[Azure Firewall] az network firewall policy intrusion-detection add…

…: Add new parameter --private-ranges (#4764) * add new sdk * add private ranges parameters * change versions * run style changes * pylint changes * bump versions used in vendor * add test and align versions Co-authored-by: Dikla Tzemah Weyl <[email protected]>
Azure · May 16, 2022 · 5ee9a4c · 5ee9a4c
1 parent e6f25f0
commit 5ee9a4c
Show file tree

Hide file tree

Showing 59 changed files with 193,445 additions and 15,577 deletions.
diff --git a/src/azure-firewall/HISTORY.rst b/src/azure-firewall/HISTORY.rst
@@ -2,6 +2,9 @@
 
 Release History
 ===============
+0.14.0
+++++++
+* `az network firewall policy intrusion-detection add`: add new parameter --private-ranges
 
 0.13.0
 ++++++

diff --git a/src/azure-firewall/azext_firewall/__init__.py b/src/azure-firewall/azext_firewall/__init__.py
@@ -14,9 +14,9 @@ class AzureFirewallCommandsLoader(AzCommandsLoader):
     def __init__(self, cli_ctx=None):
         from azure.cli.core.commands import CliCommandType
         from .profiles import CUSTOM_FIREWALL
-        register_resource_type('latest', CUSTOM_FIREWALL, '2020-07-01')
+        register_resource_type('latest', CUSTOM_FIREWALL, '2021-08-01')
 
-        super(AzureFirewallCommandsLoader, self).__init__(
+        super().__init__(
             cli_ctx=cli_ctx,
             custom_command_type=CliCommandType(operations_tmpl='azext_firewall.custom#{}'),
             resource_type=CUSTOM_FIREWALL

diff --git a/src/azure-firewall/azext_firewall/_client_factory.py b/src/azure-firewall/azext_firewall/_client_factory.py
@@ -8,7 +8,7 @@ def network_client_factory(cli_ctx, aux_subscriptions=None, **_):
     from azure.cli.core.commands.client_factory import get_mgmt_service_client
     from .profiles import CUSTOM_FIREWALL
     return get_mgmt_service_client(cli_ctx, CUSTOM_FIREWALL, aux_subscriptions=aux_subscriptions,
-                                   api_version='2020-07-01')
+                                   api_version='2021-08-01')
 
 
 def cf_firewalls(cli_ctx, _):

diff --git a/src/azure-firewall/azext_firewall/_help.py b/src/azure-firewall/azext_firewall/_help.py
@@ -349,7 +349,7 @@
 
 helps['network firewall policy intrusion-detection add'] = """
     type: command
-    short-summary: Add overrided intrusion signature or a bypass rule for intrusion detection
+    short-summary: Add overrided intrusion signature or a bypass rule or private ranges list for intrusion detection
 """
 
 helps['network firewall policy intrusion-detection list'] = """

diff --git a/src/azure-firewall/azext_firewall/_params.py b/src/azure-firewall/azext_firewall/_params.py
@@ -24,7 +24,6 @@
 
 # pylint: disable=too-many-locals, too-many-branches, too-many-statements
 def load_arguments(self, _):
-
     (AzureFirewallNetworkRuleProtocol, AzureFirewallRCActionType,
      AzureFirewallNatRCActionType, FirewallPolicySkuTier, FirewallPolicyIntrusionDetectionStateType,
      FirewallPolicyIntrusionDetectionProtocol, AzureFirewallSkuTier) = \
@@ -84,7 +83,7 @@ def load_arguments(self, _):
         c.argument('fqdns', nargs='+', validator=process_threat_intel_allowlist_fqdns, help='Space-separated list of FQDNs.')
 
     for scope in ['network-rule', 'nat-rule']:
-        with self.argument_context('network firewall {}'.format(scope)) as c:
+        with self.argument_context(f'network firewall {scope}') as c:
             c.argument('protocols', arg_type=get_enum_type(AzureFirewallNetworkRuleProtocol), nargs='+', help='Space-separated list of protocols.')
 
     with self.argument_context('network firewall application-rule') as c:
@@ -98,30 +97,30 @@ def load_arguments(self, _):
         {'name': 'application-rule', 'display': 'application rule', 'ref': 'application_rule_collections'},
     ]
     for item in af_sub_subresources:
-        with self.argument_context('network firewall {}'.format(item['name'])) as c:
-            c.argument('item_name', options_list=['--name', '-n'], help='The name of the {}'.format(item['display']), completer=get_af_subresource_completion_list(item['ref']), id_part='child_name_2')
+        with self.argument_context(f'network firewall {item["name"]}') as c:
+            c.argument('item_name', options_list=['--name', '-n'], help=f'The name of the {item["display"]}', completer=get_af_subresource_completion_list(item['ref']), id_part='child_name_2')
             c.argument('collection_name', collection_name_type)
             c.argument('firewall_name', firewall_name_type)
             c.argument('azure_firewall_name', firewall_name_type)
 
