Exemplo n.º 1
0
def create_or_update_mediaservice(client, resource_group_name, account_name, storage_accounts=None,
                                  location=None, mi_system_assigned=False, mi_user_assigned=None,
                                  disable_public_network=False, default_action=None, ip_allow_list=None,
                                  tags=None):
    media_service = MediaService(location=location, storage_accounts=storage_accounts,
                                 tags=tags,
                                 public_network_access='Disabled' if disable_public_network else 'Enabled')

    if mi_system_assigned or mi_user_assigned:
        identity = MediaServiceIdentity(type='')
        identity.type = 'SystemAssigned' if mi_system_assigned else ''
        user_id_dict = {}
        if mi_user_assigned:
            identity.type = ','.join([identity.type, 'UserAssigned']) if identity.type else 'UserAssigned'
            for user_id in mi_user_assigned:
                user_id_dict[user_id] = {}
            identity.user_assigned_identities = user_id_dict
        media_service.identity = identity

    if default_action:
        media_service.key_delivery = KeyDelivery(access_control=AccessControl(default_action=default_action,
                                                                              ip_allow_list=ip_allow_list
                                                                              if default_action == 'Deny' else []))
    else:
        media_service.key_delivery = KeyDelivery(access_control=AccessControl(default_action="Allow",
                                                                              ip_allow_list=[]))

    return client.create_or_update(resource_group_name, account_name, media_service)
Exemplo n.º 2
0
def set_encryption(client,
                   resource_group_name,
                   account_name,
                   key_type=None,
                   current_key_id=None,
                   key_identifier=None):
    try:
        account_info = client.get(
            resource_group_name, account_name
        ) if resource_group_name else client.get_by_subscription(account_name)
        if key_type == 'CustomerKey':
            key_vault_props = KeyVaultProperties(
                key_identifier=key_identifier,
                current_key_identifier=current_key_id)
        else:
            key_vault_props = None
        encryption = AccountEncryption(type=key_type,
                                       key_vault_properties=key_vault_props)
        media_service = MediaService(
            location=account_info.location,
            identity=account_info.identity,
            storage_accounts=account_info.storage_accounts,
            encryption=encryption)

        return client.create_or_update(resource_group_name, account_name,
                                       media_service)
    except HttpResponseError as ex:
        recommendation = ''
        if ex.message == '(BadRequest) Access to the Customer Key was forbidden.':
            recommendation = 'Please use the Azure Portal to grant the key vault access to the media account.'\
                             'For more information please visit https://aka.ms/keyvaultaccess'
        raise BadRequestError(ex, recommendation)
Exemplo n.º 3
0
def create_or_update_mediaservice(client, resource_group_name, account_name, storage_accounts=None,
                                  location=None,
                                  tags=None):

    media_service = MediaService(location=location, storage_accounts=storage_accounts, tags=tags)

    return client.create_or_update(resource_group_name, account_name, media_service)
Exemplo n.º 4
0
def create_or_update_mediaservice(client, resource_group_name, account_name, storage_accounts=None,
                                  location=None,
                                  tags=None):

    from azure.mgmt.media.models import MediaService
    media_service = MediaService(location=location, storage_accounts=storage_accounts, tags=tags)

    return client.create_or_update(resource_group_name, account_name, media_service)
Exemplo n.º 5
0
def set_mediaservice_trusted_storage(client, resource_group_name, account_name,
                                     storage_auth):
    ams = client.get(resource_group_name, account_name)
    media_service = MediaService(location=ams.location,
                                 storage_accounts=ams.storage_accounts,
                                 storage_authentication=storage_auth)

    return client.create_or_update(resource_group_name, account_name,
                                   media_service)
Exemplo n.º 6
0
def set_encryption(client,
                   resource_group_name,
                   account_name,
                   key_type=None,
                   current_key_id=None,
                   key_identifier=None,
                   system_assigned=None,
                   user_assigned=None):
    try:
        account_info: MediaService = client.get(resource_group_name, account_name)\
            if resource_group_name else client.get_by_subscription(account_name)
        if key_type == AccountEncryptionKeyType.CUSTOMER_KEY:
            key_vault_props = KeyVaultProperties(
                key_identifier=key_identifier,
                current_key_identifier=current_key_id)

