def test_is_resource_name(self): invalid_names = [ '', 'knights/ni', 'spam&eggs', 'i<3you', 'a' * 261, ] for test in invalid_names: assert not is_valid_resource_name(test) valid_names = [ 'abc-123', ' ', # no one said it had to be a good resource name. 'a' * 260, ] for test in valid_names: assert is_valid_resource_name(test)
def validate_private_dns_zone(db_context, server_name, private_dns_zone, private_dns_zone_suffix): cmd = db_context.cmd if db_context.command_group == 'postgres': server_endpoint = cmd.cli_ctx.cloud.suffixes.postgresql_server_endpoint else: server_endpoint = cmd.cli_ctx.cloud.suffixes.mysql_server_endpoint if private_dns_zone == server_name + server_endpoint: raise ValidationError("private dns zone name cannot be same as the server's fully qualified domain name") if private_dns_zone[-len(private_dns_zone_suffix):] != private_dns_zone_suffix: raise ValidationError('The suffix of the private DNS zone should be "{}"'.format(private_dns_zone_suffix)) if _is_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \ or not _is_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone): raise ValidationError("Check if the private dns zone name or Id is in correct format.")
def prepare_private_network(cmd, resource_group_name, server_name, vnet, subnet, location, delegation_service_name, vnet_address_pref, subnet_address_pref, yes): nw_client = network_client_factory(cmd.cli_ctx) resource_client = resource_client_factory(cmd.cli_ctx) # Handle vnet and subnet prefix if (vnet_address_pref is not None and subnet_address_pref is None) or \ (vnet_address_pref is None and subnet_address_pref is not None): raise ValidationError( "You need to provide both Vnet address prefix and Subnet address prefix." ) if vnet_address_pref is None: vnet_address_pref = DEFAULT_VNET_ADDRESS_PREFIX if subnet_address_pref is None: subnet_address_pref = DEFAULT_SUBNET_ADDRESS_PREFIX # pylint: disable=too-many-nested-blocks if subnet is not None and vnet is None: if not is_valid_resource_id(subnet): raise ValidationError( "Incorrectly formed Subnet ID. If you are providing only --subnet (not --vnet), the Subnet parameter should be in resource ID format." ) if 'child_name_1' not in parse_resource_id(subnet): raise ValidationError( "Incorrectly formed Subnet ID. Check if the Subnet ID is in the right format." ) logger.warning( "You have supplied a Subnet ID. Verifying its existence...") subnet_result = process_private_network_with_id_input( cmd, subnet, nw_client, resource_client, server_name, location, delegation_service_name, vnet_address_pref, subnet_address_pref, yes) elif subnet is None and vnet is not None: if is_valid_resource_id(vnet): logger.warning( "You have supplied a Vnet ID. Verifying its existence...") subnet_result = process_private_network_with_id_input( cmd, vnet, nw_client, resource_client, server_name, location, delegation_service_name, vnet_address_pref, subnet_address_pref, yes) elif _is_resource_name(vnet) and is_valid_resource_name(vnet): logger.warning( "You have supplied a Vnet name. Verifying its existence...") subnet_result = _create_vnet_subnet_delegation( cmd, nw_client, resource_client, delegation_service_name, resource_group_name, vnet, 'Subnet' + server_name, location, server_name, vnet_address_pref, subnet_address_pref, yes) else: raise ValidationError("Incorrectly formed Vnet ID or Vnet name") elif subnet is not None and vnet is not None: if _is_resource_name(vnet) and _is_resource_name(subnet): logger.warning( "You have supplied a Vnet and Subnet name. Verifying its existence..." ) subnet_result = _create_vnet_subnet_delegation( cmd, nw_client, resource_client, delegation_service_name, resource_group_name, vnet, subnet, location, server_name, vnet_address_pref, subnet_address_pref, yes) else: raise ValidationError( "If you pass both --vnet and --subnet, consider passing names instead of IDs. If you want to use an existing subnet, please provide the subnet Id only (not vnet Id)." ) else: return None return subnet_result.id
