def __init_session(self): subscription_id = self.config['subscription_id'] self.credentials = self.__get_credentials() self.compute_client = ComputeManagementClient( self.credentials, subscription_id) self.network_client = NetworkManagementClient( self.credentials, subscription_id) self.storage_mgmt_client = StorageManagementClient( self.credentials, subscription_id)
def get_storage_account(self, group_name, storage_account, credentials, subscription_id): """ Get the information about the Storage Account named "storage_account" or None if it does not exist """ try: storage_client = StorageManagementClient(credentials, subscription_id) return storage_client.storage_accounts.get_properties( group_name, storage_account) except Exception: self.log_exception("Error checking the storage account") return None
def storage_client(self): self.log('Getting storage client...') if not self._storage_client: self.check_client_version( 'storage', storage_client_version, AZURE_EXPECTED_VERSIONS['storage_client_version']) self._storage_client = StorageManagementClient( self.azure_credentials, self.subscription_id, base_url=self.base_url, api_version='2017-06-01') self._register('Microsoft.Storage') return self._storage_client
def _get_blob_key(accountname): blob_credentials = ServicePrincipalCredentials( client_id=os.environ["CLIENT_ID"], secret=os.environ["SECRET_KEY"], tenant=os.environ["TENANT_ID"]) storage_client = StorageManagementClient(blob_credentials, os.environ["SUBSCRIPTION_ID"]) keys = storage_client.storage_accounts.list_keys( os.environ["RESOURCE_GROUP"], accountname) keys = {v.key_name: v.value for v in keys.keys} return keys["key1"]
def azure_connect_service(service, credentials, region_name=None): try: if service == 'storageaccounts': return StorageManagementClient(credentials.credentials, credentials.subscription_id) else: printException('Service %s not supported' % service) return None except Exception as e: printException(e) return None
def storage_account(self): # Creates storage account using arguements from above storage_client = StorageManagementClient(self.credentials(), self.subscription_id()) storage_async_operation = storage_client.storage_accounts.create( self.args.resource_group, self.args.storage_account, StorageAccountCreateParameters( sku=Sku(name=SkuName.standard_ragrs), kind=Kind.storage, location=self.args.location)) storage_account = storage_async_operation.result() print("Creating storage account: " + self.args.storage_account) return storage_account
def _storage_account(self): """Resolve Auto-Storage account from supplied Batch Account""" if self._resolved_storage_client: return self._resolved_storage_client if not self._subscription or not self.batch_account: raise ValueError("Unable to resolve auto-storage account without " "subscription ID and Batch account name.") if not self._mgmt_credentials: raise ValueError("Unable to resolve auto-storage account without " "Management AAD Credentials.") if self._mgmt_client: client = self._mgmt_client else: client = BatchManagementClient(self._mgmt_credentials, self._subscription) self._mgmt_client = client if self.resource_group: # If a resource group was supplied, we can use that to query the Batch Account try: account = client.batch_account.get(self.resource_group, self.batch_account) except Exception: raise ValueError("Couldn't find the account named '{}' in subscription '{}' " "with resource group '{}'".format( self.batch_account, self._subscription, self.resource_group)) else: # Otherwise, we need to parse the URL for a region in order to identify # the Batch account in the subscription # Example URL: https://batchaccount.westus.batch.azure.com region = urlsplit(self.config.base_url).netloc.split('.', 2)[1] accounts = (x for x in client.batch_account.list() if x.name == self.batch_account and x.location == region) try: account = next(accounts) except StopIteration: raise ValueError("Couldn't find the account named '{}' in subscription '{}' " "in region '{}'".format( self.batch_account, self._subscription, region)) if not account.auto_storage: # pylint: disable=no-member raise ValueError("No linked auto-storage for account '{}'".format(self.batch_account)) storage_account_info = account.auto_storage.storage_account_id.split('/') # pylint: disable=no-member storage_resource_group = storage_account_info[4] storage_account = storage_account_info[8] storage_client = StorageManagementClient(self._mgmt_credentials, self._subscription) keys = storage_client.storage_accounts.list_keys(storage_resource_group, storage_account) storage_key = keys.keys[0].value # pylint: disable=no-member self._resolved_storage_client = CloudStorageAccount(storage_account, storage_key)\ .create_block_blob_service() return self._resolved_storage_client
