def test_get_cloud_from_endpoint(self): public_azure_dict = { "galleryEndpoint": "https://gallery.azure.com", "graphEndpoint": "https://graph.windows.net/", "portalEndpoint": "https://portal.azure.com", "authentication": { "loginEndpoint": "https://login.windows.net", "audiences": [ "https://management.core.windows.net/", "https://management.azure.com/" ] } } httpretty.register_uri( httpretty.GET, "https://management.azure.com/metadata/endpoints?api-version=1.0", body=json.dumps(public_azure_dict), content_type="application/json") cloud = azure_cloud.get_cloud_from_metadata_endpoint( "https://management.azure.com") self.assertEqual("https://management.azure.com", cloud.name) self.assertEqual("https://management.azure.com", cloud.endpoints.management) self.assertEqual("https://management.azure.com", cloud.endpoints.resource_manager) self.assertEqual("https://gallery.azure.com", cloud.endpoints.gallery) self.assertEqual("https://graph.windows.net/", cloud.endpoints.active_directory_graph_resource_id) self.assertEqual("https://login.windows.net", cloud.endpoints.active_directory) session = requests.Session() cloud = azure_cloud.get_cloud_from_metadata_endpoint( "https://management.azure.com", "Public Azure", session) self.assertEqual("Public Azure", cloud.name) self.assertEqual("https://management.azure.com", cloud.endpoints.management) self.assertEqual("https://management.azure.com", cloud.endpoints.resource_manager) self.assertEqual("https://gallery.azure.com", cloud.endpoints.gallery) self.assertEqual("https://graph.windows.net/", cloud.endpoints.active_directory_graph_resource_id) self.assertEqual("https://login.windows.net", cloud.endpoints.active_directory) with self.assertRaises(azure_cloud.MetadataEndpointError): azure_cloud.get_cloud_from_metadata_endpoint( "https://something.azure.com") with self.assertRaises(azure_cloud.CloudEndpointNotSetException): cloud.endpoints.batch_resource_id with self.assertRaises(azure_cloud.CloudSuffixNotSetException): cloud.suffixes.sql_server_hostname self.assertIsNotNone(str(cloud))
def _determine_auth(**kwargs): ''' Acquire Azure ARM Credentials ''' if 'profile' in kwargs: azure_credentials = __salt__['config.option'](kwargs['profile']) kwargs.update(azure_credentials) service_principal_creds_kwargs = ['client_id', 'secret', 'tenant'] user_pass_creds_kwargs = ['username', 'password'] try: if kwargs.get('cloud_environment') and kwargs.get( 'cloud_environment').startswith('http'): cloud_env = get_cloud_from_metadata_endpoint( kwargs['cloud_environment']) else: cloud_env_module = importlib.import_module( 'msrestazure.azure_cloud') cloud_env = getattr( cloud_env_module, kwargs.get('cloud_environment', 'AZURE_PUBLIC_CLOUD')) except (AttributeError, ImportError, MetadataEndpointError): raise sys.exit( 'The Azure cloud environment {0} is not available.'.format( kwargs['cloud_environment'])) if set(service_principal_creds_kwargs).issubset(kwargs): if not (kwargs['client_id'] and kwargs['secret'] and kwargs['tenant']): raise SaltInvocationError( 'The client_id, secret, and tenant parameters must all be ' 'populated if using service principals.') else: credentials = ServicePrincipalCredentials( kwargs['client_id'], kwargs['secret'], tenant=kwargs['tenant'], cloud_environment=cloud_env) elif set(user_pass_creds_kwargs).issubset(kwargs): if not (kwargs['username'] and kwargs['password']): raise SaltInvocationError( 'The username and password parameters must both be ' 'populated if using username/password authentication.') else: credentials = UserPassCredentials(kwargs['username'], kwargs['password'], cloud_environment=cloud_env) else: raise SaltInvocationError( 'Unable to determine credentials. ' 'A subscription_id with username and password, ' 'or client_id, secret, and tenant or a profile with the ' 'required parameters populated') if 'subscription_id' not in kwargs: raise SaltInvocationError('A subscription_id must be specified') subscription_id = salt.utils.stringutils.to_str(kwargs['subscription_id']) return credentials, subscription_id, cloud_env
def __init__(self, subscription_id, resource_group, pub_ssh_key_path='~/id_rsa.pub'): mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) subscription_id = os.environ['AZURE_SUBSCRIPTION_ID'] credentials = ServicePrincipalCredentials( client_id=os.environ['AZURE_CLIENT_ID'], secret=os.environ['AZURE_CLIENT_SECRET'], tenant=os.environ['AZURE_TENANT_ID'], cloud_environment=mystack_cloud) self.subscription_id = subscription_id self.resource_group = resource_group self.dns_label_prefix = self.name_generator.haikunate() pub_ssh_key_path = os.path.expanduser(pub_ssh_key_path) # Will raise if file not exists or not enough permission with open(pub_ssh_key_path, 'r') as pub_ssh_file_fd: self.pub_ssh_key = pub_ssh_file_fd.read() self.credentials = credentials self.client = ResourceManagementClient( self.credentials, self.subscription_id, base_url=mystack_cloud.endpoints.resource_manager)
def __init__(self, config, resource_group, pub_ssh_key_path='~/id_rsa.pub'): mystack_cloud = get_cloud_from_metadata_endpoint( config['resourceManagerUrl']) credentials = ClientSecretCredential( client_id=config['clientId'], client_secret=config['clientSecret'], tenant_id=config['tenantId'], authority=mystack_cloud.endpoints.active_directory) self.location = config['location'] self.subscription_id = config['subscriptionId'] self.resource_group = resource_group self.dns_label_prefix = self.name_generator.haikunate() pub_ssh_key_path = os.path.expanduser(pub_ssh_key_path) # Will raise if file not exists or not enough permission with open(pub_ssh_key_path, 'r') as pub_ssh_file_fd: self.pub_ssh_key = pub_ssh_file_fd.read() self.credentials = credentials scope = "openid profile offline_access" + " " + mystack_cloud.endpoints.active_directory_resource_id + "/.default" self.client = ResourceManagementClient( credentials, self.subscription_id, base_url=mystack_cloud.endpoints.resource_manager, profile=KnownProfiles.v2020_09_01_hybrid, credential_scopes=[scope])
def __init__(self, args): self._args = args self._cloud_environment = None self._compute_client = None self._resource_client = None self._network_client = None self.debug = False if args.debug: self.debug = True self.credentials = self._get_credentials(args) if not self.credentials: self.fail("Failed to get credentials. Either pass as parameters, set environment variables, " "or define a profile in ~/.azure/credentials.") # if cloud_environment specified, look up/build Cloud object raw_cloud_env = self.credentials.get('cloud_environment') if not raw_cloud_env: self._cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD # SDK default else: # try to look up "well-known" values via the name attribute on azure_cloud members all_clouds = [x[1] for x in inspect.getmembers(azure_cloud) if isinstance(x[1], azure_cloud.Cloud)] matched_clouds = [x for x in all_clouds if x.name == raw_cloud_env] if len(matched_clouds) == 1: self._cloud_environment = matched_clouds[0] elif len(matched_clouds) > 1: self.fail("Azure SDK failure: more than one cloud matched for cloud_environment name '{0}'".format(raw_cloud_env)) else: if not urlparse.urlparse(raw_cloud_env).scheme: self.fail("cloud_environment must be an endpoint discovery URL or one of {0}".format([x.name for x in all_clouds])) try: self._cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(raw_cloud_env) except Exception as e: self.fail("cloud_environment {0} could not be resolved: {1}".format(raw_cloud_env, e.message)) if self.credentials.get('subscription_id', None) is None: self.fail("Credentials did not include a subscription_id value.") self.log("setting subscription_id") self.subscription_id = self.credentials['subscription_id'] if self.credentials.get('credentials'): self.azure_credentials = self.credentials.get('credentials') elif self.credentials.get('client_id') and self.credentials.get('secret') and self.credentials.get('tenant'): self.azure_credentials = ServicePrincipalCredentials(client_id=self.credentials['client_id'], secret=self.credentials['secret'], tenant=self.credentials['tenant'], cloud_environment=self._cloud_environment) elif self.credentials.get('ad_user') is not None and self.credentials.get('password') is not None: tenant = self.credentials.get('tenant') if not tenant: tenant = 'common' self.azure_credentials = UserPassCredentials(self.credentials['ad_user'], self.credentials['password'], tenant=tenant, cloud_environment=self._cloud_environment) else: self.fail("Failed to authenticate with provided credentials. Some attributes were missing. " "Credentials must include client_id, secret and tenant or ad_user and password.")
