def __init__(self, provider_config, cluster_name): NodeProvider.__init__(self, provider_config, cluster_name) kwargs = {} if "subscription_id" in provider_config: kwargs["subscription_id"] = provider_config["subscription_id"] try: self.compute_client = get_client_from_cli_profile( client_class=ComputeManagementClient, **kwargs) self.network_client = get_client_from_cli_profile( client_class=NetworkManagementClient, **kwargs) self.resource_client = get_client_from_cli_profile( client_class=ResourceManagementClient, **kwargs) except CLIError as e: if str(e) != "Please run 'az login' to setup account.": raise else: logger.info("CLI profile authentication failed. Trying MSI") credentials = MSIAuthentication() self.compute_client = ComputeManagementClient( credentials=credentials, **kwargs) self.network_client = NetworkManagementClient( credentials=credentials, **kwargs) self.resource_client = ResourceManagementClient( credentials=credentials, **kwargs) self.lock = RLock() # cache node objects self.cached_nodes = {}
def validate_azure_configs(config, action): # get VM SKU resources for this location. we have to use # a specific API version to do this as this resource_skus # list operation is not allowed in any other API versions # which are available with the version of Azure SDK # that ships with Ansible for Azure config.client = get_client_from_cli_profile(ComputeManagementClient, api_version="2017-09-01") config.vm_skus_for_location = list( filter( lambda s: s.resource_type == "virtualMachines" and config.location( ) in s.locations, config.client.resource_skus.list(), )) # switch to 2018-06-01 API which has support for other operations # including VMSS checks config.client = get_client_from_cli_profile(ComputeManagementClient, api_version="2018-06-01") validations = (AZURE_VALIDATIONS["common"] + AZURE_VALIDATIONS[action] if action in AZURE_VALIDATIONS else []) return list( filter( lambda r: isinstance(r, str), map(lambda v: v(config, config.client), validations), ))
def create_eventgrid(self) -> None: logger.info("creating eventgrid subscription") src_resource_id = self.results["deploy"]["fuzz-storage"]["value"] dst_resource_id = self.results["deploy"]["func-storage"]["value"] client = get_client_from_cli_profile( StorageManagementClient, subscription_id=self.get_subscription_id()) event_subscription_info = EventSubscription( destination=StorageQueueEventSubscriptionDestination( resource_id=dst_resource_id, queue_name="file-changes"), filter=EventSubscriptionFilter(included_event_types=[ "Microsoft.Storage.BlobCreated", "Microsoft.Storage.BlobDeleted", ]), retry_policy=RetryPolicy( max_delivery_attempts=30, event_time_to_live_in_minutes=1440, ), ) client = get_client_from_cli_profile( EventGridManagementClient, subscription_id=self.get_subscription_id()) result = client.event_subscriptions.create_or_update( src_resource_id, "onefuzz1", event_subscription_info).result() if result.provisioning_state != "Succeeded": raise Exception( "eventgrid subscription failed: %s" % json.dumps(result.as_dict(), indent=4, sort_keys=True), )
def __init__(self): self.LOCATION = 'canadacentral' self.GROUP_NAME = 'nick' self.VNET_NAME = 'nick-vnet' self.NIC_NAME = 'nickvm405' self.VM_NAME = 'scrna-pipeline3' self.USERNAME = '******' self.PASSWORD = '******' self.IP_ADDRESS_NAME='nickvm-ip' self.VM_REFERENCE = { 'linux': { 'publisher': 'Canonical', 'offer': 'UbuntuServer', 'sku': '16.04.0-LTS', 'version': 'latest' }, } self.compute_client = get_client_from_cli_profile(ComputeManagementClient) self.network_client = get_client_from_cli_profile(NetworkManagementClient) self.nic = self.network_client.network_interfaces.get(self.GROUP_NAME, self.NIC_NAME) print('\nCreating Linux Virtual Machine') vm_parameters = self.create_vm_parameters() async_vm_creation = self.compute_client.virtual_machines.create_or_update(self.GROUP_NAME, self.VM_NAME, vm_parameters) print("\nSpinning up FTL.") async_vm_creation.wait()
