你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Network Security Perimeter Access Rules - Create Or Update

服务:: Network security perimeter

API 版本:: 2025-03-01

创建或更新网络访问规则。

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityPerimeters/{networkSecurityPerimeterName}/profiles/{profileName}/accessRules/{accessRuleName}?api-version=2025-03-01

URI 参数

名称	在	必需	类型	说明
accessRuleName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	NSP 访问规则的名称。
networkSecurityPerimeterName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	网络安全外围的名称。
profileName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	NSP 配置文件的名称。
resourceGroupName	path	True	string	资源组的名称。
subscriptionId	path	True	string	唯一标识 Azure 订阅Microsoft的订阅凭据。订阅 ID 构成了每个服务调用的 URI 的一部分。
api-version	query	True	string	客户端 API 版本。

请求正文

名称	类型	说明
properties.addressPrefixes	string[]	入站地址前缀（IPv4/IPv6）
properties.direction	AccessRuleDirection	指定访问规则是否为入站/出站的方向。
properties.emailAddresses	string[]	电子邮件地址格式的出站规则。此访问规则类型当前不可用。
properties.fullyQualifiedDomainNames	string[]	完全限定域名格式的出站规则。
properties.phoneNumbers	string[]	电话号码格式的出站规则。此访问规则类型当前不可用。
properties.serviceTags	string[]	类型服务标记的入站规则。此访问规则类型当前不可用。
properties.subscriptions	SubscriptionId[]	订阅 ID 列表

响应

名称	类型	说明
200 OK	NspAccessRule	已更新 - 已更新现有访问规则。返回资源。
201 Created	NspAccessRule	创建 - 返回创建的 NspAccessRule 资源。
Other Status Codes	CloudError	描述作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow。

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

NspAccessRulePut

示例请求

PUT https://management.azure.com/subscriptions/subId/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1?api-version=2025-03-01

{
  "properties": {
    "direction": "Inbound",
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ]
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python nsp_access_rule_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subId",
    )

    response = client.network_security_perimeter_access_rules.create_or_update(
        resource_group_name="rg1",
        network_security_perimeter_name="nsp1",
        profile_name="profile1",
        access_rule_name="accessRule1",
        parameters={"properties": {"addressPrefixes": ["10.11.0.0/16", "10.10.1.0/24"], "direction": "Inbound"}},
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Creates or updates a network access rule.
 *
 * @summary Creates or updates a network access rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
 */
async function nspAccessRulePut() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subId";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkSecurityPerimeterName = "nsp1";
  const profileName = "profile1";
  const accessRuleName = "accessRule1";
  const parameters = {
    addressPrefixes: ["10.11.0.0/16", "10.10.1.0/24"],
    direction: "Inbound",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.networkSecurityPerimeterAccessRules.createOrUpdate(
    resourceGroupName,
    networkSecurityPerimeterName,
    profileName,
    accessRuleName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
// this example is just showing the usage of "NetworkSecurityPerimeterAccessRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetworkSecurityPerimeterAccessRuleResource created on azure
// for more information of creating NetworkSecurityPerimeterAccessRuleResource, please refer to the document of NetworkSecurityPerimeterAccessRuleResource
string subscriptionId = "subId";
string resourceGroupName = "rg1";
string networkSecurityPerimeterName = "nsp1";
string profileName = "profile1";
string accessRuleName = "accessRule1";
ResourceIdentifier networkSecurityPerimeterAccessRuleResourceId = NetworkSecurityPerimeterAccessRuleResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkSecurityPerimeterName, profileName, accessRuleName);
NetworkSecurityPerimeterAccessRuleResource networkSecurityPerimeterAccessRule = client.GetNetworkSecurityPerimeterAccessRuleResource(networkSecurityPerimeterAccessRuleResourceId);

// invoke the operation
NetworkSecurityPerimeterAccessRuleData data = new NetworkSecurityPerimeterAccessRuleData
{
    Direction = NetworkSecurityPerimeterAccessRuleDirection.Inbound,
    AddressPrefixes = { "10.11.0.0/16", "10.10.1.0/24" },
};
ArmOperation<NetworkSecurityPerimeterAccessRuleResource> lro = await networkSecurityPerimeterAccessRule.UpdateAsync(WaitUntil.Completed, data);
NetworkSecurityPerimeterAccessRuleResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
NetworkSecurityPerimeterAccessRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:: 200

{
  "name": "accessRule1",
  "id": "/subscriptions/subId/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1",
  "type": "Microsoft.Network/networkSecurityPerimeters/profiles/accessRules",
  "properties": {
    "provisioningState": "Succeeded",
    "direction": "Inbound",
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ],
    "fullyQualifiedDomainNames": [],
    "subscriptions": [],
    "networkSecurityPerimeters": [],
    "emailAddresses": [],
    "phoneNumbers": [],
    "serviceTags": []
  },
  "systemData": {
    "createdBy": "user",
    "createdByType": "User",
    "createdAt": "2024-02-07T18:07:36.3446713Z",
    "lastModifiedBy": "user",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-02-07T18:07:36.3446713Z"
  }
}

