def get_action(self, values, option_string): # pylint: disable=no-self-use
from azure.mgmt.servicebus.v2021_06_01_preview.models import KeyVaultProperties
from azure.mgmt.servicebus.v2021_06_01_preview.models import UserAssignedIdentityProperties
from azure.cli.core.azclierror import InvalidArgumentValueError
from azure.cli.core import CLIError
keyVaultObject = KeyVaultProperties()
for (k, v) in (x.split('=', 1) for x in values):
if k == 'key-name':
keyVaultObject.key_name = v
elif k == 'key-vault-uri':
keyVaultObject.key_vault_uri = v
if keyVaultObject.key_vault_uri.endswith('/'):
keyVaultObject.key_vault_uri = keyVaultObject.key_vault_uri[:-1]
elif k == 'key-version':
keyVaultObject.key_version = v
elif k == 'user-assigned-identity':
keyVaultObject.identity = UserAssignedIdentityProperties()
keyVaultObject.identity.user_assigned_identity = v
if keyVaultObject.identity.user_assigned_identity.endswith('/'):
keyVaultObject.identity.user_assigned_identity = keyVaultObject.identity.user_assigned_identity[:-1]
else:
raise InvalidArgumentValueError("Invalid Argument for:'{}' Only allowed arguments are 'key-name, key-vault-uri, key-version and user-assigned-identity'".format(option_string))
if (keyVaultObject.key_name is None) or (keyVaultObject.key_vault_uri is None):
raise CLIError('key-name and key-vault-uri are mandatory properties')
if keyVaultObject.key_version is None:
keyVaultObject.key_version = ''
return keyVaultObject
def create_metric_alert(client,
resource_group_name,
rule_name,
scopes,
condition,
disabled=False,
description=None,
tags=None,
actions=None,
severity=2,
window_size='5m',
evaluation_frequency='1m',
auto_mitigate=None,
target_resource_type=None,
target_resource_region=None):
from azure.mgmt.monitor.models import (
MetricAlertResource, MetricAlertSingleResourceMultipleMetricCriteria,
MetricAlertMultipleResourceMultipleMetricCriteria, MetricCriteria)
from azure.cli.core import CLIError
# generate names for the conditions
for i, cond in enumerate(condition):
cond.name = 'cond{}'.format(i)
criteria = None
resource_type, scope_type = _parse_resource_and_scope_type(scopes)
if scope_type in ['resource_group', 'subscription']:
if target_resource_type is None or target_resource_region is None:
raise CLIError(
'--target-resource-type and --target-resource-region must be provided.'
)
criteria = MetricAlertMultipleResourceMultipleMetricCriteria(
all_of=condition)
else:
if len(scopes) == 1 and isinstance(condition, MetricCriteria):
criteria = MetricAlertSingleResourceMultipleMetricCriteria(
all_of=condition)
else:
criteria = MetricAlertMultipleResourceMultipleMetricCriteria(
all_of=condition)
target_resource_type = resource_type
target_resource_region = target_resource_region if target_resource_region else 'global'
kwargs = {
'description': description,
'severity': severity,
'enabled': not disabled,
'scopes': scopes,
'evaluation_frequency': evaluation_frequency,
'window_size': window_size,
'criteria': criteria,
'target_resource_type': target_resource_type,
'target_resource_region': target_resource_region,
'actions': actions,
'tags': tags,
'location': 'global',
'auto_mitigate': auto_mitigate
}
return client.create_or_update(resource_group_name, rule_name,
MetricAlertResource(**kwargs))
def parse_one_scope_with_action(scope, operation_on_scope):
result = parse_resource_id(scope)
if 'namespace' in result and 'resource_type' in result:
operation_on_scope(result['namespace'], result['resource_type'], 'resource')
elif 'resource_group' in result: # It's a resource group.
operation_on_scope('', '', 'resource_group')
elif 'subscription' in result: # It's a subscription.
operation_on_scope('', '', 'subscription')
else:
raise CLIError('Scope must be a valid resource id.')