def __init__(self, vault_url: str, key: str, **kwargs) -> None: auth_via_cli = bool(kwargs.pop("auth_via_cli", False)) if auth_via_cli: try: self.key_client = get_client_from_cli_profile( KeyClient, vault_url=vault_url) self.key_encryption_key = self.key_client.get_key(key) self.crypto_client = get_client_from_cli_profile( CryptographyClient, key=self.key_encryption_key) except CLIError: logging.error( "ERROR: Unable to authenticate via Azure CLI, have you " "logged in with 'az login'?") raise SystemExit(1) else: tenant_id = kwargs.pop("tenant_id", os.getenv(TENANT_ID_ENVVAR)) client_id = kwargs.pop("client_id", os.getenv(CLIENT_ID_ENVVAR)) client_secret = kwargs.pop("client_secret", os.getenv(CLIENT_SECRET_ENVVAR)) if tenant_id is None or client_id is None or client_secret is None: raise TypeError( "Please specify tenant_id, client_id, and client_secret " "in config or in environment variables as in " "https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/identity/azure-identity#service-principal-with-secret" ) self.cred = ClientSecretCredential(tenant_id, client_id, client_secret) self.key_client = KeyClient(vault_url, credential=self.cred, logger=None) self.key_encryption_key = self.key_client.get_key(key) self.crypto_client = CryptographyClient(self.key_encryption_key, self.cred)
def __init__(self): self.resource_client = get_client_from_cli_profile( ResourceManagementClient) self.network_client = get_client_from_cli_profile( NetworkManagementClient) self.compute_client = get_client_from_cli_profile( ComputeManagementClient) self.resource_groups = [] self.resources = {}
def __init__(self): compute_client = get_client_from_cli_profile(ComputeManagementClient) network_client = get_client_from_cli_profile(NetworkManagementClient) nic = network_client.network_interfaces.get(GROUP_NAME, NIC_NAME) print('\nCreating Linux Virtual Machine') vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE['linux']) print(vm_parameters) async_vm_creation = compute_client.virtual_machines.create_or_update(GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.wait()
def _create_azure_sdk_mgmt_client( self, client_class, **kwargs): if not self.is_live_mode: credentials = BasicTokenAuthentication( token = { 'access_token':'faked_token' }) if 'subscription_id' in kwargs: client = client_class( credentials, kwargs['subscription_id']) else: client = client_class( credentials) client.config.long_running_operation_timeout = 0 else: if kwargs is not None and \ len(kwargs) > 0 and \ 'client_id' in kwargs and \ kwargs['client_id'] is not None and \ 'secret' in kwargs and \ kwargs['secret'] is not None: # Secrets passed, let's authenticate the SDK using the values passed. credentials = \ ServicePrincipalCredentials( client_id=kwargs['client_id'], secret=kwargs['secret'], tenant=kwargs['tenant_id']) if 'subscription_id' in kwargs: client = client_class( credentials, kwargs['subscription_id']) else: client = client_class(credentials) else: from azure.common.client_factory import get_client_from_cli_profile # No credentials passed, let's attempt to get the credentials from az login if 'subscription_id' in kwargs: client = get_client_from_cli_profile( client_class, subscription_id=kwargs['subscription_id']) else: client = get_client_from_cli_profile( client_class) return client
def getClients(): # This requires # pip install azure-common azure-mgmt-compute azure-mgmt-resource azure-mgmt-network # from azure.common.client_factory import get_client_from_cli_profile from azure.mgmt.network import NetworkManagementClient from azure.mgmt.resource import ResourceManagementClient from azure.mgmt.compute import ComputeManagementClient network_client = get_client_from_cli_profile(NetworkManagementClient) resource_client = get_client_from_cli_profile(ResourceManagementClient) compute_client = get_client_from_cli_profile(ComputeManagementClient) return (network_client, resource_client, compute_client)
def list_subscriptions(): logger = logging.getLogger(__name__) try: sub_client = get_client_from_cli_profile(SubscriptionClient) except CLIError: logger.info("Not logged in, running az login") _run_az_cli_login() sub_client = get_client_from_cli_profile(SubscriptionClient) return [["Subscription_name", "Subscription ID"]] + [ [sub.display_name, sub.subscription_id] for sub in sub_client.subscriptions.list() ]