def get_storage_mgmt_client(self, subscription: str): logger = logging.getLogger(__name__) logger.info( 'LOGGER: acquiring storage resource management client connection') if subscription: self._subscription = subscription try: self._storage_mgmt_client = StorageManagementClient( self._mgmt_credentials, self._subscription) except Exception as e: logger.error(f'LOGGER: Exception occurred {e}') raise e return self._storage_mgmt_client
def configure(): subscription_id, tenant_id = get_credentials() credentials = authenticate_device_code(tenant_id) resource_client = ResourceManagementClient(credentials, subscription_id) network_client = NetworkManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) rg = choose(list(resource_client.resource_groups.list()), "resource group", lambda x: x.name) storage_accounts = {} print("Configuring flow logs for all network security groups in resource group " + rg.name) nsgs = list(network_client.network_security_groups.list(rg.name)) for nsg in nsgs: nw_name = "NetworkWatcher_" + nsg.location if nsg.location not in storage_accounts: network_client.network_watchers.create_or_update("NetworkWatcherRG", nw_name, { "enabled": "true", "location": nsg.location }) sleep(3) # waiting for resource to be truly created print("enabled default network watcher for " + nsg.location + " location") available_storage_accounts = [sa for sa in storage_client.storage_accounts.list_by_resource_group(rg.name) if sa.location == nsg.location] storage_accounts[nsg.location] = choose(available_storage_accounts, "storage account for " + nsg.location + " location", lambda x: x.name, "It is highly recommended to have a dedicated storage account for Flow-Logs, " "if you dont have any, please configure one in the Azure Portal and re-run the script to choose it") network_client.network_watchers.set_flow_log_configuration( "NetworkWatcherRG", nw_name, { "enabled": "true", "target_resource_id": nsg.id, "storage_id": storage_accounts[nsg.location].id, "format": { "type": "JSON", "version": "2" } }) print("enabled flow-logs for nsg " + nsg.name) return { "subscription_id": subscription_id, "resource_group": rg.name, "storage_accounts": [{ "name": sa.name, "key": next(filter(lambda x: x.key_name == STORAGE_ACCOUNTS_KEY, storage_client.storage_accounts.list_keys(rg.name, sa.name).keys)).value, "network_security_groups": [nsg.name for nsg in nsgs if nsg.location == sa.location] } for sa in storage_accounts.values()] }
def run(self): #---- """Resource Group management example.""" # # Create all clients with an Application (service principal) token provider # subscription_id = os.environ.get('AZURE_SUBSCRIPTION_ID', 'ef80a466-7372-49e9-b247-57b95886881c' ) # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id='445a1911-819a-41e8-a093-adfd66ca5ccd', secret='rJ--cHsg@=fucrddh3svx1VUe91q2h1N', tenant='8ee0f3e4-b788-4efa-bd84-e6bfe7fe9943') resource_client = ResourceManagementClient(credentials, subscription_id) compute_client = ComputeManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) network_client = NetworkManagementClient(credentials, subscription_id) ########### # Prepare # ########### # Create Resource group print('\nCreate Resource Group') resource_client.resource_groups.create_or_update( GROUP_NAME, {'location': LOCATION}) # Create a storage account print('\nCreate a storage account') storage_async_operation = storage_client.storage_accounts.create( GROUP_NAME, STORAGE_ACCOUNT_NAME, { 'sku': { 'name': 'standard_lrs' }, 'kind': 'storage', 'location': LOCATION }) storage_async_operation.wait() # List VM in resource group print('\nList VMs in resource group') # Delete VM # print('\nDelete VM') # async_vm_delete = compute_client.virtual_machines.delete( # GROUP_NAME, VM_NAME) # async_vm_delete.wait() return
