def __init__(self): subscription_id = os.environ['AZURE_SUBSCRIPTION_ID'] credentials = ClientSecretCredential( tenant_id=os.environ['AZURE_TENANT_ID'], client_id=os.environ['AZURE_CLIENT_ID'], client_secret=os.environ['AZURE_CLIENT_SECRET']) self.resource_client = ResourceManagementClient( credentials, subscription_id) self.compute_client = ComputeManagementClient(credentials, subscription_id) self.network_client = NetworkManagementClient(credentials, subscription_id)
def network_client(self): self.log('Getting network client') if not self._network_client: self.check_client_version( 'network', network_client_version, AZURE_EXPECTED_VERSIONS['network_client_version']) self._network_client = NetworkManagementClient( self.azure_credentials, self.subscription_id, base_url=self._cloud_environment.endpoints.resource_manager, api_version='2017-06-01') self._register('Microsoft.Network') return self._network_client
def run(job, **kwargs): resource = kwargs.get("resource") env_id = "{{ env_id }}" env = Environment.objects.get(id=env_id) rh = env.resource_handler.cast() location = env.node_location set_progress("Location: %s" % location) resource_group = "{{ resource_group }}" network_security_group_name = "{{ network_security_group_name }}" create_custom_fields_as_needed() set_progress("Connecting To Azure Network Service...") credentials = ServicePrincipalCredentials( client_id=rh.client_id, secret=rh.secret, tenant=rh.tenant_id, ) network_client = NetworkManagementClient(credentials, rh.serviceaccount) set_progress("Connection to Azure networks established") set_progress("Creating the network security group...") security_rule_parameters = { "location": location, } try: async_vnet_creation = network_client.network_security_groups.create_or_update( resource_group, network_security_group_name, security_rule_parameters) nsg_info = async_vnet_creation.result() except CloudError as e: set_progress("Azure Clouderror: {}".format(e)) assert nsg_info.name == network_security_group_name resource.name = "Azure NSG - " + network_security_group_name resource.azure_network_security_group = network_security_group_name resource.resource_group_name = resource_group resource.azure_location = location resource.azure_rh_id = rh.id resource.save() return ( "SUCCESS", "Network security group {} has been created in Location {}.".format( network_security_group_name, location), "", )
def create_nic(request, ressource_id): print(ressource_id) form = NicForm(request.POST or None, request.FILES or None) ressource = get_object_or_404(Ressources, pk=ressource_id) if form.is_valid(): ressource_nic = ressource.nic_set.all() for s in ressource_nic: if s.nic_name == form.cleaned_data.get("nic_name"): context = { 'ressource': ressource, 'form': form, 'error_message': 'You already added that nic', } return render(request, 'ressource/create_nic.html', context) nic = form.save(commit=False) nic.ressource = ressource userCloud = get_object_or_404(UserCloud, user=(request.user)) subscription_id = userCloud.subscription_id # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id=userCloud.client_id, secret=userCloud.secret, tenant=userCloud.tenant) network_client = NetworkManagementClient(credentials, subscription_id) subnet_infos = network_client.subnets.get(nic.ressource.groupe_name, nic.vnet.vnet_name, nic.subnet.subnet_name) async_nic_creation = network_client.network_interfaces.create_or_update( nic.ressource.groupe_name, form.cleaned_data['nic_name'], { 'location': nic.ressource.location, 'ip_configurations': [{ 'name': form.cleaned_data['ip_configuration_name'], 'subnet': { 'id': subnet_infos.id } }] }) print(nic.ressource.groupe_name) async_nic_creation.wait() nic.save() return render(request, 'ressource/detail_ressource.html', {'ressource': ressource}) context = { 'ressource': ressource, 'form': form, } return render(request, 'ressource/create_nic.html', context)
