def add_webapp_access_restriction(cmd, resource_group_name, name, priority, rule_name=None, action='Allow', ip_address=None, subnet=None, vnet_name=None, description=None, scm_site=False, ignore_missing_vnet_service_endpoint=False, slot=None, vnet_resource_group=None): configs = get_site_configs(cmd, resource_group_name, name, slot) if (ip_address and subnet) or (not ip_address and not subnet): raise CLIError('Usage error: --subnet | --ip-address') # get rules list access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions # check for null access_rules = access_rules or [] rule_instance = None if subnet: vnet_rg = vnet_resource_group if vnet_resource_group else resource_group_name subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, vnet_rg) if not ignore_missing_vnet_service_endpoint: _ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id) rule_instance = IpSecurityRestriction( name=rule_name, vnet_subnet_resource_id=subnet_id, priority=priority, action=action, tag='Default', description=description) access_rules.append(rule_instance) elif ip_address: rule_instance = IpSecurityRestriction(name=rule_name, ip_address=ip_address, priority=priority, action=action, tag='Default', description=description) access_rules.append(rule_instance) result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs) return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def remove_all_auth_settings_secrets(cmd, resource_group_name, name, slot=None): # pylint: disable=unused-argument auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) auth_settings.client_secret = "" auth_settings.facebook_app_secret = "" auth_settings.git_hub_client_secret = "" auth_settings.google_client_secret = "" auth_settings.microsoft_account_client_secret = "" auth_settings.twitter_consumer_secret_setting_name = "" return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings)
def set_webapp_access_restriction(cmd, resource_group_name, name, use_same_restrictions_for_scm_site, slot=None): configs = get_site_configs(cmd, resource_group_name, name, slot) setattr(configs, 'scm_ip_security_restrictions_use_main', bool(use_same_restrictions_for_scm_site)) use_main = _generic_site_operation( cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs).scm_ip_security_restrictions_use_main use_main_json = {"scmIpSecurityRestrictionsUseMain": use_main} return use_main_json
def remove_webapp_access_restriction(cmd, resource_group_name, name, rule_name=None, action='Allow', ip_address=None, subnet=None, vnet_name=None, scm_site=False, slot=None): configs = get_site_configs(cmd, resource_group_name, name, slot) rule_instance = None # get rules list access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions for rule in list(access_rules): if rule_name: if rule.name and rule.name.lower() == rule_name.lower( ) and rule.action == action: rule_instance = rule break elif ip_address: if rule.ip_address == ip_address and rule.action == action: if rule_name and rule.name and rule.name.lower( ) != rule_name.lower(): continue rule_instance = rule break elif subnet: subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, resource_group_name) if rule.vnet_subnet_resource_id == subnet_id and rule.action == action: if rule_name and rule.name and rule.name.lower( ) != rule_name.lower(): continue rule_instance = rule break if rule_instance is None: raise CLIError( 'No rule found with the specified criteria. ' 'If you are trying to remove a Deny rule, you must explicitly specify --action Deny' ) access_rules.remove(rule_instance) result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs) return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def remove_webapp_access_restriction(cmd, resource_group_name, name, rule_name, scm_site=False, slot=None): configs = get_site_configs(cmd, resource_group_name, name, slot) rule_instance = None # get rules list access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions for rule in list(access_rules): if rule.name.lower() == rule_name.lower(): rule_instance = rule break if rule_instance is not None: access_rules.remove(rule_instance) result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs) return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
def _get_app_url(cmd, rg_name, app_name): site = _generic_site_operation(cmd.cli_ctx, rg_name, app_name, 'get') return "https://" + site.enabled_host_names[0]
def update_auth_classic_settings( cmd, resource_group_name, name, enabled=None, action=None, # pylint: disable=unused-argument client_id=None, token_store_enabled=None, runtime_version=None, # pylint: disable=unused-argument token_refresh_extension_hours=None, # pylint: disable=unused-argument allowed_external_redirect_urls=None, client_secret=None, # pylint: disable=unused-argument client_secret_certificate_thumbprint=None, # pylint: disable=unused-argument allowed_audiences=None, issuer=None, facebook_app_id=None, # pylint: disable=unused-argument facebook_app_secret=None, facebook_oauth_scopes=None, # pylint: disable=unused-argument twitter_consumer_key=None, twitter_consumer_secret=None, # pylint: disable=unused-argument google_client_id=None, google_client_secret=None, # pylint: disable=unused-argument google_oauth_scopes=None, microsoft_account_client_id=None, # pylint: disable=unused-argument microsoft_account_client_secret=None, # pylint: disable=unused-argument microsoft_account_oauth_scopes=None, slot=None, # pylint: disable=unused-argument git_hub_client_id=None, git_hub_client_secret=None, # pylint: disable=unused-argument git_hub_o_auth_scopes=None, # pylint: disable=unused-argument client_secret_setting_name=None, facebook_app_secret_setting_name=None, # pylint: disable=unused-argument google_client_secret_setting_name=None, # pylint: disable=unused-argument microsoft_account_client_secret_setting_name=None, # pylint: disable=unused-argument twitter_consumer_secret_setting_name=None, git_hub_client_secret_setting_name=None): # pylint: disable=unused-argument if is_auth_v2_app(cmd, resource_group_name, name, slot): raise CLIError( 'Usage Error: Cannot use command az webapp auth-classic update when the app ' 'is using auth v2. If you wish to revert the app to v1, run az webapp auth revert' ) auth_settings = get_auth_settings(cmd, resource_group_name, name, slot) if action == 'AllowAnonymous': auth_settings.unauthenticated_client_action = 'AllowAnonymous' elif action: auth_settings.unauthenticated_client_action = 'RedirectToLoginPage' auth_settings.default_provider = AUTH_TYPES[action] # validate runtime version if not is_auth_runtime_version_valid(runtime_version): raise CLIError('Usage Error: --runtime-version set to invalid value') import inspect frame = inspect.currentframe() bool_flags = ['enabled', 'token_store_enabled'] # note: getargvalues is used already in azure.cli.core.commands. # and no simple functional replacement for this deprecating method for 3.5 args, _, _, values = inspect.getargvalues(frame) # pylint: disable=deprecated-method for arg in args[2:]: if values.get(arg, None): setattr( auth_settings, arg, values[arg] if arg not in bool_flags else values[arg] == 'true') return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_auth_settings', slot, auth_settings)
def get_auth_settings(cmd, resource_group_name, name, slot=None): return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get_auth_settings', slot)
def add_webapp_access_restriction(cmd, resource_group_name, name, rule_name, priority, action='Allow', ip_address=None, subnet=None, vnet_name=None, description=None, scm_site=False, ignore_missing_vnet_service_endpoint=False, slot=None): configs = get_site_configs(cmd, resource_group_name, name, slot) # get rules list access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions # check for null access_rules = access_rules or [] rule_instance = None if subnet or vnet_name: subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, resource_group_name) if not ignore_missing_vnet_service_endpoint: _ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id) for rule in list(access_rules): if rule.vnet_subnet_resource_id: if rule.action.lower() == action.lower( ) and rule.vnet_subnet_resource_id.lower() == subnet_id.lower( ): rule_instance = rule break if rule_instance: rule_instance.name = rule_name rule_instance.priority = priority rule_instance.description = description if description else rule_instance.description else: rule_instance = IpSecurityRestriction( name=rule_name, vnet_subnet_resource_id=subnet_id, priority=priority, action=action, tag='Default', description=description) access_rules.append(rule_instance) if ip_address: for rule in list(access_rules): if rule.ip_address: if rule.action.lower() == action.lower( ) and rule.ip_address.lower() == ip_address.lower(): rule_instance = rule break if rule_instance: rule_instance.name = rule_name rule_instance.priority = priority rule_instance.description = description or rule_instance.description else: rule_instance = IpSecurityRestriction(name=rule_name, ip_address=ip_address, priority=priority, action=action, tag='Default', description=description) access_rules.append(rule_instance) result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs) return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions