c7n_azure package

Subpackages

Submodules

c7n_azure.actions module

Actions to perform on Azure resources

class c7n_azure.actions.AutoTagUser(data=None, manager=None, log_dir=None)[source]

Bases: c7n.actions.EventAction

Attempts to tag a resource with the first user who created/modified it.

policies:
  - name: azure-auto-tag-creator
    resource: azure.resourcegroup
    description: |
      Tag all existing resource groups with the 'CreatorEmail' tag
    actions:
     - type: auto-tag-user
       tag: CreatorEmail

This action searches from the earliest ‘write’ operation’s caller in the activity logs for a particular resource.

Note: activity logs are only held for the last 90 days.

default_user = 'Unknown'
static get_first_operation(logs, operation_name)[source]
max_query_days = 90
principal_type_jmes_path = {'children': [{'children': [], 'value': 'data', 'type': 'field'}, {'children': [], 'value': 'authorization', 'type': 'field'}, {'children': [], 'value': 'evidence', 'type': 'field'}, {'children': [], 'value': 'principalType', 'type': 'field'}], 'type': 'subexpression'}
process(resources, event=None)[source]
process_resource(resource, event_item=None)[source]
query_select = 'eventTimestamp, operationName, caller'
schema = {u'additionalProperties': False, u'properties': {'update': {'type': 'boolean'}, 'days': {'type': 'integer'}, u'type': {u'enum': ['auto-tag-user']}, 'tag': {'type': 'string'}}, u'required': ['tag', u'type'], u'type': u'object'}
sp_jmes_path = {'children': [{'children': [], 'value': 'data', 'type': 'field'}, {'children': [], 'value': 'claims', 'type': 'field'}, {'children': [], 'value': 'appid', 'type': 'field'}], 'type': 'subexpression'}
user_jmes_path = {'children': [{'children': [], 'value': 'data', 'type': 'field'}, {'children': [], 'value': 'claims', 'type': 'field'}, {'children': [], 'value': u'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'type': 'field'}], 'type': 'subexpression'}
validate()[source]
class c7n_azure.actions.AzureBaseAction(data=None, manager=None, log_dir=None)[source]

Bases: c7n.actions.Action

chunk_size = 20
handle_exceptions(exceptions)[source]

raising one exception re-raises the last exception and maintains the stack trace

max_workers = 3
process(resources)[source]
process_in_parallel(resources)[source]
process_resource_set(resources)[source]
session = None
class c7n_azure.actions.DeleteAction(data=None, manager=None, log_dir=None)[source]

Bases: c7n_azure.actions.AzureBaseAction

process_resource_set(resources)[source]
schema = {u'additionalProperties': False, u'properties': {u'type': {u'enum': ['delete']}}, u'required': [u'type'], u'type': u'object'}
class c7n_azure.actions.Notify(data=None, manager=None, log_dir=None)[source]

Bases: c7n.actions.BaseNotify

batch_size = 50
process(resources, event=None)[source]
schema = {'anyOf': [{'required': ['type', 'transport', 'to']}, {'required': ['type', 'transport', 'to_from']}], 'properties': {'to': {'items': {'type': 'string'}, 'type': 'array'}, 'to_from': {u'additionalProperties': u'False', u'properties': {u'expr': {u'oneOf': [{u'type': u'integer'}, {u'type': u'string'}]}, u'url': {u'type': u'string'}, u'format': {u'enum': [u'csv', u'json', u'txt', u'csv2dict']}}, u'required': [u'url'], u'type': u'object'}, 'transport': {'oneOf': [{'properties': {'queue': {'type': 'string'}, 'type': {'enum': ['asq']}}, 'required': ['type', 'queue'], 'type': 'object'}]}, 'cc_manager': {'type': 'boolean'}, 'owner_absent_contact': {'items': {'type': 'string'}, 'type': 'array'}, 'from': {'type': 'string'}, 'subject': {'type': 'string'}, 'template': {'type': 'string'}, 'cc_from': {u'additionalProperties': u'False', u'properties': {u'expr': {u'oneOf': [{u'type': u'integer'}, {u'type': u'string'}]}, u'url': {u'type': u'string'}, u'format': {u'enum': [u'csv', u'json', u'txt', u'csv2dict']}}, u'required': [u'url'], u'type': u'object'}, 'type': {'enum': ['notify']}, 'cc': {'items': {'type': 'string'}, 'type': 'array'}}, 'type': 'object'}
send_data_message(message, session)[source]
send_to_azure_queue(queue_uri, message, session)[source]
class c7n_azure.actions.RemoveTag(data=None, manager=None, log_dir=None)[source]

