Admin Rules - Create Or Update

Serviço:

Network Manager

Versão da API:

2024-05-01

Cria ou atualiza uma regra de administrador.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkManagers/{networkManagerName}/securityAdminConfigurations/{configurationName}/ruleCollections/{ruleCollectionName}/rules/{ruleName}?api-version=2024-05-01

Parâmetros de URI

Nome	Em	Obrigatório	Tipo	Description
configurationName	path	True	string	O nome da Configuração de Segurança do gerenciador de rede.
networkManagerName	path	True	string pattern: ^[0-9a-zA-Z]([0-9a-zA-Z_.-]{0,62}[0-9a-zA-Z_])?$	O nome do gerenciador de rede.
resourceGroupName	path	True	string	O nome do grupo de recursos.
ruleCollectionName	path	True	string	O nome da coleção de regras de configuração de segurança do gerenciador de rede.
ruleName	path	True	string	O nome da regra.
subscriptionId	path	True	string	As credenciais de assinatura que identificam exclusivamente a assinatura do Microsoft Azure. A ID da assinatura faz parte do URI para cada chamada de serviço.
api-version	query	True	string	Versão da API do cliente.

Corpo da solicitação

O corpo da solicitação pode ser um dos seguintes:

Nome	Description
AdminRule	Regra de administrador de rede.
DefaultAdminRule	Regra de administrador padrão de rede.

AdminRule

Regra de administrador de rede.

Nome	Obrigatório	Tipo	Description
kind	True	string: Custom	Se a regra é personalizada ou padrão.
properties.access	True	SecurityConfigurationRuleAccess	Indica o acesso permitido para esta regra específica
properties.direction	True	SecurityConfigurationRuleDirection	Indica se o tráfego correspondeu à regra de entrada ou saída.
properties.priority	True	integer (int32) minimum: 1 maximum: 4096	A prioridade da regra. O valor pode estar entre 1 e 4096. O número de prioridade deve ser exclusivo para cada regra na coleção. Quanto menor o número de prioridade, maior a prioridade da regra.
properties.protocol	True	SecurityConfigurationRuleProtocol	Protocolo de rede ao qual essa regra se aplica.
properties.description		string	Uma descrição para essa regra. Restrito a 140 chars.
properties.destinationPortRanges		string[]	Os intervalos de porta de destino.
properties.destinations		AddressPrefixItem[]	Os prefixos de endereço de destino. Intervalos DE IP de destino ou CIDR.
properties.sourcePortRanges		string[]	Os intervalos de porta de origem.
properties.sources		AddressPrefixItem[]	Os intervalos DE IP de origem ou CIDR.

DefaultAdminRule

Regra de administrador padrão de rede.

Nome	Obrigatório	Tipo	Description
kind	True	string: Default	Se a regra é personalizada ou padrão.
properties.flag		string	Sinalizador de regra padrão.

Respostas

Nome	Tipo	Description
200 OK	BaseAdminRule: AdminRule DefaultAdminRule	Regra atualizada
201 Created	BaseAdminRule: AdminRule DefaultAdminRule	Regra criada
Other Status Codes	CommonErrorResponse	Resposta de erro que descreve por que a operação falhou.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory.

Tipo: oauth2
Flow: implicit
URL de Autorização: https://login.microsoftonline.com/common/oauth2/authorize

Escopos

Nome	Description
user_impersonation	representar sua conta de usuário

Exemplos

Create a admin rule with network group as source or destination

Create an admin rule

Create a admin rule with network group as source or destination

Solicitação de exemplo

HTTP

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule?api-version=2024-05-01

{
  "kind": "Custom",
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "NetworkGroup",
        "addressPrefix": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/networkGroups/ng1"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound"
  }
}

Java

import com.azure.resourcemanager.network.models.AddressPrefixItem;
import com.azure.resourcemanager.network.models.AddressPrefixType;
import com.azure.resourcemanager.network.models.AdminRule;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleAccess;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleDirection;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleProtocol;
import java.util.Arrays;

