如何以编程方式更新 Azure 存储防火墙设置
How to programatically update Azure Storage firewall settings
我正在使用 Azure 存储,它允许通过从 Azure 门户管理“防火墙和虚拟网络”设置来控制访问。
有没有办法通过 API 做同样的事情?我进行了一些文档搜索,但找不到可以执行此操作的 APIs。
关于此的任何指示都会有所帮助。
如果你想通过API更新Azure存储防火墙,你想使用下面的RestAPI来实现它。详情请参考here
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2019-06-01
Authorization: Bearer <access token>
{
"properties": {
"networkAcls": {
"bypass": "string",
"virtualNetworkRules": [
{
"id": "string",
"action": "Allow",
"state": "string"
}
],
"ipRules": [
{
"value": "string",
"action": "Allow"
}
],
"defaultAction": "string"
}
}
}
例如
- 创建服务主体并将
Contributor 角色分配给 sp
az login
# create sp and assign Contributor to the sp at the subscription level
az ad sp create-for-rbac -n "your service principal name"
- 获取令牌
POST https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&scope=https://management.azure.com/.default
&client_id=<sp appId>
&client_secret=<sp password>
- 测试(我更新了帐户的防火墙以允许某些 IP 和 AzureServices 访问存储)。
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2019-06-01
Authorization: Bearer <access token>
{
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [
{
"value": "167.220.255.0/24",
"action": "Allow"
}
],
"defaultAction": "Deny"
}
}
}
我正在使用 Azure 存储,它允许通过从 Azure 门户管理“防火墙和虚拟网络”设置来控制访问。
有没有办法通过 API 做同样的事情?我进行了一些文档搜索,但找不到可以执行此操作的 APIs。
关于此的任何指示都会有所帮助。
如果你想通过API更新Azure存储防火墙,你想使用下面的RestAPI来实现它。详情请参考here
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2019-06-01
Authorization: Bearer <access token>
{
"properties": {
"networkAcls": {
"bypass": "string",
"virtualNetworkRules": [
{
"id": "string",
"action": "Allow",
"state": "string"
}
],
"ipRules": [
{
"value": "string",
"action": "Allow"
}
],
"defaultAction": "string"
}
}
}
例如
- 创建服务主体并将
Contributor角色分配给 sp
az login
# create sp and assign Contributor to the sp at the subscription level
az ad sp create-for-rbac -n "your service principal name"
- 获取令牌
POST https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&scope=https://management.azure.com/.default
&client_id=<sp appId>
&client_secret=<sp password>
- 测试(我更新了帐户的防火墙以允许某些 IP 和 AzureServices 访问存储)。
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2019-06-01
Authorization: Bearer <access token>
{
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [
{
"value": "167.220.255.0/24",
"action": "Allow"
}
],
"defaultAction": "Deny"
}
}
}