Python is a general-purpose programming language which has gained traction due to its wide range of capabilities and user demand. In the world of Cloud and DevOps, using a programming language such as Python has become even more vital for ongoing operations and management tasks.
In this article, you will discover how you can use Python along with Azure-offered SDK for Python to interact with the Azure environment programmatically.
Understanding Azure Python SDK Offering
Microsoft Azure Cloud is one of the leading cloud platforms, offering a wide range of services that enable organizations to build, deploy, and manage their applications and infrastructure. If you are new to Azure, consider getting familiar with the Azure Cloud environment to understand more about the basic offerings. The most common services offered by Azure are:
- Azure VM
- Azure Functions
- Azure Web App
- Azure Storage
- Azure CosmosDB
- Azure Logic App
- Azure Data Factory
- Azure Log Analytics Workspace
- Azure Virtual Network
- Azure Front Door
All these resources can be managed by either Azure Portal, which is the most common way to manage these resources, or by using certain programming tools such as Azure PowerShell or Azure CLI. Python SDK for Azure is also an additional method you can leverage to manage and orchestrate these resources without doing the manual repetitive work.
Python is a widely adopted and versatile programming language, allowing you to build custom scripts and applications tailored to your specific Azure management needs. This level of customization is often not achievable with pre-defined CLI or PowerShell commands. Moreover, Python SDK provides access to Azure’s comprehensive set of APIs, enabling fine-grained control over Azure resources, automation, and integration with other services which streamline the management of the Azure environment.
Setting up Azure Environment
Depending on how you plan to use Python SDK for your environment, the method to access the environment may differ. In this case, you will understand how you can set up the Azure environment to allow access to the Python application or code to access your Azure environment. This involves creating a service principal, followed by creating a secret to access and finally assigning necessary permissions on the subscription to allow access for the application code to interact with your resources.
Setting up a Service Principal for Python Code Access
The first step to setting up your local work environment to use Python for Azure SDK is to set up a service principal for Python SDK.
- Navigate to Entra ID in your Azure tenant and click on + New Registration:
- Enter an appropriate name for your app and click Register:
- On the Overview tab, observe and note down the Application ID and Tenant ID for the Service Principal:
- Navigate to Certificates & secrets and click + New client secret. Save and store the secret when displayed the first time as you won’t be able to see it again afterwards.
At this point, you have the application configured to use for the deployments to your Azure subscription.
Assigning Permissions to Service Principal on Azure Subscription
With the service principal created, you must allow it to have permissions on Azure resources in order for it to access the resources. Ideally, you would want to give just enough permissions to do what is intended to do. In this case, you’ll assign a contributor role to the Service Principal on a subscription.
- Navigate to your Azure Subscription of choice, click Access control (IAM) and Role assignments:
- Click + Add → Add role assignment:
- Under Role tab, click Privileged administrator roles and select Contributor. Click Next to proceed:
- Under the Members tab, click + select members and search the Service Principal by name. Click on the result and click Select. Click Review + assign once done.
- On the Review + assign tab, click Review + assign.
The service principal is not configured to access your Azure subscription and the resources inside the resource groups. This will allow you to create and remove resources using Python SDK.
Setting up a Development Environment to Interact with Azure
Clone the GitHub Repo for Azure Python SDK prepared for you to use as a base layer.
You will use this repo to connect to your Azure account with the service principal credentials.
- Once cloned, open the folder in VS Code:
- IMPORTANT! Read through the
README.mdfile first to ensure you have Python and Python Virtual environment installed on your workstation. - The
srcfolder container two files. Theconfig.pyfile is used to gather environment variables for the code while thefunc.pyfile contains the code that will run against the Azure environment. - Click on the
requirements.txtfile and view the file content:
The file contains the Python SDK packages for Azure. You will add or remove packages based on the need of your code. You will see basic packages such as azure-common, azure-core, azure-identity those already added since they are needed to perform the initial authentication to Azure. You can add more packages from official pip repository. Each resource type in Azure has its own unique package for Management and Client-side configuration.
- The
init.shscript prepares your local environment to use the appropriate packages for Python code.
- Click on
func.pyfile from the file explorer and observe the code:
The function handler do all the work to initialize the Python connection and query the subscription. The resource client to use is defined on line 3 which you can change based on your needs.
In this example, the code queries the subscription to find all the resource groups and finally prints the name of the resource group.
Interacting with Azure using Python SDK
Now that you have the code environment on your local workstation, follow the instructions below to Authenticate to your Azure account and run the code.
- Rename the file
.env.sampleto.envand paste your Application ID, Subscription ID, App Secret and Tenant ID for the service principal created earlier.
- Open your terminal and run the following script to prepare your local Python environment.
chmod +x init.sh
./init.sh
A new folder named venv will appear. This folder will store all the packages locally in your repository folder.
- Once the script finishes, click F5 on your keyboard or click Debug to run the file.
- The terminal will show the output with the name of the resource group
Demo-RG, in this case and return True if the results exist.
This confirms that the code successfully ran and retrieved the resource group information from the Azure account.
Conclusion
By following the instructions in the article, you will be able to learn how to authenticate to an Azure account, run Python code to query and manipulate Azure resources and understand the structure of the code provided in the article.
Overall, I hope this article equips you with the knowledge and tools necessary to start working with Azure using Python SDK, enabling you to create and manage resources in Azure subscription efficiently.