/**
 * Samples for AdminRules CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/
     * NetworkManagerAdminRulePut_NetworkGroupSource.json
     */
    /**
     * Sample code: Create a admin rule with network group as source or destination.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        createAAdminRuleWithNetworkGroupAsSourceOrDestination(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getAdminRules().createOrUpdateWithResponse("rg1",
            "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule",
            new AdminRule().withDescription("This is Sample Admin Rule")
                .withProtocol(SecurityConfigurationRuleProtocol.TCP)
                .withSources(Arrays.asList(new AddressPrefixItem().withAddressPrefix("Internet")
                    .withAddressPrefixType(AddressPrefixType.SERVICE_TAG)))
                .withDestinations(Arrays.asList(new AddressPrefixItem().withAddressPrefix(
                    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/networkGroups/ng1")
                    .withAddressPrefixType(AddressPrefixType.NETWORK_GROUP)))
                .withSourcePortRanges(Arrays.asList("0-65535")).withDestinationPortRanges(Arrays.asList("22"))
                .withAccess(SecurityConfigurationRuleAccess.DENY).withPriority(1)
                .withDirection(SecurityConfigurationRuleDirection.INBOUND),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python network_manager_admin_rule_put_network_group_source.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="00000000-0000-0000-0000-000000000000",
    )

    response = client.admin_rules.create_or_update(
        resource_group_name="rg1",
        network_manager_name="testNetworkManager",
        configuration_name="myTestSecurityConfig",
        rule_collection_name="testRuleCollection",
        rule_name="SampleAdminRule",
        admin_rule={
            "kind": "Custom",
            "properties": {
                "access": "Deny",
                "description": "This is Sample Admin Rule",
                "destinationPortRanges": ["22"],
                "destinations": [
                    {
                        "addressPrefix": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/networkGroups/ng1",
                        "addressPrefixType": "NetworkGroup",
                    }
                ],
                "direction": "Inbound",
                "priority": 1,
                "protocol": "Tcp",
                "sourcePortRanges": ["0-65535"],
                "sources": [{"addressPrefix": "Internet", "addressPrefixType": "ServiceTag"}],
            },
        },
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut_NetworkGroupSource.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/ab04533261eff228f28e08900445d0edef3eb70c/specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut_NetworkGroupSource.json
func ExampleAdminRulesClient_CreateOrUpdate_createAAdminRuleWithNetworkGroupAsSourceOrDestination() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdminRulesClient().CreateOrUpdate(ctx, "rg1", "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule", &armnetwork.AdminRule{
		Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
		Properties: &armnetwork.AdminPropertiesFormat{
			Description: to.Ptr("This is Sample Admin Rule"),
			Access:      to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
			DestinationPortRanges: []*string{
				to.Ptr("22")},
			Destinations: []*armnetwork.AddressPrefixItem{
				{
					AddressPrefix:     to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/networkGroups/ng1"),
					AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeNetworkGroup),
				}},
			Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
			Priority:  to.Ptr[int32](1),
			SourcePortRanges: []*string{
				to.Ptr("0-65535")},
			Sources: []*armnetwork.AddressPrefixItem{
				{
					AddressPrefix:     to.Ptr("Internet"),
					AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
				}},
			Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armnetwork.AdminRulesClientCreateOrUpdateResponse{
	// 	                            BaseAdminRuleClassification: &armnetwork.AdminRule{
	// 		Name: to.Ptr("SampleAdminRule"),
	// 		Type: to.Ptr("Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules"),
	// 		ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule"),
	// 		Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
	// 		SystemData: &armnetwork.SystemData{
	// 			CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			CreatedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 			LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			LastModifiedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 		},
	// 		Properties: &armnetwork.AdminPropertiesFormat{
	// 			Description: to.Ptr("This is Sample Admin Rule using a network group as a source and destination."),
	// 			Access: to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
	// 			DestinationPortRanges: []*string{
	// 				to.Ptr("22")},
	// 				Destinations: []*armnetwork.AddressPrefixItem{
	// 					{
	// 						AddressPrefix: to.Ptr("*"),
	// 						AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
	// 				}},
	// 				Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
	// 				Priority: to.Ptr[int32](1),
	// 				ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 				SourcePortRanges: []*string{
	// 					to.Ptr("0-65535")},
	// 					Sources: []*armnetwork.AddressPrefixItem{
	// 						{
	// 							AddressPrefix: to.Ptr("Internet"),
	// 							AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
	// 					}},
	// 					Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
	// 				},
	// 			},
	// 			                        }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an admin rule.
 *
 * @summary Creates or updates an admin rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut_NetworkGroupSource.json
 */
async function createAAdminRuleWithNetworkGroupAsSourceOrDestination() {
  const subscriptionId =
    process.env["NETWORK_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkManagerName = "testNetworkManager";
  const configurationName = "myTestSecurityConfig";
  const ruleCollectionName = "testRuleCollection";
  const ruleName = "SampleAdminRule";
  const adminRule = {
    description: "This is Sample Admin Rule",
    access: "Deny",
    destinationPortRanges: ["22"],
    destinations: [
      {
        addressPrefix:
          "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/networkGroups/ng1",
        addressPrefixType: "NetworkGroup",
      },
    ],
    direction: "Inbound",
    kind: "Custom",
    priority: 1,
    sourcePortRanges: ["0-65535"],
    sources: [{ addressPrefix: "Internet", addressPrefixType: "ServiceTag" }],
    protocol: "Tcp",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.adminRules.createOrUpdate(
    resourceGroupName,
    networkManagerName,
    configurationName,
    ruleCollectionName,
    ruleName,
    adminRule,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut_NetworkGroupSource.json
// this example is just showing the usage of "AdminRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AdminRuleGroupResource created on azure
// for more information of creating AdminRuleGroupResource, please refer to the document of AdminRuleGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
string networkManagerName = "testNetworkManager";
string configurationName = "myTestSecurityConfig";
string ruleCollectionName = "testRuleCollection";
ResourceIdentifier adminRuleGroupResourceId = AdminRuleGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkManagerName, configurationName, ruleCollectionName);
AdminRuleGroupResource adminRuleGroup = client.GetAdminRuleGroupResource(adminRuleGroupResourceId);

