Azure CLI provides an easy way to setup an account for Azure Resource Manager (ARM) and furthermore creates an new service principal for the Simple Azure access. In this tutorial, we use IPython helper (!) to run Azure CLI.
azure cli tool asks you to open a web browser and sign in the azure portal to authenciate. The following command azure login
will guide you to the page https://aka.ms/devicelogin with a unique one-time login verification code.
You will be asked to type the code in your browser to complete the login.
NOTE Run all cells step-by-step with instructions to complete Azure Account Setup.
!yes|azure login
Microsoft Azure CLI would like to collect data about how users use CLI commands and some problems they encounter. Microsoft uses this information to improve our CLI commands. Participation is voluntary and when you choose to participate your device automatically sends information to Microsoft about how you use Azure CLI. If you choose to participate, you can stop at any time later by using Azure CLI as follows: 1. Use the azure telemetry command to turn the feature Off. To disable data collection, execute: azure telemetry --disable If you choose to not participate, you can enable at any time later by using Azure CLI as follows: 1. Use the azure telemetry command to turn the feature On. To enable data collection, execute: azure telemetry --enable Select y to enable data collection :(y/n) You choose to participate in Microsoft Azure CLI data collection. info: Executing command login \info: To sign in, use a web browser to open the page https://aka.ms/devicelogin. Enter the code EVAMBVQE4 to authenticate. |info: Added subscription Simple-Azure-Subscription info: Setting subscription "Simple-Azure-Subscription" as default + info: login command OK
Azure Python SDK which Simple Azure is based on requires the credential information below for ARM and ASM (Azure Service Management).
The following sections demonstrate Azure CLI commands to obtain these information step-by-step.
account show
displays subscription id and tenant id as ID and Tenant ID.
!azure account show
info: Executing command account show data: Name : Simple-Azure-Subscription data: ID : 5s3ag2s5-2aa1-4828-xxxx-9g8sw72w5w5g data: State : Enabled data: Tenant ID : 5e39a20e-c55a-53de-xxxx-2503a55et6ta data: Is Default : true data: Environment : AzureCloud data: Has Certificate : No data: Has Access Token : Yes data: User name : hroe.lee@gmail.com data: info: account show command OK
IPython filters the subscription ID and tenant ID using awk
command and stores into sid and tid variables.
sid_tid = !azure account show|awk -F ':' '/ID/{ print $3}'
sid = sid_tid[0]
tid = sid_tid[1]
Once you loaded your azure credential, a service principal is required to get access of resource groups therefore Azure Services via Azure Resource Manager and Templates are permitted to use in Simple Azure. Azure CLI provides a few commands to complete this step.
"azure ad sp create" command create a new service principal in Active Directory with a name (--name option).
out=!azure ad sp create --name simpleazure
cid = out[6].split(":")[1].lstrip()
newout="\n".join(out)
print(newout)
info: Executing command ad sp create + + data: Object Id: 5d79f365-26e0-4993-8fe7-7021b3fd373d data: Display Name: simpleazure data: Service Principal Names: data: ca66450a-2532-4e8b-81b2-31722d36d808 data: http://simpleazure info: ad sp create command OK
Id
after Service Principal Names is our client id for Simple Azure. cid
variable stores the ID in the previous commands.
A password for Service Principal will be used as client_secret later in Simple Azure. Please provide your desired password in below.
password=""
!azure ad sp set -p $password $cid
info: Executing command ad sp set + data: Object Id: 5d79f365-26e0-4993-8fe7-7021b3fd373d data: Display Name: simpleazure data: Service Principal Names: data: http://simpleazure data: ca66450a-2532-4e8b-81b2-31722d36d808 info: ad sp set command OK
Note that '$cid' is a client id obtained from the previous command.
Assigning role permits certain actions to your service principal under your subscription id. "Owner" allows you have every rights to use resources without restrictions. See more roles: here
!azure role assignment create --objectId $cid -o Owner -c /subscriptions/$sid
info: Executing command role assignment create + \data: RoleAssignmentId : /subscriptions/5s3ag2s5-2aa1-4828-xxxx-9g8sw72w5w5g/providers/Microsoft.Authorization/roleAssignments/6a51ba07-5470-4e09-875c-0d0362e46901 data: RoleDefinitionName : Owner data: RoleDefinitionId : 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 data: Scope : /subscriptions/5s3ag2s5-2aa1-4828-xxxx-9g8sw72w5w5g data: Display Name : simpleazure data: SignInName : undefined data: ObjectId : 5d79f365-26e0-4993-8fe7-7021b3fd373d data: ObjectType : ServicePrincipal data: + info: role assignment create command OK
Are you completed all steps without any issues? Congraturations! You just completed login setup for your azure account.
Let's try to deploy a sample template using Simple Azure and the credentials that we just obtained.
from simpleazure import SimpleAzure as saz
import os
os.environ['AZURE_SUBSCRIPTION_ID'] = $sid
os.environ['AZURE_CLIENT_SECRET'] = $password
os.environ['AZURE_TENANT_ID'] = $tid
os.environ['AZURE_CLIENT_ID'] = $cid
saz_obj = saz()
url = "https://raw.githubusercontent.com/Azure-Samples/resource-manager-python-template-deployment/master/templates/template.json"
The sample template requires three parameters:
saz_obj.arm.deploy(template = url, param = {"sshKeyData": "ssh-rsa AAAAB3...<skipped>... hroe.lee@simpleazure", 'dnsLabelPrefix':"simpleazure", 'vmName':'simpleazure-first-vm'})
Deleting a resource group where deployments are made stops all services and deletes resources in the group. Simple Azure uses prefixed group name 'saz' and the following function will delete the group.
saz_obj.arm.remove_resource_group()
<msrestazure.azure_operation.AzureOperationPoller at 0x7f8d0c76b790>