def __init__(self, group_name, location):
self.location = location
self.subscription_id = os.environ.get("SUBSCRIPTION_ID", None)
# Use 2019-07-01 api version to test create VM
self.compute_client = mgmt_compute.ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id=self.subscription_id,
api_version="2019-07-01")
self.network_client = mgmt_network.NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id=self.subscription_id)
self.resource_client = mgmt_resource.ResourceManagementClient(
credential=DefaultAzureCredential(),
subscription_id=self.subscription_id)
self.group = self.resource_client.resource_groups.create_or_update(
group_name,
# model style
resource_models.ResourceGroup(location=self.location)
# json style
# {'location': self.location}
)
def _create_resource_group(self, credentials, subscription_id, name,
location):
""" Creates requested resource group on Azure """
resource_client = azresource_mgmt.ResourceManagementClient(
credentials, subscription_id)
return resource_client.resource_groups.create_or_update(
resource_group_name=name, parameters={'location': location})
def __init__(self, client_id, client_secret, subscription_id, tenant_id):
_credentials = credentials.ServicePrincipalCredentials(
client_id=client_id, secret=client_secret, tenant=tenant_id
)
self.client = resource.ResourceManagementClient(
credentials=_credentials, subscription_id=subscription_id
)
def __init__(self,
default_resource_group_name: str,
default_region: str = 'eastus',
profile_name: Optional[str] = None) -> None:
"""Initialize the AZAccount class.
Args:
default_resource_group_name (str): The default resource group in which to
create new resources in. If the resource group does not exists,
it will be automatically created.
default_region (str): Optional. The default region to create new
resources in. Default is eastus.
profile_name (str): Optional. The name of the profile to use for Azure
operations. For more information on profiles, see GetCredentials()
in libcloudforensics.providers.azure.internal.common.py. Default
does not use profiles and will authenticate to Azure using
environment variables.
"""
self.subscription_id, self.credentials = common.GetCredentials(profile_name)
self.default_region = default_region
self.compute_client = azure_compute.ComputeManagementClient(
self.credentials, self.subscription_id)
self.storage_client = storage.StorageManagementClient(
self.credentials, self.subscription_id)
self.resource_client = resource.ResourceManagementClient(
self.credentials, self.subscription_id)
self.network_client = network.NetworkManagementClient(
self.credentials, self.subscription_id)
self.default_resource_group_name = self._GetOrCreateResourceGroup(
default_resource_group_name)
def __init__(self,
az_account: 'account.AZAccount') -> None:
"""Initialize the Azure resource class.
Args:
az_account (AZAccount): An Azure account object.
"""
self.az_account = az_account
self.resource_client = resource.ResourceManagementClient(
self.az_account.credentials, self.az_account.subscription_id)
self.subscription_client = resource.SubscriptionClient(
self.az_account.credentials)
def list_resource_groups(credentials, subscriptionId):
list_of_resource_groups = []
with azr.ResourceManagementClient(credentials,
subscriptionId) as rg_client:
try:
for i in rg_client.resource_groups.list():
list_of_resource_groups.append(process_rg_instance(i))
except Exception as e:
logging.error("encountered: {0}".format(str(e)))
return list_of_resource_groups
def provision_check(self, provision_request):
"""Checks a ProvisionRequest object for validity with the Batch backend"""
try:
credentials = azcredentials.ServicePrincipalCredentials(
client_id=provision_request.service_principal.client_id,
secret=provision_request.service_principal.secret,
tenant=provision_request.service_principal.tenant)
resource_client = azresource_mgmt.ResourceManagementClient(
credentials, provision_request.subscription_id)
storage_client = azstorage_mgmt.StorageManagementClient(
credentials, provision_request.subscription_id)
batch_client = azbatch_mgmt.BatchManagementClient(
credentials, provision_request.subscription_id)
rg_check_result = resource_client.resource_groups.check_existence(
provision_request.resource_group)
if rg_check_result is True:
with resource_client.resource_groups.get(
provision_request.resource_group) as resource_group:
if not resource_group.location == provision_request.location:
raise AzCloudError(
'Resource group exists but in different provision_request.location than provided.'