Bases: c7n_azure.actions.AzureBaseAction

Removes tags from Azure resources

policies:
  - name: azure-remove-tag-resourcegroups
    resource: azure.resourcegroup
    description: |
      Remove tag for all existing resource groups with a key such as Environment
    actions:
     - type: untag
       tags: ['Environment']
process_resource_set(resources)[source]
schema = {u'additionalProperties': False, u'properties': {'tags': {'items': {'type': 'string'}, 'type': 'array'}, u'type': {u'enum': ['untag']}}, u'required': [u'type'], u'type': u'object'}
validate()[source]
class c7n_azure.actions.Tag(data=None, manager=None, log_dir=None)[source]

Bases: c7n_azure.actions.AzureBaseAction

Adds tags to Azure resources

policies:
  - name: azure-tag-resourcegroups
    resource: azure.resourcegroup
    description: |
      Tag all existing resource groups with a value such as Environment
    actions:
     - type: tag
       tag: Environment
       value: Test
process_resource_set(resources)[source]
schema = {u'additionalProperties': False, u'properties': {'tags': {'type': 'object'}, 'value': {'type': 'string'}, u'type': {u'enum': ['tag']}, 'tag': {'type': 'string'}}, u'required': [u'type'], u'type': u'object'}
validate()[source]
class c7n_azure.actions.TagDelayedAction(data=None, manager=None, log_dir=None)[source]

Bases: c7n_azure.actions.AzureBaseAction

Tag resources for future action.

The optional ‘tz’ parameter can be used to adjust the clock to align with a given timezone. The default value is ‘utc’.

If neither ‘days’ nor ‘hours’ is specified, Cloud Custodian will default to marking the resource for action 4 days in the future.

- policies:
  - name: vm-mark-for-stop
    resource: azure.vm
    filters:
      - type: value
        key: Name
        value: instance-to-stop-in-four-days
    actions:
      - type: mark-for-op
        op: stop
default_template = 'Resource does not meet policy: {op}@{action_date}'
generate_timestamp(days, hours)[source]
process_resource_set(resources)[source]
schema = {u'additionalProperties': False, u'properties': {'op': {'type': 'string'}, 'hours': {'exclusiveMinimum': False, 'type': 'integer', 'minimum': 0}, 'tz': {'type': 'string'}, 'tag': {'type': 'string'}, 'msg': {'type': 'string'}, 'days': {'exclusiveMinimum': False, 'type': 'integer', 'minimum': 0}, u'type': {u'enum': ['mark-for-op']}}, u'required': [u'type'], u'type': u'object'}
validate()[source]
class c7n_azure.actions.TagTrim(data=None, manager=None, log_dir=None)[source]

Bases: c7n_azure.actions.AzureBaseAction

Automatically remove tags from an azure resource. Azure Resources and Resource Groups have a limit of 15 tags. In order to make additional tag space on a set of resources, this action can be used to remove enough tags to make the desired amount of space while preserving a given set of tags. Setting the space value to 0 removes all tags but those listed to preserve.

