Admin Rules - Create Or Update

참조

Service:: Network Manager

API Version:: 2023-09-01

관리 규칙을 만들거나 업데이트합니다.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkManagers/{networkManagerName}/securityAdminConfigurations/{configurationName}/ruleCollections/{ruleCollectionName}/rules/{ruleName}?api-version=2023-09-01

URI 매개 변수

Name	In(다음 안에)	필수	형식	Description
configurationName	path	True	string	네트워크 관리자 보안 구성의 이름입니다.
networkManagerName	path	True	string	네트워크 관리자의 이름입니다.
resourceGroupName	path	True	string	리소스 그룹의 이름.
ruleCollectionName	path	True	string	네트워크 관리자 보안 구성 규칙 컬렉션의 이름입니다.
ruleName	path	True	string	규칙의 이름입니다.
subscriptionId	path	True	string	Microsoft Azure 구독을 고유하게 식별하는 구독 자격 증명입니다. 구독 ID는 모든 서비스 호출에 대한 URI의 파트를 형성합니다.
api-version	query	True	string	클라이언트 API 버전입니다.

요청 본문

요청 본문은 다음 중 하나가 될 수 있습니다.

Name	Description
AdminRule	네트워크 관리자 규칙.
DefaultAdminRule	네트워크 기본 관리자 규칙입니다.

AdminRule

네트워크 관리자 규칙.

Name	필수	형식	Description
kind	True	string: Custom	규칙이 사용자 지정 또는 기본값인지 여부입니다.
properties.access	True	SecurityConfigurationRuleAccess	이 특정 규칙에 허용되는 액세스를 나타냅니다.
properties.direction	True	SecurityConfigurationRuleDirection	트래픽이 인바운드 또는 아웃바운드의 규칙과 일치하는지 여부를 나타냅니다.
properties.priority	True	integer	규칙의 우선 순위입니다. 값은 1에서 4096 사이일 수 있습니다. 우선 순위 번호는 컬렉션의 각 규칙에 대해 고유해야 합니다. 우선 순위 번호가 낮을수록 규칙의 우선 순위가 높습니다.
properties.protocol	True	SecurityConfigurationRuleProtocol	이 규칙이 적용되는 네트워크 프로토콜입니다.
properties.description		string	이 규칙에 대한 설명입니다. 140자로 제한됩니다.
properties.destinationPortRanges		string[]	대상 포트 범위입니다.
properties.destinations		AddressPrefixItem[]	대상 주소 접두사입니다. CIDR 또는 대상 IP 범위.
properties.sourcePortRanges		string[]	원본 포트 범위입니다.
properties.sources		AddressPrefixItem[]	CIDR 또는 원본 IP 범위입니다.

DefaultAdminRule

네트워크 기본 관리자 규칙입니다.

Name	필수	형식	Description
kind	True	string: Default	규칙이 사용자 지정 또는 기본값인지 여부입니다.
properties.flag		string	기본 규칙 플래그입니다.

응답

Name	형식	Description
200 OK	BaseAdminRule: AdminRule DefaultAdminRule	업데이트된 규칙
201 Created	BaseAdminRule: AdminRule DefaultAdminRule	만든 규칙
Other Status Codes	CloudError	작업이 실패한 이유를 설명하는 오류 응답입니다.

보안

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	사용자 계정 가장

예제

Create a default admin rule

Create an admin rule

Create a default admin rule

Sample Request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule?api-version=2023-09-01

{
  "kind": "Default",
  "properties": {
    "flag": "AllowVnetInbound"
  }
}


import com.azure.resourcemanager.network.models.DefaultAdminRule;

