gbowerman / azurerm Goto Github PK

Easy to use Python library for the Azure Resource Manager REST API

License: MIT License

Python 99.99% Batchfile 0.01%

azurerm's Introduction

azurerm

Easy to use Python library for Azure Resource Manager.

The azurerm library provides wrapper functions for the Azure REST api. It doesn't include every option for every API call but it is easy to extend. The goal is to make it easy to call the API from Python using the latest API versions (in some cases before the official SDKs are available).

Note: This is not an official Microsoft library, just some REST wrappers to make it easier to call the Azure REST API. For the official Microsoft Azure library for Python please go here: https://github.com/Azure/azure-sdk-for-python.

Latest news

For what's new in the most recent version refer to the Changelog.

For occasional azurerm code samples and announcements see the azurerm blog.

Installation

pip install azurerm
To call these functions you need an authentication token. One way to get this is by creating a Service Principal, another is to get a bearer token using CLI.

Authenticating using a Service Principal

For a semi-permanent/hardcoded way to authenticate, you can create a "Service Principal" for your application (an application equivalent of a user). Once you've done this you'll have 3 pieces of information: A tenant ID, an application ID, and an application secret. You will use these to create an authentication token. For more information on how to get this information go here: Authenticating a service principal with Azure Resource Manager. See also: Azure Resource Manager REST calls from Python. Make sure you create a service principal with sufficient access rights, like "Contributor", not "Reader".

Authenticating using CLI

When you run a CLI command, it caches an authentication token which you can use with azurerm calls. Recent versions of CLI have a command which returns an authentication token: az account get-access-token. Azurerm has added a new function to get the Azure authentication token from CLI's local cache:

azurerm.get_access_token_from_cli()

This saves you from having to create a Service Princial at all. Note: This function will fail unless you have an unexpired authentication token in your local CLI cache. I.e. you have run az login on the same machine recently.

Example authenticating using the Azure Portal Cloud Shell:

me@Azure:-$ pip install --user --upgrade azurerm
me@azure:-$ python
>>> import azurerm
>>> token = azurerm.get_access_token_from_cli()
>>> azurerm.list_subscriptions(token)

azurerm examples

See below for some simple examples. A detailed set of azurerm programming examples can be found here: azurerm Python library programming examples. For more examples look at the azurerm examples library.

For full documentation see azurerm reference manual.

See also the unit test suite which covers the main storage, network, compute functions - the goal is to expand it to test every function in the library: test

National/isolated cloud support

To use this library with national or isolated clouds, set environment variables to override the public default endpoints.

E.g. bash shell example for China..

  export AZURE_RM_ENDPOINT='https://management.chinacloudapi.cn'
  export AZURE_AUTH_ENDPOINT='https://login.chinacloudapi.cn/'
  export AZURE_RESOURCE_ENDPOINT='https://management.core.chinacloudapi.cn/'

Example to list Azure subscriptions, create a Resource Group, list Resource Groups

import azurerm

# create an authentication token (use a Service Principal or call get_access_token_from_cli())
# Service principal example:
tenant_id = 'your-tenant-id'
application_id = 'your-application-id'
application_secret = 'your-application-secret'

access_token = azurerm.get_access_token(tenant_id, application_id, application_secret)

# list subscriptions
subscriptions = azurerm.list_subscriptions(access_token)
for sub in subscriptions['value']:
    print(sub['displayName'] + ': ' + sub['subscriptionId'])

# select the first subscription
subscription_id = subscriptions['value'][0]['subscriptionId']

# create a resource group
print('Enter Resource group name to create.')
rgname = input()
location = 'southeastasia'
rgreturn = azurerm.create_resource_group(access_token, subscription_id, rgname, location)
print('Create RG return code: ' + str(rgreturn.status_code)

# list resource groups
resource_groups = azurerm.list_resource_groups(access_token, subscription_id)
for rg in resource_groups['value']:
    print(rg["name"] + ', ' + rg['location'] + ', ' + rg['properties']['provisioningState'])

Example to create a virtual machine

See create_vm.py.

See also an example to create a VM Scale Set create_vmss.py.

Example to create a Media Services Account

See createmediaserviceaccountinrg.py

Functions currently supported

A basic set of infrastructure create, list, query functions are implemented. If you want to add something please send me a PR (don't forget to update this readme too).

See the Function reference for full documentation.

azurerm's People

Contributors

Stargazers

Watchers

azurerm's Issues

delete_vmss_vms fails on instanceId

I'm trying to remove a few selected vms from a scale set and if I try to pass a string I get the following error from Azure:
"message": "Error converting value 16 to type 'System.Collections.Generic.List`1[System.String]'. Path 'instanceIds', line 1, position 19."

If I try to pass an array(Like I do when I run the corresponding PowerShell command(Remove-azurermvmss), I get the following error from the lib:
File "C:\Python27\lib\site-packages\azurerm\computerp.py", line 183, in delete_vmss_vms
body = '{"instanceIds" : ' + vm_ids + '}'
TypeError: cannot concatenate 'str' and 'list' objects

It might be expecting a list.
Thanks!

