[英]How to associate subnet to network security group in Azure using Python?
我有 python function,它創建了新的網絡安全組:
def createNetworkSecurityGroup(subscription, location, resourceGroupName, networkSecurityGroupName, headers):
print(f'Creating networking security group {networkSecurityGroupName}...')
# https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/createorupdate#examples
url = f'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}?api-version=2019-09-01'
data ={
"properties": {
"securityRules": [
{
"name": "CustomInBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "CustomOutBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Outbound"
}
},
]
},
"location": location
}
success = False
while not success:
try:
response = requests.put(url, headers=headers, data=str(data))
responseData = response.json()
if not responseData.get('id'):
print(responseData)
print(responseData.text)
print(responseData.headers)
else:
networkSecurityGroupId = responseData['id']
success = True
except Exception as e:
print(e)
return networkSecurityGroupId
如何將已經存在的子網關聯到這個新創建的 NSG? 是否可以修改這個 function 或者我必須創建另一個? 也許我應該使用 Azure CLI 但在 python 中?
在 Azure 門戶上,通過此頁面完成。
要將 NSG 關聯到現有子網,據我所知,有三種方法可以實現。
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": "xxxxxx",
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
client_id="xxxxx",
secret="xxxxx",
tenant="xxxxx"
)
network_client = NetworkManagementClient(credential, subscription_id)
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": networkSecurityGroupId ,
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)
您可以獲得有關子網的 SDK 的更多詳細信息。
import subprocess
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
cmd = f"az network vnet subnet update -g {resource_group_name} -n {subnet_name} --vnet-name {vnet_name} --network-security-group {networkSecurityGroupId} "
command = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = command.communicate()
您可以根據需要選擇一種方式。 並且在function中添加代碼或者再創建一個也可以。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.