/**
 * Samples for AdminRules CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * NetworkManagerDefaultAdminRulePut.json
     */
    /**
     * Sample code: Create a default admin rule.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createADefaultAdminRule(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getAdminRules().createOrUpdateWithResponse("rg1",
            "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleDefaultAdminRule",
            new DefaultAdminRule().withFlag("AllowVnetInbound"), com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python network_manager_default_admin_rule_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="00000000-0000-0000-0000-000000000000",
    )

    response = client.admin_rules.create_or_update(
        resource_group_name="rg1",
        network_manager_name="testNetworkManager",
        configuration_name="myTestSecurityConfig",
        rule_collection_name="testRuleCollection",
        rule_name="SampleDefaultAdminRule",
        admin_rule={"kind": "Default", "properties": {"flag": "AllowVnetInbound"}},
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
func ExampleAdminRulesClient_CreateOrUpdate_createADefaultAdminRule() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdminRulesClient().CreateOrUpdate(ctx, "rg1", "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleDefaultAdminRule", &armnetwork.DefaultAdminRule{
		Kind: to.Ptr(armnetwork.AdminRuleKindDefault),
		Properties: &armnetwork.DefaultAdminPropertiesFormat{
			Flag: to.Ptr("AllowVnetInbound"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armnetwork.AdminRulesClientCreateOrUpdateResponse{
	// 	                            BaseAdminRuleClassification: &armnetwork.DefaultAdminRule{
	// 		Name: to.Ptr("SampleDefaultAdminRule"),
	// 		Type: to.Ptr("Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules"),
	// 		ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule"),
	// 		Kind: to.Ptr(armnetwork.AdminRuleKindDefault),
	// 		SystemData: &armnetwork.SystemData{
	// 			CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			CreatedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 			LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			LastModifiedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 		},
	// 		Properties: &armnetwork.DefaultAdminPropertiesFormat{
	// 			Description: to.Ptr("This is Sample Default Admin Rule"),
	// 			Access: to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
	// 			DestinationPortRanges: []*string{
	// 				to.Ptr("22")},
	// 				Destinations: []*armnetwork.AddressPrefixItem{
	// 					{
	// 						AddressPrefix: to.Ptr("*"),
	// 						AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
	// 				}},
	// 				Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
	// 				Flag: to.Ptr("AllowVnetInbound"),
	// 				Priority: to.Ptr[int32](1),
	// 				ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 				ResourceGUID: to.Ptr("00000000-0000-0000-0000-000000000000"),
	// 				SourcePortRanges: []*string{
	// 					to.Ptr("0-65535")},
	// 					Sources: []*armnetwork.AddressPrefixItem{
	// 						{
	// 							AddressPrefix: to.Ptr("Internet"),
	// 							AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
	// 					}},
	// 					Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
	// 				},
	// 			},
	// 			                        }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an admin rule.
 *
 * @summary Creates or updates an admin rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
 */
async function createADefaultAdminRule() {
  const subscriptionId =
    process.env["NETWORK_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkManagerName = "testNetworkManager";
  const configurationName = "myTestSecurityConfig";
  const ruleCollectionName = "testRuleCollection";
  const ruleName = "SampleDefaultAdminRule";
  const adminRule = {
    flag: "AllowVnetInbound",
    kind: "Default",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.adminRules.createOrUpdate(
    resourceGroupName,
    networkManagerName,
    configurationName,
    ruleCollectionName,
    ruleName,
    adminRule,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
// this example is just showing the usage of "AdminRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this BaseAdminRuleResource created on azure
// for more information of creating BaseAdminRuleResource, please refer to the document of BaseAdminRuleResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
string networkManagerName = "testNetworkManager";
string configurationName = "myTestSecurityConfig";
string ruleCollectionName = "testRuleCollection";
string ruleName = "SampleDefaultAdminRule";
ResourceIdentifier baseAdminRuleResourceId = BaseAdminRuleResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkManagerName, configurationName, ruleCollectionName, ruleName);
BaseAdminRuleResource baseAdminRule = client.GetBaseAdminRuleResource(baseAdminRuleResourceId);