def __init__(self, args): self._args = args self._cloud_environment = None self._compute_client = None self._resource_client = None self._network_client = None self.debug = False if args.debug: self.debug = True self.credentials = self._get_credentials(args) if not self.credentials: self.fail("Failed to get credentials. Either pass as parameters, set environment variables, " "or define a profile in ~/.azure/credentials.") # if cloud_environment specified, look up/build Cloud object raw_cloud_env = self.credentials.get('cloud_environment') if not raw_cloud_env: self._cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD # SDK default else: # try to look up "well-known" values via the name attribute on azure_cloud members all_clouds = [x[1] for x in inspect.getmembers(azure_cloud) if isinstance(x[1], azure_cloud.Cloud)] matched_clouds = [x for x in all_clouds if x.name == raw_cloud_env] if len(matched_clouds) == 1: self._cloud_environment = matched_clouds[0] elif len(matched_clouds) > 1: self.fail("Azure SDK failure: more than one cloud matched for cloud_environment name '{0}'".format(raw_cloud_env)) else: if not urlparse.urlparse(raw_cloud_env).scheme: self.fail("cloud_environment must be an endpoint discovery URL or one of {0}".format([x.name for x in all_clouds])) try: self._cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(raw_cloud_env) except Exception as e: self.fail("cloud_environment {0} could not be resolved: {1}".format(raw_cloud_env, e.message)) if self.credentials.get('subscription_id', None) is None: self.fail("Credentials did not include a subscription_id value.") self.log("setting subscription_id") self.subscription_id = self.credentials['subscription_id'] if self.credentials.get('client_id') is not None and \ self.credentials.get('secret') is not None and \ self.credentials.get('tenant') is not None: self.azure_credentials = ServicePrincipalCredentials(client_id=self.credentials['client_id'], secret=self.credentials['secret'], tenant=self.credentials['tenant'], cloud_environment=self._cloud_environment) elif self.credentials.get('ad_user') is not None and self.credentials.get('password') is not None: tenant = self.credentials.get('tenant') if not tenant: tenant = 'common' self.azure_credentials = UserPassCredentials(self.credentials['ad_user'], self.credentials['password'], tenant=tenant, cloud_environment=self._cloud_environment) else: self.fail("Failed to authenticate with provided credentials. Some attributes were missing. " "Credentials must include client_id, secret and tenant or ad_user and password.")
def get_credentials(config): mystack_cloud = get_cloud_from_metadata_endpoint(config['resourceManagerEndpointUrl']) subscription_id = config['subscriptionId'] credentials = ClientSecretCredential( client_id = config['clientId'], client_secret = config['clientSecret'], tenant_id = config['tenantId'], authority = mystack_cloud.endpoints.active_directory) return credentials, subscription_id, mystack_cloud
def get_credentials(): mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) subscription_id = os.environ['AZURE_SUBSCRIPTION_ID'] credentials = ServicePrincipalCredentials( client_id=os.environ['AZURE_CLIENT_ID'], secret=os.environ['AZURE_CLIENT_SECRET'], tenant=os.environ['AZURE_TENANT_ID'], cloud_environment=mystack_cloud) return credentials, subscription_id, mystack_cloud
def authenticate_cli(): # # Create all clients with Azure CLI's active subscription # global mystack_cloud, resource_client, compute_client, storage_client, network_client mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) resource_client = get_client_from_cli_profile(ResourceManagementClient) compute_client = get_client_from_cli_profile(ComputeManagementClient) storage_client = get_client_from_cli_profile(StorageManagementClient) network_client = get_client_from_cli_profile(NetworkManagementClient)
def run(self, terms, variables, **kwargs): self.set_options(direct=kwargs) credentials = {} credentials['azure_client_id'] = self.get_option( 'azure_client_id', None) credentials['azure_secret'] = self.get_option('azure_secret', None) credentials['azure_tenant'] = self.get_option('azure_tenant', 'common') if credentials['azure_client_id'] is None or credentials[ 'azure_secret'] is None: raise AnsibleError("Must specify azure_client_id and azure_secret") _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD if self.get_option('azure_cloud_environment', None) is not None: cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint( credentials['azure_cloud_environment']) try: azure_credentials = ServicePrincipalCredentials( client_id=credentials['azure_client_id'], secret=credentials['azure_secret'], tenant=credentials['azure_tenant'], resource=_cloud_environment.endpoints. active_directory_graph_resource_id) client = GraphRbacManagementClient( azure_credentials, credentials['azure_tenant'], base_url=_cloud_environment.endpoints. active_directory_graph_resource_id) response = list( client.service_principals.list(filter="appId eq '{0}'".format( credentials['azure_client_id']))) sp = response[0] return sp.object_id.split(',') except CloudError as ex: raise AnsibleError( "Failed to get service principal object id: %s" % to_native(ex)) return False
def authenticate_service_principal_token(): # # Create all clients with an Application (service principal) token provider # global mystack_cloud, resource_client, compute_client, storage_client, network_client mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) subscription_id = os.environ['AZURE_SUBSCRIPTION_ID'] credentials = ServicePrincipalCredentials( client_id=os.environ['AZURE_CLIENT_ID'], secret=os.environ['AZURE_CLIENT_SECRET'], tenant=os.environ['AZURE_TENANT_ID'], cloud_environment=mystack_cloud) # By Default, use AzureStack supported profile KnownProfiles.default.use(KnownProfiles.v2019_03_01_hybrid) resource_client = ResourceManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) compute_client = ComputeManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) storage_client = StorageManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) network_client = NetworkManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager)
