如何使用 python 更新 azure vm 防火牆入站端口規則

Question

我想使用 python（自動）在入站端口規則中綁定/更新/白名單我的 IP 地址。

我經歷了這個url ！ 以及我所理解的

credentials = ServicePrincipalCredentials(
        client_id=os.environ['AZURE_CLIENT_ID'],
        secret=os.environ['AZURE_CLIENT_SECRET'],
        tenant=os.environ['AZURE_TENANT_ID']
    )
    resource_client = ResourceManagementClient(credentials, subscription_id)
    compute_client = ComputeManagementClient(credentials, subscription_id)
    storage_client = StorageManagementClient(credentials, subscription_id)
    network_client = NetworkManagementClient(credentials, subscription_id)


# Create VNet
    print('Create Vnet')
    async_vnet_creation = network_client.virtual_networks.create_or_update(
        GROUP_NAME,
        VNET_NAME,
        {
            'location': LOCATION,
            'address_space': {
                'address_prefixes': ['10.0.0.0/16']
            }
        }
    )
    async_vnet_creation.wait()

    # Create Subnet
    async_subnet_creation = network_client.subnets.create_or_update(
        GROUP_NAME,
        VNET_NAME,
        SUBNET_NAME,
        {'address_prefix': '10.0.0.0/24'}
    )
    subnet_info = async_subnet_creation.result()

    # Creating NIC
    print('Creating NetworkInterface 1')

    back_end_address_pool_id = lb_info.backend_address_pools[0].id

    inbound_nat_rule_1_id = lb_info.inbound_nat_rules[0].id
    async_nic1_creation = network_client.network_interfaces.create_or_update(
        GROUP_NAME,
        VMS_INFO[1]['nic_name'],
        create_nic_parameters(
            subnet_info.id, back_end_address_pool_id, inbound_nat_rule_1_id)
    )

    inbound_nat_rule_2_id = lb_info.inbound_nat_rules[1].id
    print('Creating NetworkInterface 2')
    async_nic2_creation = network_client.network_interfaces.create_or_update(
        GROUP_NAME,
        VMS_INFO[2]['nic_name'],
        create_nic_parameters(
            subnet_info.id, back_end_address_pool_id, inbound_nat_rule_2_id)
    )

    nic1_info = async_nic1_creation.result()
    nic2_info = async_nic2_creation.result()

但我沒有找到添加我想列入白名單的 ip 的地方。 請對此提供幫助或請告訴如何使用 python azure ZF20E3C5E54C0AB3D3765D8966 將我的 IP 列入白名單

Answer 1

如果要為現有 NSG 創建新的入站規則，可以使用以下腳本：

    from azure.common.credentials import ServicePrincipalCredentials
    from azure.mgmt.compute import ComputeManagementClient
    from azure.mgmt.network import NetworkManagementClient
    from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
    from azure.mgmt.network.v2017_03_01.models import SecurityRule
    from azure.mgmt.resource.resources import ResourceManagementClient

    subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
    credentials = ServicePrincipalCredentials(
        client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
        secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
        tenant = 'xxxxxx-xxxxxxx'
    )

    network_client = NetworkManagementClient(
        credentials,
        subscription_id
    )

    resource_client = ResourceManagementClient(
        credentials,
        subscription_id
    )

    resource_client.providers.register('Microsoft.Network')

    resource_group_name = 'test-rg'


    async_security_rule = network_client.security_rules.create_or_update(
    resource_group_name,
    security_group_name,
    new_security_rule_name,
    {
            'access':azure.mgmt.network.v2017_03_01.models.SecurityRuleAccess.allow,
            'description':'New Test security rule',
            'destination_address_prefix':'*',
            'destination_port_range':'123-3500',
            'direction':azure.mgmt.network.v2017_03_01.models.SecurityRuleDirection.inbound,
            'priority':400,
            'protocol':azure.mgmt.network.v2017_03_01.models.SecurityRuleProtocol.tcp,
            'source_address_prefix':'*',
            'source_port_range':'655',
    }
)

security_rule = async_security_rule.result()

更多詳情，請參考鏈接