如何使用python更新azure vm防火墙入站端口规则

Question

​

我希望使用python(自动)在入站端口规则中绑定/更新/白色地列出我的IP地址。

我通过了这个url！我所理解的

credentials = ServicePrincipalCredentials(
        client_id=os.environ['AZURE_CLIENT_ID'],
        secret=os.environ['AZURE_CLIENT_SECRET'],
        tenant=os.environ['AZURE_TENANT_ID']
    )
    resource_client = ResourceManagementClient(credentials, subscription_id)
    compute_client = ComputeManagementClient(credentials, subscription_id)
    storage_client = StorageManagementClient(credentials, subscription_id)
    network_client = NetworkManagementClient(credentials, subscription_id)


# Create VNet
    print('Create Vnet')
    async_vnet_creation = network_client.virtual_networks.create_or_update(
        GROUP_NAME,
        VNET_NAME,
        {
            'location': LOCATION,
            'address_space': {
                'address_prefixes': ['10.0.0.0/16']
            }
        }
    )
    async_vnet_creation.wait()

    # Create Subnet
    async_subnet_creation = network_client.subnets.create_or_update(
        GROUP_NAME,
        VNET_NAME,
        SUBNET_NAME,
        {'address_prefix': '10.0.0.0/24'}
    )
    subnet_info = async_subnet_creation.result()

    # Creating NIC
    print('Creating NetworkInterface 1')

    back_end_address_pool_id = lb_info.backend_address_pools[0].id

    inbound_nat_rule_1_id = lb_info.inbound_nat_rules[0].id
    async_nic1_creation = network_client.network_interfaces.create_or_update(
        GROUP_NAME,
        VMS_INFO[1]['nic_name'],
        create_nic_parameters(
            subnet_info.id, back_end_address_pool_id, inbound_nat_rule_1_id)
    )

    inbound_nat_rule_2_id = lb_info.inbound_nat_rules[1].id
    print('Creating NetworkInterface 2')
    async_nic2_creation = network_client.network_interfaces.create_or_update(
        GROUP_NAME,
        VMS_INFO[2]['nic_name'],
        create_nic_parameters(
            subnet_info.id, back_end_address_pool_id, inbound_nat_rule_2_id)
    )

    nic1_info = async_nic1_creation.result()
    nic2_info = async_nic2_creation.result()

但我没有找到一个地方添加ip，我想白名单。请在这方面提供帮助，或者告诉我如何使用python白名单我的IP？

Answer 1

如果要为现有NSG创建新的入站规则，可以使用以下脚本：

    from azure.common.credentials import ServicePrincipalCredentials
    from azure.mgmt.compute import ComputeManagementClient
    from azure.mgmt.network import NetworkManagementClient
    from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
    from azure.mgmt.network.v2017_03_01.models import SecurityRule
    from azure.mgmt.resource.resources import ResourceManagementClient

    subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
    credentials = ServicePrincipalCredentials(
        client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
        secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
        tenant = 'xxxxxx-xxxxxxx'
    )

    network_client = NetworkManagementClient(
        credentials,
        subscription_id
    )

    resource_client = ResourceManagementClient(
        credentials,
        subscription_id
    )

    resource_client.providers.register('Microsoft.Network')

    resource_group_name = 'test-rg'


    async_security_rule = network_client.security_rules.create_or_update(
    resource_group_name,
    security_group_name,
    new_security_rule_name,
    {
            'access':azure.mgmt.network.v2017_03_01.models.SecurityRuleAccess.allow,
            'description':'New Test security rule',
            'destination_address_prefix':'*',
            'destination_port_range':'123-3500',
            'direction':azure.mgmt.network.v2017_03_01.models.SecurityRuleDirection.inbound,
            'priority':400,
            'protocol':azure.mgmt.network.v2017_03_01.models.SecurityRuleProtocol.tcp,
            'source_address_prefix':'*',
            'source_port_range':'655',
    }
)

security_rule = async_security_rule.result()

有关更多细节，请参阅链接