Network Interfaces - List Effective Network Security Groups

Referência

Service:: Virtual Networks

API Version:: 2023-05-01

Obtém todos os grupos de segurança de rede aplicados a uma interface de rede.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkInterfaces/{networkInterfaceName}/effectiveNetworkSecurityGroups?api-version=2023-05-01

Parâmetros do URI

Name	Em	Necessário	Tipo	Description
networkInterfaceName	path	True	string	O nome da interface de rede.
resourceGroupName	path	True	string	O nome do grupo de recursos.
subscriptionId	path	True	string	As credenciais de subscrição que identificam exclusivamente a subscrição do Microsoft Azure. O ID da subscrição faz parte do URI para cada chamada de serviço.
api-version	query	True	string	Versão da API de Cliente.

Respostas

Name	Tipo	Description
200 OK	EffectiveNetworkSecurityGroupListResult	Pedido com êxito. A operação devolve uma lista de recursos NetworkSecurityGroup.
202 Accepted		Aceite e a operação será concluída de forma assíncrona.
Other Status Codes	CloudError	Resposta de erro que descreve o motivo pela qual a operação falhou.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	representar a sua conta de utilizador

Exemplos

List network interface effective network security groups

Sample Request

POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkInterfaces/nic1/effectiveNetworkSecurityGroups?api-version=2023-05-01

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python network_interface_effective_nsg_list.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.network_interfaces.begin_list_effective_network_security_groups(
        resource_group_name="rg1",
        network_interface_name="nic1",
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-05-01/examples/NetworkInterfaceEffectiveNSGList.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/80c21c17b4a7aa57f637ee594f7cfd653255a7e0/specification/network/resource-manager/Microsoft.Network/stable/2023-05-01/examples/NetworkInterfaceEffectiveNSGList.json
func ExampleInterfacesClient_BeginListEffectiveNetworkSecurityGroups() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewInterfacesClient().BeginListEffectiveNetworkSecurityGroups(ctx, "rg1", "nic1", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.EffectiveNetworkSecurityGroupListResult = armnetwork.EffectiveNetworkSecurityGroupListResult{
	// 	Value: []*armnetwork.EffectiveNetworkSecurityGroup{
	// 		{
	// 			Association: &armnetwork.EffectiveNetworkSecurityGroupAssociation{
	// 				NetworkInterface: &armnetwork.SubResource{
	// 					ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkInterfaces/nic1"),
	// 				},
	// 				NetworkManager: &armnetwork.SubResource{
	// 					ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/nm1"),
	// 				},
	// 				Subnet: &armnetwork.SubResource{
	// 					ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/rg1-vnet/subnets/default"),
	// 				},
	// 			},
	// 			EffectiveSecurityRules: []*armnetwork.EffectiveNetworkSecurityRule{
	// 				{
	// 					Name: to.Ptr("securityRules/rule1"),
	// 					Access: to.Ptr(armnetwork.SecurityRuleAccessAllow),
	// 					DestinationAddressPrefix: to.Ptr("0.0.0.0/32"),
	// 					DestinationPortRange: to.Ptr("6579-6579"),
	// 					Direction: to.Ptr(armnetwork.SecurityRuleDirectionInbound),
	// 					Priority: to.Ptr[int32](234),
	// 					SourceAddressPrefix: to.Ptr("0.0.0.0/32"),
	// 					SourcePortRange: to.Ptr("456-456"),
	// 					Protocol: to.Ptr(armnetwork.EffectiveSecurityRuleProtocolTCP),
	// 				},
	// 				{
	// 					Name: to.Ptr("securityRules/default-allow-rdp"),
	// 					Access: to.Ptr(armnetwork.SecurityRuleAccessAllow),
	// 					DestinationAddressPrefix: to.Ptr("0.0.0.0/0"),
	// 					DestinationPortRange: to.Ptr("3389-3389"),
	// 					Direction: to.Ptr(armnetwork.SecurityRuleDirectionInbound),
	// 					Priority: to.Ptr[int32](1000),
	// 					SourceAddressPrefix: to.Ptr("1.1.1.1/32"),
	// 					SourcePortRange: to.Ptr("0-65535"),
	// 					Protocol: to.Ptr(armnetwork.EffectiveSecurityRuleProtocolTCP),
	// 				},
	// 				{
	// 					Name: to.Ptr("defaultSecurityRules/AllowInternetOutBound"),
	// 					Access: to.Ptr(armnetwork.SecurityRuleAccessAllow),
	// 					DestinationAddressPrefix: to.Ptr("Internet"),
	// 					DestinationPortRange: to.Ptr("0-65535"),
	// 					Direction: to.Ptr(armnetwork.SecurityRuleDirectionOutbound),
	// 					ExpandedDestinationAddressPrefix: []*string{
	// 						to.Ptr("32.0.0.0/3"),
	// 						to.Ptr("4.0.0.0/6"),
	// 						to.Ptr("2.0.0.0/7"),
	// 						to.Ptr("1.0.0.0/8")},
	// 						Priority: to.Ptr[int32](65001),
	// 						SourceAddressPrefix: to.Ptr("0.0.0.0/0"),
	// 						SourcePortRange: to.Ptr("0-65535"),
	// 						Protocol: to.Ptr(armnetwork.EffectiveSecurityRuleProtocolAll),
	// 				}},
	// 				NetworkSecurityGroup: &armnetwork.SubResource{
	// 					ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/test-nsg"),
	// 				},
	// 		}},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets all network security groups applied to a network interface.
 *
 * @summary Gets all network security groups applied to a network interface.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-05-01/examples/NetworkInterfaceEffectiveNSGList.json
 */
async function listNetworkInterfaceEffectiveNetworkSecurityGroups() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkInterfaceName = "nic1";
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.networkInterfaces.beginListEffectiveNetworkSecurityGroupsAndWait(
    resourceGroupName,
    networkInterfaceName
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Resources;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-05-01/examples/NetworkInterfaceEffectiveNSGList.json
// this example is just showing the usage of "NetworkInterfaces_ListEffectiveNetworkSecurityGroups" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetworkInterfaceResource created on azure
// for more information of creating NetworkInterfaceResource, please refer to the document of NetworkInterfaceResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string networkInterfaceName = "nic1";
ResourceIdentifier networkInterfaceResourceId = NetworkInterfaceResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkInterfaceName);
NetworkInterfaceResource networkInterface = client.GetNetworkInterfaceResource(networkInterfaceResourceId);