- policies:
   - name: azure-tag-trim
     comment: |
       Any instances with 14 or more tags get tags removed until
       they match the target tag count, in this case 13, so
       that we free up tag slots for another usage.
     resource: azure.resourcegroup
     filters:
         # Filter down to resources that do not have the space
         # to add additional required tags. For example, if an
         # additional 2 tags need to be added to a resource, with
         # 15 tags as the limit, then filter down to resources that
         # have 14 or more tags since they will need to have tags
         # removed for the 2 extra. This also ensures that metrics
         # reporting is correct for the policy.
         type: value
         key: "[length(Tags)][0]"
         op: ge
         value: 14
     actions:
       - type: tag-trim
         space: 2
         preserve:
          - OwnerContact
          - Environment
          - downtime
          - custodian_status
max_tag_count = 15
process_resource_set(resources)[source]
schema = {u'additionalProperties': False, u'properties': {'preserve': {'items': {'type': 'string'}, 'type': 'array'}, u'type': {u'enum': ['tag-trim']}, 'space': {'type': 'integer'}}, u'required': [u'type'], u'type': u'object'}
validate()[source]

c7n_azure.azure_events module

class c7n_azure.azure_events.AzureEventSubscription[source]

Bases: object

classmethod create(destination, name, session=None, event_filter=None)[source]
class c7n_azure.azure_events.AzureEvents[source]

Bases: object

A mapping of resource types to events.

azure_events = {u'AppServicePlanWrite': {u'resource_provider': u'Microsoft.Web/serverFarms', u'event': u'write'}, u'BatchWrite': {u'resource_provider': u'Microsoft.Batch/batchAccounts', u'event': u'write'}, u'CdnProfileWrite': {u'resource_provider': u'Microsoft.Cdn/profiles', u'event': u'write'}, u'CognitiveServiceWrite': {u'resource_provider': u'Microsoft.CognitiveServices/account', u'event': u'write'}, u'ContainerServiceWrite': {u'resource_provider': u'Microsoft.ContainerService/managedClusters', u'event': u'write'}, u'CosmosDbWrite': {u'resource_provider': u'Microsoft.DocumentDB/databaseAccounts', u'event': u'write'}, u'DataFactoryWrite': {u'resource_provider': u'Microsoft.DataFactory/factories', u'event': u'write'}, u'DataLakeWrite': {u'resource_provider': u'Microsoft.DataLakeStore/accounts', u'event': u'write'}, u'DiskWrite': {u'resource_provider': u'Microsoft.Compute/disks', u'event': u'write'}, u'IotHubWrite': {u'resource_provider': u'Microsoft.Devices/IotHubs', u'event': u'write'}, u'KeyVaultWrite': {u'resource_provider': u'Microsoft.KeyVault/vaults', u'event': u'write'}, u'LoadBalancerWrite': {u'resource_provider': u'Microsoft.Network/loadBalancers', u'event': u'write'}, u'NetworkInterfaceWrite': {u'resource_provider': u'Microsoft.Network/networkInterfaces', u'event': u'write'}, u'NetworkSecurityGroupWrite': {u'resource_provider': u'Microsoft.Network/networkSecurityGroups', u'event': u'write'}, u'PublicIpWrite': {u'resource_provider': u'Microsoft.Network/publicIPAddresses', u'event': u'write'}, u'RedisWrite': {u'resource_provider': u'Microsoft.Cache/Redis', u'event': u'write'}, u'ResourceGroupWrite': {u'resource_provider': u'Microsoft.Resources/subscriptions/resourceGroups', u'event': u'write'}, u'RoleAssignmentWrite': {u'resource_provider': u'Microsoft.Authorization/roleAssignments', u'event': u'write'}, u'RoleDefinitionW': {u'resource_provider': u'Microsoft.Authorization/roleDefinitions', u'event': u'write'}, u'SqlServerWrite': {u'resource_provider': u'Microsoft.Sql/servers', u'event': u'write'}, u'StorageWrite': {u'resource_provider': u'Microsoft.Storage/storageAccounts', u'event': u'write'}, u'VmWrite': {u'resource_provider': u'Microsoft.Compute/virtualMachines', u'event': u'write'}, u'VmssWrite': {u'resource_provider': u'Microsoft.Compute/virtualMachineScaleSets', u'event': u'write'}, u'VnetWrite': {u'resource_provider': u'Microsoft.Network/virtualNetworks', u'event': u'write'}, u'WebAppWrite': {u'resource_provider': u'Microsoft.Web/sites', u'event': u'write'}}
classmethod get(event)[source]
classmethod get_event_operations(events)[source]

