python - 如何使用 Python 将子网关联到 Azure 中的网络安全组?
问题描述
我有 python 函数,它创建新的网络安全组:
def createNetworkSecurityGroup(subscription, location, resourceGroupName, networkSecurityGroupName, headers):
print(f'Creating networking security group {networkSecurityGroupName}...')
# https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/createorupdate#examples
url = f'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}?api-version=2019-09-01'
data ={
"properties": {
"securityRules": [
{
"name": "CustomInBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "CustomOutBound",
"properties": {
"protocol": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"destinationPortRange": "*",
"sourcePortRange": "*",
"priority": 100,
"direction": "Outbound"
}
},
]
},
"location": location
}
success = False
while not success:
try:
response = requests.put(url, headers=headers, data=str(data))
responseData = response.json()
if not responseData.get('id'):
print(responseData)
print(responseData.text)
print(responseData.headers)
else:
networkSecurityGroupId = responseData['id']
success = True
except Exception as e:
print(e)
return networkSecurityGroupId
如何将已经存在的子网关联到这个新创建的 NSG?是否可以修改此功能或者我必须创建另一个?也许我应该使用 Azure CLI 但在 python 中?
在 Azure 门户上,它是通过这个页面完成的。
解决方案
要将 NSG 关联到现有子网,据我所知,有三种方法可以实现。
- 我看到您使用 REST API 创建 NSG。因此,您仍然可以在此处使用 REST API来执行此操作,并在此处使用示例正文:
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": "xxxxxx",
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
- 您可以使用 Azure Python SDK 来执行此操作:
subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
client_id="xxxxx",
secret="xxxxx",
tenant="xxxxx"
)
network_client = NetworkManagementClient(credential, subscription_id)
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
"properties": {
"addressSpace": {
"addressPrefixes": [
"172.17.0.0/24"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "172.17.0.0/24",
"networkSecurityGroup": {
"id": networkSecurityGroupId ,
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)
您可以获得有关子网SDK 的更多详细信息。
- Azure CLI 也可以,你只需要通过 python 代码运行 CLI 命令:
import subprocess
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
cmd = f"az network vnet subnet update -g {resource_group_name} -n {subnet_name} --vnet-name {vnet_name} --network-security-group {networkSecurityGroupId} "
command = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = command.communicate()
您可以根据需要选择一种方式。如果在函数中添加代码或创建另一个代码也可以。
推荐阅读
- python - 按参数提示进行类型转换
- r - 如何使用新添加的列以闪亮的方式呈现输出
- excel - SaveAs2 输出文件的编码错误
- google-sheets - 在 Google 表格中,如何使一列的值成为另一列但已排序?
- google-cloud-platform - GCP 存储桶中的 Zip 文件夹
- wordpress - 将分页重定向到网站 Wordpress 中的基本 URL
- html - HTML 表格中的双击、三次单击行为
- ios - 加载具有多种配置的不同 .xcassets(.xcconfig 文件)
- javascript - 如何限制用户输入低于某个值的值?
- ios - 为什么不支持带有来自 Storyboard 本地化的属性字符串的 UILabel?