eitrtechnologies / idem-azurerm Goto Github PK
View Code? Open in Web Editor NEWMicrosoft Azure Cloud Provider for Idem
License: Apache License 2.0
Microsoft Azure Cloud Provider for Idem
License: Apache License 2.0
SDK paths:
v2018_12_01/operations/azure_firewall_fqdn_tags_operations.py
v2018_12_01/operations/azure_firewalls_operations.py
v2018_12_01/operations/virtual_hubs_operations.py
v2018_12_01/operations/virtual_network_taps_operations.py
v2018_12_01/operations/web_application_firewall_policies_operations.py
don't require username/password or service principal creds. see contribution to salt-cloud develop branch
SDK path: eventhub/v2017_04_01/operations/
Defining a keyvault access policy like so:
- access_policies:
- tenant_id: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
object_id: bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
permissions:
keys:
- Get
- List
- Update
- Create
- Import
- Delete
- Recover
- Backup
- Restore
...comes back with empty sections for secrets and certificates if they're not defined in the existing object. we need to ignore those to get a good diff.
--------
ID: ensure_keyvault_exists
Function: azurerm.keyvault.vault.present
Result: None
Comment: Key Vault kv-diskencryption-001 would be updated.
Changes: access_policies:
----------
old:
|_
----------
tenant_id:
aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
object_id:
bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
permissions:
----------
keys:
- Get
- List
- Update
- Create
- Import
- Delete
- Recover
- Backup
- Restore
secrets:
certificates:
new:
|_
----------
tenant_id:
aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
object_id:
bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
permissions:
----------
keys:
- Get
- List
- Update
- Create
- Import
- Delete
- Recover
- Backup
- Restore
"depends" versions can be removed since we're requiring them (unlike in Salt where they're optional). ensure proper formatting of examples.
Execution (and potentially state modules) need to be created for the following operations:
CheckNameAvailabilityOperations
Operations
ServersOperations
FirewallRulesOperations
ConfigurationsOperations
DatabasesOperations
File "/home/nmhughes/dev/idem_provider_azurerm/idem_provider_azurerm/states/azurerm/resource/policy.py", line 89, in <module>
import salt.utils.files
ModuleNotFoundError: No module named 'salt'
Execution (and potentially state modules) need to be created for the following operations:
ReplicasOperations
LocationBasedPerformanceTierOperations
PrivateLinkResourcesOperations
PrivateEndpointConnectionsOperations
Execution (and potentially state modules) need to be created for the following operations:
LogFilesOperations
VirtualNetworkRulesOperations
ServerSecurityAlertPoliciesOperations
File "/home/nmhughes/dev/idem-azurerm/idem_azurerm/exec/azurerm/compute/virtual_machine.py", line 773, in create_or_update
await hub.exec.utils.azurerm.log_cloud_error("compute", str(exc), **kwargs)
File "/home/nmhughes/dev/idem-azurerm/env/lib/python3.6/site-packages/msrestazure/azure_exceptions.py", line 193, in __str__
return str(self.error)
File "/home/nmhughes/dev/idem-azurerm/env/lib/python3.6/site-packages/msrestazure/azure_exceptions.py", line 120, in __str__
return error_bytes.decode('ascii')
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 632: ordinal not in range(128)
If possible, allow acct to grab credentials from Key Vault (or external native secret store) to use for the purposes of authenticating for state runs. This is probably of limited use, because most people will just have managed identities assigned to a provisioning host which can just perform the actiosn directly. However, I think that it might fit a niche use case and is worthwhile.
I'm not certain exactly how this could be integrated into acct. Need to research further.
The main thing that should be considered, but probably will be hard is to leverage this functionality across different providers. For instance, using credentials stored in key vault to access an AWS subscription or conversely using credentials stored in AWS secrets manager to access Azure.
Need a start of a test framework
I was going to change the delete functions as well, but maybe it doesn't make sense... The Azure SDK only returns True/False for those, so I'd rather keep it close to the expectations from the SDK.
attached disks, public ip, and network interfaces (at minimum) based upon flags to clean that stuff up
only return changes that are being made (instead of the whole object)
Describe the bug
Creating a public IP along with a VM throws this guy:
[ERROR ] An Azure Network CloudError has occurred: Azure Error: ResourceNotFound
Message: The Resource 'Microsoft.Network/publicIPAddresses/{'id': '' under resource group 'rg-tricycle' was not found.
