# Chaos Toolkit Extension for Azure
[](https://github.com/chaostoolkit-incubator/chaostoolkit-azure/actions/workflows/build.yaml)
[](https://www.python.org/)
This project is a collection of [actions][] and [probes][], gathered as an
extension to the [Chaos Toolkit][chaostoolkit]. It targets the
[Microsoft Azure][azure] platform.
[actions]: http://chaostoolkit.org/reference/api/experiment/#action
[probes]: http://chaostoolkit.org/reference/api/experiment/#probe
[chaostoolkit]: http://chaostoolkit.org
[azure]: https://azure.microsoft.com/en-us/
## Install
This package requires Python 3.5+
To be used from your experiment, this package must be installed in the Python
environment where [chaostoolkit][] already lives.
```
$ pip install -U chaostoolkit-azure
```
## Usage
To use the probes and actions from this package, add the following to your
experiment file:
```json
{
"type": "action",
"name": "start-service-factory-chaos",
"provider": {
"type": "python",
"module": "chaosazure.vm.actions",
"func": "stop_machines",
"secrets": ["azure"],
"arguments": {
"parameters": {
"TimeToRunInSeconds": 45
}
}
}
}
```
That's it!
Please explore the code to see existing probes and actions.
## Configuration
This extension uses the [Azure SDK][sdk] libraries under the hood. The Azure SDK library expects that you have a tenant and client identifier, as well as a client secret and subscription, that allows you to authenticate with the Azure resource management API.
Configuration values for the Chaos Toolkit Extension for Azure can come from several sources:
- Experiment file
- Azure credential file
The extension will first try to load the configuration from the `experiment file`. If configuration is not provided in the `experiment file`, it will try to load it from the `Azure credential file`.
[creds]: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-to-secure-cluster
[requests]: http://docs.python-requests.org/en/master/
[sdk]: https://github.com/Azure/azure-sdk-for-python
### Credentials
#### Environment Variables
You can pass credentials via the following environment variables:
- AZURE_CLIENT_ID
- AZURE_CLIENT_SECRET
- AZURE_TENANT_ID
Or:
- AZURE_CLIENT_ID
- AZURE_ACCESS_TOKEN
#### Experiment Secrets
You may also pass them via the secrets block of the experiment:
```json
{
"secrets": {
"azure": {
"client_id": "your-super-secret-client-id",
"client_secret": "your-even-more-super-secret-client-secret",
"tenant_id": "your-tenant-id"
}
}
}
```
You can retrieve secretes as well from [environment][env_secrets] or [HashiCorp vault][vault_secrets].
If you are not working with Public Global Azure, e.g. China Cloud You can set the cloud environment.
```json
{
"client_id": "your-super-secret-client-id",
"client_secret": "your-even-more-super-secret-client-secret",
"tenant_id": "your-tenant-id",
"cloud": "AZURE_CHINA_CLOUD"
}
```
Available cloud names:
- AZURE_CHINA_CLOUD
- AZURE_GERMAN_CLOUD
- AZURE_PUBLIC_CLOUD
- AZURE_US_GOV_CLOUD
Either of these values can be passed via `AZURE_CLOUD` as well.
[vault_secrets]: https://docs.chaostoolkit.org/reference/api/experiment/#vault-secrets
[env_secrets]: https://docs.chaostoolkit.org/reference/api/experiment/#environment-secrets
#### Azure Credential File
You may also pass them via the Azure credential file:
You can retrieve a credentials file with your subscription ID already in place by signing in to Azure using the az login command followed by the az ad sp create-for-rbac command
```bash
az login
az ad sp create-for-rbac --sdk-auth > credentials.json
```
credentials.json:
```json
{
"subscriptionId": "<azure_aubscription_id>",
"tenantId": "<tenant_id>",
"clientId": "<application_id>",
"clientSecret": "<application_secret>",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
```
Store the path to the file in an environment variable called **AZURE_AUTH_LOCATION** and make sure that your experiment does **NOT** contain `secrets` section.
### Subscription
Additionally you need to provide the Azure subscription id.
- As an environment variable
- AZURE_SUBSCRIPTION_ID
- Subscription id in the experiment file
```json
{
"configuration": {
"azure_subscription_id": "your-azure-subscription-id"
}
}
```
Configuration may be as well retrieved from an [environment][env_configuration].
An old, but deprecated way of doing it was as follows, this still works
but should not be favoured over the previous approaches as it's not the
Chaos Toolkit way to pass structured configurations.
