Создает или обновляет правило администратора.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkManagers/{networkManagerName}/securityAdminConfigurations/{configurationName}/ruleCollections/{ruleCollectionName}/rules/{ruleName}?api-version=2023-09-01
Параметры URI
| Имя |
В |
Обязательно |
Тип |
Описание |
|
configurationName
|
path |
True
|
string
|
Имя конфигурации безопасности диспетчера сети.
|
|
networkManagerName
|
path |
True
|
string
|
Имя диспетчера сети.
|
|
resourceGroupName
|
path |
True
|
string
|
Имя группы ресурсов.
|
|
ruleCollectionName
|
path |
True
|
string
|
Имя коллекции правил конфигурации безопасности диспетчера сети.
|
|
ruleName
|
path |
True
|
string
|
Имя правила.
|
|
subscriptionId
|
path |
True
|
string
|
Учетные данные подписки, которые однозначно идентифицируют подписку Microsoft Azure. Идентификатор подписки формирует часть URI для каждого вызова службы.
|
|
api-version
|
query |
True
|
string
|
Версия API клиента.
|
Текст запроса
Текст запроса может быть таким:
AdminRule
Правило администратора сети.
| Имя |
Обязательно |
Тип |
Описание |
|
kind
|
True
|
string:
Custom
|
Является ли правило пользовательским или по умолчанию.
|
|
properties.access
|
True
|
SecurityConfigurationRuleAccess
|
Указывает доступ, разрешенный для данного правила.
|
|
properties.direction
|
True
|
SecurityConfigurationRuleDirection
|
Указывает, соответствует ли трафик правилу входящий или исходящий трафик.
|
|
properties.priority
|
True
|
integer
|
Приоритет правила. Значение может быть от 1 до 4096. Номер приоритета должен быть уникальным для каждого правила в коллекции. Чем ниже номер приоритета, тем выше приоритет правила.
|
|
properties.protocol
|
True
|
SecurityConfigurationRuleProtocol
|
Сетевой протокол, к которому применяется данное правило.
|
|
properties.description
|
|
string
|
Описание этого правила. Ограничено 140 символами.
|
|
properties.destinationPortRanges
|
|
string[]
|
Диапазоны портов назначения.
|
|
properties.destinations
|
|
AddressPrefixItem[]
|
Префиксы адреса назначения. Диапазоны IP-адресов CIDR или назначения.
|
|
properties.sourcePortRanges
|
|
string[]
|
Диапазоны исходных портов.
|
|
properties.sources
|
|
AddressPrefixItem[]
|
Диапазоны CIDR или исходных IP-адресов.
|
DefaultAdminRule
Правило администратора сети по умолчанию.
| Имя |
Обязательно |
Тип |
Описание |
|
kind
|
True
|
string:
Default
|
Является ли правило пользовательским или по умолчанию.
|
|
properties.flag
|
|
string
|
Флаг правила по умолчанию.
|
Ответы
| Имя |
Тип |
Описание |
|
200 OK
|
BaseAdminRule:
|
Обновленное правило
|
|
201 Created
|
BaseAdminRule:
|
Созданное правило
|
|
Other Status Codes
|
CloudError
|
Ответ об ошибке, описывающий причину сбоя операции.
