In the world of cloud computing, Azure is a top dog. There's no denying that by the number of subscriptions and the percentages in growth quarter by quarter. Going the Azure route is in my opinion, the best route. Once you're using Azure, how do you manage it? Most will say, PowerShell, as will I. Then I got to thinking how about Python? In 2020 thus far, Python3 is the most popular development language. You can do pretty much anything with Python3 (frontend, backend, games, etc), including some hardcore automation and scripting for your cloud infrastructure and DevOps needs.

In this blog post, you'll take a look at the Azure Python3 SDK for managing resources. After that, you'll see how to write code in Python3 for managing Azure resources.

Prerequisites

  • Beginner to intermediate level knowledge of Python3. If you need a beginner's guide, please check out this tutorial.
  • Python3 installed. You can find the installations for any operating system here.
  • Azure subscription. You can find a 30-day free trial here
  • Azure Command Line Interface (Azure CLI) installed which can be found here.
  • A text editor to write the code in. For Python3, I love PyCharm and I use the free community edition. You can also use VS Code. I will be using PyCharm in this tutorial.

Azure SDK

The Azure Python3 SDK is for managing resources in Azure using code. The SDK is made up of several different Python3 libraries to manage compute, storage, network, databases, and many other services in Azure.

Think of Python3 libraries like modules in PowerShell. Much like PowerShell modules, libraries extend the capabilities of what you can do in an environment.

Installing the Azure SDK

To use the Azure SDK, you will need to install it. To install the Azure SDK, you will use pip. Pip is a package manager for Python3.

The command below, which will work on any operating system, will install the Azure SDK. If you are on Windows, use an elevated command prompt. If you are on Linux or OS X, run the command with sudo

pip install azure

After installing you should see several Python3 libraries on the terminal. The libraries that you see will be for all Azure services (compute, network, storage, serverless, etc.)

Authentication

In the previous section you learned about the Azure SDK. In this section you'll see the various authentication methods for authorization to Azure with Python3.

Azure CLI Profile

If you have Azure CLI installed and you signed into Azure via the az login command, then you have an Azure CLI profile on your local computer. The Azure CLI profile can be used to interact with the Azure SDK for authentication purposes.

The code below is importing the get_default_cli method from the azure.cli.core library which retrieves the Azure CLI profile and uses it to authenticate. The as azcli portion is to create an alias of get_default_cli

from azure.cli.core import get_default_cli as azcli

Once authenticated, Python3 code can be ran for interacting with compute resources, using the Azure CLI, and many other services. Below is an example of wrapping the az vm command in a Python3 method to list all virtual machines in the Dev2 resource group

azcli().invoke(['vm', 'list', '-g', 'Dev2'])

Azure Common Credentials

The second method is using an Azure service principal. An Azure service principal allows for authentication via a tenant ID (the ID for the service principal) and a secret (the password to the service principal).

The code below is importing the ServicePrincipalCredentials method from the azure.common.credentials library.

from azure.common.credentials import ServicePrincipalCredentials

The ServicePrinicpalCredentials method has three key parameters:

  • client_id - ID of the Azure service principal
  • client_secret - Secret/ID of the Azure service principal
  • tenant_id - Tenant ID of the Azure subscription.
If it's your first time seeing Azure Service Principals, please follow this link to learn more about them or to create one.

The below code is an example of using the three key parameters

creds = ServicePrincipalCredentials(
    client_id='',
    client_secret='',
    tenant=''
)

Other Authentication Methods

There are other methods for authenticating to Azure with Python3 which you can find here.

The two I listed above are, from what I've seen, the most popular.

Writing Python3 Code

In the previous section you learned two ways to authenticate with Python3 to Azure services. Next you'll take a look at example code.

The code below creates an Azure CLI wrapper to list virtual machines in a resource group.

from azure.cli.core import get_default_cli as azcli
import logging
import sys

def list_vms(resource_group):
    
    try:
        version = azcli().get_cli_version()
        print(f'AZ CLI version installed: {version}')
        
    except Exception as e:
        logging.error(msg='Azure CLI is not installed...')
        print(e)
    
    try:
        azcli().invoke(['vm', 'list', '-g', resource_group])
    
    except Exception as d:
        logging.error(msg='Please check your Azure CLI profile to confirm you have access to this resource...')
        print(d)

resource_group = sys.argv[1]

if __name__ == '__main__':
    print('Running as main program...')
    list_vms(resource_group)

else:
    print('Running as imported program...')
    list_vms(resource_group)

Let's break the code down.

from azure.cli.core import get_default_cli as azcli
import logging
import sys

The three libraries used are:

  • azure.cli.core = To retrieve the Azure CLI profile for authentication
  • logging = To create custom logs, warnings, and error messages
  • sys = To create runtimes for passing in parameters

The function has one parameter that can passed in - the resource group name.

def list_vms(resource_group)

The core code is utilizing the Azure CLI commands wrapped in Python3 to list all virtual machines in the Dev2 resource group. The code is wrapped in try/except blocks for error handling to check if Azure CLI is installed and if the user has access to the particular resource in Azure.

try:
        version = azcli().get_cli_version()
        print(f'AZ CLI version installed: {version}')
        
    except Exception as e:
        logging.error(msg='Azure CLI is not installed...')
        print(e)
    
    try:
        azcli().invoke(['vm', 'list', '-g', resource_group])
    
    except Exception as d:
        logging.error(msg='Please check your Azure CLI profile to confirm you have access to this resource...')
        print(d)

After the core code, it's time to pass in the runtime, which is the resource group name.

resource_group = sys.argv[1]

Finally it's time to run the code. If the code is being ran as the main program, the first if statement will ran. If the code is being imported into another program, the else statement will ran.

if __name__ == '__main__':
    print('Running as main program...')
    list_vms(resource_group)

else:
    print('Running as imported program...')
    list_vms(resource_group)

Summary

In this blog post you learned how to get started interacting with Azure using Boto3. You learned about the Python3 SDK for Azure and what authentication methods are needed for interacting with Azure using Python3 in a safe and secure way. Finally you took a look at Python3 code wrapping the Azure CLI to list virtual machines.

My challenge to you is try to do the same as this blog post, but with a different Azure service. Maybe try listing virtual networks...