            if user_assigned:
                identity = ResourceIdentity(
                    use_system_assigned_identity=False,
                    user_assigned_identity=user_assigned)
            elif system_assigned:
                identity = ResourceIdentity(use_system_assigned_identity=True,
                                            user_assigned_identity=None)
            else:
                identity = None

            encryption = AccountEncryption(
                type=key_type,
                key_vault_properties=key_vault_props,
                identity=identity)
        else:
            encryption = AccountEncryption(type=key_type,
                                           key_vault_properties=None,
                                           identity=None)

        media_service: MediaService = MediaService(
            location=account_info.location,
            storage_accounts=account_info.storage_accounts,
            key_delivery=account_info.key_delivery,
            identity=account_info.identity,
            encryption=encryption,
            storage_authentication=account_info.storage_authentication,
            name=account_info.name,
            public_network_access=account_info.public_network_access)
        return client.create_or_update(resource_group_name, account_name,
                                       media_service)
    except HttpResponseError as ex:
        recommendation = ''
        if ex.message == '(BadRequest) Access to the Customer Key was forbidden.':
            recommendation = 'Please use the Azure Portal to grant the key vault access to the media account.'\
                             'For more information please visit https://aka.ms/keyvaultaccess'
        raise BadRequestError(ex, recommendation)
Exemplo n.º 7
0
def create_or_update_mediaservice(client,
                                  resource_group_name,
                                  account_name,
                                  storage_accounts=None,
                                  location=None,
                                  assign_identity=False,
                                  tags=None):
    identity = 'SystemAssigned' if assign_identity else 'None'
    media_service = MediaService(location=location,
                                 storage_accounts=storage_accounts,
                                 identity=MediaServiceIdentity(type=identity),
                                 tags=tags)

    return client.create_or_update(resource_group_name, account_name,
                                   media_service)
Exemplo n.º 8
0
def remove_mediaservice_secondary_storage(client, resource_group_name, account_name, storage_account):
    ams = client.get(resource_group_name, account_name)

    storage_accounts_filtered = list(filter(lambda s: storage_account not in s.id and 'Secondary' in s.type,
                                            ams.storage_accounts))

    primary_storage_account = list(filter(lambda s: 'Primary' in s.type, ams.storage_accounts))[0]
    storage_accounts_filtered.append(primary_storage_account)

    media_service = MediaService(name=ams.name, location=ams.location, key_delivery=ams.key_delivery,
                                 identity=ams.identity, encryption=ams.encryption,
                                 storage_accounts=storage_accounts_filtered,
                                 storage_authentication=ams.storage_authentication,
                                 public_network_access=ams.public_network_access)

    return client.create_or_update(resource_group_name, account_name, media_service)
Exemplo n.º 9
0
def set_mediaservice_trusted_storage(client, resource_group_name, account_name, storage_auth, storage_account_id=None,
                                     system_assigned=False, user_assigned=None):
    ams: MediaService = client.get(resource_group_name, account_name)\
        if resource_group_name else client.get_by_subscription(account_name)
    if storage_auth == 'ManagedIdentity' and storage_account_id is None:
        error_msg = 'Please specify a storage account id for the storage account whose identity you would like to set'
        raise ValidationError(error_msg)

    for storage_account in ams.storage_accounts:
        if storage_auth == 'ManagedIdentity':
            if storage_account.id.lower() == storage_account_id.lower():
                storage_account.identity = ResourceIdentity(use_system_assigned_identity=system_assigned,
                                                            user_assigned_identity=user_assigned)
        else:
            storage_account.identity = None

    media_service = MediaService(name=ams.name, location=ams.location, key_delivery=ams.key_delivery,
                                 identity=ams.identity, encryption=ams.encryption,
                                 storage_accounts=ams.storage_accounts, storage_authentication=storage_auth,
                                 public_network_access=ams.public_network_access)