def getAccessKey(self): """ Get the access key to the storage queue """ storageclient = StorageManagementClient( credentials=BasicTokenAuthentication(self.token), subscription_id=self.subscriptionId) storageKeys = storageclient.storage_accounts.list_keys( resource_group_name=self.resourceGroup, account_name=self.accountName) if storageKeys is None or len(storageKeys.keys) <= 0: print("Could not retrive storage keys of the storage account{0}". format(self.accountName)) return None return storageKeys.keys[0].value
def get_storage_account(group_name, storage_name, credentials, subscription_id): """ Get the Storage Account named storage_name in group_name, if it not exists return None """ try: storage_client = StorageManagementClient(credentials, subscription_id) return storage_client.storage_accounts.get_properties( group_name, storage_name) except CloudError as cex: if cex.status_code == 404: return None else: raise cex
def get_storage_account_key( custom_extension_storage_account_resource_group_name, custom_extension_storage_account_name, ): "Fetch Azure Storage Account Key" credentials = get_azure_credentials(azure_tenant_id, azure_client_id, azure_secret_id) storage_resource = StorageManagementClient(credentials, subscription_id) storage_keys = storage_resource.storage_accounts.list_keys( custom_extension_storage_account_resource_group_name, custom_extension_storage_account_name, custom_headers=None, raw=False, ) return storage_keys
def delete_storage(request, ressource_id, storage_id): ressource = get_object_or_404(Ressources, pk=ressource_id) storage = Storages.objects.get(pk=storage_id) userCloud = get_object_or_404(UserCloud, user=(request.user)) subscription_id = userCloud.subscription_id # your Azure Subscription Id credentials = ServicePrincipalCredentials(client_id=userCloud.client_id, secret=userCloud.secret, tenant=userCloud.tenant) storage_client = StorageManagementClient(credentials, subscription_id) storage_client.storage_accounts.delete(storage.ressource.groupe_name, storage.storage_account_name) storage.delete() return render(request, 'ressource/detail_ressource.html', {'ressource': ressource})
def __init__( self, azure_subscription_id, azure_tenant_id, azure_application_id, azure_application_key, logger, ): """Init command. :param str azure_subscription_id: :param str azure_tenant_id: :param str azure_application_id: :param str azure_application_key: :param str azure_application_key: :param logging.Logger logger: """ self._azure_subscription_id = azure_subscription_id self._azure_tenant_id = azure_tenant_id self._azure_application_id = azure_application_id self._azure_application_key = azure_application_key self._logger = logger self._cached_storage_account_keys = {} self._credentials = ServicePrincipalCredentials( client_id=azure_application_id, secret=azure_application_key, tenant=azure_tenant_id, ) self._subscription_client = SubscriptionClient( credentials=self._credentials) self._resource_client = ResourceManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._compute_client = ComputeManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._storage_client = StorageManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._network_client = NetworkManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id)
def run_main(): subscription_id = os.environ.get( AZURE_SUBSCRIPTION_ID, '1111111122222222333333334444444455') # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id = AZURE_CLIENT_ID, secret = AZURE_CLIENT_SECRET, tenant = AZURE_TENANT_ID ) resource_client = ResourceManagementClient(credentials, subscription_id) compute_client = ComputeManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) network_client = NetworkManagementClient(credentials, subscription_id) # Create Resource group print('\nCreate Resource Group') resource_client.resource_groups.create_or_update(GROUP_NAME, {'location':LOCATION}) # Create a storage account print('\nCreate a storage account') storage_async_operation = storage_client.storage_accounts.create( GROUP_NAME, STORAGE_ACCOUNT_NAME, { 'sku': {'name': 'standard_lrs'}, 'kind': 'storage', 'location': LOCATION } ) storage_async_operation.wait() # Create a NIC nic = create_nic(network_client) # Create Linux VM print('\nCreating Red Hat Enterprise Linux Virtual Machine') vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE) async_vm_creation = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.wait() # Start the VM print('\nStart VM') async_vm_start = compute_client.virtual_machines.start(GROUP_NAME, VM_NAME) async_vm_start.wait()