def prepare_private_dns_zone(cmd, database_engine, resource_group, server_name, private_dns_zone, subnet_id, location): from azure.mgmt.privatedns.models import SubResource dns_suffix_client = cf_postgres_flexible_private_dns_zone_suffix_operations( cmd.cli_ctx, '_') private_dns_zone_suffix = dns_suffix_client.execute(database_engine) vnet_sub, vnet_rg, vnet_name, _ = get_id_components(subnet_id) private_dns_client = private_dns_client_factory(cmd.cli_ctx) private_dns_link_client = private_dns_link_client_factory(cmd.cli_ctx) resource_client = resource_client_factory(cmd.cli_ctx) vnet_id = resource_id(subscription=vnet_sub, resource_group=vnet_rg, namespace='Microsoft.Network', type='virtualNetworks', name=vnet_name) nw_client = network_client_factory(cmd.cli_ctx, subscription_id=vnet_sub) vnet = nw_client.virtual_networks.get(vnet_rg, vnet_name) from azure.mgmt.privatedns.models import VirtualNetworkLink if private_dns_zone is None: private_dns_zone = server_name + '.' + private_dns_zone_suffix elif not _check_if_resource_name( private_dns_zone) and is_valid_resource_id(private_dns_zone): subscription, resource_group, private_dns_zone, _ = get_id_components( private_dns_zone) if private_dns_zone[-len(private_dns_zone_suffix ):] != private_dns_zone_suffix: raise ValidationError( 'The suffix for the private DNS zone should be "{}"'.format( private_dns_zone_suffix)) if subscription != get_subscription_id(cmd.cli_ctx): logger.warning( 'The provided private DNS zone ID is in different subscription from the server' ) resource_client = resource_client_factory( cmd.cli_ctx, subscription_id=subscription) private_dns_client = private_dns_client_factory( cmd.cli_ctx, subscription_id=subscription) private_dns_link_client = private_dns_link_client_factory( cmd.cli_ctx, subscription_id=subscription) _resource_group_verify_and_create(resource_client, resource_group, location) elif _check_if_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \ or not _check_if_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone): raise ValidationError( "Check if the private dns zone name or id is in correct format.") elif _check_if_resource_name(private_dns_zone) and private_dns_zone[ -len(private_dns_zone_suffix):] != private_dns_zone_suffix: raise ValidationError( 'The suffix for the private DNS zone should be "{}"'.format( private_dns_zone_suffix)) link = VirtualNetworkLink(location='global', virtual_network=SubResource(id=vnet.id)) link.registration_enabled = True if not check_existence(resource_client, private_dns_zone, resource_group, 'Microsoft.Network', 'privateDnsZones'): logger.warning('Creating a private dns zone %s..', private_dns_zone) from azure.mgmt.privatedns.models import PrivateZone private_zone = private_dns_client.create_or_update( resource_group_name=resource_group, private_zone_name=private_dns_zone, parameters=PrivateZone(location='global'), if_none_match='*').result() private_dns_link_client.create_or_update( resource_group_name=resource_group, private_zone_name=private_dns_zone, virtual_network_link_name=vnet_name + '-link', parameters=link, if_none_match='*').result() else: logger.warning('Using the existing private dns zone %s', private_dns_zone) private_zone = private_dns_client.get( resource_group_name=resource_group, private_zone_name=private_dns_zone) # private dns zone link list virtual_links = private_dns_link_client.list( resource_group_name=resource_group, private_zone_name=private_dns_zone) link_exist_flag = False for virtual_link in virtual_links: if virtual_link.virtual_network.id == vnet_id: link_exist_flag = True break if not link_exist_flag: private_dns_link_client.create_or_update( resource_group_name=resource_group, private_zone_name=private_dns_zone, virtual_network_link_name=vnet_name + '-link', parameters=link, if_none_match='*').result() return private_zone.id
