az networkfabric acl
Note
This reference is part of the managednetworkfabric extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az networkfabric acl command. Learn more about extensions.
Manage Access Control List Resource.
Commands
Name | Description | Type | Status |
---|---|---|---|
az networkfabric acl create |
Create a Access Control List resource. |
Extension | GA |
az networkfabric acl delete |
Delete the Access Control List resource. |
Extension | GA |
az networkfabric acl list |
List all Access Control Lists in the provided resource group or subscription. |
Extension | GA |
az networkfabric acl show |
Show details of the provided Access Control List resource. |
Extension | GA |
az networkfabric acl update |
Update the Access Control List resource. |
Extension | GA |
az networkfabric acl wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
az networkfabric acl create
Create a Access Control List resource.
az networkfabric acl create --configuration-type {File, Inline}
--resource-group
--resource-name
[--acls-url]
[--annotation]
[--default-action {Deny, Permit}]
[--dynamic-match-configurations]
[--location]
[--match-configurations]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--tags]
Examples
Creates an Access Control List with Configuration type as "File".
az networkfabric acl create --resource-group "example-rg" --location "westus3" --resource-name "example-accesscontrollist" --configuration-type "File" --acls-url "https://ACL-Storage-URL"
Creates an Access Control List with Configuration type as "Inline".
az networkfabric acl create --resource-group "example-rg" --location "westus3" --resource-name "example-accesscontrollist" --configuration-type "Inline" --default-action "Permit" --dynamic-match-configurations "[{ipGroups:[{name:'example-ipGroup',ipAddressType:IPv4,ipPrefixes:['10.20.3.1/20']}],vlanGroups:[{name:'example-vlanGroup',vlans:['20-30']}],portGroups:[{name:'example-portGroup',ports:['100-200']}]}]" --match-configurations "[{matchConfigurationName:'example-match',sequenceNumber:123,ipAddressType:IPv4,matchConditions:[{etherTypes:['0x1'],fragments:['0xff00-0xffff'],ipLengths:['4094-9214'],ttlValues:[23],dscpMarkings:[32],portCondition:{flags:[established],portType:SourcePort,layer4Protocol:TCP,ports:['1-20'],portGroupNames:['example-portGroup']},protocolTypes:[TCP],vlanMatchCondition:{vlans:['20-30'],innerVlans:[30],vlanGroupNames:['example-vlanGroup']},ipCondition:{type:SourceIP,prefixType:Prefix,ipPrefixValues:['10.20.20.20/12'],ipGroupNames:['example-ipGroup']}}],actions:[{type:Count,counterName:'example-counter'}]}]"
Help text for sub parameters under the specific parent can be viewed by using the shorthand syntax '??'. See https://github.com/Azure/azure-cli/tree/dev/doc/shorthand_syntax.md for more about shorthand syntax.
az networkfabric acl create --dynamic-match-configurations "??"
Required Parameters
Input method to configure Access Control List. Example: File.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Access Control List.
Optional Parameters
Access Control List file URL.
Description for underlying resource.
Default action that needs to be applied when no condition is matched. Example: Permit.
List of dynamic match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Location of Azure region When not specified, the location of the resource group will be used.
List of match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Do not wait for the long-running operation to finish.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az networkfabric acl delete
Delete the Access Control List resource.
az networkfabric acl delete [--ids]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--resource-name]
[--subscription]
Examples
Delete the Access Control List
az networkfabric acl delete --resource-group "example-rg" --resource-name "example-acl"
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Access Control List.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az networkfabric acl list
List all Access Control Lists in the provided resource group or subscription.
az networkfabric acl list [--max-items]
[--next-token]
[--resource-group]
Examples
List the Access Control Lists for Resource group.
az networkfabric acl list --resource-group "example-rg"
List the Access Control Lists for Subscription.
az networkfabric acl list --subscription "<subscriptionId>"
Optional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token
argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az networkfabric acl show
Show details of the provided Access Control List resource.
az networkfabric acl show [--ids]
[--resource-group]
[--resource-name]
[--subscription]
Examples
Show the Access Control List
az networkfabric acl show --resource-group "example-rg" --resource-name "example-acl"
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Access Control List.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az networkfabric acl update
Update the Access Control List resource.
az networkfabric acl update [--acls-url]
[--annotation]
[--configuration-type {File, Inline}]
[--default-action {Deny, Permit}]
[--dynamic-match-configurations]
[--ids]
[--match-configurations]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--resource-name]
[--subscription]
[--tags]
Examples
Update ACL with Inline configuration type
az networkfabric acl update -g "example-rg" --resource-name "example-acl" --configuration-type "Inline" --default-action "Permit" --dynamic-match-configurations "[{ipGroups:[{name:'example-ipGroup',ipAddressType:IPv4,ipPrefixes:['10.20.3.1/20']}],vlanGroups:[{name:'example-vlanGroup',vlans:['20-30']}],portGroups:[{name:'example-portGroup',ports:['100-200']}]}]" --match-configurations "[{matchConfigurationName:'example-match',sequenceNumber:123,ipAddressType:IPv4,matchConditions:[{etherTypes:['0x1'],fragments:['0xff00-0xffff'],ipLengths:['4094-9214'],ttlValues:[23],dscpMarkings:[32],portCondition:{flags:[established],portType:SourcePort,layer4Protocol:TCP,ports:['1-20'],portGroupNames:['example-portGroup']},protocolTypes:[TCP],vlanMatchCondition:{vlans:['20-30'],innerVlans:[30],vlanGroupNames:['example-vlanGroup']},ipCondition:{type:SourceIP,prefixType:Prefix,ipPrefixValues:['10.20.20.20/12'],ipGroupNames:['example-ipGroup']}}],actions:[{type:Count,counterName:'example-counter'}]}]"
Optional Parameters
Access Control List file URL.
Description for underlying resource.
Input method to configure Access Control List. Example: File.
Default action that needs to be applied when no condition is matched. Example: Permit.
List of dynamic match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
List of match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Access Control List.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Resource tags Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az networkfabric acl wait
Place the CLI in a waiting state until a condition is met.
az networkfabric acl wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--resource-group]
[--resource-name]
[--subscription]
[--timeout]
[--updated]
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Access Control List.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.