Interface to 'Azure Resource Manager'

A lightweight but powerful R interface to the 'Azure Resource Manager' REST API. The package exposes a comprehensive class framework and related tools for creating, updating and deleting 'Azure' resource groups, resources and templates. While 'AzureRMR' can be used to manage any 'Azure' service, it can also be extended by other packages to provide extra functionality for specific services. Part of the 'AzureR' family of packages.

Downloads

AzureRMR is a package for interacting with Azure Resource Manager: list subscriptions, manage resource groups, deploy and delete templates and resources. It calls the Resource Manager REST API directly, so you don't need to have PowerShell or Python installed. Azure Active Directory OAuth tokens are obtained using the AzureAuth package.

You can install the development version from GitHub, via devtools::install_github("cloudyr/AzureRMR").

Authentication

Under the hood, AzureRMR uses a similar authentication process to the Azure CLI. The first time you authenticate with a given Azure Active Directory tenant, you call create_azure_login() and supply your credentials. AzureRMR will prompt you for permission to create a special data directory in which to cache the obtained authentication token and Resource Manager login. Once this information is saved on your machine, it can be retrieved in subsequent R sessions with get_azure_login(). Your credentials will be automatically refreshed so you don't have to reauthenticate.

Unless you have a specific reason otherwise, it's recommended that you allow AzureRMR to create this caching directory. Note that many other cloud engineering tools save credentials in this way, including the Azure CLI itself.

In most cases, AzureRMR can authenticate without requiring you to create your own service principal. However, AzureRMR can also use a custom service principal, and in general it's a good idea to supply your own to authenticate with (if possible). See the "Introduction to AzureRMR" vignette for more details.

Linux DSVM note If you are using a Linux Data Science Virtual Machine in Azure, you may have problems running create_azure_login(). In this case, try create_azure_login(auth_type="device_code").

Sample workflow

library(AzureRMR)
 
# authenticate with Azure AD:
# - on first login to this client, call create_azure_login()
# - on subsequent logins, call get_azure_login()
az <- create_azure_login()
 
# get a subscription and resource group
sub <- az$get_subscription("{subscription_id}")
rg <- sub$get_resource_group("rgname")
 
# get a resource (storage account)
stor <- rg$get_resource(type="Microsoft.Storage/storageAccounts", name="mystorage")
 
# method chaining works too
stor <- az$
    get_subscription("{subscription_id}")$
    get_resource_group("rgname")$
    get_resource(type="Microsoft.Storage/storageAccounts", name="mystorage")
 
 
# create a new resource group and resource
rg2 <- sub$create_resource_group("newrgname", location="westus")
 
stor2 <- rg2$create_resource(type="Microsoft.Storage/storageAccounts", name="mystorage2",
    kind="Storage", sku=list(name="Standard_LRS"))
 
# tagging
stor2$set_tags(comment="hello world!", created_by="AzureRMR")
 
# role-based access control (RBAC)
# this uses the AzureGraph package to retrieve the user ID
gr <- AzureGraph::get_graph_login()
usr <- gr$get_user("[email protected]")
stor2$add_role_assignment(usr, "Storage blob data contributor")
 
# pass the GUID of the principal if you don't have AzureGraph installed
stor2$add_role_assignment("041ff2be-4eb0-11e9-8f38-394fbcd0b29d", "Storage blob data contributor")

Extending

AzureRMR is meant to be a generic mechanism for working with Resource Manager. You can extend it to provide support for service-specific features; examples of packages that do this include AzureVM for virtual machines, and AzureStor for storage accounts. For more information, see the "Extending AzureRMR" vignette.

Acknowledgements

AzureRMR is inspired by the package AzureSMR, originally written by Alan Weaver and Andrie de Vries, and would not have been possible without their pioneering work. Thanks, guys!

News

AzureRMR 2.1.1

Some refactoring of login code to better handle AzureAuth options. As part of this, the config_file argument for az_rm$new has been removed; to use a configuration file, call the (recommended) create_azure_login function.
az_subscription$get_provider_api_version now returns only stable APIs by default. Set the argument stable_only=FALSE to allow returning preview APIs.

AzureRMR 2.1.0

This version adds basic support for role-based access control (RBAC) at subscription, resource group and resource level. Add and remove role assignments, and retrieve role definitions. See ?rbac for more information.
Fix a bug where if the user decides not to create a caching dir when prompted by AzureAuth, AzureRMR would pop up a second prompt.
Internal refactoring to remove duplicated code.

AzureRMR 2.0.0

Significant interface changes

New create_azure_login, get_azure_login and delete_azure_login functions to handle ARM authentication. By default, these will authenticate using your AAD user credentials without requiring you to create a service principal. Directly calling az_rm$new() will still work, but it's recommended to use create_azure_login and get_azure_login going forward. Login credentials will be saved and reused for subsequent sessions (see below).
Token acquisition logic substantially enhanced and moved to a new package, AzureAuth. get_azure_token now supports four authentication methods for obtaining tokens (client_credentials, authorization_code, device_code and resource_owner). Tokens are also automatically cached and retrieved for use in subsequent sessions, without needing the user to reauthenticate. See the AzureAuth documentation for more details.

Other changes

Don't print empty fields for ARM objects.
Add optional etag field to resource object definition.
Add location argument to az_resource_group$create_resource method, rather than hardcoding it to the resgroup location.
Add wait argument when creating a new resource, similar to deploying a template, since some resources will return before provisioning is complete. Defaults to FALSE for backward compatibility.
Export is_azure_token.
Allow az_resource_group$deploy_template() to work without parameters arg (parameters folded into template itself).
Fix a bug that kept az_resource_group$delete_resource from deleting the resource.
New resource method az_resource$get_api_version to match set_api_version.
By default, use the latest stable API version when interacting with resources. az_resource$set_api_version gains a new argument stable_only which defaults to TRUE; set this to FALSE if you want the latest preview version.
az_resource$sync_fields() will respect a non-default API version.
Add management lock functionality for subscriptions, resource groups and resources. Call create_lock to create a lock, get_lock to retrieve an existing lock object, and delete_lock to delete a lock. Call list_locks to list all the locks that apply to an object.
Add tagging functionality for resource groups, similar to that for resources. Call set_tags to set tags, and get_tags to retrieve them.
Allow named_list to accept empty inputs. The output will be a list of length 0 with a names attribute.
Fix template deployment not to drop empty fields (related to #13).