def main() -> None: formatter = argparse.ArgumentDefaultsHelpFormatter parser = argparse.ArgumentParser(formatter_class=formatter) parser.add_argument("resource_group") parser.add_argument("storage_account") parser.add_argument("migration", choices=migrations.keys(), nargs="+") args = parser.parse_args() credential = AzureCliCredential() client = StorageManagementClient(credential) storage_keys = client.storage_accounts.list_keys(args.resource_group, args.storage_account) table_service = TableService(account_name=args.storage_account, account_key=storage_keys.keys[0].value) print(args.migration) migrate(table_service, args.migration)
def create_storage_table_service(secrets: Secrets): credentials = create_service_principal_credentials(secrets) match = constants.RESOURCE_ID_PATTERN.match( secrets.storage_account_resource_id) accountname = match.group('account') subscription = match.group('subscription') resourcegroup = match.group('resourcegroup') mgmt_client = StorageManagementClient(credentials, subscription) key = mgmt_client.storage_accounts.list_keys( resource_group_name=resourcegroup, account_name=accountname).keys[0].value # storage_client = CloudStorageAccount(accountname, key) # blob_client = storage_client.create_block_blob_service() table_service = TableService(account_name=accountname, account_key=key) return table_service
def __init__(self, client_data, resource_helper, name, account=None, default_share='share'): self.name = name self.default_share = default_share self._account = account self._key = os.environ.get('AZURE_STORAGE_KEY') self.resource_helper = resource_helper self.client = StorageManagementClient(*client_data) self.file_service = FileService( account_name=self.account.name, account_key=self.key, )
def getAccessKey(self) -> str: self.tracer.info("getting access key for Storage Account") storageclient = StorageManagementClient( credential=self.token, subscription_id=self.subscriptionId) # Retrieve keys from storage accounts storageKeys = storageclient.storage_accounts.list_keys( resource_group_name=self.resourceGroup, account_name=self.accountName) if storageKeys is None or len(storageKeys.keys) == 0: self.tracer.error( "could not retrieve storage keys of the storage account %s" % self.accountName) return None return storageKeys.keys[0].value
def create_storage_account(self, group_name, storage_account, credentials, subscription_id, location): """ Create an storage account with the name specified in "storage_account" """ try: storage_client = StorageManagementClient(credentials, subscription_id) storage_async_operation = storage_client.storage_accounts.create(group_name, storage_account, {'sku': {'name': 'standard_lrs'}, 'kind': 'storage', 'location': location} ) return storage_async_operation.result(), "" except Exception as ex: self.log_exception("Error creating the storage account") return None, str(ex)
def get_storage_account_key(self, account_name, subscription_id, rg_name): """ :param str account_name: Azure Blob account name. :param ServicePrincipalCredential credentials: Service Principle Credentials. :param str subscription_id: Azure Subscription ID :param str rg_name: Azure Resource Group Name where storage account is listed """ self.get_spn_credentials() storage_client = StorageManagementClient(self.credentials, subscription_id) storage_keys = storage_client.storage_accounts.list_keys( rg_name, account_name) storage_keys = {v.key_name: v.value for v in storage_keys.keys} account_key = storage_keys['key1'] return account_key
