
else:
template = get_file_json(template_file)
properties = DeploymentProperties(template=template, template_link=template_link,
parameters=parameters, mode=mode)
smc = get_mgmt_service_client(ResourceManagementClient)
if validate_only:
return smc.deployments.validate(resource_group_name, deployment_name,
properties, raw=no_wait)
else:
return smc.deployments.create_or_update(resource_group_name, deployment_name,
properties, raw=no_wait)
def check_existence(value, resource_group, provider_namespace, resource_type, parent_name=None, parent_type=None):
# check for name or ID and set the type flags
from azure.mgmt.resource.resources import ResourceManagementClient
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from msrestazure.azure_exceptions import CloudError
resource_client = get_mgmt_service_client(ResourceManagementClient).resources
id_parts = parse_resource_id(value)
rg = id_parts.get("resource_group", resource_group)
ns = id_parts.get("namespace", provider_namespace)
if parent_name and parent_type:
parent_path = "{}/{}".format(parent_type, parent_name)
resource_name = id_parts.get("child_name", value)
resource_type = id_parts.get("child_type", resource_type)
else:
parent_path = ""
resource_name = id_parts["name"]
resource_type = id_parts.get("type", resource_type)
api_version = _resolve_api_version(provider_namespace, resource_type, parent_path)
try:
resource_client.get(rg, ns, parent_path, resource_type, resource_name, api_version)
return True
except CloudError:
return False
def cf_dla_job(_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.datalake.analytics.job import DataLakeAnalyticsJobManagementClient
return get_mgmt_service_client(
DataLakeAnalyticsJobManagementClient,
subscription_bound=False,
base_url_bound=False,
adla_job_dns_suffix=CLOUD.suffixes.azure_datalake_analytics_catalog_and_job_endpoint).job
def get_network_watcher_from_vm(cmd, namespace):
from msrestazure.tools import parse_resource_id
compute_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_COMPUTE).virtual_machines
vm_name = parse_resource_id(namespace.vm)['name']
vm = compute_client.get(namespace.resource_group_name, vm_name)
namespace.location = vm.location # pylint: disable=no-member
get_network_watcher_from_location()(cmd, namespace)
def _query_account_rg(cli_ctx, account_name):
"""Query the storage account's resource group, which the mgmt sdk requires."""
scf = get_mgmt_service_client(cli_ctx, CUSTOM_MGMT_STORAGE)
acc = next((x for x in scf.storage_accounts.list() if x.name == account_name), None)
if acc:
from msrestazure.tools import parse_resource_id
return parse_resource_id(acc.id)['resource_group'], scf
raise ValueError("Storage account '{}' not found.".format(account_name))
def get_auth_management_client(cli_ctx, scope=None, **_):
import re
subscription_id = None
if scope:
matched = re.match('/subscriptions/(?P<subscription>[^/]*)/', scope)
if matched:
subscription_id = matched.groupdict()['subscription']
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_AUTHORIZATION, subscription_id=subscription_id)
def _query_account_key(account_name):
scf = get_mgmt_service_client(StorageManagementClient)
acc = next((x for x in scf.storage_accounts.list() if x.name == account_name), None)
if acc:
from azure.cli.core.commands.arm import parse_resource_id
rg = parse_resource_id(acc.id)['resource_group']
return scf.storage_accounts.list_keys(rg, account_name).keys[0].value # pylint: disable=no-member
else:
raise ValueError("Storage account '{}' not found.".format(account_name))
def validate_resource_group_name(ns):
if not ns.resource_group_name:
try:
account_name = ns.name
except AttributeError:
account_name = ns.account_name
client = get_mgmt_service_client(DataLakeStoreAccountManagementClient).account
group_name = _get_resource_group_from_account_name(client, account_name)
ns.resource_group_name = group_name
def cf_ni(_):