def create_vnet(credentials, subscription_id, **kwargs): """ Create a Batch account :param credentials: msrestazure.azure_active_directory.AdalAuthentication :param subscription_id: str :param **resource_group: str :param **virtual_network_name: str :param **subnet_name: str :param **region: str """ network_client = NetworkManagementClient(credentials, subscription_id) resource_group_name = kwargs.get("resource_group", DefaultSettings.resource_group) virtual_network_name = kwargs.get("virtual_network_name", DefaultSettings.virtual_network_name) subnet_name = kwargs.get("subnet_name", DefaultSettings.subnet_name) # get vnet, and subnet if they exist virtual_network = subnet = None try: virtual_network = network_client.virtual_networks.get( resource_group_name=resource_group_name, virtual_network_name=virtual_network_name, ) except CloudError as e: pass if virtual_network: confirmation_prompt = "A virtual network with the same name ({}) was found. \n"\ "Please note that the existing address space and subnets may be changed or destroyed. \n"\ "Do you want to use this virtual network? (y/n): ".format(virtual_network_name) deny_error = AccountSetupError( "Virtual network already exists, not recreating.") unrecognized_input_error = AccountSetupError("Input not recognized.") prompt_for_confirmation(confirmation_prompt, deny_error, unrecognized_input_error) virtual_network = network_client.virtual_networks.create_or_update( resource_group_name=resource_group_name, virtual_network_name=kwargs.get("virtual_network_name", DefaultSettings.virtual_network_name), parameters=VirtualNetwork(location=kwargs.get("region", DefaultSettings.region), address_space=AddressSpace(["10.0.0.0/24"]))) virtual_network = virtual_network.result() subnet = network_client.subnets.create_or_update( resource_group_name=resource_group_name, virtual_network_name=virtual_network_name, subnet_name=subnet_name, subnet_parameters=Subnet(address_prefix='10.0.0.0/24')) return subnet.result().id
def configure(): subscription_id, tenant_id = get_credentials() credentials = authenticate_device_code(tenant_id) resource_client = ResourceManagementClient(credentials, subscription_id) network_client = NetworkManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) rg = choose(list(resource_client.resource_groups.list()), "resource group", lambda x: x.name) storage_accounts = {} print("Configuring flow logs for all network security groups in resource group " + rg.name) nsgs = list(network_client.network_security_groups.list(rg.name)) for nsg in nsgs: nw_name = "NetworkWatcher_" + nsg.location if nsg.location not in storage_accounts: network_client.network_watchers.create_or_update("NetworkWatcherRG", nw_name, { "enabled": "true", "location": nsg.location }) sleep(3) # waiting for resource to be truly created print("enabled default network watcher for " + nsg.location + " location") available_storage_accounts = [sa for sa in storage_client.storage_accounts.list_by_resource_group(rg.name) if sa.location == nsg.location] storage_accounts[nsg.location] = choose(available_storage_accounts, "storage account for " + nsg.location + " location", lambda x: x.name, "It is highly recommended to have a dedicated storage account for Flow-Logs, " "if you dont have any, please configure one in the Azure Portal and re-run the script to choose it") network_client.network_watchers.set_flow_log_configuration( "NetworkWatcherRG", nw_name, { "enabled": "true", "target_resource_id": nsg.id, "storage_id": storage_accounts[nsg.location].id, "format": { "type": "JSON", "version": "2" } }) print("enabled flow-logs for nsg " + nsg.name) return { "subscription_id": subscription_id, "resource_group": rg.name, "storage_accounts": [{ "name": sa.name, "key": next(filter(lambda x: x.key_name == STORAGE_ACCOUNTS_KEY, storage_client.storage_accounts.list_keys(rg.name, sa.name).keys)).value, "network_security_groups": [nsg.name for nsg in nsgs if nsg.location == sa.location] } for sa in storage_accounts.values()] }
def _reload_connection(self): """ Sets connections to work with Azure service APIs :return: """ self.logger.debug('Reloading API Connection') try: self.conn = ResourceManagementClient(self.credentials, self.subscription_id) self.conn_compute = ComputeManagementClient(self.credentials, self.subscription_id) self.conn_vnet = NetworkManagementClient(self.credentials, self.subscription_id) self._check_or_create_resource_group() self._check_or_create_vnet() except Exception as e: self.format_vimconn_exception(e)
