We released 1.2 of the Azure Management Libraries for Java. This release adds support for additional security and deployment features, and more Azure services:
- Managed service identity
- Create users in Azure Active Directory, update service principals and assign permissions to apps
- Storage service encryption
- Deploy Web apps and functions using MS Deploy
- Network watcher service
- Search service
https://github.com/Azure/azure-sdk-for-java
Getting Started
Add the following dependency fragment to your Maven POM file to use 1.2 version of the libraries:
com.microsoft.azure azure 1.2.1
Create a Virtual Machine with Managed Service Identity (MSI)
You can create a virtual machine with MSI enabled using a define() … create() method chain:
VirtualMachine virtualMachine = azure.virtualMachines().define("myLinuxVM") .withRegion(Region.US_EAST) .withNewResourceGroup(rgName) .withNewPrimaryNetwork("10.0.0.0/28") .withPrimaryPrivateIPAddressDynamic() .withNewPrimaryPublicIPAddress(pipName) .withPopularLinuxImage(KnownLinuxVirtualMachineImage.UBUNTU_SERVER_16_04_LTS) .withRootUsername("tirekicker") .withRootPassword(password) .withSize(VirtualMachineSizeTypes.STANDARD_DS2_V2) .withOSDiskCaching(CachingTypes.READ_WRITE) .withManagedServiceIdentity() .withRoleBasedAccessToCurrentResourceGroup(BuiltInRole.CONTRIBUTOR) .create();
You can manage any MSI-enabled Azure resources from a virtual machine with MSI and add an MSI service principal to an Azure Active Directory security group.
Add New User to Azure Active Directory
You can add a new user to Azure Active Directory using a define() … create() method chain:
ActiveDirectoryUser user = authenticated.activeDirectoryUsers() .define("tirekicker") .withEmailAlias("tirekicker") .withPassword("StrongPass!12") .create();
Similarly, you can create and update users and groups in Active Directory.
Enable Storage Service Encryption for a Storage Account
You can enable storage service encryption at a storage account level when you create a storage account using a define() … create() method chain:
StorageAccount storageAccount = azure.storageAccounts().define(storageAccountName) .withRegion(Region.US_EAST) .withNewResourceGroup(rgName) .withEncryption() .create();
Deploy Web apps and Functions using MS Deploy
You can use MS Deploy to deploy Web apps and functions by using the deploy() method:
// Create a Web app WebApp webApp = azure.webApps().define(webAppName) .withExistingWindowsPlan(plan) .withExistingResourceGroup(rgName) .withJavaVersion(JavaVersion.JAVA_8_NEWEST) .withWebContainer(WebContainer.TOMCAT_8_0_NEWEST) .create();
// Deploy a Web app using MS Deploy webApp.deploy() .withPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else") .withExistingDeploymentsDeleted(true) .execute();
And..
// Create a function app FunctionApp functionApp = azure.appServices().functionApps() .define(functionAppName) .withExistingAppServicePlan(plan) .withExistingResourceGroup(rgName) .withExistingStorageAccount(app3.storageAccount()) .create();
// Deploy a function using MS Deploy functionApp.deploy() .withPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else") .withExistingDeploymentsDeleted(true) .execute();
Create Network Watcher and start Packet Capture
You can visualize network traffic patterns to and from virtual machines by creating and starting a packet capture using a define() … create() method chain, downloading the packet capture and visualizing network traffic patterns using open source tools:
// Create a Network Watcher Network Watcher networkWatcher = azure.networkWatchers().define(nwName) .withRegion(Region.US_EAST) .withNewResourceGroup(rgName) .create();
// Start a Packet Capture PacketCapture packetCapture = networkWatcher.packetCaptures() .define(packetCaptureName) .withTarget(virtualMachine.id()) .withStorageAccountId(storageAccount.id()) .withTimeLimitInSeconds(1500) .definePacketCaptureFilter() .withProtocol(PcProtocol.TCP) .attach() .create();
Similarly, you can programmatically:
- Verify if traffic is allowed to and from a virtual machine
- Get the next hop type and IP address for a virtual machine
- Retrieve network topology for a resource group
- Analyze virtual machine security by examining effective network security rules applied to a virtual machine
- Configure network security group flow logs.
Create a Managed Cloud Search Service
You can create a managed cloud search service (Azure Search) with replicas and partitions using a define() … create() method chain:
SearchService searchService = azure.searchServices().define(searchServiceName) .withRegion(Region.US_EAST) .withNewResourceGroup(rgName) .withStandardSku() .withPartitionCount(1) .withReplicaCount(1) .create();
Similarly, you can programmatically:
- Manage query keys
- Update search service with replicas and partitions
- Regenerate primary and secondary admin keys.
Try it
You can get more samples from our GitHub repo. Give it a try and let us know what you think (via e-mail or comments below).
You can find plenty of additional info about Java on Azure at https://azure.com/java.