Azure Resource Manager REST calls from Python

This article describes how to make REST calls to Azure Resource Manager (ARM) from Python. In particular, how to authenticate. Once you have an authentication token you just add it to your REST call headers when calling the Azure REST API.

Note: If you’re looking for the official Azure SDK for Python, go here: https://github.com/Azure/azure-sdk-for-python.

Initial Setup

Creating an Azure Resource Manager app requires some one-time setup steps:

  • Create an Azure Active Directory App
  • Create a Service Principal (an Active Directory “user” which represents an automated application) and grant it permissions
  • Create a credential  object and get the tenant ID.

These steps are well documented here: Authenticating a Service Principal with Azure Resource Manager, and are covered (using PowerShell) in steps 1-4 of my C# Azure REST write-up here: How to call the Azure Resource Manager REST API from C#.

If you follow these steps you will have the information you need to authenticate in your program:

  • Application ID
  • Application secret
  • Tenant ID

Python Code

Thanks to the Microsoft Azure Active Directory Authentication Library (ADAL) for Python getting an authentication token in Python is easy..

  1. Install the ADAL for Python library:

pip install adal

2. Example code to get and print a token

import adal

authentication_endpoint = 'https://login.microsoftonline.com/'
resource  = 'https://management.core.windows.net/'

# get an Azure access token using the adal library
context = adal.AuthenticationContext(authentication_endpoint + tenant_id)
token_response = context.acquire_token_with_client_credentials(resource, application_id, application_secret)

access_token = token_response.get('accessToken')
print(access_token)

3. Example code to get a list of Azure subscriptions

import adal
import requests

authentication_endpoint = 'https://login.microsoftonline.com/'
resource  = 'https://management.core.windows.net/'

# get an Azure access token using the adal library
context = adal.AuthenticationContext(authentication_endpoint + tenant_id)
token_response = context.acquire_token_with_client_credentials(resource, application_id, application_secret)

access_token = token_response.get('accessToken')

endpoint = 'https://management.azure.com/subscriptions/?api-version=2015-01-01'

headers = {"Authorization": 'Bearer ' + access_token}
json_output = requests.get(endpoint,headers=headers).json()
for sub in json_output["value"]:
    print(sub["displayName"] + ': ' + sub["subscriptionId"])

References

See also the azurerm library. A simple library of REST wrappers FOR Azure Python.



Also, as mentioned at the beginning, if you’re looking for a managed library, the Azure SDK for python is here.

Advertisements
This entry was posted in Cloud, Computers and Internet, Python and tagged , . Bookmark the permalink.

5 Responses to Azure Resource Manager REST calls from Python

  1. Pingback: This week in Azure – January 11, 2016 | This week in Azure

  2. Pingback: azurerm – Python library for Azure Resource Manager REST API | MSFT Stack

  3. Can you please explain what usecases there is for using ADAL and what usecases for Azure SDK for Python?

    I have just setup a fresh azure webapp, and installed python 3.6 extension, and created a flask script.
    I have setup the webapp to use our companies AAD credentials to login.(only via the webapp setup in the azure portal)

    Now I want to limit the access, and be able to show their information like emails, shortname, profile photo, etc..
    Do you know of a tutorial to help me with this?
    Or are you able to provide me with the steps I need to take to do this?

    Thanks in advance.

    • sendmarsh says:

      Using ADAL directly allows you to manage the underlying authentication in your own way. In general I’d recommend using the Azure SDK for Python as that is the tried and tested method, and saves you having to figure out the authentication protocols for yourself.
      I don’t know of a tutorial that provides the information you’re looking for. Presumably you could get some information like this by querying the Azure subscription API from the Python SDK. I would start here: http://azure-sdk-for-python.readthedocs.io/en/latest/quickstart_authentication.html and log an issue with the Azure SDK if the information you need is not clear.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s