使用 Azure python sdk 创建 NSG 不使用安全规则

Question

我在用

\n\n

\xce\xbb pip show azure\nName: azure\nVersion: 2.0.0

\n\n

我想创建一个具有特定安全规则的 NSG。我有以下代码。

\n\n

````

\n\n

from azure.mgmt.compute import ComputeManagementClient\nfrom azure.mgmt.network import NetworkManagementClient\nfrom azure.common.credentials import ServicePrincipalCredentials\nfrom azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup\nfrom azure.mgmt.network.v2017_03_01.models import SecurityRule\nsubscription_id = \'my-id\'\ncredentials = ...\n\ncompute_client = ComputeManagementClient(\n    credentials,\n    subscription_id\n)\n\nnetwork_client = NetworkManagementClient(\n    credentials,\n    subscription_id\n)\nfrom azure.mgmt.resource.resources import ResourceManagementClient\n\nresource_client = ResourceManagementClient(\n    credentials,\n    subscription_id\n)\nresource_client.providers.register(\'Microsoft.Compute\')\nresource_client.providers.register(\'Microsoft.Network\')\n\nresource_group_name = \'test-rg\'\n\nsecurity_rule = SecurityRule( protocol=\'Tcp\', source_address_prefix=\'Internet\', \n                              source_port_range="*", destination_port_range="3389", priority=100,\n                              destination_address_prefix=\'*\', access=\'Allow\', direction=\'Inbound\')\nnsg_params = NetworkSecurityGroup(id=\'test-nsg\', location=\'UK South\', tags={ \'name\' : \'testnsg\' })\nnetwork_client.network_security_groups.create_or_update(resource_group_name, "test-nsg", parameters=nsg_params, security_rules=[security_rule])\n

\n\n

这确实使 NSG 很好，但未能创建适当的规则。

\n\n

我缺少什么？

\n

Answer 1

我们可以使用这个脚本来实现它：

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
from azure.mgmt.resource.resources import ResourceManagementClient

subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
credentials = ServicePrincipalCredentials(
    client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
    secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
    tenant = 'xxxxxx-xxxxxxx'
)

compute_client = ComputeManagementClient(
    credentials,
    subscription_id
)

network_client = NetworkManagementClient(
    credentials,
    subscription_id
)

resource_client = ResourceManagementClient(
    credentials,
    subscription_id
)
resource_client.providers.register('Microsoft.Compute')
resource_client.providers.register('Microsoft.Network')

resource_group_name = 'test-rg'


parameters = NetworkSecurityGroup()
parameters.location = 'UK South'

parameters.security_rules = [SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389',
                                 source_port_range='*', destination_port_range='3389', priority=100, name='RDP01')]   


network_client.network_security_groups.create_or_update(resource_group_name, "test-nsg", parameters)

network_client.network_security_groups.create_or_update只有三个值：resource_group、security_group_name和parameters。

有关更多信息network_client.network_security_groups.create_or_update，请参考此链接。