def create_tunnel(cmd, resource_group_name, name, port=None, slot=None):
import time
profiles = list_publish_profiles(cmd, resource_group_name, name, slot)
user_name = next(p['userName'] for p in profiles)
user_password = next(p['userPWD'] for p in profiles)
import threading
from .tunnel import TunnelServer
if port is None:
port = 0 # Will auto-select a free port from 1024-65535
logger.info('No port defined, creating on random free port')
host_name = name
if slot is not None:
host_name += "-" + slot
tunnel_server = TunnelServer('', port, host_name, user_name, user_password)
config = get_site_configs(cmd, resource_group_name, name, slot)
_ping_scm_site(cmd, resource_group_name, name)
t = threading.Thread(target=_start_tunnel,
args=(tunnel_server, config.remote_debugging_enabled))
t.daemon = True
t.start()
# Wait indefinitely for CTRL-C
while True:
time.sleep(5)
def create_tunnel(cmd, resource_group_name, name, port=None, slot=None):
logger.warning("remote-connection is deprecated and moving to cli-core, use `webapp create-remote-connection`")
webapp = show_webapp(cmd, resource_group_name, name, slot)
is_linux = webapp.reserved
if not is_linux:
logger.error("Only Linux App Service Plans supported, Found a Windows App Service Plan")
return
import time
profiles = list_publish_profiles(cmd, resource_group_name, name, slot)
user_name = next(p['userName'] for p in profiles)
user_password = next(p['userPWD'] for p in profiles)
import threading
from .tunnel import TunnelServer
if port is None:
port = 0 # Will auto-select a free port from 1024-65535
logger.info('No port defined, creating on random free port')
host_name = name
if slot is not None:
host_name += "-" + slot
tunnel_server = TunnelServer('', port, host_name, user_name, user_password)
config = get_site_configs(cmd, resource_group_name, name, slot)
_ping_scm_site(cmd, resource_group_name, name)
t = threading.Thread(target=_start_tunnel, args=(tunnel_server, config.remote_debugging_enabled))
t.daemon = True
t.start()
# Wait indefinitely for CTRL-C
while True:
time.sleep(5)
def add_webapp_access_restriction(cmd,
resource_group_name,
name,
priority,
rule_name=None,
action='Allow',
ip_address=None,
subnet=None,
vnet_name=None,
description=None,
scm_site=False,
ignore_missing_vnet_service_endpoint=False,
slot=None,
vnet_resource_group=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
if (ip_address and subnet) or (not ip_address and not subnet):
raise CLIError('Usage error: --subnet | --ip-address')
# get rules list
access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
# check for null
access_rules = access_rules or []
rule_instance = None
if subnet:
vnet_rg = vnet_resource_group if vnet_resource_group else resource_group_name
subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, vnet_rg)
if not ignore_missing_vnet_service_endpoint:
_ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)
rule_instance = IpSecurityRestriction(
name=rule_name,
vnet_subnet_resource_id=subnet_id,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
elif ip_address:
rule_instance = IpSecurityRestriction(name=rule_name,
ip_address=ip_address,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
'update_configuration', slot, configs)
return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def show_webapp_access_restrictions(cmd, resource_group_name, name, slot=None):
import json
configs = get_site_configs(cmd, resource_group_name, name, slot)
access_restrictions = json.dumps(configs.ip_security_restrictions,
default=lambda x: x.__dict__)
scm_access_restrictions = json.dumps(configs.scm_ip_security_restrictions,
default=lambda x: x.__dict__)
access_rules = {
"scmIpSecurityRestrictionsUseMain":
configs.scm_ip_security_restrictions_use_main,
"ipSecurityRestrictions": json.loads(access_restrictions),
"scmIpSecurityRestrictions": json.loads(scm_access_restrictions)
}
return access_rules
def set_webapp_access_restriction(cmd,
resource_group_name,
name,
use_same_restrictions_for_scm_site,
slot=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
setattr(configs, 'scm_ip_security_restrictions_use_main',
bool(use_same_restrictions_for_scm_site))
use_main = _generic_site_operation(
cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot,
configs).scm_ip_security_restrictions_use_main
use_main_json = {"scmIpSecurityRestrictionsUseMain": use_main}
return use_main_json
def remove_webapp_access_restriction(cmd,
resource_group_name,
name,
rule_name=None,
action='Allow',
ip_address=None,
subnet=None,
vnet_name=None,
scm_site=False,
slot=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
rule_instance = None
# get rules list
access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
for rule in list(access_rules):
if rule_name:
if rule.name and rule.name.lower() == rule_name.lower(
) and rule.action == action:
rule_instance = rule
break
elif ip_address:
if rule.ip_address == ip_address and rule.action == action:
if rule_name and rule.name and rule.name.lower(
) != rule_name.lower():
continue
rule_instance = rule
break
elif subnet:
subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name,
resource_group_name)
if rule.vnet_subnet_resource_id == subnet_id and rule.action == action:
if rule_name and rule.name and rule.name.lower(
) != rule_name.lower():
continue
rule_instance = rule
break
if rule_instance is None:
raise CLIError(
'No rule found with the specified criteria. '
'If you are trying to remove a Deny rule, you must explicitly specify --action Deny'
)
access_rules.remove(rule_instance)
result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
'update_configuration', slot, configs)
return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def remove_webapp_access_restriction(cmd,
resource_group_name,
name,
rule_name,
scm_site=False,
slot=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
rule_instance = None
# get rules list
access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
for rule in list(access_rules):
if rule.name.lower() == rule_name.lower():
rule_instance = rule
break
if rule_instance is not None:
access_rules.remove(rule_instance)
result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
'update_configuration', slot, configs)
return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def add_webapp_access_restriction(cmd,
resource_group_name,
name,
rule_name,
priority,
action='Allow',
ip_address=None,
subnet=None,
vnet_name=None,
description=None,
scm_site=False,
ignore_missing_vnet_service_endpoint=False,
slot=None):
configs = get_site_configs(cmd, resource_group_name, name, slot)
# get rules list
access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
# check for null
access_rules = access_rules or []
rule_instance = None
if subnet or vnet_name:
subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name,
resource_group_name)
if not ignore_missing_vnet_service_endpoint:
_ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)
for rule in list(access_rules):
if rule.vnet_subnet_resource_id:
if rule.action.lower() == action.lower(
) and rule.vnet_subnet_resource_id.lower() == subnet_id.lower(
):
rule_instance = rule
break
if rule_instance:
rule_instance.name = rule_name
rule_instance.priority = priority
rule_instance.description = description if description else rule_instance.description
else:
rule_instance = IpSecurityRestriction(
name=rule_name,
vnet_subnet_resource_id=subnet_id,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
if ip_address:
for rule in list(access_rules):
if rule.ip_address:
if rule.action.lower() == action.lower(
) and rule.ip_address.lower() == ip_address.lower():
rule_instance = rule
break
if rule_instance:
rule_instance.name = rule_name
rule_instance.priority = priority
rule_instance.description = description or rule_instance.description
else:
rule_instance = IpSecurityRestriction(name=rule_name,
ip_address=ip_address,
priority=priority,
action=action,
tag='Default',
description=description)
access_rules.append(rule_instance)
result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
'update_configuration', slot, configs)
return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
