def execute_deployment_test( self, args: dict, configuration_path: str, environment_type: str) -> bool: from orchestration.common.factory import ObjectFactory from orchestration.common.parameter_initializer import ParameterInitializer factory = ObjectFactory(is_live_mode=self.is_live) parameter_initializer = \ factory.get_parameter_initializer() parameter_initializer.initialize( args, configuration_path, is_live_mode=self.is_live) from orchestration.resource_deployment import ResourceDeployment resourceDeployment = ResourceDeployment( parameter_initializer._data_store, parameter_initializer._resource_management_integration_service, parameter_initializer._policy_integration_service, parameter_initializer._aad_cli_integration_service, parameter_initializer._keyvault_cli_integration_service, parameter_initializer._module_version_retrieval, parameter_initializer._vdc_storage_account_name, parameter_initializer._vdc_storage_account_subscription_id, parameter_initializer._vdc_storage_account_resource_group, parameter_initializer._validate_deployment, parameter_initializer._deploy_all_modules, parameter_initializer._deployment_configuration_path, parameter_initializer._module_deployment_order, parameter_initializer._resource_group, parameter_initializer._single_module, parameter_initializer._deploy_module_dependencies, parameter_initializer._upload_scripts, parameter_initializer._create_vdc_storage, parameter_initializer._shared_services_deployment_name, parameter_initializer._deployment_name, parameter_initializer._location, parameter_initializer._tenant_id, parameter_initializer._subscription_id, parameter_initializer._shared_services_subscription_id, parameter_initializer._service_principals, parameter_initializer._organization_name, parameter_initializer._encryption_keys_for, parameter_initializer._module_dependencies, parameter_initializer._environment_type, parameter_initializer._json_parameters, parameter_initializer._import_module, parameter_initializer._custom_scripts_path, parameter_initializer._environment_keys, from_integration_test=True) # Invoke deployment successful: list = resourceDeployment.create() return len(successful) > 0
def _initialize_integration_objects( self, is_recording: bool): """Function that initializes integration objects used during a resource deployment :param is_recording: Value set to True when running integration tests recording (using VCR.py) all HTTP interactions :type is_recording: bool """ object_factory = ObjectFactory(is_recording) self._data_store = \ object_factory.storage_factory( StorageType.BLOB_STORAGE, client_id=self._client_id, secret=self._secret, tenant_id=self._tenant_id, location=self._location, subscription_id=self._vdc_storage_account_subscription_id, storage_account_name=self._vdc_storage_account_name, storage_account_resource_group=self._vdc_storage_account_resource_group) self._resource_management_integration_service = \ object_factory.integration_factory( IntegrationType.RESOURCE_MANAGEMENT_CLIENT_SDK, client_id=self._client_id, secret=self._secret, tenant_id=self._tenant_id, subscription_id=self._subscription_id) self._policy_integration_service = \ object_factory.integration_factory( IntegrationType.POLICY_CLIENT_SDK, client_id=self._client_id, secret=self._secret, tenant_id=self._tenant_id, subscription_id=self._subscription_id, api_version='2018-05-01') self._management_lock_integration_service = \ object_factory.integration_factory( IntegrationType.MANAGEMENT_LOCK_CLIENT_SDK, client_id=self._client_id, secret=self._secret, tenant_id=self._tenant_id, subscription_id=self._subscription_id) self._aad_cli_integration_service = \ object_factory.integration_factory( IntegrationType.AAD_CLIENT_CLI) self._keyvault_cli_integration_service = \ object_factory.integration_factory( IntegrationType.KEYVAULT_CLIENT_CLI)
def create_management_group(args): object_factory = ObjectFactory(is_live_mode=True) management_group_integration_service = \ object_factory.integration_factory( IntegrationType.MANAGEMENT_GROUP_CLIENT_SDK, client_id=args.client_id, secret=args.secret, tenant_id=args.tenant_id) subscription_integration_service = \ object_factory.integration_factory( IntegrationType.SUBSCRIPTION_CLIENT_SDK, client_id=args.client_id, secret=args.secret, tenant_id=args.tenant_id) billing_integration_service = \ object_factory.integration_factory( IntegrationType.BILLING_CLIENT_SDK, client_id=args.client_id, secret=args.secret, tenant_id=args.tenant_id) subscription_management = \ SubscriptionManagement( management_group_integration_service, subscription_integration_service, billing_integration_service) subscription_management.create_management_group( management_group_id=args.id, subscription_id=args.subscription_id, subscription_name=args.subscription_name) import sys sys.stdout.write(args.id) _logger.info("Management group successfully created")
