def get_ids(self) -> List[str]: ret = [] if hasattr(self, 'id'): ret.append(self.id) if hasattr(self, 'ids'): ret.extend(self.ids) if len(ret) == 0: # TODO: resolve configured msi auth = self.get_auth_client() if auth is not None: self.get_logger().debug( 'auth client found: {}. auto-discovering Azure subscriptions' .format(auth.__class__.__name__)) try: # let's try to enumerate subscriptions from azure.mgmt.subscription import SubscriptionClient subscription_client = SubscriptionClient(auth.get_client()) ret.extend( map(lambda s: s.subscription_id, subscription_client.subscriptions.list())) except Exception as e: self.get_logger().debug( 'unable to auto-resolve Azure subscriptions as no auth_client found {}' .format(e)) pass else: self.get_logger().debug( 'unable to auto-resolve Azure subscriptions as no auth_client found' ) return ret
def handler(event, context): logger.info("Received event: " + json.dumps(event, sort_keys=True)) dynamodb = boto3.resource('dynamodb') subscription_table = dynamodb.Table(os.environ['SUBSCRIPTION_TABLE']) azure_secrets = get_azure_creds(os.environ['AZURE_SECRET_NAME']) if azure_secrets is None: raise Exception("Unable to extract Azure Credentials. Aborting...") collected_subs = [] for tenant, credential_info in azure_secrets.items(): azure_creds = ServicePrincipalCredentials( client_id=credential_info["application_id"], secret=credential_info["key"], tenant=credential_info["tenant_id"]) resource_client = SubscriptionClient(azure_creds) for subscription in resource_client.subscriptions.list(): # Some subscrption ID's retured by the API are not queryable, this seems like a bug with MS API. # There may also be a better way of determining this... queryable = 'false' if 'Access to Azure Active Directory' not in subscription.display_name: # Keep track of all valid subscriptions collected_subs.append(subscription.subscription_id) queryable = 'true' subscription_dict = { "subscription_id": subscription.subscription_id, "display_name": subscription.display_name, "state": subscription.state, "SubscriptionClass": json.loads(json.dumps(subscription, default=str)), "tenant_id": credential_info["tenant_id"], "tenant_name": tenant, "queryable": queryable } # Add subscriptions to DynamoDB subscriptions table. create_or_update_subscription(subscription_dict, subscription_table) if collected_subs is None: raise Exception("No Subscriptions found. Aborting...") # Return only valid subscription ID's to be sent via SNS by inventory trigger function event['subscription_list'] = collected_subs return (event)
def __init__( self, specs_file: str, subscription_name: str, resource_group: str, factory_name: str, name: str, environment: str, ): self.resource_group = resource_group self.factory_name = factory_name self.name = name self.environment = environment self.credential = DefaultAzureCredential( exclude_visual_studio_code_credential=True) self.sub_client = SubscriptionClient(self.credential) self.subscription_id = self._get_subscription_id(subscription_name) self.adf_client = DataFactoryManagementClient( self.credential, subscription_id=self.subscription_id) self._specs = self._read_specs(specs_file, environment) self._config = self._get_config() self._verify_adf_setup()
def connect(self, client_id: str = None, tenant_id: str = None, secret: str = None): """Authenticate with the SDK.""" # Use details of msticpyyaml if not provided if client_id is None and tenant_id is None and secret is None: data_provs = get_provider_settings(config_section="DataProviders") az_cli_config = data_provs.get("AzureCLI") # az_cli_config = config.settings.get("AzureCLI") if not az_cli_config: raise MsticpyAzureConfigError( "No AzureCLI section found in configuration settings.", title="no AzureCLI settings available.", ) config_items = az_cli_config.args try: client_id = config_items["clientId"] tenant_id = config_items["tenantId"] secret = config_items["clientSecret"] except KeyError as key_err: key_name = key_err.args[0] raise MsticpyAzureConfigError( f"{key_name} is missing from AzureCLI section in your", "configuration.", title="missing f{key_name} settings for AzureCLI.", ) from key_err # Create credentials and connect to the subscription client to validate self.credentials = ServicePrincipalCredentials( client_id=client_id, secret=secret, tenant=tenant_id ) if not self.credentials: raise CloudError("Could not obtain credentials.") self.sub_client = SubscriptionClient(self.credentials) if not self.sub_client: raise CloudError("Could not create a Subscription client.") self.connected = True
