Skip to content

Commit

Permalink
Added keyvault CRUD functions, list_tenants() fn
Browse files Browse the repository at this point in the history
  • Loading branch information
@gbowerman
gbowerman committed Dec 12, 2018
1 parent 3670bff commit 9e16b59
Show file tree
Hide file tree
Showing 10 changed files with 368 additions and 46 deletions.
1 change: 1 addition & 0 deletions azurerm/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
from .cosmosdbrp import *
from .deployments import *
from .insightsrp import *
from .keyvault import *
from .networkrp import *
from .resourcegroups import *
from .storagerp import *
Expand Down
115 changes: 109 additions & 6 deletions azurerm/keyvault.py
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,25 @@
'''keyvault.py - azurerm functions for the Microsoft.Keyvault resource provider'''
import json
from .restfns import do_delete, do_get, do_put, do_post
from .restfns import do_delete, do_get, do_get_next, do_put, do_post
from .subfns import list_tenants
from .settings import get_rm_endpoint, KEYVAULT_API


def create_keyvault(access_token, subscription_id, rgname, vault_name, location):
def create_keyvault(access_token, subscription_id, rgname, vault_name, location,
template_deployment=True, tenant_id=None, object_id=None):
'''Create a new key vault in the named resource group.
PUT /Microsoft.KeyVault/vaults/{vaultName}?api-version=2016-10-01
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
vault_name (str): Name of the new key vault.
location (str): Azure data center location. E.g. westus.
location (str): Azure data center location. E.g. westus2.
template_deployment (boolean): Whether to allow deployment from template.
tenant_id (str): Optionally specify a tenant ID (otherwise picks first response) from
ist_tenants().
object_id (str): Optionally specify an object ID representing user or principal for the
access policy.
Returns:
HTTP response. JSON body of key vault properties.
Expand All @@ -22,7 +29,103 @@ def create_keyvault(access_token, subscription_id, rgname, vault_name, location)
'/resourcegroups/', rgname,
'/providers/Microsoft.KeyVault/vaults/', vault_name,
'?api-version=', KEYVAULT_API])

vault_body = {'location': location}
# get tenant ID if not specified
if tenant_id is None:
ret = list_tenants(access_token)
tenant_id = ret['value'][0]['tenantId']
# if object_id is None:
access_policies = [{'tenantId': tenant_id, 'objectId': object_id,
'permissions': {
'keys': ['get', 'create', 'delete', 'list', 'update', 'import',
'backup', 'restore', 'recover'],
'secrets': ['get', 'list', 'set', 'delete', 'backup', 'restore',
'recover'],
'certificates': ['get', 'list', 'delete', 'create', 'import', 'update',
'managecontacts', 'getissuers', 'listissuers',
'setissuers', 'deleteissuers', 'manageissuers',
'recover'],
'storage': ['get', 'list', 'delete', 'set', 'update', 'regeneratekey',
'setsas', 'listsas', 'getsas', 'deletesas']
}}]
vault_properties = {'tenantId': tenant_id, 'sku': {'family': 'A', 'name': 'standard'},
'enabledForTemplateDeployment': template_deployment,
'accessPolicies': access_policies}
vault_body = {'location': location, 'properties': vault_properties}
body = json.dumps(vault_body)
return do_put(endpoint, body, access_token)


def delete_keyvault(access_token, subscription_id, rgname, vault_name):
'''Deletes a key vault in the named resource group.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
vault_name (str): Name of the new key vault.
Returns:
HTTP response. 200 OK.
'''
endpoint = ''.join([get_rm_endpoint(),
'/subscriptions/', subscription_id,
'/resourcegroups/', rgname,
'/providers/Microsoft.KeyVault/vaults/', vault_name,
'?api-version=', KEYVAULT_API])
return do_delete(endpoint, access_token)


def get_keyvault(access_token, subscription_id, rgname, vault_name):
'''Gets details about the named key vault.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
vault_name (str): Name of the key vault.
Returns:
HTTP response. JSON body of key vault properties.
'''
endpoint = ''.join([get_rm_endpoint(),
'/subscriptions/', subscription_id,
'/resourcegroups/', rgname,
'/providers/Microsoft.KeyVault/vaults/', vault_name,
'?api-version=', KEYVAULT_API])
return do_get(endpoint, access_token)


