Using Python SDK to Interact with Azure Environment

Learn how to use Python SDK to Interact with Azure Resource Programatically.

Parveen Singh

8 Mins Read

April 7, 2024

Table of Content

Twitter
LinkedIn
Reddit

Python is a general-purpose programming language which has gained traction due to its wide range of capabilities and user demand. In the world of Cloud and DevOps, using a programming language such as Python has become even more vital for ongoing operations and management tasks.

In this article, you will discover how you can use Python along with Azure-offered SDK for Python to interact with the Azure environment programmatically.

Understanding Azure Python SDK Offering

Microsoft Azure Cloud is one of the leading cloud platforms, offering a wide range of services that enable organizations to build, deploy, and manage their applications and infrastructure. If you are new to Azure, consider getting familiar with the Azure Cloud environment to understand more about the basic offerings. The most common services offered by Azure are:

All these resources can be managed by either Azure Portal, which is the most common way to manage these resources, or by using certain programming tools such as Azure PowerShell or Azure CLI. Python SDK for Azure is also an additional method you can leverage to manage and orchestrate these resources without doing the manual repetitive work.

Python is a widely adopted and versatile programming language, allowing you to build custom scripts and applications tailored to your specific Azure management needs. This level of customization is often not achievable with pre-defined CLI or PowerShell commands. Moreover, Python SDK provides access to Azure’s comprehensive set of APIs, enabling fine-grained control over Azure resources, automation, and integration with other services which streamline the management of the Azure environment.

Setting up Azure Environment

Depending on how you plan to use Python SDK for your environment, the method to access the environment may differ. In this case, you will understand how you can set up the Azure environment to allow access to the Python application or code to access your Azure environment. This involves creating a service principal, followed by creating a secret to access and finally assigning necessary permissions on the subscription to allow access for the application code to interact with your resources.

Setting up a Service Principal for Python Code Access

The first step to setting up your local work environment to use Python for Azure SDK is to set up a service principal for Python SDK.

  • Navigate to Entra ID in your Azure tenant and click on + New Registration:
Untitled
Entra ID App Reg
  • Enter an appropriate name for your app and click Register:
Untitled
Entra ID App Reg
  • On the Overview tab, observe and note down the Application ID and Tenant ID for the Service Principal:
Untitled
App Registration App Overview
  • Navigate to Certificates & secrets and click + New client secret. Save and store the secret when displayed the first time as you won’t be able to see it again afterwards.
App Registration Credential Secret Page

At this point, you have the application configured to use for the deployments to your Azure subscription.

Assigning Permissions to Service Principal on Azure Subscription

With the service principal created, you must allow it to have permissions on Azure resources in order for it to access the resources. Ideally, you would want to give just enough permissions to do what is intended to do. In this case, you’ll assign a contributor role to the Service Principal on a subscription.

  • Navigate to your Azure Subscription of choice, click Access control (IAM) and Role assignments:
Untitled
Azure Subscription IAM
  • Click + Add → Add role assignment:
Untitled
Add Role Assignment
  • Under Role tab, click Privileged administrator roles and select Contributor. Click Next to proceed:

Selecting Contributor Role
  • Under the Members tab, click + select members and search the Service Principal by name. Click on the result and click Select. Click Review + assign once done.
Untitled
Selecting Service Principal for IAM Access
  • On the Review + assign tab, click Review + assign.
Untitled
Review Azure IAM Role Assignment

The service principal is not configured to access your Azure subscription and the resources inside the resource groups. This will allow you to create and remove resources using Python SDK.

Setting up a Development Environment to Interact with Azure

Clone the GitHub Repo for Azure Python SDK prepared for you to use as a base layer.

You will use this repo to connect to your Azure account with the service principal credentials.

  • Once cloned, open the folder in VS Code:
Untitled
Azure Python SDK VS Code View
  • IMPORTANT! Read through the README.md file first to ensure you have Python and Python Virtual environment installed on your workstation.
  • The src folder container two files. The config.py file is used to gather environment variables for the code while the func.py file contains the code that will run against the Azure environment.
  • Click on the requirements.txt file and view the file content:
Untitled
Python Requirements File

The file contains the Python SDK packages for Azure. You will add or remove packages based on the need of your code. You will see basic packages such as azure-common, azure-core, azure-identity those already added since they are needed to perform the initial authentication to Azure. You can add more packages from official pip repository. Each resource type in Azure has its own unique package for Management and Client-side configuration.

  • The init.sh script prepares your local environment to use the appropriate packages for Python code.
  • Click on func.py file from the file explorer and observe the code:
Untitled
Azure Python SDK Code

The function handler do all the work to initialize the Python connection and query the subscription. The resource client to use is defined on line 3 which you can change based on your needs.

In this example, the code queries the subscription to find all the resource groups and finally prints the name of the resource group.

Interacting with Azure using Python SDK

Now that you have the code environment on your local workstation, follow the instructions below to Authenticate to your Azure account and run the code.

  • Rename the file .env.sample to .env and paste your Application ID, Subscription ID, App Secret and Tenant ID for the service principal created earlier.
Untitled
Environment File Python
  • Open your terminal and run the following script to prepare your local Python environment.

chmod +x init.sh ./init.sh

A new folder named venv will appear. This folder will store all the packages locally in your repository folder.

  • Once the script finishes, click F5 on your keyboard or click Debug to run the file.
  • The terminal will show the output with the name of the resource group Demo-RG, in this case and return True if the results exist.
Untitled
Code Terminal Output

This confirms that the code successfully ran and retrieved the resource group information from the Azure account.

Conclusion

By following the instructions in the article, you will be able to learn how to authenticate to an Azure account, run Python code to query and manipulate Azure resources and understand the structure of the code provided in the article.

Overall, I hope this article equips you with the knowledge and tools necessary to start working with Azure using Python SDK, enabling you to create and manage resources in Azure subscription efficiently.


Discover more from Parveen Singh

Subscribe to get the latest posts sent to your email.

Recommended Readings

Discover more from Parveen Singh

Subscribe now to keep reading and get access to the full archive.

Continue reading