|
Безопасность
azure_auth
Поток OAuth2 в Azure Active Directory.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Имя |
Описание |
|
user_impersonation
|
олицетворения учетной записи пользователя
|
Примеры
Create a default admin rule
Sample Request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule?api-version=2023-09-01
{
"kind": "Default",
"properties": {
"flag": "AllowVnetInbound"
}
}
import com.azure.resourcemanager.network.models.DefaultAdminRule;
/**
* Samples for AdminRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* NetworkManagerDefaultAdminRulePut.json
*/
/**
* Sample code: Create a default admin rule.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createADefaultAdminRule(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getAdminRules().createOrUpdateWithResponse("rg1",
"testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleDefaultAdminRule",
new DefaultAdminRule().withFlag("AllowVnetInbound"), com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python network_manager_default_admin_rule_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.admin_rules.create_or_update(
resource_group_name="rg1",
network_manager_name="testNetworkManager",
configuration_name="myTestSecurityConfig",
rule_collection_name="testRuleCollection",
rule_name="SampleDefaultAdminRule",
admin_rule={"kind": "Default", "properties": {"flag": "AllowVnetInbound"}},
)
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
func ExampleAdminRulesClient_CreateOrUpdate_createADefaultAdminRule() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAdminRulesClient().CreateOrUpdate(ctx, "rg1", "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleDefaultAdminRule", &armnetwork.DefaultAdminRule{
Kind: to.Ptr(armnetwork.AdminRuleKindDefault),
Properties: &armnetwork.DefaultAdminPropertiesFormat{
Flag: to.Ptr("AllowVnetInbound"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armnetwork.AdminRulesClientCreateOrUpdateResponse{
// BaseAdminRuleClassification: &armnetwork.DefaultAdminRule{
// Name: to.Ptr("SampleDefaultAdminRule"),
// Type: to.Ptr("Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule"),
// Kind: to.Ptr(armnetwork.AdminRuleKindDefault),
// SystemData: &armnetwork.SystemData{
// CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
// CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
// CreatedByType: to.Ptr(armnetwork.CreatedByTypeUser),
// LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
// LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
// LastModifiedByType: to.Ptr(armnetwork.CreatedByTypeUser),
// },
// Properties: &armnetwork.DefaultAdminPropertiesFormat{
// Description: to.Ptr("This is Sample Default Admin Rule"),
// Access: to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
// DestinationPortRanges: []*string{
// to.Ptr("22")},
// Destinations: []*armnetwork.AddressPrefixItem{
// {
// AddressPrefix: to.Ptr("*"),
// AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
// }},
// Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
// Flag: to.Ptr("AllowVnetInbound"),
// Priority: to.Ptr[int32](1),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// ResourceGUID: to.Ptr("00000000-0000-0000-0000-000000000000"),
// SourcePortRanges: []*string{
// to.Ptr("0-65535")},
// Sources: []*armnetwork.AddressPrefixItem{
// {
// AddressPrefix: to.Ptr("Internet"),
// AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
// }},
// Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates an admin rule.
*
* @summary Creates or updates an admin rule.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
*/
async function createADefaultAdminRule() {
const subscriptionId =
process.env["NETWORK_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const networkManagerName = "testNetworkManager";
const configurationName = "myTestSecurityConfig";
const ruleCollectionName = "testRuleCollection";
const ruleName = "SampleDefaultAdminRule";
const adminRule = {
flag: "AllowVnetInbound",
kind: "Default",
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.adminRules.createOrUpdate(
resourceGroupName,
networkManagerName,
configurationName,
ruleCollectionName,
ruleName,
adminRule,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerDefaultAdminRulePut.json
// this example is just showing the usage of "AdminRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this BaseAdminRuleResource created on azure
// for more information of creating BaseAdminRuleResource, please refer to the document of BaseAdminRuleResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
string networkManagerName = "testNetworkManager";
string configurationName = "myTestSecurityConfig";
string ruleCollectionName = "testRuleCollection";
string ruleName = "SampleDefaultAdminRule";
ResourceIdentifier baseAdminRuleResourceId = BaseAdminRuleResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkManagerName, configurationName, ruleCollectionName, ruleName);
BaseAdminRuleResource baseAdminRule = client.GetBaseAdminRuleResource(baseAdminRuleResourceId);
// invoke the operation
BaseAdminRuleData data = new NetworkDefaultAdminRule()
{
Flag = "AllowVnetInbound",
};
ArmOperation<BaseAdminRuleResource> lro = await baseAdminRule.UpdateAsync(WaitUntil.Completed, data);
BaseAdminRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
BaseAdminRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleDefaultAdminRule",
"kind": "Default",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"flag": "AllowVnetInbound",
"description": "This is Sample Default Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleDefaultAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleDefaultAdminRule",
"kind": "Default",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"flag": "AllowVnetInbound",
"description": "This is Sample Default Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
Create an admin rule
Sample Request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule?api-version=2023-09-01
{
"kind": "Custom",
"properties": {
"description": "This is Sample Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound"
}
}
import com.azure.resourcemanager.network.models.AddressPrefixItem;
import com.azure.resourcemanager.network.models.AddressPrefixType;
import com.azure.resourcemanager.network.models.AdminRule;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleAccess;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleDirection;
import com.azure.resourcemanager.network.models.SecurityConfigurationRuleProtocol;
import java.util.Arrays;
/**
* Samples for AdminRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.