def run(self, terms, variables, **kwargs): #self.set_options(var_options=variables, direct=kwargs) self.set_options(direct=kwargs) #credentials = _get_credentials(self._options) #if len(self._options) > 0: # #raise AnsibleError("self._options is: {0} {1}".format(self._options['azure_client_id'], self._options['azure_secret'])) #else: # raise AnsibleError("options is null: {0}, {1}".format(kwargs, variables)) credentials = {} credentials['azure_client_id'] = self.get_option('azure_client_id') credentials['azure_secret'] = self.get_option('azure_secret') credentials['azure_tenant'] = self.get_option('azure_tenant', 'common') _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD if self.get_option('azure_cloud_environment', None) is not None: cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint( credentials['azure_cloud_environment']) azure_credentials = ServicePrincipalCredentials( client_id=credentials['azure_client_id'], secret=credentials['azure_secret'], tenant=credentials['azure_tenant'], #cloud_environment=_cloud_environment, resource=_cloud_environment.endpoints. active_directory_graph_resource_id) #auth_context = AuthenticationContext(_cloud_environment.endpoints.active_directory + '/' + credentials['azure_tenant']) # get on behalf of token #creds = auth_context.acquire_token_with_client_credentials(_cloud_environment.endpoints.active_directory_graph_resource_id, credentials['azure_client_id'], credentials['azure_secret']) #if creds is None: # raise AnsibleError('invalid token') #creds = auth_context.acquire_token_with_client_credentials('00000002-0000-0000-c000-000000000000', credentials['azure_client_id'], credentials['azure_secret']) #copy_aad_cred = copy.deepcopy(azure_credentials) #copy_aad_cred.token['access_token'] = creds['accessToken'] # if auth_token is not None: # raise AnsibleError("auth_token is null {0} {1}"); # else: # raise AnsibleError("auth_token is: {0}".format(auth_token)) client = GraphRbacManagementClient( azure_credentials, credentials['azure_tenant'], base_url=_cloud_environment.endpoints. active_directory_graph_resource_id) if not client: raise AnsibleError('invalid client') #else: # raise AnsibleError('valid client!') try: response = list( client.service_principals.list(filter="appId eq '{}'".format( credentials['azure_client_id']))) sp = response[0] #return ''.join(map(str, sp.object_id.split(','))) return sp.object_id.split(',') except CloudError as ex: raise AnsibleError( "Failed to get service principal object id: %s" % to_native(ex)) return False
def run_example(): """Resource Group management example.""" # # Create all clients with an Application (service principal) token provider # mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) # Set Storage Endpoint suffix arm_url = mystack_cloud.endpoints.resource_manager storage_endpoint_suffix = arm_url.replace(arm_url.split(".")[0], "").strip('./') subscription_id = os.environ.get( 'AZURE_SUBSCRIPTION_ID', '11111111-1111-1111-1111-111111111111') # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id=os.environ['AZURE_CLIENT_ID'], secret=os.environ['AZURE_CLIENT_SECRET'], tenant=os.environ['AZURE_TENANT_ID'], cloud_environment=mystack_cloud) # By Default, use AzureStack supported profile KnownProfiles.default.use(KnownProfiles.v2017_03_09_profile) resource_client = ResourceManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) compute_client = ComputeManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) storage_client = StorageManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) network_client = NetworkManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) ########### # Prepare # ########### # Create Resource group print('\nCreate Resource Group') resource_client.resource_groups.create_or_update(GROUP_NAME, {'location': LOCATION}) # Create a storage account print('\nCreate a storage account') storage_async_operation = storage_client.storage_accounts.create( GROUP_NAME, STORAGE_ACCOUNT_NAME, { 'sku': { 'name': 'standard_lrs' }, 'kind': 'storage', 'location': LOCATION }) storage_async_operation.wait() # Create a NIC nic = create_nic(network_client) ############# # VM Sample # ############# # Create Linux VM print('\nCreating Linux Virtual Machine') vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE['linux'], storage_endpoint_suffix) async_vm_creation = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.wait() # Tag the VM print('\nTag Virtual Machine') async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, { 'location': LOCATION, 'tags': { 'who-rocks': 'python', 'where': 'on azure' } }) async_vm_update.wait() # Attach data disk print('\nAttach Data Disk') async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, { 'location': LOCATION, 'storage_profile': { 'data_disks': [{ 'name': 'mydatadisk1', 'disk_size_gb': 1, 'lun': 0, 'vhd': { 'uri': "https://{}.blob.{}/vhds/mydatadisk1.vhd".format( STORAGE_ACCOUNT_NAME, storage_endpoint_suffix) }, 'create_option': 'Empty' }] } }) async_vm_update.wait() # Get the virtual machine by name print('\nGet Virtual Machine by Name') virtual_machine = compute_client.virtual_machines.get(GROUP_NAME, VM_NAME) # Detach data disk print('\nDetach Data Disk') data_disks = virtual_machine.storage_profile.data_disks data_disks[:] = [disk for disk in data_disks if disk.name != 'mydatadisk1'] async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, virtual_machine) virtual_machine = async_vm_update.result() # Deallocating the VM (resize prepare) print('\nDeallocating the VM (resize prepare)') async_vm_deallocate = compute_client.virtual_machines.deallocate( GROUP_NAME, VM_NAME) async_vm_deallocate.wait() # Update OS disk size by 10Gb print('\nUpdate OS disk size') # Server is not returning the OS Disk size (None), possible bug in server if not virtual_machine.storage_profile.os_disk.disk_size_gb: print( "\tServer is not returning the OS disk size, possible bug in the server?" ) print("\tAssuming that the OS disk size is 256 GB") virtual_machine.storage_profile.os_disk.disk_size_gb = 256 virtual_machine.storage_profile.os_disk.disk_size_gb += 10 async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, virtual_machine) virtual_machine = async_vm_update.result() # Start the VM print('\nStart VM') async_vm_start = compute_client.virtual_machines.start(GROUP_NAME, VM_NAME) async_vm_start.wait() # Restart the VM print('\nRestart VM') async_vm_restart = compute_client.virtual_machines.restart( GROUP_NAME, VM_NAME) async_vm_restart.wait() # Stop the VM print('\nStop VM') async_vm_stop = compute_client.virtual_machines.power_off( GROUP_NAME, VM_NAME) async_vm_stop.wait() # List VMs in subscription print('\nList VMs in subscription') for vm in compute_client.virtual_machines.list_all(): print("\tVM: {}".format(vm.name)) # List VM in resource group print('\nList VMs in resource group') for vm in compute_client.virtual_machines.list(GROUP_NAME): print("\tVM: {}".format(vm.name)) # Delete VM print('\nDelete VM') async_vm_delete = compute_client.virtual_machines.delete( GROUP_NAME, VM_NAME) async_vm_delete.wait() # Create Windows VM print('\nCreating Windows Virtual Machine') # Recycling NIC of previous VM vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE['windows'], storage_endpoint_suffix) async_vm_creation = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.wait() input("Press enter to delete this Resource Group.") # Delete Resource group and everything in it print('\nDelete Resource Group') delete_async_operation = resource_client.resource_groups.delete(GROUP_NAME) delete_async_operation.wait() print("\nDeleted: {}".format(GROUP_NAME))
