Add source_address_prefixes as a variable to the azure runbook (#3839)

* Initial plan for issue

* Add source_address_prefixes parameter to azure.yml runbook with empty default

Co-authored-by: LiliDeng <10083705+LiliDeng@users.noreply.github.com>

* Support string input for source_address_prefixes parameter

Co-authored-by: squirrelsc <27178119+squirrelsc@users.noreply.github.com>

* Fix flake8 errors: remove trailing whitespace and use double quotes

Co-authored-by: LiliDeng <10083705+LiliDeng@users.noreply.github.com>

* Update documentation for source_address_prefixes parameter

Co-authored-by: LiliDeng <10083705+LiliDeng@users.noreply.github.com>

* Improve source_address_prefixes parsing and simplify documentation

- Enhanced _get_ip_addresses method with ast.literal_eval for robust string parsing
- Added proper error handling for malformed list strings
- Simplified documentation examples to show string and list formats only
- Removed variable file example as requested

Co-authored-by: LiliDeng <10083705+LiliDeng@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: LiliDeng <10083705+LiliDeng@users.noreply.github.com>
Co-authored-by: squirrelsc <27178119+squirrelsc@users.noreply.github.com>
Co-authored-by: LiliDeng <lildeng@microsoft.com>

Author: 3 people

docs/run_test/platform.rst

@@ -148,6 +148,7 @@ deployment.
          create_public_address: "<true or false>"
          use_ipv6: "<true or false>"
          enable_vm_nat: "<true or false>"
+         source_address_prefixes: $(source_address_prefixes)
       requirement:
          ...
          ignored_capability:
@@ -205,6 +206,22 @@ deployment.
   subnet to access the internet. The default value is `false`, it means that
   the DefaultOutboundAccess property of the subnet will be set to "False".
   This means that the VMs in the subnet cannot access the internet.
+* **source_address_prefixes**. Specify source IP address ranges that are 
+  allowed to access the VMs through network security group rules. If not
+  provided, your current public IP address will be automatically detected and 
+  used. You can specify multiple IP ranges using either comma-separated string
+  format or YAML list format. Examples:
+  
+  .. code:: bash
+  
+     # Single IP range (string format)
+     lisa -r ./microsoft/runbook/azure.yml -v "source_address_prefixes:192.168.1.0/24"
+     
+     # Multiple IP ranges (comma-separated string format)
+     lisa -r ./microsoft/runbook/azure.yml -v "source_address_prefixes:192.168.1.0/24,10.0.0.0/8"
+     
+     # List format
+     lisa -r ./microsoft/runbook/azure.yml -v "source_address_prefixes:['192.168.1.0/24','10.0.0.0/8']"
 * **ignored_capability**. Specify feature names which will be ignored in 
   test requirement. You can find the feature name from its name method in source code.
   For example, IsolatedResource feature's name defined in ``lisa/features/isolated_resource.py`` as below:

lisa/sut_orchestrator/azure/platform_.py

@@ -1,5 +1,6 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT license.
+import ast
 import copy
 import json
 import logging
@@ -303,7 +304,7 @@ class AzurePlatformSchema:
     # will be retired. It's recommended to disable outbound access to
     # enforce explicit connectivity rules.
     enable_vm_nat: bool = field(default=False)
-    source_address_prefixes: Optional[List[str]] = field(default=None)
+    source_address_prefixes: Optional[Union[str, List[str]]] = field(default=None)
 
     virtual_network_resource_group: str = field(default="")
     virtual_network_name: str = field(default=AZURE_VIRTUAL_NETWORK_NAME)
@@ -965,8 +966,30 @@ def _initialize(self, *args: Any, **kwargs: Any) -> None:
     def _get_ip_addresses(self) -> List[str]:
         if self._cached_ip_address:
             return self._cached_ip_address
-        if self._azure_runbook.source_address_prefixes:
-            self._cached_ip_address = self._azure_runbook.source_address_prefixes
+
+        prefixes = self._azure_runbook.source_address_prefixes
+        result: List[str] = []
+
+        if prefixes:
+            if isinstance(prefixes, str):
+                try:
+                    parsed = ast.literal_eval(prefixes)
+                    if isinstance(parsed, list):
+                        result = parsed
+                    else:
+                        result = prefixes.split(",")
+                except (ValueError, SyntaxError):
+                    result = prefixes.split(",")
+            elif isinstance(prefixes, list):
+                result = prefixes
+            else:
+                raise LisaException(
+                    f"Invalid type for source_address_prefixes: {type(prefixes)}"
+                )
+
+            self._cached_ip_address = [
+                p.strip() for p in result if isinstance(p, str) and p.strip()
+            ]
         else:
             self._cached_ip_address = [get_public_ip()]
         return self._cached_ip_address

microsoft/runbook/azure.yml

@@ -39,6 +39,8 @@ variable:
     value: "default"
   - name: use_ipv6
     value: false
+  - name: source_address_prefixes
+    value: ""
   - name: vnet_resource_group
     value: ""
   - name: vnet_name
@@ -68,6 +70,7 @@ platform:
       wait_delete: $(wait_delete)
       azcopy_path: $(azcopy_path)
       use_ipv6: $(use_ipv6)
+      source_address_prefixes: $(source_address_prefixes)
       virtual_network_resource_group: $(vnet_resource_group)
       virtual_network_name: $(vnet_name)
       subnet_prefix: $(subnet_name)