// get the collection of this BaseAdminRuleResource
BaseAdminRuleCollection collection = adminRuleGroup.GetBaseAdminRules();

// invoke the operation
string ruleName = "SampleAdminRule";
BaseAdminRuleData data = new NetworkAdminRule
{
    Description = "This is Sample Admin Rule",
    Protocol = SecurityConfigurationRuleProtocol.Tcp,
    Sources = {new AddressPrefixItem
    {
    AddressPrefix = "Internet",
    AddressPrefixType = AddressPrefixType.ServiceTag,
    }},
    Destinations = {new AddressPrefixItem
    {
    AddressPrefix = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/networkGroups/ng1",
    AddressPrefixType = AddressPrefixType.NetworkGroup,
    }},
    SourcePortRanges = { "0-65535" },
    DestinationPortRanges = { "22" },
    Access = SecurityConfigurationRuleAccess.Deny,
    Priority = 1,
    Direction = SecurityConfigurationRuleDirection.Inbound,
};
ArmOperation<BaseAdminRuleResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, data);
BaseAdminRuleResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
BaseAdminRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta de exemplo

Código de status:

200

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule using a network group as a source and destination.",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded"
  }
}

Código de status:

201

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule using a network group as a source and destination.",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded"
  }
}

Create an admin rule

Solicitação de exemplo

HTTP

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule?api-version=2024-05-01

{
  "kind": "Custom",
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound"
  }
}

Java

import com.azure.resourcemanager.network.models.AddressPrefixItem;
import com.azure.resourcemanager.network.models.AddressPrefixType;
import com.azure.resourcemanager.network.models.AdminRule;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleAccess;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleDirection;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleProtocol;
import java.util.Arrays;

/**
 * Samples for AdminRules CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut.
     * json
     */
    /**
     * Sample code: Create an admin rule.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createAnAdminRule(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getAdminRules().createOrUpdateWithResponse("rg1",
            "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule",
            new AdminRule().withDescription("This is Sample Admin Rule")
                .withProtocol(SecurityConfigurationRuleProtocol.TCP)
                .withSources(Arrays.asList(new AddressPrefixItem().withAddressPrefix("Internet")
                    .withAddressPrefixType(AddressPrefixType.SERVICE_TAG)))
                .withDestinations(Arrays.asList(
                    new AddressPrefixItem().withAddressPrefix("*").withAddressPrefixType(AddressPrefixType.IPPREFIX)))
                .withSourcePortRanges(Arrays.asList("0-65535")).withDestinationPortRanges(Arrays.asList("22"))
                .withAccess(SecurityConfigurationRuleAccess.DENY).withPriority(1)
                .withDirection(SecurityConfigurationRuleDirection.INBOUND),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python network_manager_admin_rule_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="00000000-0000-0000-0000-000000000000",
    )