def run_example(): """Virtual Machine management example.""" # # Create all clients with an Application (service principal) token provider # mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) subscription_id = os.environ['AZURE_SUBSCRIPTION_ID'] credentials = ClientSecretCredential( client_id=os.environ['AZURE_CLIENT_ID'], client_secret=os.environ['AZURE_CLIENT_SECRET'], tenant_id=os.environ['AZURE_TENANT_ID'], authority=mystack_cloud.endpoints.active_directory) logging.basicConfig(level=logging.ERROR) scope = "openid profile offline_access" + " " + mystack_cloud.endpoints.active_directory_resource_id + "/.default" resource_client = ResourceManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager, profile=KnownProfiles.v2020_09_01_hybrid, credential_scopes=[scope]) compute_client = ComputeManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager, profile=KnownProfiles.v2020_09_01_hybrid, credential_scopes=[scope]) storage_client = StorageManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager, profile=KnownProfiles.v2020_09_01_hybrid, credential_scopes=[scope]) network_client = NetworkManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager, profile=KnownProfiles.v2020_09_01_hybrid, credential_scopes=[scope]) ########### # Prepare # ########### # Create Resource group print('\nCreate Resource Group') resource_client.resource_groups.create_or_update(GROUP_NAME, {'location': LOCATION}) try: # Create a storage account print('\nCreate a storage account') storage_async_operation = storage_client.storage_accounts.begin_create( GROUP_NAME, STORAGE_ACCOUNT_NAME, { 'sku': { 'name': 'standard_lrs' }, 'kind': 'storage', 'location': LOCATION }) storage_async_operation.result() # Create a NIC nic = create_nic(network_client) ############# # VM Sample # ############# # Create Linux VM print('\nCreating Linux Virtual Machine') vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE['linux']) async_vm_creation = compute_client.virtual_machines.begin_create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.result() # Tag the VM print('\nTag Virtual Machine') async_vm_update = compute_client.virtual_machines.begin_create_or_update( GROUP_NAME, VM_NAME, { 'location': LOCATION, 'tags': { 'who-rocks': 'python', 'where': 'on azure' } }) async_vm_update.result() # Create managed data disk print('\nCreate (empty) managed Data Disk') async_disk_creation = compute_client.disks.begin_create_or_update( GROUP_NAME, 'mydatadisk1', { 'location': LOCATION, 'disk_size_gb': 1, 'creation_data': { 'create_option': DiskCreateOption.empty } }) data_disk = async_disk_creation.result() # Get the virtual machine by name print('\nGet Virtual Machine by Name') virtual_machine = compute_client.virtual_machines.get( GROUP_NAME, VM_NAME) # Attach data disk print('\nAttach Data Disk') virtual_machine.storage_profile.data_disks.append({ 'lun': 12, 'name': 'mydatadisk1', 'create_option': DiskCreateOption.attach, 'managed_disk': { 'id': data_disk.id } }) async_disk_attach = compute_client.virtual_machines.begin_create_or_update( GROUP_NAME, virtual_machine.name, virtual_machine) async_disk_attach.result() # Detach data disk print('\nDetach Data Disk') data_disks = virtual_machine.storage_profile.data_disks data_disks[:] = [ disk for disk in data_disks if disk.name != 'mydatadisk1' ] async_vm_update = compute_client.virtual_machines.begin_create_or_update( GROUP_NAME, VM_NAME, virtual_machine) virtual_machine = async_vm_update.result() # Deallocating the VM (in preparation for a disk resize) print('\nDeallocating the VM (to prepare for a disk resize)') async_vm_deallocate = compute_client.virtual_machines.begin_deallocate( GROUP_NAME, VM_NAME) async_vm_deallocate.result() # Increase OS disk size by 10 GB print('\nUpdate OS disk size') os_disk_name = virtual_machine.storage_profile.os_disk.name os_disk = compute_client.disks.get(GROUP_NAME, os_disk_name) if not os_disk.disk_size_gb: print( "\tServer is not returning the OS disk size, possible bug in the server?" ) print("\tAssuming that the OS disk size is 30 GB") os_disk.disk_size_gb = 30 os_disk.disk_size_gb += 10 async_disk_update = compute_client.disks.begin_create_or_update( GROUP_NAME, os_disk.name, os_disk) async_disk_update.result() # Start the VM print('\nStart VM') async_vm_start = compute_client.virtual_machines.begin_start( GROUP_NAME, VM_NAME) async_vm_start.result() # Restart the VM print('\nRestart VM') async_vm_restart = compute_client.virtual_machines.begin_restart( GROUP_NAME, VM_NAME) async_vm_restart.result() # Stop the VM print('\nStop VM') async_vm_stop = compute_client.virtual_machines.begin_power_off( GROUP_NAME, VM_NAME) async_vm_stop.result() # List VMs in subscription print('\nList VMs in subscription') for vm in compute_client.virtual_machines.list_all(): print("\tVM: {}".format(vm.name)) # List VM in resource group print('\nList VMs in resource group') for vm in compute_client.virtual_machines.list(GROUP_NAME): print("\tVM: {}".format(vm.name)) # Delete VM print('\nDelete VM') async_vm_delete = compute_client.virtual_machines.begin_delete( GROUP_NAME, VM_NAME) async_vm_delete.result() # Create Windows VM print('\nCreating Windows Virtual Machine') # Recycling NIC of previous VM vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE['windows']) async_vm_creation = compute_client.virtual_machines.begin_create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.result() except CloudError: print('A VM operation failed:', traceback.format_exc(), sep='\n') else: print('All example operations completed successfully!') finally: # Delete Resource group and everything in it print('\nDelete Resource Group') delete_async_operation = resource_client.resource_groups.begin_delete( GROUP_NAME) delete_async_operation.result() print("\nDeleted: {}".format(GROUP_NAME))