)
storage_check_result = storage_client.storage_accounts.check_name_availability(
name=provision_request.storage_account_name)
if not storage_check_result.name_available:
if not storage_check_result.reason == 'AlreadyExists':
raise tesmodels.CloudError(storage_check_result.message)
else:
storage_client.storage_accounts.get_properties( # <-- will throw exception if in different RG
resource_group_name=provision_request.resource_group,
account_name=provision_request.storage_account_name)
batch_check_result = batch_client.location.check_name_availability(
location_name=provision_request.location,
name=provision_request.batch_account_name)
if not batch_check_result.name_available:
if not batch_check_result.reason.value == 'AlreadyExists':
raise AzCloudError(batch_check_result.message)
else:
batch_client.batch_account.get( # <-- will throw exception if in different RG
resource_group_name=provision_request.resource_group,
account_name=provision_request.batch_account_name)
except AzCloudError as err:
# Return non-azure specific exception instead
raise tesmodels.CloudError(err)
return True
def clean_rg(credentials, subscriptionId, rg):
logging.info("Cleaning RG %s/%s" % (subscriptionId, rg))
datadog_event({
'alert_type': 'info',
'source_type_name': 'AZURE',
'text': "Deleting resource group %s" % rg["Name"],
'title': 'Azure RG Cleanup',
'payload': rg,
'tags': rg['Tags']
})
with azr.ResourceManagementClient(credentials,
subscriptionId) as rg_client:
try:
return rg_client.resource_groups.begin_delete(rg["Name"])
except Exception as e:
logging.error("encountered: {0}".format(str(e)))
def setUpClass(cls):
if identity is None:
raise unittest.SkipTest('missing azure-identity library')
if resource is None or resource_models is None:
raise unittest.SkipTest('missing azure-mgmt-resource library')
if storage is None or storage_models is None:
raise unittest.SkipTest('missing azure-mgmt-storage library')
config = {
key: os.getenv(key)
for key in (
'AZURE_TENANT_ID',
'AZURE_SUBSCRIPTION_ID',
'AZURE_CLIENT_ID',
'AZURE_CLIENT_SECRET',
)
}
for key, value in config.items():
if not value:
raise unittest.SkipTest('missing environment variable %s' % key)
credentials = identity.ClientSecretCredential(
tenant_id=config['AZURE_TENANT_ID'],
client_id=config['AZURE_CLIENT_ID'],
client_secret=config['AZURE_CLIENT_SECRET'],
)
resource_client = resource.ResourceManagementClient(
credentials,
config['AZURE_SUBSCRIPTION_ID'],
)
storage_client = storage.StorageManagementClient(
credentials,
config['AZURE_SUBSCRIPTION_ID'],
)
location = os.getenv('AZURE_LOCATION', DEFAULT_AZURE_LOCATION)
name = RESOURCE_GROUP_NAME_PREFIX
name += random_string(MAX_STORAGE_ACCOUNT_NAME_LENGTH - len(name))
timeout = float(os.getenv('AZURE_TIMEOUT_SECONDS', DEFAULT_TIMEOUT_SECONDS))
# We clean up any left over resource groups from previous runs on setUpClass. If tests on
# CI get terminated non-gracefully, old resources will be left laying around and we want
# to clean those up to ensure we dont hit any limits.
# To avoid deleting groups from concurrent runs, we only delete resources older than a
# couple (6) of hours
print("Checking and cleaning up any old stray resource groups...")
