def setup_account():
# Find actual name of storage account provisioned in our test environment
s = Session()
client = s.client('azure.mgmt.storage.StorageManagementClient')
accounts = list(client.storage_accounts.list())
matching_account = [a for a in accounts if a.name.startswith("cctstorage")]
return matching_account[0]
def test_api_version(self):
"""Verify we retrieve the correct API version for a resource type"""
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
resource = next(client.resources.list())
self.assertTrue(re.match('\\d{4}-\\d{2}-\\d{2}',
s.resource_api_version(resource.id)) is not None)
def setup_account():
# Find actual name of storage account provisioned in our test environment
s = Session()
client = s.client('azure.mgmt.storage.StorageManagementClient')
accounts = list(client.storage_accounts.list())
matching_account = [a for a in accounts if a.name.startswith("cctstorage")]
return matching_account[0]
def _enhance_policies(self, access_policies):
if not access_policies:
return access_policies
if self.graph_client is None:
s = Session(resource_endpoint_type=GRAPH_AUTH_ENDPOINT)
self.graph_client = s.client(
'azure.graphrbac.GraphRbacManagementClient')
# Retrieve graph objects for all object_id
object_ids = [p['objectId'] for p in access_policies]
# GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph
# or if graph is not available.
principal_dics = GraphHelper.get_principal_dictionary(
self.graph_client, object_ids, True)
for policy in access_policies:
aad_object = principal_dics[policy['objectId']]
if aad_object.object_id:
policy['displayName'] = aad_object.display_name
policy['aadType'] = aad_object.object_type
policy['principalName'] = GraphHelper.get_principal_name(
aad_object)
return access_policies
def test_add_or_update_single_tag(self):
"""Verifies we can add a new tag to a VM and not modify
an existing tag on that resource
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag',
'tag': 'tag1',
'value': 'value1'}
],
})
p.run()
# verify that the a new tag is added without modifying existing tags
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(vm.tags, {'tag1': 'value1', 'testtag': 'testvalue'})
def test_removal_does_not_raise_on_nonexistent_tag(self):
"""Verifies attempting to delete a tag that is
not on the resource does not throw an error
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'untag',
'tags': ['tag-does-not-exist']},
],
})
# verify initial tag set
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(vm.tags, {'testtag': 'testvalue'})
raised = False
try:
p.run()
except KeyError:
raised = True
# verify no exception raised and no changes to tags on resource
self.assertFalse(raised)
self.assertEqual(vm.tags, {'testtag': 'testvalue'})
def test_auto_tag_add_creator_tag(self, utcnow_mock):
"""Adds CreatorEmail to a resource group
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'auto-tag-user',
'tag': 'CreatorEmail'},
],
})
p.run()
# verify CreatorEmail tag set
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0]
self.assertTrue(re.match(self.EMAIL_REGEX, rg.tags['CreatorEmail']))
def test_tag_trim_does_nothing_if_space_available(self):
"""Verifies tag trim returns without trimming tags
if the resource has space equal to or greater than
the space value.
"""
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
start_tags = vm.tags
# verify there is at least 1 space for a tag
self.assertLess(len(start_tags), 15)
# trim for space for 1 tag
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag-trim',
'space': 1}
],
})
p.run()
# verify that tags are unchanged
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(vm.tags, start_tags)
def test_tag_trim_does_nothing_if_space_available(self):
"""Verifies tag trim returns without trimming tags
if the resource has space equal to or greater than
the space value.
