private static void InstallNetworkWatcherExtension(IVirtualMachine vm, TraceWriter log = null) { IVirtualMachineExtension extension = null; IReadOnlyDictionary <string, IVirtualMachineExtension> extensionList = vm.ListExtensions(); if (extensionList.Count > 0) { extension = extensionList.First(x => x.Value.PublisherName == "Microsoft.Azure.NetworkWatcher").Value; } if (extension == null) { log.Info($"VM doesn't have Network Watcher Extension... Installing"); vm.Update() .DefineNewExtension("packetcapture") .WithPublisher("Microsoft.Azure.NetworkWatcher") .WithType("NetworkWatcherAgentWindows") // TODO: determine OS family, can be NetworkWatcherAgentLinux .WithVersion("1.4") .Attach(); log?.Info("Installed Extension on " + vm.Name); } else { log.Info($"VM already has Network Watcher Extension: proceeding..."); } }
private static void InstallNetworkWatcherExtension(IVirtualMachine vm, TraceWriter log = null) { IVirtualMachineExtension extension = vm.ListExtensions().First(x => x.Value.PublisherName == "Microsoft.Azure.NetworkWatcher").Value; if (extension == null) { vm.Update() .DefineNewExtension("packetcapture") .WithPublisher("Microsoft.Azure.NetworkWatcher") .WithType("NetworkWatcherAgentWindows") // TODO: determine OS family, can be NetworkWatcherAgentLinux .WithVersion("1.4") .Attach(); log?.Info("Installed Extension on " + vm.Name); } }
public void CanSetMSIOnExistingVMWithRoleAssignments() { using (var context = FluentMockContext.Start(GetType().FullName)) { var groupName = TestUtilities.GenerateName("rgmsi"); var storageAccountName = TestUtilities.GenerateName("ja"); var region = Region.USSouthCentral; var vmName = "javavm"; IAzure azure = null; try { azure = TestHelper.CreateRollupClient(); IVirtualMachine virtualMachine = azure.VirtualMachines .Define(vmName) .WithRegion(region) .WithNewResourceGroup(groupName) .WithNewPrimaryNetwork("10.0.0.0/28") .WithPrimaryPrivateIPAddressDynamic() .WithoutPrimaryPublicIPAddress() .WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts) .WithRootUsername("Foo12") .WithRootPassword("abc!@#F0orL") .WithSize(VirtualMachineSizeTypes.StandardDS2V2) .WithOSDiskCaching(CachingTypes.ReadWrite) .WithSystemAssignedManagedServiceIdentity() .Create(); Assert.NotNull(virtualMachine); Assert.NotNull(virtualMachine.Inner); Assert.True(virtualMachine.IsManagedServiceIdentityEnabled); Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId); Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityTenantId); // Ensure the MSI extension is set // var extensions = virtualMachine.ListExtensions(); bool extensionFound = false; foreach (var extension in extensions.Values) { if (extension.PublisherName.Equals("Microsoft.ManagedIdentity", StringComparison.OrdinalIgnoreCase) && extension.TypeName.Equals("ManagedIdentityExtensionForLinux", StringComparison.OrdinalIgnoreCase)) { extensionFound = true; break; } } Assert.True(extensionFound); var authenticatedClient = TestHelper.CreateAuthenticatedClient(); // Ensure NO role assigned for resource group // var resourceGroup = azure.ResourceGroups.GetByName(virtualMachine.ResourceGroupName); var rgRoleAssignments1 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id); Assert.NotNull(rgRoleAssignments1); bool found = false; foreach (var roleAssignment in rgRoleAssignments1) { if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase)) { found = true; break; } } Assert.False(found, "Resource group should not have a role assignment with virtual machine MSI principal"); virtualMachine.Update() .WithSystemAssignedManagedServiceIdentity() .WithSystemAssignedIdentityBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor) .Apply(); // Ensure role assigned for resource group // var roleAssignments2 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id); Assert.NotNull(roleAssignments2); foreach (var roleAssignment in roleAssignments2) { if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase)) { found = true; break; } } Assert.True(found, "Resource group should have a role assignment with virtual machine MSI principal"); // Try adding the same role again, implementation should handle 'RoleAlreadyExists' error code and resume // virtualMachine.Update() .WithSystemAssignedManagedServiceIdentity() .WithSystemAssignedIdentityBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor) .Apply(); } finally { try { if (azure != null) { azure.ResourceGroups.BeginDeleteByName(groupName); } } catch { } } } }
public void CanSetMSIOnNewOrExistingVMWithoutRoleAssignment() { using (var context = FluentMockContext.Start(GetType().FullName)) { var groupName = TestUtilities.GenerateName("rgmsi"); var region = Region.USSouthCentral; var vmName = "javavm"; IAzure azure = null; try { azure = TestHelper.CreateRollupClient(); // Create a virtual machine with just MSI enabled without role and scope. // IVirtualMachine virtualMachine = azure.VirtualMachines .Define(vmName) .WithRegion(region) .WithNewResourceGroup(groupName) .WithNewPrimaryNetwork("10.0.0.0/28") .WithPrimaryPrivateIPAddressDynamic() .WithoutPrimaryPublicIPAddress() .WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts) .WithRootUsername("Foo12") .WithRootPassword("abc!@#F0orL") .WithSize(VirtualMachineSizeTypes.StandardDS2V2) .WithOSDiskCaching(CachingTypes.ReadWrite) .WithSystemAssignedManagedServiceIdentity() .Create(); Assert.NotNull(virtualMachine); Assert.NotNull(virtualMachine.Inner); Assert.True(virtualMachine.IsManagedServiceIdentityEnabled); Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId); Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityTenantId); // Ensure the MSI extension is set // var extensions = virtualMachine.ListExtensions(); IVirtualMachineExtension msiExtension = null; foreach (var extension in extensions.Values) { if (extension.PublisherName.Equals("Microsoft.ManagedIdentity", StringComparison.OrdinalIgnoreCase) && extension.TypeName.Equals("ManagedIdentityExtensionForLinux", StringComparison.OrdinalIgnoreCase)) { msiExtension = extension; break; } } Assert.NotNull(msiExtension); // Check the default token port // var publicSettings = msiExtension.PublicSettings; Assert.NotNull(publicSettings); Assert.True(publicSettings.ContainsKey("port")); Object portObj = publicSettings["port"]; Assert.NotNull(portObj); int?port = ObjectToInteger(portObj); Assert.True(port.HasValue); Assert.NotNull(port); Assert.Equal(50342, port); var authenticatedClient = TestHelper.CreateAuthenticatedClient(); // Ensure NO role assigned for resource group // var resourceGroup = azure.ResourceGroups.GetByName(virtualMachine.ResourceGroupName); var rgRoleAssignments1 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id); Assert.NotNull(rgRoleAssignments1); bool found = false; foreach (var roleAssignment in rgRoleAssignments1) { if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase)) { found = true; break; } } Assert.False(found, "Resource group should not have a role assignment with virtual machine MSI principal"); virtualMachine = virtualMachine.Update() .WithSystemAssignedManagedServiceIdentity(50343) .Apply(); Assert.NotNull(virtualMachine); Assert.NotNull(virtualMachine.Inner); Assert.True(virtualMachine.IsManagedServiceIdentityEnabled); Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId); Assert.NotNull(virtualMachine.SystemAssignedManagedServiceIdentityTenantId); extensions = virtualMachine.ListExtensions(); msiExtension = null; foreach (var extension in extensions.Values) { if (extension.PublisherName.Equals("Microsoft.ManagedIdentity", StringComparison.OrdinalIgnoreCase) && extension.TypeName.Equals("ManagedIdentityExtensionForLinux", StringComparison.OrdinalIgnoreCase)) { msiExtension = extension; break; } } Assert.NotNull(msiExtension); // Check the default token port // publicSettings = msiExtension.PublicSettings; Assert.NotNull(publicSettings); Assert.True(publicSettings.ContainsKey("port")); portObj = publicSettings["port"]; Assert.NotNull(portObj); port = ObjectToInteger(portObj); Assert.True(port.HasValue); Assert.NotNull(port); Assert.Equal(50343, port); rgRoleAssignments1 = authenticatedClient.RoleAssignments.ListByScope(resourceGroup.Id); Assert.NotNull(rgRoleAssignments1); found = false; foreach (var roleAssignment in rgRoleAssignments1) { if (roleAssignment.PrincipalId != null && roleAssignment.PrincipalId.Equals(virtualMachine.SystemAssignedManagedServiceIdentityPrincipalId, StringComparison.OrdinalIgnoreCase)) { found = true; break; } } Assert.False(found, "Resource group should not have a role assignment with virtual machine MSI principal"); } finally { try { if (azure != null) { azure.ResourceGroups.BeginDeleteByName(groupName); } } catch { } } } }
public void CanHandleExtensionReference() { using (var context = FluentMockContext.Start(GetType().FullName)) { string rgName = TestUtilities.GenerateName("vmexttest"); string location = "eastus"; string vmName = "javavm"; var azure = TestHelper.CreateRollupClient(); // Create a Linux VM // try { var vm = azure.VirtualMachines .Define(vmName) .WithRegion(location) .WithNewResourceGroup(rgName) .WithNewPrimaryNetwork("10.0.0.0/28") .WithPrimaryPrivateIPAddressDynamic() .WithoutPrimaryPublicIPAddress() .WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer14_04_Lts) .WithRootUsername("Foo12") .WithRootPassword("BaR@12abc!") .WithSize(VirtualMachineSizeTypes.Parse("Standard_D2a_v4")) .DefineNewExtension("VMAccessForLinux") .WithPublisher("Microsoft.OSTCExtensions") .WithType("VMAccessForLinux") .WithVersion("1.4") .WithProtectedSetting("username", "Foo12") .WithProtectedSetting("password", "B12a6@12xyz!") .WithProtectedSetting("reset_ssh", "true") .Attach() .Create(); Assert.True(vm.ListExtensions().Count() > 0); // Get the created virtual machine via VM List not by VM GET var virtualMachines = azure.VirtualMachines .ListByResourceGroup(rgName); IVirtualMachine vmWithExtensionReference = null; foreach (var virtualMachine in virtualMachines) { if (virtualMachine.Name.Equals(vmName, StringComparison.OrdinalIgnoreCase)) { vmWithExtensionReference = virtualMachine; break; } } // The VM retrieved from the list will contain extensions as reference (i.e. with only id) Assert.NotNull(vmWithExtensionReference); // Update the extension var vmWithExtensionUpdated = vmWithExtensionReference.Update() .UpdateExtension("VMAccessForLinux") .WithProtectedSetting("username", "Foo12") .WithProtectedSetting("password", "muy!234OR") .WithProtectedSetting("reset_ssh", "true") .Parent() .Apply(); // Again getting VM with extension reference virtualMachines = azure.VirtualMachines .ListByResourceGroup(rgName); vmWithExtensionReference = null; foreach (var virtualMachine in virtualMachines) { vmWithExtensionReference = virtualMachine; } Assert.NotNull(vmWithExtensionReference); IVirtualMachineExtension accessExtension = null; foreach (var extension in vmWithExtensionReference.ListExtensions().Values) { if (extension.Name.Equals("VMAccessForLinux", StringComparison.OrdinalIgnoreCase)) { accessExtension = extension; break; } } // Even though VM's inner contain just extension reference VirtualMachine::extensions() // should resolve the reference and get full extension. Assert.NotNull(accessExtension); Assert.NotNull(accessExtension.PublisherName); Assert.NotNull(accessExtension.TypeName); Assert.NotNull(accessExtension.VersionName); } finally { try { azure.ResourceGroups.DeleteByName(rgName); } catch { } } } }