Azure-cli: Multiply values on "--source-address-prefixes" field

Created on 28 Sep 2018 · 8Comments · Source: Azure/azure-cli

az network nsg rule create -g $resource_group --nsg-name $nsg_name -n $rule_name --priority $priority --access $policy --source-address-prefixes "192.168.1.1,192.168.1.2" --destination-address-prefixes $destination --protocol $protocol --destination-port-ranges $destination_port --description $downloadUri

Is it possible to add in --source-address-prefixes 2 or more IP's as I describe in my command above?

For now, error occurred: "has invalid Address prefix. Value provided:192.168.1.1,192.168.1.2"

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: afe4941c-7b46-b9fb-1c52-98e68f6354cc
Version Independent ID: d1bc72fb-ccf9-9645-7b1d-98c91bc75a55
Content: az network nsg rule
Content Source: src/command_modules/azure-cli-network/azure/cli/command_modules/network/_help.py
Service: virtual-network
GitHub Login: @rloutlaw
Microsoft Alias: routlaw

question

Source

IvanKirianov

Most helpful comment

The help is fine at Space-separated list of CIDR prefixes or IP ranges, which means --source-address-prefixes 192.168.1.1 192.168.1.2. Wrapping all within a pair of double quotes would make command parser treat as a single value instead of an array.
@sptramer would it make sense we have a general doc to clarify the area when an argument value is defined as an array, and how to use double and single quote correctly? I ran into a similar case yesterday.

yugangw-msft on 28 Sep 2018

👍2

All 8 comments

yugangw-msft on 28 Sep 2018

👍2

I don't think the problem here is conceptual documentation, because it's a one-sentence description, which isn't even always true right now ("multiple values to a CLI argument are separated by spaces."). The problem is more likely a lack of consistency and people not reading the inline help where usage isn't clear.

sptramer on 29 Sep 2018

The majority are indeed multiple values to a CLI argument are separated by spaces because that is what generic argparse enforces, not CLI.
If you run into other cases, please let me know that I can migrate to the correct case

yugangw-msft on 29 Sep 2018

The help text is correct here and consistent with the overwhelming majority of the rest of the CLI. If there are exceptions to the space-separated rule, I'm not aware of them.

tjprescott on 1 Oct 2018

This just don't work.
If I supply
--source-address-prefix "195.xxx.xxx.0/22 xx.xxx.201.0/24"
I get an error
Security rule /subscriptions/<subscr guid>/resourceGroups/resgroup/providers/Microsoft.Network/networkSecurityGroups/AnsibleVMNSG/securityRules/default-allow-ssh has invalid Address prefix. Value provided: 1195.xxx.xxx.0/22 xx.xxx.201.0/24
Parser is broken.
I can't supply multiple values neither for tags, or source-address-prefix.

stoune on 16 Feb 2020

just put values without double quotes.

--source-address-prefix 195.xxx.xxx.0/22 xx.xxx.201.0/24

Yiyito11 on 9 Apr 2020

Hi,
I am facing a similar problem, unable to pass the variable. I need to create rules frequently.
This is what i am doing

group=PDC
nsg=mynsg
rule=allowweb
sourceip='10.10.01.5/32 192.168.1.10/32'
destinationport="*"

az network nsg rule create -g $group --nsg-name $nsg -n $rule --priority 500 \
--source-address-prefixes $sourceip --source-port-ranges '' \
--destination-address-prefixes '' --destination-port-ranges $destinationport --access Allow \
--protocol Tcp --description $rule

It is not allowing me to pass the value as a variable.

ersameed on 1 May 2020

Since it seems examples above are based on the PowerShell and the issue is the arguments parsing, here is the correct command

$AzAddresses="192.168.1.1,192.168.1.2"

az network nsg rule create `
  --resource-group $AzResourceGroup `
  --nsg-name $AzNsg `
  --name Allow-HTTP `
  --access Allow `
  --protocol Tcp `
  --direction Inbound `
  --priority 101 `
  --source-address-prefixes ($AzAddresses.split(',')) `
  --source-port-range "*" `
  --destination-address-prefix "*" `
  --destination-port-range 80