    response = client.admin_rules.create_or_update(
        resource_group_name="rg1",
        network_manager_name="testNetworkManager",
        configuration_name="myTestSecurityConfig",
        rule_collection_name="testRuleCollection",
        rule_name="SampleAdminRule",
        admin_rule={
            "kind": "Custom",
            "properties": {
                "access": "Deny",
                "description": "This is Sample Admin Rule",
                "destinationPortRanges": ["22"],
                "destinations": [{"addressPrefix": "*", "addressPrefixType": "IPPrefix"}],
                "direction": "Inbound",
                "priority": 1,
                "protocol": "Tcp",
                "sourcePortRanges": ["0-65535"],
                "sources": [{"addressPrefix": "Internet", "addressPrefixType": "ServiceTag"}],
            },
        },
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/ab04533261eff228f28e08900445d0edef3eb70c/specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut.json
func ExampleAdminRulesClient_CreateOrUpdate_createAnAdminRule() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdminRulesClient().CreateOrUpdate(ctx, "rg1", "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule", &armnetwork.AdminRule{
		Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
		Properties: &armnetwork.AdminPropertiesFormat{
			Description: to.Ptr("This is Sample Admin Rule"),
			Access:      to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
			DestinationPortRanges: []*string{
				to.Ptr("22")},
			Destinations: []*armnetwork.AddressPrefixItem{
				{
					AddressPrefix:     to.Ptr("*"),
					AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
				}},
			Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
			Priority:  to.Ptr[int32](1),
			SourcePortRanges: []*string{
				to.Ptr("0-65535")},
			Sources: []*armnetwork.AddressPrefixItem{
				{
					AddressPrefix:     to.Ptr("Internet"),
					AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
				}},
			Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armnetwork.AdminRulesClientCreateOrUpdateResponse{
	// 	                            BaseAdminRuleClassification: &armnetwork.AdminRule{
	// 		Name: to.Ptr("SampleAdminRule"),
	// 		Type: to.Ptr("Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules"),
	// 		ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule"),
	// 		Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
	// 		SystemData: &armnetwork.SystemData{
	// 			CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			CreatedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 			LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
	// 			LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
	// 			LastModifiedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 		},
	// 		Properties: &armnetwork.AdminPropertiesFormat{
	// 			Description: to.Ptr("This is Sample Admin Rule"),
	// 			Access: to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
	// 			DestinationPortRanges: []*string{
	// 				to.Ptr("22")},
	// 				Destinations: []*armnetwork.AddressPrefixItem{
	// 					{
	// 						AddressPrefix: to.Ptr("*"),
	// 						AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
	// 				}},
	// 				Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
	// 				Priority: to.Ptr[int32](1),
	// 				ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 				ResourceGUID: to.Ptr("00000000-0000-0000-0000-000000000000"),
	// 				SourcePortRanges: []*string{
	// 					to.Ptr("0-65535")},
	// 					Sources: []*armnetwork.AddressPrefixItem{
	// 						{
	// 							AddressPrefix: to.Ptr("Internet"),
	// 							AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
	// 					}},
	// 					Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
	// 				},
	// 			},
	// 			                        }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an admin rule.
 *
 * @summary Creates or updates an admin rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut.json
 */
async function createAnAdminRule() {
  const subscriptionId =
    process.env["NETWORK_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkManagerName = "testNetworkManager";
  const configurationName = "myTestSecurityConfig";
  const ruleCollectionName = "testRuleCollection";
  const ruleName = "SampleAdminRule";
  const adminRule = {
    description: "This is Sample Admin Rule",
    access: "Deny",
    destinationPortRanges: ["22"],
    destinations: [{ addressPrefix: "*", addressPrefixType: "IPPrefix" }],
    direction: "Inbound",
    kind: "Custom",
    priority: 1,
    sourcePortRanges: ["0-65535"],
    sources: [{ addressPrefix: "Internet", addressPrefixType: "ServiceTag" }],
    protocol: "Tcp",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.adminRules.createOrUpdate(
    resourceGroupName,
    networkManagerName,
    configurationName,
    ruleCollectionName,
    ruleName,
    adminRule,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/NetworkManagerAdminRulePut.json
// this example is just showing the usage of "AdminRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AdminRuleGroupResource created on azure
// for more information of creating AdminRuleGroupResource, please refer to the document of AdminRuleGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
string networkManagerName = "testNetworkManager";
string configurationName = "myTestSecurityConfig";
string ruleCollectionName = "testRuleCollection";
ResourceIdentifier adminRuleGroupResourceId = AdminRuleGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkManagerName, configurationName, ruleCollectionName);
AdminRuleGroupResource adminRuleGroup = client.GetAdminRuleGroupResource(adminRuleGroupResourceId);