def cli_remove_identity(cmd,
client,
resource_group_name,
namespace_name,
system_assigned=None,
user_assigned=None):
namespace = client.get(resource_group_name, namespace_name)
IdentityType = cmd.get_models('ManagedServiceIdentityType',
resource_type=ResourceType.MGMT_EVENTHUB)
from azure.cli.core import CLIError
if namespace.identity is None:
raise CLIError('The namespace does not have identity enabled')
if system_assigned:
if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED:
namespace.identity.type = IdentityType.NONE
if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED:
namespace.identity.type = IdentityType.USER_ASSIGNED
if user_assigned:
if namespace.identity.type == IdentityType.USER_ASSIGNED:
if namespace.identity.user_assigned_identities:
for x in user_assigned:
namespace.identity.user_assigned_identities.pop(x)
# if all identities are popped off of the dictionary, we disable user assigned identity
if len(namespace.identity.user_assigned_identities) == 0:
namespace.identity.type = IdentityType.NONE
namespace.identity.user_assigned_identities = None
if namespace.identity.type == IdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED:
if namespace.identity.user_assigned_identities:
for x in user_assigned:
namespace.identity.user_assigned_identities.pop(x)
# if all identities are popped off of the dictionary, we disable user assigned identity
if len(namespace.identity.user_assigned_identities) == 0:
namespace.identity.type = IdentityType.SYSTEM_ASSIGNED
namespace.identity.user_assigned_identities = None
client.begin_create_or_update(resource_group_name=resource_group_name,
namespace_name=namespace_name,
parameters=namespace).result()
get_namespace = client.get(resource_group_name, namespace_name)
return get_namespace
def _parse_resource_type(scopes):
from msrestazure.tools import parse_resource_id
from azure.cli.core import CLIError
namespace = None
resource_type = None
for item in scopes:
item_namespace = parse_resource_id(item)['namespace']
item_resource_type = parse_resource_id(item)['resource_type']
if namespace is None and resource_type is None:
namespace = item_namespace
resource_type = item_resource_type
else:
if namespace != item_namespace or resource_type != item_resource_type:
raise CLIError(
'Multiple scopes should be the same resource type.')
return namespace + '/' + resource_type
def _parse_resource_and_scope_type(scopes):
from azure.mgmt.core.tools import parse_resource_id
from knack.util import CLIError
if not scopes:
raise CLIError('scopes cannot be null.')
namespace = ''
resource_type = ''
scope_type = None
def validate_scope(item_namespace, item_resource_type, item_scope_type):
if namespace != item_namespace or resource_type != item_resource_type or scope_type != item_scope_type:
raise CLIError('Multiple scopes should be the same resource type.')
def store_scope(item_namespace, item_resource_type, item_scope_type):
nonlocal namespace
nonlocal resource_type
nonlocal scope_type
namespace = item_namespace
resource_type = item_resource_type
scope_type = item_scope_type
def parse_one_scope_with_action(scope, operation_on_scope):
result = parse_resource_id(scope)
if 'namespace' in result and 'resource_type' in result:
operation_on_scope(result['namespace'], result['resource_type'],
'resource')
elif 'resource_group' in result: # It's a resource group.
operation_on_scope('', '', 'resource_group')
elif 'subscription' in result: # It's a subscription.
operation_on_scope('', '', 'subscription')
else:
raise CLIError('Scope must be a valid resource id.')
# Store the resource type and scope type from first scope
parse_one_scope_with_action(scopes[0], operation_on_scope=store_scope)
# Validate the following scopes
for item in scopes:
parse_one_scope_with_action(item, operation_on_scope=validate_scope)
return namespace + '/' + resource_type, scope_type
def cli_remove_encryption(client, resource_group_name, namespace_name, encryption_config):
namespace = client.get(resource_group_name, namespace_name)
from azure.cli.core import CLIError
if namespace.encryption is None:
raise CLIError('The namespace does not have encryption enabled')
if namespace.encryption.key_vault_properties:
for encryption_property in encryption_config:
if encryption_property in namespace.encryption.key_vault_properties:
namespace.encryption.key_vault_properties.remove(encryption_property)
client.begin_create_or_update(
resource_group_name=resource_group_name,
namespace_name=namespace_name,
parameters=namespace).result()
get_namespace = client.get(resource_group_name, namespace_name)
return get_namespace
def validate_scope(item_namespace, item_resource_type, item_scope_type):
if namespace != item_namespace or resource_type != item_resource_type or scope_type != item_scope_type:
raise CLIError('Multiple scopes should be the same resource type.')
