Python Azure sdk-启用磁盘加密

问题描述 投票:0回答:1

[在检查stackoverflown和github上有关-“如何使用python加密他/她订阅中的所有磁盘的任何信息”]

我最终发现的是THIS,但实际上让我感到困惑的是如何导入这样的类?如果它根本不需要导入。

这是我到目前为止尝试过的。

列出所有虚拟机

from azure.common.credentials import ServicePrincipalCredentials
credentials = ServicePrincipalCredentials(
client_id = CLIENT,
secret = KEY,
tenant = TENANT_ID)

compute_client = ComputeManagementClient(credentials, subscription_id) # Variables are provided before, along with the data that fills the credentials Dict.

for vm in compute_client.virtual_machines.list_all():
    print("\tVM: {}".format(vm.name))

所以这使我想到了我的问题。现在我有了“ vm”对象,我应该能够提取所有必要的信息(理论上)以完成任务。

但是我到底该如何使用DiskEncryptionSetsOperations类呢?我要初始化吗?我要导入吗?

python-3.x azure documentation azure-virtual-machine azure-sdk-python
1个回答
0
投票

关于如何加密Azure VM磁盘,请参考以下步骤

az login

az keyvault create --name 'testdisk' --resource-group 'testvm1' --location 'centralus' --enabled-for-disk-encryption true --enabled-for-deployment true --enabled-for-template-deployment true
az keyvault key create --name diskery --vault-name testdisk --kty RSA

enter image description here

  1. 代码
import uuid
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.compute.models import VirtualMachineExtension
from msrestazure.tools import parse_resource_id

AZURE_TENANT_ID= ''
AZURE_CLIENT_ID=''
AZURE_CLIENT_SECRET='' 
AZURE_SUBSCRIPTION_ID=''

credentials = ServicePrincipalCredentials(client_id=AZURE_CLIENT_ID,secret=AZURE_CLIENT_SECRET,tenant=AZURE_TENANT_ID)
compute_client = ComputeManagementClient(credentials, AZURE_SUBSCRIPTION_ID)
resource_group_name='testvm1'
vm_name='test03'
vm =compute_client.virtual_machines.get(resource_group_name,vm_name)
parts = parse_resource_id(vm.id)
KeyVaultResourceId='/subscriptions/<your subscription id>/resourceGroups/<group name>/providers/Microsoft.KeyVault/vaults/<your key vault name>'
KeyEncryptionKeyURL='https://<your key vault name>.vault.azure.net/keys/<name>/<version>'
KeyVaultURL='https://<your key vault name>.vault.azure.net/'

# we are ready to provision/update the disk encryption extensions
os_type = vm.storage_profile.os_disk.os_type.value 
sequence_version = uuid.uuid4()
public_settings={"EncryptionOperation": 'EnableEncryption',
          "KeyVaultURL": KeyVaultURL,
          "KeyVaultResourceId": KeyVaultResourceId,
          "KeyEncryptionKeyURL": KeyEncryptionKeyURL,
          "KekVaultResourceId": KeyVaultResourceId,
          "KeyEncryptionAlgorithm": 'RSA-OAEP',
          "VolumeType": 'ALL',
          'SequenceVersion': sequence_version,
        }

if(os_type.lower() =='windows') :
    ext= VirtualMachineExtension(
           location=vm.location,
           publisher='Microsoft.Azure.Security',
           virtual_machine_extension_type='AzureDiskEncryption',
           type_handler_version='2.2',
           auto_upgrade_minor_version=True,
           settings=public_settings,
           protected_settings=None



    )
    poller  =compute_client.virtual_machine_extensions.create_or_update(parts['resource_group'],parts['name'],'test',ext)

else :
    ext= VirtualMachineExtension(
           location=vm.location,
           publisher='Microsoft.Azure.Security',
           virtual_machine_extension_type='AzureDiskEncryptionForLinux',
           type_handler_version='1.1',
           auto_upgrade_minor_version=True,
           settings=public_settings,
           protected_settings=None



    )
    poller  =compute_client.virtual_machine_extensions.create_or_update(parts['resource_group'],parts['name'],'test',ext)



# verify the extension was ok
extension_result = compute_client.virtual_machine_extensions.get(
        parts['resource_group'],parts['name'],'test', 'instanceView')
if extension_result.provisioning_state != 'Succeeded':
    print('Extension needed for disk encryption was not provisioned correctly')
print("success")

enter image description here有关更多详细信息,请参阅

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/azure-disk-enc-windows

https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.