def run_example(): event_hub_client = get_client_from_cli_profile(EventHubManagementClient) monitor_client = get_client_from_cli_profile(MonitorManagementClient) # Get the logging profile and use that to determine the event hub configuration log_profile = monitor_client.log_profiles.get("default") event_hub_rule_id = log_profile.service_bus_rule_id # Extract the resource group, namespace and event hub name print("Azure Monitor configured with event hub " + event_hub_rule_id) tokens = event_hub_rule_id.split('/') resource_group_name = tokens[4] event_hub_namespace = tokens[8] event_hub_name = "insights-operational-logs" key = event_hub_client.event_hubs.list_keys(resource_group_name, event_hub_namespace, event_hub_name, "listen") print("Subscription ID = " + tokens[2]) print("Resource Group = " + resource_group_name) print("Event Hub Namespace = " + event_hub_namespace) print("Event Hub Name = " + event_hub_name) print("Authorization rule name = " + key.key_name) print("Authorization token = " + key.primary_key) print() print("Use this as the connection string for reading events:") print() print(key.primary_connection_string) print() print("Use this values in the event hub properties file for eph-reader:") print() print("EventHubNamespace = \"{}\"".format(event_hub_namespace)) print("EventHubName = \"{}\"".format(event_hub_name)) print("SasKeyName = \"{}\"".format(key.key_name)) print("SasKeyValue = \"{}\"".format(key.primary_key)) print() print( "Use these as the environment variables for eph-reader (instead of properties file" ) print() print("export EventHubNamespace=\"{}\"".format(event_hub_namespace)) print("export EventHubName=\"{}\"".format(event_hub_name)) print("export SasKeyName=\"{}\"".format(key.key_name)) print("export SasKeyValue=\"{}\"".format(key.primary_key)) print() print( "Note: you will also have to supply a storage account for handling checkpoint data" )
def authenticate_cli(): # # Create all clients with Azure CLI's active subscription # global mystack_cloud, resource_client, compute_client, storage_client, network_client mystack_cloud = get_cloud_from_metadata_endpoint( os.environ['ARM_ENDPOINT']) resource_client = get_client_from_cli_profile(ResourceManagementClient) compute_client = get_client_from_cli_profile(ComputeManagementClient) storage_client = get_client_from_cli_profile(StorageManagementClient) network_client = get_client_from_cli_profile(NetworkManagementClient)
def __init__(self, user_name, account_name, config, ip): super(AzureRules, self).__init__(user_name, account_name, config, ip) # Name of config var with all the rules: self.rule_groups_name = "security_groups" # Authenticate with Azure self.network_client = None if 'use_cli_profile' in config: use_cli_profile = config['use_cli_profile'] if use_cli_profile: logging.debug( "[{0}] Using CLI login (az login)".format(account_name)) self.network_client = get_client_from_cli_profile( NetworkManagementClient) if 'key' in config: tenant_id = config['tenant_id'] client_id = config['app_id'] subscription_id = config['subscription_id'] key = config['key'] credentials = ServicePrincipalCredentials( client_id=client_id, tenant=tenant_id, secret=key, ) self.network_client = NetworkManagementClient( credentials, subscription_id) else: raise AzureConfigException( "[{0}] Error, no config definied. Easiest way to get started is to \ use use_cli_profile: true, and then run az login".format( account_name))
def getVmIdToIgnore(vmNames): # input: array of strings # return: dict of IDs of VM resource on Azure. # Transforming array to fit ARG query format. vmInString = '(' for name in vmNames: vmInString += '"{}",'.format(name) vmInString = vmInString[0:-1] + ')' # Query: output is a list of IDs of VMs to ignore. # Ignore is based on static list of VM names or where machine is not turned off. query = '''resources | where type == "microsoft.compute/virtualmachines" | where name in {} or parse_json(properties.extended.instanceView.powerState.code) != "PowerState/deallocated" | project id'''.format(vmInString) argClient = get_client_from_cli_profile(arg.ResourceGraphClient) argQueryOptions = arg.models.QueryRequestOptions( result_format="objectArray") # Create query argQuery = arg.models.QueryRequest(subscriptions=subscriptionIds, query=query, options=argQueryOptions) # Run query, serialize to dict logging.warning('Executing Resource explorer query for VM IDs') res = (argClient.resources(argQuery)).serialize()['data'] return res
