We released 1.2 of the Azure Management Libraries for Java. This release adds support for additional security and deployment features, and more Azure services:
- Managed service identity
- Create users in Azure Active Directory, update service principals and assign permissions to apps
- Storage service encryption
- Deploy Web apps and functions using MS Deploy
- Network watcher service
- Search service
https://github.com/Azure/azure-sdk-for-java
Getting Started
Add the following dependency fragment to your Maven POM file to use 1.2 version of the libraries:
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure</artifactId>
<version>1.2.1</version>
</dependency>
Create a Virtual Machine with Managed Service Identity (MSI)
You can create a virtual machine with MSI enabled using a define() … create() method chain:
VirtualMachine virtualMachine = azure.virtualMachines().define("myLinuxVM")
.withRegion(Region.US_EAST)
.withNewResourceGroup(rgName)
.withNewPrimaryNetwork("10.0.0.0/28")
.withPrimaryPrivateIPAddressDynamic()
.withNewPrimaryPublicIPAddress(pipName)
.withPopularLinuxImage(KnownLinuxVirtualMachineImage.UBUNTU_SERVER_16_04_LTS)
.withRootUsername("tirekicker")
.withRootPassword(password)
.withSize(VirtualMachineSizeTypes.STANDARD_DS2_V2)
.withOSDiskCaching(CachingTypes.READ_WRITE)
.withManagedServiceIdentity()
.withRoleBasedAccessToCurrentResourceGroup(BuiltInRole.CONTRIBUTOR)
.create();
You can manage any MSI-enabled Azure resources from a virtual machine with MSI and add an MSI service principal to an Azure Active Directory security group.
Add New User to Azure Active Directory
You can add a new user to Azure Active Directory using a define() … create() method chain:
ActiveDirectoryUser user = authenticated.activeDirectoryUsers()
.define("tirekicker")
.withEmailAlias("tirekicker")
.withPassword("StrongPass!12")
.create();
Similarly, you can create and update users and groups in Active Directory.
Enable Storage Service Encryption for a Storage Account
You can enable storage service encryption at a storage account level when you create a storage account using a define() … create() method chain:
StorageAccount storageAccount = azure.storageAccounts().define(storageAccountName)
.withRegion(Region.US_EAST)
.withNewResourceGroup(rgName)
.withEncryption()
.create();
Deploy Web apps and Functions using MS Deploy
You can use MS Deploy to deploy Web apps and functions by using the deploy() method:
// Create a Web app
WebApp webApp = azure.webApps().define(webAppName)
.withExistingWindowsPlan(plan)
.withExistingResourceGroup(rgName)
.withJavaVersion(JavaVersion.JAVA_8_NEWEST)
.withWebContainer(WebContainer.TOMCAT_8_0_NEWEST)
.create();
// Deploy a Web app using MS Deploy
webApp.deploy()
.withPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
.withExistingDeploymentsDeleted(true)
.execute();
And..
// Create a function app
FunctionApp functionApp = azure.appServices().functionApps()
.define(functionAppName)
.withExistingAppServicePlan(plan)
.withExistingResourceGroup(rgName)
.withExistingStorageAccount(app3.storageAccount())
.create();
// Deploy a function using MS Deploy
functionApp.deploy()
.withPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
.withExistingDeploymentsDeleted(true)
.execute();
Create Network Watcher and start Packet Capture
You can visualize network traffic patterns to and from virtual machines by creating and starting a packet capture using a define() … create() method chain, downloading the packet capture and visualizing network traffic patterns using open source tools:
// Create a Network Watcher
Network Watcher networkWatcher = azure.networkWatchers().define(nwName)
.withRegion(Region.US_EAST)
.withNewResourceGroup(rgName)
.create();
// Start a Packet Capture
PacketCapture packetCapture = networkWatcher.packetCaptures()
.define(packetCaptureName)
.withTarget(virtualMachine.id())
.withStorageAccountId(storageAccount.id())
.withTimeLimitInSeconds(1500)
.definePacketCaptureFilter()
.withProtocol(PcProtocol.TCP)
.attach()
.create();
Similarly, you can programmatically:
- Verify if traffic is allowed to and from a virtual machine
- Get the next hop type and IP address for a virtual machine
- Retrieve network topology for a resource group
- Analyze virtual machine security by examining effective network security rules applied to a virtual machine
- Configure network security group flow logs.
Create a Managed Cloud Search Service
You can create a managed cloud search service (Azure Search) with replicas and partitions using a define() … create() method chain:
SearchService searchService = azure.searchServices().define(searchServiceName)
.withRegion(Region.US_EAST)
.withNewResourceGroup(rgName)
.withStandardSku()
.withPartitionCount(1)
.withReplicaCount(1)
.create();
Similarly, you can programmatically:
- Manage query keys
- Update search service with replicas and partitions
- Regenerate primary and secondary admin keys.
Try it
You can get more samples from our GitHub repo. Give it a try and let us know what you think (via e-mail or comments below).
You can find plenty of additional info about Java on Azure at http://azure.com/java.