Add source_address_prefixes as a variable to the azure runbook

[Copilot]

This PR adds source_address_prefixes as a configurable parameter to the Azure runbook (microsoft/runbook/azure.yml), allowing users to specify source IP address restrictions for network security groups.

Changes Made

• Added source_address_prefixes variable with default value [] (empty list) to the variables section
• Added source_address_prefixes: $(source_address_prefixes) to the azure platform configuration to enable variable substitution

Usage

Users can now specify source address prefixes via command line:

# Single IP address range
lisa -r ./microsoft/runbook/azure.yml \
     -v "source_address_prefixes:['192.168.1.0/24']"

# Multiple IP address ranges  
lisa -r ./microsoft/runbook/azure.yml \
     -v "source_address_prefixes:['192.168.1.0/24','10.0.0.0/8']"

# Corporate network access
lisa -r ./microsoft/runbook/azure.yml \
     -v "source_address_prefixes:['203.0.113.0/24']"

Implementation Details

The parameter flows through the system as follows:

1. azure.yml runbook defines the variable and passes it to the Azure platform configuration
2. AzurePlatformSchema accepts the parameter (already existed)
3. AzureArmParameter class includes the parameter (already existed)
4. ARM template uses the parameter in network security group rules (already existed)

This change only exposes an existing parameter that was previously hardcoded, making it user-configurable while maintaining backward compatibility with the empty default.

Fixes #3838.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[LiliDeng]

@squirrelsc LGTM.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• http://168.63.129.16:80/machine/
  • Triggering command: /usr/bin/python3 -u bin/WALinuxAgent-2.13.1.1-py3.9.egg -collect-logs (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

[LiliDeng]

@squirrelsc if you need me to assist with this PR, please tag me.

[squirrelsc]

@LiliDeng I think the source_address_prefixes needs to support str as well, so it's easier to set value.

[Copilot]

@LiliDeng I think the source_address_prefixes needs to support str as well, so it's easier to set value.

Added support for string input in commit 7515652. The source_address_prefixes parameter now accepts both string and list formats:

String format (comma-separated):

lisa -r ./microsoft/runbook/azure.yml -v "source_address_prefixes:192.168.1.0/24,10.0.0.0/8"

List format (original):

lisa -r ./microsoft/runbook/azure.yml -v "source_address_prefixes:['192.168.1.0/24','10.0.0.0/8']"

The implementation follows the same pattern as marketplace_image_information_location and automatically splits comma-separated strings while preserving backward compatibility with list inputs.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• http://168.63.129.16:80/machine/
  • Triggering command: /usr/bin/python3 -u bin/WALinuxAgent-2.13.1.1-py3.9.egg -collect-logs (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

[LiliDeng]

@copilot please fix the flake8 error.

./lisa/sut_orchestrator/azure/platform_.py:972:35: BLK100 Black would make changes.
./lisa/sut_orchestrator/azure/platform_.py:972:35: W291 trailing whitespace

[Copilot]

@copilot please fix the flake8 error.

./lisa/sut_orchestrator/azure/platform_.py:972:35: BLK100 Black would make changes.

...

Fixed the flake8 errors in commit e393c88. Removed trailing whitespace and standardized quotes to comply with Black formatting.

[LiliDeng]

@copilot can you rebase the code from main and resolve the conflict?

[Copilot]

@copilot can you rebase the code from main and resolve the conflict?

Rebased the code from main branch and resolved the merge conflicts in commit 5887326. The source_address_prefixes parameter is now compatible with the new vnet-related variables that were added to main.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• http://168.63.129.16:80/machine/
  • Triggering command: /usr/bin/python3 -u bin/WALinuxAgent-2.13.1.1-py3.9.egg -collect-logs (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

[LiliDeng]

@copilot please update doc here https://github.com/microsoft/lisa/blob/main/docs/run_test/platform.rst#set-other-azure-parameters for how to use source_address_prefixes

[Copilot]

@copilot please update doc here https://github.com/microsoft/lisa/blob/main/docs/run_test/platform.rst#set-other-azure-parameters for how to use source_address_prefixes

Updated the documentation for source_address_prefixes parameter in commit acd128b. Added comprehensive usage examples including string format, comma-separated format, and variable file approach to the "Set other Azure parameters" section in docs/run_test/platform.rst.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• http://168.63.129.16:80/machine/
  • Triggering command: /usr/bin/python3 -u bin/WALinuxAgent-2.13.1.1-py3.9.egg -collect-logs (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

[LiliDeng]

@squirrelsc LGTM, and I have tested it.