def vpn_site_connection_get(siteName, credentials=None): """Get AVW gateway site connection status to AVW Hub.""" # setup Azure Login Credentials from Environmental Variables if not credentials: credentials = get_credentials() # Connect to Azure APIs and get session details network_client = NetworkManagementClient( credentials, os.environ.get('ARM_SUBSCRIPTION_ID')) # Show VPN Site Connection Status to VPNG return network_client.vpn_connections.get(os.environ.get('GROUP_NAME'), os.environ.get('VPNG_NAME'), 'CONNECTION_' + siteName, custom_headers=None, raw=False)
def get_public_ip(vm_obj): credential = AzureCliCredential() subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"] network_client = NetworkManagementClient(credential ,subscription_id) interface = vm_obj.network_profile.network_interfaces[0] name=" ".join(interface.id.split('/')[-1:]) sub="".join(interface.id.split('/')[4]) ip_config=network_client.network_interfaces.get(sub, name).ip_configurations ip_reference = ip_config[0].public_ip_address ip_reference = ip_reference.id.split('/') ip_group = ip_reference[4] ip_name = ip_reference[8] public_ip = network_client.public_ip_addresses.get(ip_group, ip_name) return public_ip.ip_address
def wujianhua_NetworkInt(AzureServicePrincipalcredentials=AzureServicePrincipalcredentials, subscription_id=wujianhua_subscription_id, resource_group=wujianhua_resource_group, location=wujianhua_location, vm_subnet_id=None): # provision a network interface for VM. print("Beginning the provisioing of the network interface - {}\n\n".format(wujianhua_resource_group)) network_client = NetworkManagementClient( AzureServicePrincipalcredentials, subscription_id ) public_ip_address_name = "wujianhuaPubIPAddress" # the name of public IP address async_public_ip_address = network_client.public_ip_addresses.create_or_update( resource_group, public_ip_address_name, { "location": location, "sku": { "name": "Basic" }, "public_ip_allocation_method": "Dynamic", "public_ip_address_version": "IPv4" } ) async_public_ip_address.wait() publicIPAddress = network_client.public_ip_addresses.get( resource_group, public_ip_address_name, ) async_network_interface = network_client.network_interfaces.create_or_update( resource_group, 'wujianhuaint', { "location": location, "ip_configurations": [{ "name": "wujianhua", "subnet": { "id": vm_subnet_id }, "public_ip_address": publicIPAddress }] } ) async_network_interface.wait() network_int_id = async_network_interface.result().id return network_int_id
def main(): SUBSCRIPTION_ID = os.environ.get("SUBSCRIPTION_ID", None) GROUP_NAME = "testgroupx" PUBLIC_IP_PREFIX = "public_ip_prefixxxyyzz" # Create client # For other authentication approaches, please see: https://pypi.org/project/azure-identity/ resource_client = ResourceManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) network_client = NetworkManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) # Create resource group resource_client.resource_groups.create_or_update(GROUP_NAME, {"location": "eastus"}) # Create public ip prefix public_ip_prefix = network_client.public_ip_prefixes.begin_create_or_update( GROUP_NAME, PUBLIC_IP_PREFIX, { "location": "westus", "prefix_length": "30", "sku": { "name": "Standard" } }).result() print("Create public ip prefix:\n{}".format(public_ip_prefix)) # Get public ip prefix public_ip_prefix = network_client.public_ip_prefixes.get( GROUP_NAME, PUBLIC_IP_PREFIX) print("Get public ip prefix:\n{}".format(public_ip_prefix)) # Update public ip prefix public_ip_prefix = network_client.public_ip_prefixes.update_tags( GROUP_NAME, PUBLIC_IP_PREFIX, {"tags": { "tag1": "value1", "tag2": "value2" }}) print("Update public ip prefix:\n{}".format(public_ip_prefix)) # Delete public ip prefix public_ip_prefix = network_client.public_ip_prefixes.begin_delete( GROUP_NAME, PUBLIC_IP_PREFIX).result() print("Delete public ip prefix.\n") # Delete Group resource_client.resource_groups.begin_delete(GROUP_NAME).result()
