def create_privatedns_link(cmd,
resource_group_name,
private_zone_name,
virtual_network_link_name,
virtual_network,
registration_enabled,
tags=None):
from azure.mgmt.privatedns import PrivateDnsManagementClient
from azure.mgmt.privatedns.models import VirtualNetworkLink
link = VirtualNetworkLink(location='global', tags=tags)
if registration_enabled is not None:
link.registration_enabled = registration_enabled
aux_subscription = parse_resource_id(
virtual_network.id)['subscription']
if virtual_network is not None:
link.virtual_network = virtual_network
client = get_mgmt_service_client(
cmd.cli_ctx,
PrivateDnsManagementClient,
aux_subscriptions=[aux_subscription]).virtual_network_links
return client.create_or_update(resource_group_name,
private_zone_name,
virtual_network_link_name,
link,
if_none_match='*')
def _ensure_ase_private_dns_zone(cli_ctx, resource_group_name, name,
inbound_vnet_id, inbound_ip_address):
# Private DNS Zone
private_dns_client = _get_private_dns_client_factory(cli_ctx)
zone_name = '{}.appserviceenvironment.net'.format(name)
zone = PrivateZone(location='global', tags=None)
poller = private_dns_client.private_zones.begin_create_or_update(
resource_group_name, zone_name, zone)
LongRunningOperation(cli_ctx)(poller)
link_name = '{}_link'.format(name)
link = VirtualNetworkLink(location='global', tags=None)
link.virtual_network = SubResource(id=inbound_vnet_id)
link.registration_enabled = False
private_dns_client.virtual_network_links.begin_create_or_update(
resource_group_name, zone_name, link_name, link, if_none_match='*')
ase_record = ARecord(ipv4_address=inbound_ip_address)
record_set = RecordSet(ttl=3600)
record_set.a_records = [ase_record]
private_dns_client.record_sets.create_or_update(resource_group_name,
zone_name, 'a', '*',
record_set)
private_dns_client.record_sets.create_or_update(resource_group_name,
zone_name, 'a', '@',
record_set)
private_dns_client.record_sets.create_or_update(resource_group_name,
zone_name, 'a', '*.scm',
record_set)
def private_dns_link_to_vnet(self, dns_rsg: str, dns_name: str,
vnet_rsg: str, vnet_name: str) -> None:
"""Link a private DNS zone to a virtual network
Args:
dns_rsg (str): resource group of the DNS zone
dns_name (str): name of the private DNS zone
vnet_rsg (str): resource group of the virtual network
vnet_name (str): name of the virtual network
"""
self.logger.info(f"Linking private DNS {dns_name} to {vnet_name}")
params = VirtualNetworkLink(
location="global",
registration_enabled=False,
virtual_network={"id": self.get_vnet_id(vnet_rsg, vnet_name)},
)
link = self.client(
PrivateDnsManagementClient).virtual_network_links.create_or_update(
dns_rsg,
dns_name,
vnet_name,
parameters=params,
)
_ = link.result()
self.logger.info(f"Private DNS is linked to VNET")
def prepare_private_dns_zone(db_context, database_engine, resource_group,
server_name, private_dns_zone, subnet_id,
location, yes):
cmd = db_context.cmd
dns_suffix_client = db_context.cf_private_dns_zone_suffix(cmd.cli_ctx, '_')
private_dns_zone_suffix = dns_suffix_client.execute()
if db_context.command_group == 'mysql':
