Exemplo n.º 1
0
def validate_servers(namespace):
    from azure.mgmt.network.models import ApplicationGatewayBackendAddress
    servers = []
    for item in namespace.servers if namespace.servers else []:
        try:
            socket.inet_aton(item)  #pylint:disable=no-member
            servers.append(ApplicationGatewayBackendAddress(ip_address=item))
        except socket.error:  #pylint:disable=no-member
            servers.append(ApplicationGatewayBackendAddress(fqdn=item))
    namespace.servers = servers
    def _create_new_appgw(
        self,
        tag: str,
        event: CreateOrUpdateEvent,
        ip_address: PublicIPAddress,
        location_options: LocationOptions,
        tls_cert: ApplicationGatewaySslCertificate,
    ):
        """
        Creates a new Application Gateway to Azure.
        """
        logging.debug("Creating a new application gateway instance")
        # Use tag to create unique name for the appgw
        application_gateway_name = f"{TAG_APPGWGROUP}-{tag}-appgw"
        subnet_id = self._get_subnet_id(
            location_options.azure_resource_group_name,
            location_options.azure_vnet_name,
            location_options.azure_subnet_name,
        )
        # Make WAF Policy
        appgateway_id = self._get_appgateway_id(
            location_options.azure_resource_group_name, application_gateway_name
        )

        app_gw_listener = self._create_http_listener(
            name=event.id,
            host_name=event.next_config.subdomain,
            appgateway_id=appgateway_id,
            waf_policy=self._make_waf_policy(
                policy_name=event.id,
                allowed_host=event.next_config.subdomain,
                ip_whitelist=event.next_config.ip_whitelist,
                resource_group_name=location_options.azure_resource_group_name,
                location=location_options.azure_location,
            ),
        )
        app_gw_routing_rule = _create_routing_rule(
            name=event.id,
            appgateway_id=appgateway_id,
            appgateway_listener_name=app_gw_listener.name,
        )
        # Start creating application gateway
        self.network.application_gateways.begin_create_or_update(
            resource_group_name=location_options.azure_resource_group_name,
            application_gateway_name=application_gateway_name,
            parameters=ApplicationGateway(
                tags=get_policy_tags(additional_tags={TAG_APPGWGROUP: tag}),
                location=location_options.azure_location,
                sku=ApplicationGatewaySku(name="WAF_v2", tier="WAF_v2", capacity=2),
                gateway_ip_configurations=[
                    ApplicationGatewayIPConfiguration(
                        name="appGatewayIpConfig", subnet=SubResource(id=subnet_id)
                    )
                ],
                frontend_ip_configurations=[
                    ApplicationGatewayFrontendIPConfiguration(
                        name=APPGATEWAY_FRONTIP_NAME,
                        public_ip_address=SubResource(id=ip_address.id),
                    )
                ],
                frontend_ports=[
                    ApplicationGatewayFrontendPort(
                        name=APPGATEWAY_FRONTPORT_NAME, port=443
                    )
                ],
                backend_address_pools=[
                    ApplicationGatewayBackendAddressPool(
                        name=APPGATEWAY_BACKENDPOOL_NAME,
                        backend_addresses=[
                            ApplicationGatewayBackendAddress(
                                ip_address=location_options.backend_address
                            )
                        ],
                    )
                ],
                backend_http_settings_collection=[
                    ApplicationGatewayBackendHttpSettings(
                        name=APPGATEWAY_HTTP_SETTINGS_NAME,
                        port=location_options.backend_port,
                        protocol=location_options.backend_protocol,
                        cookie_based_affinity="Enabled",
                    )
                ],
                http_listeners=[app_gw_listener],
                request_routing_rules=[app_gw_routing_rule],
                identity=ManagedServiceIdentity(
                    type="UserAssigned",
                    user_assigned_identities=self.options.azure_appgw_managed_identity,
                ),
                ssl_certificates=[tls_cert],
            ),
        )