from azure.cli.core.profiles import ResourceType
from azure.cli.core.commands.client_factory import get_mgmt_service_client
# TODO: Remove hard coded api-version once
# https://github.com/Azure/azure-rest-api-specs/issues/570
# is fixed.
ni = get_mgmt_service_client(ResourceType.MGMT_NETWORK).network_interfaces
ni.api_version = '2016-03-30'
return ni
def cf_dla_catalog(_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.datalake.analytics.catalog import DataLakeAnalyticsCatalogManagementClient
return get_mgmt_service_client(
DataLakeAnalyticsCatalogManagementClient,
subscription_bound=False,
base_url_bound=False,
resource=CLOUD.endpoints.active_directory_data_lake_resource_id,
adla_catalog_dns_suffix=CLOUD.suffixes.azure_datalake_analytics_catalog_and_job_endpoint).catalog
def get_resources_in_subscription(resource_type=None):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
rcf = get_mgmt_service_client(ResourceType.MGMT_RESOURCE_RESOURCES)
filter_str = "resourceType eq '{}'".format(
resource_type) if resource_type else None
return list(rcf.resources.list(filter=filter_str))
def cf_eventgrid(cli_ctx, **_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azext_eventgrid.vendored_sdks.eventgrid import EventGridManagementClient
return get_mgmt_service_client(cli_ctx, EventGridManagementClient)
def get_resource_groups():
from azure.cli.core.commands.client_factory import get_mgmt_service_client
rcf = get_mgmt_service_client(ResourceType.MGMT_RESOURCE_RESOURCES)
return list(rcf.resource_groups.list())
def network_client_factory(cli_ctx, **kwargs):
from azure.cli.core.profiles import ResourceType
from azure.cli.core.commands.client_factory import get_mgmt_service_client
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_NETWORK,
**kwargs)
reset_windows_admin, set_linux_user, delete_linux_user,
disable_boot_diagnostics, enable_boot_diagnostics, get_boot_log,
list_extensions, set_extension, set_diagnostics_extension,
show_default_diagnostics_configuration,
vmss_start, vmss_restart, vmss_delete_instances, vmss_deallocate, vmss_get_instance_view,
vmss_stop, vmss_reimage, vmss_scale, vmss_update_instances, vmss_show, vmss_list,
set_vmss_diagnostics_extension, set_vmss_extension, get_vmss_extension,
list_vmss_extensions, delete_vmss_extension)
from ._factory import _compute_client_factory
# pylint: disable=line-too-long
# VM
factory = lambda _: get_mgmt_service_client(VMClient).vm
cli_command('vm create', VmOperations.create_or_update, factory, transform=DeploymentOutputLongRunningOperation('Starting vm create'))
factory = lambda _: _compute_client_factory().virtual_machines
cli_command('vm delete', VirtualMachinesOperations.delete, factory)
cli_command('vm deallocate', VirtualMachinesOperations.deallocate, factory)
cli_command('vm generalize', VirtualMachinesOperations.generalize, factory)
cli_command('vm show', VirtualMachinesOperations.get, factory)
cli_command('vm list-vm-resize-options', VirtualMachinesOperations.list_available_sizes, factory)
cli_command('vm get-instance-view', get_instance_view)
cli_command('vm stop', VirtualMachinesOperations.power_off, factory)
cli_command('vm restart', VirtualMachinesOperations.restart, factory)
cli_command('vm start', VirtualMachinesOperations.start, factory)
cli_command('vm redeploy', VirtualMachinesOperations.redeploy, factory)
cli_command('vm list-ip-addresses', list_ip_addresses)
def iot_hub_service_factory(cli_ctx, *_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.cli.core.profiles import ResourceType
