We released 1.2 of the Azure Management Libraries for .NET. This release adds support for additional security and deployment features, and more Azure services:
- Managed service identity
- Create users in Azure Active Directory, update service principals and assign permissions to apps
- Storage service encryption
- Deploy Web apps and functions using MS Deploy
- Network watcher service
- Search service
https://github.com/azure/azure-sdk-for-net/tree/Fluent
Getting Started
You can download 1.2 libraries from:
Create a Virtual Machine with Managed Service Identity (MSI)
You can create a virtual machine with MSI enabled using a define() … create() method chain:
IVirtualMachine virtualMachine = azure.VirtualMachines.Define("myLinuxVM")
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.WithNewPrimaryNetwork("10.0.0.0/28")
.WithPrimaryPrivateIPAddressDynamic()
.WithNewPrimaryPublicIPAddress(pipName)
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
.WithRootUsername("tirekicker")
.WithRootPassword(password)
.WithSize(VirtualMachineSizeTypes.StandardDS2V2)
.WithOSDiskCaching(CachingTypes.ReadWrite)
.WithManagedServiceIdentity()
.WithRoleBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor)
.Create();
You can manage any MSI-enabled Azure resources from a virtual machine with MSI and add an MSI service principal to an Azure Active Directory security group.
Add New User to Azure Active Directory
You can add a new user to Azure Active Directory using a define() … create() method chain:
IActiveDirectoryUser user = authenticated.ActiveDirectoryUsers
.Define("tirekicker")
.WithEmailAlias("tirekicker")
.WithPassword("StrongPass!12")
.Create();
Similarly, you can create and update users and groups in Active Directory.
Enable Storage Service Encryption for a Storage Account
You can enable storage service encryption at a storage account level when you create a storage account using a define() … create() method chain:
IStorageAccount storageAccount = azure.StorageAccounts
.Define(storageAccountName)
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.WithEncryption()
.Create();
Deploy Web apps and Functions using MS Deploy
You can use MS Deploy to deploy Web apps and functions by using the deploy() method:
// Create a Web app
IWebApp webApp = azure.WebApps.Define(webAppName)
.WithExistingWindowsPlan(plan)
.WithExistingResourceGroup(rgName)
.With.NETVersion(.NETVersion.V8Newest)
.WithWebContainer(WebContainer.Tomcat8_0Newest)
.Create();
// Deploy a Web app using MS Deploy
webApp.Deploy()
.WithPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
.WithExistingDeploymentsDeleted(true)
.Execute();
And…
// Create a function app
IFunctionApp functionApp = azure.AppServices.FunctionApps
.Define(functionAppName)
.WithExistingAppServicePlan(plan)
.WithExistingResourceGroup(rgName)
.WithExistingStorageAccount(app3.StorageAccount)
.Create();
// Deploy a function using MS Deploy
functionApp.Deploy()
.WithPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
.WithExistingDeploymentsDeleted(true)
.Execute();
Create Network Watcher and start Packet Capture
You can visualize network traffic patterns to and from virtual machines by creating and starting a packet capture using a define() … create() method chain, downloading the packet capture and visualizing network traffic patterns using open source tools:
// Create a Network Watcher
INetworkWatcher networkWatcher = azure.NetworkWatchers.Define(nwName)
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.Create();
// Start a Packet Capture
IPacketCapture packetCapture = networkWatcher.PacketCaptures
.Define(packetCaptureName)
.WithTarget(virtualMachine.Id)
.WithStorageAccountId(storageAccount.Id)
.WithTimeLimitInSeconds(1500)
.DefinePacketCaptureFilter()
.WithProtocol(PcProtocol.TCP)
.Attach()
.Create();
Similarly, you can programmatically:
- Verify if traffic is allowed to and from a virtual machine.
- Get the next hop type and IP address for a virtual machine.
- Retrieve network topology for a resource group.
- Analyze virtual machine security by examining effective network security rules applied to a virtual machine.
- Configure network security group flow logs.
Create a Managed Cloud Search Service
You can create a managed cloud search service (Azure Search) with replicas and partitions using a define() … create() method chain:
ISearchService searchService = azure.SearchServices.Define(searchServiceName)
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.WithStandardSku()
.WithPartitionCount(1)
.WithReplicaCount(1)
.Create();
Similarly, you can programmatically:
- Manage query keys.
- Update search service with replicas and partitions.
- Regenerate primary and secondary admin keys.
Try it
You can get more samples from our GitHub repo. Give it a try and let us know what you think (via email or comments below).
You can find plenty of additional info about .NET on Azure at https://docs.microsoft.com/en-us/dotnet/azure/.