def storage_client(self): """ Uses client from cli so that users can use az login to get their credentials Returns: Storage Client """ if not self.client: resource_group = self.desired_state_definition.get( "resource_group") storage_account = self.desired_state_definition.get( "storage_account") if resource_group and storage_account: client = get_client_from_cli_profile(StorageManagementClient) storage_keys = client.storage_accounts.list_keys( resource_group, storage_account) storage_keys = {v.key_name: v.value for v in storage_keys.keys} self.client = CloudStorageAccount(storage_account, storage_keys['key1']) else: raise Exception( "azure_resource.resource_group and azure_resource.storage_account must be defined" ) return self.client
def create_azure_bb_service(cluster_name: str) -> BlockBlobService: """ Configure BlockBlobService client. We assume that: * storage account has "cluster" tag with cluster name value. * resource group the same as cluster name :param cluster_name: cluster name :return: BlockBlobService client """ sm_client: StorageManagementClient = get_client_from_cli_profile(StorageManagementClient) for storage_account in sm_client.storage_accounts.list(): if storage_account.tags.get('cluster') == cluster_name\ and storage_account.tags.get('purpose') == 'Odahuflow models storage': sa_name = storage_account.name break else: raise ValueError(f'Cannot find a storage account for the cluster {cluster_name} name') # We assume that resource group name the same as cluster name sa_keys = sm_client.storage_accounts.list_keys(resource_group_name=cluster_name, account_name=sa_name) if not sa_keys.keys: raise ValueError( f'Cannot find keys for the {sa_name} storage account in the {cluster_name} resource group') return BlockBlobService( account_name=sa_name, account_key=sa_keys.keys[0].value, )
def create_storage(config): rg_name = config["resource_group"] location = config["location"] storage_name = config["storage_name"] storage_client = get_client_from_cli_profile(StorageManagementClient) availability_result = ( storage_client.storage_accounts.check_name_availability(storage_name)) if not availability_result.name_available: logger.warning( "Storage account {} already exists, skipping storage account creation" .format(storage_name)) return # The name is available, so provision the account poller = storage_client.storage_accounts.create( rg_name, storage_name, { "location": location, "kind": "StorageV2", "sku": { "name": "Standard_ZRS" }, }, ) # Long-running operations return a poller object; calling poller.result() # waits for completion. account_result = poller.result() logger.info(f"Provisioned storage account {account_result.name}")
def deploy_function_app_template(resource_group, template, channel_url, storage_logs_connection_string, subscription_id): print('Deploying Function App ARM Template') resource_client = get_client_from_cli_profile( ResourceManagementClient, subscription_id=subscription_id) template = json.loads(template) deployment_name = 'espFunctionDeploy' app_name = str(uuid.uuid4()).replace( '-', '')[:8] + '-evident-esp-trigger-' + str(uuid.uuid4()).replace( '-', '')[:8] storage_connection_string = storage_logs_connection_string esp_channel_url = channel_url parameters = { 'functionAppName': { 'value': app_name }, 'EspExportStorageAccount': { 'value': storage_connection_string }, 'espChannelURL': { 'value': esp_channel_url } } deployment = resource_client.deployments.create_or_update(resource_group, deployment_name, properties={ 'template': template, 'parameters': parameters, 'mode': 'Incremental' }) return app_name
def get_locations(subscription_id): client = get_client_from_cli_profile(SubscriptionClient) regions = [] for item in client.subscriptions.list_locations( subscription_id=subscription_id): regions.append({"name": item.name, "display_name": item.display_name}) return regions