// invoke the operation
BaseAdminRuleData data = new NetworkDefaultAdminRule()
{
    Flag = "AllowVnetInbound",
};
ArmOperation<BaseAdminRuleResource> lro = await baseAdminRule.UpdateAsync(WaitUntil.Completed, data);
BaseAdminRuleResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
BaseAdminRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleDefaultAdminRule",
  "kind": "Default",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "flag": "AllowVnetInbound",
    "description": "This is Sample Default Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

Status code:: 201

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleDefaultAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleDefaultAdminRule",
  "kind": "Default",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "flag": "AllowVnetInbound",
    "description": "This is Sample Default Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

Create an admin rule

Sample Request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule?api-version=2023-09-01

{
  "kind": "Custom",
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound"
  }
}


import com.azure.resourcemanager.network.models.AddressPrefixItem;
import com.azure.resourcemanager.network.models.AddressPrefixType;
import com.azure.resourcemanager.network.models.AdminRule;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleAccess;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleDirection;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleProtocol;
import java.util.Arrays;

/**
 * Samples for AdminRules CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.
     * json
     */
    /**
     * Sample code: Create an admin rule.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createAnAdminRule(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getAdminRules().createOrUpdateWithResponse("rg1",
            "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule",
            new AdminRule().withDescription("This is Sample Admin Rule")
                .withProtocol(SecurityConfigurationRuleProtocol.TCP)
                .withSources(Arrays.asList(new AddressPrefixItem().withAddressPrefix("Internet")
                    .withAddressPrefixType(AddressPrefixType.SERVICE_TAG)))
                .withDestinations(Arrays.asList(
                    new AddressPrefixItem().withAddressPrefix("*").withAddressPrefixType(AddressPrefixType.IPPREFIX)))
                .withSourcePortRanges(Arrays.asList("0-65535")).withDestinationPortRanges(Arrays.asList("22"))
                .withAccess(SecurityConfigurationRuleAccess.DENY).withPriority(1)
                .withDirection(SecurityConfigurationRuleDirection.INBOUND),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python network_manager_admin_rule_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="00000000-0000-0000-0000-000000000000",
    )

