[英]How to associate subnet to network security group in Azure using Python?
I have python function, which creates new Network Security Group:我有 python function,它创建了新的网络安全组:
def createNetworkSecurityGroup(subscription, location, resourceGroupName, networkSecurityGroupName, headers):
print(f'Creating networking security group {networkSecurityGroupName}...')
# https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/createorupdate#examples
url = f'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}?api-version=2019-09-01'
data ={
"properties": {
"securityRules": [
{
"name": "CustomInBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "CustomOutBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Outbound"
}
},
]
},
"location": location
}
success = False
while not success:
try:
response = requests.put(url, headers=headers, data=str(data))
responseData = response.json()
if not responseData.get('id'):
print(responseData)
print(responseData.text)
print(responseData.headers)
else:
networkSecurityGroupId = responseData['id']
success = True
except Exception as e:
print(e)
return networkSecurityGroupId
How can I associate the already existing subnet to this newly created NSG?如何将已经存在的子网关联到这个新创建的 NSG? Is it possible to modify this function or do I have to create another one?
是否可以修改这个 function 或者我必须创建另一个? Maybe I should use Azure CLI but in python?
也许我应该使用 Azure CLI 但在 python 中?
On Azure Portal, it is done via this page .在 Azure 门户上,通过此页面完成。
To associate the NSG to an existing subnet, there are three ways to do it as I know.要将 NSG 关联到现有子网,据我所知,有三种方法可以实现。
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": "xxxxxx",
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
client_id="xxxxx",
secret="xxxxx",
tenant="xxxxx"
)
network_client = NetworkManagementClient(credential, subscription_id)
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": networkSecurityGroupId ,
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)
You can get more details about the SDK for subnets .您可以获得有关子网的 SDK 的更多详细信息。
import subprocess
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
cmd = f"az network vnet subnet update -g {resource_group_name} -n {subnet_name} --vnet-name {vnet_name} --network-security-group {networkSecurityGroupId} "
command = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = command.communicate()
You can choose one way as you want.您可以根据需要选择一种方式。 And it's ok if you add the code in the function or create another one.
并且在function中添加代码或者再创建一个也可以。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.