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_IOTHUB)
def get_osa_container_service_client(cli_ctx, **_):
from azure.mgmt.containerservice import ContainerServiceClient
return get_mgmt_service_client(cli_ctx,
ContainerServiceClient,
api_version='2019-10-27-preview')
def get_devtestlabs_management_client(_):
from .sdk.devtestlabs import DevTestLabsClient
from azure.cli.core.commands.client_factory import get_mgmt_service_client
return get_mgmt_service_client(DevTestLabsClient)
def _resource_lock_client_factory(cli_ctx, **_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.cli.core.profiles import ResourceType
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_LOCKS)
def _get_location_from_resource_group(resource_group_name):
from azure.mgmt.resource.resources import ResourceManagementClient
client = get_mgmt_service_client(ResourceManagementClient)
group = client.resource_groups.get(resource_group_name)
return group.location
def _compute_client_factory(**_):
from azure.mgmt.compute import ComputeManagementClient
from azure.cli.core.commands.client_factory import get_mgmt_service_client
return get_mgmt_service_client(ComputeManagementClient)
def cf_purview_cl(cli_ctx, *_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azext_purview.vendored_sdks.purview import PurviewManagementClient
return get_mgmt_service_client(cli_ctx, PurviewManagementClient)
def web_client_factory(cli_ctx, **_):
from azure.cli.core.profiles import ResourceType
from azure.cli.core.commands.client_factory import get_mgmt_service_client
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_APPSERVICE)
def aro_create(cmd, # pylint: disable=too-many-locals
client,
resource_group_name,
resource_name,
master_subnet,
worker_subnet,
vnet=None, # pylint: disable=unused-argument
vnet_resource_group_name=None, # pylint: disable=unused-argument
location=None,
pull_secret=None,
domain=None,
cluster_resource_group=None,
client_id=None,
client_secret=None,
pod_cidr=None,
service_cidr=None,
master_vm_size=None,
worker_vm_size=None,
worker_vm_disk_size_gb=None,
worker_count=None,
apiserver_visibility=None,
ingress_visibility=None,
tags=None,
no_wait=False):
if not rp_mode_development():
resource_client = get_mgmt_service_client(
cmd.cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES)
provider = resource_client.providers.get('Microsoft.RedHatOpenShift')
if provider.registration_state != 'Registered':
raise UnauthorizedError('Microsoft.RedHatOpenShift provider is not registered.',
'Run `az provider register -n Microsoft.RedHatOpenShift --wait`.')
validate_subnets(master_subnet, worker_subnet)
subscription_id = get_subscription_id(cmd.cli_ctx)
random_id = generate_random_id()
aad = AADManager(cmd.cli_ctx)
if client_id is None:
app, client_secret = aad.create_application(cluster_resource_group or 'aro-' + random_id)
client_id = app.app_id
client_sp = aad.get_service_principal(client_id)
if not client_sp:
client_sp = aad.create_service_principal(client_id)
rp_client_sp = aad.get_service_principal(resolve_rp_client_id())
if not rp_client_sp:
raise ResourceNotFoundError("RP service principal not found.")
if rp_mode_development():
worker_vm_size = worker_vm_size or 'Standard_D2s_v3'
else:
worker_vm_size = worker_vm_size or 'Standard_D4s_v3'
if apiserver_visibility is not None:
apiserver_visibility = apiserver_visibility.capitalize()
if ingress_visibility is not None:
ingress_visibility = ingress_visibility.capitalize()