def __init__(self, derived_arg_spec, bypass_checks=False, no_log=False, check_invalid_arguments=None, mutually_exclusive=None, required_together=None, required_one_of=None, add_file_common_args=False, supports_check_mode=False, required_if=None, supports_tags=True, facts_module=False, skip_exec=False): merged_arg_spec = dict() merged_arg_spec.update(AZURE_COMMON_ARGS) if supports_tags: merged_arg_spec.update(AZURE_TAG_ARGS) if derived_arg_spec: merged_arg_spec.update(derived_arg_spec) merged_required_if = list(AZURE_COMMON_REQUIRED_IF) if required_if: merged_required_if += required_if self.module = AnsibleModule( argument_spec=merged_arg_spec, bypass_checks=bypass_checks, no_log=no_log, check_invalid_arguments=check_invalid_arguments, mutually_exclusive=mutually_exclusive, required_together=required_together, required_one_of=required_one_of, add_file_common_args=add_file_common_args, supports_check_mode=supports_check_mode, required_if=merged_required_if) if not HAS_PACKAGING_VERSION: self.fail( "Do you have packaging installed? Try `pip install packaging`" "- {0}".format(HAS_PACKAGING_VERSION_EXC)) if not HAS_MSRESTAZURE: self.fail( "Do you have msrestazure installed? Try `pip install msrestazure`" "- {0}".format(HAS_MSRESTAZURE_EXC)) if not HAS_AZURE: self.fail( "Do you have azure>={1} installed? Try `pip install ansible[azure]`" "- {0}".format(HAS_AZURE_EXC, AZURE_MIN_RELEASE)) self._cloud_environment = None self._network_client = None self._storage_client = None self._resource_client = None self._compute_client = None self._dns_client = None self._web_client = None self._containerservice_client = None self.check_mode = self.module.check_mode self.api_profile = self.module.params.get('api_profile') self.facts_module = facts_module # self.debug = self.module.params.get('debug') # authenticate self.credentials = self._get_credentials(self.module.params) if not self.credentials: if HAS_AZURE_CLI_CORE: self.fail( "Failed to get credentials. Either pass as parameters, set environment variables, " "define a profile in ~/.azure/credentials, or log in with Azure CLI (`az login`)." ) else: self.fail( "Failed to get credentials. Either pass as parameters, set environment variables, " "define a profile in ~/.azure/credentials, or install Azure CLI and log in (`az login`)." ) # cert validation mode precedence: module-arg, credential profile, env, "validate" self._cert_validation_mode = self.module.params['cert_validation_mode'] or self.credentials.get('cert_validation_mode') or \ os.environ.get('AZURE_CERT_VALIDATION_MODE') or 'validate' if self._cert_validation_mode not in ['validate', 'ignore']: self.fail('invalid cert_validation_mode: {0}'.format( self._cert_validation_mode)) # if cloud_environment specified, look up/build Cloud object raw_cloud_env = self.credentials.get('cloud_environment') if self.credentials.get( 'credentials') is not None and raw_cloud_env is not None: self._cloud_environment = raw_cloud_env elif not raw_cloud_env: self._cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD # SDK default else: # try to look up "well-known" values via the name attribute on azure_cloud members all_clouds = [ x[1] for x in inspect.getmembers(azure_cloud) if isinstance(x[1], azure_cloud.Cloud) ] matched_clouds = [x for x in all_clouds if x.name == raw_cloud_env] if len(matched_clouds) == 1: self._cloud_environment = matched_clouds[0] elif len(matched_clouds) > 1: self.fail( "Azure SDK failure: more than one cloud matched for cloud_environment name '{0}'" .format(raw_cloud_env)) else: if not urlparse.urlparse(raw_cloud_env).scheme: self.fail( "cloud_environment must be an endpoint discovery URL or one of {0}" .format([x.name for x in all_clouds])) try: self._cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint( raw_cloud_env) except Exception as e: self.fail( "cloud_environment {0} could not be resolved: {1}". format(raw_cloud_env, e.message), exception=traceback.format_exc(e)) if self.credentials.get( 'subscription_id', None) is None and self.credentials.get('credentials') is None: self.fail("Credentials did not include a subscription_id value.") self.log("setting subscription_id") self.subscription_id = self.credentials['subscription_id'] if self.credentials.get('credentials') is not None: # AzureCLI credentials self.azure_credentials = self.credentials['credentials'] elif self.credentials.get('client_id') is not None and \ self.credentials.get('secret') is not None and \ self.credentials.get('tenant') is not None: self.azure_credentials = ServicePrincipalCredentials( client_id=self.credentials['client_id'], secret=self.credentials['secret'], tenant=self.credentials['tenant'], cloud_environment=self._cloud_environment, verify=self._cert_validation_mode == 'validate') elif self.credentials.get( 'ad_user') is not None and self.credentials.get( 'password') is not None: tenant = self.credentials.get('tenant') if not tenant: tenant = 'common' # SDK default self.azure_credentials = UserPassCredentials( self.credentials['ad_user'], self.credentials['password'], tenant=tenant, cloud_environment=self._cloud_environment, verify=self._cert_validation_mode == 'validate') else: self.fail( "Failed to authenticate with provided credentials. Some attributes were missing. " "Credentials must include client_id, secret and tenant or ad_user and password or " "be logged using AzureCLI.") # common parameter validation if self.module.params.get('tags'): self.validate_tags(self.module.params['tags']) if not skip_exec: res = self.exec_module(**self.module.params) self.module.exit_json(**res)
def _determine_auth(**kwargs): """ Acquire Azure ARM Credentials """ if "profile" in kwargs: azure_credentials = __salt__["config.option"](kwargs["profile"]) kwargs.update(azure_credentials) service_principal_creds_kwargs = ["client_id", "secret", "tenant"] user_pass_creds_kwargs = ["username", "password"] try: if kwargs.get("cloud_environment") and kwargs.get( "cloud_environment").startswith("http"): cloud_env = get_cloud_from_metadata_endpoint( kwargs["cloud_environment"]) else: cloud_env_module = importlib.import_module( "msrestazure.azure_cloud") cloud_env = getattr( cloud_env_module, kwargs.get("cloud_environment", "AZURE_PUBLIC_CLOUD")) except (AttributeError, ImportError, MetadataEndpointError): raise sys.exit( "The Azure cloud environment {} is not available.".format( kwargs["cloud_environment"])) if set(service_principal_creds_kwargs).issubset(kwargs): if not (kwargs["client_id"] and kwargs["secret"] and kwargs["tenant"]): raise SaltInvocationError( "The client_id, secret, and tenant parameters must all be " "populated if using service principals.") else: credentials = ServicePrincipalCredentials( kwargs["client_id"], kwargs["secret"], tenant=kwargs["tenant"], cloud_environment=cloud_env, ) elif set(user_pass_creds_kwargs).issubset(kwargs): if not (kwargs["username"] and kwargs["password"]): raise SaltInvocationError( "The username and password parameters must both be " "populated if using username/password authentication.") else: credentials = UserPassCredentials(kwargs["username"], kwargs["password"], cloud_environment=cloud_env) elif "subscription_id" in kwargs: try: from msrestazure.azure_active_directory import MSIAuthentication credentials = MSIAuthentication(cloud_environment=cloud_env) except ImportError: raise SaltSystemExit(msg=( "MSI authentication support not availabe (requires msrestazure >=" " 0.4.14)")) else: raise SaltInvocationError( "Unable to determine credentials. " "A subscription_id with username and password, " "or client_id, secret, and tenant or a profile with the " "required parameters populated") if "subscription_id" not in kwargs: raise SaltInvocationError("A subscription_id must be specified") subscription_id = salt.utils.stringutils.to_str(kwargs["subscription_id"]) return credentials, subscription_id, cloud_env
