GithubHelp home page GithubHelp logo

idem-azurerm's People

Contributors

ajnbro avatar akm0d avatar johnoneill98 avatar nicholasmhughes avatar thatch45 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

thatch45 ayrusme johnoneill98 scriptautomate tompscanlan

idem-azurerm's Issues

Implement Azure Firewall (and related) Operations

SDK paths:

v2018_12_01/operations/azure_firewall_fqdn_tags_operations.py
v2018_12_01/operations/azure_firewalls_operations.py
v2018_12_01/operations/virtual_hubs_operations.py
v2018_12_01/operations/virtual_network_taps_operations.py
v2018_12_01/operations/web_application_firewall_policies_operations.py

allow for MSI auth

don't require username/password or service principal creds. see contribution to salt-cloud develop branch

[BUG] Diffing KeyVault access policies doesn't ignore empty params

Defining a keyvault access policy like so:

    - access_policies:
      - tenant_id: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
        object_id: bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
        permissions:
          keys:
            - Get
            - List
            - Update
            - Create
            - Import
            - Delete
            - Recover
            - Backup
            - Restore

...comes back with empty sections for secrets and certificates if they're not defined in the existing object. we need to ignore those to get a good diff.

--------
      ID: ensure_keyvault_exists
Function: azurerm.keyvault.vault.present
  Result: None
 Comment: Key Vault kv-diskencryption-001 would be updated.
 Changes: access_policies:
    ----------
    old:
        |_
          ----------
          tenant_id:
              aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
          object_id:
              bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
          permissions:
              ----------
              keys:
                  - Get
                  - List
                  - Update
                  - Create
                  - Import
                  - Delete
                  - Recover
                  - Backup
                  - Restore
              secrets:
              certificates:
    new:
        |_
          ----------
          tenant_id:
              aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
          object_id:
              bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
          permissions:
              ----------
              keys:
                  - Get
                  - List
                  - Update
                  - Create
                  - Import
                  - Delete
                  - Recover
                  - Backup
                  - Restore

clean up module docs

"depends" versions can be removed since we're requiring them (unlike in Salt where they're optional). ensure proper formatting of examples.

[BUG] Clean up salt import for file handling 

  File "/home/nmhughes/dev/idem_provider_azurerm/idem_provider_azurerm/states/azurerm/resource/policy.py", line 89, in <module>
    import salt.utils.files
ModuleNotFoundError: No module named 'salt'

UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 632: ordinal not in range(128) 

  File "/home/nmhughes/dev/idem-azurerm/idem_azurerm/exec/azurerm/compute/virtual_machine.py", line 773, in create_or_update
    await hub.exec.utils.azurerm.log_cloud_error("compute", str(exc), **kwargs)
  File "/home/nmhughes/dev/idem-azurerm/env/lib/python3.6/site-packages/msrestazure/azure_exceptions.py", line 193, in __str__
    return str(self.error)
  File "/home/nmhughes/dev/idem-azurerm/env/lib/python3.6/site-packages/msrestazure/azure_exceptions.py", line 120, in __str__
    return error_bytes.decode('ascii')
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 632: ordinal not in range(128)

Add ability to use creds from Key Vault (or other native) for acct

If possible, allow acct to grab credentials from Key Vault (or external native secret store) to use for the purposes of authenticating for state runs. This is probably of limited use, because most people will just have managed identities assigned to a provisioning host which can just perform the actiosn directly. However, I think that it might fit a niche use case and is worthwhile.

I'm not certain exactly how this could be integrated into acct. Need to research further.

The main thing that should be considered, but probably will be hard is to leverage this functionality across different providers. For instance, using credentials stored in key vault to access an AWS subscription or conversely using credentials stored in AWS secrets manager to access Azure.

always return a dict on error

I was going to change the delete functions as well, but maybe it doesn't make sense... The Azure SDK only returns True/False for those, so I'd rather keep it close to the expectations from the SDK.