```json
{
"configuration": {
"azure": {
"subscription_id": "your-azure-subscription-id"
}
}
}
```
[env_configuration]: https://docs.chaostoolkit.org/reference/api/experiment/#environment-configurations
- Subscription id in the Azure credential file
Credential file described in the previous "Credential" section contains as well subscription id. If **AZURE_AUTH_LOCATION** is set and subscription id is **NOT** set in the experiment definition, extension will try to load it from the credential file.
### Putting it all together
Here is a full example for an experiment containing secrets and configuration:
```json
{
"version": "1.0.0",
"title": "...",
"description": "...",
"tags": ["azure", "kubernetes", "aks", "node"],
"configuration": {
"azure_subscription_id": "xxx"
},
"secrets": {
"azure": {
"client_id": "xxx",
"client_secret": "xxx",
"tenant_id": "xxx"
}
},
"steady-state-hypothesis": {
"title": "Services are all available and healthy",
"probes": [
{
"type": "probe",
"name": "consumer-service-must-still-respond",
"tolerance": 200,
"provider": {
"type": "http",
"url": "https://some-url/"
}
}
]
},
"method": [
{
"type": "action",
"name": "restart-node-at-random",
"provider": {
"type": "python",
"module": "chaosazure.machine.actions",
"func": "restart_machines",
"secrets": ["azure"],
"config": ["azure_subscription_id"]
}
}
],
"rollbacks": []
}
```
## Contribute
If you wish to contribute more functions to this package, you are more than
welcome to do so. Please, fork this project, make your changes following the
usual [PEP 8][pep8] code style, sprinkling with tests and submit a PR for
review.
[pep8]: https://pycodestyle.readthedocs.io/en/latest/
The Chaos Toolkit projects require all contributors must sign a
[Developer Certificate of Origin][dco] on each commit they would like to merge
into the master branch of the repository. Please, make sure you can abide by
the rules of the DCO before submitting a PR.
[dco]: https://github.com/probot/dco#how-it-works
### Develop
If you wish to develop on this project, make sure to install the development
dependencies. But first, [create a virtual environment][venv] and then install
those dependencies.
[venv]: http://chaostoolkit.org/reference/usage/install/#create-a-virtual-environment
```console
$ pip install -r requirements-dev.txt -r requirements.txt
```
Then, point your environment to this directory:
```console
$ python setup.py develop
```
Now, you can edit the files and they will be automatically be seen by your
environment, even when running from the `chaos` command locally.
### Test
To run the tests for the project execute the following:
```
$ pytest
```
Raw data
{
"_id": null,
"home_page": "https://chaostoolkit.org",
"name": "chaostoolkit-azure",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "",
"author": "chaostoolkit Team",
"author_email": "contact@chaostoolkit.org",
"download_url": "https://files.pythonhosted.org/packages/9d/18/5da177333ded4cc5834623da16c8f6c33fe3c2acdb35ec9fd6d39728ae0b/chaostoolkit-azure-0.15.4.tar.gz",
"platform": null,
"description": "# Chaos Toolkit Extension for Azure\n\n[](https://github.com/chaostoolkit-incubator/chaostoolkit-azure/actions/workflows/build.yaml)\n[](https://www.python.org/)\n\nThis project is a collection of [actions][] and [probes][], gathered as an\nextension to the [Chaos Toolkit][chaostoolkit]. It targets the\n[Microsoft Azure][azure] platform.\n\n[actions]: http://chaostoolkit.org/reference/api/experiment/#action\n[probes]: http://chaostoolkit.org/reference/api/experiment/#probe\n[chaostoolkit]: http://chaostoolkit.org\n[azure]: https://azure.microsoft.com/en-us/\n\n## Install\n\nThis package requires Python 3.5+\n\nTo be used from your experiment, this package must be installed in the Python\nenvironment where [chaostoolkit][] already lives.\n\n```\n$ pip install -U chaostoolkit-azure\n```\n\n## Usage\n\nTo use the probes and actions from this package, add the following to your\nexperiment file:\n\n```json\n{\n \"type\": \"action\",\n \"name\": \"start-service-factory-chaos\",\n \"provider\": {\n \"type\": \"python\",\n \"module\": \"chaosazure.vm.actions\",\n \"func\": \"stop_machines\",\n \"secrets\": [\"azure\"],\n \"arguments\": {\n \"parameters\": {\n \"TimeToRunInSeconds\": 45\n }\n }\n }\n}\n```\n\nThat's it!