def connect(self, client_id: str = None, tenant_id: str = None, secret: str = None): """Authenticate with the SDK.""" # Use details of msticpyyaml if not provided if client_id is None and tenant_id is None and secret is None: az_cli_config = config.settings.get("AzureCLI") if not az_cli_config: raise MsticpyAzureException( "No AzureCLI configuration found in configuration settings." ) config_items = az_cli_config["Args"] client_id = config_items["clientId"] tenant_id = config_items["tenantId"] secret = config_items["clientSecret"] # Create credentials and connect to the subscription client to validate self.credentials = ServicePrincipalCredentials(client_id=client_id, secret=secret, tenant=tenant_id) if not self.credentials: raise CloudError("Could not obtain credentials.") self.sub_client = SubscriptionClient(self.credentials) if not self.sub_client: raise CloudError("Could not create a Subscription client.") self.connected = True
def get_subscription_info(credential): return [[ sub.subscription_id, MonitorManagementClient(credential=credential, subscription_id=sub.subscription_id) ] for sub in SubscriptionClient( credential=credential).subscriptions.list()]
def __init__(self, config: ops_web.config.Config, client_id: str, secret: str, tenant: str): self.config = config self.db = ops_web.db.Database(config) self.credential = ClientSecretCredential(tenant_id=tenant, client_id=client_id, client_secret=secret) self.subscriptions = {} with SubscriptionClient(credential=self.credential) as client: for sub in client.subscriptions.list(): self.subscriptions[sub.subscription_id] = sub.display_name
def list_subscriptions(): client = SubscriptionClient(CREDENTIALS) # ignore disabled subscriptions subs = [ sub.subscription_id for sub in client.subscriptions.list() if sub.state.value == "Enabled" ] return subs
def get(self, subscription_id): """ Gets detailed information on an individual subscription :rtype: object """ subscription_client = SubscriptionClient(self.credentials, base_url=None) sub_info = subscription_client.subscriptions.get( subscription_id=subscription_id ) return sub_info
def __init__(self): load_dotenv() self.credentials = AzureConnections().get_authenticated_client() self.subscription_client = SubscriptionClient(self.credentials, base_url=None) with change_dir(OPERATIONSPATH): self.config = ConfigParser() self.config.read(CONFVARIABLES) logging_level = int(self.config['LOGGING']['level']) logging.basicConfig(level=logging_level)
def az_connect( auth_methods: List[str] = None, silent: bool = False, ) -> AzCredentials: """ Connect to Azure SDK/API. Parameters ---------- auth_methods : List[str], optional List of authentication methods to try Possible options are: - "env" - to get authentication details from environment varibales - "cli" - to use Azure CLI authentication details - "msi" - to user Managed Service Indenity details - "interactive" - to prompt for interactive login Default is ["env", "cli", "msi", "interactive"] silent : bool, optional Set True to hide all output during connection, by default False Returns ------- AzCredentials Named tuple of: - legacy (ADAL) credentials - modern (MSAL) credentials Raises ------ CloudError If chained token credential creation fails. """ # If using env options try to load from msticpy data_provs = get_provider_settings(config_section="DataProviders") az_cli_config = data_provs.get("AzureCLI") auth_methods = auth_methods or default_auth_methods() if az_cli_config and az_cli_config.args: if "auth_methods" in az_cli_config.args: auth_methods = az_cli_config.args.get("auth_methods") if isinstance(auth_methods, list) and "env" in auth_methods: os.environ["AZURE_CLIENT_ID"] = az_cli_config.args.get( "clientId") or "" os.environ["AZURE_TENANT_ID"] = az_cli_config.args.get( "tenantId") or "" os.environ["AZURE_CLIENT_SECRET"] = ( az_cli_config.args.get("clientSecret") or "") credentials = az_connect_core(auth_methods=auth_methods, silent=silent) sub_client = SubscriptionClient(credentials.modern) # type: ignore if not sub_client: raise CloudError("Could not create a Subscription client.") return credentials
def connect(self, client_id: str = None, tenant_id: str = None, secret: str = None): """Authenticate with the SDK.""" if client_id is None and tenant_id is None and secret is None: config_items = config.settings.get("AzureCLI")["Args"] client_id = config_items["clientId"] tenant_id = config_items["tenantId"] secret = config_items["clientSecret"] self.credentials = ServicePrincipalCredentials( client_id=client_id, secret=secret, tenant=tenant_id ) self.sub_client = SubscriptionClient(self.credentials) self.connected = True
def get_locations(subscription_id,client_id,secret,tenant_id): available_locations = [] try: creds = ServicePrincipalCredentials(client_id=client_id, secret=secret, tenant=tenant_id) subscription_client = SubscriptionClient(creds) locations = subscription_client.subscriptions.list_locations(subscription_id) for location in locations: available_locations.append(location.name) return available_locations,True except Exception as e: print(repr(e)) logger("Fetching available locations failed: "+str(e),"warning") return available_locations, False
def fetch_az_obj(): if "AZ_CLIENT" in os.environ and "AZ_SECRET" in os.environ and "AZ_TENANT" in os.environ: credentials = ServicePrincipalCredentials( client_id=os.environ["AZ_CLIENT"], secret=os.environ["AZ_SECRET"], tenant=os.environ["AZ_TENANT"]) elif "AZ_USER" in os.environ and "AZ_PASS" in os.environ: credentials = UserPassCredentials( os.environ["AZ_USER"], os.environ["AZ_PASS"], ) else: print("ERROR: Missing credentials in environmental variables") return subscriptions = SubscriptionClient(credentials).subscriptions root_obj = [] # subscriptions for sub in subscriptions.list(): client = ResourceManagementClient(credentials, sub.subscription_id) sub_obj = sub.as_dict() sub_obj["resource_groups"] = [] root_obj.append(sub_obj) # resource groups for res_group in client.resource_groups.list(): res_group_obj = res_group.as_dict() res_group_obj["resources"] = [] sub_obj["resource_groups"].append(res_group_obj) # resources for res in client.resources.list_by_resource_group(res_group.name): res_group_obj["resources"].append(res.as_dict()) return root_obj
def extra_api(client_id, client_secret, tenant_id, env, verbose=False): # utc_timestamp = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).isoformat() # check if it's prod or dev account region_vm_dict = {} credentials = ServicePrincipalCredentials(client_id=client_id, secret=client_secret, tenant=tenant_id) sub_groups = [] count = 0 # grab all all subscriptions that the credential are associated to sub_client = SubscriptionClient(credentials) sub_interator = sub_client.subscriptions.list() for sub in sub_interator: sub_groups.append(sub.subscription_id) # grab all vm in all subs and sort them by region for sub_id in sub_groups: compute_client = ComputeManagementClient(credentials, sub_id) vms_by_subs = compute_client.virtual_machines.list_all() for vm in vms_by_subs: count = count + 1 if vm.location not in region_vm_dict: region_vm_dict[vm.location] = [vm.name] else: region_vm_dict[vm.location].append(vm.name) # grab all vm in all the Azure VM scale sets vms_scale_sets = compute_client.virtual_machine_scale_sets.list_all() for vm_s_set in vms_scale_sets: id_list = vm_s_set.id.split('/') resource_group = id_list[4] scale_set_name = vm_s_set.name vmss = compute_client.virtual_machine_scale_set_vms.list( resource_group, scale_set_name) for vm in vmss: count = count + 1 if vm.location not in region_vm_dict: region_vm_dict[vm.location] = [vm.name] else: region_vm_dict[vm.location].append(vm.name) #print vms if verbose: for region in region_vm_dict: for vm in region_vm_dict[region]: print('{0}: {1}'.format(region, vm)) print('Total number of VM in {0} Azure environment: {1}'.format( env, count))
def login(self): print('\nLogging in...') self.credentials = ServicePrincipalCredentials( client_id=self.config.client_id, secret=self.config.secret, tenant=self.config.tenant_id, ) print('(got credentials)') subscription_client = SubscriptionClient(self.credentials) subscription = next(subscription_client.subscriptions.list()) print('(found subscription)') self.resource_client = ResourceManagementClient( self.credentials, subscription.subscription_id) print("(logged in)")
def get_subscription_id(self, key_file, verbose): credentials = self.get_auth(key_file, verbose) subscription_id = "" subscription_client = SubscriptionClient(credentials) for item in subscription_client.subscriptions.list(): if not subscription_id: subscription_id = item.subscription_id elif verbose: print("You have more than one subscription id, " + \ "using the first one returned; consider setting " + \ "subscription_id in configuration file") return subscription_id
def connect( self, auth_methods: List = None, silent: bool = False, ): """Authenticate with the SDK.""" self.credentials = az_connect(auth_methods=auth_methods, silent=silent) if not self.credentials: raise CloudError("Could not obtain credentials.") self._check_client("sub_client") self.sub_client = SubscriptionClient(self.credentials.legacy) if not self.sub_client: raise CloudError("Could not create a Subscription client.") self.connected = True
def list_displayname_and_id(self): """ Returns a list of subscriptions available to the credential :rtype: object :param creds: :return: """ subscription_client = SubscriptionClient(self.credentials, base_url=None) subscription_list = [ [subscription_item.display_name, subscription_item.subscription_id] for subscription_item in subscription_client.subscriptions.list() ] return subscription_list
def _get_azure_client(self, type): """ Create/cache/return an Azure client object """ if type in self._clients: return self._clients[type] status, _credentials = self._get_azure_credentials() if type == 'postgresql': client = PostgreSQLManagementClient(_credentials, self.subscription_id) elif type == 'resource': client = ResourceManagementClient(_credentials, self.subscription_id) elif type == 'subscription': client = SubscriptionClient(_credentials) self._clients[type] = client return self._clients[type]
def _check_subscription(self, credentials, account_name, subscription_id): """ Checking the subscription state """ self.log(' Checking the subscription {} for account {}'.format( subscription_id, account_name)) subscription_client = SubscriptionClient(credentials) curr_subscription = subscription_client.subscriptions.get( subscription_id) subscription_info = curr_subscription.state self.log(' Got the subscription state') available_subscription = True if subscription_info not in self.good_subscription_statuses: available_subscription = False self.log(' Checked the subscription availability') return available_subscription, subscription_info
def list_regions(self): """ list the available regions in the alibaba :return: """ try: subscription_id = self.azure_subscription_id # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id=self.azure_client_id, secret=self.azure_client_secret, tenant=self.azure_tenant_id, ) region_list = [] subscription_client = SubscriptionClient(credentials) result = subscription_client.subscriptions.list_locations(subscription_id) for region in result: if hasattr(region, 'name'): region_list.append(region.name) return False, region_list except Exception as e: return True, e.message
def setup_client(self): subscription_id = self.SUBSCRIPTION_ID credentials = ServicePrincipalCredentials( client_id=self.AZURE_CLIENT_ID, secret=self.AZURE_CLIENT_SECRET, tenant=self.AZURE_TENANT_ID) self.compute_client = ComputeManagementClient(credentials, subscription_id) self.billing_client = BillingManagementClient(credentials, subscription_id) self.subscription_client = SubscriptionClient(credentials, base_url=None) self.curr_subscription = self.subscription_client.subscriptions.get( subscription_id) self.curr_subscription_state = self.curr_subscription.state self.P("Connected to subscription [{}]".format(subscription_id)) self.P(" Subscription status: {}".format(self.curr_subscription_state)) if self.curr_subscription_state not in self.good_statuses: self.P("\nATTENTION: SUBSCRIPTION PROBLEM!!!\n") return
) sys.exit(0) except: sys.exit(0) verify_env_variables() # Set Azure AD credentials from the environment variables credentials = ServicePrincipalCredentials( client_id=os.environ['AZURE_CLIENT_ID'], secret=os.environ['AZURE_CLIENT_SECRET'], tenant=os.environ['AZURE_TENANT_ID']) # Instantiate an instance of the Azure SDK Subscription Client sub_client = SubscriptionClient(credentials) # Read in required environment variables d9_api_key = os.environ['D9_API_KEY'] d9_api_secret = os.environ['D9_API_SECRET'] az_tenant = os.environ['AZURE_TENANT_ID'] az_appid = os.environ['AZURE_CLIENT_ID'] az_appkey = os.environ['AZURE_CLIENT_SECRET'] # Set header parameters for Dome9 HTTP POST headers = {'Content-Type': 'application/json', 'Accept': 'application/json'} # Set the account mode for automatic Dome9 onboarding - values are Read (default) or Manage d9_operation_mode = 'Read'
def _get_subscription(self, session_factory, config): session = local_session(session_factory) client = SubscriptionClient(session.get_credentials()) details = client.subscriptions.get(subscription_id=session.subscription_id) return details.serialize(True)
def subscription(self) -> SubscriptionClient: return SubscriptionClient(credential=self.credential)
def get_regions() -> List[Region]: subscription = get_subscription() client = SubscriptionClient(credential=get_identity()) locations = client.subscriptions.list_locations(subscription) return sorted([Region(x.name) for x in locations])
sys.stdout.flush() def start(self): self.busy = True threading.Thread(target=self.spinner_task, daemon=True).start() def stop(self): self.busy = False time.sleep(self.delay) if __name__ == "__main__": print("\nGetting credentials.") # get credentials and tenant_id creds, subscription_id = credentials.get_azure_cli_credentials() subscription_client = SubscriptionClient(creds) tenant_ids = [tenant.id for tenant in subscription_client.tenants.list()] if len(tenant_ids) != 1: tenant_id = prompt_tenant_selection(tenant_ids) else: tenant_id = tenant_ids[0] print("Input the desired names and values for your Azure resources. "\ "Default values are provided in the brackets. "\ "Hit enter to use default.") kwargs = { "region": prompt_with_default("Azure Region", DefaultSettings.region), "resource_group": prompt_with_default("Resource Group Name", DefaultSettings.resource_group),
def update_available_region_names(): # Authenticate to Azure Subscription Manager sub_client = SubscriptionClient( ServicePrincipalCredentials(client_id=os.environ["AZURE_CLIENT_ID"], secret=os.environ["AZURE_CLIENT_SECRET"], tenant=os.environ["AZURE_TENANT_ID"])) # Get the list of locations accessible to this subscription. sub_id = os.environ["AZURE_SUBSCRIPTION_ID"] locations = sorted( [x.name for x in sub_client.subscriptions.list_locations(sub_id)] + regions_to_include) locations = [x for x in locations if x not in regions_to_exclude] # Get entities for all of the regions. old_entities = table_service.query_entities( table_name, filter="PartitionKey eq '{}'".format(part_deploy_region)) old_entities_dict = {x.RegionShortname: x for x in old_entities} # Create a new list of entities for the table. new_entities = [] for i, loc in enumerate(locations): # Remove this region from the original list and table. old_entity = old_entities_dict.pop(loc, {}) # Save the last successful run timestamp (if it exists). last_succ_run = None if "LastSuccessfulRun" in old_entity: last_succ_run = old_entity.LastSuccessfulRun # Create a new entity for this region (re-indexed). new_entities.append( Entity(PartitionKey=part_deploy_region, RowKey=str(i + 1), RegionShortname=loc, LastSuccessfulRun=last_succ_run)) logging.debug("new_entities = {}".format(new_entities)) # If there are any entries left in old_entities_dict, then that means # some regions that were live before are no longer live. if len(old_entities_dict): logging.debug( "WARNING: The following regions seem to have been decomissioned:") for k, v in old_entities_dict.items(): logging.debug("\t{}".format(k)) # Delete the old entities. for oe in old_entities: table_service.delete_entity(table_name, oe.PartitionKey, oe.RowKey) # Add the new entities. for ne in new_entities: table_service.insert_entity(table_name, ne) # Update the last region RowKey (the number of new entities). last_rowkey_entity = table_service.get_entity(table_name, part_table_control, "NumberOfRegions") last_rowkey_entity.pop("etag", None) last_rowkey_entity.pop("Timestamp", None) last_rowkey_entity.VALUE = EntityProperty(EdmType.INT32, len(new_entities)) logging.debug("last_rowkey_entity = {}".format(last_rowkey_entity)) table_service.update_entity(table_name, last_rowkey_entity)
from azure.identity import ClientSecretCredential from azure.mgmt.security import SecurityCenter from azure.mgmt.subscription import SubscriptionClient from collections import Counter client_id = os.environ["ARM_CLIENT_ID"] secret = os.environ["ARM_CLIENT_SECRET"] tenant = os.environ["TENANT_ID"] CREDENTIALS = ClientSecretCredential( client_id=client_id, client_secret=secret, tenant_id=tenant, ) client = SubscriptionClient(CREDENTIALS) compliance = [] alerts = [] for sub in client.subscriptions.list(): sub_id = f"/subscriptions/{sub.subscription_id}" if sub.state == "Enabled": try: client = SecurityCenter(CREDENTIALS, sub.subscription_id, asc_location="westeurope") for al in client.alerts.list(): alerts.append(f"{al.severity}-{al.alert_display_name}")