private_dns_zone_suffix = private_dns_zone_suffix.private_dns_zone_suffix
# suffix should start with .
if private_dns_zone_suffix[0] != '.':
private_dns_zone_suffix = '.' + private_dns_zone_suffix
# Get Vnet Components
vnet_subscription, vnet_rg, vnet_name, _ = get_id_components(subnet_id)
nw_client = network_client_factory(cmd.cli_ctx,
subscription_id=vnet_subscription)
vnet_id = resource_id(subscription=vnet_subscription,
resource_group=vnet_rg,
namespace='Microsoft.Network',
type='virtualNetworks',
name=vnet_name)
vnet = nw_client.virtual_networks.get(vnet_rg, vnet_name)
# Process private dns zone (no input or Id input)
dns_rg = None
dns_subscription = vnet_subscription
if private_dns_zone is None:
if 'private' in private_dns_zone_suffix:
private_dns_zone = server_name + private_dns_zone_suffix
else:
private_dns_zone = server_name + '.private' + private_dns_zone_suffix
elif not _is_resource_name(private_dns_zone) and is_valid_resource_id(
private_dns_zone):
dns_subscription, dns_rg, private_dns_zone, _ = get_id_components(
private_dns_zone)
validate_private_dns_zone(db_context,
server_name=server_name,
private_dns_zone=private_dns_zone,
private_dns_zone_suffix=private_dns_zone_suffix)
server_sub_resource_client = resource_client_factory(
cmd.cli_ctx, subscription_id=get_subscription_id(cmd.cli_ctx))
vnet_sub_resource_client = resource_client_factory(
cmd.cli_ctx, subscription_id=vnet_subscription)
dns_sub_resource_client = resource_client_factory(
cmd.cli_ctx, subscription_id=dns_subscription)
# check existence DNS zone and change resource group
if dns_rg is not None:
_create_and_verify_resource_group(dns_sub_resource_client, dns_rg,
location, yes)
# decide which resource group the dns zone provision
zone_exist_flag = False
if dns_rg is not None and check_existence(
dns_sub_resource_client, private_dns_zone, dns_rg,
'Microsoft.Network', 'privateDnsZones'):
zone_exist_flag = True
elif dns_rg is None and check_existence(
server_sub_resource_client, private_dns_zone, resource_group,
'Microsoft.Network', 'privateDnsZones'):
zone_exist_flag = True
dns_rg = resource_group
dns_subscription = get_subscription_id(cmd.cli_ctx)
elif dns_rg is None and check_existence(
vnet_sub_resource_client, private_dns_zone, vnet_rg,
'Microsoft.Network', 'privateDnsZones'):
zone_exist_flag = True
dns_subscription = vnet_subscription
dns_rg = vnet_rg
elif dns_rg is None:
zone_exist_flag = False
dns_subscription = vnet_subscription
dns_rg = vnet_rg
private_dns_client = private_dns_client_factory(
cmd.cli_ctx, subscription_id=dns_subscription)
private_dns_link_client = private_dns_link_client_factory(
cmd.cli_ctx, subscription_id=dns_subscription)
link = VirtualNetworkLink(location='global',
virtual_network=SubResource(id=vnet.id))
link.registration_enabled = False
# create DNS zone if not exist
if not zone_exist_flag:
user_confirmation(
"Do you want to create a new private DNS zone {0} in resource group {1}"
.format(private_dns_zone, dns_rg),
yes=yes)
logger.warning('Creating a private dns zone %s in resource group "%s"',
private_dns_zone, dns_rg)
private_zone = private_dns_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
parameters=PrivateZone(location='global'),
if_none_match='*').result()
private_dns_link_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
else:
logger.warning(
'Using the existing private dns zone %s in resource group "%s"',
private_dns_zone, dns_rg)
private_zone = private_dns_client.get(
resource_group_name=dns_rg, private_zone_name=private_dns_zone)
virtual_links = private_dns_link_client.list(
resource_group_name=dns_rg, private_zone_name=private_dns_zone)
link_exist_flag = False
for virtual_link in virtual_links:
if virtual_link.virtual_network.id == vnet_id:
link_exist_flag = True
break
if not link_exist_flag:
private_dns_link_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
return private_zone.id
def prepare_private_dns_zone(cmd, database_engine, resource_group, server_name,
private_dns_zone, subnet_id, location):
