def dataframe_management_grp_subcriptions(self, management_grp):
"""
https://docs.microsoft.com/en-us/python/api/azure-mgmt-managementgroups/azure.mgmt.managementgroups.operations.entities_operations.entitiesoperations?view=azure-python
:param management_grp:
:return:
"""
management_client = ManagementGroupsAPI(self.credentials)
mngrp_subscriptions = management_client.entities.list(group_name=management_grp)
"""Here we want to only return subscriptions"""
subscriptions_limited = [
[
subscriptions.name,
subscriptions.tenant_id,
subscriptions.display_name,
management_grp,
]
for subscriptions in mngrp_subscriptions
if "/subscriptions" in subscriptions.type
]
df = pd.DataFrame(
data=subscriptions_limited, columns=self.limited_subscription_columns()
)
df.set_index("subscription_id", inplace=True)
return df
def get_subscriptions_list(managed_resource_group, credentials):
client = ManagementGroupsAPI(credentials)
groups = client.management_groups.get(
group_id=managed_resource_group, recurse=True,
expand="children").serialize()["properties"]
subscriptions = ManagedGroupHelper.filter_subscriptions('type', groups)
subscriptions = [
subscription['name'] for subscription in subscriptions
]
return subscriptions
def setUp(self):
super(MgmtResourcePolicyTest, self).setUp()
self.policy_client = self.create_mgmt_client(
azure.mgmt.resource.PolicyClient)
if self.is_live:
# special client
from azure.mgmt.managementgroups import ManagementGroupsAPI
self.mgmtgroup_client = ManagementGroupsAPI(
credentials=self.settings.get_credentials())
def setUp(self):
super(MgmtResourceLinksTest, self).setUp()
self.mgmt_client = self.create_mgmt_client(
azure.mgmt.resource.ApplicationClient)
self.resource_client = self.create_mgmt_client(
azure.mgmt.resource.ResourceManagementClient)
if self.is_live:
# special client
from azure.mgmt.managementgroups import ManagementGroupsAPI
self.mgmtgroup_client = ManagementGroupsAPI(
credentials=self.settings.get_credentials())
async def get_api_client(hub, ctx, **kwargs):
"""
.. versionadded:: 2.0.0
Load the ManagementGroupsAPI client and returns the client object.
"""
(
credentials,
subscription_id,
cloud_env,
) = await hub.exec.azurerm.utils.determine_auth(ctx, **kwargs)
client = ManagementGroupsAPI(credentials=credentials, base_url=None)
return client
def get_management_group_entities(self,
management_grp,
subscriptions_only=True):
entity_list = list()
management_client = ManagementGroupsAPI(self.credentials)
mngrp_subscriptions = management_client.entities.list(
group_name=management_grp)
for entity in mngrp_subscriptions:
if subscriptions_only:
if "/subscriptions" in entity.type:
sub_entity = dict()
sub_entity['name'] = entity.name
sub_entity['display_name'] = entity.display_name
sub_entity['resource_id'] = entity.id
sub_entity['tenant_id'] = entity.tenant_id
entity_list.append(sub_entity)
else:
raise NotImplementedError
return entity_list
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.managementgroups import ManagementGroupsAPI
from settings import AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_KEY, AZURE_SUBSCRIPTION_ID
# This script expects that the following environment vars are set in settings.py:
#
# AZURE_TENANT_ID: with your Azure Active Directory tenant id or domain
# AZURE_CLIENT_ID: with your Azure Active Directory Application Client ID
# AZURE_CLIENT_SECRET: with your Azure Active Directory Application Secret
# AZURE_SUBSCRIPTION_ID: with your Azure Subscription Id
#
if __name__ == "__main__":
# Delete me
print(AZURE_TENANT_ID)
print(AZURE_CLIENT_ID)
print(AZURE_KEY)
print(AZURE_SUBSCRIPTION_ID)
credentials = ServicePrincipalCredentials(client_id=AZURE_CLIENT_ID,
secret=AZURE_KEY,
tenant=AZURE_TENANT_ID)
management_group_client = ManagementGroupsAPI(credentials, base_url=None)
dir_test = vars(management_group_client)
print("Vars")
print(dir_test)
def create_management_grp_policy_assignments(self, management_grp, subscription_id):
"""
This method create a policies within a management group per subscription
The subscription id in required to make a query against the Python SDK when querying a management group.
Looking for alternatives.
:param management_grp:
:param subscription_id:
:return:
"""
with change_dir(OPERATIONSPATH):
config = ConfigParser()
config.read(CONFVARIABLES)
management_client = ManagementGroupsAPI(self.credentials)
mngrp_subscriptions = management_client.entities.list(group_name=management_grp)
for subscription in mngrp_subscriptions:
if (
"/providers/Microsoft.Management/managementGroups"
not in subscription.type
):
policy_client = PolicyClient(
credentials=self.credentials,
subscription_id=subscription_id,
base_url=None,
)
policies = policy_client.policy_definitions.list_by_management_group(
management_grp
)
scope = "/subscriptions/{subscriptionId}".format(
subscriptionId=subscription.name
)
for policy in policies:
if (
not policy.metadata.get("category") is None
and policy.metadata.get("category") in config["FILTERS"]["policy_defition_category"]
):
assignment = PolicyAssignment(
display_name=policy.display_name,
policy_definition_id=policy.id,
scope=scope,
parameters=None,
description=policy.description,
)
policy_assignment_name = "{}-assignment".format(
assignment.display_name
)
try:
result = policy_client.policy_assignments.create(
scope=scope,
policy_assignment_name=policy_assignment_name,
parameters=assignment,
)
if result:
print(
"Subscription deployed: {}".format(
subscription.name,
policy_assignment_name,
policy.display_name,
)
)
except ErrorResponseException:
print(
"Subcription failed: {}".format(
subscription.name,
policy_assignment_name,
policy.display_name,
)
)
def get_subscriptions_list(managed_resource_group, credentials):
client = ManagementGroupsAPI(credentials)
entities = client.entities.list(filter='name eq \'%s\'' %
managed_resource_group)
return [e.name for e in entities if e.type == '/subscriptions']
