private static void InstallNetworkWatcherExtension(IVirtualMachine vm, TraceWriter log = null)
{
IVirtualMachineExtension extension = null;
IReadOnlyDictionary <string, IVirtualMachineExtension> extensionList = vm.ListExtensions();
if (extensionList.Count > 0)
{
extension = extensionList.First(x => x.Value.PublisherName == "Microsoft.Azure.NetworkWatcher").Value;
}
if (extension == null)
{
log.Info($"VM doesn't have Network Watcher Extension... Installing");
vm.Update()
.DefineNewExtension("packetcapture")
.WithPublisher("Microsoft.Azure.NetworkWatcher")
.WithType("NetworkWatcherAgentWindows") // TODO: determine OS family, can be NetworkWatcherAgentLinux
.WithVersion("1.4")
.Attach();
log?.Info("Installed Extension on " + vm.Name);
}
else
{
log.Info($"VM already has Network Watcher Extension: proceeding...");
}
}
private static void InstallNetworkWatcherExtension(IVirtualMachine vm, TraceWriter log = null)
{
IVirtualMachineExtension extension = vm.ListExtensions().First(x => x.Value.PublisherName == "Microsoft.Azure.NetworkWatcher").Value;
if (extension == null)
{
vm.Update()
.DefineNewExtension("packetcapture")
.WithPublisher("Microsoft.Azure.NetworkWatcher")
.WithType("NetworkWatcherAgentWindows") // TODO: determine OS family, can be NetworkWatcherAgentLinux
.WithVersion("1.4")
.Attach();
log?.Info("Installed Extension on " + vm.Name);
}
}
public void CanSetMSIOnExistingVMWithRoleAssignments()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
var groupName = TestUtilities.GenerateName("rgmsi");
var storageAccountName = TestUtilities.GenerateName("ja");
var region = Region.USSouthCentral;
var vmName = "javavm";
IAzure azure = null;
try
{
azure = TestHelper.CreateRollupClient();
IVirtualMachine virtualMachine = azure.VirtualMachines
.Define(vmName)
.WithRegion(region)
.WithNewResourceGroup(groupName)
.WithNewPrimaryNetwork("10.0.0.0/28")
.WithPrimaryPrivateIPAddressDynamic()
.WithoutPrimaryPublicIPAddress()
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
.WithRootUsername("Foo12")
.WithRootPassword("abc!@#F0orL")
.WithSize(VirtualMachineSizeTypes.StandardDS2V2)
.WithOSDiskCaching(CachingTypes.ReadWrite)
.WithSystemAssignedManagedServiceIdentity()
.Create();
Assert.NotNull(virtualMachine);
Assert.NotNull(virtualMachine.Inner);
Assert.True(virtualMachine.IsManagedServiceIdentityEnabled);
Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId);
Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityTenantId);
// Ensure the MSI extension is set
//
var extensions = virtualMachine.ListExtensions();
bool extensionFound = false;
foreach (var extension in extensions.Values)
{
if (extension.PublisherName.Equals("Microsoft.ManagedIdentity", StringComparison.OrdinalIgnoreCase) &&
extension.TypeName.Equals("ManagedIdentityExtensionForLinux", StringComparison.OrdinalIgnoreCase))
{
extensionFound = true;
break;
}
}
Assert.True(extensionFound);
var authenticatedClient = TestHelper.CreateAuthenticatedClient();
// Ensure NO role assigned for resource group
//
var resourceGroup = azure.ResourceGroups.GetByName(virtualMachine.ResourceGroupName);
var rgRoleAssignments1 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id);
Assert.NotNull(rgRoleAssignments1);
bool found = false;
foreach (var roleAssignment in rgRoleAssignments1)
{
if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
}
Assert.False(found, "Resource group should not have a role assignment with virtual machine MSI principal");
virtualMachine.Update()
.WithSystemAssignedManagedServiceIdentity()
.WithSystemAssignedIdentityBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor)
.Apply();
// Ensure role assigned for resource group
//
var roleAssignments2 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id);
Assert.NotNull(roleAssignments2);
foreach (var roleAssignment in roleAssignments2)
{
if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
}
Assert.True(found, "Resource group should have a role assignment with virtual machine MSI principal");
// Try adding the same role again, implementation should handle 'RoleAlreadyExists' error code and resume
//
virtualMachine.Update()
.WithSystemAssignedManagedServiceIdentity()
.WithSystemAssignedIdentityBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor)
.Apply();
}
finally
{
try
{
if (azure != null)
{
azure.ResourceGroups.BeginDeleteByName(groupName);
}
}
catch { }
}
}
}
public void CanSetMSIOnNewOrExistingVMWithoutRoleAssignment()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
var groupName = TestUtilities.GenerateName("rgmsi");
var region = Region.USSouthCentral;
var vmName = "javavm";
IAzure azure = null;
try
{
azure = TestHelper.CreateRollupClient();
// Create a virtual machine with just MSI enabled without role and scope.