c7n_azure.constants module

Azure Functions

c7n_azure.constants.ENV_CUSTODIAN_DISABLE_SSL_CERT_VERIFICATION = 'CUSTODIAN_DISABLE_SSL_CERT_VERIFICATION'

Authentication Resource

c7n_azure.constants.EVENT_GRID_PRINCIPAL_TYPE_JMES_PATH = 'data.authorization.evidence.principalType'

Environment Variables

c7n_azure.constants.FUNCTION_KEY_URL = 'hostruntime/admin/host/systemkeys/_master?api-version=2018-02-01'

Event Grid Mode

c7n_azure.constants.RESOURCE_STORAGE = 'https://storage.azure.com/'

Threading Variable

c7n_azure.dependency_manager module

class c7n_azure.dependency_manager.DependencyManager[source]

Bases: object

static check_cache(cache_folder, install_folder, packages)[source]
static create_cache_metadata(cache_folder, install_folder, packages)[source]
static download_wheels(packages, folder)[source]
static get_dependency_packages_list(packages, excluded_packages)[source]
static install_wheels(wheels_folder, install_folder)[source]
static prepare_non_binary_wheels(packages, folder)[source]

c7n_azure.entry module

c7n_azure.entry.initialize_azure()[source]

c7n_azure.filters module

class c7n_azure.filters.AzureOffHour(data, manager=None)[source]

Bases: c7n.filters.offhours.OffHour

get_tag_value(i)[source]
class c7n_azure.filters.AzureOnHour(data, manager=None)[source]

Bases: c7n.filters.offhours.OnHour

get_tag_value(i)[source]
class c7n_azure.filters.DiagnosticSettingsFilter(data, manager=None)[source]

Bases: c7n.filters.core.ValueFilter

process(resources, event=None)[source]
process_resource_set(resources)[source]
schema = {u'additionalProperties': False, u'properties': {u'op': {u'enum': [u'glob', u'contains', u'equal', u'eq', u'lt', u'ge', u'greater-than', u'gte', u'not-in', u'in', u'regex', u'difference', u'ne', u'less-than', u'lte', u'intersect', u'le', u'not-equal', u'gt', u'ni']}, u'value_from': {u'additionalProperties': u'False', u'properties': {u'expr': {u'oneOf': [{u'type': u'integer'}, {u'type': u'string'}]}, u'url': {u'type': u'string'}, u'format': {u'enum': [u'csv', u'json', u'txt', u'csv2dict']}}, u'required': [u'url'], u'type': u'object'}, u'value': {u'oneOf': [{u'type': u'array'}, {u'type': u'string'}, {u'type': u'boolean'}, {u'type': u'number'}, {u'type': u'null'}]}, u'value_type': {u'enum': [u'age', u'integer', u'expiration', u'normalize', u'size', u'cidr', u'cidr_size', u'swap', u'resource_count', u'expr', u'unique_size']}, u'key': {u'type': u'string'}, u'default': {u'type': u'object'}, u'type': {u'enum': ['diagnostic-settings']}}, u'required': [u'type'], u'type': u'object'}
class c7n_azure.filters.MetricFilter(data, manager=None)[source]