def associate_mgmt_group(args): object_factory = ObjectFactory(is_live_mode=True) management_group_integration_service = \ object_factory.integration_factory( IntegrationType.MANAGEMENT_GROUP_CLIENT_SDK, client_id=args.client_id, secret=args.secret, tenant_id=args.tenant_id) subscription_integration_service = \ object_factory.integration_factory( IntegrationType.SUBSCRIPTION_CLIENT_SDK, client_id=args.client_id, secret=args.secret, tenant_id=args.tenant_id) billing_integration_service = \ object_factory.integration_factory( IntegrationType.BILLING_CLIENT_SDK, client_id=args.client_id, secret=args.secret, tenant_id=args.tenant_id) subscription_management = \ SubscriptionManagement( management_group_integration_service, subscription_integration_service, billing_integration_service) subscription_management\ .associate_subscription_to_management_group( management_group_id=args.management_group_id, subscription_id=args.subscription_id) _logger.info("Subscription successfully associated to Management group")
def setUp(self): super(SubscriptionManagementTests, self).setUp() object_factory = \ ObjectFactory(is_live_mode=self.is_live) client_id = None secret = None tenant_id = None management_group_integration_service = \ object_factory.integration_factory( IntegrationType.MANAGEMENT_GROUP_CLIENT_SDK, client_id=client_id, secret=secret, tenant_id=tenant_id) subscription_integration_service = \ object_factory.integration_factory( IntegrationType.SUBSCRIPTION_CLIENT_SDK, client_id=client_id, secret=secret, tenant_id=tenant_id) # Setting a dummy subscription Id, this is to prevent # billing client sdk instance from failing. # If you are running in live mode, make sure to update # subscription_id with a valid value billing_integration_service = \ object_factory.integration_factory( IntegrationType.BILLING_CLIENT_SDK, client_id=client_id, secret=secret, tenant_id=tenant_id, subscription_id='00000000-0000-0000-0000-000000000000') self._subscription_management = SubscriptionManagement( management_group_integration_service, subscription_integration_service, billing_integration_service)
def create_deployment(parsed_args): # Gather the provided argument within an array. args = vars(parsed_args) # Capture the parameters provided for debugging. _logger.debug('The parameters extracted were: {}'.format(args)) configuration_path = args['configuration-path'] # Setting deployment-type -> shared-services | workload | on-premises environment = args['environment-type'] _logger.info('Provisioning the following environment: {}'.format(environment)) _logger.info('Deployment path is: {}'.format(configuration_path)) #----------------------------------------------------------------------------- # Call the function indicated by the invocation command. #----------------------------------------------------------------------------- try: all_configuration_paths = list() all_configuration_paths = \ configuration_path.split(',') _logger\ .info('Configuration path(s): {}'\ .format(all_configuration_paths)) is_live_mode = True from orchestration.common.factory import ObjectFactory from orchestration.common.parameter_initializer import ParameterInitializer factory = ObjectFactory(is_live_mode=is_live_mode) for path in all_configuration_paths: parameter_initializer = \ factory.get_parameter_initializer() parameter_initializer.initialize( args, path, is_live_mode=is_live_mode) from orchestration.resource_deployment import ResourceDeployment resourceDeployment = ResourceDeployment( parameter_initializer._data_store, parameter_initializer._resource_management_integration_service, parameter_initializer._policy_integration_service, parameter_initializer._aad_cli_integration_service, parameter_initializer._keyvault_cli_integration_service, parameter_initializer._module_version_retrieval, parameter_initializer._vdc_storage_account_name, parameter_initializer._vdc_storage_account_subscription_id, parameter_initializer._vdc_storage_account_resource_group, parameter_initializer._validate_deployment, parameter_initializer._deploy_all_modules, parameter_initializer._deployment_configuration_path, parameter_initializer._module_deployment_order, parameter_initializer._resource_group, parameter_initializer._single_module, parameter_initializer._deploy_module_dependencies, parameter_initializer._upload_scripts, parameter_initializer._create_vdc_storage, parameter_initializer._shared_services_deployment_name, parameter_initializer._deployment_name, parameter_initializer._location, parameter_initializer._tenant_id, parameter_initializer._subscription_id, parameter_initializer._shared_services_subscription_id, parameter_initializer._service_principals, parameter_initializer._organization_name, parameter_initializer._encryption_keys_for, parameter_initializer._module_dependencies, parameter_initializer._environment_type, parameter_initializer._json_parameters, parameter_initializer._import_module, parameter_initializer._custom_scripts_path, parameter_initializer._environment_keys) # Invoke deployment resourceDeployment.create() except Exception as ex: _logger.error('There was an unhandled error while provisioning the resources.') _logger.error(ex) exit()