def __init__(self, derived_arg_spec, bypass_checks=False, no_log=False, check_invalid_arguments=True, mutually_exclusive=None, required_together=None, required_one_of=None, add_file_common_args=False, supports_check_mode=False, required_if=None, supports_tags=True, facts_module=False, skip_exec=False): merged_arg_spec = dict() merged_arg_spec.update(AZURE_COMMON_ARGS) if supports_tags: merged_arg_spec.update(AZURE_TAG_ARGS) if derived_arg_spec: merged_arg_spec.update(derived_arg_spec) merged_required_if = list(AZURE_COMMON_REQUIRED_IF) if required_if: merged_required_if += required_if self.module = AnsibleModule(argument_spec=merged_arg_spec, bypass_checks=bypass_checks, no_log=no_log, check_invalid_arguments=check_invalid_arguments, mutually_exclusive=mutually_exclusive, required_together=required_together, required_one_of=required_one_of, add_file_common_args=add_file_common_args, supports_check_mode=supports_check_mode, required_if=merged_required_if) if not HAS_PACKAGING_VERSION: self.fail("Do you have packaging installed? Try `pip install packaging`" "- {0}".format(HAS_PACKAGING_VERSION_EXC)) if not HAS_MSRESTAZURE: self.fail("Do you have msrestazure installed? Try `pip install msrestazure`" "- {0}".format(HAS_MSRESTAZURE_EXC)) if not HAS_AZURE: self.fail("Do you have azure>={1} installed? Try `pip install 'azure>={1}' --upgrade`" "- {0}".format(HAS_AZURE_EXC, AZURE_MIN_RELEASE)) self._cloud_environment = None self._network_client = None self._storage_client = None self._resource_client = None self._compute_client = None self._dns_client = None self._web_client = None self._containerservice_client = None self.check_mode = self.module.check_mode self.facts_module = facts_module # self.debug = self.module.params.get('debug') # authenticate self.credentials = self._get_credentials(self.module.params) if not self.credentials: self.fail("Failed to get credentials. Either pass as parameters, set environment variables, " "or define a profile in ~/.azure/credentials or be logged using AzureCLI.") # if cloud_environment specified, look up/build Cloud object raw_cloud_env = self.credentials.get('cloud_environment') if not raw_cloud_env: self._cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD # SDK default else: # try to look up "well-known" values via the name attribute on azure_cloud members all_clouds = [x[1] for x in inspect.getmembers(azure_cloud) if isinstance(x[1], azure_cloud.Cloud)] matched_clouds = [x for x in all_clouds if x.name == raw_cloud_env] if len(matched_clouds) == 1: self._cloud_environment = matched_clouds[0] elif len(matched_clouds) > 1: self.fail("Azure SDK failure: more than one cloud matched for cloud_environment name '{0}'".format(raw_cloud_env)) else: if not urlparse.urlparse(raw_cloud_env).scheme: self.fail("cloud_environment must be an endpoint discovery URL or one of {0}".format([x.name for x in all_clouds])) try: self._cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(raw_cloud_env) except Exception as e: self.fail("cloud_environment {0} could not be resolved: {1}".format(raw_cloud_env, e.message), exception=traceback.format_exc(e)) if self.credentials.get('subscription_id', None) is None: self.fail("Credentials did not include a subscription_id value.") self.log("setting subscription_id") self.subscription_id = self.credentials['subscription_id'] if self.credentials.get('client_id') is not None and \ self.credentials.get('secret') is not None and \ self.credentials.get('tenant') is not None: self.azure_credentials = ServicePrincipalCredentials(client_id=self.credentials['client_id'], secret=self.credentials['secret'], tenant=self.credentials['tenant'], cloud_environment=self._cloud_environment) elif self.credentials.get('ad_user') is not None and self.credentials.get('password') is not None: tenant = self.credentials.get('tenant') if not tenant: tenant = 'common' # SDK default self.azure_credentials = UserPassCredentials(self.credentials['ad_user'], self.credentials['password'], tenant=tenant, cloud_environment=self._cloud_environment) else: self.fail("Failed to authenticate with provided credentials. Some attributes were missing. " "Credentials must include client_id, secret and tenant or ad_user and password or " "be logged using AzureCLI.") # common parameter validation if self.module.params.get('tags'): self.validate_tags(self.module.params['tags']) if not skip_exec: res = self.exec_module(**self.module.params) self.module.exit_json(**res)
def run_example(config): """Resource Group management example.""" try: logging.basicConfig(level=logging.ERROR) mystack_cloud = get_cloud_from_metadata_endpoint( config['resourceManagerUrl']) subscription_id = config['subscriptionId'] # Azure stack location location = config['location'] credentials = ClientSecretCredential( client_id = config['clientId'], client_secret = config['clientSecret'], tenant_id = config['tenantId'], authority = mystack_cloud.endpoints.active_directory ) KnownProfiles.default.use(KnownProfiles.v2020_09_01_hybrid) scope = "openid profile offline_access" + " " + mystack_cloud.endpoints.active_directory_resource_id + "/.default" client = ResourceManagementClient( credentials , subscription_id, base_url=mystack_cloud.endpoints.resource_manager, credential_scopes=[scope]) # # Managing resource groups # resource_group_params = {'location': location} # List Resource Groups print('List Resource Groups') for item in client.resource_groups.list(): print_item(item) # Create Resource group print('Create Resource Group') print_item(client.resource_groups.create_or_update(GROUP_NAME, resource_group_params)) # Modify the Resource group print('Modify Resource Group') resource_group_params.update(tags={'hello': 'world'}) print_item(client.resource_groups.create_or_update(GROUP_NAME, resource_group_params)) # Create a Key Vault in the Resource Group print('Create a Key Vault via a Generic Resource Put') key_vault_params = { 'location': location, 'properties': { 'sku': {'family': 'A', 'name': 'standard'}, 'tenantId': config['tenantId'], 'accessPolicies': [], 'enabledForDeployment': True, 'enabledForTemplateDeployment': True, 'enabledForDiskEncryption': True } } client.resources.begin_create_or_update( resource_group_name=GROUP_NAME, resource_provider_namespace="Microsoft.KeyVault", parent_resource_path="", resource_type="vaults", resource_name='azureSampleVault' + datetime.utcnow().strftime("-%H%M%S"), parameters = key_vault_params, api_version="2016-10-01" ).result() # List Resources within the group print('List all of the resources within the group') for item in client.resources.list_by_resource_group(GROUP_NAME): print_item(item) # Export the Resource group template print('Export Resource Group Template') BODY = { 'resources': ['*'] } rgTemplate = client.resource_groups.begin_export_template(GROUP_NAME, BODY).result() print(rgTemplate.template) print('\n\n') finally: # Delete Resource group and everything in it print('Delete Resource Group') client.resource_groups.begin_delete(GROUP_NAME).result() print("\nDeleted: {}".format(GROUP_NAME))
