Merge pull request #294 from Azure/endpoint-updates

Endpoint Updates + Build Enhancements

Author: DCMattyG

.github/workflows/azure-ipam-build.yml

@@ -32,6 +32,12 @@ jobs:
         with:
           node-version: 18
 
+      - name: "Setup Python v3.9"
+        id: setupPython
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+
       - name: "Extract Pull Request Details"
         id: getPullRequestData
         uses: actions/github-script@v7
@@ -91,6 +97,19 @@ jobs:
         run: |
           npm install
 
+      - name: Install PIP Packages
+        id: installPipPackages
+        working-directory: engine
+        run: |
+          pip install -r requirements.txt
+
+      - name: Freeze PIP Packages
+        id: freezePipPackages
+        working-directory: engine
+        run: |
+          echo "# Dependencies for Azure IPAM v${{ steps.updateVersion.outputs.ipamVersion }}" > requirements.lock.txt
+          pip freeze >> requirements.lock.txt
+
       - name: "Create Azure IPAM ZIP Asset"
         id: buildZipAsset
         working-directory: tools

Dockerfile.deb

@@ -15,7 +15,7 @@ WORKDIR /tmp
 COPY ./ui/. ./
 
 # Install UI Dependencies
-RUN npm install
+RUN npm ci
 RUN chmod 777 -R node_modules
 
 # Build IPAM UI
@@ -52,13 +52,13 @@ RUN mkdir /var/run/sshd
 WORKDIR /ipam
 
 # Install Engine Dependencies
-COPY ./engine/requirements.txt /code/requirements.txt
+COPY ./engine/requirements.lock.txt /code/requirements.lock.txt
 
 # Upgrade PIP
 RUN pip install --upgrade pip --progress-bar off
 
 # Install Dependencies
-RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt --progress-bar off
+RUN pip install --no-cache-dir --upgrade -r /code/requirements.lock.txt --progress-bar off
 
 # Copy Engine Code
 COPY ./engine/app ./app

Dockerfile.func

@@ -13,7 +13,7 @@ WORKDIR /tmp
 COPY ./ui/. ./
 
 # Install UI Dependencies
-RUN npm install
+RUN npm ci
 RUN chmod 777 -R node_modules
 
 # Build IPAM UI
@@ -31,13 +31,13 @@ ENV PIP_ROOT_USER_ACTION=ignore
 WORKDIR /tmp
 
 # Copy Requirements File
-COPY ./engine/requirements.txt .
+COPY ./engine/requirements.lock.txt .
 
 # Upgrade PIP
 RUN pip install --upgrade pip --progress-bar off
 
 # Install Dependencies
-RUN pip install --no-cache-dir --upgrade -r ./requirements.txt --progress-bar off
+RUN pip install --no-cache-dir --upgrade -r ./requirements.lock.txt --progress-bar off
 
 # Copy Application Code to Function App Root Directory
 COPY ./engine/. /home/site/wwwroot

Dockerfile.rhel

@@ -18,7 +18,7 @@ USER root
 COPY ./ui/. ./
 
 # Install UI Dependencies
-RUN npm install
+RUN npm ci
 RUN chmod 777 -R node_modules
 
 # Build IPAM UI
@@ -62,13 +62,13 @@ RUN mkdir /var/run/sshd
 WORKDIR /ipam
 
 # Install Engine Dependencies
-COPY ./engine/requirements.txt /code/requirements.txt
+COPY ./engine/requirements.lock.txt /code/requirements.lock.txt
 
 # Upgrade PIP
 RUN pip install --upgrade pip --progress-bar off
 
 # Install Dependencies
-RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt --progress-bar off
+RUN pip install --no-cache-dir --upgrade -r /code/requirements.lock.txt --progress-bar off
 
 # Copy Engine Code
 COPY ./engine/app ./app

deploy/deploy.ps1

@@ -1252,7 +1252,7 @@ process {
     Write-Host
     Stop-Transcript | Out-Null
 
-    if ($script:deploymentSuccess) {
+    if (($PSCmdlet.ParameterSetName -notin 'AppsOnly') -and $script:deploymentSuccess) {
       Write-Output "ipamURL=https://$($deployment.Outputs["appServiceHostName"].Value)" >> $Env:GITHUB_OUTPUT
       Write-Output "ipamUIAppId=$($appDetails.UIAppId)" >> $Env:GITHUB_OUTPUT
       Write-Output "ipamEngineAppId=$($appDetails.EngineAppId)" >> $Env:GITHUB_OUTPUT

deploy/main.parameters.example.json

@@ -28,9 +28,6 @@
     },
     "privateAcr": {
       "value": false
-    },
-    "disableUi": {
-      "value": false
     }
   }
 }

engine/Dockerfile.deb

@@ -13,13 +13,13 @@ ENV PIP_ROOT_USER_ACTION=ignore
 WORKDIR /ipam
 
 # Copy Requirements File
-ADD ./requirements.txt .
+ADD ./requirements.lock.txt .
 
 # Upgrade PIP
 RUN pip install --upgrade pip --progress-bar off
 
 # Install Dependencies
-RUN pip install --no-cache-dir --upgrade -r ./requirements.txt --progress-bar off
+RUN pip install --no-cache-dir --upgrade -r ./requirements.lock.txt --progress-bar off
 