// get the collection of this BaseAdminRuleResource
BaseAdminRuleCollection collection = adminRuleGroup.GetBaseAdminRules();

// invoke the operation
string ruleName = "SampleAdminRule";
BaseAdminRuleData data = new NetworkAdminRule
{
    Description = "This is Sample Admin Rule",
    Protocol = SecurityConfigurationRuleProtocol.Tcp,
    Sources = {new AddressPrefixItem
    {
    AddressPrefix = "Internet",
    AddressPrefixType = AddressPrefixType.ServiceTag,
    }},
    Destinations = {new AddressPrefixItem
    {
    AddressPrefix = "*",
    AddressPrefixType = AddressPrefixType.IPPrefix,
    }},
    SourcePortRanges = { "0-65535" },
    DestinationPortRanges = { "22" },
    Access = SecurityConfigurationRuleAccess.Deny,
    Priority = 1,
    Direction = SecurityConfigurationRuleDirection.Inbound,
};
ArmOperation<BaseAdminRuleResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, data);
BaseAdminRuleResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
BaseAdminRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta de exemplo

Código de status:

200

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

Código de status:

201

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

Definições

Nome	Description
AddressPrefixItem	Item de prefixo de endereço.
AddressPrefixType	Tipo de prefixo de endereço.
AdminRule	Regra de administrador de rede.
CommonErrorAdditionalInfo	As informações adicionais do erro de gerenciamento de recursos.
CommonErrorDetail	O detalhe do erro.
CommonErrorResponse	Resposta de erro
createdByType	O tipo de identidade que criou o recurso.
DefaultAdminRule	Regra de administrador padrão de rede.
ProvisioningState	Provisionando estados de um recurso.
SecurityConfigurationRuleAccess	Se o tráfego de rede é permitido ou negado.
SecurityConfigurationRuleDirection	A direção da regra. A direção especifica se a regra será avaliada no tráfego de entrada ou saída.
SecurityConfigurationRuleProtocol	Protocolo de rede ao qual essa regra se aplica.
SystemData	Metadados relativos à criação e última modificação do recurso.

AddressPrefixItem

Objeto

Item de prefixo de endereço.

Nome	Tipo	Description
addressPrefix	string	Prefixo de endereço.
addressPrefixType	AddressPrefixType	Tipo de prefixo de endereço.

AddressPrefixType

Enumeração

Tipo de prefixo de endereço.

Valor	Description
IPPrefix
NetworkGroup
ServiceTag

AdminRule

Objeto

Regra de administrador de rede.

Nome	Tipo	Description
etag	string	Uma cadeia de caracteres somente leitura exclusiva que é alterada sempre que o recurso é atualizado.
id	string	ID do recurso.
kind	string: Custom	Se a regra é personalizada ou padrão.
name	string	Nome do recurso.
properties.access	SecurityConfigurationRuleAccess	Indica o acesso permitido para esta regra específica
properties.description	string	Uma descrição para essa regra. Restrito a 140 chars.
properties.destinationPortRanges	string[]	Os intervalos de porta de destino.
properties.destinations	AddressPrefixItem[]	Os prefixos de endereço de destino. Intervalos DE IP de destino ou CIDR.
properties.direction	SecurityConfigurationRuleDirection	Indica se o tráfego correspondeu à regra de entrada ou saída.
properties.priority	integer (int32) minimum: 1 maximum: 4096	A prioridade da regra. O valor pode estar entre 1 e 4096. O número de prioridade deve ser exclusivo para cada regra na coleção. Quanto menor o número de prioridade, maior a prioridade da regra.
properties.protocol	SecurityConfigurationRuleProtocol	Protocolo de rede ao qual essa regra se aplica.
properties.provisioningState	ProvisioningState	O estado de provisionamento do recurso.
properties.resourceGuid	string	Identificador exclusivo para esse recurso.
properties.sourcePortRanges	string[]	Os intervalos de porta de origem.
properties.sources	AddressPrefixItem[]	Os intervalos DE IP de origem ou CIDR.
systemData	SystemData	Os metadados do sistema relacionados a esse recurso.
type	string	Tipo de recurso.

