Search code examples
pythonazureazure-sdk-python

Azure SDK Python,I want to assign multiple ports to an NSG Security Rule

I'm trying to manipulate Azure security groups in Python. The big picture works.

But,Attempts to add a rule to an existing security group.

network_client.security_rules.create_or_update('resourcesname',"nsg-name","secure-name",SecurityRule(
        protocol='Tcp', 
        source_address_prefix='*', 
        destination_address_prefix='*', 
        access='Allow', 
        direction='Inbound', description=name+' use rules',source_port_range='*', 
        #destination_port_range="1000,2000",
        #destination_port_range=["1000","2000"],
        destination_port_range=[1000,2000],
        priority=100, name="secure-name"))

I get the following error when I specify multiple ports

msrestazure.azure_exceptions.CloudError: Azure Error: SecurityRuleInvalidPortRange
Message: Security rule has invalid Port range. Value provided: [1000,2000]. Value should be an integer OR integer range with '-' delimiter. Valid range 0-65535.

I've also tried string arrays and simple strings. But it fails. Can anyone solve the problem?

Solution

  • Actually, it's quite simple.

    If you want to add a range of ports, you should use the property destination_port_ranges instead of destination_port_range(Note the "s" at the end of the 2 properties).

    Here is my code:

    from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2020_04_01.models import NetworkSecurityGroup, SecurityRule

subscription_id = 'xxx'
credentials = ServicePrincipalCredentials(
    client_id = 'xxx',
    secret = 'xxx',
    tenant = 'xxx'
)

network_client = NetworkManagementClient(
    credentials,
    subscription_id
)

network_client.security_rules.create_or_update('xxx',"yysecurityGroup","my_Port_8080",SecurityRule(
        protocol='Tcp', 
        source_address_prefix='*', 
        destination_address_prefix='*', 
        access='Allow', 
        direction='Inbound', description='my_Port_8080 use rules',source_port_range='*', 
        #destination_port_range="1000,2000",
        destination_port_ranges=["1000","1005","2005","2020"],     
        priority=100, name="my_Port_8080"))


print("**complete**")

    The test result:

    enter image description here