如何使用 Python 将子网关联到 Azure 中的网络安全组?
[英]How to associate subnet to network security group in Azure using Python?
问题描述
I have python function, which creates new Network Security Group:
我有 python function,它创建了新的网络安全组:
def createNetworkSecurityGroup(subscription, location, resourceGroupName, networkSecurityGroupName, headers):
print(f'Creating networking security group {networkSecurityGroupName}...')
# https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/createorupdate#examples
url = f'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}?api-version=2019-09-01'
data ={
"properties": {
"securityRules": [
{
"name": "CustomInBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "CustomOutBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Outbound"
}
},
]
},
"location": location
}
success = False
while not success:
try:
response = requests.put(url, headers=headers, data=str(data))
responseData = response.json()
if not responseData.get('id'):
print(responseData)
print(responseData.text)
print(responseData.headers)
else:
networkSecurityGroupId = responseData['id']
success = True
except Exception as e:
print(e)
return networkSecurityGroupId
How can I associate the already existing subnet to this newly created NSG?如何将已经存在的子网关联到这个新创建的 NSG? Is it possible to modify this function or do I have to create another one?是否可以修改这个 function 或者我必须创建另一个? Maybe I should use Azure CLI but in python?也许我应该使用 Azure CLI 但在 python 中?
On Azure Portal, it is done via this page .在 Azure 门户上,通过此页面完成。
1 个解决方案
解决方案1
0 已采纳 2020-08-11 08:00:15
To associate the NSG to an existing subnet, there are three ways to do it as I know.要将 NSG 关联到现有子网,据我所知,有三种方法可以实现。
- I see you use the REST API to create the NSG.我看到您使用 REST API 创建 NSG。 So you can still use the REST API here to do it, and an example body here:因此,您仍然可以在此处使用 REST API 来执行此操作,并在此处使用示例正文:
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": "xxxxxx",
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
- You can use the Azure Python SDK to do it:您可以使用 Azure Python SDK 来做到这一点:
subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
client_id="xxxxx",
secret="xxxxx",
tenant="xxxxx"
)
network_client = NetworkManagementClient(credential, subscription_id)
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": networkSecurityGroupId ,
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)
You can get more details about the SDK for subnets .您可以获得有关子网的 SDK 的更多详细信息。
- The Azure CLI can also do it, you just need to run the CLI command via python code: Azure CLI 也可以做到,您只需通过 python 代码运行 CLI 命令:
import subprocess
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
cmd = f"az network vnet subnet update -g {resource_group_name} -n {subnet_name} --vnet-name {vnet_name} --network-security-group {networkSecurityGroupId} "
command = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = command.communicate()
You can choose one way as you want.您可以根据需要选择一种方式。 And it's ok if you add the code in the function or create another one.并且在function中添加代码或者再创建一个也可以。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何通过 Python SDK 创建 Azure 网络安全组 - How to create Azure Network Security Group via Python SDK
Python Boto:如何指定子网ID和安全组? - Python Boto: How do you specify a subnet id AND a security group?
Azure Python SDK中创建网卡时如何指定网络安全组 - How to Specify Network Security Group When Creating NIC In Azure Python SDK
如何在 python 中获取网络的所有可能子网 ID? - How to get all possible subnet ID of a network in python?
使用python部署网络安全组的问题:NetworkSecurityGroup'对象没有属性“ lower” - Issues with Network security group deployment using python : NetworkSecurityGroup' object has no attribute 'lower'
如何使用python boto获取给定安全组的资源? - How to get the resource for a given security group using python boto?
使用python将NSG附加到子网 - Attaching NSG to Subnet using python
如何使用python列出应用于azure资源组的锁 - How to list locks applied on azure resource group using python
如何使用 Python 锁定 Azure 资源组中的所有资源 - How to lock all resources in an Azure Resource group using Python
如何使用 Python boto3 检索 VPC ID 和子网 ID? - How to Retrieve VPC ID and Subnet ID Using Python boto3?
相关标签