def list_keyvaults(access_token, subscription_id, rgname):
'''Lists key vaults in the named resource group.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
Returns:
HTTP response. 200 OK.
'''
endpoint = ''.join([get_rm_endpoint(),
'/subscriptions/', subscription_id,
'/resourcegroups/', rgname,
'/providers/Microsoft.KeyVault/vaults',
'?api-version=', KEYVAULT_API])
return do_get_next(endpoint, access_token)


def list_keyvaults_sub(access_token, subscription_id):
'''Lists key vaults belonging to this subscription.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
Returns:
HTTP response. 200 OK.
'''
endpoint = ''.join([get_rm_endpoint(),
'/subscriptions/', subscription_id,
'/providers/Microsoft.KeyVault/vaults',
'?api-version=', KEYVAULT_API])
return do_get_next(endpoint, access_token)
6 changes: 3 additions & 3 deletions azurerm/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
AZURE_RESOURCE_ENDPOINT = 'https://management.core.windows.net/'

ACS_API = '2017-01-31'
BASE_API = '2016-09-01'
BASE_API = '2016-06-01'
COMP_API = '2018-06-01'
CONTAINER_API = '2017-08-01-preview'
COSMOSDB_API = '2015-04-08'
Expand All @@ -20,7 +20,7 @@
INSIGHTS_COMPONENTS_API = '2015-05-01'
INSIGHTS_METRICS_API = '2016-03-01'
INSIGHTS_PREVIEW_API = '2016-06-01'
KEYVAULT_API = '2016-10-01'
KEYVAULT_API = '2018-02-14'
MEDIA_API = '2015-10-01'
NETWORK_API = '2018-08-01'
RESOURCE_API = '2017-05-10'
Expand Down Expand Up @@ -62,7 +62,7 @@ def get_auth_endpoint():


def get_resource_endpoint():
'''Set Azure reousrce endpoint by environment variable, else return default value.
'''Set Azure reosurce endpoint by environment variable, else return default value.
'''
resource_endpoint = os.environ.get('AZURE_RESOURCE_ENDPOINT')
if resource_endpoint is None:
Expand Down
15 changes: 15 additions & 0 deletions azurerm/subfns.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,18 @@ def list_subscriptions(access_token):
'/subscriptions/',
'?api-version=', BASE_API])
return do_get(endpoint, access_token)


def list_tenants(access_token):
'''List tenants accessible by this user.
Args:
access_token (str): A valid Azure authentication token.
Returns:
HTTP response. JSON list of tenant IDs.
'''
endpoint = ''.join([get_rm_endpoint(),
'/tenants/',
'?api-version=', BASE_API])
return do_get(endpoint, access_token)
8 changes: 7 additions & 1 deletion changelog.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
# azurerm - change log

### v0.9.12 (12/11/18):
- Added list_tenants() to list tenants user has access to. Added test and updated
subscriptions_test.py. Updated BASE_API version.
- Added key vault functions: create_keyvault(), delete_keyvault(), get_keyvault(),
list_keyvaults(), list_keyvaults_sub(). Added keyvault unit tests.

### v0.9.11 (11/08/18):
- update get_access_token_from_cli() to work in Azure cloud shell by getting token from MSI
- Update get_access_token_from_cli() to work in Azure cloud shell by getting token from MSI
endpoint

### v0.9.10 (11/07/18):
Expand Down
117 changes: 93 additions & 24 deletions docs/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# azurerm - Azure REST wrappers Technical Reference Guide
Generated by [py2md](https://github.com/gbowerman/py2md) on 2017-12-11 14:58:02
Generated by [py2md](https://github.com/gbowerman/py2md) on 2018-12-11 16:40:28