def create_storage_account(credentials, subscription_id, **kwargs): """ Create a Storage account :param credentials: msrestazure.azure_active_directory.AdalAuthentication :param subscription_id: str :param **resource_group: str :param **storage_account: str :param **region: str """ storage_management_client = StorageManagementClient(credentials, subscription_id) storage_account = storage_management_client.storage_accounts.create( resource_group_name=kwargs.get("resource_group", DefaultSettings.resource_group), account_name=kwargs.get("storage_account", DefaultSettings.storage_account), parameters=StorageAccountCreateParameters( sku=Sku(SkuName.standard_lrs), kind=Kind.storage, location=kwargs.get('region', DefaultSettings.region))) return storage_account.result().id
def run(self, args): """Run the remediation job. :param args: List of arguments provided to the job. :type args: list. :returns: int """ params = self.parse(args[1]) client_id = os.environ.get("AZURE_CLIENT_ID") client_secret = os.environ.get("AZURE_CLIENT_SECRET") tenant_id = os.environ.get("AZURE_TENANT_ID") # credential for Storage Account and Key Vault management client credential = ClientSecretCredential( client_id=client_id, client_secret=client_secret, tenant_id=tenant_id, ) # credential for AzureGraphRbacManagementClient credentials = ServicePrincipalCredentials( client_id=client_id, secret=client_secret, tenant=tenant_id, resource="https://graph.windows.net", ) storage_client = StorageManagementClient(credential, params["subscription_id"]) keyvault_client = KeyVaultManagementClient(credential, params["subscription_id"]) graph_client = GraphRbacManagementClient(credentials, tenant_id, base_url=None) monitor_client = MonitorClient(credential, params["subscription_id"]) return self.remediate( client_id, tenant_id, keyvault_client, monitor_client, storage_client, graph_client, credential, params["resource_group_name"], params["key_vault_name"], params["region"], params["subscription_id"], )
def __init__(self): if os.environ.get('AZURE_SUBSCRIPTION_ID') is not None: self.subscription_id = os.environ.get( 'AZURE_SUBSCRIPTION_ID') # your Azure Subscription Id else: raise ValueError( 'AZURE_SUBSCRIPTION_ID environment variable missing') # Sanity check if os.environ.get('AZURE_CLIENT_ID') is None: raise ValueError('AZURE_CLIENT_ID environment variable missing') if os.environ.get('AZURE_CLIENT_SECRET') is None: raise ValueError( 'AZURE_CLIENT_SECRET environment variable missing') if os.environ.get('AZURE_TENANT_ID') is None: raise ValueError('AZURE_TENANT_ID environment variable missing') if os.environ.get('STORAGE_ACCOUNT_NAME') is None: raise ValueError( 'STORAGE_ACCOUNT_NAME environment variable missing') self.storage_account_name = os.environ['STORAGE_ACCOUNT_NAME'] self.credentials = ServicePrincipalCredentials( client_id=os.environ['AZURE_CLIENT_ID'], secret=os.environ['AZURE_CLIENT_SECRET'], tenant=os.environ['AZURE_TENANT_ID']) #FIXME do we need two credentials? self.client_secret_credential = ClientSecretCredential( os.environ['AZURE_TENANT_ID'], os.environ['AZURE_CLIENT_ID'], os.environ['AZURE_CLIENT_SECRET']) self.resource_client = ResourceManagementClient( self.credentials, self.subscription_id) self.msi_client = ManagedServiceIdentityClient(self.credentials, self.subscription_id) self.policy_client = PolicyClient(self.credentials, self.subscription_id) self.authorization_client = AuthorizationManagementClient( self.credentials, self.subscription_id) self.storage_client = StorageManagementClient(self.credentials, self.subscription_id) # adls2 storage client self.adls2_client = DataLakeServiceClient( account_url="{}://{}.dfs.core.windows.net".format( "https", self.storage_account_name), credential=self.client_secret_credential)
def storage_account_get_keys(credentials, subscription_id, **kwargs): """ get Storage account keys :param credentials: msrestazure.azure_active_directory.AdalAuthentication :param subscription_id: str :param **resource_group: str :param **storage_account: str :param **region: str """ storage_management_client = StorageManagementClient( credentials, subscription_id) storage_account_keys = storage_management_client.storage_accounts.list_keys( resource_group_name=kwargs.get("resource_group", DefaultSettings.resource_group), account_name=kwargs.get("storage_account", DefaultSettings.storage_account)) return storage_account_keys.keys[0].value
