有什么方法可以停止从资源组到资源的继承,并使用python将只读锁应用于Azure的虚拟机磁盘?

编程问答 2022-08-16

问题描述

使用下面的python代码,我可以锁定资源组,并且其资源继承锁定。

是否有任何方法可以停止对资源的继承并将只读锁应用于虚拟机磁盘?

解决方法

没有用于停止继承create_or_update_at_resource_group_level()的选项。

虽然可以将Lock应用于单个资源级别: https://github.com/Azure/azure-sdk-for-python/blob/release/v3/sdk/resources/azure-mgmt-resource/azure/mgmt/resource/locks/v2016_09_01/operations/_management_locks_operations.py#L430

,

如果要创建对虚拟机磁盘的锁定,请参考以下示例

  1. 为一个磁盘创建锁
compute_client=get_client_from_cli_profile(ComputeManagementClient)
lock_client = get_client_from_cli_profile(ManagementLockClient)

disk = compute_client.disks.get(resource_group_name='testLinux',disk_name='testLinux_OsDisk_1_41c3d0e2e7b74dcca653b4e058a9332f')
lock_client.management_locks.create_or_update_by_scope(scope=disk.id,lock_name='DeleteLock',parameters={'level' : LockLevel.can_not_delete})

enter image description here

  1. 为一个订阅中的所有磁盘创建锁
from azure.common.client_factory import get_client_from_cli_profile
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.resource import ManagementLockClient
from azure.mgmt.resource.locks.models import LockLevel

compute_client=get_client_from_cli_profile(ComputeManagementClient)
lock_client = get_client_from_cli_profile(ManagementLockClient)

disks = compute_client.disks.list()

for disk in disks:
    lock_client.management_locks.create_or_update_by_scope(scope=disk.id,parameters={'level' : LockLevel.can_not_delete})

更新

如果要获取Azure虚拟机链接资源,请参考以下代码

from azure.common.client_factory import get_client_from_cli_profile
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.resource import ManagementLockClient,ResourceManagementClient
from azure.mgmt.resource.locks.models import LockLevel

compute_client=get_client_from_cli_profile(ComputeManagementClient)
lock_client = get_client_from_cli_profile(ManagementLockClient)
resource_client = get_client_from_cli_profile(ResourceManagementClient)

resource_group_name='jimtest'
vm=compute_client.virtual_machines.get(resource_group_name=resource_group_name,vm_name='testvm')
# get os disk
os_disk=compute_client.disks.get(resource_group_name=resource_group_name,disk_name=vm.storage_profile.os_disk.name)
print("the vm os disk id is : "+os_disk.id)

#get data disk
for disk in vm.storage_profile.data_disks:
    data_disk = compute_client.disks.get(resource_group_name=resource_group_name,disk_name=disk.name)
    print("the vm data disk id is : " + data_disk.id)

#get nic
for nic in vm.network_profile.network_interfaces:
     print("the vm networkInterface id: ",nic.id)
     # get public ip,subnet,vent,nsg
     vm_nic = resource_client.resources.get_by_id(nic.id,api_version='2018-12-01')
     #get nsg
     print("the vm nsg id is :" + vm_nic.properties['networkSecurityGroup']['id'])
     for ipConfiguration in vm_nic.properties['ipConfigurations']:
         #get public ip
         print("the vm public ip id is :" + ipConfiguration['properties']['publicIPAddress']['id'])
         #get subnet
         id = ipConfiguration['properties']['subnet']['id']
         print("the vm subnet id is : " + id)
         #get vnet
         end = id.rfind('/',id.rfind('/'))
         print("the vm vnet id is : " + id[0:end])
azureazureazureazure-virtual-machinepython