from azure.mgmt.privatedns.models import SubResource
dns_suffix_client = cf_postgres_flexible_private_dns_zone_suffix_operations(
cmd.cli_ctx, '_')
private_dns_zone_suffix = dns_suffix_client.execute(database_engine)
vnet_sub, vnet_rg, vnet_name, _ = get_id_components(subnet_id)
private_dns_client = private_dns_client_factory(cmd.cli_ctx)
private_dns_link_client = private_dns_link_client_factory(cmd.cli_ctx)
resource_client = resource_client_factory(cmd.cli_ctx)
vnet_id = resource_id(subscription=vnet_sub,
resource_group=vnet_rg,
namespace='Microsoft.Network',
type='virtualNetworks',
name=vnet_name)
nw_client = network_client_factory(cmd.cli_ctx, subscription_id=vnet_sub)
vnet = nw_client.virtual_networks.get(vnet_rg, vnet_name)
from azure.mgmt.privatedns.models import VirtualNetworkLink
if private_dns_zone is None:
private_dns_zone = server_name + '.' + private_dns_zone_suffix
elif not _check_if_resource_name(
private_dns_zone) and is_valid_resource_id(private_dns_zone):
subscription, resource_group, private_dns_zone, _ = get_id_components(
private_dns_zone)
if private_dns_zone[-len(private_dns_zone_suffix
):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix for the private DNS zone should be "{}"'.format(
private_dns_zone_suffix))
if subscription != get_subscription_id(cmd.cli_ctx):
logger.warning(
'The provided private DNS zone ID is in different subscription from the server'
)
resource_client = resource_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_client = private_dns_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_link_client = private_dns_link_client_factory(
cmd.cli_ctx, subscription_id=subscription)
_resource_group_verify_and_create(resource_client, resource_group,
location)
elif _check_if_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \
or not _check_if_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone):
raise ValidationError(
"Check if the private dns zone name or id is in correct format.")
elif _check_if_resource_name(private_dns_zone) and private_dns_zone[
-len(private_dns_zone_suffix):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix for the private DNS zone should be "{}"'.format(
private_dns_zone_suffix))
link = VirtualNetworkLink(location='global',
virtual_network=SubResource(id=vnet.id))
link.registration_enabled = True
if not check_existence(resource_client, private_dns_zone, resource_group,
'Microsoft.Network', 'privateDnsZones'):
logger.warning('Creating a private dns zone %s..', private_dns_zone)
from azure.mgmt.privatedns.models import PrivateZone
private_zone = private_dns_client.create_or_update(
resource_group_name=resource_group,
private_zone_name=private_dns_zone,
parameters=PrivateZone(location='global'),
if_none_match='*').result()
private_dns_link_client.create_or_update(
resource_group_name=resource_group,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
else:
logger.warning('Using the existing private dns zone %s',
private_dns_zone)
private_zone = private_dns_client.get(
resource_group_name=resource_group,
private_zone_name=private_dns_zone)
# private dns zone link list
virtual_links = private_dns_link_client.list(
resource_group_name=resource_group,
private_zone_name=private_dns_zone)
link_exist_flag = False
for virtual_link in virtual_links:
if virtual_link.virtual_network.id == vnet_id:
link_exist_flag = True
break
if not link_exist_flag:
private_dns_link_client.create_or_update(
resource_group_name=resource_group,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
return private_zone.id
def prepare_private_dns_zone(cmd, database_engine, resource_group, server_name,
private_dns_zone, subnet_id, location):
dns_suffix_client = cf_postgres_flexible_private_dns_zone_suffix_operations(
cmd.cli_ctx, '_')
private_dns_zone_suffix = dns_suffix_client.execute(database_engine)
vnet_sub, vnet_rg, vnet_name, _ = get_id_components(subnet_id)
private_dns_client = private_dns_client_factory(cmd.cli_ctx)
private_dns_link_client = private_dns_link_client_factory(cmd.cli_ctx)