//
IVirtualMachine virtualMachine = azure.VirtualMachines
.Define(vmName)
.WithRegion(region)
.WithNewResourceGroup(groupName)
.WithNewPrimaryNetwork("10.0.0.0/28")
.WithPrimaryPrivateIPAddressDynamic()
.WithoutPrimaryPublicIPAddress()
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
.WithRootUsername("Foo12")
.WithRootPassword("abc!@#F0orL")
.WithSize(VirtualMachineSizeTypes.StandardDS2V2)
.WithOSDiskCaching(CachingTypes.ReadWrite)
.WithSystemAssignedManagedServiceIdentity()
.Create();
Assert.NotNull(virtualMachine);
Assert.NotNull(virtualMachine.Inner);
Assert.True(virtualMachine.IsManagedServiceIdentityEnabled);
Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId);
Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityTenantId);
// Ensure the MSI extension is set
//
var extensions = virtualMachine.ListExtensions();
IVirtualMachineExtension msiExtension = null;
foreach (var extension in extensions.Values)
{
if (extension.PublisherName.Equals("Microsoft.ManagedIdentity", StringComparison.OrdinalIgnoreCase) &&
extension.TypeName.Equals("ManagedIdentityExtensionForLinux", StringComparison.OrdinalIgnoreCase))
{
msiExtension = extension;
break;
}
}
Assert.NotNull(msiExtension);
// Check the default token port
//
var publicSettings = msiExtension.PublicSettings;
Assert.NotNull(publicSettings);
Assert.True(publicSettings.ContainsKey("port"));
Object portObj = publicSettings["port"];
Assert.NotNull(portObj);
int?port = ObjectToInteger(portObj);
Assert.True(port.HasValue);
Assert.NotNull(port);
Assert.Equal(50342, port);
var authenticatedClient = TestHelper.CreateAuthenticatedClient();
// Ensure NO role assigned for resource group
//
var resourceGroup = azure.ResourceGroups.GetByName(virtualMachine.ResourceGroupName);
var rgRoleAssignments1 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id);
Assert.NotNull(rgRoleAssignments1);
bool found = false;
foreach (var roleAssignment in rgRoleAssignments1)
{
if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
}
Assert.False(found, "Resource group should not have a role assignment with virtual machine MSI principal");
virtualMachine = virtualMachine.Update()
.WithSystemAssignedManagedServiceIdentity(50343)
.Apply();
Assert.NotNull(virtualMachine);
Assert.NotNull(virtualMachine.Inner);
Assert.True(virtualMachine.IsManagedServiceIdentityEnabled);
Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId);
Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityTenantId);
extensions = virtualMachine.ListExtensions();
msiExtension = null;
foreach (var extension in extensions.Values)
{
if (extension.PublisherName.Equals("Microsoft.ManagedIdentity", StringComparison.OrdinalIgnoreCase) &&
extension.TypeName.Equals("ManagedIdentityExtensionForLinux", StringComparison.OrdinalIgnoreCase))
{
msiExtension = extension;
break;
}
}
Assert.NotNull(msiExtension);
// Check the default token port
//
publicSettings = msiExtension.PublicSettings;
Assert.NotNull(publicSettings);
Assert.True(publicSettings.ContainsKey("port"));
portObj = publicSettings["port"];
Assert.NotNull(portObj);
port = ObjectToInteger(portObj);
Assert.True(port.HasValue);
Assert.NotNull(port);
Assert.Equal(50343, port);