Bases: c7n.filters.core.Filter

Filters Azure resources based on live metrics from the Azure monitor

Example:Find all VMs with an average Percentage CPU greater than 75% over last 2 hours
policies:
  - name: vm-percentage-cpu
    resource: azure.vm
    filters:
      - type: metric
        metric: Percentage CPU
        aggregation: average,
        op: gt
        threshold: 75
        timeframe: 2
DEFAULT_AGGREGATION = 'average'
DEFAULT_INTERVAL = 'P1D'
DEFAULT_TIMEFRAME = 24
aggregation_funcs = {'average': <function mean at 0x7fe45d834c80>, 'total': <function sum at 0x7fe45d834cf8>}
get_metric_data(resource)[source]
ops = {'eq': <built-in function eq>, 'equal': <built-in function eq>, 'ge': <built-in function ge>, 'greater-than': <built-in function gt>, 'gt': <built-in function gt>, 'gte': <built-in function ge>, 'le': <built-in function le>, 'less-than': <built-in function lt>, 'lt': <built-in function lt>, 'lte': <built-in function le>, 'ne': <built-in function ne>, 'not-equal': <built-in function ne>}
passes_op_filter(resource)[source]
process(resources, event=None)[source]
process_resource(resource)[source]
schema = {'properties': {'op': {'enum': ['equal', 'lt', 'greater-than', 'ge', 'ne', 'le', 'gt', 'lte', 'eq', 'gte', 'less-than', 'not-equal']}, 'interval': {'enum': ['PT1M', 'PT5M', 'PT15M', 'PT30M', 'PT1H', 'PT6H', 'PT12H', 'P1D']}, 'timeframe': {'type': 'number'}, 'metric': {'type': 'string'}, 'aggregation': {'enum': ['total', 'average']}, 'threshold': {'type': 'number'}}, 'required': ['type', 'metric', 'op', 'threshold'], 'type': 'object'}
class c7n_azure.filters.PolicyCompliantFilter(data, manager=None)[source]

Bases: c7n.filters.core.Filter

Filter resources based on Azure Policy compliance status

Filter resources by their current Azure Policy compliance status.

You can specify if you want to filter compliant or non-compiant resources.

You can provide a list of Azure Policy definitions display names or names to limit amount of non-compliant resources. By default it returns a list of all non-compliant resources.

- policies:
  - name: vm-stop-marked
    resource: azure.vm
    filters:
      - type: policy-compliant
        compliant: false
        definitions:
          - "Definition display name 1"
          - "Definition display name 2"
process(resources, event=None)[source]
schema = {u'additionalProperties': False, u'properties': {'compliant': {'type': 'boolean'}, 'definitions': {'type': 'array'}, u'type': {u'enum': ['policy-compliant']}}, u'required': ['type', 'compliant', u'type'], u'type': u'object'}
class c7n_azure.filters.TagActionFilter(data, manager=None)[source]

Bases: c7n.filters.core.Filter

Filter resources for tag specified future action

Filters resources by a ‘custodian_status’ tag which specifies a future date for an action.

The filter parses the tag values looking for an ‘op@date’ string. The date is parsed and compared to do today’s date, the filter succeeds if today’s date is gte to the target date.

The optional ‘skew’ parameter provides for incrementing today’s date a number of days into the future. An example use case might be sending a final notice email a few days before terminating an instance, or snapshotting a volume prior to deletion.

The optional ‘skew_hours’ parameter provides for incrementing the current time a number of hours into the future.

