Exemplo n.º 1
0
def add_webapp_access_restriction(cmd,
                                  resource_group_name,
                                  name,
                                  priority,
                                  rule_name=None,
                                  action='Allow',
                                  ip_address=None,
                                  subnet=None,
                                  vnet_name=None,
                                  description=None,
                                  scm_site=False,
                                  ignore_missing_vnet_service_endpoint=False,
                                  slot=None,
                                  vnet_resource_group=None):
    configs = get_site_configs(cmd, resource_group_name, name, slot)

    if (ip_address and subnet) or (not ip_address and not subnet):
        raise CLIError('Usage error: --subnet | --ip-address')

    # get rules list
    access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
    # check for null
    access_rules = access_rules or []

    rule_instance = None
    if subnet:
        vnet_rg = vnet_resource_group if vnet_resource_group else resource_group_name
        subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, vnet_rg)
        if not ignore_missing_vnet_service_endpoint:
            _ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)

        rule_instance = IpSecurityRestriction(
            name=rule_name,
            vnet_subnet_resource_id=subnet_id,
            priority=priority,
            action=action,
            tag='Default',
            description=description)
        access_rules.append(rule_instance)

    elif ip_address:
        rule_instance = IpSecurityRestriction(name=rule_name,
                                              ip_address=ip_address,
                                              priority=priority,
                                              action=action,
                                              tag='Default',
                                              description=description)
        access_rules.append(rule_instance)

    result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
                                     'update_configuration', slot, configs)
    return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
Exemplo n.º 2
0
def add_webapp_access_restriction(
        cmd, resource_group_name, name, priority, rule_name=None,
        action='Allow', ip_address=None, subnet=None,
        vnet_name=None, description=None, scm_site=False,
        ignore_missing_vnet_service_endpoint=False, slot=None, vnet_resource_group=None,
        service_tag=None, http_headers=None):
    configs = get_site_configs(cmd, resource_group_name, name, slot)
    if (int(service_tag is not None) + int(ip_address is not None) +
            int(subnet is not None) != 1):
        err_msg = 'Please specify either: --subnet or --ip-address or --service-tag'
        raise MutuallyExclusiveArgumentError(err_msg)

    # get rules list
    access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
    # check for null
    access_rules = access_rules or []

    rule_instance = None
    if subnet:
        vnet_rg = vnet_resource_group if vnet_resource_group else resource_group_name
        subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, vnet_rg)
        if not ignore_missing_vnet_service_endpoint:
            _ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)
        # check for duplicates
        for rule in list(access_rules):
            if rule.vnet_subnet_resource_id and rule.vnet_subnet_resource_id.lower() == subnet_id.lower():
                raise ArgumentUsageError('Service endpoint rule for: ' + subnet_id + ' already exists. '
                                         'Cannot add duplicate service endpoint rules.')
        rule_instance = IpSecurityRestriction(
            name=rule_name, vnet_subnet_resource_id=subnet_id,
            priority=priority, action=action, tag='Default', description=description)
        access_rules.append(rule_instance)
    elif ip_address:
        rule_instance = IpSecurityRestriction(
            name=rule_name, ip_address=ip_address,
            priority=priority, action=action, tag='Default', description=description)
        access_rules.append(rule_instance)
    elif service_tag:
        rule_instance = IpSecurityRestriction(
            name=rule_name, ip_address=service_tag,
            priority=priority, action=action, tag='ServiceTag', description=description)
        access_rules.append(rule_instance)
    if http_headers:
        logger.info(http_headers)
        rule_instance.headers = _parse_http_headers(http_headers=http_headers)

    result = _generic_site_operation(
        cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs)
    return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions
Exemplo n.º 3
0
def add_webapp_access_restriction(cmd,
                                  resource_group_name,
                                  name,
                                  rule_name,
                                  priority,
                                  action='Allow',
                                  ip_address=None,
                                  subnet=None,
                                  vnet_name=None,
                                  description=None,
                                  scm_site=False,
                                  ignore_missing_vnet_service_endpoint=False,
                                  slot=None):
    configs = get_site_configs(cmd, resource_group_name, name, slot)

    # get rules list
    access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions
    # check for null
    access_rules = access_rules or []

    rule_instance = None
    if subnet or vnet_name:
        subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name,
                                     resource_group_name)
        if not ignore_missing_vnet_service_endpoint:
            _ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id)

        for rule in list(access_rules):
            if rule.vnet_subnet_resource_id:
                if rule.action.lower() == action.lower(
                ) and rule.vnet_subnet_resource_id.lower() == subnet_id.lower(
                ):
                    rule_instance = rule
                    break

        if rule_instance:
            rule_instance.name = rule_name
            rule_instance.priority = priority
            rule_instance.description = description if description else rule_instance.description
        else:
            rule_instance = IpSecurityRestriction(
                name=rule_name,
                vnet_subnet_resource_id=subnet_id,
                priority=priority,
                action=action,
                tag='Default',
                description=description)
            access_rules.append(rule_instance)

    if ip_address:
        for rule in list(access_rules):
            if rule.ip_address:
                if rule.action.lower() == action.lower(
                ) and rule.ip_address.lower() == ip_address.lower():
                    rule_instance = rule
                    break

        if rule_instance:
            rule_instance.name = rule_name
            rule_instance.priority = priority
            rule_instance.description = description or rule_instance.description
        else:
            rule_instance = IpSecurityRestriction(name=rule_name,
                                                  ip_address=ip_address,
                                                  priority=priority,
                                                  action=action,
                                                  tag='Default',
                                                  description=description)
            access_rules.append(rule_instance)

    result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name,
                                     'update_configuration', slot, configs)
    return result.scm_ip_security_restrictions if scm_site else result.ip_security_restrictions