def main(): '''Main module used to assign policies provided within a json file. This module takes in a policy file containing a list of json arm policy definitions. In addition, this module takes in a subscription id and optional resource group name, which are used to produce an assignment scope for the application of policies. Examples: $ python policyassignment.py -p parameters/shared-services|workload/azureDeploy.parameters.json -pf ../policies/policies/sub.arm.policies.json -s <subscription_id> $ python policyassignment.py -p parameters/shared-services|workload/azureDeploy.parameters.json -pf ../policies/policies/kv.arm.policies.json -s <subscription_id> -r <resource_group_name> Args: policies: A json file containing a lisy of arm policies. subscription: The subscription id used for the assignment of policies. group: The optional resource group name used for the assignment of policies. ''' # Logging configuration. #----------------------------------------------------------------------------- # Define some basic log configuration for if the script was called manually. logging.basicConfig(level=logging.INFO) # Parameter input. #----------------------------------------------------------------------------- # Define a parser to process the expected arguements. parser = ArgumentParser( description='Applies a set of ARM policies provided as a json file, at a given scope.') parser.add_argument('--configuration-file-path', type=FileType('r'), action='store', dest='configuration-path', required=True, help='Path to json file containing environment configuration information, environment where the policies will be applied') parser.add_argument('-file', '--policy-file', type=FileType('r'), action='store', dest='policies', required=True, help='Path to json file containing the policies to be applied.') parser.add_argument('--client-id', dest='client-id', action="store", type=str, required=False, help='Specifies the ClientId. This value can be a SPN or AAD Object ID') parser.add_argument('--secret', dest='secret', action="store", type=str, required=False, help="Specifies the ClientId's secret") parser.add_argument('--tenant-id', dest='tenant-id', action="store", type=str, required=False, help='Specifies the TenantId') parser.add_argument('-sid', '--subscription-id', dest='subscription-id', required=False, help='Specifies the subscription identifier where the resources will be provisioned') parser.add_argument('-rg', '--resource-group', type=str, action='store', dest='resource-group', required=False, help='Resource group name used for policy assignment scope.') parser.add_argument('--management-group-id', type=str, action='store', dest='management-group-id', required=False, help='Management Group Id used for policy assignment scope.') # Gather the provided arguments as an array. args = parser.parse_args() # Script kickoff. #----------------------------------------------------------------------------- _logger.debug('The policy assignment script was invoked with the following parameters: {}' .format(args)) _logger.info('Policy assignment script will define and assign the provided policies.') # Variable assignment. #----------------------------------------------------------------------------- # Let's convert args into a dictionary args = vars(args) # Assign these arguments to variables. json_policies = json.load(args['policies']) # Close the policy file. args['policies'].close() # Assign these arguments to variables. json_configuration = json.load(args['configuration-path']) # Close the policy file. args['configuration-path'].close() if 'shared-services' not in json_configuration or 'subscription-id' not in json_configuration['shared-services'] or json_configuration['shared-services']['subscription-id'] == None: _logger.error('Missing or empty shared-services.subscription-id value. This value is used to indicate the subscription identifier of VDC storage account') exit() vdc_storage_account_subscription_id = json_configuration['shared-services']['subscription-id'] vdc_storage_account_name = "vdcstrgaccount" vdc_storage_account_resource_group = "vdc-storage-rg" if 'vdc-storage-account-name' in json_configuration['general'] and json_configuration['general']['vdc-storage-account-name'] != None: vdc_storage_account_name = json_configuration['general']['vdc-storage-account-name'] if 'vdc-storage-account-rg' in json_configuration['general'] and json_configuration['general']['vdc-storage-account-rg'] != None: vdc_storage_account_resource_group = json_configuration['general']['vdc-storage-account-rg'] # Get the organization name if 'organization-name' not in json_configuration['general']: _logger.error('Organization name has not been provided in the parameters file') exit() organization_name = \ json_configuration['general']['organization-name'] if 'deployment-name' not in json_configuration['shared-services']: _logger.error('Deployment name has not been provided in the parameters file') exit() shared_services_deployment_name = \ json_configuration['shared-services']['deployment-name'] # Set the initial value deployment_name = \ json_configuration['shared-services']['deployment-name'] # Set a default value location = "West US" # Let's get the shared-services region (if set). # If we are deploying a workload, the next condition will grab the correct value if 'shared-services' in json_configuration and\ 'region' in json_configuration['shared-services']: location = json_configuration['shared-services']['region'] # If shared-services and workload parameters are present, it means we are deploying a workload, # otherwise shared-services parameter will only be present. if 'shared-services' in json_configuration and\ 'workload' in json_configuration: deployment_name = json_configuration['workload']['deployment-name'] # Since we are in the workload, let's verify if region has been specified if 'region' in json_configuration['workload']: location = json_configuration['workload']['region'] # Record the policies that were provided. _logger.debug('The following policies were provided: {}' .format(json_policies)) if args['subscription-id'] is None and\ args['resource-group'] is None and\ args['management-group-id'] is None: _logger.error('Subscription Id or Management Group Id must contain a value') exit() if args['resource-group'] is not None and\ args['subscription-id'] is None: _logger.error('Subscription Id must be specified when assigning a policy at the resource group level') exit() assignment_scope = \ '/subscriptions/{}'.format(args['subscription-id']) # Alter the policy scope if a resource group was provided. if args['management-group-id'] is not None: assignment_scope = \ '/providers/Microsoft.Management/managementGroups/{}'\ .format(args['management-group-id']) elif args['resource-group'] is not None: assignment_scope += \ '/resourceGroups/{}'\ .format(args['resource-group']) _logger.debug('The scope of policy assignments has been set to the {} resource group.' .format(args['resource-group'])) else: _logger.debug('The scope of policy assignments has been set to the {} subscription.' .format(args['subscription-id'])) # Policy invocation. #----------------------------------------------------------------------------- # Invoke the apply_policies function with the provided policies and scope. object_factory = ObjectFactory(is_live_mode=True) from orchestration.models.storage_type import StorageType data_store = object_factory.storage_factory( StorageType.BLOB_STORAGE, client_id=args['client-id'], secret=args['secret'], tenant_id=args['tenant-id'], location=location, subscription_id=vdc_storage_account_subscription_id, storage_account_name=vdc_storage_account_name, storage_account_resource_group=vdc_storage_account_resource_group) if args['subscription-id'] is None: sdk_integration_service = \ object_factory\ .integration_factory( IntegrationType.POLICY_CLIENT_SDK, client_id=args['client-id'], secret=args['secret'], tenant_id=args['tenant-id']) else: sdk_integration_service = \ object_factory\ .integration_factory( IntegrationType.POLICY_CLIENT_SDK, client_id=args['client-id'], secret=args['secret'], tenant_id=args['tenant-id'], subscription_id=args['subscription-id']) # Replace tokens, if any replaced_policies = helper.replace_string_tokens( json.dumps(json_policies['policies']), json_configuration, organization_name, shared_services_deployment_name, deployment_name, 'output', data_store) sdk_integration_service.create_and_assign_policy( scope=assignment_scope, policies=json.loads(replaced_policies), deployment_parameters=json_configuration) # Results. #----------------------------------------------------------------------------- # The main module has finished executing, so reflect this. _logger.info('-------------------------------------------------------------------------') _logger.info('Policy assignment script has finished executing.') _logger.info('-------------------------------------------------------------------------')