Optionally, the ‘tz’ parameter can get used to specify the timezone in which to interpret the clock (default value is ‘utc’)

- policies:
  - name: vm-stop-marked
    resource: azure.vm
    filters:
      - type: marked-for-op
        # The default tag used is custodian_status
        # but that is configurable
        tag: custodian_status
        op: stop
        # Another optional tag is skew
        tz: utc
    actions:
      - type: stop
current_date = None
process(resources, event=None)[source]
schema = {u'additionalProperties': False, u'properties': {'op': {'type': 'string'}, 'tz': {'type': 'string'}, 'tag': {'type': 'string'}, 'skew_hours': {'type': 'number', 'minimum': 0}, 'skew': {'type': 'number', 'minimum': 0}, u'type': {u'enum': ['marked-for-op']}}, u'required': [u'type'], u'type': u'object'}
validate()[source]

c7n_azure.function module

c7n_azure.function.main(input)[source]

c7n_azure.function_package module

class c7n_azure.function_package.FunctionPackage(name, function_path=None)[source]

Bases: object

build(policy, modules, non_binary_packages, excluded_packages, queue_name=None)[source]
cache_folder
close()[source]
get_function_config(policy, queue_name=None)[source]
publish(deployment_creds)[source]
status(deployment_creds)[source]
wait_for_status(deployment_creds, retries=10, delay=15)[source]

c7n_azure.functionapp_utils module

class c7n_azure.functionapp_utils.FunctionAppUtilities[source]

Bases: object

class FunctionAppInfrastructureParameters(app_insights, service_plan, storage_account, function_app_resource_group_name, function_app_name)[source]
static deploy_dedicated_function_app(parameters)[source]
static get_storage_account_connection_string(id)[source]

c7n_azure.handler module

c7n_azure.handler.get_tmp_output_dir()[source]
c7n_azure.handler.run(event, context)[source]

c7n_azure.output module

Provides output support for Azure Blob Storage using the ‘azure://’ prefix

class c7n_azure.output.AzureStorageOutput(ctx, config=None)[source]

Bases: c7n.output.DirectoryOutput

Usage:

with AzureStorageOutput(session_factory, 'azure://bucket/prefix'):
    log.info('xyz')  # -> log messages sent to custodian-run.log.gz
DEFAULT_BLOB_FOLDER_PREFIX = '{policy_name}/{now:%Y/%m/%d/%H/}'
static get_blob_client_wrapper(output_path, ctx)[source]
get_output_path(output_url)[source]
static join(*parts)[source]
type = 'azure'
upload()[source]

c7n_azure.policy module

class c7n_azure.policy.AzureEventGridMode(policy)[source]

Bases: c7n_azure.policy.AzureFunctionMode

A policy that runs/executes in azure functions from an azure event.

get_logs(start, end)[source]

Retrieve logs for the policy

provision()[source]
run(event=None, lambda_context=None)[source]

Run the actual policy.

schema = {'additionalProperties': False, 'properties': {u'type': {u'enum': ['azure-event-grid']}, 'provision-options': {'storageAccount': {'type': 'object', 'oneOf': [{'type': 'string'}, {'properties': {'resourceGroupName': 'string', 'name': 'string', 'location': 'string'}, 'type': 'object'}]}, 'servicePlan': {'type': 'object', 'oneOf': [{'type': 'string'}, {'properties': {'location': 'string', 'skuName': 'string', 'name': 'string', 'skuTier': 'string', 'resourceGroupName': 'string'}, 'type': 'object'}]}, 'appInsights': {'type': 'object', 'oneOf': [{'type': 'string'}, {'properties': {'resourceGroupName': 'string', 'name': 'string', 'location': 'string'}, 'type': 'object'}]}, 'type': 'object'}, 'execution-options': {'type': 'object'}, 'events': {'items': {'oneOf': [{'type': 'string'}, {'properties': {'resourceProvider': {'type': 'string'}, 'event': {'type': 'string'}}, 'required': ['resourceProvider', 'event'], 'type': 'object'}]}, 'type': 'array'}}, u'required': ['events', u'type'], 'type': 'object'}
type = 'azure-event-grid'
class c7n_azure.policy.AzureFunctionMode(policy)[source]

Bases: c7n.policy.ServerlessExecutionMode

A policy that runs/executes in azure functions.