 # Copy Application Scripts & Sources
 ADD ./app ./app

engine/Dockerfile.func

@@ -6,13 +6,13 @@ ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
     AzureFunctionsJobHost__Logging__Console__IsEnabled=true
 
 # Copy Requirements File
-ADD ./requirements.txt .
+ADD ./requirements.lock.txt .
 
 # Upgrade PIP
 RUN pip install --upgrade pip --progress-bar off
 
 # Install Dependencies
-RUN pip install --no-cache-dir --upgrade -r ./requirements.txt --progress-bar off
+RUN pip install --no-cache-dir --upgrade -r ./requirements.lock.txt --progress-bar off
 
 # Copy Application Code to Function App Root Directory
 COPY . /home/site/wwwroot

engine/Dockerfile.rhel

@@ -16,13 +16,13 @@ WORKDIR /ipam
 USER root
 
 # Copy Requirements File
-ADD ./requirements.txt /ipam
+ADD ./requirements.lock.txt /ipam
 
 # Upgrade PIP
 RUN pip install --upgrade pip --progress-bar off
 
 # Install Dependencies
-RUN pip install --no-cache-dir --upgrade -r ./requirements.txt --progress-bar off
+RUN pip install --no-cache-dir --upgrade -r ./requirements.lock.txt --progress-bar off
 
 # Copy Application Scripts & Sources
 ADD ./app ./appDockerfile

engine/app/main.py

@@ -152,7 +152,10 @@ async def ipam_init():
         "env": globals.AZURE_ENV
     }
 
-    requests.post(url = "https://azureipammetrics.azurewebsites.net/api/heartbeat", json = hb_message)
+    try:
+        requests.post(url = "https://azureipammetrics.azurewebsites.net/api/heartbeat", json = hb_message)
+    except Exception:
+        pass
 
 async def upgrade_db():
     managed_identity_credential = ManagedIdentityCredential(

engine/app/models.py

@@ -445,7 +445,7 @@ def validate_request(cls, data: Any) -> Any:
 
         return data
 
-class ExtEndpointUpdate(BaseModel):
+class ExtEndpointReq(BaseModel):
     """DOCSTRING"""
 
     name: str
@@ -463,6 +463,12 @@ class JSONPatch(BaseModel):
 
 BlockUpdate = Annotated[List[JSONPatch], None]
 
+ExtNetUpdate = Annotated[List[JSONPatch], None]
+
+ExtSubnetUpdate = Annotated[List[JSONPatch], None]
+
+ExtEndpointUpdate = Annotated[List[JSONPatch], None]
+
 VNetsUpdate = Annotated[List[str], None]
 
 ExtNetsUpdate = Annotated[List[ExtNet], None]

engine/app/routers/admin.py

@@ -171,6 +171,39 @@ async def update_admins(
 
     return PlainTextResponse(status_code=status.HTTP_200_OK)
 
+@router.get(
+    "/admins/{objectId}",
+    summary = "Get IPAM Admin",
+    response_model = Admin,
+    status_code = 200
+)
+async def get_admins(
+    objectId: UUID = Path(..., description="Azure AD ObjectID for the target user"),
+    authorization: str = Header(None, description="Azure Bearer token"),
+    tenant_id: str = Depends(get_tenant_id),
+    is_admin: str = Depends(get_admin)
+):
+    """
+    Get a specific IPAM admin.
+    """
+
+    if not is_admin:
+        raise HTTPException(status_code=403, detail="API restricted to admins.")
+
+    admin_query = await cosmos_query("SELECT * FROM c WHERE c.type = 'admin'", tenant_id)
+
+    try:
+        admins = copy.deepcopy(admin_query[0])
+    except:
+        raise HTTPException(status_code=400, detail="No admins found in database.")
+
+    target_admin = next((x for x in admins['admins'] if x['id'] == str(objectId)), None)
+
+    if target_admin:
+        return target_admin
+    else:
+        raise HTTPException(status_code=404, detail="Admin not found.")
+
 @router.delete(
     "/admins/{objectId}",
     summary = "Delete IPAM Admin",