再来分享个自己纯练手的小脚本,主要作用是把自己当前的公网IP更新到特定的NSG里,因为放在公网上的服务器我都是限制只有自己的IP能够访问的,但是因为IP经常会变动,所以不定期就要更新一次,之前就写过基于PowerShell的这种脚本,这次改成用pyhton写下,基本逻辑都差不多,比较简单
直接把脚本内容贴出来
from azure.mgmt.network.models import SecurityRule
from azure.mgmt.network import NetworkManagementClient
from azure.identity import DefaultAzureCredential
import requests
subscription_id = 'xx'
resource_group_name = 'xx'
nsg_name = 'xx'
# authentication
credentials = DefaultAzureCredential()
network_client = NetworkManagementClient(credentials, subscription_id)
# get nsg object
nsg=network_client.network_security_groups.get(resource_group_name, nsg_name)
rules=nsg.security_rules
# get rule
rule = min(rules, key=lambda x: x.priority)
source_ip=rule.source_address_prefixes
#get ip
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
}
url="https://ipinfo.io/ip"
res=requests.get(url, headers=headers)
self_ip=res.text
# update nsg rule
if self_ip in source_ip:
print("IP already in NSG rules")
else:
source_ip.append(self_ip)
rule.source_address_prefixes=source_ip
try:
network_client.security_rules.begin_create_or_update(
resource_group_name,
nsg_name,
rule.name,
rule
)
except Exception as e:
print(e.message)
使用的话,首先先用AZ CLI登录下,因为是default credential,所以需要在脚本外直接登录,之后就是直接用python来执行就好了