def main(): SUBSCRIPTION_ID = os.environ.get("SUBSCRIPTION_ID", None) GROUP_NAME = "testgroupx" VIRTUAL_WAN = "virtual_wanxxyyzz" # Create client # For other authentication approaches, please see: https://pypi.org/project/azure-identity/ resource_client = ResourceManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) network_client = NetworkManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) # Create resource group resource_client.resource_groups.create_or_update(GROUP_NAME, {"location": "eastus"}) # Create virtual wan virtual_wan = network_client.virtual_wans.begin_create_or_update( GROUP_NAME, VIRTUAL_WAN, { "location": "West US", "tags": { "key1": "value1" }, "disable_vpn_encryption": False, "type": "Basic" }).result() print("Create virtual wan:\n{}".format(virtual_wan)) # Get virtual wan virtual_wan = network_client.virtual_wans.get(GROUP_NAME, VIRTUAL_WAN) print("Get virtual wan:\n{}".format(virtual_wan)) # Update virtual wan virtual_wan = network_client.virtual_wans.update_tags( GROUP_NAME, VIRTUAL_WAN, {"tags": { "tag1": "value1", "tag2": "value2" }}) print("Update virtual wan:\n{}".format(virtual_wan)) # Delete virtual wan virtual_wan = network_client.virtual_wans.begin_delete( GROUP_NAME, VIRTUAL_WAN).result() print("Delete virtual wan.\n") # Delete Group resource_client.resource_groups.begin_delete(GROUP_NAME).result()
def discover_resources(**kwargs): discovered_virtual_nets = [] for handler in AzureARMHandler.objects.all(): set_progress('Connecting to Azure networks \ for handler: {}'.format(handler)) credentials = ServicePrincipalCredentials(client_id=handler.client_id, secret=handler.secret, tenant=handler.tenant_id) network_client = NetworkManagementClient(credentials, handler.serviceaccount) azure_resources_client = resources.ResourceManagementClient( credentials, handler.serviceaccount) for resource_group in azure_resources_client.resource_groups.list(): try: for security_group in network_client.network_security_groups.list( resource_group_name=resource_group.name): for security_rule in network_client.security_rules.list( resource_group_name=resource_group.name, network_security_group_name=security_group.as_dict( )['name']): discovered_virtual_nets.append({ 'name': 'Azure Security rule - ' + security_group.as_dict()['name'] + " " + security_rule.as_dict()['direction'], 'azure_network_security_group_name': security_group.as_dict()['name'], 'azure_location': security_group.as_dict()['location'], 'azure_rh_id': handler.id, 'resource_group_name': resource_group.name, 'azure_security_rule_protocol': security_rule.as_dict()['protocol'], 'azure_security_rule_access': security_rule.as_dict()['access'], 'azure_security_rule_direction': security_rule.as_dict()['direction'], 'azure_security_rule_name': security_rule.as_dict()['name'], }) except CloudError as e: set_progress('Azure Clouderror: {}'.format(e)) continue return discovered_virtual_nets
def main(): SUBSCRIPTION_ID = os.environ.get("SUBSCRIPTION_ID", None) GROUP_NAME = "testgroupx" LOCAL_NETWORK_GATEWAY = "local_network_gatewayxxyyzz" # Create client # For other authentication approaches, please see: https://pypi.org/project/azure-identity/ resource_client = ResourceManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) network_client = NetworkManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) # Create resource group resource_client.resource_groups.create_or_update(GROUP_NAME, {"location": "eastus"}) # Create local network gateway local_network_gateway = network_client.local_network_gateways.begin_create_or_update( GROUP_NAME, LOCAL_NETWORK_GATEWAY, { "local_network_address_space": { "address_prefixes": ["10.1.0.0/16"] }, "gateway_ip_address": "11.12.13.14", "location": "eastus" }).result() print("Create local network gateway:\n{}".format(local_network_gateway)) # Get local network gateway local_network_gateway = network_client.local_network_gateways.get( GROUP_NAME, LOCAL_NETWORK_GATEWAY) print("Get local network gateway:\n{}".format(local_network_gateway)) # Update local network gateway local_network_gateway = network_client.local_network_gateways.update_tags( GROUP_NAME, LOCAL_NETWORK_GATEWAY, {"tags": { "tag1": "value1", "tag2": "value2" }}) print("Update local network gateway:\n{}".format(local_network_gateway)) # Delete local network gateway local_network_gateway = network_client.local_network_gateways.begin_delete( GROUP_NAME, LOCAL_NETWORK_GATEWAY).result() print("Delete local network gateway.\n") # Delete Group resource_client.resource_groups.begin_delete(GROUP_NAME).result()