ResourceNotFound error on public IP during VM creation

Describe the bug
Creating a public IP along with a VM throws this guy:

[ERROR   ] An Azure Network CloudError has occurred: Azure Error: ResourceNotFound
Message: The Resource 'Microsoft.Network/publicIPAddresses/{'id': '' under resource group 'rg-tricycle' was not found.

Include troubleshooting information

#!jinja|yaml

ensure_resource_group_exists:
    azurerm.resource.group.present:
        - name: rg-tricycle
        - location: eastus

ensure_virtual_network_exists:
    azurerm.network.virtual_network.present:
        - name: vnet-trike-eastus-001
        - resource_group: rg-tricycle
        - address_prefixes:
            - "192.168.0.0/16"
        - subnets:
            - name: default
              address_prefix: "192.168.0.0/24"

ensure_virtual_machine_exists:
    azurerm.compute.virtual_machine.present:
        - name: vmidem001
        - resource_group: rg-tricycle
        - vm_size: "Standard_B2S"
        - image: "OpenLogic|CentOS|7.7|latest"
        - virtual_network: vnet-trike-eastus-001
        - subnet: default
        - allocate_public_ip: True
        - ssh_public_keys:
            - /home/nmhughes/.ssh/id_rsa.pub

#!END

Expected behavior
Don't throw that error...

Versions (please complete the following information):

  • Ubuntu 18.04
  • 3.6.9
  • pip freeze output
    it's been doing it for quite some time... not sure if it's SDK related since that's been pinned for a while.
azure-mgmt-compute==4.6.2
azure-mgmt-network==2.7.0

Virtual Machine Data Disks

Handle attaching new or existing data disks to a virtual machine. Minimum functionality needs to be what is provided in salt-cloud.

Need error handling in encryption code

Throws this when you enable encryption without providing a keyvault

Traceback (most recent call last):
  File "/home/nmhughes/dev/stuff/env/bin/idem", line 8, in <module>
    sys.exit(start())
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/scripts.py", line 8, in start
    hub.idem.init.cli()
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 169, in __call__
    return self.func(*args, **kwargs)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/init.py", line 50, in cli
    hub.pop.loop.start(hub.idem.init.cli_apply())
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 169, in __call__
    return self.func(*args, **kwargs)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/mods/pop/loop.py", line 80, in start
    return hub.pop.Loop.run_until_complete(asyncio.gather(*coros))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete
    return future.result()
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
    return await self.func(*args, **kwargs)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/init.py", line 78, in cli_apply
    hub.OPT['idem']['test'],
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
    return await self.func(*args, **kwargs)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/init.py", line 151, in apply
    ret = await hub.idem.run.init.start(name)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
    return await self.func(*args, **kwargs)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/run/init.py", line 19, in start
    await getattr(hub, ref)(name, ctx, seq, low, hub.idem.RUNS[name]['running'])
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
    return await self.func(*args, **kwargs)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/run/serial.py", line 20, in runtime
    await hub.idem.rules.init.run(name, ctx, low, seq[ind], running, hub.idem.RUNS[name]['run_num'])
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
    return await self.func(*args, **kwargs)
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/idem/idem/rules/init.py", line 137, in run
    ret = await ret
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
    return await self.func(*args, **kwargs)
  File "/home/nmhughes/dev/idem_provider_azurerm/idem_provider_azurerm/states/azurerm/compute/virtual_machine.py", line 201, in present
    **vm_kwargs
  File "/home/nmhughes/dev/stuff/env/lib/python3.6/site-packages/pop/contract.py", line 221, in __call__
    return await self.func(*args, **kwargs)
  File "/home/nmhughes/dev/idem_provider_azurerm/idem_provider_azurerm/exec/azurerm/compute/virtual_machine.py", line 654, in create_or_update
    disk_enc_keyvault_name = (parse_resource_id(disk_enc_keyvault))['name']
KeyError: 'name'

Relevant code:

        # attach disk encryption extension                                                                              
        if enable_disk_enc and provision_vm_agent:                                                                      
            disk_enc_keyvault_name = (parse_resource_id(disk_enc_keyvault))['name']

probably add disk_enc_keyvault in that "if" line and then check for proper parsing of the name.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.