    response = client.admin_rules.create_or_update(
        resource_group_name="rg1",
        network_manager_name="testNetworkManager",
        configuration_name="myTestSecurityConfig",
        rule_collection_name="testRuleCollection",
        rule_name="SampleAdminRule",
        admin_rule={
            "kind": "Custom",
            "properties": {
                "access": "Deny",
                "description": "This is Sample Admin Rule",
                "destinationPortRanges": ["22"],
                "destinations": [{"addressPrefix": "*", "addressPrefixType": "IPPrefix"}],
                "direction": "Inbound",
                "priority": 1,
                "protocol": "Tcp",
                "sourcePortRanges": ["0-65535"],
                "sources": [{"addressPrefix": "Internet", "addressPrefixType": "ServiceTag"}],
            },
        },
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
func ExampleAdminRulesClient_CreateOrUpdate_createAnAdminRule() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdminRulesClient().CreateOrUpdate(ctx, "rg1", "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule", &armnetwork.AdminRule{
		Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
		Properties: &armnetwork.AdminPropertiesFormat{
			Description: to.Ptr("This is Sample Admin Rule"),
			Access:      to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
			DestinationPortRanges: []*string{
				to.Ptr("22")},
			Destinations: []*armnetwork.AddressPrefixItem{
				{
					AddressPrefix:     to.Ptr("*"),
					AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
				}},
			Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
			Priority:  to.Ptr[int32](1),
			SourcePortRanges: []*string{
				to.Ptr("0-65535")},
			Sources: []*armnetwork.AddressPrefixItem{
				{
					AddressPrefix:     to.Ptr("Internet"),
					AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
				}},
			Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armnetwork.AdminRulesClientCreateOrUpdateResponse{
	// 	                            BaseAdminRuleClassification: &armnetwork.AdminRule{
	// 		Name: to.Ptr("SampleAdminRule"),
	// 		Type: to.Ptr("Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules"),
	// 		ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule"),
	// 		Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
	// 		SystemData: &armnetwork.SystemData{
	// 			CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			CreatedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 			LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			LastModifiedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 		},
	// 		Properties: &armnetwork.AdminPropertiesFormat{
	// 			Description: to.Ptr("This is Sample Admin Rule"),
	// 			Access: to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
	// 			DestinationPortRanges: []*string{
	// 				to.Ptr("22")},
	// 				Destinations: []*armnetwork.AddressPrefixItem{
	// 					{
	// 						AddressPrefix: to.Ptr("*"),
	// 						AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
	// 				}},
	// 				Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
	// 				Priority: to.Ptr[int32](1),
	// 				ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 				ResourceGUID: to.Ptr("00000000-0000-0000-0000-000000000000"),
	// 				SourcePortRanges: []*string{
	// 					to.Ptr("0-65535")},
	// 					Sources: []*armnetwork.AddressPrefixItem{
	// 						{
	// 							AddressPrefix: to.Ptr("Internet"),
	// 							AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
	// 					}},
	// 					Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
	// 				},
	// 			},
	// 			                        }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an admin rule.
 *
 * @summary Creates or updates an admin rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
 */
async function createAnAdminRule() {
  const subscriptionId =
    process.env["NETWORK_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkManagerName = "testNetworkManager";
  const configurationName = "myTestSecurityConfig";
  const ruleCollectionName = "testRuleCollection";
  const ruleName = "SampleAdminRule";
  const adminRule = {
    description: "This is Sample Admin Rule",
    access: "Deny",
    destinationPortRanges: ["22"],
    destinations: [{ addressPrefix: "*", addressPrefixType: "IPPrefix" }],
    direction: "Inbound",
    kind: "Custom",
    priority: 1,
    sourcePortRanges: ["0-65535"],
    sources: [{ addressPrefix: "Internet", addressPrefixType: "ServiceTag" }],
    protocol: "Tcp",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.adminRules.createOrUpdate(
    resourceGroupName,
    networkManagerName,
    configurationName,
    ruleCollectionName,
    ruleName,
    adminRule,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
// this example is just showing the usage of "AdminRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this BaseAdminRuleResource created on azure
// for more information of creating BaseAdminRuleResource, please refer to the document of BaseAdminRuleResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
string networkManagerName = "testNetworkManager";
string configurationName = "myTestSecurityConfig";
string ruleCollectionName = "testRuleCollection";
string ruleName = "SampleAdminRule";
ResourceIdentifier baseAdminRuleResourceId = BaseAdminRuleResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkManagerName, configurationName, ruleCollectionName, ruleName);
BaseAdminRuleResource baseAdminRule = client.GetBaseAdminRuleResource(baseAdminRuleResourceId);

// invoke the operation
BaseAdminRuleData data = new NetworkAdminRule()
{
    Description = "This is Sample Admin Rule",
    Protocol = SecurityConfigurationRuleProtocol.Tcp,
    Sources =
    {
    new AddressPrefixItem()
    {
    AddressPrefix = "Internet",
    AddressPrefixType = AddressPrefixType.ServiceTag,
    }
    },
    Destinations =
    {
    new AddressPrefixItem()
    {
    AddressPrefix = "*",
    AddressPrefixType = AddressPrefixType.IPPrefix,
    }
    },
    SourcePortRanges =
    {
    "0-65535"
    },
    DestinationPortRanges =
    {
    "22"
    },
    Access = SecurityConfigurationRuleAccess.Deny,
    Priority = 1,
    Direction = SecurityConfigurationRuleDirection.Inbound,
};
ArmOperation<BaseAdminRuleResource> lro = await baseAdminRule.UpdateAsync(WaitUntil.Completed, data);
BaseAdminRuleResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
BaseAdminRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

