Merge pull request #38 from Azure-Samples/kaihuis-policyinsights-sample

Add policyinsights sample

samples/policyinsights/README.md

@@ -0,0 +1,85 @@
+---
+page_type: sample
+languages:
+- python
+products:
+- azure
+description: "These code samples will show you how to manage Policy Insight using Azure SDK for Python."
+urlFragment: policy-insights
+---
+
+# Getting started - Managing Policy Insight using Azure Python SDK
+
+These code samples will show you how to manage Policy Insight using Azure SDK for Python.
+
+## Features
+
+This project framework provides examples for the following services:
+
+### Policy Insight
+* Using the Azure SDK for Python - Policy Insight Manamgement Library [azure-mgmt-policyinsights](https://pypi.org/project/azure-mgmt-policyinsights/) for the [Policy Insight API](https://docs.microsoft.com/en-us/rest/api/policy-insights/)
+
+## Getting Started
+
+### Prerequisites
+
+1. Before we run the samples, we need to make sure we have setup the credentials. Follow the instructions in [register a new application using Azure portal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) to obtain `subscription id`,`client id`,`client secret`, and `application id`
+
+2. Store your credentials an environment variables.
+For example, in Linux-based OS, you can do
+```bash
+export AZURE_TENANT_ID="xxx"
+export AZURE_CLIENT_ID="xxx"
+export AZURE_CLIENT_SECRET="xxx"
+export SUBSCRIPTION_ID="xxx"
+```
+
+### Installation
+
+1.  If you don't already have it, [install Python](https://www.python.org/downloads/).
+
+    This sample (and the SDK) is compatible with Python 2.7, 3.3, 3.4, 3.5 and 3.6.
+
+2.  General recommendation for Python development is to use a Virtual Environment.
+    For more information, see https://docs.python.org/3/tutorial/venv.html
+
+    Install and initialize the virtual environment with the "venv" module on Python 3 (you must install [virtualenv](https://pypi.python.org/pypi/virtualenv) for Python 2.7):
+
+    ```
+    python -m venv mytestenv # Might be "python3" or "py -3.6" depending on your Python installation
+    cd mytestenv
+    source bin/activate      # Linux shell (Bash, ZSH, etc.) only
+    ./scripts/activate       # PowerShell only
+    ./scripts/activate.bat   # Windows CMD only
+    ```
+
+### Quickstart
+
+1.  Clone the repository.
+
+    ```
+    git clone https://github.com/Azure-Samples/azure-samples-python-management.git
+    ```
+
+2.  Install the dependencies using pip.
+
+    ```
+    cd azure-samples-python-management/samples/policyinsights
+    pip install -r requirements.txt
+    ```
+
+## Demo
+
+A demo app is included to show how to use the project.
+
+To run the complete demo, execute `python example.py`
+
+To run each individual demo, point directly to the file. For example (i.e. not complete list):
+
+1. `python manage_remediation.py`
+
+Each file is a separate code sample that no dependency on other files. You can look at whichever code sample you're interested in
+
+## Resources
+
+- https://github.com/Azure/azure-sdk-for-python

samples/policyinsights/manage_remediation.py

@@ -0,0 +1,125 @@
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+
+import os
+
+from azure.identity import DefaultAzureCredential
+from azure.mgmt.policyinsights import PolicyInsightsClient
+from azure.mgmt.resource import PolicyClient, ResourceManagementClient
+
+
+def main():
+
+    SUBSCRIPTION_ID = os.environ.get("SUBSCRIPTION_ID", None)
+    GROUP_NAME = "testgroupx"
+    REMEDIATION = "remediationxxyyzz"
+    POLICY_NAME = "policyxyz"
+    POLICY_ASSIGNMENT_NAME = "assignmentx"
+
+    # Create client
+    # # For other authentication approaches, please see: https://pypi.org/project/azure-identity/
+    resource_client = ResourceManagementClient(
+        credential=DefaultAzureCredential(),
+        subscription_id=SUBSCRIPTION_ID
+    )
+    policyinsights_client = PolicyInsightsClient(
+        credential=DefaultAzureCredential(),
+        subscription_id=SUBSCRIPTION_ID
+    )
+    # - init depended client -
+    policy_client = PolicyClient(
+        credential=DefaultAzureCredential(),
+        subscription_id=SUBSCRIPTION_ID
+    )
+    # - end -
+
+    # Create resource group
+    resource_client.resource_groups.create_or_update(
+        GROUP_NAME,
+        {"location": "eastus"}
+    )
+
+    # - init depended resources -
+    # Create policy definition
+    definition = policy_client.policy_definitions.create_or_update(
+        POLICY_NAME,
+        {
+            'policy_type': 'Custom',
+            'description': 'Don\'t create a VM anywhere',
+            'policy_rule': {
+                'if': {
+                  'allOf': [
+                    {
+                      'source': 'action',
+                      'equals': 'Microsoft.Compute/virtualMachines/read'
+                    },
+                    {
+                      'field': 'location',
+                      'in': [
+                        'eastus',
+                        'eastus2',
+                        'centralus'
+                      ]
+                    }
+                  ]
+                },
+                'then': {
+                  'effect': 'deny'
+                }
+            }
+        }
+    )
+    print("Create policy definition: {}".format(definition))
+
+    # Policy Assignment - By Name
+    scope = '/subscriptions/{}/resourceGroups/{}'.format(
+        SUBSCRIPTION_ID,
+        GROUP_NAME
+    )
+
+    # Create policy assignment
+    assignment = policy_client.policy_assignments.create(
+        scope,
+        POLICY_ASSIGNMENT_NAME,
+        {
+            'policy_definition_id': definition.id,
+        }
+    )
+    print("Create policy assignment: {}".format(assignment))
+    # - end -
+
+    # Create remediation
+    remediation = policyinsights_client.remediations.create_or_update_at_resource_group(
+        GROUP_NAME,
+        REMEDIATION,
+        {
+            "policy_assignment_id": assignment.id
+        }
+    )
+    print("Create remediation:\n{}".format(remediation))
+
+    # Get remediation
+    remediation = policyinsights_client.remediations.get_at_resource_group(
+        GROUP_NAME,
+        REMEDIATION
+    )
+    print("Get remediation:\n{}".format(remediation))
+
+    # Delete remediation
+    remediation = policyinsights_client.remediations.delete_at_resource_group(
+        GROUP_NAME,
+        REMEDIATION
+    )
+    print("Delete remediation.\n")
+
+    # Delete Group
+    resource_client.resource_groups.begin_delete(
+        GROUP_NAME
+    ).result()
+
+
+if __name__ == "__main__":
+    main()

samples/policyinsights/requirements.txt

@@ -0,0 +1,2 @@
+azure-identity
+azure-mgmt-policyinsights==1.0.0b1