الملاحظات تحرير

Example: Provision Azure Storage using the Azure libraries for Python

  • مقالة
  • قراءة خلال 5 دقائق

In this article, you learn how to use the Azure management libraries in a Python script to provision a resource group that contains and Azure Storage account and a Blob storage container. (Equivalent Azure CLI commands are given later in this article. If you prefer to use the Azure portal, see Create an Azure storage account and Create a blob container.)

After provisioning the resources, see Example: Use Azure Storage to use the Azure client libraries in Python application code to upload a file to the Blob storage container.

All the commands in this article work the same in Linux/macOS bash and Windows command shells unless noted.

1: Set up your local development environment

If you haven't already, follow all the instructions on Configure your local Python dev environment for Azure.

Be sure to create a service principal for local development, and create and activate a virtual environment for this project.

2: Install the needed Azure library packages

  1. Create a requirements.txt file that lists the management libraries used in this example:

    azure-mgmt-resource
azure-mgmt-storage
azure-identity

  2. In your terminal with the virtual environment activated, install the requirements:

    pip install -r requirements.txt

3: Write code to provision storage resources

This section describes how to provision storage resources from Python code. If you prefer, you can also provision resources through the Azure portal or through the equivalent Azure CLI commands.

Create a Python file named provision_blob.py with the following code. The comments explain the details:

import os, random

# Import the needed management objects from the libraries. The azure.common library
# is installed automatically with the other libraries.
from azure.identity import AzureCliCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.storage import StorageManagementClient

# Acquire a credential object using CLI-based authentication.
credential = AzureCliCredential()

# Retrieve subscription ID from environment variable.
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]

# Obtain the management object for resources.
resource_client = ResourceManagementClient(credential, subscription_id)

# Constants we need in multiple places: the resource group name and the region
# in which we provision resources. You can change these values however you want.
RESOURCE_GROUP_NAME = "PythonAzureExample-Storage-rg"
LOCATION = "centralus"

# Step 1: Provision the resource group.

rg_result = resource_client.resource_groups.create_or_update(RESOURCE_GROUP_NAME,
    { "location": LOCATION })

print(f"Provisioned resource group {rg_result.name}")

# For details on the previous code, see Example: Provision a resource group
# at https://docs.microsoft.com/azure/developer/python/azure-sdk-example-resource-group


# Step 2: Provision the storage account, starting with a management object.

storage_client = StorageManagementClient(credential, subscription_id)

# This example uses the CLI profile credentials because we assume the script
# is being used to provision the resource in the same way the Azure CLI would be used.

STORAGE_ACCOUNT_NAME = f"pythonazurestorage{random.randint(1,100000):05}"

# You can replace the storage account here with any unique name. A random number is used
# by default, but note that the name changes every time you run this script.
# The name must be 3-24 lower case letters and numbers only.


# Check if the account name is available. Storage account names must be unique across
# Azure because they're used in URLs.
availability_result = storage_client.storage_accounts.check_name_availability(
    { "name": STORAGE_ACCOUNT_NAME }
)

if not availability_result.name_available:
    print(f"Storage name {STORAGE_ACCOUNT_NAME} is already in use. Try another name.")
    exit()

# The name is available, so provision the account
poller = storage_client.storage_accounts.begin_create(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME,
    {
        "location" : LOCATION,
        "kind": "StorageV2",
        "sku": {"name": "Standard_LRS"}
    }
)

# Long-running operations return a poller object; calling poller.result()
# waits for completion.
account_result = poller.result()
print(f"Provisioned storage account {account_result.name}")


# Step 3: Retrieve the account's primary access key and generate a connection string.
keys = storage_client.storage_accounts.list_keys(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME)

print(f"Primary key for storage account: {keys.keys[0].value}")

conn_string = f"DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName={STORAGE_ACCOUNT_NAME};AccountKey={keys.keys[0].value}"

print(f"Connection string: {conn_string}")

# Step 4: Provision the blob container in the account (this call is synchronous)
CONTAINER_NAME = "blob-container-01"
container = storage_client.blob_containers.create(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME, CONTAINER_NAME, {})

# The fourth argument is a required BlobContainer object, but because we don't need any
# special values there, so we just pass empty JSON.

print(f"Provisioned blob container {container.name}")

This code uses CLI-based authentication (using AzureCliCredential) because it demonstrates actions that you might otherwise do with the Azure CLI directly. In both cases you're using the same identity for authentication.

To use such code in a production script (for example, to automate VM management), use DefaultAzureCredential (recommended) or a service principal based method as described in How to authenticate Python apps with Azure services.

4. Run the script

python provision_blob.py

The script will take a minute or two to complete.

5: Verify the resources

  1. Open the Azure portal to verify that the resource group and storage account were provisioned as expected. You may need to wait a minute and also select Show hidden types in the resource group to see a storage account provisioned from a Python script:

    Azure portal page for the new resource group, showing the storage account

  2. Select the storage account, then select Data storage > Containers in the left-hand menu to verify that the "blob-container-01" appears:

    Azure portal page for the storage account showing the blob container

  3. If you want to try using these provisioned resources from application code, continue with Example: Use Azure Storage.

For an additional example of using the Azure Storage management library, see the Manage Python Storage sample.

For reference: equivalent Azure CLI commands

The following Azure CLI commands complete the same provisioning steps as the Python script:

rem Provision the resource group

az group create -n PythonAzureExample-Storage-rg -l centralus

rem Provision the storage account

az storage account create -g PythonAzureExample-Storage-rg -l centralus ^
    -n pythonazurestorage12345 --kind StorageV2 --sku Standard_LRS

rem Retrieve the connection string

az storage account show-connection-string -g PythonAzureExample-Storage-rg ^
    -n pythonazurestorage12345

rem Provision the blob container; NOTE: this command assumes you have an environment variable
rem named AZURE_STORAGE_CONNECTION_STRING with the connection string for the storage account.

set AZURE_STORAGE_CONNECTION_STRING=<connection_string>
az storage container create --account-name pythonazurestorage12345 -n blob-container-01

6: Clean up resources

Leave the resources in place if you want to follow the article Example: Use Azure Storage to use these resources in app code.

Otherwise, run the following command to avoid ongoing charges in your subscription.

az group delete -n PythonAzureExample-Storage-rg  --no-wait

You can also use the ResourceManagementClient.resource_groups.begin_delete method to delete a resource group from code. The code in Example: Provision a resource group demonstrates usage.

See also