Status code:: 201

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

정의

Name	Description
AddressPrefixItem	주소 접두사 항목입니다.
AddressPrefixType	주소 접두사 유형입니다.
AdminRule	네트워크 관리자 규칙.
CloudError	서비스의 오류 응답입니다.
CloudErrorBody	서비스의 오류 응답입니다.
createdByType	리소스를 만든 ID 유형입니다.
DefaultAdminRule	네트워크 기본 관리자 규칙입니다.
ProvisioningState	현재 프로비저닝 상태입니다.
SecurityConfigurationRuleAccess	네트워크 트래픽이 허용되는지 아니면 거부되는지 여부입니다.
SecurityConfigurationRuleDirection	규칙의 방향입니다. 방향은 들어오는 트래픽 또는 나가는 트래픽에서 규칙을 평가할지 여부를 지정합니다.
SecurityConfigurationRuleProtocol	이 규칙이 적용되는 네트워크 프로토콜입니다.
SystemData	리소스 만들기 및 마지막 수정과 관련된 메타데이터입니다.

AddressPrefixItem

주소 접두사 항목입니다.

Name	형식	Description
addressPrefix	string	주소 접두사입니다.
addressPrefixType	AddressPrefixType	주소 접두사 유형입니다.

AddressPrefixType

주소 접두사 유형입니다.

Name	형식	Description
IPPrefix	string
ServiceTag	string

AdminRule

네트워크 관리자 규칙.

Name	형식	Description
etag	string	리소스를 업데이트할 때마다 변경되는 고유한 읽기 전용 문자열입니다.
id	string	리소스 ID입니다.
kind	string: Custom	규칙이 사용자 지정 또는 기본값인지 여부입니다.
name	string	리소스 이름입니다.
properties.access	SecurityConfigurationRuleAccess	이 특정 규칙에 허용되는 액세스를 나타냅니다.
properties.description	string	이 규칙에 대한 설명입니다. 140자로 제한됩니다.
properties.destinationPortRanges	string[]	대상 포트 범위입니다.
properties.destinations	AddressPrefixItem[]	대상 주소 접두사입니다. CIDR 또는 대상 IP 범위.
properties.direction	SecurityConfigurationRuleDirection	트래픽이 인바운드 또는 아웃바운드의 규칙과 일치하는지 여부를 나타냅니다.
properties.priority	integer	규칙의 우선 순위입니다. 값은 1에서 4096 사이일 수 있습니다. 우선 순위 번호는 컬렉션의 각 규칙에 대해 고유해야 합니다. 우선 순위 번호가 낮을수록 규칙의 우선 순위가 높습니다.
properties.protocol	SecurityConfigurationRuleProtocol	이 규칙이 적용되는 네트워크 프로토콜입니다.
properties.provisioningState	ProvisioningState	리소스의 프로비전 상태입니다.
properties.resourceGuid	string	이 리소스의 고유 식별자입니다.
properties.sourcePortRanges	string[]	원본 포트 범위입니다.
properties.sources	AddressPrefixItem[]	CIDR 또는 원본 IP 범위입니다.
systemData	SystemData	이 리소스와 관련된 시스템 메타데이터입니다.
type	string	리소스 종류.

CloudError

서비스의 오류 응답입니다.

Name	형식	Description
error	CloudErrorBody	클라우드 오류 본문.

CloudErrorBody

서비스의 오류 응답입니다.

Name	형식	Description
code	string	오류의 식별자입니다. 코드는 고정이며 프로그래밍 방식으로 사용하기 위한 것입니다.
details	CloudErrorBody[]	오류에 대한 추가 세부 정보 목록입니다.
message	string	사용자 인터페이스에 표시하기에 적합한 오류를 설명하는 메시지입니다.
target	string	특정 오류의 대상입니다. 예를 들어 오류에 있는 속성의 이름입니다.

createdByType

리소스를 만든 ID 유형입니다.

Name	형식	Description
Application	string
Key	string
ManagedIdentity	string
User	string

DefaultAdminRule

네트워크 기본 관리자 규칙입니다.