resource_client = resource_client_factory(cmd.cli_ctx)
vnet_id = resource_id(subscription=vnet_sub,
resource_group=vnet_rg,
namespace='Microsoft.Network',
type='virtualNetworks',
name=vnet_name)
nw_client = network_client_factory(cmd.cli_ctx, subscription_id=vnet_sub)
vnet = nw_client.virtual_networks.get(vnet_rg, vnet_name)
dns_rg = None
if private_dns_zone is None:
if 'private' in private_dns_zone_suffix:
private_dns_zone = server_name + '.' + private_dns_zone_suffix
else:
private_dns_zone = server_name + '.private.' + private_dns_zone_suffix
# resource ID input => check subscription and change client
elif not _check_if_resource_name(
private_dns_zone) and is_valid_resource_id(private_dns_zone):
subscription, dns_rg, private_dns_zone, _ = get_id_components(
private_dns_zone)
if private_dns_zone[-len(private_dns_zone_suffix
):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix of the private DNS zone should be "{}"'.format(
private_dns_zone_suffix))
if subscription != get_subscription_id(cmd.cli_ctx):
logger.warning(
'The provided private DNS zone ID is in different subscription from the server'
)
resource_client = resource_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_client = private_dns_client_factory(
cmd.cli_ctx, subscription_id=subscription)
private_dns_link_client = private_dns_link_client_factory(
cmd.cli_ctx, subscription_id=subscription)
_resource_group_verify_and_create(resource_client, dns_rg, location)
# check Invalid resource ID or Name format
elif _check_if_resource_name(private_dns_zone) and not is_valid_resource_name(private_dns_zone) \
or not _check_if_resource_name(private_dns_zone) and not is_valid_resource_id(private_dns_zone):
raise ValidationError(
"Check if the private dns zone name or Id is in correct format.")
# Invalid resource name suffix check
elif _check_if_resource_name(private_dns_zone) and private_dns_zone[
-len(private_dns_zone_suffix):] != private_dns_zone_suffix:
raise ValidationError(
'The suffix of the private DNS zone should be in "{}" format'.
format(private_dns_zone_suffix))
validate_private_dns_zone(cmd,
server_name=server_name,
private_dns_zone=private_dns_zone)
link = VirtualNetworkLink(location='global',
virtual_network=SubResource(id=vnet.id))
link.registration_enabled = False
# check existence DNS zone and change resource group
zone_exist_flag = False
if dns_rg is not None and check_existence(
resource_client, private_dns_zone, dns_rg, 'Microsoft.Network',
'privateDnsZones'):
zone_exist_flag = True
elif dns_rg is None and check_existence(
resource_client, private_dns_zone, resource_group,
'Microsoft.Network', 'privateDnsZones'):
zone_exist_flag = True
dns_rg = resource_group
elif dns_rg is None and check_existence(resource_client, private_dns_zone,
vnet_rg, 'Microsoft.Network',
'privateDnsZones'):
zone_exist_flag = True
dns_rg = vnet_rg
else:
dns_rg = vnet_rg
# create DNS zone if not exist
if not zone_exist_flag:
logger.warning('Creating a private dns zone %s in resource group "%s"',
private_dns_zone, dns_rg)
private_zone = private_dns_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
parameters=PrivateZone(location='global'),
if_none_match='*').result()
private_dns_link_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
else:
logger.warning(
'Using the existing private dns zone %s in resource group "%s"',
private_dns_zone, dns_rg)
private_zone = private_dns_client.get(
resource_group_name=dns_rg, private_zone_name=private_dns_zone)
virtual_links = private_dns_link_client.list(
resource_group_name=dns_rg, private_zone_name=private_dns_zone)
link_exist_flag = False
for virtual_link in virtual_links:
if virtual_link.virtual_network.id == vnet_id:
link_exist_flag = True
break
if not link_exist_flag:
private_dns_link_client.begin_create_or_update(
resource_group_name=dns_rg,
private_zone_name=private_dns_zone,
virtual_network_link_name=vnet_name + '-link',
parameters=link,
if_none_match='*').result()
return private_zone.id