def _ensure_subnet_delegation(cli_ctx, subnet_id, delegation_service_name): network_client = _get_network_client_factory(cli_ctx) subnet_id_parts = parse_resource_id(subnet_id) vnet_resource_group = subnet_id_parts['resource_group'] vnet_name = subnet_id_parts['name'] subnet_name = subnet_id_parts['resource_name'] subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name, subnet_name) delegations = subnet_obj.delegations delegated = False for d in delegations: if d.service_name.lower() == delegation_service_name.lower(): delegated = True if not delegated: subnet_obj.delegations = [ Delegation(name="delegation", service_name=delegation_service_name) ] try: poller = network_client.subnets.begin_create_or_update( vnet_resource_group, vnet_name, subnet_name, subnet_parameters=subnet_obj) LongRunningOperation(cli_ctx)(poller) except Exception: err_msg = 'Subnet must be delegated to {}.'.format( delegation_service_name) rec_msg = 'Use: az network vnet subnet update --delegations "{}"'.format( delegation_service_name) validation_error = ValidationError(err_msg) validation_error.set_recommendation(rec_msg) raise validation_error
def _ensure_subnet_private_endpoint_network_policy(cli_ctx, subnet_id, network_policy_enabled): network_client = _get_network_client_factory(cli_ctx) subnet_id_parts = parse_resource_id(subnet_id) vnet_resource_group = subnet_id_parts['resource_group'] vnet_name = subnet_id_parts['name'] subnet_name = subnet_id_parts['resource_name'] subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name, subnet_name) target_state = 'Enabled' if network_policy_enabled else 'Disabled' if subnet_obj.private_endpoint_network_policies != target_state: subnet_obj.private_endpoint_network_policies = target_state try: poller = network_client.subnets.begin_create_or_update( vnet_resource_group, vnet_name, subnet_name, subnet_parameters=subnet_obj) LongRunningOperation(cli_ctx)(poller) except Exception: err_msg = 'Subnet must have Private Endpoint Network Policy {}.'.format( target_state) rec_msg = 'Use: az network vnet subnet update --disable-private-endpoint-network-policies' validation_error = ValidationError(err_msg) validation_error.set_recommendation(rec_msg) raise validation_error
def _ensure_route_table(cli_ctx, resource_group_name, ase_name, location, subnet_id, force): subnet_id_parts = parse_resource_id(subnet_id) vnet_resource_group = subnet_id_parts['resource_group'] vnet_name = subnet_id_parts['name'] subnet_name = subnet_id_parts['resource_name'] ase_route_table_name = ase_name + '-Route-Table' ase_route_name = ase_name + '-route' network_client = _get_network_client_factory(cli_ctx) subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name, subnet_name) if subnet_obj.route_table is None or force: rt_list = network_client.route_tables.list(resource_group_name) rt_found = False for rt in list(rt_list): if rt.name.lower() == ase_route_table_name.lower(): rt_found = True break if not rt_found: logger.info('Ensure Route Table...') ase_route_table = RouteTable(location=location) poller = network_client.route_tables.begin_create_or_update( resource_group_name, ase_route_table_name, ase_route_table) LongRunningOperation(cli_ctx)(poller) logger.info('Ensure Internet Route...') internet_route = Route(address_prefix='0.0.0.0/0', next_hop_type='Internet') poller = network_client.routes.begin_create_or_update( resource_group_name, ase_route_table_name, ase_route_name, internet_route) LongRunningOperation(cli_ctx)(poller) rt = network_client.route_tables.get(resource_group_name, ase_route_table_name) if not subnet_obj.route_table or subnet_obj.route_table.id != rt.id: logger.info('Associate Route Table with Subnet...') subnet_obj.route_table = rt poller = network_client.subnets.begin_create_or_update( vnet_resource_group, vnet_name, subnet_name, subnet_parameters=subnet_obj) LongRunningOperation(cli_ctx)(poller) else: route_table_id_parts = parse_resource_id(subnet_obj.route_table.id) rt_name = route_table_id_parts['name'] if rt_name.lower() != ase_route_table_name.lower(): err_msg = 'Route table already exists.' rec_msg = 'Use --ignore-route-table to use existing route table ' \ 'or --force-route-table to replace existing route table' validation_error = ValidationError(err_msg) validation_error.set_recommendation(rec_msg) raise validation_error
def _validate_subnet_size(cli_ctx, subnet_id): subnet_id_parts = parse_resource_id(subnet_id) vnet_resource_group = subnet_id_parts['resource_group'] vnet_name = subnet_id_parts['name'] subnet_name = subnet_id_parts['resource_name'] network_client = _get_network_client_factory(cli_ctx) subnet_obj = network_client.subnets.get(vnet_resource_group, vnet_name, subnet_name) address = subnet_obj.address_prefix size = int(address[address.index('/') + 1:]) if size > 24: err_msg = 'Subnet size could cause scaling issues. Recommended size is at least /24.' rec_msg = 'Use --ignore-subnet-size-validation to skip size test.' validation_error = ValidationError(err_msg) validation_error.set_recommendation(rec_msg) raise validation_error