"""
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
start_tags = vm.tags
# verify there is at least 1 space for a tag
self.assertLess(len(start_tags), 15)
# trim for space for 1 tag
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag-trim',
'space': 1}
],
})
p.run()
# verify that tags are unchanged
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(vm.tags, start_tags)
def test_get_client_non_default_base_url(self):
s = Session(cloud_endpoints=AZURE_CHINA_CLOUD)
client = s.client('azure.mgmt.resource.ResourceManagementClient')
self.assertEqual(AZURE_CHINA_CLOUD.endpoints.resource_manager,
client._client._base_url)
self.assertEqual(AZURE_CHINA_CLOUD.endpoints.management + ".default",
client._client._config.credential_scopes[0])
def test_api_version(self):
"""Verify we retrieve the correct API version for a resource type"""
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
resource = next(client.resources.list())
self.assertTrue(re.match('\\d{4}-\\d{2}-\\d{2}',
s.resource_api_version(resource.id)) is not None)
def test_add_or_update_single_tag(self):
"""Verifies we can add a new tag to a VM and not modify
an existing tag on that resource
"""
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.vm',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'
}],
'actions': [{
'type': 'tag',
'tag': 'tag1',
'value': 'value1'
}],
})
p.run()
# verify that the a new tag is added without modifying existing tags
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(vm.tags, {'tag1': 'value1', 'testtag': 'testvalue'})
def test_auto_tag_add_creator_tag(self, utcnow_mock):
"""Adds CreatorEmail to a resource group.
"""
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.resourcegroup',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'
}],
'actions': [
{
'type': 'auto-tag-user',
'tag': 'CreatorEmail'
},
],
})
p.run()
# verify CreatorEmail tag set
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [
rg for rg in client.resource_groups.list() if rg.name == 'test_vm'
][0]
self.assertTrue(re.match(self.EMAIL_REGEX, rg.tags['CreatorEmail']))
def test_tag_trim_removes_tags_for_space(self):
"""Verifies tag trim removes tags when the space value
and number of tags on the resource are greater than the max
tag value (15)
"""
# Add tags to trim
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.vm',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'
}],
'actions': [{
'type': 'tag',
'tags': {
'tag-to-trim1': 'value1',
'tag-to-trim2': 'value2'
}
}],
})
p.run()
# verify more than 1 tag on resource
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertTrue(len(vm.tags) > 1)
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.vm',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'
}],
'actions': [{
'type': 'tag-trim',
'space': 14,
'preserve': ['testtag']
}],
})
p.run()
# verify that tags were trimmed to
# have 14 spaces and 1 preserved
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(len(vm.tags), 1)
def test_get_client_us_gov(self):
"""Verify we are setting the correct credential scope for us government"""
s = Session(cloud_endpoints=AZURE_US_GOV_CLOUD)
client = s.client('azure.mgmt.resource.ResourceManagementClient')
self.assertEqual(AZURE_US_GOV_CLOUD.endpoints.resource_manager,
client._client._base_url)
self.assertEqual(AZURE_US_GOV_CLOUD.endpoints.management + ".default",
client._client._config.credential_scopes[0])
def test_get_client_overrides(self, mock):
# Reload the module to re-import patched function
reload(sys.modules['c7n_azure.session'])
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
self.assertFalse(client._client.config.retry_policy.policy.respect_retry_after_header)
self.assertIsNotNone(client._client.orig_send)
client._client.send()
self.assertTrue(mock.called)
def test_get_client_overrides(self, mock):
# Reload the module to re-import patched function
reload(sys.modules['c7n_azure.session'])
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
self.assertFalse(client._client.config.retry_policy.policy.respect_retry_after_header)
self.assertIsNotNone(client._client.orig_send)
client._client.send()
self.assertTrue(mock.called)
def test_remove_tags(self):
"""Verifies we can delete multiple tags from a resource
group without modifying existing tags.
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'tag',
'tags': {'pre-existing-1': 'to-keep', 'pre-existing-2': 'to-keep',
'added-1': 'to-delete', 'added-2': 'to-delete'}},
],
})
p.run()
# verify initial tag set
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0]
start_tags = rg.tags
self.assertTrue('pre-existing-1' in start_tags)
self.assertTrue('pre-existing-2' in start_tags)
self.assertTrue('added-1' in start_tags)
self.assertTrue('added-2' in start_tags)
p = self.load_policy({
'name': 'test-azure-remove-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'untag',
'tags': ['added-1', 'added-2']}
],
})
p.run()
# verify tags removed and pre-existing tags not removed
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] # NOQA
end_tags = rg.tags
self.assertTrue('pre-existing-1' in end_tags)
self.assertTrue('pre-existing-2' in end_tags)
self.assertTrue('added-1' not in end_tags)
self.assertTrue('added-2' not in end_tags)
def test_remove_tags(self):
"""Verifies we can delete multiple tags from a resource
group without modifying existing tags.
