update azure tags with workflow

devwithkrishna · Jan 9, 2024 · 8831636 · 8831636
1 parent f5aee4e
commit 8831636
Show file tree

Hide file tree

Showing 5 changed files with 166 additions and 2 deletions.
diff --git a/.github/workflows/tag_update.yml b/.github/workflows/tag_update.yml
@@ -0,0 +1,79 @@
+name: azure-tag-updation-using-python-github-workflow
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag_key:
+        required: true
+        type: string
+        description: "Corresponding tag key"
+      tag_value:
+        required: true
+        type: string
+        description: "Corresponding tag value for the key"
+      subscription_name:
+        required: true
+        type: string
+        description: "The azure subscription name."
+      resource_group_names:
+        required: true
+        type: string
+        description: "names of resource groups. more than one can be provided as comma seperated values"
+run-name: ${{ inputs.actor }} changing tags of ${{ inputs.resource_group_names }} on ${{inputs.subscription_name }}
+jobs:
+  azure-tag-updation-using-python-github-workflow:
+    runs-on: ubuntu-latest
+    env:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: set up python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.11'
+      - name: package installations
+        run: |
+          pip install pipenv
+          pipenv install
+      - name: run python program
+        run: |
+          pipenv run python3 update_azure_tag.py --tag_key ${{ inputs.tag_key }} \
+          --tag_value ${{ inputs.tag_value }} \
+          --subscription_name ${{ inputs.subscription_name }} \
+          --resource_group_names ${{ inputs.resource_group_names }}
+      - name: program execution completed
+        run: echo "program execution completed"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Pipfile b/Pipfile
@@ -9,6 +9,7 @@ azure-keyvault-secrets = "=4.7.0"
 argparse = "=1.4.0"
 python-dotenv = "=1.0.0"
 azure-mgmt-resource = "=23.0.1"
+azure-mgmt-resourcegraph = "=8.0.0"
 
 
 [requires]

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/azure_resource_graph_query.py b/azure_resource_graph_query.py
@@ -0,0 +1,48 @@
+from azure.identity import DefaultAzureCredential
+import azure.mgmt.resourcegraph as arg
+import logging
+import os
+from dotenv import load_dotenv
+
+def run_azure_rg_query(subscription_name: str):
+    """
+    Run a resource graph query to get the subscription id of a subscription back
+    :return: subscription_id str
+    """
+    credential = DefaultAzureCredential()
+    # Create Azure Resource Graph client and set options
+    arg_client = arg.ResourceGraphClient(credential)
+
+    query = f"""
+             resourcecontainers 
+             | where type == 'microsoft.resources/subscriptions' and name == '{subscription_name}' 
+             | project subscriptionId 
+            """
+
+    print(f"query is {query}")
+
+    # Create query
+    arg_query = arg.models.QueryRequest( query=query)
+
+    # Run query
+    arg_result = arg_client.resources(arg_query)
+
+    # Show Python object
+    # print(arg_result)
+    subscription_id = arg_result.data[0]['subscriptionId']
+    print(f"Subscription ID is : {subscription_id}")
+    return subscription_id
+
+def main():
+    """
+    To test the script
+    :return:
+    """
+    load_dotenv()
+    logging.info("ARG query being prepared......")
+    run_azure_rg_query(subscription_name="TECH-ARCHITECTS-NONPROD")
+    logging.info("ARG query Completed......")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/update_azure_tag.py b/update_azure_tag.py
@@ -5,6 +5,7 @@
 from azure.mgmt.resource import ResourceManagementClient
 from azure.mgmt.resource.resources.models import TagsPatchResource
 from dotenv import load_dotenv
+from azure_resource_graph_query import run_azure_rg_query
 
 
 def update_azure_tag(tag_key: str, tag_value: str, resource_group_names: str):
@@ -52,15 +53,18 @@ def main():
     parser = argparse.ArgumentParser("Tag updation automation in Azure using python")
     parser.add_argument("--tag_value", help= "tag value corresponding to the key in azure", required=True, type=str)
     parser.add_argument("--tag_key", help= "tag keys in azure", required=True, type=str)
+    parser.add_argument("--subscription_name", help="subscription name in azure", required=True, type=str)
     parser.add_argument("--resource_group_names", help= "names of resource groups. more than one can be provided as comma seperated values", required=True, type=str)
 
     args = parser.parse_args()
     tag_key = args.tag_key
     tag_value = args.tag_value
+    subscription_name = args.subscription_name
     resource_group_names = args.resource_group_names
 
     logging.info("Proccess started......")
-
+    subscription_id = run_azure_rg_query(subscription_name= subscription_name)
+    os.environ['subscription_id'] = subscription_id
     update_azure_tag(tag_key= tag_key,tag_value=tag_value,resource_group_names= resource_group_names)
     logging.info("Process completed.")