如何使用 Python 将子网关联到 Azure 中的网络安全组?
[英]How to associate subnet to network security group in Azure using Python?
问题描述
我有 python function,它创建了新的网络安全组:
def createNetworkSecurityGroup(subscription, location, resourceGroupName, networkSecurityGroupName, headers):
print(f'Creating networking security group {networkSecurityGroupName}...')
# https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/createorupdate#examples
url = f'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}?api-version=2019-09-01'
data ={
"properties": {
"securityRules": [
{
"name": "CustomInBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "CustomOutBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Outbound"
}
},
]
},
"location": location
}
success = False
while not success:
try:
response = requests.put(url, headers=headers, data=str(data))
responseData = response.json()
if not responseData.get('id'):
print(responseData)
print(responseData.text)
print(responseData.headers)
else:
networkSecurityGroupId = responseData['id']
success = True
except Exception as e:
print(e)
return networkSecurityGroupId
如何将已经存在的子网关联到这个新创建的 NSG? 是否可以修改这个 function 或者我必须创建另一个? 也许我应该使用 Azure CLI 但在 python 中?
在 Azure 门户上,通过此页面完成。
1 个解决方案
解决方案1
0 已采纳 2020-08-11 08:00:15
要将 NSG 关联到现有子网,据我所知,有三种方法可以实现。
- 我看到您使用 REST API 创建 NSG。 因此,您仍然可以在此处使用 REST API 来执行此操作,并在此处使用示例正文:
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": "xxxxxx",
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
- 您可以使用 Azure Python SDK 来做到这一点:
subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
client_id="xxxxx",
secret="xxxxx",
tenant="xxxxx"
)
network_client = NetworkManagementClient(credential, subscription_id)
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": networkSecurityGroupId ,
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)
您可以获得有关子网的 SDK 的更多详细信息。
- Azure CLI 也可以做到,您只需通过 python 代码运行 CLI 命令:
import subprocess
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
cmd = f"az network vnet subnet update -g {resource_group_name} -n {subnet_name} --vnet-name {vnet_name} --network-security-group {networkSecurityGroupId} "
command = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = command.communicate()
您可以根据需要选择一种方式。 并且在function中添加代码或者再创建一个也可以。
Azure Python SDK中创建网卡时如何指定网络安全组
[英]How to Specify Network Security Group When Creating NIC In Azure Python SDK
使用python部署网络安全组的问题:NetworkSecurityGroup'对象没有属性“ lower”
[英]Issues with Network security group deployment using python : NetworkSecurityGroup' object has no attribute 'lower'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何通过 Python SDK 创建 Azure 网络安全组
Python Boto:如何指定子网ID和安全组?
Azure Python SDK中创建网卡时如何指定网络安全组
如何在 python 中获取网络的所有可能子网 ID?
使用python部署网络安全组的问题:NetworkSecurityGroup'对象没有属性“ lower”
如何使用python boto获取给定安全组的资源?
使用python将NSG附加到子网
如何使用python列出应用于azure资源组的锁
如何使用 Python 锁定 Azure 资源组中的所有资源
如何使用 Python boto3 检索 VPC ID 和子网 ID?
相关标签