    return client.create_or_update(resource_group_name, account_name, media_service)
Exemplo n.º 10
0
def add_mediaservice_secondary_storage(client, resource_group_name, account_name, storage_account,
                                       system_assigned=False, user_assigned=None):
    ams = client.get(resource_group_name, account_name)
    if (system_assigned is False and user_assigned is None and ams.storage_authentication == 'ManagedIdentity'):
        error_msg = 'Please specify either system assigned identity or a user assigned identity'
        raise ValidationError(error_msg)

    storage_accounts_filtered = list(filter(lambda s: storage_account in s.id, ams.storage_accounts))

    storage_account_secondary = StorageAccount(type='Secondary', id=storage_account)
    if ams.storage_authentication == 'ManagedIdentity':
        storage_account_secondary.identity = ResourceIdentity(use_system_assigned_identity=system_assigned,
                                                              user_assigned_identity=user_assigned)
    if not storage_accounts_filtered:
        ams.storage_accounts.append(storage_account_secondary)

    media_service = MediaService(name=ams.name, location=ams.location, key_delivery=ams.key_delivery,
                                 identity=ams.identity, encryption=ams.encryption,
                                 storage_accounts=ams.storage_accounts,
                                 storage_authentication=ams.storage_authentication,
                                 public_network_access=ams.public_network_access)

    return client.create_or_update(resource_group_name, account_name, media_service)
parameters = MediaService(
  location=account_location,
  storage_accounts=[
    StorageAccount(
      # This should point to an already created storage account that is Blob storage General purpose v2. 
      # Recommend to use ZRS or Geo redundant ZRS in regions that support availability zones
      type=StorageAccountType.PRIMARY,
      id=f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Storage/storageAccounts/{storage_account_name}",
      # Set the user assigned managed identity resource and set system assigned to false here.
      identity=ResourceIdentity(
        user_assigned_identity=managed_identity_resource,
        use_system_assigned_identity=False
      )
    )
  ],
  # Sets the account encryption used. This can be changed to customer key and point to a key vault key.
  encryption=AccountEncryption(
    type="SystemKey",
    # Optional settings if using key vault encryption key and managed identity
    # identity = ResourceIdentity(
    #   user_assigned_identity = managed_identity_resource,
    #   use_system_assigned_identity = False
    # ),
    # key_vault_properties = KeyVaultProperties(
    #   key_identifier = ""
    # )
  ),
  # Enables user or system assigned managed identity when accessing storage - a.k.a - trusted storage.
  storage_authentication="ManagedIdentity",
  identity=MediaServiceIdentity(
    type="UserAssigned",
    user_assigned_identities={
      "managed_identity_resource": {}
    }
  ),
  # If you plan to use a private network and do not want any streaming to 
  # go out to the public internet, you can disable this account setting.
  public_network_access="Enabled",
  key_delivery=KeyDelivery(
    access_control=AccessControl(
      default_action=DefaultAction.ALLOW,
      ip_allow_list=[
        # List the IPv3 addresses to Allow or Deny based on the defaulot action.
        # "10.0.0.1/32", you can use the CIDR IPv3 format,
        # "127.0.0.1" or a single individual IPv4 address as well
      ]
    )
  )
)
Exemplo n.º 12
0
    storage_account = storage_async_operation.result()
    print(storage_account)


create_storage(resource_group, storage_account_name, stor_avail_params,
               stor_account_params)

# Set up the values for you Media Services account
parameters = MediaService(
    location=account_location,
    storage_accounts=[
        StorageAccount(
            type=StorageAccountType.PRIMARY,
            id=
            f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Storage/storageAccounts/{storage_account_name}"
        )
    ],
    key_delivery=KeyDelivery(access_control=AccessControl(
        default_action=DefaultAction.ALLOW,
        ip_allow_list=[
            # List the IPv3 addresses to Allow or Deny based on the default action.
            # "10.0.0.1/32", you can use the CIDR IPv3 format,
            # "127.0.0.1" or a single individual IPv4 address as well
        ])))

availability = client.locations.check_name_availability(
    account_location,
    parameters=CheckNameAvailabilityInput(
        name=account_name, type="Microsoft.Media/mediaservices"))

if not availability.name_available:
    print(f"The account with the name {account_name} is not available.")