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'tag',
'tags': {'pre-existing-1': 'to-keep', 'pre-existing-2': 'to-keep',
'added-1': 'to-delete', 'added-2': 'to-delete'}},
],
})
p.run()
# verify initial tag set
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0]
start_tags = rg.tags
self.assertTrue('pre-existing-1' in start_tags)
self.assertTrue('pre-existing-2' in start_tags)
self.assertTrue('added-1' in start_tags)
self.assertTrue('added-2' in start_tags)
p = self.load_policy({
'name': 'test-azure-remove-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'untag',
'tags': ['added-1', 'added-2']}
],
})
p.run()
# verify tags removed and pre-existing tags not removed
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] # NOQA
end_tags = rg.tags
self.assertTrue('pre-existing-1' in end_tags)
self.assertTrue('pre-existing-2' in end_tags)
self.assertTrue('added-1' not in end_tags)
self.assertTrue('added-2' not in end_tags)
def test_tag_trim_space_0_removes_all_tags_but_preserve(self):
"""Verifies tag trim removes all other tags but tags
listed in preserve
"""
# Add tags to trim
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag',
'tags': {'tag-to-trim1': 'value1', 'tag-to-trim2': 'value2',
'tag-to-trim3': 'value3'}}
],
})
p.run()
# verify initial tags contain more than testtag
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertTrue('tag-to-trim1' in vm.tags)
self.assertTrue('tag-to-trim2' in vm.tags)
self.assertTrue('tag-to-trim3' in vm.tags)
self.assertTrue('testtag' in vm.tags)
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag-trim',
'space': 0,
'preserve': ['testtag']
}
],
})
p.run()
# verify all tags trimmed but testtag
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(vm.tags, {'testtag': 'testvalue'})
def test_tag_trim_space_0_removes_all_tags_but_preserve(self):
"""Verifies tag trim removes all other tags but tags
listed in preserve
"""
# Add tags to trim
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag',
'tags': {'tag-to-trim1': 'value1', 'tag-to-trim2': 'value2',
'tag-to-trim3': 'value3'}}
],
})
p.run()
# verify initial tags contain more than testtag
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertTrue('tag-to-trim1' in vm.tags)
self.assertTrue('tag-to-trim2' in vm.tags)
self.assertTrue('tag-to-trim3' in vm.tags)
self.assertTrue('testtag' in vm.tags)
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag-trim',
'space': 0,
'preserve': ['testtag']
}
],
})
p.run()
# verify all tags trimmed but testtag
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(vm.tags, {'testtag': 'testvalue'})
def test_auto_tag_update_false_noop_for_existing_tag(self, utcnow_mock):
"""Adds CreatorEmail to a resource group
"""
# setup by adding an existing CreatorEmail tag
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.resourcegroup',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'
}],
'actions': [
{
'type': 'tag',
'tag': 'CreatorEmail',
'value': 'do-not-modify'
},
],
})
p.run()
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.resourcegroup',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'
}],
'actions': [{
'type': 'auto-tag-user',
'tag': 'CreatorEmail',
'update': False,
'days': 10
}],
})
p.run()
# verify CreatorEmail tag was not modified
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [
rg for rg in client.resource_groups.list() if rg.name == 'test_vm'
][0]
self.assertEqual(rg.tags['CreatorEmail'], 'do-not-modify')
def test_tag_trim_removes_tags_for_space(self):
"""Verifies tag trim removes tags when the space value
and number of tags on the resource are greater than the max
tag value (15)
"""
# Add tags to trim
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag',
'tags': {'tag-to-trim1': 'value1', 'tag-to-trim2': 'value2'}}
],
})
p.run()
# verify more than 1 tag on resource
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertTrue(len(vm.tags) > 1)
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'tag-trim',
'space': 14,
'preserve': ['testtag']
}
],
})
p.run()
# verify that tags were trimmed to
# have 14 spaces and 1 preserved
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertEqual(len(vm.tags), 1)