oc = openshiftcluster.OpenShiftCluster(
location=location,
tags=tags,
cluster_profile=openshiftcluster.ClusterProfile(
pull_secret=pull_secret or "",
domain=domain or random_id,
resource_group_id='/subscriptions/%s/resourceGroups/%s' %
(subscription_id, cluster_resource_group or "aro-" + random_id),
),
service_principal_profile=openshiftcluster.ServicePrincipalProfile(
client_id=client_id,
client_secret=client_secret,
),
network_profile=openshiftcluster.NetworkProfile(
pod_cidr=pod_cidr or '10.128.0.0/14',
service_cidr=service_cidr or '172.30.0.0/16',
),
master_profile=openshiftcluster.MasterProfile(
vm_size=master_vm_size or 'Standard_D8s_v3',
subnet_id=master_subnet,
),
worker_profiles=[
openshiftcluster.WorkerProfile(
name='worker', # TODO: 'worker' should not be hard-coded
vm_size=worker_vm_size,
disk_size_gb=worker_vm_disk_size_gb or 128,
subnet_id=worker_subnet,
count=worker_count or 3,
)
],
apiserver_profile=openshiftcluster.APIServerProfile(
visibility=apiserver_visibility or 'Public',
),
ingress_profiles=[
openshiftcluster.IngressProfile(
name='default', # TODO: 'default' should not be hard-coded
visibility=ingress_visibility or 'Public',
)
],
)
sp_obj_ids = [client_sp.object_id, rp_client_sp.object_id]
ensure_resource_permissions(cmd.cli_ctx, oc, True, sp_obj_ids)
return sdk_no_wait(no_wait, client.create_or_update,
resource_group_name=resource_group_name,
resource_name=resource_name,
parameters=oc)
def get_arm_resource_by_id(cli_ctx, arm_id, api_version=None):
from msrestazure.tools import parse_resource_id, is_valid_resource_id
if not is_valid_resource_id(arm_id):
raise CLIError("'{}' is not a valid ID.".format(arm_id))
client = get_mgmt_service_client(cli_ctx,
ResourceType.MGMT_RESOURCE_RESOURCES)
if not api_version:
parts = parse_resource_id(arm_id)
# to retrieve the provider, we need to know the namespace
namespaces = {k: v for k, v in parts.items() if 'namespace' in k}
# every ARM ID has at least one namespace, so start with that
namespace = namespaces.pop('namespace')
namespaces.pop('resource_namespace')
# find the most specific child namespace (if any) and use that value instead
highest_child = 0
for k, v in namespaces.items():
child_number = int(k.split('_')[2])
if child_number > highest_child:
namespace = v
highest_child = child_number
# retrieve provider info for the namespace
provider = client.providers.get(namespace)
# assemble the resource type key used by the provider list operation. type1/type2/type3/...
resource_type_str = ''
if not highest_child:
resource_type_str = parts['resource_type']
else:
types = {
int(k.split('_')[2]): v
for k, v in parts.items() if k.startswith('child_type')
}
for k in sorted(types.keys()):
if k < highest_child:
continue
resource_type_str = '{}{}/'.format(
resource_type_str, parts['child_type_{}'.format(k)])
resource_type_str = resource_type_str.rstrip('/')
api_version = None
rt = next((t for t in provider.resource_types
if t.resource_type.lower() == resource_type_str.lower()),
None)
if not rt:
from azure.cli.core.parser import IncorrectUsageError
raise IncorrectUsageError(
'Resource type {} not found.'.format(resource_type_str))
try:
# Use the most recent non-preview API version unless there is only a
# single API version. API versions are returned by the service in a sorted list.
api_version = next(
(x for x in rt.api_versions if not x.endswith('preview')),
rt.api_versions[0])
except AttributeError:
err = "No API versions found for resource type '{}'."
raise CLIError(err.format(resource_type_str))
return client.resources.get_by_id(arm_id, api_version)
def cf_container_registry_service(cli_ctx, subscription_id=None):
return get_mgmt_service_client(cli_ctx,
ResourceType.MGMT_CONTAINERREGISTRY,
subscription_id=subscription_id)
def _keyvault_mgmt_client_factory(cli_ctx, _):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
return getattr(get_mgmt_service_client(cli_ctx, resource_type),
client_name)
def _generate_template_progress(self, correlation_id): # pylint: disable=no-self-use
""" gets the progress for template deployments """
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.monitor import MonitorManagementClient
if correlation_id is not None: # pylint: disable=too-many-nested-blocks
formatter = "eventTimestamp ge {}"
end_time = datetime.datetime.utcnow()
start_time = end_time - datetime.timedelta(
seconds=DEFAULT_QUERY_TIME_RANGE)
odata_filters = formatter.format(
start_time.strftime('%Y-%m-%dT%H:%M:%SZ'))
odata_filters = "{} and {} eq '{}'".format(odata_filters,
'correlationId',
correlation_id)
activity_log = get_mgmt_service_client(
self.cli_ctx, MonitorManagementClient).activity_logs.list(
filter=odata_filters)
results = []
max_events = 50 # default max value for events in list_activity_log
for index, item in enumerate(activity_log):
if index < max_events:
results.append(item)
else:
break
if results:
for event in results:
update = False
long_name = event.resource_id.split('/')[-1]
if long_name not in self.deploy_dict:
self.deploy_dict[long_name] = {}
update = True
deploy_values = self.deploy_dict[long_name]
checked_values = {
str(event.resource_type.value): 'type',
str(event.status.value): 'status value',
str(event.event_name.value): 'request',
}
try:
checked_values[str(
event.properties.get('statusCode', ''))] = 'status'
except AttributeError:
pass
if deploy_values.get('timestamp', None) is None or \
event.event_timestamp > deploy_values.get('timestamp'):
for value in checked_values:
if deploy_values.get(checked_values[value],
None) != value:
update = True
deploy_values[checked_values[value]] = value
deploy_values['timestamp'] = event.event_timestamp
# don't want to show the timestamp
json_val = deploy_values.copy()
json_val.pop('timestamp', None)
status_val = deploy_values.get('status value', None)
if status_val and status_val != 'Started':
result = deploy_values[
'status value'] + ': ' + long_name
result += ' (' + deploy_values.get('type',
'') + ')'
if update:
logger.info(result)
def get_container_service_client(cli_ctx, **_):
from azure.mgmt.containerservice import ContainerServiceClient
return get_mgmt_service_client(cli_ctx, ContainerServiceClient)
def iot_service_provisioning_factory(cli_ctx, *_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.iothubprovisioningservices.iot_dps_client import IotDpsClient
return get_mgmt_service_client(cli_ctx, IotDpsClient)
def cf_resources(cli_ctx, subscription_id=None):
return get_mgmt_service_client(cli_ctx,
ResourceType.MGMT_RESOURCE_RESOURCES,
subscription_id=subscription_id).resources
def keyvault_client_factory(**_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.mgmt.keyvault import KeyVaultManagementClient
return get_mgmt_service_client(KeyVaultManagementClient)
def cf_compute_service(cli_ctx, *_):
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_COMPUTE)
def cf_portal(cli_ctx, *_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from ..vendored_sdks.portal import Portal
return get_mgmt_service_client(cli_ctx, Portal)
def _get_resource_group_location(cli_ctx, resource_group_name):
from azure.cli.core.profiles import ResourceType
client = get_mgmt_service_client(cli_ctx,
ResourceType.MGMT_RESOURCE_RESOURCES)
# pylint: disable=no-member
return client.resource_groups.get(resource_group_name).location
def cf_aro(cli_ctx, *_):
client = get_mgmt_service_client(
cli_ctx, AzureRedHatOpenShift4Client).open_shift_clusters
return client
def cli_cosmosdb_create(cmd,
client,
resource_group_name,
account_name,
locations=None,
tags=None,
kind=DatabaseAccountKind.global_document_db.value,
default_consistency_level=None,
max_staleness_prefix=100,
max_interval=5,
ip_range_filter=None,
enable_automatic_failover=None,
capabilities=None,
enable_virtual_network=None,
virtual_network_rules=None,
enable_multiple_write_locations=None,
disable_key_based_metadata_write_access=None,
key_uri=None,
enable_public_network=None,
enable_analytical_storage=None,
enable_free_tier=None,
server_version=None,
is_restore_request=None,
restore_source=None,
restore_timestamp=None,
backup_policy_type=None,
backup_interval=None,
backup_retention=None,
databases_to_restore=None):
"""Create a new Azure Cosmos DB database account."""