Name	형식	Description
etag	string	리소스를 업데이트할 때마다 변경되는 고유한 읽기 전용 문자열입니다.
id	string	리소스 ID입니다.
kind	string: Default	규칙이 사용자 지정 또는 기본값인지 여부입니다.
name	string	리소스 이름입니다.
properties.access	SecurityConfigurationRuleAccess	이 특정 규칙에 허용되는 액세스를 나타냅니다.
properties.description	string	이 규칙에 대한 설명입니다. 140자로 제한됩니다.
properties.destinationPortRanges	string[]	대상 포트 범위입니다.
properties.destinations	AddressPrefixItem[]	대상 주소 접두사입니다. CIDR 또는 대상 IP 범위.
properties.direction	SecurityConfigurationRuleDirection	트래픽이 인바운드 또는 아웃바운드의 규칙과 일치하는지 여부를 나타냅니다.
properties.flag	string	기본 규칙 플래그입니다.
properties.priority	integer	규칙의 우선 순위입니다. 값은 1에서 4096 사이일 수 있습니다. 우선 순위 번호는 컬렉션의 각 규칙에 대해 고유해야 합니다. 우선 순위 번호가 낮을수록 규칙의 우선 순위가 높습니다.
properties.protocol	SecurityConfigurationRuleProtocol	이 규칙이 적용되는 네트워크 프로토콜입니다.
properties.provisioningState	ProvisioningState	리소스의 프로비전 상태입니다.
properties.resourceGuid	string	이 리소스의 고유 식별자입니다.
properties.sourcePortRanges	string[]	원본 포트 범위입니다.
properties.sources	AddressPrefixItem[]	CIDR 또는 원본 IP 범위입니다.
systemData	SystemData	이 리소스와 관련된 시스템 메타데이터입니다.
type	string	리소스 종류.

ProvisioningState

현재 프로비저닝 상태입니다.

Name	형식	Description
Deleting	string
Failed	string
Succeeded	string
Updating	string

SecurityConfigurationRuleAccess

네트워크 트래픽이 허용되는지 아니면 거부되는지 여부입니다.

Name	형식	Description
Allow	string
AlwaysAllow	string
Deny	string

SecurityConfigurationRuleDirection

규칙의 방향입니다. 방향은 들어오는 트래픽 또는 나가는 트래픽에서 규칙을 평가할지 여부를 지정합니다.

Name	형식	Description
Inbound	string
Outbound	string

SecurityConfigurationRuleProtocol

이 규칙이 적용되는 네트워크 프로토콜입니다.

Name	형식	Description
Ah	string
Any	string
Esp	string
Icmp	string
Tcp	string
Udp	string

SystemData

리소스 만들기 및 마지막 수정과 관련된 메타데이터입니다.

Name	형식	Description
createdAt	string	UTC(리소스 만들기)의 타임스탬프입니다.
createdBy	string	리소스를 만든 ID입니다.
createdByType	createdByType	리소스를 만든 ID 유형입니다.
lastModifiedAt	string	리소스를 마지막으로 수정한 ID 유형입니다.
lastModifiedBy	string	리소스를 마지막으로 수정한 ID입니다.
lastModifiedByType	createdByType	리소스를 마지막으로 수정한 ID 유형입니다.

Admin Rules - Create Or Update

URI 매개 변수

요청 본문

AdminRule

DefaultAdminRule

응답

보안

azure_auth

Scopes

예제

Create a default admin rule

Sample Request

Sample Response

Create an admin rule

Sample Request

Sample Response

정의

AddressPrefixItem

AddressPrefixType

AdminRule

CloudError

CloudErrorBody

createdByType

DefaultAdminRule

ProvisioningState

SecurityConfigurationRuleAccess

SecurityConfigurationRuleDirection

SecurityConfigurationRuleProtocol

SystemData

추가 리소스