Exemplo n.º 1
0
    def get_action(self, values, option_string):  # pylint: disable=no-self-use
        from azure.mgmt.servicebus.v2021_06_01_preview.models import KeyVaultProperties
        from azure.mgmt.servicebus.v2021_06_01_preview.models import UserAssignedIdentityProperties
        from azure.cli.core.azclierror import InvalidArgumentValueError
        from azure.cli.core import CLIError

        keyVaultObject = KeyVaultProperties()

        for (k, v) in (x.split('=', 1) for x in values):
            if k == 'key-name':
                keyVaultObject.key_name = v
            elif k == 'key-vault-uri':
                keyVaultObject.key_vault_uri = v
                if keyVaultObject.key_vault_uri.endswith('/'):
                    keyVaultObject.key_vault_uri = keyVaultObject.key_vault_uri[:-1]
            elif k == 'key-version':
                keyVaultObject.key_version = v
            elif k == 'user-assigned-identity':
                keyVaultObject.identity = UserAssignedIdentityProperties()
                keyVaultObject.identity.user_assigned_identity = v
                if keyVaultObject.identity.user_assigned_identity.endswith('/'):
                    keyVaultObject.identity.user_assigned_identity = keyVaultObject.identity.user_assigned_identity[:-1]
            else:
                raise InvalidArgumentValueError("Invalid Argument for:'{}' Only allowed arguments are 'key-name, key-vault-uri, key-version and user-assigned-identity'".format(option_string))

        if (keyVaultObject.key_name is None) or (keyVaultObject.key_vault_uri is None):
            raise CLIError('key-name and key-vault-uri are mandatory properties')

        if keyVaultObject.key_version is None:
            keyVaultObject.key_version = ''

        return keyVaultObject
Exemplo n.º 2
0
def create_metric_alert(client,
                        resource_group_name,
                        rule_name,
                        scopes,
                        condition,
                        disabled=False,
                        description=None,
                        tags=None,
                        actions=None,
                        severity=2,
                        window_size='5m',
                        evaluation_frequency='1m',
                        auto_mitigate=None,
                        target_resource_type=None,
                        target_resource_region=None):
    from azure.mgmt.monitor.models import (
        MetricAlertResource, MetricAlertSingleResourceMultipleMetricCriteria,
        MetricAlertMultipleResourceMultipleMetricCriteria, MetricCriteria)
    from azure.cli.core import CLIError
    # generate names for the conditions
    for i, cond in enumerate(condition):
        cond.name = 'cond{}'.format(i)
    criteria = None
    resource_type, scope_type = _parse_resource_and_scope_type(scopes)
    if scope_type in ['resource_group', 'subscription']:
        if target_resource_type is None or target_resource_region is None:
            raise CLIError(
                '--target-resource-type and --target-resource-region must be provided.'
            )
        criteria = MetricAlertMultipleResourceMultipleMetricCriteria(
            all_of=condition)
    else:
        if len(scopes) == 1 and isinstance(condition, MetricCriteria):
            criteria = MetricAlertSingleResourceMultipleMetricCriteria(
                all_of=condition)
        else:
            criteria = MetricAlertMultipleResourceMultipleMetricCriteria(
                all_of=condition)
            target_resource_type = resource_type
            target_resource_region = target_resource_region if target_resource_region else 'global'

    kwargs = {
        'description': description,
        'severity': severity,
        'enabled': not disabled,
        'scopes': scopes,
        'evaluation_frequency': evaluation_frequency,
        'window_size': window_size,
        'criteria': criteria,
        'target_resource_type': target_resource_type,
        'target_resource_region': target_resource_region,
        'actions': actions,
        'tags': tags,
        'location': 'global',
        'auto_mitigate': auto_mitigate
    }
    return client.create_or_update(resource_group_name, rule_name,
                                   MetricAlertResource(**kwargs))
Exemplo n.º 3
0
 def parse_one_scope_with_action(scope, operation_on_scope):
     result = parse_resource_id(scope)
     if 'namespace' in result and 'resource_type' in result:
         operation_on_scope(result['namespace'], result['resource_type'], 'resource')
     elif 'resource_group' in result:  # It's a resource group.
         operation_on_scope('', '', 'resource_group')
     elif 'subscription' in result:  # It's a subscription.
         operation_on_scope('', '', 'subscription')
     else:
         raise CLIError('Scope must be a valid resource id.')
Exemplo n.º 4
0
def cli_remove_identity(cmd,
                        client,
                        resource_group_name,
                        namespace_name,
                        system_assigned=None,
                        user_assigned=None):
    namespace = client.get(resource_group_name, namespace_name)
    IdentityType = cmd.get_models('ManagedServiceIdentityType',
                                  resource_type=ResourceType.MGMT_EVENTHUB)