状态代码:: 201

{
  "name": "accessRule1",
  "id": "/subscriptions/subId/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1",
  "type": "Microsoft.Network/networkSecurityPerimeters/profiles/accessRules",
  "properties": {
    "provisioningState": "Succeeded",
    "direction": "Inbound",
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ],
    "fullyQualifiedDomainNames": [],
    "subscriptions": [],
    "networkSecurityPerimeters": [],
    "emailAddresses": [],
    "phoneNumbers": [],
    "serviceTags": []
  },
  "systemData": {
    "createdBy": "user",
    "createdByType": "User",
    "createdAt": "2024-02-07T18:07:36.3446713Z",
    "lastModifiedBy": "user",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-02-07T18:07:36.3446713Z"
  }
}

定义

名称	说明
AccessRuleDirection	指定访问规则是否为入站/出站的方向。
CloudError	服务的错误响应。
CloudErrorBody	服务的错误响应。
createdByType	创建资源的标识的类型。
NspAccessRule	NSP 访问规则资源
nspProvisioningState	作用域分配资源的预配状态。
PerimeterBasedAccessRule
SubscriptionId
systemData	与创建和上次修改资源相关的元数据。

AccessRuleDirection

枚举

指定访问规则是否为入站/出站的方向。

值	说明
Inbound
Outbound

CloudError

对象

服务的错误响应。

名称	类型	说明
error	CloudErrorBody	云错误正文。

CloudErrorBody

对象

服务的错误响应。

名称	类型	说明
code	string	错误的标识符。代码是固定的，旨在以编程方式使用。
details	CloudErrorBody[]	有关错误的其他详细信息的列表。
message	string	描述错误的消息，旨在适合在用户界面中显示。
target	string	特定错误的目标。例如，错误属性的名称。

createdByType

枚举

创建资源的标识的类型。

值	说明
User
Application
ManagedIdentity
Key

NspAccessRule

对象

NSP 访问规则资源

名称	类型	说明
id	string (arm-id)	资源的完全限定资源 ID。例如“/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}”
name	string	资源的名称
properties.addressPrefixes	string[]	入站地址前缀（IPv4/IPv6）
properties.direction	AccessRuleDirection	指定访问规则是否为入站/出站的方向。
properties.emailAddresses	string[]	电子邮件地址格式的出站规则。此访问规则类型当前不可用。
properties.fullyQualifiedDomainNames	string[]	完全限定域名格式的出站规则。
properties.networkSecurityPerimeters	PerimeterBasedAccessRule[]	由外围 ID 指定的规则。
properties.phoneNumbers	string[]	电话号码格式的出站规则。此访问规则类型当前不可用。
properties.provisioningState	nspProvisioningState	作用域分配资源的预配状态。
properties.serviceTags	string[]	类型服务标记的入站规则。此访问规则类型当前不可用。
properties.subscriptions	SubscriptionId[]	订阅 ID 列表
systemData	systemData	包含 createdBy 和 modifiedBy 信息的 Azure 资源管理器元数据。
type	string	资源类型。例如“Microsoft.Compute/virtualMachines”或“Microsoft.Storage/storageAccounts”

nspProvisioningState

枚举

作用域分配资源的预配状态。

值	说明
Succeeded
Creating
Updating
Deleting
Accepted
Failed

PerimeterBasedAccessRule

对象

名称	类型	说明
id	string (arm-id)	ARM ID 格式的 NSP ID。
location	string	提供的 NSP 的位置。
perimeterGuid	string	提供的 NSP 的资源指南。

SubscriptionId

对象

名称	类型	说明
id	string (arm-id)	ARM ID 格式的订阅 ID。

systemData

对象

与创建和上次修改资源相关的元数据。

名称	类型	说明
createdAt	string (date-time)	资源创建时间戳（UTC）。
createdBy	string	创建资源的标识。
createdByType	createdByType	创建资源的标识的类型。
lastModifiedAt	string (date-time)	上次修改的资源时间戳（UTC）
lastModifiedBy	string	上次修改资源的标识。
lastModifiedByType	createdByType	上次修改资源的标识的类型。

通过

Network Security Perimeter Access Rules - Create Or Update

URI 参数

请求正文

响应

安全性

azure_auth

作用域

示例

NspAccessRulePut

示例请求

示例响应

定义

AccessRuleDirection

CloudError

CloudErrorBody

createdByType

NspAccessRule

nspProvisioningState

PerimeterBasedAccessRule

SubscriptionId

systemData