// invoke the operation
ArmOperation<EffectiveNetworkSecurityGroupListResult> lro = await networkInterface.GetEffectiveNetworkSecurityGroupsAsync(WaitUntil.Completed);
EffectiveNetworkSecurityGroupListResult result = lro.Value;

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "value": [
    {
      "networkSecurityGroup": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/test-nsg"
      },
      "association": {
        "networkManager": {
          "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/nm1"
        },
        "subnet": {
          "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/rg1-vnet/subnets/default"
        },
        "networkInterface": {
          "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkInterfaces/nic1"
        }
      },
      "effectiveSecurityRules": [
        {
          "name": "securityRules/rule1",
          "protocol": "Tcp",
          "sourcePortRange": "456-456",
          "destinationPortRange": "6579-6579",
          "sourceAddressPrefix": "0.0.0.0/32",
          "destinationAddressPrefix": "0.0.0.0/32",
          "access": "Allow",
          "priority": 234,
          "direction": "Inbound"
        },
        {
          "name": "securityRules/default-allow-rdp",
          "protocol": "Tcp",
          "sourcePortRange": "0-65535",
          "destinationPortRange": "3389-3389",
          "sourceAddressPrefix": "1.1.1.1/32",
          "destinationAddressPrefix": "0.0.0.0/0",
          "access": "Allow",
          "priority": 1000,
          "direction": "Inbound"
        },
        {
          "name": "defaultSecurityRules/AllowInternetOutBound",
          "protocol": "All",
          "sourcePortRange": "0-65535",
          "destinationPortRange": "0-65535",
          "sourceAddressPrefix": "0.0.0.0/0",
          "destinationAddressPrefix": "Internet",
          "expandedDestinationAddressPrefix": [
            "32.0.0.0/3",
            "4.0.0.0/6",
            "2.0.0.0/7",
            "1.0.0.0/8"
          ],
          "access": "Allow",
          "priority": 65001,
          "direction": "Outbound"
        }
      ]
    }
  ]
}

Status code:: 202

Location: https://management.azure.com//subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/test-nsg/operationResults/00000000-0000-0000-0000-000000000000?api-version=2023-05-01

Definições

Name	Description
CloudError	Uma resposta de erro do serviço.
CloudErrorBody	Uma resposta de erro do serviço.
EffectiveNetworkSecurityGroup	Grupo de segurança de rede eficaz.
EffectiveNetworkSecurityGroupAssociation	A associação eficaz do grupo de segurança de rede.
EffectiveNetworkSecurityGroupListResult	Resposta para listar chamada de serviço de API de grupos de segurança de rede eficazes.
EffectiveNetworkSecurityRule	Regras de segurança de rede eficazes.
EffectiveSecurityRuleProtocol	O protocolo de rede a que esta regra se aplica.
SecurityRuleAccess	Se o tráfego de rede é permitido ou negado.
SecurityRuleDirection	A direção da regra. A direção especifica se a regra será avaliada no tráfego de entrada ou saída.
SubResource	Referência a outra sub-origem.

CloudError

Uma resposta de erro do serviço.

Name	Tipo	Description
error	CloudErrorBody	Corpo do erro da cloud.