rgRoleAssignments1 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id);
Assert.NotNull(rgRoleAssignments1);
found = false;
foreach (var roleAssignment in rgRoleAssignments1)
{
if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
}
Assert.False(found, "Resource group should not have a role assignment with virtual machine MSI principal");
}
finally
{
try
{
if (azure != null)
{
azure.ResourceGroups.BeginDeleteByName(groupName);
}
}
catch { }
}
}
}
public void CanHandleExtensionReference()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
string rgName = TestUtilities.GenerateName("vmexttest");
string location = "eastus";
string vmName = "javavm";
var azure = TestHelper.CreateRollupClient();
// Create a Linux VM
//
try
{
var vm = azure.VirtualMachines
.Define(vmName)
.WithRegion(location)
.WithNewResourceGroup(rgName)
.WithNewPrimaryNetwork("10.0.0.0/28")
.WithPrimaryPrivateIPAddressDynamic()
.WithoutPrimaryPublicIPAddress()
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer14_04_Lts)
.WithRootUsername("Foo12")
.WithRootPassword("BaR@12abc!")
.WithSize(VirtualMachineSizeTypes.Parse("Standard_D2a_v4"))
.DefineNewExtension("VMAccessForLinux")
.WithPublisher("Microsoft.OSTCExtensions")
.WithType("VMAccessForLinux")
.WithVersion("1.4")
.WithProtectedSetting("username", "Foo12")
.WithProtectedSetting("password", "B12a6@12xyz!")
.WithProtectedSetting("reset_ssh", "true")
.Attach()
.Create();
Assert.True(vm.ListExtensions().Count() > 0);
// Get the created virtual machine via VM List not by VM GET
var virtualMachines = azure.VirtualMachines
.ListByResourceGroup(rgName);
IVirtualMachine vmWithExtensionReference = null;
foreach (var virtualMachine in virtualMachines)
{
if (virtualMachine.Name.Equals(vmName, StringComparison.OrdinalIgnoreCase))
{
vmWithExtensionReference = virtualMachine;
break;
}
}
// The VM retrieved from the list will contain extensions as reference (i.e. with only id)
Assert.NotNull(vmWithExtensionReference);
// Update the extension
var vmWithExtensionUpdated = vmWithExtensionReference.Update()
.UpdateExtension("VMAccessForLinux")
.WithProtectedSetting("username", "Foo12")
.WithProtectedSetting("password", "muy!234OR")
.WithProtectedSetting("reset_ssh", "true")
.Parent()
.Apply();
// Again getting VM with extension reference
virtualMachines = azure.VirtualMachines
.ListByResourceGroup(rgName);
vmWithExtensionReference = null;
foreach (var virtualMachine in virtualMachines)
{
vmWithExtensionReference = virtualMachine;
}
Assert.NotNull(vmWithExtensionReference);
IVirtualMachineExtension accessExtension = null;
foreach (var extension in vmWithExtensionReference.ListExtensions().Values)
{
if (extension.Name.Equals("VMAccessForLinux", StringComparison.OrdinalIgnoreCase))
{
accessExtension = extension;
break;
}
}
// Even though VM's inner contain just extension reference VirtualMachine::extensions()
// should resolve the reference and get full extension.
Assert.NotNull(accessExtension);
Assert.NotNull(accessExtension.PublisherName);
Assert.NotNull(accessExtension.TypeName);
Assert.NotNull(accessExtension.VersionName);
}
finally
{
try
{
azure.ResourceGroups.DeleteByName(rgName);
}
catch { }
}
}
}