def run(self): #---- """Resource Group management example.""" # # Create all clients with an Application (service principal) token provider # subscription_id = os.environ.get('AZURE_SUBSCRIPTION_ID', 'ef80a466-7372-49e9-b247-57b95886881c' ) # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id='445a1911-819a-41e8-a093-adfd66ca5ccd', secret='rJ--cHsg@=fucrddh3svx1VUe91q2h1N', tenant='8ee0f3e4-b788-4efa-bd84-e6bfe7fe9943') resource_client = ResourceManagementClient(credentials, subscription_id) compute_client = ComputeManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) network_client = NetworkManagementClient(credentials, subscription_id) ########### # Prepare # ########### # Create Resource group print('\nCreate Resource Group') resource_client.resource_groups.create_or_update( GROUP_NAME, {'location': LOCATION}) # Create a storage account print('\nCreate a storage account') storage_async_operation = storage_client.storage_accounts.create( GROUP_NAME, STORAGE_ACCOUNT_NAME, { 'sku': { 'name': 'standard_lrs' }, 'kind': 'storage', 'location': LOCATION }) storage_async_operation.wait() # List VM in resource group print('\nList VMs in resource group') # Delete VM # print('\nDelete VM') # async_vm_delete = compute_client.virtual_machines.delete( # GROUP_NAME, VM_NAME) # async_vm_delete.wait() return
def main(): template = get_resource_group_details(subscription_id, creds, res_name) network_client = NetworkManagementClient(creds, subscription_id) for vm in template.vms: ni_reference = vm.network_profile.network_interfaces[0] ni_reference = ni_reference.id.split('/') ni_group = ni_reference[4] ni_name = ni_reference[8] net_interface = network_client.network_interfaces.get( ni_group, ni_name) import pdb pdb.set_trace() private_ip = net_interface.ip_configurations[0].private_ip_address vmname = vm.name
def delete_azurevnetpeering(rg1, rg2, vnet1, vnet2, peering1, peering2, module, result): credentialvars = get_azurecredentials(module, result) credentials = ServicePrincipalCredentials(client_id=(credentialvars[1]), secret=credentialvars[2], tenant=credentialvars[3]) network_client = NetworkManagementClient(credentials, credentialvars[0]) try: network_client.virtual_network_peerings.delete(rg1, vnet1, peering1) network_client.virtual_network_peerings.delete(rg2, vnet2, peering2) except Exception as e: module.fail_json(msg="Error: Failed to delete Azure Vnet Peering: " + e.message, **result)
def azure_connect_service(service, credentials, region_name=None): try: if service == 'storageaccounts': return StorageManagementClient(credentials.credentials, credentials.subscription_id) elif service == 'sqldatabase': return SqlManagementClient(credentials.credentials, credentials.subscription_id) elif service == 'keyvault': return KeyVaultManagementClient(credentials.credentials, credentials.subscription_id) elif service == 'appgateway': return NetworkManagementClient(credentials.credentials, credentials.subscription_id) elif service == 'network': return NetworkManagementClient(credentials.credentials, credentials.subscription_id) elif service == 'rediscache': return RedisManagementClient(credentials.credentials, credentials.subscription_id) elif service == 'securitycenter': return SecurityCenter(credentials.credentials, credentials.subscription_id, '') elif service == 'appservice': return WebSiteManagementClient(credentials.credentials, credentials.subscription_id) elif service == 'loadbalancer': return NetworkManagementClient(credentials.credentials, credentials.subscription_id) else: print_exception('Service %s not supported' % service) return None except Exception as e: print_exception(e) return None
def __init__(self, credentials, subscription_id): self.subscription_id = subscription_id # Generate user service principal credentials self.credentials = credentials # Create ARM resource client self.resource_group_client = ResourceManagementClient( self.credentials, self.subscription_id) self.network_client = NetworkManagementClient(self.credentials, self.subscription_id) self.compute_client = ComputeManagementClient(self.credentials, self.subscription_id) self.workers_list = []
