CLI tool for generating Azure VNet topology diagrams with enhanced features
Project description
GetTopology
⚠️ Alpha Release - This is an alpha version. Features may change and bugs may exist.
CLI tool for generating Azure VNet topology diagrams with enhanced features.
Installation
pip install gettopology
For the latest alpha version:
pip install gettopology==0.1.0a1
Requirements
- Python 3.10 or higher
- Azure subscription with appropriate permissions
- Azure CLI installed and configured (or Service Principal credentials)
Usage
After installation, use the gettopology command:
# Get topology for all VNets in all accessible subscriptions
gettopology
# Get topology for specific subscriptions [optional]
gettopology -s "subscription-id-1,subscription-id-2"
# Get topology from subscriptions listed in a file [optional]
gettopology -f subscriptions.txt
# Get topology for specific VNets across all subscriptions [optional]
gettopology -vnet "vnet-name-1,vnet-name-2"
# Combine filters: specific subscriptions and VNets [optional]
gettopology -s "sub-id-1,sub-id-2" -vnet "vnet-1,vnet-2"
# Specify output directory for diagrams [optional]
gettopology -s "sub-id" -o ./diagrams
# Set log level
gettopology --log-level DEBUG
# Skip role verification (role checking is enabled by default)
gettopology --skip-roles
Command Line Arguments
-s, --subscriptions: Comma-separated subscription IDs (optional)-f, --subscriptions-file: Path to file containing subscription IDs, one per line (optional)-vnet, --virtual-network: Comma-separated list of VNet names to filter (optional)-o, --output: Output directory for generated diagrams (default: current directory)--log-level: Logging level - DEBUG, INFO, WARNING, ERROR, CRITICAL (default: INFO)--skip-roles: Skip role verification. By default, the tool verifies that the authenticated user/service principal has at least 'Reader' role on subscriptions before proceeding (optional)--version: Display version information
Authentication
The tool supports multiple authentication methods, tried in this order:
- Azure CLI (first): Uses
az logincredentials - tried first if available - Service Principal (second): Provide via CLI arguments, environment variables, or
.envfile - Managed Identity (third): Automatically used when running in Azure (e.g., Azure VM, App Service, Functions)
What is Managed Identity?
Managed Identity is Azure's way of providing Azure resources (like VMs, App Services, etc.) with an automatically managed identity. When the tool runs inside Azure, it can authenticate using the resource's managed identity without needing explicit credentials. This is the third fallback method if Azure CLI and Service Principal authentication are not available.
For Service Principal authentication:
gettopology --client-id "your-client-id" \
--client-secret "your-secret" \
--tenant-id "your-tenant-id"
Or use environment variables:
export AZURE_CLIENT_ID="your-client-id"
export AZURE_CLIENT_SECRET="your-secret"
export AZURE_TENANT_ID="your-tenant-id"
gettopology
Or create a .env file in your project directory:
# .env file
AZURE_CLIENT_ID=your-client-id
AZURE_CLIENT_SECRET=your-secret
AZURE_TENANT_ID=your-tenant-id
Priority order for Service Principal credentials:
- CLI arguments (
--client-id,--client-secret,--tenant-id) - Environment variables (
AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID) .envfile (in current directory or project root)
Output
The tool generates Draw.io (.drawio) format diagrams that can be opened in:
- Draw.io (web)
- diagrams.net (desktop)
- Visual Studio Code (with Draw.io extension)
Diagrams include:
- Hub and spoke VNets with visual distinction
- Peering connections with color-coded lines
- Subnet details within VNet boxes
- External VNets (cross-subscription/tenant peerings)
- Separate pages for hubless spokes and orphan VNets
Development
This project uses several code quality tools:
- Ruff: Fast Python linter and formatter
- mypy: Static type checker
- Bandit: Security vulnerability scanner
- pytest: Testing framework
To install development dependencies:
# Using uv (installs from [dependency-groups])
uv sync --group dev
# Or install in editable mode with dev dependencies
uv pip install -e ".[dev]"
Run code quality checks:
# Linting
uv run ruff check src/
# Type checking
uv run mypy src/
# Security scanning
uv run bandit -r src/ -c pyproject.toml
# Tests will be added on later version
uv run pytest tests/
License
This project is licensed under the MIT License - see the LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gettopology-0.1.0a2.tar.gz.
File metadata
- Download URL: gettopology-0.1.0a2.tar.gz
- Upload date:
- Size: 72.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb0900d4e84eab721b48ba19ea21a3a4705076b9d3d180d66cd015b16dd9bc55
|
|
| MD5 |
4334991a92a74f73b0d1e8a623086dad
|
|
| BLAKE2b-256 |
bbb44462f47d74e5c1319f2783acab6a2d069fafe4fe5c582d98abf4750f526e
|
File details
Details for the file gettopology-0.1.0a2-py3-none-any.whl.
File metadata
- Download URL: gettopology-0.1.0a2-py3-none-any.whl
- Upload date:
- Size: 80.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a495148ca1aa296d0490fc455142e9659b3d8f1b7ffca63a00357e265d08028c
|
|
| MD5 |
b448d631e6fac68dc46729885bbd3725
|
|
| BLAKE2b-256 |
9ddccd3c8a9c29fb418f16e912337465f52595bdb8e7cfd11b31fc69d4afb313
|