POLICY_METRICS = ('ResourceCount', 'ResourceTime', 'ActionTime')
default_storage_name = 'custodian'
static extract_properties(options, name, properties)[source]
get_function_app_params()[source]
get_logs(start, end)[source]

Retrieve logs for the policy

provision()[source]
run(event=None, lambda_context=None)[source]

Run the actual policy.

schema = {'additionalProperties': False, 'properties': {'provision-options': {'storageAccount': {'oneOf': [{'type': 'string'}, {'properties': {'resourceGroupName': 'string', 'name': 'string', 'location': 'string'}, 'type': 'object'}], 'type': 'object'}, 'servicePlan': {'oneOf': [{'type': 'string'}, {'properties': {'skuName': 'string', 'resourceGroupName': 'string', 'name': 'string', 'skuTier': 'string', 'location': 'string'}, 'type': 'object'}], 'type': 'object'}, 'appInsights': {'oneOf': [{'type': 'string'}, {'properties': {'resourceGroupName': 'string', 'name': 'string', 'location': 'string'}, 'type': 'object'}], 'type': 'object'}, 'type': 'object'}, 'execution-options': {'type': 'object'}}, 'type': 'object'}
validate()[source]

Validate configuration settings for execution mode.

class c7n_azure.policy.AzurePeriodicMode(policy)[source]

Bases: c7n_azure.policy.AzureFunctionMode, c7n.policy.PullMode

A policy that runs/execute s in azure functions at specified time intervals.

get_logs(start, end)[source]

Retrieve logs for the policy

provision()[source]
run(event=None, lambda_context=None)[source]

Run the actual policy.

schema = {'additionalProperties': False, 'properties': {'schedule': {'type': 'string'}, u'type': {u'enum': ['azure-periodic']}, 'provision-options': {'storageAccount': {'type': 'object', 'oneOf': [{'type': 'string'}, {'properties': {'resourceGroupName': 'string', 'name': 'string', 'location': 'string'}, 'type': 'object'}]}, 'servicePlan': {'type': 'object', 'oneOf': [{'type': 'string'}, {'properties': {'location': 'string', 'skuName': 'string', 'name': 'string', 'skuTier': 'string', 'resourceGroupName': 'string'}, 'type': 'object'}]}, 'appInsights': {'type': 'object', 'oneOf': [{'type': 'string'}, {'properties': {'resourceGroupName': 'string', 'name': 'string', 'location': 'string'}, 'type': 'object'}]}, 'type': 'object'}, 'execution-options': {'type': 'object'}}, u'required': [u'type'], 'type': 'object'}
type = 'azure-periodic'

c7n_azure.provider module

class c7n_azure.provider.Azure[source]

Bases: c7n.provider.Provider

get_session_factory(options)[source]
initialize(options)[source]
initialize_policies(policy_collection, options)[source]
resource_prefix = 'azure'
resources = <c7n.registry.PluginRegistry object>
type = 'azure'

c7n_azure.query module

class c7n_azure.query.DescribeSource(manager)[source]

Bases: object

augment(resources)[source]
get_permissions()[source]
get_resources(query)[source]
type = 'describe-azure'
class c7n_azure.query.QueryMeta[source]

Bases: type

metaclass to have consistent action/filter registry for new resources.

class c7n_azure.query.QueryResourceManager(data, options)[source]

Bases: c7n.manager.ResourceManager

action_registry = <c7n.actions.ActionRegistry object>
augment(resources)[source]
filter_registry = <c7n.filters.core.FilterRegistry object>
get_cache_key(query)[source]
get_client(service=None)[source]
classmethod get_model()[source]
get_permissions()[source]
get_resources(resource_ids, **params)[source]
get_session()[source]
get_source(source_type)[source]
static register_actions_and_filters(registry, _)[source]
resources(query=None)[source]
source_type
class c7n_azure.query.ResourceQuery(session_factory)[source]