def prepare_private_dns_zone(cmd, database_engine, resource_group, server_name, private_dns_zone, subnet_id, location): dns_suffix_client = cf_postgres_flexible_private_dns_zone_suffix_operations( cmd.cli_ctx, '_') private_dns_zone_suffix = dns_suffix_client.execute(database_engine) vnet_sub, vnet_rg, vnet_name, _ = get_id_components(subnet_id) private_dns_client = private_dns_client_factory(cmd.cli_ctx) private_dns_link_client = private_dns_link_client_factory(cmd.cli_ctx) resource_client = resource_client_factory(cmd.cli_ctx) vnet_id = resource_id(subscription=vnet_sub, resource_group=vnet_rg, namespace='Microsoft.Network', type='virtualNetworks', name=vnet_name) nw_client = network_client_factory(cmd.cli_ctx, subscription_id=vnet_sub) vnet = nw_client.virtual_networks.get(vnet_rg, vnet_name) dns_rg = None if private_dns_zone is None: if 'private' in private_dns_zone_suffix: private_dns_zone = server_name + '.' + private_dns_zone_suffix else: private_dns_zone = server_name + '.private.' + private_dns_zone_suffix # resource ID input => check subscription and change client elif not _check_if_resource_name( private_dns_zone) and is_valid_resource_id(private_dns_zone): subscription, dns_rg, private_dns_zone, _ = get_id_components( private_dns_zone) if private_dns_zone[-len(private_dns_zone_suffix ):] != private_dns_zone_suffix: raise ValidationError( 'The suffix of the private DNS zone should be "{}"'.format( private_dns_zone_suffix)) if subscription != get_subscription_id(cmd.cli_ctx): logger.warning( 'The provided private DNS zone ID is in different subscription from the server' ) resource_client = resource_client_factory( cmd.cli_ctx, subscription_id=subscription) private_dns_client = private_dns_client_factory( cmd.cli_ctx, subscription_id=subscription) private_dns_link_client = private_dns_link_client_factory( cmd.cli_ctx, subscription_id=subscription) _resource_group_verify_and_create(resource_client, dns_rg, location) # check Invalid resource ID or Name format elif _check_if_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \ or not _check_if_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone): raise ValidationError( "Check if the private dns zone name or Id is in correct format.") # Invalid resource name suffix check elif _check_if_resource_name(private_dns_zone) and private_dns_zone[ -len(private_dns_zone_suffix):] != private_dns_zone_suffix: raise ValidationError( 'The suffix of the private DNS zone should be in "{}" format'. format(private_dns_zone_suffix)) validate_private_dns_zone(cmd, server_name=server_name, private_dns_zone=private_dns_zone) link = VirtualNetworkLink(location='global', virtual_network=SubResource(id=vnet.id)) link.registration_enabled = False # check existence DNS zone and change resource group zone_exist_flag = False if dns_rg is not None and check_existence( resource_client, private_dns_zone, dns_rg, 'Microsoft.Network', 'privateDnsZones'): zone_exist_flag = True elif dns_rg is None and check_existence( resource_client, private_dns_zone, resource_group, 'Microsoft.Network', 'privateDnsZones'): zone_exist_flag = True dns_rg = resource_group elif dns_rg is None and check_existence(resource_client, private_dns_zone, vnet_rg, 'Microsoft.Network', 'privateDnsZones'): zone_exist_flag = True dns_rg = vnet_rg else: dns_rg = vnet_rg # create DNS zone if not exist if not zone_exist_flag: logger.warning('Creating a private dns zone %s in resource group "%s"', private_dns_zone, dns_rg) private_zone = private_dns_client.begin_create_or_update( resource_group_name=dns_rg, private_zone_name=private_dns_zone, parameters=PrivateZone(location='global'), if_none_match='*').result() private_dns_link_client.begin_create_or_update( resource_group_name=dns_rg, private_zone_name=private_dns_zone, virtual_network_link_name=vnet_name + '-link', parameters=link, if_none_match='*').result() else: logger.warning( 'Using the existing private dns zone %s in resource group "%s"', private_dns_zone, dns_rg) private_zone = private_dns_client.get( resource_group_name=dns_rg, private_zone_name=private_dns_zone) virtual_links = private_dns_link_client.list( resource_group_name=dns_rg, private_zone_name=private_dns_zone) link_exist_flag = False for virtual_link in virtual_links: if virtual_link.virtual_network.id == vnet_id: link_exist_flag = True break if not link_exist_flag: private_dns_link_client.begin_create_or_update( resource_group_name=dns_rg, private_zone_name=private_dns_zone, virtual_network_link_name=vnet_name + '-link', parameters=link, if_none_match='*').result() return private_zone.id