resource_groups = resource_client.resource_groups.list()
now_ts = int(time.time())
delete_threshold_ts = now_ts - int(datetime.timedelta(hours=6).total_seconds())
for resource_group in resource_groups:
resource_create_ts = int(resource_group.tags.get('create_ts', now_ts))
if resource_group.name.startswith(RESOURCE_GROUP_NAME_PREFIX) and \
resource_group.location.lower() == location.lower() and \
'test' in resource_group.tags and resource_create_ts <= delete_threshold_ts:
assert resource_group.name.startswith(RESOURCE_GROUP_NAME_PREFIX)
print("Deleting old stray resource group: %s..." % (resource_group.name))
try:
resource_client.resource_groups.begin_delete(resource_group.name)
except Exception as e:
print("Failed to delete resource group: %s" % (str(e)), file=sys.stderr)
group = resource_client.resource_groups.create_or_update(
resource_group_name=name,
parameters=resource_models.ResourceGroup(
location=location,
tags={
'test': cls.__name__,
'create_ts': str(now_ts),
'gh_run_id': os.getenv('GITHUB_RUN_ID', 'unknown'),
'gh_job_id': os.getenv('GITHUB_JOB_ID', 'unknown'),
'gh_sha': os.getenv('GITHUB_SHA', 'unknown'),
'gh_ref': os.getenv('GITHUB_REF', 'unknown'),
},
),
timeout=timeout,
)
cls.addClassCleanup(lambda: resource_client.resource_groups
.begin_delete(group.name)
.result(timeout))
account = storage_client.storage_accounts.begin_create(
resource_group_name=group.name,
account_name=name,
parameters=storage_models.StorageAccountCreateParameters(
sku=storage_models.Sku(name=storage_models.SkuName.STANDARD_LRS),
access_tier=cls.access_tier,
kind=cls.kind,
location=location,
),
).result(timeout)
keys = storage_client.storage_accounts.list_keys(
resource_group_name=group.name,
account_name=account.name,
timeout=timeout,
)
cls.account = account.name
cls.secret = keys.keys[0].value
def setUpClass(cls):
if identity is None:
raise unittest.SkipTest('missing azure-identity library')
if resource is None or resource_models is None:
raise unittest.SkipTest('missing azure-mgmt-resource library')
if storage is None or storage_models is None:
raise unittest.SkipTest('missing azure-mgmt-storage library')
config = {
key: os.getenv(key)
for key in (
'AZURE_TENANT_ID',
'AZURE_SUBSCRIPTION_ID',
'AZURE_CLIENT_ID',
'AZURE_CLIENT_SECRET',
)
}
for key, value in config.items():
if not value:
raise unittest.SkipTest('missing environment variable %s' %
key)
credentials = identity.ClientSecretCredential(
tenant_id=config['AZURE_TENANT_ID'],
client_id=config['AZURE_CLIENT_ID'],
client_secret=config['AZURE_CLIENT_SECRET'],
)
resource_client = resource.ResourceManagementClient(
credentials,
config['AZURE_SUBSCRIPTION_ID'],
)
storage_client = storage.StorageManagementClient(
credentials,
config['AZURE_SUBSCRIPTION_ID'],
)
location = os.getenv('AZURE_LOCATION', DEFAULT_AZURE_LOCATION)
name = 'libcloud'
name += random_string(MAX_STORAGE_ACCOUNT_NAME_LENGTH - len(name))
timeout = float(
os.getenv('AZURE_TIMEOUT_SECONDS', DEFAULT_TIMEOUT_SECONDS))
group = resource_client.resource_groups.create_or_update(
resource_group_name=name,
parameters=resource_models.ResourceGroup(
location=location,
tags={
'test': cls.__name__,
'run': os.getenv('GITHUB_RUN_ID', '-'),
},
),
timeout=timeout,
)
cls.addClassCleanup(lambda: resource_client.resource_groups.
begin_delete(group.name).result(timeout))
account = storage_client.storage_accounts.begin_create(
resource_group_name=group.name,
account_name=name,
parameters=storage_models.StorageAccountCreateParameters(
sku=storage_models.Sku(
name=storage_models.SkuName.STANDARD_LRS),
access_tier=cls.access_tier,
kind=cls.kind,
location=location,
),
).result(timeout)
keys = storage_client.storage_accounts.list_keys(
resource_group_name=group.name,
account_name=account.name,
timeout=timeout,
)
cls.account = account.name
cls.secret = keys.keys[0].value