* json
*/
/**
* Sample code: Create an admin rule.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createAnAdminRule(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getAdminRules().createOrUpdateWithResponse("rg1",
"testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule",
new AdminRule().withDescription("This is Sample Admin Rule")
.withProtocol(SecurityConfigurationRuleProtocol.TCP)
.withSources(Arrays.asList(new AddressPrefixItem().withAddressPrefix("Internet")
.withAddressPrefixType(AddressPrefixType.SERVICE_TAG)))
.withDestinations(Arrays.asList(
new AddressPrefixItem().withAddressPrefix("*").withAddressPrefixType(AddressPrefixType.IPPREFIX)))
.withSourcePortRanges(Arrays.asList("0-65535")).withDestinationPortRanges(Arrays.asList("22"))
.withAccess(SecurityConfigurationRuleAccess.DENY).withPriority(1)
.withDirection(SecurityConfigurationRuleDirection.INBOUND),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python network_manager_admin_rule_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.admin_rules.create_or_update(
resource_group_name="rg1",
network_manager_name="testNetworkManager",
configuration_name="myTestSecurityConfig",
rule_collection_name="testRuleCollection",
rule_name="SampleAdminRule",
admin_rule={
"kind": "Custom",
"properties": {
"access": "Deny",
"description": "This is Sample Admin Rule",
"destinationPortRanges": ["22"],
"destinations": [{"addressPrefix": "*", "addressPrefixType": "IPPrefix"}],
"direction": "Inbound",
"priority": 1,
"protocol": "Tcp",
"sourcePortRanges": ["0-65535"],
"sources": [{"addressPrefix": "Internet", "addressPrefixType": "ServiceTag"}],
},
},
)
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
func ExampleAdminRulesClient_CreateOrUpdate_createAnAdminRule() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAdminRulesClient().CreateOrUpdate(ctx, "rg1", "testNetworkManager", "myTestSecurityConfig", "testRuleCollection", "SampleAdminRule", &armnetwork.AdminRule{
Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
Properties: &armnetwork.AdminPropertiesFormat{
Description: to.Ptr("This is Sample Admin Rule"),
Access: to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
DestinationPortRanges: []*string{
to.Ptr("22")},
Destinations: []*armnetwork.AddressPrefixItem{
{
AddressPrefix: to.Ptr("*"),
AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
}},
Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
Priority: to.Ptr[int32](1),
SourcePortRanges: []*string{
to.Ptr("0-65535")},
Sources: []*armnetwork.AddressPrefixItem{
{
AddressPrefix: to.Ptr("Internet"),
AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
}},
Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armnetwork.AdminRulesClientCreateOrUpdateResponse{
// BaseAdminRuleClassification: &armnetwork.AdminRule{
// Name: to.Ptr("SampleAdminRule"),
// Type: to.Ptr("Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule"),
// Kind: to.Ptr(armnetwork.AdminRuleKindCustom),
// SystemData: &armnetwork.SystemData{
// CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
// CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
// CreatedByType: to.Ptr(armnetwork.CreatedByTypeUser),
// LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-11T18:52:27.000Z"); return t}()),
// LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef5"),
// LastModifiedByType: to.Ptr(armnetwork.CreatedByTypeUser),
// },
// Properties: &armnetwork.AdminPropertiesFormat{
// Description: to.Ptr("This is Sample Admin Rule"),
// Access: to.Ptr(armnetwork.SecurityConfigurationRuleAccessDeny),
// DestinationPortRanges: []*string{
// to.Ptr("22")},
// Destinations: []*armnetwork.AddressPrefixItem{
// {
// AddressPrefix: to.Ptr("*"),
// AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeIPPrefix),
// }},
// Direction: to.Ptr(armnetwork.SecurityConfigurationRuleDirectionInbound),
// Priority: to.Ptr[int32](1),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// ResourceGUID: to.Ptr("00000000-0000-0000-0000-000000000000"),
// SourcePortRanges: []*string{
// to.Ptr("0-65535")},
// Sources: []*armnetwork.AddressPrefixItem{
// {
// AddressPrefix: to.Ptr("Internet"),
// AddressPrefixType: to.Ptr(armnetwork.AddressPrefixTypeServiceTag),
// }},
// Protocol: to.Ptr(armnetwork.SecurityConfigurationRuleProtocolTCP),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates an admin rule.