CloudErrorBody

Uma resposta de erro do serviço.

Name	Tipo	Description
code	string	Um identificador para o erro. Os códigos são invariantes e destinam-se a ser consumidos programaticamente.
details	CloudErrorBody[]	Uma lista de detalhes adicionais sobre o erro.
message	string	Uma mensagem que descreve o erro, que se destina a ser adequada para ser apresentada numa interface de utilizador.
target	string	O destino do erro específico. Por exemplo, o nome da propriedade em erro.

EffectiveNetworkSecurityGroup

Grupo de segurança de rede eficaz.

Name	Tipo	Description
association	EffectiveNetworkSecurityGroupAssociation	Recursos associados.
effectiveSecurityRules	EffectiveNetworkSecurityRule[]	Uma coleção de regras de segurança eficazes.
networkSecurityGroup	SubResource	O ID do grupo de segurança de rede que é aplicado.
tagMap	object	Mapeamento de etiquetas para a lista de Endereços IP incluídos na etiqueta.

EffectiveNetworkSecurityGroupAssociation

A associação eficaz do grupo de segurança de rede.

Name	Tipo	Description
networkInterface	SubResource	O ID da interface de rede, se atribuído.
networkManager	SubResource	O ID do gestor de rede do Azure, se atribuído.
subnet	SubResource	O ID da sub-rede, se atribuído.

EffectiveNetworkSecurityGroupListResult

Resposta para listar chamada de serviço de API de grupos de segurança de rede eficazes.

Name	Tipo	Description
nextLink	string	O URL para obter o próximo conjunto de resultados.
value	EffectiveNetworkSecurityGroup[]	Uma lista de grupos de segurança de rede eficazes.

EffectiveNetworkSecurityRule

Regras de segurança de rede eficazes.

Name	Tipo	Description
access	SecurityRuleAccess	Se o tráfego de rede é permitido ou negado.
destinationAddressPrefix	string	O prefixo do endereço de destino.
destinationAddressPrefixes	string[]	Os prefixos de endereço de destino. Os valores esperados incluem intervalos de IP CIDR, Etiquetas Predefinidas (VirtualNetwork, AzureLoadBalancer, Internet), Etiquetas de Sistema e o asterisco (*).
destinationPortRange	string	A porta ou intervalo de destino.
destinationPortRanges	string[]	Os intervalos de portas de destino. Os valores esperados incluem um único número inteiro entre 0 e 65535, um intervalo que utiliza "-" como separador (por exemplo, 100-400) ou um asterisco (*).
direction	SecurityRuleDirection	A direção da regra.
expandedDestinationAddressPrefix	string[]	Prefixo de endereço de destino expandido.
expandedSourceAddressPrefix	string[]	O prefixo de endereço de origem expandido.
name	string	O nome da regra de segurança especificada pelo utilizador (se criado pelo utilizador).
priority	integer	A prioridade da regra.
protocol	EffectiveSecurityRuleProtocol	O protocolo de rede a que esta regra se aplica.
sourceAddressPrefix	string	O prefixo do endereço de origem.
sourceAddressPrefixes	string[]	Os prefixos de endereço de origem. Os valores esperados incluem intervalos de IP CIDR, Etiquetas Predefinidas (VirtualNetwork, AzureLoadBalancer, Internet), Etiquetas de Sistema e o asterisco (*).
sourcePortRange	string	A porta ou intervalo de origem.
sourcePortRanges	string[]	Os intervalos de portas de origem. Os valores esperados incluem um único número inteiro entre 0 e 65535, um intervalo que utiliza "-" como separador (por exemplo, 100-400) ou um asterisco (*).

EffectiveSecurityRuleProtocol

O protocolo de rede a que esta regra se aplica.

Name	Tipo	Description
All	string
Tcp	string
Udp	string

SecurityRuleAccess

Se o tráfego de rede é permitido ou negado.

Name	Tipo	Description
Allow	string
Deny	string

SecurityRuleDirection

A direção da regra. A direção especifica se a regra será avaliada no tráfego de entrada ou saída.

Name	Tipo	Description
Inbound	string
Outbound	string

SubResource

Referência a outra sub-origem.

Name	Tipo	Description
id	string	ID do Recurso.

Network Interfaces - List Effective Network Security Groups

Parâmetros do URI

Respostas

Segurança

azure_auth

Scopes

Exemplos

List network interface effective network security groups

Sample Request

Sample Response

Definições

CloudError

CloudErrorBody

EffectiveNetworkSecurityGroup

EffectiveNetworkSecurityGroupAssociation

EffectiveNetworkSecurityGroupListResult

EffectiveNetworkSecurityRule

EffectiveSecurityRuleProtocol

SecurityRuleAccess

SecurityRuleDirection

SubResource

Recursos adicionais