    from azure.cli.core import CLIError

    if namespace.identity is None:
        raise CLIError('The namespace does not have identity enabled')

    if system_assigned:
        if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED:
            namespace.identity.type = IdentityType.NONE

        if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED:
            namespace.identity.type = IdentityType.USER_ASSIGNED

    if user_assigned:
        if namespace.identity.type == IdentityType.USER_ASSIGNED:
            if namespace.identity.user_assigned_identities:
                for x in user_assigned:
                    namespace.identity.user_assigned_identities.pop(x)
                # if all identities are popped off of the dictionary, we disable user assigned identity
                if len(namespace.identity.user_assigned_identities) == 0:
                    namespace.identity.type = IdentityType.NONE
                    namespace.identity.user_assigned_identities = None

        if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED:
            if namespace.identity.user_assigned_identities:
                for x in user_assigned:
                    namespace.identity.user_assigned_identities.pop(x)
                # if all identities are popped off of the dictionary, we disable user assigned identity
                if len(namespace.identity.user_assigned_identities) == 0:
                    namespace.identity.type = IdentityType.SYSTEM_ASSIGNED
                    namespace.identity.user_assigned_identities = None

    client.begin_create_or_update(resource_group_name=resource_group_name,
                                  namespace_name=namespace_name,
                                  parameters=namespace).result()

    get_namespace = client.get(resource_group_name, namespace_name)

    return get_namespace
Exemplo n.º 5
0
def _parse_resource_type(scopes):
    from msrestazure.tools import parse_resource_id
    from azure.cli.core import CLIError
    namespace = None
    resource_type = None
    for item in scopes:
        item_namespace = parse_resource_id(item)['namespace']
        item_resource_type = parse_resource_id(item)['resource_type']
        if namespace is None and resource_type is None:
            namespace = item_namespace
            resource_type = item_resource_type
        else:
            if namespace != item_namespace or resource_type != item_resource_type:
                raise CLIError(
                    'Multiple scopes should be the same resource type.')
    return namespace + '/' + resource_type
Exemplo n.º 6
0
def _parse_resource_and_scope_type(scopes):
    from azure.mgmt.core.tools import parse_resource_id
    from knack.util import CLIError

    if not scopes:
        raise CLIError('scopes cannot be null.')

    namespace = ''
    resource_type = ''
    scope_type = None

    def validate_scope(item_namespace, item_resource_type, item_scope_type):
        if namespace != item_namespace or resource_type != item_resource_type or scope_type != item_scope_type:
            raise CLIError('Multiple scopes should be the same resource type.')

    def store_scope(item_namespace, item_resource_type, item_scope_type):
        nonlocal namespace
        nonlocal resource_type
        nonlocal scope_type
        namespace = item_namespace
        resource_type = item_resource_type
        scope_type = item_scope_type

    def parse_one_scope_with_action(scope, operation_on_scope):
        result = parse_resource_id(scope)
        if 'namespace' in result and 'resource_type' in result:
            operation_on_scope(result['namespace'], result['resource_type'],
                               'resource')
        elif 'resource_group' in result:  # It's a resource group.
            operation_on_scope('', '', 'resource_group')
        elif 'subscription' in result:  # It's a subscription.
            operation_on_scope('', '', 'subscription')
        else:
            raise CLIError('Scope must be a valid resource id.')

    # Store the resource type and scope type from first scope
    parse_one_scope_with_action(scopes[0], operation_on_scope=store_scope)
    # Validate the following scopes
    for item in scopes:
        parse_one_scope_with_action(item, operation_on_scope=validate_scope)

    return namespace + '/' + resource_type, scope_type
Exemplo n.º 7
0
def cli_remove_encryption(client, resource_group_name, namespace_name, encryption_config):
    namespace = client.get(resource_group_name, namespace_name)

    from azure.cli.core import CLIError

    if namespace.encryption is None:
        raise CLIError('The namespace does not have encryption enabled')

    if namespace.encryption.key_vault_properties:
        for encryption_property in encryption_config:
            if encryption_property in namespace.encryption.key_vault_properties:
                namespace.encryption.key_vault_properties.remove(encryption_property)

    client.begin_create_or_update(
        resource_group_name=resource_group_name,
        namespace_name=namespace_name,
        parameters=namespace).result()

    get_namespace = client.get(resource_group_name, namespace_name)

    return get_namespace
Exemplo n.º 8
0
 def validate_scope(item_namespace, item_resource_type, item_scope_type):
     if namespace != item_namespace or resource_type != item_resource_type or scope_type != item_scope_type:
         raise CLIError('Multiple scopes should be the same resource type.')