def cli_cosmosdb_network_rule_add(cmd,
client,
resource_group_name,
account_name,
subnet,
virtual_network=None,
ignore_missing_vnet_service_endpoint=False):
""" Adds a virtual network rule to an existing Cosmos DB database account """
subnet = _get_virtual_network_id(cmd, resource_group_name, subnet,
virtual_network)
existing = client.get(resource_group_name, account_name)
virtual_network_rules = []
rule_already_exists = False
for rule in existing.virtual_network_rules:
virtual_network_rules.append(
VirtualNetworkRule(id=rule.id,
ignore_missing_vnet_service_endpoint=rule.
ignore_missing_vnet_service_endpoint))
if rule.id == subnet:
rule_already_exists = True
logger.warning("The rule exists and will be overwritten")
if not rule_already_exists:
virtual_network_rules.append(
VirtualNetworkRule(id=subnet,
ignore_missing_vnet_service_endpoint=
ignore_missing_vnet_service_endpoint))
locations = []
for loc in existing.read_locations:
locations.append(
Location(location_name=loc.location_name,
failover_priority=loc.failover_priority,
is_zone_redundant=loc.is_zone_redundant))
params = DatabaseAccountCreateUpdateParameters(
location=existing.location,
locations=locations,
tags=existing.tags,
kind=existing.kind,
consistency_policy=existing.consistency_policy,
ip_range_filter=existing.ip_range_filter,
enable_automatic_failover=existing.enable_automatic_failover,
capabilities=existing.capabilities,
is_virtual_network_filter_enabled=True,
virtual_network_rules=virtual_network_rules,
enable_multiple_write_locations=existing.
enable_multiple_write_locations,
enable_cassandra_connector=existing.enable_cassandra_connector,
connector_offer=existing.connector_offer)
async_docdb_create = client.create_or_update(resource_group_name,
account_name, params)
docdb_account = async_docdb_create.result()
docdb_account = client.get(resource_group_name, account_name) # Workaround
return docdb_account
def cli_cosmosdb_network_rule_remove(cmd,
client,
resource_group_name,
account_name,
subnet,
virtual_network=None):
""" Adds a virtual network rule to an existing Cosmos DB database account """
subnet = _get_virtual_network_id(cmd, resource_group_name, subnet,
virtual_network)
existing = client.get(resource_group_name, account_name)
virtual_network_rules = []
rule_removed = False
for rule in existing.virtual_network_rules:
if rule.id != subnet:
virtual_network_rules.append(
VirtualNetworkRule(id=rule.id,
ignore_missing_vnet_service_endpoint=rule.
ignore_missing_vnet_service_endpoint))
else:
rule_removed = True
if not rule_removed:
raise CLIError("This rule does not exist for the Cosmos DB account")
params = DatabaseAccountUpdateParameters(
virtual_network_rules=virtual_network_rules)
async_docdb_update = client.update(resource_group_name, account_name,
params)
docdb_account = async_docdb_update.result()
docdb_account = client.get(resource_group_name, account_name) # Workaround
return docdb_account
def validate_virtual_network_rules(ns):
""" Extracts multiple space-separated virtual network rules """
from azure.mgmt.cosmosdb.models import VirtualNetworkRule
if ns.virtual_network_rules is not None:
virtual_network_rules_list = []
for item in ns.virtual_network_rules:
virtual_network_rules_list.append(VirtualNetworkRule(id=item))
ns.virtual_network_rules = virtual_network_rules_list
def cli_cosmosdb_network_rule_remove(cmd,
client,
resource_group_name,
account_name,
subnet,
virtual_network=None):
""" Adds a virtual network rule to an existing Cosmos DB database account """
subnet = _get_virtual_network_id(cmd, resource_group_name, subnet,
virtual_network)
existing = client.get(resource_group_name, account_name)
virtual_network_rules = []
rule_removed = False
for rule in existing.virtual_network_rules:
if rule.id != subnet:
virtual_network_rules.append(
VirtualNetworkRule(id=rule.id,
ignore_missing_vnet_service_endpoint=rule.
ignore_missing_vnet_service_endpoint))
else:
rule_removed = True
if not rule_removed:
raise CLIError("This rule does not exist for the Cosmos DB account")
locations = []
for loc in existing.read_locations:
locations.append(
Location(location_name=loc.location_name,
failover_priority=loc.failover_priority,
is_zone_redundant=loc.is_zone_redundant))
params = DatabaseAccountCreateUpdateParameters(
location=existing.location,
locations=locations,
tags=existing.tags,
kind=existing.kind,
consistency_policy=existing.consistency_policy,
ip_range_filter=existing.ip_range_filter,
enable_automatic_failover=existing.enable_automatic_failover,
capabilities=existing.capabilities,
is_virtual_network_filter_enabled=True,
virtual_network_rules=virtual_network_rules,
enable_multiple_write_locations=existing.
enable_multiple_write_locations)
async_docdb_create = client.create_or_update(resource_group_name,
account_name, params)
docdb_account = async_docdb_create.result()
docdb_account = client.get(resource_group_name, account_name) # Workaround
return docdb_account
def cli_cosmosdb_network_rule_add(cmd,
client,
resource_group_name,
account_name,
subnet,
virtual_network=None,
ignore_missing_vnet_service_endpoint=False):
""" Adds a virtual network rule to an existing Cosmos DB database account """
subnet = _get_virtual_network_id(cmd, resource_group_name, subnet,
virtual_network)
existing = client.get(resource_group_name, account_name)
virtual_network_rules = []
rule_already_exists = False
for rule in existing.virtual_network_rules:
virtual_network_rules.append(
VirtualNetworkRule(id=rule.id,
ignore_missing_vnet_service_endpoint=rule.
ignore_missing_vnet_service_endpoint))
if rule.id == subnet:
rule_already_exists = True
logger.warning("The rule exists and will be overwritten")
if not rule_already_exists:
virtual_network_rules.append(
VirtualNetworkRule(id=subnet,
ignore_missing_vnet_service_endpoint=
ignore_missing_vnet_service_endpoint))
params = DatabaseAccountUpdateParameters(
virtual_network_rules=virtual_network_rules)
async_docdb_update = client.update(resource_group_name, account_name,
params)
docdb_account = async_docdb_update.result()
docdb_account = client.get(resource_group_name, account_name) # Workaround
return docdb_account
def _process_resource(self, resource):
# IP rules
existing_ip = [ip_rule['ipAddressOrRange']
for ip_rule in resource['properties'].get('ipRules', [])]
if self.data.get('ip-rules') is not None:
ip_rules = self._build_ip_rules(existing_ip, self.data.get('ip-rules', []))
else:
ip_rules = existing_ip
# Bypass rules
# Cosmos DB does not have real bypass
# instead the portal UI adds values to your
# rules filter when you check the bypass box.
existing_bypass = []
if set(AZURE_CLOUD_IPS).issubset(existing_ip):
existing_bypass.append('AzureCloud')
if set(PORTAL_IPS).issubset(existing_ip):
existing_bypass.append('Portal')
# If unset, then we put the old values back in to emulate patch behavior
bypass_rules = self.data.get('bypass-rules', existing_bypass)
if 'Portal' in bypass_rules:
ip_rules.extend(set(PORTAL_IPS).difference(ip_rules))
if 'AzureCloud' in bypass_rules:
ip_rules.extend(set(AZURE_CLOUD_IPS).difference(ip_rules))
# If the user has too many rules raise exception
if len(ip_rules) > self.rule_limit:
raise ValueError("Skipped updating firewall for %s. "
"%s exceeds maximum rule count of %s." %
(resource['name'], len(ip_rules), self.rule_limit))
# Add VNET rules
existing_vnet = \
[r['id'] for r in resource['properties'].get('virtualNetworkRules', [])]
if self.data.get('virtual-network-rules') is not None:
vnet_rules = self._build_vnet_rules(existing_vnet,
self.data.get('virtual-network-rules', []))
else:
vnet_rules = existing_vnet
# Workaround for bug https://git.io/fjFLY
resource['properties']['locations'] = []
for loc in resource['properties'].get('readLocations'):
resource['properties']['locations'].append(
{'location_name': loc['locationName'],
'failover_priority': loc['failoverPriority'],
'is_zone_redundant': loc.get('isZoneRedundant', False)})
resource['properties']['ipRules'] = [{'ipAddressOrRange': ip} for ip in ip_rules]
resource['properties']['virtualNetworkRules'] = \
[VirtualNetworkRule(id=r) for r in vnet_rules]
# Update resource
self.client.database_accounts.begin_create_or_update(
resource['resourceGroup'],
resource['name'],
create_update_parameters=resource
)