Bases: object

filter(resource_manager, **params)[source]
static resolve(resource_type)[source]

c7n_azure.session module

class c7n_azure.session.Session(subscription_id=None, authorization_file=None, resource='https://management.core.windows.net/')[source]

Bases: object

client(client)[source]
get_bearer_token()[source]
get_credentials()[source]
get_function_target_subscription_id()[source]
get_functions_auth_string()[source]

Build auth json string for deploying Azure Functions. Look for dedicated Functions environment variables or fall back to normal Service Principal variables.

get_session_for_resource(resource)[source]
get_subscription_id()[source]
get_tenant_id()[source]
load_auth_file(path)[source]
resource_api_version(resource_id)[source]

latest non-preview api version for resource

c7n_azure.storage_utils module

class c7n_azure.storage_utils.StorageUtilities[source]

Bases: object

static create_queue_from_storage_account(storage_account, name, session)[source]
static delete_queue_message(queue_service, queue_name, message)[source]
static get_blob_client_by_uri(storage_uri, session)[source]
static get_queue_client_by_uri(queue_uri, session)[source]
static get_queue_messages(queue_service, queue_name, num_messages=None)[source]
static get_storage_from_uri(*args, **kwds)[source]
static get_storage_token(session)[source]
static put_queue_message(queue_service, queue_name, content)[source]

c7n_azure.tags module

class c7n_azure.tags.TagHelper[source]
static add_tags(tag_action, resource, tags_to_add)[source]
static get_tag_value(resource, tag, utf_8=False)[source]

Get the resource’s tag value.

log = <logging.Logger object>
static remove_tags(tag_action, resource, tags_to_delete)[source]
static update_resource_tags(tag_action, resource, tags)[source]

c7n_azure.utils module

class c7n_azure.utils.GraphHelper[source]

Bases: object

static get_principal_dictionary(graph_client, object_ids)[source]
static get_principal_name(graph_object)[source]
log = <logging.Logger object>
class c7n_azure.utils.Math[source]

Bases: object

static mean(numbers)[source]
static sum(numbers)[source]
class c7n_azure.utils.PortsRangeHelper[source]

Bases: object

class PortsRange(start, end)

Bases: tuple

end

Alias for field number 1

start

Alias for field number 0

static build_ports_dict(nsg, direction_key, ip_protocol)[source]

Build entire ports array filled with True (Allow), False (Deny) and None(default - Deny) based on the provided Network Security Group object, direction and protocol.

static get_ports_set_from_rule(rule)[source]

Extract port ranges from NSG rule and convert it to the set of integers

static get_ports_set_from_string(ports)[source]

Convert ports range string to the set of integers Example: “10-12, 20” -> {10, 11, 12, 20}

static get_ports_strings_from_list(data)[source]

Transform a list of port numbers to the list of strings with port ranges Example: [10, 12, 13, 14, 15] -> [‘10’, ‘12-15’]

static validate_ports_string(ports)[source]

Validate that provided string has proper port numbers: 1. port number < 65535 2. range start < range end

class c7n_azure.utils.ResourceIdParser[source]

Bases: object

static get_namespace(resource_id)[source]
static get_resource_group(resource_id)[source]
static get_resource_name(resource_id)[source]
static get_resource_type(resource_id)[source]
class c7n_azure.utils.StringUtils[source]

Bases: object

static equal(a, b, case_insensitive=True)[source]
static naming_hash(string, length=8)[source]
static snake_to_camel(string)[source]
class c7n_azure.utils.ThreadHelper[source]
disable_multi_threading = False
static execute_in_parallel(resources, execution_method, executor_factory, log, max_workers=3, chunk_size=20)[source]
c7n_azure.utils.azure_name_value_pair(name, value)[source]
c7n_azure.utils.now(tz=None)[source]

The datetime object for the current time in UTC

c7n_azure.utils.utcnow()[source]

The datetime object for the current time in UTC

Module contents