CommonErrorAdditionalInfo

Objeto

As informações adicionais do erro de gerenciamento de recursos.

Nome	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

CommonErrorDetail

Objeto

O detalhe do erro.

Nome	Tipo	Description
additionalInfo	CommonErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	CommonErrorDetail[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

CommonErrorResponse

Objeto

Resposta de erro

Nome	Tipo	Description
error	CommonErrorDetail	O objeto de erro.

createdByType

Enumeração

O tipo de identidade que criou o recurso.

Valor	Description
Application
Key
ManagedIdentity
User

DefaultAdminRule

Objeto

Regra de administrador padrão de rede.

Nome	Tipo	Description
etag	string	Uma cadeia de caracteres somente leitura exclusiva que é alterada sempre que o recurso é atualizado.
id	string	ID do recurso.
kind	string: Default	Se a regra é personalizada ou padrão.
name	string	Nome do recurso.
properties.access	SecurityConfigurationRuleAccess	Indica o acesso permitido para esta regra específica
properties.description	string	Uma descrição para essa regra. Restrito a 140 chars.
properties.destinationPortRanges	string[]	Os intervalos de porta de destino.
properties.destinations	AddressPrefixItem[]	Os prefixos de endereço de destino. Intervalos DE IP de destino ou CIDR.
properties.direction	SecurityConfigurationRuleDirection	Indica se o tráfego correspondeu à regra de entrada ou saída.
properties.flag	string	Sinalizador de regra padrão.
properties.priority	integer (int32)	A prioridade da regra. O valor pode estar entre 1 e 4096. O número de prioridade deve ser exclusivo para cada regra na coleção. Quanto menor o número de prioridade, maior a prioridade da regra.
properties.protocol	SecurityConfigurationRuleProtocol	Protocolo de rede ao qual essa regra se aplica.
properties.provisioningState	ProvisioningState	O estado de provisionamento do recurso.
properties.resourceGuid	string	Identificador exclusivo para esse recurso.
properties.sourcePortRanges	string[]	Os intervalos de porta de origem.
properties.sources	AddressPrefixItem[]	Os intervalos DE IP de origem ou CIDR.
systemData	SystemData	Os metadados do sistema relacionados a esse recurso.
type	string	Tipo de recurso.

ProvisioningState

Enumeração

Provisionando estados de um recurso.

Valor	Description
Canceled
Creating
Deleting
Failed
Succeeded
Updating

SecurityConfigurationRuleAccess

Enumeração

Se o tráfego de rede é permitido ou negado.

Valor	Description
Allow
AlwaysAllow
Deny

SecurityConfigurationRuleDirection

Enumeração

A direção da regra. A direção especifica se a regra será avaliada no tráfego de entrada ou saída.

Valor	Description
Inbound
Outbound

SecurityConfigurationRuleProtocol

Enumeração

Protocolo de rede ao qual essa regra se aplica.

Valor	Description
Ah
Any
Esp
Icmp
Tcp
Udp

SystemData

Objeto

Metadados relativos à criação e última modificação do recurso.

Nome	Tipo	Description
createdAt	string (date-time)	O carimbo de data/hora da criação de recursos (UTC).
createdBy	string	A identidade que criou o recurso.
createdByType	createdByType	O tipo de identidade que criou o recurso.
lastModifiedAt	string (date-time)	O tipo de identidade que modificou o recurso pela última vez.
lastModifiedBy	string	A identidade que modificou o recurso pela última vez.
lastModifiedByType	createdByType	O tipo de identidade que modificou o recurso pela última vez.