def get_azure_network_client(config): from azure.mgmt.network import NetworkManagementClient cloud_environment = get_azure_cloud_environment(config) credentials = get_azure_credentials(config) if cloud_environment: try: network_client = NetworkManagementClient( credentials, config.SubscriptionId, base_url=cloud_environment.endpoints.resource_manager, credential_scopes=[ cloud_environment.endpoints.resource_manager + "/.default" ]) except TypeError: network_client = NetworkManagementClient( credentials, config.SubscriptionId, base_url=cloud_environment.endpoints.resource_manager) else: network_client = NetworkManagementClient(credentials, config.SubscriptionId) return network_client
def run_main(): subscription_id = os.environ.get( AZURE_SUBSCRIPTION_ID, '1111111122222222333333334444444455') # your Azure Subscription Id credentials = ServicePrincipalCredentials( client_id = AZURE_CLIENT_ID, secret = AZURE_CLIENT_SECRET, tenant = AZURE_TENANT_ID ) resource_client = ResourceManagementClient(credentials, subscription_id) compute_client = ComputeManagementClient(credentials, subscription_id) storage_client = StorageManagementClient(credentials, subscription_id) network_client = NetworkManagementClient(credentials, subscription_id) # Create Resource group print('\nCreate Resource Group') resource_client.resource_groups.create_or_update(GROUP_NAME, {'location':LOCATION}) # Create a storage account print('\nCreate a storage account') storage_async_operation = storage_client.storage_accounts.create( GROUP_NAME, STORAGE_ACCOUNT_NAME, { 'sku': {'name': 'standard_lrs'}, 'kind': 'storage', 'location': LOCATION } ) storage_async_operation.wait() # Create a NIC nic = create_nic(network_client) # Create Linux VM print('\nCreating Red Hat Enterprise Linux Virtual Machine') vm_parameters = create_vm_parameters(nic.id, VM_REFERENCE) async_vm_creation = compute_client.virtual_machines.create_or_update( GROUP_NAME, VM_NAME, vm_parameters) async_vm_creation.wait() # Start the VM print('\nStart VM') async_vm_start = compute_client.virtual_machines.start(GROUP_NAME, VM_NAME) async_vm_start.wait()
def __init__( self, azure_subscription_id, azure_tenant_id, azure_application_id, azure_application_key, logger, ): """Init command. :param str azure_subscription_id: :param str azure_tenant_id: :param str azure_application_id: :param str azure_application_key: :param str azure_application_key: :param logging.Logger logger: """ self._azure_subscription_id = azure_subscription_id self._azure_tenant_id = azure_tenant_id self._azure_application_id = azure_application_id self._azure_application_key = azure_application_key self._logger = logger self._cached_storage_account_keys = {} self._credentials = ServicePrincipalCredentials( client_id=azure_application_id, secret=azure_application_key, tenant=azure_tenant_id, ) self._subscription_client = SubscriptionClient( credentials=self._credentials) self._resource_client = ResourceManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._compute_client = ComputeManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._storage_client = StorageManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._network_client = NetworkManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id)
def main(req: func.HttpRequest) -> func.HttpResponse: logging.info('Python HTTP trigger function processed a request') tag = "quarantine" try: req_body = req.get_json() tenant = req_body.get('tenant') client_id = req_body.get('client_id') secret = req_body.get('secret') sub_id = req_body.get('subscription_id') ip = req_body.get('ip') group_name = req_body.get('group_name') location = req_body.get('location') tag = req_body.get('tag') except ValueError: logging.info(req.get_body()) return func.HttpResponse( "Wrong body format. Usage:\n{\n" + "\ttenant: {{tenant_id}}\n" + "\tclient_id: {{client_id}}\n" + "\tsecret: {{secret}}\n" + "\tsub_id: {{sub_id}}\n" + "\tgroup_name: {{group_name}}\n" + "\tlocation: francecentral\n" + "\ttag: {{tag}}\n" + "\tip: 1.1.1.1\n" + "}", status_code=400 ) try: credentials = ServicePrincipalCredentials(client_id=client_id, secret=secret, tenant=tenant) network_client = NetworkManagementClient(credentials, sub_id) compute_client = ComputeManagementClient(credentials, sub_id) if(tag_compromised_vm(compute_client, network_client, group_name, location, ip, tag)): return func.HttpResponse("Tag added") except Exception as e: logging.debug(str(e)) return func.HttpResponse(str(e), status_code=500) res = "IP address " + ip + " not found in " + group_name logging.info(res) return func.HttpResponse(res, status_code=409)