def __init__(self, container: str, auth_via_cli: bool = False, account_name: str = "", connection_string: str = ""): if auth_via_cli: if not account_name: logging.error( "ERROR: Need to specify 'account_name' for " "Azure storage provider when authenticating via Azure CLI") raise SystemExit(1) try: self.main_client = get_client_from_cli_profile( BlobServiceClient, account_url=f"https://{account_name}.blob.core.windows.net/" ) except ImportError as err: logging.error( "ERROR: Unable to authenticate via Azure CLI, have you " "logged in with 'az login'?") raise err else: if not connection_string: logging.error( "ERROR: Need to specify 'connection_string' for " "Azure storage provider when not authenticating via Azure CLI" ) raise SystemExit(1) self.main_client = BlobServiceClient.from_connection_string( connection_string) self.client = self.main_client.get_container_client(container)
def __init__(self): self.module_arg_spec = dict( resource_group=dict(type='str', required=True), name=dict(type='str', required=True), volume_name=dict(type='str', required=True), pool_name=dict(type='str', required=True), account_name=dict(type='str', required=True), location=dict(type='str', required=False), state=dict(choices=['present', 'absent'], default='present', type='str') ) self.module = AnsibleModule( argument_spec=self.module_arg_spec, required_if=[ ('state', 'present', ['location']), ], supports_check_mode=True ) self.na_helper = NetAppModule() self.parameters = self.na_helper.set_parameters(self.module.params) # authentication - using CLI if HAS_AZURE_MGMT_NETAPP is False: self.module.fail_json(msg="the python Azure-mgmt-NetApp module is required") if HAS_AZURE_COMMON is False: self.module.fail_json(msg="the python azure-common module is required") self.client = get_client_from_cli_profile(AzureNetAppFilesManagementClient) super(AzureRMNetAppSnapshot, self).__init__(derived_arg_spec=self.module_arg_spec, supports_check_mode=True)
def create_application_registration(onefuzz_instance_name: str, name: str, approle: OnefuzzAppRole) -> Application: """ Create an application registration """ client = get_client_from_cli_profile(GraphRbacManagementClient) apps: List[Application] = list( client.applications.list(filter="displayName eq '%s'" % onefuzz_instance_name)) app = apps[0] resource_access = [ ResourceAccess(id=role.id, type="Role") for role in app.app_roles if role.value == approle.value ] params = ApplicationCreateParameters( is_device_only_auth_supported=True, display_name=name, identifier_uris=[], password_credentials=[], required_resource_access=([ RequiredResourceAccess( resource_access=resource_access, resource_app_id=app.app_id, ) ] if len(resource_access) > 0 else []), ) registered_app: Application = client.applications.create(params) atttempts = 5 while True: if atttempts < 0: raise Exception( "Unable to create application registration, Please try again") atttempts = atttempts - 1 try: time.sleep(5) query_microsoft_graph( method="PATCH", resource="applications/%s" % registered_app.object_id, body={ "publicClient": { "redirectUris": [ "https://%s.azurewebsites.net" % onefuzz_instance_name ] }, "isFallbackPublicClient": True, }, ) break except GraphQueryError as err: if err.status_code == 404: continue authorize_application(UUID(registered_app.app_id), UUID(app.app_id)) return registered_app
def status(self): config = self.config azure_vars_dict = dict(config.items("azure")) compute_client = get_client_from_cli_profile(ComputeManagementClient) vmss_status = compute_client.virtual_machine_scale_sets.get( azure_vars_dict["resource_group"], self.config.cluster_name) print('name:', vmss_status.name, '\nprovisioning_state:', vmss_status.provisioning_state)
def __init__(self, args): self.compute_client = get_client_from_cli_profile( ComputeManagementClient) self.resource_group = args.resource_group self.vmss_name = args.name self.vmss = self.compute_client.virtual_machine_scale_sets.get( resource_group_name=self.resource_group, vm_scale_set_name=self.vmss_name)
def properties(resource_group, registry_name, subscription_id=None): if subscription_id is None: registry_client = get_client_from_cli_profile( ContainerRegistryManagementClient) else: registry_client = get_client_from_cli_profile( ContainerRegistryManagementClient, subscription_id=subscription_id) username, password = username_password_for(registry_client, resource_group, registry_name) properties_dict = { "address": address_for(registry_client, resource_group, registry_name), "username": username, "password": password, } return properties_dict