*
* @summary Creates or updates an admin rule.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
*/
async function createAnAdminRule() {
const subscriptionId =
process.env["NETWORK_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const networkManagerName = "testNetworkManager";
const configurationName = "myTestSecurityConfig";
const ruleCollectionName = "testRuleCollection";
const ruleName = "SampleAdminRule";
const adminRule = {
description: "This is Sample Admin Rule",
access: "Deny",
destinationPortRanges: ["22"],
destinations: [{ addressPrefix: "*", addressPrefixType: "IPPrefix" }],
direction: "Inbound",
kind: "Custom",
priority: 1,
sourcePortRanges: ["0-65535"],
sources: [{ addressPrefix: "Internet", addressPrefixType: "ServiceTag" }],
protocol: "Tcp",
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.adminRules.createOrUpdate(
resourceGroupName,
networkManagerName,
configurationName,
ruleCollectionName,
ruleName,
adminRule,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkManagerAdminRulePut.json
// this example is just showing the usage of "AdminRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this BaseAdminRuleResource created on azure
// for more information of creating BaseAdminRuleResource, please refer to the document of BaseAdminRuleResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
string networkManagerName = "testNetworkManager";
string configurationName = "myTestSecurityConfig";
string ruleCollectionName = "testRuleCollection";
string ruleName = "SampleAdminRule";
ResourceIdentifier baseAdminRuleResourceId = BaseAdminRuleResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkManagerName, configurationName, ruleCollectionName, ruleName);
BaseAdminRuleResource baseAdminRule = client.GetBaseAdminRuleResource(baseAdminRuleResourceId);
// invoke the operation
BaseAdminRuleData data = new NetworkAdminRule()
{
Description = "This is Sample Admin Rule",
Protocol = SecurityConfigurationRuleProtocol.Tcp,
Sources =
{
new AddressPrefixItem()
{
AddressPrefix = "Internet",
AddressPrefixType = AddressPrefixType.ServiceTag,
}
},
Destinations =
{
new AddressPrefixItem()
{
AddressPrefix = "*",
AddressPrefixType = AddressPrefixType.IPPrefix,
}
},
SourcePortRanges =
{
"0-65535"
},
DestinationPortRanges =
{
"22"
},
Access = SecurityConfigurationRuleAccess.Deny,
Priority = 1,
Direction = SecurityConfigurationRuleDirection.Inbound,
};
ArmOperation<BaseAdminRuleResource> lro = await baseAdminRule.UpdateAsync(WaitUntil.Completed, data);
BaseAdminRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
BaseAdminRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleAdminRule",
"kind": "Custom",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"description": "This is Sample Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleAdminRule",
"kind": "Custom",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"description": "This is Sample Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
Определения
AddressPrefixItem
Элемент префикса адреса.
| Имя |
Тип |
Описание |
|
addressPrefix
|
string
|
Префикс адреса.
|
|
addressPrefixType
|
AddressPrefixType
|
Тип префикса адреса.
|
AddressPrefixType
Тип префикса адреса.
| Имя |
Тип |
Описание |
|
IPPrefix
|
string
|
|
|
ServiceTag
|
string
|
|
AdminRule
Правило администратора сети.
| Имя |
Тип |
Описание |
|
etag
|
string
|
Уникальная строка, доступная только для чтения, которая изменяется при каждом обновлении ресурса.
|
|
id
|
string
|
Идентификатор ресурса.
|
|
kind
|
string:
Custom
|
Является ли правило пользовательским или по умолчанию.
|
|
name
|
string
|
Имя ресурса.
|
|
properties.access
|
SecurityConfigurationRuleAccess
|
Указывает доступ, разрешенный для данного правила.
|
|
properties.description
|
string
|
Описание этого правила. Ограничено 140 символами.
|
|
properties.destinationPortRanges
|
string[]
|
Диапазоны портов назначения.
|
|
properties.destinations
|
AddressPrefixItem[]
|
Префиксы адреса назначения. Диапазоны IP-адресов CIDR или назначения.
|
|
properties.direction
|
SecurityConfigurationRuleDirection
|
Указывает, соответствует ли трафик правилу входящий или исходящий трафик.
|
|
properties.priority
|
integer
|
Приоритет правила. Значение может быть от 1 до 4096. Номер приоритета должен быть уникальным для каждого правила в коллекции. Чем ниже номер приоритета, тем выше приоритет правила.
|
|
properties.protocol
|
SecurityConfigurationRuleProtocol
|
Сетевой протокол, к которому применяется данное правило.
|
|
properties.provisioningState
|
ProvisioningState
|
Состояние подготовки ресурса.
|
|
properties.resourceGuid
|
string
|
Уникальный идентификатор для этого ресурса.
|
|
properties.sourcePortRanges
|
string[]
|
Диапазоны исходных портов.
|
|
properties.sources
|
AddressPrefixItem[]
|
Диапазоны CIDR или исходных IP-адресов.
|
|
systemData
|
SystemData
|
Системные метаданные, связанные с этим ресурсом.
|
|
type
|
string
|
Тип ресурса.
|
CloudError
Ответ об ошибке от службы.
