ansible/cloud/azure/azure_rm_storageaccount.py
2016-04-26 14:24:24 -04:00

444 lines
17 KiB
Python

#!/usr/bin/python
#
# Copyright (c) 2016 Matt Davis, <mdavis@ansible.com>
# Chris Houseknecht, <house@redhat.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
DOCUMENTATION = '''
---
module: azure_rm_storageaccount
version_added: "2.1"
short_description: Manage Azure storage accounts.
description:
- Create, update or delete a storage account.
options:
resource_group:
description:
- Name of the resource group to use.
required: true
name:
description:
- Name of the storage account to update or create.
required: false
default: null
state:
description:
- Assert the state of the storage account. Use 'present' to create or update a storage account and
'absent' to delete an account.
default: present
required: false
choices:
- absent
- present
location:
description:
- Valid azure location. Defaults to location of the resource group.
required: false
default: resource_group location
account_type:
description:
- "Type of storage account. Required when creating a storage account. NOTE: StandardZRS and PremiumLRS
accounts cannot be changed to other account types, and other account types cannot be changed to
StandardZRS or PremiumLRS."
required: false
default: null
choices:
- Premium_LRS
- Standard_GRS
- Standard_LRS
- Standard_RAGRS
- Standard_ZRS
aliases:
- type
custom_domain:
description:
- User domain assigned to the storage account. Must be a dictionary with 'name' and 'use_sub_domain'
keys where 'name' is the CNAME source. Only one custom domain is supported per storage account at this
time. To clear the existing custom domain, use an empty string for the custom domain name property.
- Can be added to an existing storage account. Will be ignored during storage account creation.
required: false
default: null
extends_documentation_fragment:
- azure
- azure_tags
author:
- "Chris Houseknecht (@chouseknecht)"
- "Matt Davis (@nitzmahone)"
'''
EXAMPLES = '''
- name: remove account, if it exists
azure_rm_storageaccount:
resource_group: Testing
name: clh0002
state: absent
- name: create an account
azure_rm_storageaccount:
resource_group: Testing
name: clh0002
type: Standard_RAGRS
tags:
- testing: testing
- delete: on-exit
'''
RETURN = '''
state:
description: Current state of the storage account.
returned: always
type: dict
sample: {
"account_type": "Standard_RAGRS",
"custom_domain": null,
"id": "/subscriptions/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX/resourceGroups/testing/providers/Microsoft.Storage/storageAccounts/clh0003",
"location": "eastus2",
"name": "clh0003",
"primary_endpoints": {
"blob": "https://clh0003.blob.core.windows.net/",
"queue": "https://clh0003.queue.core.windows.net/",
"table": "https://clh0003.table.core.windows.net/"
},
"primary_location": "eastus2",
"provisioning_state": "Succeeded",
"resource_group": "Testing",
"secondary_endpoints": {
"blob": "https://clh0003-secondary.blob.core.windows.net/",
"queue": "https://clh0003-secondary.queue.core.windows.net/",
"table": "https://clh0003-secondary.table.core.windows.net/"
},
"secondary_location": "centralus",
"status_of_primary": "Available",
"status_of_secondary": "Available",
"tags": null,
"type": "Microsoft.Storage/storageAccounts"
}
'''
from ansible.module_utils.basic import *
from ansible.module_utils.azure_rm_common import *
try:
from msrestazure.azure_exceptions import CloudError
from azure.storage.cloudstorageaccount import CloudStorageAccount
from azure.common import AzureMissingResourceHttpError, AzureHttpError
from azure.mgmt.storage.models import AccountType,\
ProvisioningState, \
StorageAccountUpdateParameters,\
CustomDomain, StorageAccountCreateParameters
except ImportError:
# This is handled in azure_rm_common
pass
NAME_PATTERN = re.compile(r"^[a-z0-9]+$")
class AzureRMStorageAccount(AzureRMModuleBase):
def __init__(self):
self.module_arg_spec = dict(
account_type=dict(type='str', choices=[], aliases=['type']),
custom_domain=dict(type='dict'),
location=dict(type='str'),
name=dict(type='str', required=True),
resource_group=dict(required=True, type='str'),
state=dict(default='present', choices=['present', 'absent']),
force=dict(type='bool', default=False),
tags=dict(type='dict'),
)
for key in AccountType:
self.module_arg_spec['account_type']['choices'].append(getattr(key, 'value'))
self.results = dict(
changed=False,
state=dict()
)
self.account_dict = None
self.resource_group = None
self.name = None
self.state = None
self.location = None
self.account_type = None
self.custom_domain = None
self.tags = None
self.force = None
super(AzureRMStorageAccount, self).__init__(self.module_arg_spec,
supports_check_mode=True)
def exec_module(self, **kwargs):
for key in self.module_arg_spec.keys() + ['tags']:
setattr(self, key, kwargs[key])
resource_group = self.get_resource_group(self.resource_group)
if not self.location:
# Set default location
self.location = resource_group.location
if not NAME_PATTERN.match(self.name):
self.fail("Parameter error: name must contain numbers and lowercase letters only.")