def main(): SUBSCRIPTION_ID = os.environ.get("SUBSCRIPTION_ID", None) GROUP_NAME = "testgroupx" VIRTUAL_NETWORK_NAME = "virtualnetwork" # Create client # For other authentication approaches, please see: https://pypi.org/project/azure-identity/ resource_client = ResourceManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) network_client = NetworkManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) # Create resource group resource_client.resource_groups.create_or_update(GROUP_NAME, {"location": "eastus"}) # Create virtual network network = network_client.virtual_networks.begin_create_or_update( GROUP_NAME, VIRTUAL_NETWORK_NAME, { "address_space": { "address_prefixes": ["10.0.0.0/16"] }, "location": "eastus" }).result() print("Create virtual network:\n{}".format(network)) # Get virtual network network = network_client.virtual_networks.get(GROUP_NAME, VIRTUAL_NETWORK_NAME) print("Get virtual network:\n{}".format(network)) # Update virtual network tags network = network_client.virtual_networks.update_tags( GROUP_NAME, VIRTUAL_NETWORK_NAME, {"tags": { "tag1": "value1", "tag2": "value2" }}) print("Update virtual network tags:\n{}".format(network)) # Delete virtual network network_client.virtual_networks.begin_delete( GROUP_NAME, VIRTUAL_NETWORK_NAME).result() print("Delete virtual network.\n") # Delete Group resource_client.resource_groups.begin_delete(GROUP_NAME).result()
def create_nets(self, radl, credentials, subscription_id, group_name): network_client = NetworkManagementClient(credentials, subscription_id) location = self.DEFAULT_LOCATION if radl.systems[0].getValue('availability_zone'): location = radl.systems[0].getValue('availability_zone') # check if the vnet exists vnet = None try: vnet = network_client.virtual_networks.get(group_name, "privates") except Exception: pass if not vnet: vnet_cird = self.get_nets_common_cird(radl) # Create VNet in the RG of the Inf async_vnet_creation = network_client.virtual_networks.create_or_update( group_name, "privates", { 'location': location, 'address_space': { 'address_prefixes': [vnet_cird] } } ) async_vnet_creation.wait() subnets = {} for i, net in enumerate(radl.networks): subnet_name = net.id net_cidr = net.getValue('cidr') if not net_cidr: net_cidr = '10.0.%d.0/24' % i # Create Subnet in the RG of the Inf async_subnet_creation = network_client.subnets.create_or_update( group_name, "privates", subnet_name, {'address_prefix': net_cidr} ) subnets[net.id] = async_subnet_creation.result() net.setValue('cidr', net_cidr) else: subnets = {} for i, net in enumerate(radl.networks): subnets[net.id] = network_client.subnets.get(group_name, "privates", net.id) return subnets
def delete_nic(request, ressource_id, nic_id): ressource = get_object_or_404(Ressources, pk=ressource_id) nic = Nic.objects.get(pk=nic_id) userCloud = get_object_or_404(UserCloud, user=(request.user)) subscription_id = userCloud.subscription_id # your Azure Subscription Id credentials = ServicePrincipalCredentials(client_id=userCloud.client_id, secret=userCloud.secret, tenant=userCloud.tenant) network_client = NetworkManagementClient(credentials, subscription_id) async_nic_delete = network_client.network_interfaces.delete( nic.ressource.groupe_name, nic.nic_name) nic.delete() return render(request, 'ressource/detail_ressource.html', {'ressource': ressource})
def __init__(self, provider_config, cluster_name): NodeProvider.__init__(self, provider_config, cluster_name) subscription_id = provider_config["subscription_id"] credential = DefaultAzureCredential( exclude_shared_token_cache_credential=True) self.compute_client = ComputeManagementClient(credential, subscription_id) self.network_client = NetworkManagementClient(credential, subscription_id) self.resource_client = ResourceManagementClient( credential, subscription_id) self.lock = RLock() # cache node objects self.cached_nodes = {}
