We released 1.2 of the Azure Management Libraries for .NET. This release adds support for additional security and deployment features, and more Azure services:
Managed service identity
Create users in Azure Active Directory, update service principals and assign permissions to apps
Storage service encryption
Deploy Web apps and functions using MS Deploy
Network watcher service
Search service
https://github.com/azure/azure-sdk-for-net/tree/Fluent
Getting Started
You can download 1.2 libraries from:
Create a Virtual Machine with Managed Service Identity (MSI)
You can create a virtual machine with MSI enabled using a define() … create() method chain:
IVirtualMachine virtualMachine = azure.VirtualMachines.Define("myLinuxVM")
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.WithNewPrimaryNetwork("10.0.0.0/28")
.WithPrimaryPrivateIPAddressDynamic()
.WithNewPrimaryPublicIPAddress(pipName)
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
.WithRootUsername("tirekicker")
.WithRootPassword(password)
.WithSize(VirtualMachineSizeTypes.StandardDS2V2)
.WithOSDiskCaching(CachingTypes.ReadWrite)
.WithManagedServiceIdentity()
.WithRoleBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor)
.Create();
You can manage any MSI-enabled Azure resources from a virtual machine with MSI and add an MSI service principal to an Azure Active Directory security group.
Add New User to Azure Active Directory
You can add a new user to Azure Active Directory using a define() … create() method chain:
IActiveDirectoryUser user = authenticated.ActiveDirectoryUsers
.Define("tirekicker")
.WithEmailAlias("tirekicker")
.WithPassword("StrongPass!12")
.Create();
Similarly, you can create and update users and groups in Active Directory.
Enable Storage Service Encryption for a Storage Account
You can enable storage service encryption at a storage account level when you create a storage account using a define() … create() method chain:
IStorageAccount storageAccount = azure.StorageAccounts
.Define(storageAccountName)
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.WithEncryption()
.Create();
Deploy Web apps and Functions using MS Deploy
You can use MS Deploy to deploy Web apps and functions by using the deploy() method:
// Create a Web app
IWebApp webApp = azure.WebApps.Define(webAppName)
.WithExistingWindowsPlan(plan)
.WithExistingResourceGroup(rgName)
.With.NETVersion(.NETVersion.V8Newest)
.WithWebContainer(WebContainer.Tomcat8_0Newest)
.Create();
// Deploy a Web app using MS Deploy
webApp.Deploy()
.WithPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
.WithExistingDeploymentsDeleted(true)
.Execute();
And…
// Create a function app
IFunctionApp functionApp = azure.AppServices.FunctionApps
.Define(functionAppName)
.WithExistingAppServicePlan(plan)
.WithExistingResourceGroup(rgName)
.WithExistingStorageAccount(app3.StorageAccount)
.Create();
// Deploy a function using MS Deploy
functionApp.Deploy()
.WithPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
.WithExistingDeploymentsDeleted(true)
.Execute();
Create Network Watcher and start Packet Capture
You can visualize network traffic patterns to and from virtual machines by creating and starting a packet capture using a define() … create() method chain, downloading the packet capture and visualizing network traffic patterns using open source tools:
// Create a Network Watcher
INetworkWatcher networkWatcher = azure.NetworkWatchers.Define(nwName)
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.Create();
// Start a Packet Capture
IPacketCapture packetCapture = networkWatcher.PacketCaptures
.Define(packetCaptureName)
.WithTarget(virtualMachine.Id)
.WithStorageAccountId(storageAccount.Id)
.WithTimeLimitInSeconds(1500)
.DefinePacketCaptureFilter()
.WithProtocol(PcProtocol.TCP)
.Attach()
.Create();
Similarly, you can programmatically:
Verify if traffic is allowed to and from a virtual machine.
Get the next hop type and IP address for a virtual machine.
Retrieve network topology for a resource group.
Analyze virtual machine security by examining effective network security rules applied to a virtual machine.
Configure network security group flow logs.
Create a Managed Cloud Search Service
You can create a managed cloud search service (Azure Search) with replicas and partitions using a define() … create() method chain:
ISearchService searchService = azure.SearchServices.Define(searchServiceName)
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.WithStandardSku()
.WithPartitionCount(1)
.WithReplicaCount(1)
.Create();
Similarly, you can programmatically:
Manage query keys.
Update search service with replicas and partitions.
Regenerate primary and secondary admin keys.
Try it
You can get more samples from our GitHub repo. Give it a try and let us know what you think (via email or comments below).
You can find plenty of additional info about .NET on Azure at https://docs.microsoft.com/en-us/dotnet/azure/.
Quelle: Azure
Published by