class AzureStorage: subscription_id = "f1a64d2c-a48b-4fed-af04-7f78364b176c" credentials = ServicePrincipalCredentials( client_id="b86110f5-34f9-470f-b3a5-d1f4f7a687c0", secret="J-8GBQgtdY.z]?8S97dwGCeTxPJuM1kB", tenant="3715d4db-cb52-4937-af91-4c750e1b2815") resource_client = ResourceManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) @staticmethod def create_storage_account(self): self.resource_client.providers.register('Microsoft.Storage') storage_name = Utils.name_generator() # Check availability availability = self.storage_client.storage_accounts.check_name_availability( storage_name) while not availability: storage_name = Utils.name_generator() availability = self.storage_client.storage_accounts.check_name_availability( storage_name) if availability: storage_async_operation = self.storage_client.storage_accounts.create( 'InstanT', storage_name, StorageAccountCreateParameters( sku=Sku(name=SkuName.standard_ragrs), kind=Kind.storage, location='francecentral', enable_https_traffic_only=True)) storage_account = storage_async_operation.result() Utils.print_storage(self, storage_account) storage_keys = self.storage_client.storage_accounts.list_keys( 'InstanT', storage_name) storage_keys = {v.key_name: v.value for v in storage_keys.keys} connection_str = Utils.connection_string(storage_name, storage_keys['key1']) # faire un return ici, le reste est du test blob_service_client = BlobServiceClient.from_connection_string( connection_str) container_name = "test" + str(uuid.uuid4()) container_client = blob_service_client.create_container( container_name, public_access=PublicAccess.Container) return storage_name, connection_str, container_name
def create_storage(request, ressource_id): print(ressource_id) form = StoragesForm(request.POST or None, request.FILES or None) ressource = get_object_or_404(Ressources, pk=ressource_id) if form.is_valid(): ressource_storages = ressource.storages_set.all() for s in ressource_storages: if s.storage_account_name == form.cleaned_data.get( "storage_account_name"): context = { 'ressource': ressource, 'form': form, 'error_message': 'You already added that storage', } return render(request, 'ressource/create_storage.html', context) storages = form.save(commit=False) storages.ressource = ressource userCloud = get_object_or_404(UserCloud, user=(request.user)) subscription_id = userCloud.subscription_id # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id=userCloud.client_id, secret=userCloud.secret, tenant=userCloud.tenant) storage_client = StorageManagementClient(credentials, subscription_id) storage_async_operation = storage_client.storage_accounts.create( storages.ressource.groupe_name, form.cleaned_data['storage_account_name'], { 'sku': { 'name': 'standard_lrs' }, 'kind': 'storage', 'location': storages.ressource.location }) storage_async_operation.wait() storages.save() return render(request, 'ressource/detail_ressource.html', {'ressource': ressource}) context = { 'ressource': ressource, 'form': form, } return render(request, 'ressource/create_storage.html', context)
def storage_account_exists(name: str, subscription: str, resource_group: str) -> bool: storage_client = StorageManagementClient(_credential(), _subscription_id(subscription)) if any(account.name == name for account in storage_client.storage_accounts. list_by_resource_group(resource_group)): return True for account in storage_client.storage_accounts.list(): if account.name == name: if account.resourceGroup != resource_group: warnings.warn( f"Storage account with name {name} found, but it belongs " f"to another resource group ({account.resourceGroup}.") return True return False
def run(self, args): """Run the remediation job. :param args: List of arguments provided to the job. :type args: list. :returns: int """ params = self.parse(args[1]) credentials = ClientSecretCredential( client_id=os.environ.get("AZURE_CLIENT_ID"), client_secret=os.environ.get("AZURE_CLIENT_SECRET"), tenant_id=os.environ.get("AZURE_TENANT_ID"), ) client = StorageManagementClient(credentials, params["subscription_id"]) return self.remediate( client, params["resource_group_name"], params["account_name"], )
def storage_models(self): self.log('Getting storage models...') return StorageManagementClient.models("2017-10-01")
def get_create_storage_account_status(creds, link): storage_client = StorageManagementClient(creds) result = storage_client.get_create_operation_status(link) return result