AzureRMR
Interface to 'Azure Resource Manager'
A lightweight but powerful R interface to the 'Azure Resource Manager' REST API. The package exposes classes and methods for 'OAuth' authentication and working with subscriptions and resource groups. It also provides functionality for creating and deleting 'Azure' resources and deploying templates. While 'AzureRMR' can be used to manage any 'Azure' service, it can also be extended by other packages to provide extra functionality for specific services. Part of the 'AzureR' family of packages.
AzureRMR is a package for interacting with Azure Resource Manager: list subscriptions, manage resource groups, deploy and delete templates and resources. It calls the Resource Manager REST API directly, so you don't need to have PowerShell or Python installed. Azure Active Directory OAuth tokens are obtained using the AzureAuth package.
You can install the development version from GitHub, via devtools::install_github("cloudyr/AzureRMR").
Authentication
Under the hood, AzureRMR uses a similar authentication process to the Azure CLI. The first time you authenticate with a given Azure Active Directory tenant, you call create_azure_login() and supply your credentials. AzureRMR will prompt you for permission to create a special data directory in which to cache the obtained authentication token and Resource Manager login. Once this information is saved on your machine, it can be retrieved in subsequent R sessions with get_azure_login(). Your credentials will be automatically refreshed so you don't have to reauthenticate.
Unless you have a specific reason otherwise, it's recommended that you allow AzureRMR to create this caching directory. Note that many other cloud engineering tools save credentials in this way, including the Azure CLI itself.
In most cases, AzureRMR can authenticate without requiring you to create your own service principal. However, AzureRMR can also use a custom service principal, and in general it's a good idea to supply your own to authenticate with (if possible). See the "Introduction to AzureRMR" vignette for more details.
Linux DSVM note If you are using a Linux Data Science Virtual Machine in Azure, you may have problems running create_azure_login(). In this case, try create_azure_login(auth_type="device_code").
Sample workflow
library(AzureRMR) # authenticate with Azure AD:# - on first login to this client, call create_azure_login()# - on subsequent logins, call get_azure_login()az <- create_azure_login() # get a subscription and resource groupsub <- az$get_subscription("{subscription_id}")rg <- sub$get_resource_group("rgname") # get a resource (storage account)stor <- rg$get_resource(type="Microsoft.Storage/storageAccounts", name="mystorage") # method chaining works toostor <- az$ get_subscription("{subscription_id}")$ get_resource_group("rgname")$ get_resource(type="Microsoft.Storage/storageAccounts", name="mystorage") # create a new resource group and resourcerg2 <- sub$create_resource_group("newrgname", location="westus") stor2 <- rg2$create_resource(type="Microsoft.Storage/storageAccounts", name="mystorage2", kind="Storage", sku=list(name="Standard_LRS")) # taggingstor2$set_tags(comment="hello world!", created_by="AzureRMR") # role-based access control (RBAC)# this uses the AzureGraph package to retrieve the user IDgr <- AzureGraph::get_graph_login()usr <- gr$get_user("[email protected]")stor2$add_role_assignment(usr, "Storage blob data contributor") # pass the GUID of the principal if you don't have AzureGraph installedstor2$add_role_assignment("041ff2be-4eb0-11e9-8f38-394fbcd0b29d", "Storage blob data contributor")Extending
AzureRMR is meant to be a generic mechanism for working with Resource Manager. You can extend it to provide support for service-specific features; examples of packages that do this include AzureVM for virtual machines, and AzureStor for storage accounts. For more information, see the "Extending AzureRMR" vignette.
Acknowledgements
AzureRMR is inspired by the package AzureSMR, originally written by Alan Weaver and Andrie de Vries, and would not have been possible without their pioneering work. Thanks, guys!
News
AzureRMR 2.1.1
- Some refactoring of login code to better handle AzureAuth options. As part of this, the
config_fileargument foraz_rm$newhas been removed; to use a configuration file, call the (recommended)create_azure_loginfunction. az_subscription$get_provider_api_versionnow returns only stable APIs by default. Set the argumentstable_only=FALSEto allow returning preview APIs.
AzureRMR 2.1.0
- This version adds basic support for role-based access control (RBAC) at subscription, resource group and resource level. Add and remove role assignments, and retrieve role definitions. See
?rbacfor more information. - Fix a bug where if the user decides not to create a caching dir when prompted by AzureAuth, AzureRMR would pop up a second prompt.
- Internal refactoring to remove duplicated code.
AzureRMR 2.0.0
Significant interface changes
- New
create_azure_login,get_azure_loginanddelete_azure_loginfunctions to handle ARM authentication. By default, these will authenticate using your AAD user credentials without requiring you to create a service principal. Directly callingaz_rm$new()will still work, but it's recommended to usecreate_azure_loginandget_azure_logingoing forward. Login credentials will be saved and reused for subsequent sessions (see below). - Token acquisition logic substantially enhanced and moved to a new package, AzureAuth.
get_azure_tokennow supports four authentication methods for obtaining tokens (client_credentials,authorization_code,device_codeandresource_owner). Tokens are also automatically cached and retrieved for use in subsequent sessions, without needing the user to reauthenticate. See the AzureAuth documentation for more details.
Other changes
- Don't print empty fields for ARM objects.
- Add optional
etagfield to resource object definition. - Add
locationargument toaz_resource_group$create_resourcemethod, rather than hardcoding it to the resgroup location. - Add
waitargument when creating a new resource, similar to deploying a template, since some resources will return before provisioning is complete. Defaults toFALSEfor backward compatibility. - Export
is_azure_token. - Allow
az_resource_group$deploy_template()to work withoutparametersarg (parameters folded into template itself). - Fix a bug that kept
az_resource_group$delete_resourcefrom deleting the resource. - New resource method
az_resource$get_api_versionto matchset_api_version. - By default, use the latest stable API version when interacting with resources.
az_resource$set_api_versiongains a new argumentstable_onlywhich defaults toTRUE; set this toFALSEif you want the latest preview version. az_resource$sync_fields()will respect a non-default API version.- Add management lock functionality for subscriptions, resource groups and resources. Call
create_lockto create a lock,get_lockto retrieve an existing lock object, anddelete_lockto delete a lock. Calllist_locksto list all the locks that apply to an object. - Add tagging functionality for resource groups, similar to that for resources. Call
set_tagsto set tags, andget_tagsto retrieve them. - Allow
named_listto accept empty inputs. The output will be a list of length 0 with anamesattribute. - Fix template deployment not to drop empty fields (related to #13).
AzureRMR 1.0.0
- Submitted to CRAN
AzureRMR 0.9.0
- Moved to cloudyr organisation