Use API version profiles with Python in Azure Stack Hub
Important
The Python SDK has been updated from track 1 to track 2. We recommend migrating to the track 2 SDK as soon as possible. For instructions, see this migration guide.
The Python SDK supports API version profiles to target different cloud platforms, such as Azure Stack Hub and global Azure. Use API profiles in creating solutions for a hybrid cloud.
The instructions in this article require a Microsoft Azure subscription. If you don't have one, you can get a free trial account.
Python and API version profiles
The Python SDK supports the following API profiles:
latest
This profile targets the most recent API versions for all service providers in the Azure platform.2020_09_01_hybrid
This profile targets the latest API versions for all the resource providers in the Azure Stack Hub platform for versions 2102 or later.2019_03_01_hybrid
This profile targets the latest API versions for all the resource providers in the Azure Stack Hub platform for versions 1904 or later.For more info on API profiles and Azure Stack Hub, see Manage API version profiles in Azure Stack Hub.
Install the Azure Python SDK
Profiles
For profiles containing dates, to use a different SDK profile or version, substitute the date in v<date>_hybrid. For example, for the 2008 version, the profile is 2019_03_01, and the string becomes v2019_03_01_hybrid. Note that sometimes the SDK team changes the name of the packages, so simply replacing the date of a string with a different date might not work. See the following table for association of profiles and Azure Stack versions.
| Azure Stack version | Profile |
|---|---|
| 2311 | 2020_09_01 |
| 2301 | 2020_09_01 |
| 2206 | 2020_09_01 |
| 2108 | 2020_09_01 |
| 2102 | 2020_09_01 |
| 2008 | 2019_03_01 |
For more information about Azure Stack Hub and API profiles, see the Summary of API profiles.
See Python SDK profiles.
Subscription
If you do not already have a subscription, create a subscription and save the subscription ID to be used later. For information about how to create a subscription, see this document.
Service principal
A service principal and its associated environment information should be created and saved somewhere. Service principal with owner role is recommended, but depending on the sample, a contributor role may suffice. Refer to the README in the sample repository for the required values. You may read these values in any format supported by the SDK language such as from a JSON file (which our samples use). Depending on the sample being run, not all of these values may be used. See the sample repository for updated sample code or further information.
Tenant ID
To find the directory or tenant ID for your Azure Stack Hub, follow the instructions in this article.
Register resource providers
Register required resource providers by following this document. These resource providers will be required depending on the samples you want to run. For example, if you want to run a VM sample, the Microsoft.Compute resource provider registration is required.
Azure Stack resource manager endpoint
Azure Resource Manager (ARM) is a management framework that enables administrators to deploy, manage, and monitor Azure resources. Azure Resource Manager can handle these tasks as a group, rather than individually, in a single operation. You can get the metadata info from the Resource Manager endpoint. The endpoint returns a JSON file with the info required to run your code.
- The ResourceManagerEndpointUrl in the Azure Stack Development Kit (ASDK) is:
https://management.local.azurestack.external/. - The ResourceManagerEndpointUrl in integrated systems is:
https://management.region.<fqdn>/, where<fqdn>is your fully qualified domain name. - To retrieve the metadata required:
<ResourceManagerUrl>/metadata/endpoints?api-version=1.0. For available API versions, see Azure rest API specifications. E.g., in2020-09-01profile version, you can change theapi-versionto2019-10-01for resource providermicrosoft.resources.
Sample JSON:
{
"galleryEndpoint": "https://portal.local.azurestack.external:30015/",
"graphEndpoint": "https://graph.windows.net/",
"portal Endpoint": "https://portal.local.azurestack.external/",
"authentication":
{
"loginEndpoint": "https://login.windows.net/",
"audiences": ["https://management.yourtenant.onmicrosoft.com/3cc5febd-e4b7-4a85-a2ed-1d730e2f5928"]
}
}
Trust the Azure Stack Hub CA root certificate
If you are using the ASDK, you must explicitly trust the CA root certificate on your remote machine. You do not need to trust the CA root certificate with Azure Stack Hub integrated systems.
Windows
Find the Python certificate store location on your machine. The location may vary, depending on where you installed Python. Open a command prompt or an elevated PowerShell prompt, and type the following command:
python -c "import certifi; print(certifi.where())"Make a note of the certificate store location; for example, ~/lib/python3.5/site-packages/certifi/cacert.pem. Your particular path depends on your operating system and the version of Python that you have installed.
Trust the Azure Stack Hub CA root certificate by appending it to the existing Python certificate:
$pemFile = "<Fully qualified path to the PEM certificate; for ex: C:\Users\user1\Downloads\root.pem>" $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $root.Import($pemFile) Write-Host "Extracting required information from the cert file" $md5Hash = (Get-FileHash -Path $pemFile -Algorithm MD5).Hash.ToLower() $sha1Hash = (Get-FileHash -Path $pemFile -Algorithm SHA1).Hash.ToLower() $sha256Hash = (Get-FileHash -Path $pemFile -Algorithm SHA256).Hash.ToLower() $issuerEntry = [string]::Format("# Issuer: {0}", $root.Issuer) $subjectEntry = [string]::Format("# Subject: {0}", $root.Subject) $labelEntry = [string]::Format("# Label: {0}", $root.Subject.Split('=')[-1]) $serialEntry = [string]::Format("# Serial: {0}", $root.GetSerialNumberString().ToLower()) $md5Entry = [string]::Format("# MD5 Fingerprint: {0}", $md5Hash) $sha1Entry = [string]::Format("# SHA1 Fingerprint: {0}", $sha1Hash) $sha256Entry = [string]::Format("# SHA256 Fingerprint: {0}", $sha256Hash) $certText = (Get-Content -Path $pemFile -Raw).ToString().Replace("`r`n","`n") $rootCertEntry = "`n" + $issuerEntry + "`n" + $subjectEntry + "`n" + $labelEntry + "`n" + ` $serialEntry + "`n" + $md5Entry + "`n" + $sha1Entry + "`n" + $sha256Entry + "`n" + $certText Write-Host "Adding the certificate content to Python Cert store" Add-Content "${env:ProgramFiles(x86)}\Python35\Lib\site-packages\certifi\cacert.pem" $rootCertEntry Write-Host "Python Cert store was updated to allow the Azure Stack Hub CA root certificate"
Note
If you are using virtualenv for developing with Python SDK, you must add the previous certificate to your virtual environment certificate store. The path might look similar to: ..\mytestenv\Lib\site-packages\certifi\cacert.pem.
Samples
See this sample repository for update-to-date (track 2) sample code. See this sample repository for track 1 sample code. The root README.md describes general requirements, and each sub-directory contains a specific sample with its own README.md that describes how to run that sample.
See here for the sample applicable for Azure Stack version 2008 or profile 2019-03-01 and below.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for