def add_webapp_access_restriction(cmd,
resource_group_name,
name,
priority,
rule_name=None,
action='Allow',
ip_address=None,
subnet=None,
vnet_name=None,
description=None,
scm_site=False,
ignore_missing_vnet_service_endpoint=False,
slot=None,
vnet_resource_group=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
if (ip_address and subnet) or (not ip_address and not subnet):
raise CLIError('Usage error: --subnet | --ip-address')
# get rules list
access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
# check for null
access_rules = access_rules or []
rule_instance = None
if subnet:
vnet_rg = vnet_resource_group if vnet_resource_group else resource_group_name
subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, vnet_rg)
if not ignore_missing_vnet_service_endpoint:
_ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)
rule_instance = IpSecurityRestriction(
name=rule_name,
vnet_subnet_resource_id=subnet_id,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
elif ip_address:
rule_instance = IpSecurityRestriction(name=rule_name,
ip_address=ip_address,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
'update_configuration', slot, configs)
return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def add_webapp_access_restriction(
cmd, resource_group_name, name, priority, rule_name=None,
action='Allow', ip_address=None, subnet=None,
vnet_name=None, description=None, scm_site=False,
ignore_missing_vnet_service_endpoint=False, slot=None, vnet_resource_group=None,
service_tag=None, http_headers=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
if (int(service_tag is not None) + int(ip_address is not None) +
int(subnet is not None) != 1):
err_msg = 'Please specify either: --subnet or --ip-address or --service-tag'
raise MutuallyExclusiveArgumentError(err_msg)
# get rules list
access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
# check for null
access_rules = access_rules or []
rule_instance = None
if subnet:
vnet_rg = vnet_resource_group if vnet_resource_group else resource_group_name
subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, vnet_rg)
if not ignore_missing_vnet_service_endpoint:
_ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)
# check for duplicates
for rule in list(access_rules):
if rule.vnet_subnet_resource_id and rule.vnet_subnet_resource_id.lower() == subnet_id.lower():
raise ArgumentUsageError('Service endpoint rule for: ' + subnet_id + ' already exists. '
'Cannot add duplicate service endpoint rules.')
rule_instance = IpSecurityRestriction(
name=rule_name, vnet_subnet_resource_id=subnet_id,
priority=priority, action=action, tag='Default', description=description)
access_rules.append(rule_instance)
elif ip_address:
rule_instance = IpSecurityRestriction(
name=rule_name, ip_address=ip_address,
priority=priority, action=action, tag='Default', description=description)
access_rules.append(rule_instance)
elif service_tag:
rule_instance = IpSecurityRestriction(
name=rule_name, ip_address=service_tag,
priority=priority, action=action, tag='ServiceTag', description=description)
access_rules.append(rule_instance)
if http_headers:
logger.info(http_headers)
rule_instance.headers = _parse_http_headers(http_headers=http_headers)
result = _generic_site_operation(
cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs)
return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def add_webapp_access_restriction(cmd,
resource_group_name,
name,
rule_name,
priority,
action='Allow',
ip_address=None,
subnet=None,
vnet_name=None,
description=None,
scm_site=False,
ignore_missing_vnet_service_endpoint=False,
slot=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
# get rules list
access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
# check for null
access_rules = access_rules or []
rule_instance = None
if subnet or vnet_name:
subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name,
resource_group_name)
if not ignore_missing_vnet_service_endpoint:
_ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)
for rule in list(access_rules):
if rule.vnet_subnet_resource_id:
if rule.action.lower() == action.lower(
) and rule.vnet_subnet_resource_id.lower() == subnet_id.lower(
):
rule_instance = rule
break
if rule_instance:
rule_instance.name = rule_name
rule_instance.priority = priority
rule_instance.description = description if description else rule_instance.description
else:
rule_instance = IpSecurityRestriction(
name=rule_name,
vnet_subnet_resource_id=subnet_id,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
if ip_address:
for rule in list(access_rules):
if rule.ip_address:
if rule.action.lower() == action.lower(
) and rule.ip_address.lower() == ip_address.lower():
rule_instance = rule
break
if rule_instance:
rule_instance.name = rule_name
rule_instance.priority = priority
rule_instance.description = description or rule_instance.description
else:
rule_instance = IpSecurityRestriction(name=rule_name,
ip_address=ip_address,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
'update_configuration', slot, configs)
return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions