def _process_resource(self, resource):
rule_set = NetworkRuleSet(default_action=self.data['default-action'])
if 'ip-rules' in self.data:
rule_set.ip_rules = [
IPRule(
ip_address_or_range=r['ip-address-or-range'],
action='Allow') # 'Allow' is the only allowed action
for r in self.data['ip-rules']]
if 'virtual-network-rules' in self.data:
rule_set.virtual_network_rules = [
VirtualNetworkRule(
virtual_network_resource_id=r['virtual-network-resource-id'],
action='Allow') # 'Allow' is the only allowed action
for r in self.data['virtual-network-rules']]
if len(self.data.get('bypass', [])) > 0:
rule_set.bypass = '******'.join(self.data['bypass'])
else:
rule_set.bypass = '******'
self.client.storage_accounts.update(
resource['resourceGroup'],
resource['name'],
StorageAccountUpdateParameters(network_rule_set=rule_set))
def _process_resource(self, resource):
rules = self._build_ip_rules(resource, self.data.get('ip-rules', []))
# Build out the ruleset model to update the resource
rule_set = NetworkRuleSet(default_action=self.data.get('default-action', 'Deny'))
# If the user has too many rules log and skip
if len(rules) > self.rule_limit:
self._log.error("Skipped updating firewall for %s. "
"%s exceeds maximum rule count of %s." %
(resource['name'], len(rules), self.rule_limit))
return
# Add IP rules
rule_set.ip_rules = [IPRule(ip_address_or_range=r) for r in rules]
# Add VNET rules
vnet_rules = self._build_vnet_rules(resource, self.data.get('virtual-network-rules', []))
rule_set.virtual_network_rules = [
VirtualNetworkRule(virtual_network_resource_id=r) for r in vnet_rules]
# Configure BYPASS
rule_set.bypass = self._build_bypass_rules(resource, self.data.get('bypass', []))
# Update resource
self.client.storage_accounts.update(
resource['resourceGroup'],
resource['name'],
StorageAccountUpdateParameters(network_rule_set=rule_set))
def _process_resource(self, resource):
# Build out the ruleset model to update the resource
rule_set = NetworkRuleSet(
default_action=self.data.get('default-action', 'Deny'))
# Add IP rules
if self.data.get('ip-rules') is not None:
existing_ip = [
r['value'] for r in resource['properties']['networkAcls'].get(
'ipRules', [])
]
ip_rules = self._build_ip_rules(existing_ip,
self.data.get('ip-rules', []))
# If the user has too many rules raise exception
if len(ip_rules) > self.rule_limit:
raise ValueError(
"Skipped updating firewall for %s. "
"%s exceeds maximum rule count of %s." %
(resource['name'], len(ip_rules), self.rule_limit))
rule_set.ip_rules = [
IPRule(ip_address_or_range=r) for r in ip_rules
]
# Add VNET rules
if self.data.get('virtual-network-rules') is not None:
existing_vnet = \
[r['id'] for r in
resource['properties']['networkAcls'].get('virtualNetworkRules', [])]
vnet_rules = \
self._build_vnet_rules(existing_vnet, self.data.get('virtual-network-rules', []))
rule_set.virtual_network_rules = \
[VirtualNetworkRule(virtual_network_resource_id=r) for r in vnet_rules]
# Configure BYPASS
if self.data.get('bypass-rules') is not None:
existing_bypass = resource['properties']['networkAcls'].get(
'bypass', '').split(',')
rule_set.bypass = self._build_bypass_rules(
existing_bypass, self.data.get('bypass-rules', []))
# Update resource
self.client.storage_accounts.update(
resource['resourceGroup'], resource['name'],
StorageAccountUpdateParameters(network_rule_set=rule_set))