def setup_account(): # Find actual name of storage account provisioned in our test environment s = Session() client = s.client('azure.mgmt.storage.StorageManagementClient') accounts = list(client.storage_accounts.list()) matching_account = [a for a in accounts if a.name.startswith("cctstorage")] return matching_account[0]
def test_api_version(self): """Verify we retrieve the correct API version for a resource type""" s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') resource = next(client.resources.list()) self.assertTrue(re.match('\\d{4}-\\d{2}-\\d{2}', s.resource_api_version(resource.id)) is not None)
def _enhance_policies(self, access_policies): if not access_policies: return access_policies if self.graph_client is None: s = Session(resource_endpoint_type=GRAPH_AUTH_ENDPOINT) self.graph_client = s.client( 'azure.graphrbac.GraphRbacManagementClient') # Retrieve graph objects for all object_id object_ids = [p['objectId'] for p in access_policies] # GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph # or if graph is not available. principal_dics = GraphHelper.get_principal_dictionary( self.graph_client, object_ids, True) for policy in access_policies: aad_object = principal_dics[policy['objectId']] if aad_object.object_id: policy['displayName'] = aad_object.display_name policy['aadType'] = aad_object.object_type policy['principalName'] = GraphHelper.get_principal_name( aad_object) return access_policies
def test_add_or_update_single_tag(self): """Verifies we can add a new tag to a VM and not modify an existing tag on that resource """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'tag', 'tag': 'tag1', 'value': 'value1'} ], }) p.run() # verify that the a new tag is added without modifying existing tags s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertEqual(vm.tags, {'tag1': 'value1', 'testtag': 'testvalue'})
def test_removal_does_not_raise_on_nonexistent_tag(self): """Verifies attempting to delete a tag that is not on the resource does not throw an error """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'untag', 'tags': ['tag-does-not-exist']}, ], }) # verify initial tag set s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertEqual(vm.tags, {'testtag': 'testvalue'}) raised = False try: p.run() except KeyError: raised = True # verify no exception raised and no changes to tags on resource self.assertFalse(raised) self.assertEqual(vm.tags, {'testtag': 'testvalue'})
def test_auto_tag_add_creator_tag(self, utcnow_mock): """Adds CreatorEmail to a resource group """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm'} ], 'actions': [ {'type': 'auto-tag-user', 'tag': 'CreatorEmail'}, ], }) p.run() # verify CreatorEmail tag set s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] self.assertTrue(re.match(self.EMAIL_REGEX, rg.tags['CreatorEmail']))
def test_tag_trim_does_nothing_if_space_available(self): """Verifies tag trim returns without trimming tags if the resource has space equal to or greater than the space value. """ s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') start_tags = vm.tags # verify there is at least 1 space for a tag self.assertLess(len(start_tags), 15) # trim for space for 1 tag p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'tag-trim', 'space': 1} ], }) p.run() # verify that tags are unchanged vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertEqual(vm.tags, start_tags)
def test_get_client_non_default_base_url(self): s = Session(cloud_endpoints=AZURE_CHINA_CLOUD) client = s.client('azure.mgmt.resource.ResourceManagementClient') self.assertEqual(AZURE_CHINA_CLOUD.endpoints.resource_manager, client._client._base_url) self.assertEqual(AZURE_CHINA_CLOUD.endpoints.management + ".default", client._client._config.credential_scopes[0])
def test_add_or_update_single_tag(self): """Verifies we can add a new tag to a VM and not modify an existing tag on that resource """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [{ 'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm' }], 'actions': [{ 'type': 'tag', 'tag': 'tag1', 'value': 'value1' }], }) p.run() # verify that the a new tag is added without modifying existing tags s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertEqual(vm.tags, {'tag1': 'value1', 'testtag': 'testvalue'})
def test_auto_tag_add_creator_tag(self, utcnow_mock): """Adds CreatorEmail to a resource group. """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [{ 'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm' }], 'actions': [ { 'type': 'auto-tag-user', 'tag': 'CreatorEmail' }, ], }) p.run() # verify CreatorEmail tag set s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') rg = [ rg for rg in client.resource_groups.list() if rg.name == 'test_vm' ][0] self.assertTrue(re.match(self.EMAIL_REGEX, rg.tags['CreatorEmail']))
def test_tag_trim_removes_tags_for_space(self): """Verifies tag trim removes tags when the space value and number of tags on the resource are greater than the max tag value (15) """ # Add tags to trim p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [{ 'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm' }], 'actions': [{ 'type': 'tag', 'tags': { 'tag-to-trim1': 'value1', 'tag-to-trim2': 'value2' } }], }) p.run() # verify more than 1 tag on resource s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertTrue(len(vm.tags) > 1) p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [{ 'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm' }], 'actions': [{ 'type': 'tag-trim', 'space': 14, 'preserve': ['testtag'] }], }) p.run() # verify that tags were trimmed to # have 14 spaces and 1 preserved vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertEqual(len(vm.tags), 1)
def test_get_client_us_gov(self): """Verify we are setting the correct credential scope for us government""" s = Session(cloud_endpoints=AZURE_US_GOV_CLOUD) client = s.client('azure.mgmt.resource.ResourceManagementClient') self.assertEqual(AZURE_US_GOV_CLOUD.endpoints.resource_manager, client._client._base_url) self.assertEqual(AZURE_US_GOV_CLOUD.endpoints.management + ".default", client._client._config.credential_scopes[0])
def test_get_client_overrides(self, mock): # Reload the module to re-import patched function reload(sys.modules['c7n_azure.session']) s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') self.assertFalse(client._client.config.retry_policy.policy.respect_retry_after_header) self.assertIsNotNone(client._client.orig_send) client._client.send() self.assertTrue(mock.called)
def test_remove_tags(self): """Verifies we can delete multiple tags from a resource group without modifying existing tags. """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm'} ], 'actions': [ {'type': 'tag', 'tags': {'pre-existing-1': 'to-keep', 'pre-existing-2': 'to-keep', 'added-1': 'to-delete', 'added-2': 'to-delete'}}, ], }) p.run() # verify initial tag set s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] start_tags = rg.tags self.assertTrue('pre-existing-1' in start_tags) self.assertTrue('pre-existing-2' in start_tags) self.assertTrue('added-1' in start_tags) self.assertTrue('added-2' in start_tags) p = self.load_policy({ 'name': 'test-azure-remove-tag', 'resource': 'azure.resourcegroup', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm'} ], 'actions': [ {'type': 'untag', 'tags': ['added-1', 'added-2']} ], }) p.run() # verify tags removed and pre-existing tags not removed rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] # NOQA end_tags = rg.tags self.assertTrue('pre-existing-1' in end_tags) self.assertTrue('pre-existing-2' in end_tags) self.assertTrue('added-1' not in end_tags) self.assertTrue('added-2' not in end_tags)
def test_tag_trim_space_0_removes_all_tags_but_preserve(self): """Verifies tag trim removes all other tags but tags listed in preserve """ # Add tags to trim p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'tag', 'tags': {'tag-to-trim1': 'value1', 'tag-to-trim2': 'value2', 'tag-to-trim3': 'value3'}} ], }) p.run() # verify initial tags contain more than testtag s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertTrue('tag-to-trim1' in vm.tags) self.assertTrue('tag-to-trim2' in vm.tags) self.assertTrue('tag-to-trim3' in vm.tags) self.assertTrue('testtag' in vm.tags) p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'tag-trim', 'space': 0, 'preserve': ['testtag'] } ], }) p.run() # verify all tags trimmed but testtag vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertEqual(vm.tags, {'testtag': 'testvalue'})
def test_auto_tag_update_false_noop_for_existing_tag(self, utcnow_mock): """Adds CreatorEmail to a resource group """ # setup by adding an existing CreatorEmail tag p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [{ 'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm' }], 'actions': [ { 'type': 'tag', 'tag': 'CreatorEmail', 'value': 'do-not-modify' }, ], }) p.run() p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [{ 'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm' }], 'actions': [{ 'type': 'auto-tag-user', 'tag': 'CreatorEmail', 'update': False, 'days': 10 }], }) p.run() # verify CreatorEmail tag was not modified s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') rg = [ rg for rg in client.resource_groups.list() if rg.name == 'test_vm' ][0] self.assertEqual(rg.tags['CreatorEmail'], 'do-not-modify')
def test_tag_trim_removes_tags_for_space(self): """Verifies tag trim removes tags when the space value and number of tags on the resource are greater than the max tag value (15) """ # Add tags to trim p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'tag', 'tags': {'tag-to-trim1': 'value1', 'tag-to-trim2': 'value2'}} ], }) p.run() # verify more than 1 tag on resource s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertTrue(len(vm.tags) > 1) p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'tag-trim', 'space': 14, 'preserve': ['testtag'] } ], }) p.run() # verify that tags were trimmed to # have 14 spaces and 1 preserved vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertEqual(len(vm.tags), 1)
def test_deploy_webapp(self): s = Session() web_client = s.client('azure.mgmt.web.WebSiteManagementClient') service_plan = web_client.app_service_plans.get( CONST_GROUP_NAME, 'cloud-custodian-test') self.assertIsNotNone(service_plan) webapp_name = 'test-deploy-webapp' self.functionapp_util.deploy_webapp(webapp_name, CONST_GROUP_NAME, service_plan, 'cloudcustodiantest') wep_app = web_client.web_apps.get(CONST_GROUP_NAME, webapp_name) self.assertIsNotNone(wep_app)
def test_add_or_update_tags(self): """Adds tags to an empty resource group, then updates one tag and adds a new tag """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm'} ], 'actions': [ {'type': 'tag', 'tags': {'pre-existing-1': 'unmodified', 'pre-existing-2': 'unmodified'}}, ], }) p.run() # verify initial tag set s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] self.assertEqual(rg.tags, {'pre-existing-1': 'unmodified', 'pre-existing-2': 'unmodified'}) p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm'} ], 'actions': [ {'type': 'tag', 'tags': {'tag1': 'value1', 'pre-existing-1': 'modified'}} ], }) p.run() # verify modified tags rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] # NOQA self.assertEqual( rg.tags, {'tag1': 'value1', 'pre-existing-1': 'modified', 'pre-existing-2': 'unmodified'})
def test_auto_tag_update_false_noop_for_existing_tag(self, utcnow_mock): """Adds CreatorEmail to a resource group """ # setup by adding an existing CreatorEmail tag p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm'} ], 'actions': [ {'type': 'tag', 'tag': 'CreatorEmail', 'value': 'do-not-modify'}, ], }) p.run() p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.resourcegroup', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'test_vm'} ], 'actions': [ {'type': 'auto-tag-user', 'tag': 'CreatorEmail', 'update': False, 'days': 10} ], }) p.run() # verify CreatorEmail tag was not modified s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] self.assertEqual(rg.tags['CreatorEmail'], 'do-not-modify')
def test_add_tags_replace_existing_tags(self): p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'actions': [{ 'type': 'tag', 'tags': { 'tag1': 'value1', 'tag2': 222 } }], }) p.run() # verify that the existing tags were overridden s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') machines = list(client.virtual_machines.list_all()) self.assertEqual(machines[0].tags, {'tag1': 'value1', 'tag2': '222'})
def test_add_single_tag_without_modifying_existing_tags(self): p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'actions': [{ 'type': 'tag', 'tag': 'project', 'value': 'contoso' }], }) p.run() # verify that the existing tags were not overridden s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') machines = list(client.virtual_machines.list_all()) self.assertEqual(machines[0].tags, { 'project': 'contoso', 'existing': 'pre-existing-tag' })
def test_deploy_template_with_parameters(self): s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') group_name = 'cloud-custodian-test' self.template_util.create_resource_group(group_name, {'location': 'West US 2'}) resource_group = client.resource_groups.get(group_name) self.assertIsNotNone(resource_group) template_file = 'dedicated_functionapp.json' parameters = self.template_util.get_default_parameters( 'dedicated_functionapp.test.parameters.json') self.template_util.deploy_resource_template(group_name, template_file, parameters) resources = client.resources.list_by_resource_group(group_name) self.assertIsNotNone(resources) # Cleaning up resource group client.resource_groups.delete('cloud-custodian-test')
def test_removal_does_not_raise_on_nonexistent_tag(self): """Verifies attempting to delete a tag that is not on the resource does not throw an error """ p = self.load_policy({ 'name': 'test-azure-tag', 'resource': 'azure.vm', 'filters': [ {'type': 'value', 'key': 'name', 'op': 'eq', 'value_type': 'normalize', 'value': 'cctestvm'} ], 'actions': [ {'type': 'untag', 'tags': ['tag-does-not-exist']}, ], }) # verify initial tag set s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') vm = client.virtual_machines.get('test_vm', 'cctestvm') start_tags = vm.tags self.assertTrue('tag-does-not-exist' not in start_tags) raised = False try: p.run() except KeyError: raised = True # verify no exception raised and no changes to tags on resource vm = client.virtual_machines.get('test_vm', 'cctestvm') self.assertFalse(raised) self.assertEqual(vm.tags, start_tags)
def prepare_queue_storage(self, queue_resource_id, queue_name): """ Create a storage client using unusual ID/group reference as this is what we require for event subscriptions """ # Use a different session object if the queue is in a different subscription queue_subscription_id = ResourceIdParser.get_subscription_id( queue_resource_id) if queue_subscription_id != self.session.subscription_id: session = Session(queue_subscription_id) else: session = self.session storage_client = session.client( 'azure.mgmt.storage.StorageManagementClient') account = storage_client.storage_accounts.get_properties( ResourceIdParser.get_resource_group(queue_resource_id), ResourceIdParser.get_resource_name(queue_resource_id)) Storage.create_queue_from_storage_account(account, queue_name, self.session) return account
from c7n_azure.session import Session import pprint s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') machines = list(client.virtual_machines.list_all()) #pprint.pprint(machines[0].as_dict()) client = s.client('azure.mgmt.network.NetworkManagementClient') import pdb pdb.set_trace() networks = list(client.virtual_networks.list_all()) pprint.pprint(networks[0].as_dict())
from c7n_azure.session import Session from azure.mgmt.resource import ResourceManagementClient import pprint import os s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') resource_group_params = {'location': 'westus'} resource_group_params.update(tags={'hello': 'world'}) for item in client.resources.list(): print(s.resource_api_version(item))
def test_api_version(self): """Verify we retrieve the correct API version for a resource type""" s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') resource = next(client.resources.list()) self.assertEqual('2018-04-01', s.resource_api_version(resource.id))
def test_log_custom_hook(self, log): s = Session() client = s.client('azure.mgmt.compute.ComputeManagementClient') [v for v in client.virtual_machines.list_all()] log.assert_called_once()
def test_retry_policy_override(self, c7n_retry): s = Session() s.client('azure.mgmt.compute.ComputeManagementClient') c7n_retry.assert_called_once()
def test_api_version(self): """Verify we retrieve the correct API version for a resource type""" s = Session() client = s.client('azure.mgmt.resource.ResourceManagementClient') resource = next(client.resources.list()) self.assertEqual('2017-10-12', s.resource_api_version(resource))