Skip to main content

Ansible Azure Storage table


Client gave us controlled Azure Subscriptions where we are not able to create anything manually using Azure portal. Client’s Dev team has setup Ansible and some roles to work with Azure Resources (e.g. there are roles to create logic apps, storage account, service bus, azure function etc.). In order to create/modify any resource in Azure, we have to use pre-defined Ansible roles.

Development team has a requirement to use Azure Storage Table in the code. There is no role available in client’s Ansible Role repository to create storage account.

REST API Approach

To create storage table, there are REST APIs, which we can use, but problem with REST API is that we need to have Authorization Header in the request, and in order to get the authorization header, we need to authenticate using Storage Account connection string. Since we have controlled environments, storage account connection strings (which are stored in Key Vault as Secrets) are not accessible to everyone and we cannot use the sensitive information like Key in the code.
Even after creating the Authorization for REST APIs, we were getting the following error while making a REST API call to create Azure storage table:
"msg": "Status code was 403 and not [200]: HTTP Error 403: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature."
Official documentation about REST API for Storage Table

Ansible Approach

Ansible has predefined modules for Azure available to work with Azure resources e.g. in our case, we used TableService. We created a python module, which creates the Azure Storage table for us using Table Services.
Reference: https://github.com/rgl/azure-content/blob/master/articles/storage/storage-python-how-to-use-table-storage.md  

Following is the code snippet for the module
from azure.storage.table import TableService

def create_azure_table_using_symmetric_key(data):

    account_key = data['account_key']
    account_name = data['account_name']
    table_name = data['table_name']

    table_service = TableService(account_name, account_key)
    table_service.create_table(table_name)

    return False, {'status': True }

def main():
    module = AnsibleModule(
        argument_spec=dict(
            account_key=dict(required=True, type='str'),
            account_name=dict(required=True, type='str'),
            table_name=dict(required=True, type='str'),
        )
    )

    is_error, result = create_azure_table_using_symmetric_key(module.params)

    if not is_error:
        module.exit_json(changed=False, meta=result)
    else:
        module.fail_json(msg="Error creating Azure Storage Table", meta=result)


Following is the playbook we used in Ansible:
- name: Get Storage Account Key to enable SAS token generation
  include_role:
    name: ansible-role-azure-keyvault-secrets
  vars:
    azure_keyvault_secrets:
    - name: "{{ azure_storage_acc_key_secretname }}"

- name: Create Azure Storage Table
  create_table:
    account_key: "{{ kvsecrets[azure_storage_acc_key_secretname] }}"
    account_name: "{{ azure_storage_acc_name }}"
    table_name: "{{ azure_storage_table_name }}"

here we are fetching a secret from KeyVault using another Ansible role and calling create_table module created above.

Labels:

Comments

Post a Comment

Popular posts from this blog

What is release, and what is a deployment?

T o understand the concepts and the technical implementation in many tools, you need to know how tool vendors define the difference between a release and a deployment. A  release  is a package or container containing a versioned set of artifacts specified in a release pipeline in your CI/CD process. It also includes a snapshot of all the information required to carry out all the tasks and activities in a release pipeline, such as: The stages or environments. The tasks for each one. The values of task parameters and variables. The release policies such as triggers, approvers, and release queuing options. On the other hand,  Deployment  is the action of running the tasks for one stage, which results in a tested and deployed application and other activities specified for that stage. Starting a release starts each deployment based on the settings and policies defined in the original release pipeline. There can be multiple deployments of each release, even for one stage. ...
Post a Comment
Read more

DevOps - What and Why?

The very first question arises in the mind is " What is DevOps? " Few will say it combined team of Developers and Operations. Some will say it is a person "DevOps Engineer" who works with multiple teams to get the things done in corrective manner. Further questions comes in mind are: What is the corrective manner of doing things? How it is different from our "current" method of doing things? Do I need an extra set of tools for this? And, most important of them all, why should I use it? Let me tell you what I've learn in my 3 days of DevOps training. What is DevOps? DevOps is not a team, or tool, DevOps is a culture. It is a culture for collaboration, Integration and Communication between different cross functional teams for  Continuous Delivery . DevOps is not an additional team, but it is the existing team members who work together. It breaks the barrier between Infrastructure and Code at early stage. DevOps also encoura...
1 comment
Read more

Adding JQuery to Blogger

  JQuery is the now a day very famous and came in 8 out of 10 webpages we visit. There is nothing dificult yo add this to your own blog. All you have to do is to add one line of code (script) to your blog's template’s header. <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js" type="text/javascript"></script> FYI: You don't need to upload any file or anything. Google will host it for your. STEPs to add jQuery to Blogger: Login to your dashboard; Choose your blog; From the top menu select “Layout”; Then select “Edit HTML” sub-menu; Add the above code anywhere between <head></head> tag (or alternatively, just above </head> tag) and you are done. Now, you can add jQuery plugins to your blog. Enjoy coding.... ;)
Post a Comment
Read more