Azure Management Libraries for .NET - v1.2

Publié le 6 septembre, 2017

Principal Program Manager, Azure Developer Experience

We released 1.2 of the Azure Management Libraries for .NET. This release adds support for additional security and deployment features, and more Azure services:

  • Managed service identity
  • Create users in Azure Active Directory, update service principals and assign permissions to apps
  • Storage service encryption
  • Deploy Web apps and functions using MS Deploy
  • Network watcher service
  • Search service

https://github.com/azure/azure-sdk-for-net/tree/Fluent

Getting Started

You can download 1.2 libraries from:

Create a Virtual Machine with Managed Service Identity (MSI)

You can create a virtual machine with MSI enabled using a define() … create() method chain:

IVirtualMachine virtualMachine = azure.VirtualMachines.Define("myLinuxVM")
    .WithRegion(Region.USEast)
    .WithNewResourceGroup(rgName)
    .WithNewPrimaryNetwork("10.0.0.0/28")
    .WithPrimaryPrivateIPAddressDynamic()
    .WithNewPrimaryPublicIPAddress(pipName)
    .WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
    .WithRootUsername("tirekicker")
    .WithRootPassword(password)
    .WithSize(VirtualMachineSizeTypes.StandardDS2V2)
    .WithOSDiskCaching(CachingTypes.ReadWrite)
    .WithManagedServiceIdentity()
    .WithRoleBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor)
    .Create();

You can manage any MSI-enabled Azure resources from a virtual machine with MSI and add an MSI service principal to an Azure Active Directory security group.

Add New User to Azure Active Directory

You can add a new user to Azure Active Directory using a define() … create() method chain:

IActiveDirectoryUser user = authenticated.ActiveDirectoryUsers
    .Define("tirekicker")
    .WithEmailAlias("tirekicker")
    .WithPassword("StrongPass!12")
    .Create();

Similarly, you can create and update users and groups in Active Directory.

Enable Storage Service Encryption for a Storage Account

You can enable storage service encryption at a storage account level when you create a storage account using a define() … create() method chain:

IStorageAccount storageAccount = azure.StorageAccounts
    .Define(storageAccountName)
    .WithRegion(Region.USEast)
    .WithNewResourceGroup(rgName)
    .WithEncryption()
    .Create();

Deploy Web apps and Functions using MS Deploy

You can use MS Deploy to deploy Web apps and functions by using the deploy() method:

// Create a Web app
IWebApp webApp = azure.WebApps.Define(webAppName)
    .WithExistingWindowsPlan(plan)
    .WithExistingResourceGroup(rgName)
    .With.NETVersion(.NETVersion.V8Newest)
    .WithWebContainer(WebContainer.Tomcat8_0Newest)
    .Create();
// Deploy a Web app using MS Deploy
webApp.Deploy()
    .WithPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
    .WithExistingDeploymentsDeleted(true)
    .Execute(); 

And…

// Create a function app 
IFunctionApp functionApp = azure.AppServices.FunctionApps
    .Define(functionAppName)
    .WithExistingAppServicePlan(plan)
    .WithExistingResourceGroup(rgName)
    .WithExistingStorageAccount(app3.StorageAccount)
    .Create();
// Deploy a function using MS Deploy
functionApp.Deploy()
    .WithPackageUri("link-to-bin-artifacts-in-storage-or-somewhere-else")
    .WithExistingDeploymentsDeleted(true)
    .Execute();

Create Network Watcher and start Packet Capture

You can visualize network traffic patterns to and from virtual machines by creating and starting a packet capture using a define() … create() method chain, downloading the packet capture and visualizing network traffic patterns using open source tools:

// Create a Network Watcher
INetworkWatcher networkWatcher = azure.NetworkWatchers.Define(nwName)
    .WithRegion(Region.USEast)
    .WithNewResourceGroup(rgName)
    .Create();
// Start a Packet Capture
IPacketCapture packetCapture = networkWatcher.PacketCaptures
    .Define(packetCaptureName)
    .WithTarget(virtualMachine.Id)
    .WithStorageAccountId(storageAccount.Id)
    .WithTimeLimitInSeconds(1500)
    .DefinePacketCaptureFilter()
        .WithProtocol(PcProtocol.TCP)
        .Attach()
    .Create();

Similarly, you can programmatically:

  • Verify if traffic is allowed to and from a virtual machine.
  • Get the next hop type and IP address for a virtual machine.
  • Retrieve network topology for a resource group.
  • Analyze virtual machine security by examining effective network security rules applied to a virtual machine.
  • Configure network security group flow logs.

Create a Managed Cloud Search Service

You can create a managed cloud search service (Azure Search) with replicas and partitions using a define() … create() method chain:

ISearchService searchService = azure.SearchServices.Define(searchServiceName)
    .WithRegion(Region.USEast)
    .WithNewResourceGroup(rgName)
    .WithStandardSku()
    .WithPartitionCount(1)
    .WithReplicaCount(1)
    .Create();

Similarly, you can programmatically

  • Manage query keys.
  • Update search service with replicas and partitions.
  • Regenerate primary and secondary admin keys.

Try it

You can get more samples from our GitHub repo. Give it a try and let us know what you think (via email or comments below).
 
You can find plenty of additional info about .NET on Azure at https://docs.microsoft.com/en-us/dotnet/azure/.