def main(): SUBSCRIPTION_ID = os.environ.get("SUBSCRIPTION_ID", None) GROUP_NAME = "testgroupx" SUBNET = "subnetxxyyzz" VIRTUAL_NETWORK_NAME = "virtualnetworkxxxyyzz" # Create client # For other authentication approaches, please see: https://pypi.org/project/azure-identity/ resource_client = ResourceManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) network_client = NetworkManagementClient( credential=DefaultAzureCredential(), subscription_id=SUBSCRIPTION_ID) # Create resource group resource_client.resource_groups.create_or_update(GROUP_NAME, {"location": "eastus"}) # Create virtual network network_client.virtual_networks.begin_create_or_update( GROUP_NAME, VIRTUAL_NETWORK_NAME, { "address_space": { "address_prefixes": ["10.0.0.0/16"] }, "location": "eastus" }).result() # Create subnet subnet = network_client.subnets.begin_create_or_update( GROUP_NAME, VIRTUAL_NETWORK_NAME, SUBNET, { "address_prefix": "10.0.0.0/24" }).result() print("Create subnet:\n{}".format(subnet)) # Get subnet subnet = network_client.subnets.get(GROUP_NAME, VIRTUAL_NETWORK_NAME, SUBNET) print("Get subnet:\n{}".format(subnet)) # Delete subnet subnet = network_client.subnets.begin_delete(GROUP_NAME, VIRTUAL_NETWORK_NAME, SUBNET).result() print("Delete subnet.\n") # Delete Group resource_client.resource_groups.begin_delete(GROUP_NAME).result()
def run_action(credentials, rule, entity, params): storage_account_name, sa_resource_group_name, network_watcher_name, retention_days, flow_log_name = params logging.info(f'{__file__} - run_action started') subscription_id = entity.get('accountNumber') region = entity.get('region') nsg_name = entity.get('name') logging.info( f'{__file__} - subscription_id : {subscription_id} - nsg_name : {nsg_name}' ) target_resource_path = entity.get('id') storage_account_path = '/subscriptions/' + subscription_id + '/resourceGroups/' + sa_resource_group_name + '/providers/Microsoft.Storage/storageAccounts/' + storage_account_name if not subscription_id or not credentials: msg = 'Error! Subscription id or Resource group name are missing.' logging.info(f'{__file__} - {msg}') return f'{msg}' network_client = NetworkManagementClient(credentials, subscription_id) flow_log_parameters = { 'location': region, 'target_resource_id': target_resource_path, 'storage_id': storage_account_path, 'enabled': True, 'retention_policy': { 'days': retention_days, 'enabled': True }, 'format': { 'type': 'JSON', 'version': 2 } } try: network_client.flow_logs.begin_create_or_update( nw_resource_group_name, network_watcher_name, flow_log_name, flow_log_parameters) msg = f'Network Security group flow logs have been enabled on: {nsg_name}' logging.info(f'{__file__} - {msg}') return f'{msg}' except HttpResponseError as e: msg = f'unexpected error : {e.message}' logging.info(f'{__file__} - {msg}') return f'{msg}'
def discover_resources(**kwargs): discovered_virtual_nets = [] # 1. Loop through all Azure RHs for handler in AzureARMHandler.objects.all(): set_progress('Connecting to Azure virtual networks \ for handler: {}'.format(handler)) credentials = ServicePrincipalCredentials( client_id=handler.client_id, secret=handler.secret, tenant=handler.azure_tenant_id, ) network_client = NetworkManagementClient(credentials, handler.serviceaccount) azure_resources_client = resources.ResourceManagementClient( credentials, handler.serviceaccount) # 2. Now get all VNets for the current RH for resource_group in azure_resources_client.resource_groups.list(): try: for virtual_net in network_client.virtual_networks.list( resource_group_name=resource_group.name): discovered_virtual_nets.append({ 'name': virtual_net.as_dict()['name'] + " - " + resource_group.name, 'azure_virtual_net_name': virtual_net.as_dict()['name'] + " - " + resource_group.name, 'vpn_adress_prefixes': ','.join(virtual_net.as_dict()['address_space'] ['address_prefixes']), 'azure_location': virtual_net.as_dict()['location'], 'azure_rh_id': handler.id, 'resource_group_name': resource_group.name, }) except CloudError as e: set_progress('Azure Clouderror: {}'.format(e)) continue # 3. Return discovered VNets for all RHs return discovered_virtual_nets