def run_example(): """Resource Group management example.""" # # Create the Resource Manager Client with an Application (service principal) token provider # mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) subscription_id = os.environ['AZURE_SUBSCRIPTION_ID'] credentials = ServicePrincipalCredentials( client_id=os.environ['AZURE_CLIENT_ID'], secret=os.environ['AZURE_CLIENT_SECRET'], tenant=os.environ['AZURE_TENANT_ID'], cloud_environment=mystack_cloud) # By Default, use AzureStack supported profile KnownProfiles.default.use(KnownProfiles.v2018_03_01_hybrid) logging.basicConfig(level=logging.ERROR) client = ResourceManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) # # Managing resource groups # resource_group_params = {'location': LOCATION} # List Resource Groups print('List Resource Groups') for item in client.resource_groups.list(): print_item(item) # Create Resource group print('Create Resource Group') print_item( client.resource_groups.create_or_update(GROUP_NAME, resource_group_params)) # Modify the Resource group print('Modify Resource Group') resource_group_params.update(tags={'hello': 'world'}) print_item( client.resource_groups.create_or_update(GROUP_NAME, resource_group_params)) # Create a Key Vault in the Resource Group print('Create a Key Vault via a Generic Resource Put') key_vault_params = { 'location': LOCATION, 'properties': { 'sku': { 'family': 'A', 'name': 'standard' }, 'tenantId': os.environ['AZURE_TENANT_ID'], 'accessPolicies': [], 'enabledForDeployment': True, 'enabledForTemplateDeployment': True, 'enabledForDiskEncryption': True } } client.resources.create_or_update( GROUP_NAME, 'Microsoft.KeyVault', '', 'vaults', # Suffix random string to make vault name unique 'azureSampleVault' + datetime.utcnow().strftime("-%H%M%S"), '2015-06-01', key_vault_params) # List Resources within the group print('List all of the resources within the group') for item in client.resources.list_by_resource_group(GROUP_NAME): print_item(item) # Export the Resource group template print('Export Resource Group Template') print( json.dumps(client.resource_groups.export_template(GROUP_NAME, ['*']).template, indent=4)) print('\n\n') # Delete Resource group and everything in it print('Delete Resource Group') delete_async_operation = client.resource_groups.delete(GROUP_NAME) delete_async_operation.wait() print("\nDeleted: {}".format(GROUP_NAME))
def run_example(): """Virtual Machine management example.""" # # Create all clients with an Application (service principal) token provider # mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) # Set Storage Endpoint suffix arm_url = mystack_cloud.endpoints.resource_manager storage_endpoint_suffix = arm_url.replace(arm_url.split(".")[0], "").strip('./') # By Default, use AzureStack supported profile KnownProfiles.default.use(KnownProfiles.v2017_03_09_profile) """ Authenticate using service principal w/ cert. """ subscription_id = os.environ['AZURE_SUBSCRIPTION_ID'] cert_file = os.environ['AZURE_CERT_PATH'] tenant = os.environ['AZURE_TENANT_ID'] client_id = os.environ['AZURE_CLIENT_ID'] from OpenSSL.crypto import load_certificate, FILETYPE_PEM with open(cert_file, 'r') as file_reader: cert_file_string = file_reader.read() cert = load_certificate(FILETYPE_PEM, cert_file_string) thumbprint = cert.digest("sha1").decode() authority_uri, is_adfs = _get_authority_url(mystack_cloud, tenant) resource_uri = mystack_cloud.endpoints.active_directory_resource_id context = adal.AuthenticationContext(authority_uri, api_version=None, validate_authority=(not is_adfs)) mgmt_token = context.acquire_token_with_client_certificate( resource_uri, client_id, cert_file_string, thumbprint) credentials = AADTokenCredentials(mgmt_token, client_id) # By Default, use AzureStack supported profile KnownProfiles.default.use(KnownProfiles.v2017_03_09_profile) resource_client = ResourceManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) compute_client = ComputeManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) storage_client = StorageManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) network_client = NetworkManagementClient( credentials, subscription_id, base_url=mystack_cloud.endpoints.resource_manager) ########### # Prepare # ########### # Create Resource group print('\nCreate Resource Group') resource_client.resource_groups.create_or_update(GROUP_NAME, {'location': LOCATION}) # Create a storage account print('\nCreate a storage account') storage_async_operation = storage_client.storage_accounts.create( GROUP_NAME, STORAGE_ACCOUNT_NAME, { 'sku': { 'name': 'standard_lrs' }, 'kind': 'storage', 'location': LOCATION }) storage_async_operation.wait() # Create a NIC nic = create_nic(network_client) ############# # VM Sample # ############# # Create Linux VM print('\nCreating Linux Virtual Machine') vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE['linux'], storage_endpoint_suffix) async_vm_creation = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.wait() # Tag the VM print('\nTag Virtual Machine') async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, { 'location': LOCATION, 'tags': { 'who-rocks': 'python', 'where': 'on azure' } }) async_vm_update.wait() # Attach data disk print('\nAttach Data Disk') async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, { 'location': LOCATION, 'storage_profile': { 'data_disks': [{ 'name': 'mydatadisk1', 'disk_size_gb': 1, 'lun': 0, 'vhd': { 'uri': "https://{}.blob.