def test_deploy_webapp(self):
s = Session()
web_client = s.client('azure.mgmt.web.WebSiteManagementClient')
service_plan = web_client.app_service_plans.get(
CONST_GROUP_NAME, 'cloud-custodian-test')
self.assertIsNotNone(service_plan)
webapp_name = 'test-deploy-webapp'
self.functionapp_util.deploy_webapp(webapp_name, CONST_GROUP_NAME,
service_plan, 'cloudcustodiantest')
wep_app = web_client.web_apps.get(CONST_GROUP_NAME, webapp_name)
self.assertIsNotNone(wep_app)
def test_add_or_update_tags(self):
"""Adds tags to an empty resource group, then updates one
tag and adds a new tag
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'tag',
'tags': {'pre-existing-1': 'unmodified', 'pre-existing-2': 'unmodified'}},
],
})
p.run()
# verify initial tag set
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0]
self.assertEqual(rg.tags,
{'pre-existing-1': 'unmodified', 'pre-existing-2': 'unmodified'})
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'tag',
'tags': {'tag1': 'value1', 'pre-existing-1': 'modified'}}
],
})
p.run()
# verify modified tags
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] # NOQA
self.assertEqual(
rg.tags,
{'tag1': 'value1', 'pre-existing-1': 'modified', 'pre-existing-2': 'unmodified'})
def test_add_or_update_tags(self):
"""Adds tags to an empty resource group, then updates one
tag and adds a new tag
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'tag',
'tags': {'pre-existing-1': 'unmodified', 'pre-existing-2': 'unmodified'}},
],
})
p.run()
# verify initial tag set
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0]
self.assertEqual(rg.tags,
{'pre-existing-1': 'unmodified', 'pre-existing-2': 'unmodified'})
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'tag',
'tags': {'tag1': 'value1', 'pre-existing-1': 'modified'}}
],
})
p.run()
# verify modified tags
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0] # NOQA
self.assertEqual(
rg.tags,
{'tag1': 'value1', 'pre-existing-1': 'modified', 'pre-existing-2': 'unmodified'})
def test_deploy_webapp(self):
s = Session()
web_client = s.client('azure.mgmt.web.WebSiteManagementClient')
service_plan = web_client.app_service_plans.get(
CONST_GROUP_NAME, 'cloud-custodian-test')
self.assertIsNotNone(service_plan)
webapp_name = 'test-deploy-webapp'
self.functionapp_util.deploy_webapp(webapp_name,
CONST_GROUP_NAME,
service_plan,
'cloudcustodiantest')
wep_app = web_client.web_apps.get(CONST_GROUP_NAME, webapp_name)
self.assertIsNotNone(wep_app)
def test_auto_tag_update_false_noop_for_existing_tag(self, utcnow_mock):
"""Adds CreatorEmail to a resource group
"""
# setup by adding an existing CreatorEmail tag
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'tag',
'tag': 'CreatorEmail',
'value': 'do-not-modify'},
],
})
p.run()
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.resourcegroup',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'test_vm'}
],
'actions': [
{'type': 'auto-tag-user',
'tag': 'CreatorEmail',
'update': False,
'days': 10}
],
})
p.run()
# verify CreatorEmail tag was not modified
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
rg = [rg for rg in client.resource_groups.list() if rg.name == 'test_vm'][0]
self.assertEqual(rg.tags['CreatorEmail'], 'do-not-modify')
def test_add_tags_replace_existing_tags(self):
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.vm',
'actions': [{
'type': 'tag',
'tags': {
'tag1': 'value1',
'tag2': 222
}
}],
})
p.run()
# verify that the existing tags were overridden
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
machines = list(client.virtual_machines.list_all())
self.assertEqual(machines[0].tags, {'tag1': 'value1', 'tag2': '222'})
def test_add_single_tag_without_modifying_existing_tags(self):
p = self.load_policy({
'name':
'test-azure-tag',
'resource':
'azure.vm',
'actions': [{
'type': 'tag',
'tag': 'project',
'value': 'contoso'
}],
})
p.run()
# verify that the existing tags were not overridden
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
machines = list(client.virtual_machines.list_all())
self.assertEqual(machines[0].tags, {
'project': 'contoso',
'existing': 'pre-existing-tag'
})
def test_deploy_template_with_parameters(self):
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
group_name = 'cloud-custodian-test'
self.template_util.create_resource_group(group_name,
{'location': 'West US 2'})
resource_group = client.resource_groups.get(group_name)
self.assertIsNotNone(resource_group)
template_file = 'dedicated_functionapp.json'
parameters = self.template_util.get_default_parameters(
'dedicated_functionapp.test.parameters.json')
self.template_util.deploy_resource_template(group_name, template_file,
parameters)
resources = client.resources.list_by_resource_group(group_name)
self.assertIsNotNone(resources)
# Cleaning up resource group
client.resource_groups.delete('cloud-custodian-test')
def test_removal_does_not_raise_on_nonexistent_tag(self):
"""Verifies attempting to delete a tag that is
not on the resource does not throw an error
"""
p = self.load_policy({
'name': 'test-azure-tag',
'resource': 'azure.vm',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'eq',
'value_type': 'normalize',
'value': 'cctestvm'}
],
'actions': [
{'type': 'untag',
'tags': ['tag-does-not-exist']},
],
})
# verify initial tag set
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
vm = client.virtual_machines.get('test_vm', 'cctestvm')
start_tags = vm.tags
self.assertTrue('tag-does-not-exist' not in start_tags)
raised = False
try:
p.run()
except KeyError:
raised = True
# verify no exception raised and no changes to tags on resource
vm = client.virtual_machines.get('test_vm', 'cctestvm')
self.assertFalse(raised)
self.assertEqual(vm.tags, start_tags)
def prepare_queue_storage(self, queue_resource_id, queue_name):
"""
Create a storage client using unusual ID/group reference
as this is what we require for event subscriptions
"""
# Use a different session object if the queue is in a different subscription
queue_subscription_id = ResourceIdParser.get_subscription_id(
queue_resource_id)
if queue_subscription_id != self.session.subscription_id:
session = Session(queue_subscription_id)
else:
session = self.session
storage_client = session.client(
'azure.mgmt.storage.StorageManagementClient')
account = storage_client.storage_accounts.get_properties(
ResourceIdParser.get_resource_group(queue_resource_id),
ResourceIdParser.get_resource_name(queue_resource_id))
Storage.create_queue_from_storage_account(account, queue_name,
self.session)
return account
from c7n_azure.session import Session
import pprint
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
machines = list(client.virtual_machines.list_all())
#pprint.pprint(machines[0].as_dict())
client = s.client('azure.mgmt.network.NetworkManagementClient')
import pdb
pdb.set_trace()
networks = list(client.virtual_networks.list_all())
pprint.pprint(networks[0].as_dict())
from c7n_azure.session import Session
from azure.mgmt.resource import ResourceManagementClient
import pprint
import os
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
resource_group_params = {'location': 'westus'}
resource_group_params.update(tags={'hello': 'world'})
for item in client.resources.list():
print(s.resource_api_version(item))
def test_api_version(self):
"""Verify we retrieve the correct API version for a resource type"""
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
resource = next(client.resources.list())
self.assertEqual('2018-04-01', s.resource_api_version(resource.id))
def test_log_custom_hook(self, log):
s = Session()
client = s.client('azure.mgmt.compute.ComputeManagementClient')
[v for v in client.virtual_machines.list_all()]
log.assert_called_once()
def test_retry_policy_override(self, c7n_retry):
s = Session()
s.client('azure.mgmt.compute.ComputeManagementClient')
c7n_retry.assert_called_once()
def test_api_version(self):
"""Verify we retrieve the correct API version for a resource type"""
s = Session()
client = s.client('azure.mgmt.resource.ResourceManagementClient')
resource = next(client.resources.list())
self.assertEqual('2017-10-12', s.resource_api_version(resource))