def initialize( self, args: dict, deployment_configuration_path: str, is_live_mode: bool): """Function initializes all required parameters used during resource deployment, resource validation and policy creation & assignment. :param args: Arguments received from command line :type args: dict :param deployment_configuration_path: Local path to the main parameters file (deployment configuration file) :type deployment_configuration_path: str :param is_live_mode: Boolean that is set to False when running integration tests in playback mode. Playback mode uses VCR.py to simulate HTTP interactions :type is_live_mode: bool """ self._logger.info('initializing parameters') # Setting defaults in case values are not passed self._vdc_storage_account_name = "vdcstrgaccount" self._vdc_storage_account_resource_group = "vdc-storage-rg" self._parameters_file_name = 'azureDeploy.parameters.json' self._deployment_file_name = 'azureDeploy.json' self._service_principals = list() self._deploy_all_modules = True self._deploy_module_dependencies = False self._deployment_configuration_path = deployment_configuration_path self._upload_scripts = False self._service_principals = None self._module_dependencies = None self._encryption_keys_for = None self._shared_services_subscription_id = '' self._vdc_storage_account_subscription_id = '' self._validate_deployment = False self._delete_validation_modules = False self._import_module = '' self._custom_scripts_path = '' # Let's set validate deployment boolean if 'validate-deployment' in args: self._validate_deployment = args['validate-deployment'] # Let's analyze if a single module will be deployed if args['module'] != None: self._deploy_all_modules = False # Let's get deployment parameters self._resource_group = args['resource-group'] self._environment_type = args['environment-type'] self._single_module = args['module'] self._client_id = None self._secret = None self._tenant_id = None self._create_vdc_storage = True if 'client-id' in args: self._client_id = args['client-id'] if 'secret' in args: self._secret = args['secret'] if 'tenant-id' in args: self._tenant_id = args['tenant-id'] self._subscription_id = '' if 'subscription-id' in args: self._subscription_id = args['subscription-id'] self._deploy_module_dependencies = args['deploy-module-dependencies'] self._upload_scripts = args['upload-scripts'] self._create_vdc_storage = args['create-vdc-storage'] self._delete_validation_modules = False if 'delete-validation-modules' in args: self._delete_validation_modules = \ args['delete-validation-modules'] # If is_live_mode is False, it means we are in playback mode, therefore use # test parameters file if not is_live_mode: self._parameters_file_name = 'archetype.test.json' # Let's analyze the parameters file # Parameters file overrides any argument passed if self._json_parameters is None: self._json_parameters = \ self._get_json_configuration_file(deployment_configuration_path) if self._subscription_id == '' and\ self._environment_type in self._json_parameters['general'] and\ 'subscription-id' in self._json_parameters['general'][self._environment_type]: self._subscription_id = \ self._json_parameters['general'][self._environment_type]['subscription-id'] self.validate_required_parameters( self._environment_type, deployment_configuration_path) self._location = \ self._json_parameters['general'][self._environment_type]['region'] if self._tenant_id == None: self._tenant_id = self._json_parameters['general']['tenant-id'] self._organization_name = \ self._json_parameters['general']['organization-name'] self._deployment_name = \ self._json_parameters['general'][self._environment_type]['deployment-name'] self._module_deployment_order = \ self._json_parameters['orchestration']['modules-to-deploy'] self._shared_services_deployment_name = \ self._json_parameters['shared-services']['deployment-name'] if 'shared-services' in self._json_parameters['general'] and \ 'subscription-id' in self._json_parameters['general']['shared-services']: self._shared_services_subscription_id = \ self._json_parameters['general']['shared-services']['subscription-id'] # Use the shared_services subscription id, this is where VDC storage gets created if 'shared-services' in self._json_parameters['general'] and \ 'subscription-id' in self._json_parameters['general']['shared-services']: self._vdc_storage_account_subscription_id = \ self._json_parameters['general']['shared-services']['subscription-id'] if 'vdc-storage-account-name' in self._json_parameters['general'] \ and self._json_parameters['general']['vdc-storage-account-name'] is not None: self._vdc_storage_account_name = \ self._json_parameters['general']['vdc-storage-account-name'] if 'vdc-storage-account-rg' in self._json_parameters['general'] \ and self._json_parameters['general']['vdc-storage-account-rg'] is not None: self._vdc_storage_account_resource_group = \ self._json_parameters['general']['vdc-storage-account-rg'] # Now that all the necessary parameters are initialized, let's initialize integration objects self._initialize_integration_objects(is_live_mode) self._environment_keys = dict({ 'ENV:ENVIRONMENT-TYPE': self._environment_type, 'ENV:RESOURCE-GROUP-NAME': self._resource_group, 'ENV:RESOURCE': self._single_module }) self._json_parameters = \ self._replace_parameters_tokens( dict_with_tokens=self._json_parameters, parameters=self._json_parameters, environment_keys=self._environment_keys) if 'service-principals' in self._json_parameters[self._environment_type] \ and self._json_parameters[self._environment_type]['service-principals'] is not None: self._service_principals = self._json_parameters[self._environment_type]['service-principals'].split(',') else: self._service_principals = args['service-principals'] if 'orchestration' in self._json_parameters and\ 'module-configuration' in self._json_parameters['orchestration'] and\ 'modules' in self._json_parameters['orchestration']['module-configuration']: self._module_dependencies = self._json_parameters['orchestration']['module-configuration']['modules'] if 'orchestration' in self._json_parameters and\ 'module-configuration' in self._json_parameters['orchestration'] and\ 'import-modules' in self._json_parameters['orchestration']['module-configuration']: self._import_module = self._json_parameters['orchestration']['module-configuration']['import-modules'] if 'orchestration' in self._json_parameters and\ 'module-configuration' in self._json_parameters['orchestration'] and\ 'custom-scripts' in self._json_parameters['orchestration']['module-configuration']: self._custom_scripts_path = self._json_parameters['orchestration']['module-configuration']['custom-scripts'] if 'vm-configuration' in self._json_parameters[self._environment_type] and\ 'encryption-keys-for' in self._json_parameters[self._environment_type]['vm-configuration']: self._encryption_keys_for = self._json_parameters[self._environment_type]['vm-configuration']['encryption-keys-for'] object_factory = ObjectFactory(is_live_mode) self._module_version_retrieval = \ object_factory.get_module_version_retrieval(self._import_module) self._logger.info("Parameter initialization, complete")
def main(): '''Main module used to create add roles provided within a json file. This module takes in a role file containing a list of json aad role definitions. Examples: $ python rolecreation.py -sid "00000000-0000-0000-0000-000000000000" -r ../parameters/roles/shared-services/aad.roles.json Args: roles: A json file containing a list of aad roles. ''' #Logging configuration. #----------------------------------------------------------------------------- # Define some basic log configuration for if the script was called manually. logging.basicConfig(level=logging.DEBUG) # Parameter input. #----------------------------------------------------------------------------- # Define a parser to process the expected arguments. parser = ArgumentParser( description= 'Creates AAD role definitions which are provided within a json file.') parser.add_argument( '-sid', '--subscription-id', dest='subscription-id', required=True, help= 'Specifies the subscription identifier where the resources will be provisioned' ) parser.add_argument( '-r', metavar='--roles-file', type=FileType('r'), action='store', dest='roles', required=True, help='Path to json file containing role definitions to be established.' ) # Gather the provided arguments as an array. args = parser.parse_args() # Script kickoff. #----------------------------------------------------------------------------- logger.debug( 'The aad role creation script was invoked with the following parameters: {}' .format(args)) logger.info( 'Thus script will establish the provided AAD role definitions.') # Variable assignment. #----------------------------------------------------------------------------- # Assign these arguments to variables. json_roles = json.load(args.roles) # Close the policy file. args.roles.close() values = dict() values['subscription-id'] = vars(args)['subscription-id'] # Let's replace the values passed as arguments replaced_parameters = helper.replace_string_tokens(json.dumps(json_roles), values, None, None, None, None, None) # Role definition creation. #----------------------------------------------------------------------------- # Invoke the create_role function with the provided role definition file. object_factory = ObjectFactory(is_live_mode=False) cli_integration_service = object_factory.integration_factory( IntegrationType.RBAC_CLIENT_CLI) # TODO: For now, passing None as Client & Secret Id, Subs Id and Tenant Id cli_integration_service.create_RBAC(client_id=None, secret=None, tenant_id=None, subscription_id=None, roles=json.loads(replaced_parameters)) # Results #----------------------------------------------------------------------------- # The main script has finished executing, so reflect this. logger.info( '-------------------------------------------------------------------------' ) logger.info('AAD role creation script has finished executing.') logger.info( '-------------------------------------------------------------------------' )