{}/vhds/mydatadisk1.vhd".format( STORAGE_ACCOUNT_NAME, storage_endpoint_suffix) }, 'create_option': 'Empty' }] } }) async_vm_update.wait() # Get the virtual machine by name print('\nGet Virtual Machine by Name') virtual_machine = compute_client.virtual_machines.get(GROUP_NAME, VM_NAME) # Detach data disk print('\nDetach Data Disk') data_disks = virtual_machine.storage_profile.data_disks data_disks[:] = [disk for disk in data_disks if disk.name != 'mydatadisk1'] async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, virtual_machine) virtual_machine = async_vm_update.result() # Deallocating the VM (resize prepare) print('\nDeallocating the VM (resize prepare)') async_vm_deallocate = compute_client.virtual_machines.deallocate( GROUP_NAME, VM_NAME) async_vm_deallocate.wait() # Update OS disk size by 10Gb print('\nUpdate OS disk size') # Server is not returning the OS Disk size (None), possible bug in server if not virtual_machine.storage_profile.os_disk.disk_size_gb: print( "\tServer is not returning the OS disk size, possible bug in the server?" ) print("\tAssuming that the OS disk size is 256 GB") virtual_machine.storage_profile.os_disk.disk_size_gb = 256 virtual_machine.storage_profile.os_disk.disk_size_gb += 10 async_vm_update = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, virtual_machine) virtual_machine = async_vm_update.result() # Start the VM print('\nStart VM') async_vm_start = compute_client.virtual_machines.start(GROUP_NAME, VM_NAME) async_vm_start.wait() # Restart the VM print('\nRestart VM') async_vm_restart = compute_client.virtual_machines.restart( GROUP_NAME, VM_NAME) async_vm_restart.wait() # Stop the VM print('\nStop VM') async_vm_stop = compute_client.virtual_machines.power_off( GROUP_NAME, VM_NAME) async_vm_stop.wait() # List VMs in subscription print('\nList VMs in subscription') for vm in compute_client.virtual_machines.list_all(): print("\tVM: {}".format(vm.name)) # List VM in resource group print('\nList VMs in resource group') for vm in compute_client.virtual_machines.list(GROUP_NAME): print("\tVM: {}".format(vm.name)) # Delete VM print('\nDelete VM') async_vm_delete = compute_client.virtual_machines.delete( GROUP_NAME, VM_NAME) async_vm_delete.wait() # Create Windows VM print('\nCreating Windows Virtual Machine') # Recycling NIC of previous VM vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE['windows'], storage_endpoint_suffix) async_vm_creation = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.wait() input("Press enter to delete this Resource Group.") # Delete Resource group and everything in it print('\nDelete Resource Group') delete_async_operation = resource_client.resource_groups.delete(GROUP_NAME) delete_async_operation.wait() print("\nDeleted: {}".format(GROUP_NAME))
async def determine_auth(hub, ctx, resource=None, **kwargs): """ Acquire Azure RM Credentials (mgmt modules) """ service_principal_creds_kwargs = ["client_id", "secret", "tenant"] user_pass_creds_kwargs = ["username", "password"] if ctx["acct"]: for key, val in ctx["acct"].items(): # explicit kwargs override acct kwargs.setdefault(key, val) cred_kwargs = {} if resource: cred_kwargs.update({"resource": resource}) try: if kwargs.get("cloud_environment") and kwargs.get( "cloud_environment").startswith("http"): cloud_env = get_cloud_from_metadata_endpoint( kwargs["cloud_environment"]) else: cloud_env_module = importlib.import_module( "msrestazure.azure_cloud") cloud_env = getattr( cloud_env_module, kwargs.get("cloud_environment", "AZURE_PUBLIC_CLOUD")) except (AttributeError, ImportError, MetadataEndpointError): raise sys.exit( "The Azure cloud environment {0} is not available.".format( kwargs["cloud_environment"])) if set(service_principal_creds_kwargs).issubset(kwargs): if not (kwargs["client_id"] and kwargs["secret"] and kwargs["tenant"]): raise Exception( "The client_id, secret, and tenant parameters must all be " "populated if using service principals.") credentials = ServicePrincipalCredentials( kwargs["client_id"], kwargs["secret"], tenant=kwargs["tenant"], cloud_environment=cloud_env, **cred_kwargs, ) elif set(user_pass_creds_kwargs).issubset(kwargs): if not (kwargs["username"] and kwargs["password"]): raise Exception( "The username and password parameters must both be " "populated if using username/password authentication.") credentials = UserPassCredentials( kwargs["username"], kwargs["password"], cloud_environment=cloud_env, **cred_kwargs, ) else: raise Exception( "Unable to determine credentials. " "A subscription_id with username and password, " "or client_id, secret, and tenant or a profile with the " "required parameters populated") if "subscription_id" not in kwargs: raise Exception("A subscription_id must be specified") subscription_id = str(kwargs["subscription_id"]) return credentials, subscription_id, cloud_env
def load_secrets(experiment_secrets: Secrets): """Load secrets from experiments or azure credential file. :param experiment_secrets: Secrets provided in experiment file :returns: a secret object Load secrets from multiple sources that can contain different format such as azure credential file or experiment secrets section. The latter takes precedence over azure credential file. Function returns following dictionary object: ```python { # always available "cloud": "variable contains msrest cloud object" # optional - available if user authenticate with service principal "client_id": "variable contains client id", "client_secret": "variable contains client secret", "tenant_id": "variable contains tenant id", # optional - available if user authenticate with existing token "access_token": "variable contains access token", } ``` :Loading secrets from experiment file: Function will try to load following secrets from the experiment file: ```json { "azure": { "client_id": "AZURE_CLIENT_ID", "client_secret": "AZURE_CLIENT_SECRET", "tenant_id": "AZURE_TENANT_ID", "access_token": "AZURE_ACCESS_TOKEN" } } ``` :Loading secrets from azure credential file: If experiment file contains no secrets, function will try to load secrets from the azure credential file. Path to the file should be set under AZURE_AUTH_LOCATION environment variable. Function will try to load following secrets from azure credential file: ```json { "clientId": "AZURE_CLIENT_ID", "clientSecret": "AZURE_CLIENT_SECRET", "tenantId": "AZURE_TENANT_ID", "resourceManagerEndpointUrl": "AZURE_RESOURCE_MANAGER_ENDPOINT", ... } ``` More info about azure credential file may be found: https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate """ # 1: lookup for secrets in experiment file if experiment_secrets: return { 'client_id': experiment_secrets.get('client_id'), 'client_secret': experiment_secrets.get('client_secret'), 'tenant_id': experiment_secrets.get('tenant_id'), # load cloud object 'cloud': cloud.get_or_raise(experiment_secrets.get('azure_cloud')), 'access_token': experiment_secrets.get('access_token'), } # 2: lookup for credentials in azure auth file az_auth_file = _load_azure_auth_file() if az_auth_file: rm_endpoint = az_auth_file.get('resourceManagerEndpointUrl') return { 'client_id': az_auth_file.get('clientId'), 'client_secret': az_auth_file.get('clientSecret'), 'tenant_id': az_auth_file.get('tenantId'), # load cloud object 'cloud': azure_cloud.get_cloud_from_metadata_endpoint(rm_endpoint), # access token is not supported for credential files 'access_token': None, } # no secretes logger.warn("Unable to load Azure credentials.") return {}