## Contents
1. [acs.py - azurerm functions for the Azure Container Service](#acspy---azurerm-functions-for-the-azure-container-service)
Expand Down Expand Up @@ -155,10 +155,10 @@ get an Azure access token using the adal library.
get_access_token_from_cli()

```
Get an Azure authentication token from CLI's local cache.
Get an Azure authentication token from CLI's cache.
Will only work if CLI local cache has an unexpired auth token (i.e. you ran 'az login'
recently)
recently), or if you are running in Azure Cloud Shell (aka cloud console)
Returns:
An Azure authentication token string.
Expand Down Expand Up @@ -1404,22 +1404,6 @@ List VM images in a subscription.
```

### list_vm_instance_view
list_vm_instance_view(access_token, subscription_id, resource_group)

```
List VM instances views in a resource group.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
resource_group (str): Azure resource group name.
Returns:
HTTP response. JSON body of a list of VM instance views.
```

### list_vms
list_vms(access_token, subscription_id, resource_group)

Expand Down Expand Up @@ -2223,23 +2207,94 @@ Get the insights evens for a subsctipion since the specific timestamp.
## keyvault.py - azurerm functions for the Microsoft.Keyvault resource provider
[source file](../azurerm/keyvault.py)
### create_keyvault
create_keyvault(access_token, subscription_id, rgname, vault_name, location)
create_keyvault(access_token, subscription_id, rgname, vault_name, location,
template_deployment=True, tenant_id=None, object_id=None)

```
Create a new key vault in the named resource group.
PUT /Microsoft.KeyVault/vaults/{vaultName}?api-version=2016-10-01
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
vault_name (str): Name of the new key vault.
location (str): Azure data center location. E.g. westus.
location (str): Azure data center location. E.g. westus2.
template_deployment (boolean): Whether to allow deployment from template.
tenant_id (str): Optionally specify a tenant ID (otherwise picks first response) from
ist_tenants().
object_id (str): Optionally specify an object ID representing user or principal for the
access policy.
Returns:
HTTP response. JSON body of key vault properties.
```

### delete_keyvault
delete_keyvault(access_token, subscription_id, rgname, vault_name)

```
Deletes a key vault in the named resource group.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
vault_name (str): Name of the new key vault.
Returns:
HTTP response. 200 OK.
```

### get_keyvault
get_keyvault(access_token, subscription_id, rgname, vault_name)

```
Gets details about the named key vault.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
vault_name (str): Name of the key vault.
Returns:
HTTP response. JSON body of key vault properties.
```

### list_keyvaults
list_keyvaults(access_token, subscription_id, rgname)

```
Lists key vaults in the named resource group.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
rgname (str): Azure resource group name.
Returns:
HTTP response. 200 OK.
```

### list_keyvaults_sub
list_keyvaults_sub(access_token, subscription_id)

```
Lists key vaults belonging to this subscription.
Args:
access_token (str): A valid Azure authentication token.
subscription_id (str): Azure subscription id.
Returns:
HTTP response. 200 OK.
```

## networkrp.py - azurerm functions for the Microsoft.Network resource provider
[source file](../azurerm/networkrp.py)
### create_lb_with_nat_pool
Expand Down Expand Up @@ -3094,7 +3149,7 @@ Set Azure auth endpoint by environment variable, else return default value.
get_resource_endpoint()

```
Set Azure reousrce endpoint by environment variable, else return default value.
Set Azure reosurce endpoint by environment variable, else return default value.
```

Expand Down Expand Up @@ -3173,7 +3228,7 @@ Get the access keys for the specified storage account.
```

### get_storage_usage
get_storage_usage(access_token, subscription_id)
get_storage_usage(access_token, subscription_id, location)

```
Returns storage usage and quota information for the specified subscription.
Expand Down Expand Up @@ -3268,6 +3323,20 @@ List the available Azure subscriptions for this user account or service principl
```

### list_tenants
list_tenants(access_token)

```
List tenants accessible by this user.
Args:
access_token (str): A valid Azure authentication token.
Returns:
HTTP response. JSON list of tenant IDs.
```

## templates.py - azurerm functions for deploying templates
[source file](../azurerm/templates.py)
### deploy_template
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@


setup(name='azurerm',
version='0.9.11',
version='0.9.12',
description='Azure Resource Manager REST wrappers',
long_description=LONG_DESCRIPTION,
url='http://github.com/gbowerman/azurerm',
Expand Down

0 comments on commit 9e16b59

Please sign in to comment.