-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure_arm_tag.py
153 lines (111 loc) · 5.06 KB
/
azure_arm_tag.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = 'khiem'
import os
import requests
from distutils.version import LooseVersion
try:
import azure
from azure.common import AzureException as AzureException
from azure.common import AzureMissingResourceHttpError as AzureMissingException
from azure.mgmt.common import SubscriptionCloudCredentials
from azure.mgmt.compute import ComputeManagementClient
HAS_AZURE = True
except ImportError:
HAS_AZURE = False
def check_azure_result(module, result, operation=None, info=None):
if result.status_code != 200 and result.status_code != 201:
module.fail_json(msg='Got Azure error code, status code = {}, operation = {}, {}'
.format(result.status_code, operation, info))
def get_azure_creds(module):
subscription_id = module.params.get('subscription_id')
if not subscription_id:
subscription_id = os.environ.get('AZURE_SUBSCRIPTION_ID', None)
if not subscription_id:
module.fail_json(msg="No subscription_id provided. Please set 'AZURE_SUBSCRIPTION_ID' or use the 'subscription_id' parameter")
oauth2_token_endpoint = module.params.get('oauth2_token_endpoint')
if not oauth2_token_endpoint:
oauth2_token_endpoint = os.environ.get('AZURE_OAUTH2_TOKEN_ENDPOINT', None)
if not oauth2_token_endpoint:
module.fail_json(msg="No OAuth2 token endpoint provided. Please set 'AZURE_OAUTH2_TOKEN_ENDPOINT' or "
"use the 'oauth2_token_endpoint' parameter")
client_id = module.params.get('client_id')
if not client_id:
client_id = os.environ.get('AZURE_CLIENT_ID', None)
if not client_id:
module.fail_json(msg="No client_id provided. Please set 'AZURE_CLIENT_ID' or use the 'client_id' parameter")
client_secret = module.params.get('client_secret')
if not client_secret:
client_secret = os.environ.get('AZURE_CLIENT_SECRET', None)
if not client_secret:
module.fail_json(msg="No client_secret provided. Please set 'AZURE_CLIENT_SECRET' environment variable or "
"use the 'client_secret' parameter")
return subscription_id, oauth2_token_endpoint, client_id, client_secret
def get_token_from_client_credentials(endpoint, client_id, client_secret):
payload = {
'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret,
'resource': 'https://management.core.windows.net/',
}
response = requests.post(endpoint, data=payload).json()
return response['access_token']
def update_vm_tags(module, compute_client):
location = module.params.get('location')
group_name = module.params.get('resource_group')
vm_name = module.params.get('name')
tags = module.params.get('tags')
# check vm existence
result = compute_client.virtual_machines.get(group_name, vm_name)
check_azure_result(module, result, 'get_virtual_machine', 'vm_name={}'.format(vm_name))
vm = result.virtual_machine
changed = False
for tag in tags:
if tag not in vm.tags or vm.tags[tag] != tags[tag]:
changed = True
vm.tags[tag] = tags[tag]
if not changed:
module.exit_json(changed=False, vm_name=vm.name, vm_tags=vm.tags)
result = compute_client.virtual_machines.create_or_update(
group_name,
azure.mgmt.compute.VirtualMachine(
location=location,
name=vm_name,
tags=vm.tags
),
)
check_azure_result(module, result, 'create_or_update_virtual_machine_tags', 'vm_name={}'.format(vm_name))
result = compute_client.virtual_machines.get(group_name, vm_name)
check_azure_result(module, result, 'get_back_virtual_machine', 'vm_name={}'.format(vm_name))
return result.virtual_machine
def main():
module = AnsibleModule(
argument_spec=dict(
name=dict(required=True),
tags=dict(required=True),
state=dict(default='present'),
# prerequisite resources
resource_group=dict(required=True),
location=dict(default='eastus'),
# for credentials
subscription_id=dict(no_log=True),
oauth2_token_endpoint=dict(no_log=True),
client_id=dict(no_log=True),
client_secret=dict(no_log=True),
)
)
if not HAS_AZURE:
module.fail_json(msg='azure python module required for this module')
state = module.params.get('state')
if state == 'absent':
module.fail_json(msg='Unsupported state')
subscription_id, oauth2_token_endpoint, client_id, client_secret = get_azure_creds(module)
auth_token = get_token_from_client_credentials(oauth2_token_endpoint, client_id, client_secret)
creds = SubscriptionCloudCredentials(subscription_id, auth_token)
compute_client = ComputeManagementClient(creds)
vm = update_vm_tags(module, compute_client)
module.exit_json(changed=True, vm_name=vm.name, vm_tags=vm.tags)
# import module snippets
from ansible.module_utils.basic import *
if __name__ == '__main__':
main()