使用Powershell

时间:2017-01-05 04:53:59

标签: powershell azure azure-resource-manager

我正在尝试使用Powershell设置IP安全限制。我的语法没有返回任何错误,但设置没有改变。 “ipSecurityRestrictions”属性是一个哈希表。

$r = Get-AzureRmResource -ResourceGroupName *resource-group-name* -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01
$p = $r.Properties
$p.ipSecurityRestrictions = @{ ipAddress = "0.0.0.0"; subnetMask = "0.0.0.0" }
Set-AzureRmResource -ResourceGroupName *resource-group-name* -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p

这不是权限问题,并且没有返回错误。要更改不是哈希表的属性,例如phpVersion,以下代码正常工作:

$p.phpVersion = "7.0"

是否有人使用此方法成功设置了ipSecurityRestrictions?

2 个答案:

答案 0 :(得分:12)

ipSecurityRestrictions应该是对象数组。请尝试更改代码,如下所示。它适用于我。

$r = Get-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01

$p = $r.Properties
$p.ipSecurityRestrictions = @()
$restriction = @{}
$restriction.Add("ipAddress","0.0.0.0")
$restriction.Add("subnetMask","0.0.0.0")
$p.ipSecurityRestrictions+= $restriction

Set-AzureRmResource -ResourceGroupName  "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p

enter image description here

之后我们可以从资源azure获得结果 (https://resources.azure.com)。

enter image description here

我们也可以从资源azure获得powershell cmd。

enter image description here

答案 1 :(得分:0)

这是添加规则的便捷功能:

function Add-AzureIpRestrictionRule
{
    [CmdletBinding()]
    Param
    (
        # Name of the resource group that contains the App Service.
        [Parameter(Mandatory=$true, Position=0)]
        $ResourceGroupName, 

        # Name of your Web or API App.
        [Parameter(Mandatory=$true, Position=1)]
        $AppServiceName, 

        # rule to add.
        [Parameter(Mandatory=$true, Position=2)]
        [PSCustomObject]$rule 
    )

    $ApiVersions = Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Web | 
        Select-Object -ExpandProperty ResourceTypes |
        Where-Object ResourceTypeName -eq 'sites' |
        Select-Object -ExpandProperty ApiVersions

    $LatestApiVersion = $ApiVersions[0]

    $WebAppConfig = Get-AzureRmResource -ResourceType 'Microsoft.Web/sites/config' -ResourceName $AppServiceName -ResourceGroupName $ResourceGroupName -ApiVersion $LatestApiVersion

    $WebAppConfig.Properties.ipSecurityRestrictions =  $WebAppConfig.Properties.ipSecurityRestrictions + @($rule) | 
        Group-Object name | 
        ForEach-Object { $_.Group | Select-Object -Last 1 }

    Set-AzureRmResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $LatestApiVersion -Force    
}

用法示例: 

Login-AzureRmAccount
# determine current ip
$clientIp = Invoke-WebRequest 'https://api.ipify.org' | Select-Object -ExpandProperty Content

$rule = [PSCustomObject]@{
    ipAddress = "$($clientIp)/32"
    action = "Allow"  
    priority = 123 
    name = '{0}_{1}' -f $env:computername, $env:USERNAME 
    description = "Automatically added ip restriction"
}

Add-AzureIpRestrictionRule -ResourceGroupName "myResourceGroup" -AppServiceName "myAppServiceName" -rule $rule

来源:Configure Azure App Service IP Restrictions using PowerShell

相关问题
最新问题