\n\nPlease explore the code to see existing probes and actions.\n\n## Configuration\n\nThis extension uses the [Azure SDK][sdk] libraries under the hood. The Azure SDK library expects that you have a tenant and client identifier, as well as a client secret and subscription, that allows you to authenticate with the Azure resource management API.\n\nConfiguration values for the Chaos Toolkit Extension for Azure can come from several sources:\n\n- Experiment file\n- Azure credential file\n\nThe extension will first try to load the configuration from the `experiment file`. If configuration is not provided in the `experiment file`, it will try to load it from the `Azure credential file`.\n\n[creds]: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-to-secure-cluster\n[requests]: http://docs.python-requests.org/en/master/\n[sdk]: https://github.com/Azure/azure-sdk-for-python\n\n### Credentials\n\n#### Environment Variables\n\nYou can pass credentials via the following environment variables:\n\n- AZURE_CLIENT_ID\n- AZURE_CLIENT_SECRET\n- AZURE_TENANT_ID\n\nOr:\n\n- AZURE_CLIENT_ID\n- AZURE_ACCESS_TOKEN\n\n#### Experiment Secrets\n\nYou may also pass them via the secrets block of the experiment:\n\n ```json\n {\n \"secrets\": {\n \"azure\": {\n \"client_id\": \"your-super-secret-client-id\",\n \"client_secret\": \"your-even-more-super-secret-client-secret\",\n \"tenant_id\": \"your-tenant-id\"\n }\n }\n }\n ```\n\n You can retrieve secretes as well from [environment][env_secrets] or [HashiCorp vault][vault_secrets]. \n\n \n If you are not working with Public Global Azure, e.g. China Cloud You can set the cloud environment.\n\n ```json\n {\n \"client_id\": \"your-super-secret-client-id\",\n \"client_secret\": \"your-even-more-super-secret-client-secret\",\n \"tenant_id\": \"your-tenant-id\",\n \"cloud\": \"AZURE_CHINA_CLOUD\"\n }\n ```\n\n Available cloud names:\n\n - AZURE_CHINA_CLOUD\n - AZURE_GERMAN_CLOUD\n - AZURE_PUBLIC_CLOUD\n - AZURE_US_GOV_CLOUD\n\n Either of these values can be passed via `AZURE_CLOUD` as well.\n\n\n [vault_secrets]: https://docs.chaostoolkit.org/reference/api/experiment/#vault-secrets\n [env_secrets]: https://docs.chaostoolkit.org/reference/api/experiment/#environment-secrets\n\n\n#### Azure Credential File\n\nYou may also pass them via the Azure credential file:\n\n You can retrieve a credentials file with your subscription ID already in place by signing in to Azure using the az login command followed by the az ad sp create-for-rbac command\n\n ```bash\n az login\n az ad sp create-for-rbac --sdk-auth > credentials.json\n ```\n\n credentials.json:\n\n ```json\n {\n \"subscriptionId\": \"<azure_aubscription_id>\",\n \"tenantId\": \"<tenant_id>\",\n \"clientId\": \"<application_id>\",\n \"clientSecret\": \"<application_secret>\",\n \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com\",\n \"resourceManagerEndpointUrl\": \"https://management.azure.com/\",\n \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\",\n \"sqlManagementEndpointUrl\": \"https://management.core.windows.net:8443/\",\n \"galleryEndpointUrl\": \"https://gallery.azure.com/\",\n \"managementEndpointUrl\": \"https://management.core.windows.net/\"\n }\n ```\n\n Store the path to the file in an environment variable called **AZURE_AUTH_LOCATION** and make sure that your experiment does **NOT** contain `secrets` section. \n\n### Subscription\n\nAdditionally you need to provide the Azure subscription id.\n\n- As an environment variable\n \n - AZURE_SUBSCRIPTION_ID\n\n- Subscription id in the experiment file\n\n ```json\n {\n \"configuration\": {\n \"azure_subscription_id\": \"your-azure-subscription-id\"\n }\n }\n ```\n\n Configuration may be as well retrieved from an [environment][env_configuration].\n\n An old, but deprecated way of doing it was as follows, this still works\n but should not be favoured over the previous approaches as it's not the\n Chaos Toolkit way to pass structured configurations.\n\n ```json\n {\n \"configuration\": {\n \"azure\": {\n \"subscription_id\": \"your-azure-subscription-id\"\n }\n }\n }\n ```\n\n [env_configuration]: https://docs.chaostoolkit.org/reference/api/experiment/#environment-configurations\n\n- Subscription id in the Azure credential file\n\n Credential file described in the previous \"Credential\" section contains as well subscription id. If **AZURE_AUTH_LOCATION** is set and subscription id is **NOT** set in the experiment definition, extension will try to load it from the credential file.\n\n \n\n### Putting it all together\n\nHere is a full example for an experiment containing secrets and configuration: \n\n```json\n{\n \"version\": \"1.0.0\",\n \"title\": \"...\",\n \"description\": \"...\",\n \"tags\": [\"azure\", \"kubernetes\", \"aks\", \"node\"],\n \"configuration\": {\n \"azure_subscription_id\": \"xxx\"\n },\n \"secrets\": {\n \"azure\": {\n \"client_id\": \"xxx\",\n \"client_secret\": \"xxx\",\n \"tenant_id\": \"xxx\"\n }\n },\n \"steady-state-hypothesis\": {\n \"title\": \"Services are all available and healthy\",\n \"probes\": [\n {\n \"type\": \"probe\",\n \"name\": \"consumer-service-must-still-respond\",\n \"tolerance\": 200,\n \"provider\": {\n \"type\": \"http\",\n \"url\": \"https://some-url/\"\n }\n }\n ]\n },\n \"method\": [\n {\n \"type\": \"action\",\n \"name\": \"restart-node-at-random\",\n \"provider\": {\n \"type\": \"python\",\n \"module\": \"chaosazure.machine.actions\",\n \"func\": \"restart_machines\",\n \"secrets\": [\"azure\"],\n \"config\": [\"azure_subscription_id\"]\n }\n }\n ],\n \"rollbacks\": []\n}\n```\n\n## Contribute\n\nIf you wish to contribute more functions to this package, you are more than\nwelcome to do so. Please, fork this project, make your changes following the\nusual [PEP 8][pep8] code style, sprinkling with tests and submit a PR for\nreview.\n\n[pep8]: https://pycodestyle.readthedocs.io/en/latest/\n\nThe Chaos Toolkit projects require all contributors must sign a\n[Developer Certificate of Origin][dco] on each commit they would like to merge\ninto the master branch of the repository. Please, make sure you can abide by\nthe rules of the DCO before submitting a PR.\n\n[dco]: https://github.com/probot/dco#how-it-works\n\n### Develop\n\nIf you wish to develop on this project, make sure to install the development\ndependencies. But first, [create a virtual environment][venv] and then install\nthose dependencies.\n\n[venv]: http://chaostoolkit.org/reference/usage/install/#create-a-virtual-environment\n\n```console\n$ pip install -r requirements-dev.txt -r requirements.txt\n```\n\nThen, point your environment to this directory:\n\n```console\n$ python setup.py develop\n```\n\nNow, you can edit the files and they will be automatically be seen by your\nenvironment, even when running from the `chaos` command locally.\n\n### Test\n\nTo run the tests for the project execute the following:\n\n```\n$ pytest\n```\n",
"bugtrack_url": null,
"license": "Apache License Version 2.0",
"summary": "Chaos Toolkit Extension for Microsoft Azure",
"version": "0.15.4",
"project_urls": {
"Homepage": "https://chaostoolkit.org"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "535474d5406697a92dd97ba023d680ef405f03a773f93dd7815ab6869b8ae540",
"md5": "bb2dc320efbf6672e18ee26a4ab96e35",
"sha256": "0f1ab9d8e7f1f18d73e002d80d0768c45c1eeec0884f4101cd3402aa0b0f4e8a"
},
"downloads": -1,
"filename": "chaostoolkit_azure-0.15.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "bb2dc320efbf6672e18ee26a4ab96e35",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 50693,
"upload_time": "2023-07-11T14:34:38",
"upload_time_iso_8601": "2023-07-11T14:34:38.031844Z",
"url": "https://files.pythonhosted.org/packages/53/54/74d5406697a92dd97ba023d680ef405f03a773f93dd7815ab6869b8ae540/chaostoolkit_azure-0.15.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "9d185da177333ded4cc5834623da16c8f6c33fe3c2acdb35ec9fd6d39728ae0b",
"md5": "e45ae3e56fdfd26e0ded7eff5a097f1e",
"sha256": "1475fa6d19c94352d655c2d5fc77a86a0e5a465b8ee6769acd768f29059d2134"
},
"downloads": -1,
"filename": "chaostoolkit-azure-0.15.4.tar.gz",
"has_sig": false,
"md5_digest": "e45ae3e56fdfd26e0ded7eff5a097f1e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 36666,
"upload_time": "2023-07-11T14:34:39",
"upload_time_iso_8601": "2023-07-11T14:34:39.742662Z",
"url": "https://files.pythonhosted.org/packages/9d/18/5da177333ded4cc5834623da16c8f6c33fe3c2acdb35ec9fd6d39728ae0b/chaostoolkit-azure-0.15.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-07-11 14:34:39",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "chaostoolkit-azure"
}
JSON