使用azure.mgmt.networkNetworkManagementClient()在Python中配置Azure虚拟网络的防火墙

下面是一个使用azure.mgmt.network.NetworkManagementClient()配置Azure虚拟网络防火墙带的示例代码：

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

# 设置Azure 订阅ID
subscription_id = "YOUR_SUBSCRIPTION_ID"

# 设置Azure凭证
credential = DefaultAzureCredential()

# 创建NetworkManagementClient实例
network_client = NetworkManagementClient(credential, subscription_id)

# 创建资源组
resource_group_name = "YOUR_RESOURCE_GROUP_NAME"
network_client.resource_groups.create_or_update(
    resource_group_name,
    {
        "location": "eastus"
    }
)

# 创建虚拟网络
virtual_network_name = "YOUR_VIRTUAL_NETWORK_NAME"
virtual_network_params = {
    "location": "eastus",
    "address_space": {
        "address_prefixes": ["10.0.0.0/16"]
    }
}
network_client.virtual_networks.begin_create_or_update(
    resource_group_name,
    virtual_network_name,
    virtual_network_params
).result()

# 创建子网
subnet_name = "YOUR_SUBNET_NAME"
subnet_params = {
    "address_prefix": "10.0.0.0/24"
}
network_client.subnets.begin_create_or_update(
    resource_group_name,
    virtual_network_name,
    subnet_name,
    subnet_params
).result()

# 创建网络安全组
network_security_group_name = "YOUR_NETWORK_SECURITY_GROUP_NAME"
network_security_group_params = {
    "location": "eastus",
    "security_rules": [
        {
            "name": "Allow_RDP",
            "properties": {
                "access": "Allow",
                "destination_address_prefix": "*",
                "destination_port_range": "3389",
                "direction": "Inbound",
                "priority": 100,
                "protocol": "Tcp",
                "source_address_prefix": "*",
                "source_port_range": "*"
            }
        },
        {
            "name": "Deny_All",
            "properties": {
                "access": "Deny",
                "destination_address_prefix": "*",
                "destination_port_range": "*",
                "direction": "Inbound",
                "priority": 2000,
                "protocol": "*",
                "source_address_prefix": "*",
                "source_port_range": "*"
            }
        }
    ]
}
network_client.network_security_groups.begin_create_or_update(
    resource_group_name,
    network_security_group_name,
    network_security_group_params
).result()

# 更新子网配置添加网络安全组规则
subnet = network_client.subnets.get(
    resource_group_name,
    virtual_network_name,
    subnet_name
)
subnet.network_security_group = {
    "id": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/networkSecurityGroups/{}".format(
        subscription_id,
        resource_group_name,
        network_security_group_name
    )
}
network_client.subnets.begin_create_or_update(
    resource_group_name,
    virtual_network_name,
    subnet_name,
    subnet
).result()

请注意，上述代码中的YOUR_SUBSCRIPTION_ID，YOUR_RESOURCE_GROUP_NAME，YOUR_VIRTUAL_NETWORK_NAME，YOUR_SUBNET_NAME和YOUR_NETWORK_SECURITY_GROUP_NAME需要根据实际情况替换为相应的值。此示例创建一个虚拟网络，一个子网以及一个网络安全组，并将子网配置为使用网络安全组的防火墙规则。