def main(): #Get the login from the command line compute_client = get_client_from_cli_profile( ComputeManagementClient) #not use in this example network_client = get_client_from_cli_profile(NetworkManagementClient) resource_client = get_client_from_cli_profile( ResourceManagementClient) #not use in this example #CLI Equivalent: az network vnet peering list -g acloud-palo2 --vnet-name acloud-palo2-vnet #Get all the vnet peerings from "acloud-palo2-vnet" vnet_peerings = network_client.virtual_network_peerings.list( GROUP_NAME, VNET_NAME) #iterate vnet_peerings and print each for peer in vnet_peerings: print(peer.name) print(peer.remote_virtual_network) print(peer.remote_address_space)
def add_log_export(self) -> None: if not self.export_appinsights: logger.info("not exporting appinsights") return container_name = "app-insights" logger.info("adding appinsight log export") account_name = self.results["deploy"]["func-name"]["value"] key = self.results["deploy"]["func-key"]["value"] account_url = "https://%s.blob.core.windows.net" % account_name client = BlobServiceClient(account_url, credential=key) if container_name not in [x["name"] for x in client.list_containers()]: client.create_container(container_name) expiry = datetime.utcnow() + timedelta(days=2 * 365) # NOTE: as this is a long-lived SAS url, it should not be logged and only # used in the the later-on export_configurations.create() call sas = generate_container_sas( account_name, container_name, account_key=key, permission=ContainerSasPermissions(write=True), expiry=expiry, ) url = "%s/%s?%s" % (account_url, container_name, sas) record_types = ( "Requests, Event, Exceptions, Metrics, PageViews, " "PageViewPerformance, Rdd, PerformanceCounters, Availability") req = ApplicationInsightsComponentExportRequest( record_types=record_types, destination_type="Blob", is_enabled="true", destination_address=url, ) app_insight_client = get_client_from_cli_profile( ApplicationInsightsManagementClient, subscription_id=self.get_subscription_id(), ) to_delete = [] for entry in app_insight_client.export_configurations.list( self.resource_group, self.application_name): if (entry.storage_name == account_name and entry.container_name == container_name): to_delete.append(entry.export_id) for export_id in to_delete: logger.info("replacing existing export: %s", export_id) app_insight_client.export_configurations.delete( self.resource_group, self.application_name, export_id) app_insight_client.export_configurations.create( self.resource_group, self.application_name, req)
def terminate_instance(self, instanceId="", group="", area="", nic_name="", ip_name="", key_name=""): if self.platform == "aws": client = boto3.client("ec2") client.terminate_instances(InstanceIds=[instanceId], ) if key_name != "": client.delete_key_pair(KeyName=key_name) if self.platform == "gcp": compute = discovery.build("compute", "v1") compute.instances().delete(project=group, zone=area, instance=instanceId).execute() if self.platform == "azu": compute_client = get_client_from_cli_profile( ComputeManagementClient) network_client = get_client_from_cli_profile( NetworkManagementClient) print("\nDeleting VM...") compute_client.virtual_machines.delete(group, instanceId).wait() print("Deleting NIC...") network_client.network_interfaces.delete(group, nic_name).wait() print("Deleting Public IP...") network_client.public_ip_addresses.delete(group, ip_name).wait() if key_name != "": os.remove(".ssh/authorized_keys/{}.pem".format(key_name))
def az_login(): from azure.common.client_factory import get_client_from_cli_profile from azure.mgmt.compute import ComputeManagementClient from azure.mgmt.resource import ResourceManagementClient, SubscriptionClient from msrestazure.azure_active_directory import MSIAuthentication client = get_client_from_cli_profile(SubscriptionClient) accounts = [x.as_dict() for x in list(client.subscriptions.list())] print(accounts)
def get_location_display_name(self): location_client = get_client_from_cli_profile(SubscriptionClient) locations = location_client.subscriptions.list_locations( self.get_subscription_id()) for location in locations: if location.name == self.location: return location.display_name raise Exception("unknown location: %s", self.location)