Skip to main content

Ansible Azure Storage table


Client gave us controlled Azure Subscriptions where we are not able to create anything manually using Azure portal. Client’s Dev team has setup Ansible and some roles to work with Azure Resources (e.g. there are roles to create logic apps, storage account, service bus, azure function etc.). In order to create/modify any resource in Azure, we have to use pre-defined Ansible roles.

Development team has a requirement to use Azure Storage Table in the code. There is no role available in client’s Ansible Role repository to create storage account.

REST API Approach

To create storage table, there are REST APIs, which we can use, but problem with REST API is that we need to have Authorization Header in the request, and in order to get the authorization header, we need to authenticate using Storage Account connection string. Since we have controlled environments, storage account connection strings (which are stored in Key Vault as Secrets) are not accessible to everyone and we cannot use the sensitive information like Key in the code.
Even after creating the Authorization for REST APIs, we were getting the following error while making a REST API call to create Azure storage table:
"msg": "Status code was 403 and not [200]: HTTP Error 403: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature."
Official documentation about REST API for Storage Table

Ansible Approach

Ansible has predefined modules for Azure available to work with Azure resources e.g. in our case, we used TableService. We created a python module, which creates the Azure Storage table for us using Table Services.
Reference: https://github.com/rgl/azure-content/blob/master/articles/storage/storage-python-how-to-use-table-storage.md  

Following is the code snippet for the module
from azure.storage.table import TableService

def create_azure_table_using_symmetric_key(data):

    account_key = data['account_key']
    account_name = data['account_name']
    table_name = data['table_name']

    table_service = TableService(account_name, account_key)
    table_service.create_table(table_name)

    return False, {'status': True }

def main():
    module = AnsibleModule(
        argument_spec=dict(
            account_key=dict(required=True, type='str'),
            account_name=dict(required=True, type='str'),
            table_name=dict(required=True, type='str'),
        )
    )

    is_error, result = create_azure_table_using_symmetric_key(module.params)

    if not is_error:
        module.exit_json(changed=False, meta=result)
    else:
        module.fail_json(msg="Error creating Azure Storage Table", meta=result)


Following is the playbook we used in Ansible:
- name: Get Storage Account Key to enable SAS token generation
  include_role:
    name: ansible-role-azure-keyvault-secrets
  vars:
    azure_keyvault_secrets:
    - name: "{{ azure_storage_acc_key_secretname }}"

- name: Create Azure Storage Table
  create_table:
    account_key: "{{ kvsecrets[azure_storage_acc_key_secretname] }}"
    account_name: "{{ azure_storage_acc_name }}"
    table_name: "{{ azure_storage_table_name }}"

here we are fetching a secret from KeyVault using another Ansible role and calling create_table module created above.

Labels:

Comments

Post a Comment

Popular posts from this blog

PowerShell: Get Actual Error

I was having hard time to find the reason why I was not able to find a custom method in a .Net DLL. Find your Assembly: PS C:\vstsagent\A1\_work\r1\a\_DevOps_CI\Scripts > [appdomain]::currentdomain . getassemblies() | Where - Object FullName - Match "MyAssembly" GAC Version Location --- ------- -------- False v4 . 0.30319 C:\vstsagent\A1\_work\r1\a\_DevOps_CI\Scripts\Tools\MyAssembly . dll PS C:\vstsagent\A1\_work\r1\a\_DevOps_CI\Scripts & gt; $ a = [appdomain]::currentdomain . getassemblies() | Where - Object FullName - Match "MyAssembly" PS C:\vstsagent\A1\_work\r1\a\_DevOps_CI\Scripts & gt; $ a GAC Version Location --- ------- -------- False v4 . 0.30319 C:\vstsagent\A1\_work\r1\a\_DevOps_CI\Scripts\Tools\MyAssembly . dll When I was trying to get the Types in the assembly, I was getting the exception: PS C:\vstsagent\A1\_work\r1\a\_DevOps_CI\Scripts > ...
Post a Comment
Read more

Notepad++ Error for 64bit - ShellExecute failed (2): Is this command correct?

Cause : It happens when you set Notepad++ to "run as" administrator on Windows 7. Fix:  To fix this, you need to manually edit the registry of your system to create a new option in pop-up menu to open files with Notepad++ Step 1 : Delete existing  Edit with Notepad++  entry from registry Go into your registry as an administrator (Run -> regedit) and search for notepad++.exe. Find the key under  HKEY_CLASSES_ROOT  that has an entry with the  Edit with Notepad++  (or maybe  Edit with &Notepad++ ) and delete the entire key. Right click and you should see that you no longer have that option. Step 2 : Create new entry Open with Notepad++ Go to: HKEY_CLASSES_ROOT\*\shell Create a new key under shell called  OpenWithNotepad  and create a subkey under that called  command . In the  OpenWithNotepad  key the default string is what you want the context menu item to be called. I set it to  Open with Not...
Post a Comment
Read more

fastboot device not deleted in Windows 10? Here is the fix

I was cleaning my closet and found my HTC Incredible S (which I had bought in 2011). I gave the phone some juice for few hours and booted it, surprisingly it was working :) I thought about rooting it and flashing with new rom in market. I searched xda fourm and found this  (Cynogen 13 based Rom for Incredible S). I started to flash it. but, my bootloader was still locked. I went to HTCDev to unlock the bootloader. but Fastboot was not able to detect my phone. After 3 hrs of internet searching I found this simple fix. I think this can work with all the android phones. you need to create a registry entry (below) and reboot the system(PC). [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbflags\0BB40FF00100] "SkipBOSDescriptorQuery"=hex:01,00,00,00 after the registry fix, it worked liked a charm. Thanks
Post a Comment
Read more