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.cli.core.profiles import ResourceType
resource_client = get_mgmt_service_client(
cmd.cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES)
rg = resource_client.resource_groups.get(resource_group_name)
resource_group_location = rg.location # pylint: disable=no-member
restore_timestamp_utc = None
if restore_timestamp is not None:
restore_timestamp_utc = _convert_to_utc_timestamp(
restore_timestamp).isoformat()
return _create_database_account(
client=client,
resource_group_name=resource_group_name,
account_name=account_name,
locations=locations,
tags=tags,
kind=kind,
default_consistency_level=default_consistency_level,
max_staleness_prefix=max_staleness_prefix,
max_interval=max_interval,
ip_range_filter=ip_range_filter,
enable_automatic_failover=enable_automatic_failover,
capabilities=capabilities,
enable_virtual_network=enable_virtual_network,
virtual_network_rules=virtual_network_rules,
enable_multiple_write_locations=enable_multiple_write_locations,
disable_key_based_metadata_write_access=
disable_key_based_metadata_write_access,
key_uri=key_uri,
enable_public_network=enable_public_network,
enable_analytical_storage=enable_analytical_storage,
enable_free_tier=enable_free_tier,
server_version=server_version,
is_restore_request=is_restore_request,
restore_source=restore_source,
restore_timestamp=restore_timestamp_utc,
backup_policy_type=backup_policy_type,
backup_interval=backup_interval,
backup_retention=backup_retention,
databases_to_restore=databases_to_restore,
arm_location=resource_group_location)
def validate_deleted_vault_or_hsm_name(cmd, ns):
"""
Validate a deleted vault name; populate or validate location and resource_group_name
"""
from msrestazure.tools import parse_resource_id
vault_name = getattr(ns, 'vault_name', None)
hsm_name = getattr(ns, 'hsm_name', None)
if not vault_name and not hsm_name:
raise CLIError('Please specify --vault-name or --hsm-name.')
if vault_name:
resource_name = vault_name
else:
resource_name = hsm_name
resource = None
if vault_name:
client = get_mgmt_service_client(cmd.cli_ctx,
ResourceType.MGMT_KEYVAULT).vaults
else:
client = get_mgmt_service_client(
cmd.cli_ctx, ResourceType.MGMT_KEYVAULT).managed_hsms
# if the location is specified, use get_deleted rather than list_deleted
if ns.location:
resource = client.get_deleted(resource_name, ns.location)
if vault_name:
id_comps = parse_resource_id(resource.properties.vault_id)
else:
id_comps = parse_resource_id(resource.properties.mhsm_id)
# otherwise, iterate through deleted vaults to find one with a matching name
else:
for v in client.list_deleted():
if vault_name:
id_comps = parse_resource_id(v.properties.vault_id)
else:
id_comps = parse_resource_id(v.properties.mhsm_id)
if id_comps['name'].lower() == resource_name.lower():
resource = v
ns.location = resource.properties.location
break
# if the vault was not found, throw an error
if not resource:
raise CLIError('No deleted Vault or HSM was found with name ' +
resource_name)
if 'keyvault purge' not in cmd.name and 'keyvault show-deleted' not in cmd.name:
setattr(
ns, 'resource_group_name',
getattr(ns, 'resource_group_name', None)
or id_comps['resource_group'])
# resource_group_name must match the resource group of the deleted vault
if id_comps['resource_group'] != ns.resource_group_name:
raise CLIError(
"The specified resource group does not match that of the deleted vault or hsm %s. The vault "
"or hsm must be recovered to the original resource group %s." %
(vault_name, id_comps['resource_group']))
def storage_client_factory(cli_ctx, **_):
return get_mgmt_service_client(cli_ctx, CUSTOM_MGMT_STORAGE)
def mixed_reality_client_factory(cli_ctx):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azext_mixed_reality.vendored_sdks.mixedreality.mixed_reality_client import MixedRealityClient
return get_mgmt_service_client(cli_ctx,
MixedRealityClient,
subscription_bound=True)