if len(self.name) < 3 or len(self.name) > 24:
self.fail("Parameter error: name length must be between 3 and 24 characters.")
if self.custom_domain:
if self.custom_domain.get('name', None) is None:
self.fail("Parameter error: expecting custom_domain to have a name attribute of type string.")
if self.custom_domain.get('use_sub_domain', None) is None:
self.fail("Parameter error: expecting custom_domain to have a use_sub_domain "
"attribute of type boolean.")
self.account_dict = self.get_account()
if self.state == 'present' and self.account_dict and \
self.account_dict['provisioning_state'] != AZURE_SUCCESS_STATE :
self.fail("Error: storage account {0} has not completed provisioning. State is {1}. Expecting state "
"to be {2}.".format(self.name, self.account_dict['provisioning_state'], AZURE_SUCCESS_STATE))
if self.account_dict is not None:
self.results['state'] = self.account_dict
else:
self.results['state'] = dict()
if self.state == 'present':
if not self.account_dict:
self.results['state'] = self.create_account()
else:
self.update_account()
elif self.state == 'absent' and self.account_dict:
self.delete_account()
self.results['state'] = dict(Status='Deleted')
return self.results
def check_name_availability(self):
self.log('Checking name availability for {0}'.format(self.name))
try:
response = self.storage_client.storage_accounts.check_name_availability(self.name)
except AzureHttpError, e:
self.log('Error attempting to validate name.')
self.fail("Error checking name availability: {0}".format(str(e)))
if not response.name_available:
self.log('Error name not available.')
self.fail("{0} - {1}".format(response.message, response.reason))
def get_account(self):
self.log('Get properties for account {0}'.format(self.name))
account_obj = None
account_dict = None
try:
account_obj = self.storage_client.storage_accounts.get_properties(self.resource_group, self.name)
except CloudError:
pass
if account_obj:
account_dict = self.account_obj_to_dict(account_obj)
return account_dict
def account_obj_to_dict(self, account_obj):
account_dict = dict(
id=account_obj.id,
name=account_obj.name,
location=account_obj.location,
resource_group=self.resource_group,
type=account_obj.type,
account_type=account_obj.account_type.value,
provisioning_state=account_obj.provisioning_state.value,
secondary_location=account_obj.secondary_location,
status_of_primary=(account_obj.status_of_primary.value
if account_obj.status_of_primary is not None else None),
status_of_secondary=(account_obj.status_of_secondary.value
if account_obj.status_of_secondary is not None else None),
primary_location=account_obj.primary_location
)
account_dict['custom_domain'] = None
if account_obj.custom_domain:
account_dict['custom_domain'] = dict(
name=account_obj.custom_domain.name,
use_sub_domain=account_obj.custom_domain.use_sub_domain
)
account_dict['primary_endpoints'] = None
if account_obj.primary_endpoints:
account_dict['primary_endpoints'] = dict(
blob=account_obj.primary_endpoints.blob,
queue=account_obj.primary_endpoints.queue,
table=account_obj.primary_endpoints.table
)
account_dict['secondary_endpoints'] = None
if account_obj.secondary_endpoints:
account_dict['secondary_endpoints'] = dict(
blob=account_obj.secondary_endpoints.blob,
queue=account_obj.secondary_endpoints.queue,
table=account_obj.secondary_endpoints.table
)
account_dict['tags'] = None
if account_obj.tags:
account_dict['tags'] = account_obj.tags
return account_dict
def update_account(self):
self.log('Update storage account {0}'.format(self.name))
if self.account_type:
if self.account_type != self.account_dict['account_type']:
# change the account type
if self.account_dict['account_type'] in [AccountType.premium_lrs, AccountType.standard_zrs]:
self.fail("Storage accounts of type {0} and {1} cannot be changed.".format(
AccountType.premium_lrs, AccountType.standard_zrs))
if self.account_type in [AccountType.premium_lrs, AccountType.standard_zrs]:
self.fail("Storage account of type {0} cannot be changed to a type of {1} or {2}.".format(
self.account_dict['account_type'], AccountType.premium_lrs, AccountType.standard_zrs))
self.results['changed'] = True
self.account_dict['account_type'] = self.account_type
if self.results['changed'] and not self.check_mode:
# Perform the update. The API only allows changing one attribute per call.
try:
parameters = StorageAccountUpdateParameters(account_type=self.account_dict['account_type'])
self.storage_client.storage_accounts.update(self.resource_group,
self.name,
parameters)
except Exception as exc:
self.fail("Failed to update account type: {0}".format(str(exc)))
if self.custom_domain:
if not self.account_dict['custom_domain'] or \
self.account_dict['custom_domain'] != self.account_dict['custom_domain']:
self.results['changed'] = True
self.account_dict['custom_domain'] = self.custom_domain
if self.results['changed'] and not self.check_mode:
new_domain = CustomDomain(name=self.custom_domain['name'],
use_sub_domain=self.custom_domain['use_sub_domain'])
parameters = StorageAccountUpdateParameters(custom_domain=new_domain)
try:
self.storage_client.storage_accounts.update(self.resource_group, self.name, parameters)
except Exception as exc:
self.fail("Failed to update custom domain: {0}".format(str(exc)))
update_tags, self.account_dict['tags'] = self.update_tags(self.account_dict['tags'])
if update_tags:
self.results['changed'] = True
if not self.check_mode:
parameters = StorageAccountUpdateParameters(tags=self.account_dict['tags'])
try:
self.storage_client.storage_accounts.update(self.resource_group, self.name, parameters)
except Exception as exc:
self.fail("Failed to update tags: {0}".format(str(exc)))
def create_account(self):
self.log("Creating account {0}".format(self.name))
if not self.location:
self.fail('Parameter error: location required when creating a storage account.')
if not self.account_type:
self.fail('Parameter error: account_type required when creating a storage account.')
self.check_name_availability()
self.results['changed'] = True
if self.check_mode:
account_dict = dict(
location=self.location,
account_type=self.account_type,
name=self.name,
resource_group=self.resource_group,
tags=dict()
)
if self.tags:
account_dict['tags'] = self.tags
return account_dict
parameters = StorageAccountCreateParameters(account_type=self.account_type, location=self.location,
tags=self.tags)
self.log(str(parameters))
try:
poller = self.storage_client.storage_accounts.create(self.resource_group, self.name, parameters)
self.get_poller_result(poller)
except AzureHttpError, e:
self.log('Error creating storage account.')
self.fail("Failed to create account: {0}".format(str(e)))
# the poller doesn't actually return anything
return self.get_account()
def delete_account(self):
if self.account_dict['provisioning_state'] == ProvisioningState.succeeded.value and \
self.account_has_blob_containers() and self.force:
self.fail("Account contains blob containers. Is it in use? Use the force option to attempt deletion.")
self.log('Delete storage account {0}'.format(self.name))
self.results['changed'] = True
if not self.check_mode:
try:
status = self.storage_client.storage_accounts.delete(self.resource_group, self.name)
self.log("delete status: ")
self.log(str(status))
except AzureHttpError, e:
self.fail("Failed to delete the account: {0}".format(str(e)))
return True
def account_has_blob_containers(self):
'''
If there are blob containers, then there are likely VMs depending on this account and it should
not be deleted.
'''
self.log('Checking for existing blob containers')
keys = dict()
try:
# Get keys from the storage account
account_keys = self.storage_client.storage_accounts.list_keys(self.resource_group, self.name)
keys['key1'] = account_keys.key1
keys['key2'] = account_keys.key2
except AzureHttpError as e:
self.fail("check_for_container:Failed to get account keys: {0}".format(e))
try:
cloud_storage = CloudStorageAccount(self.name, keys['key1']).create_page_blob_service()
except Exception as e:
self.fail("check_for_container:Error creating blob service: {0}".format(e))
try:
response = cloud_storage.list_containers()
except AzureMissingResourceHttpError:
# No blob storage available?
return False
if len(response.items) > 0:
return True
return False
def main():
AzureRMStorageAccount()
if __name__ == '__main__':
main()