SSL Error some time

Hi ,
We are using azurerm module to get vm list from Azure. But we are getting SSL error some time. After that some getting the vm list. Kindly provide the solution for this.

Error Log : "requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)"

Thanks,
Gopal.

API version incompatible.

When trying to get vm nics(get_vmss_vms_nics) I get the following error:
"No registered resource provider found for location 'westeurope' and API version '2017-03-30' for type 'virtualMachineScaleSets/virtualMachines/netw
orkInterfaces'. The supported api-versions are '2015-05-01-preview, 2015-06-15, 2016-03-30, 2016-04-30-preview, 2016-06-01, 2016-07-01, 2016-08-01, 2016-09-01'

Maybe make API version override-able?

get_access_token_from_cli does not work in Azure Cloud Shell

CLI in Azure Cloud Shell gets its Azure access token from an instance metadata endpoint. Therefore ideally get_access_token_from_cli() should also query the endpoint if it detects it is running on cloud shell.

Currently investigating how feasible that is.

Get Azure VM Metrics data using Insights rest.

@gboweman If you provide to get azure vm metric values data function, then it will be great helpfull to me.

Customize UserAgent for metrics

Hi @gbowerman
Just to confirm what we discussed, could you customize the UserAgent? So the usage of your library can be monitored? Since you receive PRs, people are using it and it's important for the ARM metrics dashboard to identify the source of Python calls.
Thank you,

get_access_token_from_cli should be able to use cached service principal tokens

I have a setup where azure-cli logs in as a service principal and would like to use the get_access_token_from_cli functionality.
The cached tokens file looks like this:

~/.azure/accessToken.json
[{ "servicePrincipalId": "xxxxxxxxxxxxxxxxxxxxxxxx", "servicePrincipalTenant": "xxxxxxxxxxxxxxxxxxxxx", "accessToken": "xxxxxxxxxxxxxxxxxxxxx" }]

Resulting in this error:

  File "site-packages/azurerm/adalfns.py", line 64, in get_access_token_from_cli
   if key['userId'] == sub_username:
KeyError: 'userId'

I've also seen setups where the cached tokens are both user and service principal ones.

Should be easy to be able to retrieve both kinds of tokens from the cache file.

PS: This is something I'll probably work on anyway. Opening this issue mostly to judge interest for a PR.

list_vms_sub returns a maximum of 50 results

The list_vms_sub function returns a maximum of 50 results. To return more than 50 results using the azurerm module, the resource groups must be enumerated, and list_vms must be called for each returned resource group. (list_vms_sub does not itself have this issue; it will happily return 51+ VMs from a single resource group.)

For short scripts, it would be nice to see list_vms return all results, or at least a configurable maximum.

how to use it in Azure China

i tried to overwrite but failed, any ideas?

azurerm.adalfns.authentication_endpoint='https://login.chinacloudapi.cn/'
azurerm.adalfns.resource='https://management.chinacloudapi.cn/'

Poweroff VM

In the stop vm function the uri should be like "powerOff" but not "stop" in computerp.py file.

delete all resource in resource group but not the resource group

Hi
I need to clear a resource group from all the components (resources) but I must leave the resource group untouched, (I gave rights to the service principle on the resource group)

do you have a way to do that?

Thank you for great scripts
Izia

Error generating container instance group with environment variables

Hi,

I am trying to create a container instance group with a single container definition with an environment variable defined.

My container definition is of the form:

container_def = create_container_definition(container_name='my_name', image='my_image', port=8000, cpu=1.0, memgb=1.0, environment=[{'name': 'my_name', 'value': 'my_value'}])

and a group instance created via:

create_contained_instance_group(access_token=my_token, subscription_id=my_id, resource_group=rg,
container_group_name=group_name, container_list=[container_def], location='westeurope', ostype='Linux', port=8000, iptype='public')

Which fails and produces the following error:

The request content was invalid and could not be deserialized: 'Cannot deserialize the current JSON object (e.g. {"name":"value"}) into type 'Microsoft.Azure.CloudConsole.Providers.Data.Definition.ContainerEnvironmentVariable[]' because the type requires a JSON array (e.g. [1,2,3]) to deserialize correctly. To fix this error either change the JSON to a JSON array (e.g. [1,2,3]) or change the deserialized type so that it is a normal .NET type (e.g. not a primitive type like integer, not a collection type like an array or List) that can be deserialized from a JSON object. JsonObjectAttribute can also be added to the type to force it to deserialize from a JSON object. Path 'properties.containers[0].properties.environmentVariables.name:', line 1, position 278.'.

No error is produced when passing None into the container definition.

Any ideas what the problem is here?

Add more "requests" params

Hi @gbowerman,

First of all, thank you for a very nice module.

I looked at the code and it does not seem that there is a way to pass more arguments to requests, I specifically need to use proxy and I can't find a way to do it.
I can see that the last commit was a while ago and wanted to ask if this module is still maintained? If I will create a PR to pass more parameters to requests will you consider merging it?