如何使用 python 更新 azure vm 防火墙入站端口规则
how to update azure vm firewall inbound port rules using python
我想 bind/update/white 使用 python(自动)在入站端口规则中列出我的 IP 地址。
我经历了这个url!什么
我明白了
credentials = ServicePrincipalCredentials(
client_id=os.environ['AZURE_CLIENT_ID'],
secret=os.environ['AZURE_CLIENT_SECRET'],
tenant=os.environ['AZURE_TENANT_ID']
)
resource_client = ResourceManagementClient(credentials, subscription_id)
compute_client = ComputeManagementClient(credentials, subscription_id)
storage_client = StorageManagementClient(credentials, subscription_id)
network_client = NetworkManagementClient(credentials, subscription_id)
# Create VNet
print('Create Vnet')
async_vnet_creation = network_client.virtual_networks.create_or_update(
GROUP_NAME,
VNET_NAME,
{
'location': LOCATION,
'address_space': {
'address_prefixes': ['10.0.0.0/16']
}
}
)
async_vnet_creation.wait()
# Create Subnet
async_subnet_creation = network_client.subnets.create_or_update(
GROUP_NAME,
VNET_NAME,
SUBNET_NAME,
{'address_prefix': '10.0.0.0/24'}
)
subnet_info = async_subnet_creation.result()
# Creating NIC
print('Creating NetworkInterface 1')
back_end_address_pool_id = lb_info.backend_address_pools[0].id
inbound_nat_rule_1_id = lb_info.inbound_nat_rules[0].id
async_nic1_creation = network_client.network_interfaces.create_or_update(
GROUP_NAME,
VMS_INFO[1]['nic_name'],
create_nic_parameters(
subnet_info.id, back_end_address_pool_id, inbound_nat_rule_1_id)
)
inbound_nat_rule_2_id = lb_info.inbound_nat_rules[1].id
print('Creating NetworkInterface 2')
async_nic2_creation = network_client.network_interfaces.create_or_update(
GROUP_NAME,
VMS_INFO[2]['nic_name'],
create_nic_parameters(
subnet_info.id, back_end_address_pool_id, inbound_nat_rule_2_id)
)
nic1_info = async_nic1_creation.result()
nic2_info = async_nic2_creation.result()
但是我没有找到添加我想要加入白名单的ip的地方。
请帮忙解决这个问题
或者请告诉我如何使用 python azure SDK 将我的 IP 列入白名单?
如果要为现有 NSG 创建新的入站规则,可以使用以下脚本:
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
from azure.mgmt.resource.resources import ResourceManagementClient
subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
credentials = ServicePrincipalCredentials(
client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
tenant = 'xxxxxx-xxxxxxx'
)
network_client = NetworkManagementClient(
credentials,
subscription_id
)
resource_client = ResourceManagementClient(
credentials,
subscription_id
)
resource_client.providers.register('Microsoft.Network')
resource_group_name = 'test-rg'
async_security_rule = network_client.security_rules.create_or_update(
resource_group_name,
security_group_name,
new_security_rule_name,
{
'access':azure.mgmt.network.v2017_03_01.models.SecurityRuleAccess.allow,
'description':'New Test security rule',
'destination_address_prefix':'*',
'destination_port_range':'123-3500',
'direction':azure.mgmt.network.v2017_03_01.models.SecurityRuleDirection.inbound,
'priority':400,
'protocol':azure.mgmt.network.v2017_03_01.models.SecurityRuleProtocol.tcp,
'source_address_prefix':'*',
'source_port_range':'655',
}
)
security_rule = async_security_rule.result()
详情请参考link
我经历了这个url!什么 我明白了
credentials = ServicePrincipalCredentials(
client_id=os.environ['AZURE_CLIENT_ID'],
secret=os.environ['AZURE_CLIENT_SECRET'],
tenant=os.environ['AZURE_TENANT_ID']
)
resource_client = ResourceManagementClient(credentials, subscription_id)
compute_client = ComputeManagementClient(credentials, subscription_id)
storage_client = StorageManagementClient(credentials, subscription_id)
network_client = NetworkManagementClient(credentials, subscription_id)
# Create VNet
print('Create Vnet')
async_vnet_creation = network_client.virtual_networks.create_or_update(
GROUP_NAME,
VNET_NAME,
{
'location': LOCATION,
'address_space': {
'address_prefixes': ['10.0.0.0/16']
}
}
)
async_vnet_creation.wait()
# Create Subnet
async_subnet_creation = network_client.subnets.create_or_update(
GROUP_NAME,
VNET_NAME,
SUBNET_NAME,
{'address_prefix': '10.0.0.0/24'}
)
subnet_info = async_subnet_creation.result()
# Creating NIC
print('Creating NetworkInterface 1')
back_end_address_pool_id = lb_info.backend_address_pools[0].id
inbound_nat_rule_1_id = lb_info.inbound_nat_rules[0].id
async_nic1_creation = network_client.network_interfaces.create_or_update(
GROUP_NAME,
VMS_INFO[1]['nic_name'],
create_nic_parameters(
subnet_info.id, back_end_address_pool_id, inbound_nat_rule_1_id)
)
inbound_nat_rule_2_id = lb_info.inbound_nat_rules[1].id
print('Creating NetworkInterface 2')
async_nic2_creation = network_client.network_interfaces.create_or_update(
GROUP_NAME,
VMS_INFO[2]['nic_name'],
create_nic_parameters(
subnet_info.id, back_end_address_pool_id, inbound_nat_rule_2_id)
)
nic1_info = async_nic1_creation.result()
nic2_info = async_nic2_creation.result()
但是我没有找到添加我想要加入白名单的ip的地方。 请帮忙解决这个问题 或者请告诉我如何使用 python azure SDK 将我的 IP 列入白名单?
如果要为现有 NSG 创建新的入站规则,可以使用以下脚本:
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
from azure.mgmt.resource.resources import ResourceManagementClient
subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
credentials = ServicePrincipalCredentials(
client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
tenant = 'xxxxxx-xxxxxxx'
)
network_client = NetworkManagementClient(
credentials,
subscription_id
)
resource_client = ResourceManagementClient(
credentials,
subscription_id
)
resource_client.providers.register('Microsoft.Network')
resource_group_name = 'test-rg'
async_security_rule = network_client.security_rules.create_or_update(
resource_group_name,
security_group_name,
new_security_rule_name,
{
'access':azure.mgmt.network.v2017_03_01.models.SecurityRuleAccess.allow,
'description':'New Test security rule',
'destination_address_prefix':'*',
'destination_port_range':'123-3500',
'direction':azure.mgmt.network.v2017_03_01.models.SecurityRuleDirection.inbound,
'priority':400,
'protocol':azure.mgmt.network.v2017_03_01.models.SecurityRuleProtocol.tcp,
'source_address_prefix':'*',
'source_port_range':'655',
}
)
security_rule = async_security_rule.result()
详情请参考link