CloudErrorBody
Ответ об ошибке от службы.
| Имя |
Тип |
Описание |
|
code
|
string
|
Идентификатор ошибки. Коды инвариантны и предназначены для программного использования.
|
|
details
|
CloudErrorBody[]
|
Список дополнительных сведений об ошибке.
|
|
message
|
string
|
Сообщение с описанием ошибки, предназначенное для отображения в пользовательском интерфейсе.
|
|
target
|
string
|
Целевой объект конкретной ошибки. Например, имя свойства в ошибке.
|
createdByType
Тип удостоверения, создавшего ресурс.
| Имя |
Тип |
Описание |
|
Application
|
string
|
|
|
Key
|
string
|
|
|
ManagedIdentity
|
string
|
|
|
User
|
string
|
|
DefaultAdminRule
Правило администратора сети по умолчанию.
| Имя |
Тип |
Описание |
|
etag
|
string
|
Уникальная строка, доступная только для чтения, которая изменяется при каждом обновлении ресурса.
|
|
id
|
string
|
Идентификатор ресурса.
|
|
kind
|
string:
Default
|
Является ли правило пользовательским или по умолчанию.
|
|
name
|
string
|
Имя ресурса.
|
|
properties.access
|
SecurityConfigurationRuleAccess
|
Указывает доступ, разрешенный для данного правила.
|
|
properties.description
|
string
|
Описание этого правила. Ограничено 140 символами.
|
|
properties.destinationPortRanges
|
string[]
|
Диапазоны портов назначения.
|
|
properties.destinations
|
AddressPrefixItem[]
|
Префиксы адреса назначения. Диапазоны IP-адресов CIDR или назначения.
|
|
properties.direction
|
SecurityConfigurationRuleDirection
|
Указывает, соответствует ли трафик правилу входящий или исходящий трафик.
|
|
properties.flag
|
string
|
Флаг правила по умолчанию.
|
|
properties.priority
|
integer
|
Приоритет правила. Значение может быть от 1 до 4096. Номер приоритета должен быть уникальным для каждого правила в коллекции. Чем ниже номер приоритета, тем выше приоритет правила.
|
|
properties.protocol
|
SecurityConfigurationRuleProtocol
|
Сетевой протокол, к которому применяется данное правило.
|
|
properties.provisioningState
|
ProvisioningState
|
Состояние подготовки ресурса.
|
|
properties.resourceGuid
|
string
|
Уникальный идентификатор для этого ресурса.
|
|
properties.sourcePortRanges
|
string[]
|
Диапазоны исходных портов.
|
|
properties.sources
|
AddressPrefixItem[]
|
Диапазоны CIDR или исходных IP-адресов.
|
|
systemData
|
SystemData
|
Системные метаданные, связанные с этим ресурсом.
|
|
type
|
string
|
Тип ресурса.
|
ProvisioningState
Текущее состояние подготовки.
| Имя |
Тип |
Описание |
|
Deleting
|
string
|
|
|
Failed
|
string
|
|
|
Succeeded
|
string
|
|
|
Updating
|
string
|
|
SecurityConfigurationRuleAccess
Указывает, разрешен или запрещен сетевой трафик.
| Имя |
Тип |
Описание |
|
Allow
|
string
|
|
|
AlwaysAllow
|
string
|
|
|
Deny
|
string
|
|
SecurityConfigurationRuleDirection
Направление правила. Направление указывает, будет ли правило оцениваться для входящего или исходящего трафика.
| Имя |
Тип |
Описание |
|
Inbound
|
string
|
|
|
Outbound
|
string
|
|
SecurityConfigurationRuleProtocol
Сетевой протокол, к которому применяется данное правило.
| Имя |
Тип |
Описание |
|
Ah
|
string
|
|
|
Any
|
string
|
|
|
Esp
|
string
|
|
|
Icmp
|
string
|
|
|
Tcp
|
string
|
|
|
Udp
|
string
|
|
SystemData
Метаданные, относящиеся к созданию и последнему изменению ресурса.
| Имя |
Тип |
Описание |
|
createdAt
|
string
|
Метка времени создания ресурса (UTC).
|
|
createdBy
|
string
|
Удостоверение, создающее ресурс.
|
|
createdByType
|
createdByType
|
Тип удостоверения, создавшего ресурс.
|
|
lastModifiedAt
|
string
|
Тип удостоверения, изменяющего ресурс в последний раз.
|
|
lastModifiedBy
|
string
|
Удостоверение, которое в последний раз изменял ресурс.
|
|
lastModifiedByType
|
createdByType
|
Тип удостоверения, изменяющего ресурс в последний раз.
|