Include troubleshooting information
#!jinja|yaml
ensure_resource_group_exists:
azurerm.resource.group.present:
- name: rg-tricycle
- location: eastus
ensure_virtual_network_exists:
azurerm.network.virtual_network.present:
- name: vnet-trike-eastus-001
- resource_group: rg-tricycle
- address_prefixes:
- "192.168.0.0/16"
- subnets:
- name: default
address_prefix: "192.168.0.0/24"
ensure_virtual_machine_exists:
azurerm.compute.virtual_machine.present:
- name: vmidem001
- resource_group: rg-tricycle
- vm_size: "Standard_B2S"
- image: "OpenLogic|CentOS|7.7|latest"
- virtual_network: vnet-trike-eastus-001
- subnet: default
- allocate_public_ip: True
- ssh_public_keys:
- /home/nmhughes/.ssh/id_rsa.pub
#!END
Expected behavior
Don't throw that error...
Versions (please complete the following information):
pip freeze
outputazure-mgmt-compute==4.6.2
azure-mgmt-network==2.7.0
Handle attaching new or existing data disks to a virtual machine. Minimum functionality needs to be what is provided in salt-cloud.
Only tags are diffed at this time.
Absent states throw an error in Idem if you have too many parameters. Maybe we should accept kwargs so this doesn't happen and for consistency with the present
states.
sphinx + readthedocs?
I think test mode wording is good for most modules (but check anyway)... but it seems to be "created" after creation or updating.
Need to be able to define and assign policy sets (aka initiatives)
create exec and state modules for key vault secrets
Let's get fancy now that we're in the land of Python 3.
I think Idem is using the same paradigm as Salt, but in each distinct module.
https://gitlab.com/saltstack/pop/idem/-/blob/master/idem/idem/init.py#L15
We should be able to add a dict like this in each exec module:
__func_alias__ = {"list_": "list"}
and then change the state modules to use .list(...
instead of .list_(...
if applicable. (not sure if any state modules actually use an underscore function)
Lots of commented code in the base dictionary. Implement any low-hanging fruit and drop the rest.
Good summary README. Maybe some CONTRIBUTING tips
exec/azurerm/keyvault/key.py
states/azurerm/keyvault/key.py
Throws this when you enable encryption without providing a keyvault
Traceback (most recent call last):
File "/home/nmhughes/dev/stuff/env/bin/idem", line 8, in <module>
sys.exit(start())
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/scripts.py", line 8, in start
hub.idem.init.cli()
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 169, in __call__
return self.func(*args, **kwargs)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/init.py", line 50, in cli
hub.pop.loop.start(hub.idem.init.cli_apply())
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 169, in __call__
return self.func(*args, **kwargs)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/mods/pop/loop.py", line 80, in start
return hub.pop.Loop.run_until_complete(asyncio.gather(*coros))
File "/usr/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete
return future.result()
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
return await self.func(*args, **kwargs)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/init.py", line 78, in cli_apply
hub.OPT['idem']['test'],
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
return await self.func(*args, **kwargs)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/init.py", line 151, in apply
ret = await hub.idem.run.init.start(name)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
return await self.func(*args, **kwargs)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/run/init.py", line 19, in start
await getattr(hub, ref)(name, ctx, seq, low, hub.idem.RUNS[name]['running'])
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
return await self.func(*args, **kwargs)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/run/serial.py", line 20, in runtime
await hub.idem.rules.init.run(name, ctx, low, seq[ind], running, hub.idem.RUNS[name]['run_num'])
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
return await self.func(*args, **kwargs)
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/rules/init.py", line 137, in run
ret = await ret
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
return await self.func(*args, **kwargs)
File "/home/nmhughes/dev/idem_provider_azurerm/idem_provider_azurerm/states/azurerm/compute/virtual_machine.py", line 201, in present
**vm_kwargs
File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
return await self.func(*args, **kwargs)
File "/home/nmhughes/dev/idem_provider_azurerm/idem_provider_azurerm/exec/azurerm/compute/virtual_machine.py", line 654, in create_or_update
disk_enc_keyvault_name = (parse_resource_id(disk_enc_keyvault))['name']
KeyError: 'name'
Relevant code:
# attach disk encryption extension
if enable_disk_enc and provision_vm_agent:
disk_enc_keyvault_name = (parse_resource_id(disk_enc_keyvault))['name']
probably add disk_enc_keyvault
in that "if" line and then check for proper parsing of the name.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.