-        with self.argument_context('network firewall {} list'.format(item['name'])) as c:
-            c.argument('item_name', options_list=['--name', '-n'], help='The name of the {}'.format(item['display']), completer=get_af_subresource_completion_list(item['ref']), id_part='child_name_2')
+        with self.argument_context(f'network firewall {item["name"]} list') as c:
+            c.argument('item_name', options_list=['--name', '-n'], help=f'The name of the {item["display"]}', completer=get_af_subresource_completion_list(item['ref']), id_part='child_name_2')
             c.argument('firewall_name', firewall_name_type, id_part=None)
 
-        with self.argument_context('network firewall {} create'.format(item['name']), arg_group='Collection') as c:
+        with self.argument_context(f'network firewall {item["name"]} create', arg_group='Collection') as c:
             c.argument('collection_name', collection_name_type, help='Name of the collection to create the rule in. Will create the collection if it does not exist.')
             c.argument('priority', help='Priority of the rule collection from 100 (high) to 65000 (low). Supply only if you want to create the collection.', type=int)
 
-        with self.argument_context('network firewall {} collection'.format(item['name'])) as c:
+        with self.argument_context(f'network firewall {item["name"]} collection') as c:
             c.argument('item_name', collection_name_type)
             c.argument('resource_name', firewall_name_type)
 
-        with self.argument_context('network firewall {} collection list'.format(item['name'])) as c:
+        with self.argument_context(f'network firewall {item["name"]} collection list') as c:
             c.argument('item_name', collection_name_type)
             c.argument('resource_name', firewall_name_type, id_part=None)
 
     for scope in ['network-rule', 'application-rule']:
-        with self.argument_context('network firewall {}'.format(scope), arg_group='Collection') as c:
+        with self.argument_context(f'network firewall {scope}', arg_group='Collection') as c:
             c.argument('action', arg_type=get_enum_type(AzureFirewallRCActionType), help='The action to apply for the rule collection. Supply only if you want to create the collection.')
 
     with self.argument_context('network firewall nat-rule', arg_group='Collection') as c:
@@ -199,6 +198,9 @@ def load_arguments(self, _):
         c.argument('bypass_rule_source_ip_groups', options_list=['--rule-src-ip-groups'], nargs='+', help='Space-separated list of source IpGroups for this rule')
         c.argument('bypass_rule_destination_ip_groups', options_list=['--rule-dest-ip-groups'], nargs='+', help='Space-separated list of destination IpGroups for this rule')
 
+    with self.argument_context('network firewall policy intrusion-detection', min_api='2021-08-01', arg_group='IDPS Private Ranges') as c:
+        c.argument('private_ranges', nargs='+', options_list=["--private-ranges"], help='Space-separated list of IDPS private ranges')
+
     with self.argument_context('network firewall policy rule-collection-group') as c:
         c.argument('firewall_policy_name', options_list=['--policy-name'], help='The name of the Firewall Policy.')
         c.argument('rule_collection_group_name', options_list=['--name', '-n'], help='The name of the Firewall Policy Rule Collection Group.')

diff --git a/src/azure-firewall/azext_firewall/_util.py b/src/azure-firewall/azext_firewall/_util.py
@@ -15,7 +15,7 @@
 def _get_property(items, name):
     result = next((x for x in items if x.name.lower() == name.lower()), None)
     if not result:
-        raise CLIError("Property '{}' does not exist".format(name))
+        raise CLIError(f"Property '{name}' does not exist")
     return result
 
 
@@ -33,7 +33,7 @@ def list_func(cmd, resource_group_name, resource_name):
         client = getattr(network_client_factory(cmd.cli_ctx), resource)
         return client.get(resource_group_name, resource_name).__getattribute__(prop)
 
-    func_name = 'list_network_resource_property_{}_{}'.format(resource, prop)
+    func_name = f'list_network_resource_property_{resource}_{prop}'
     setattr(sys.modules[__name__], func_name, list_func)
     return func_name
 
@@ -47,11 +47,10 @@ def get_func(cmd, resource_group_name, resource_name, item_name):
 
         result = next((x for x in items if x.name.lower() == item_name.lower()), None)
         if not result:
-            raise CLIError("Item '{}' does not exist on {} '{}'".format(
-                item_name, resource, resource_name))
+            raise CLIError(f"Item '{item_name}' does not exist on {resource} '{resource_name}'")
         return result
 
-    func_name = 'get_network_resource_property_entry_{}_{}'.format(resource, prop)
+    func_name = f'get_network_resource_property_entry_{resource}_{prop}'
     setattr(sys.modules[__name__], func_name, get_func)
     return func_name
 
@@ -68,10 +67,11 @@ def delete_func(cmd, resource_group_name, resource_name, item_name, no_wait=Fals
         if no_wait:
             sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, resource_name, item)
         else:
-            result = sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, resource_name, item).result()
+            result = sdk_no_wait(no_wait, client.begin_create_or_update,
+                                 resource_group_name, resource_name, item).result()
             if next((x for x in getattr(result, prop) if x.name.lower() == item_name.lower()), None):
-                raise CLIError("Failed to delete '{}' on '{}'".format(item_name, resource_name))
+                raise CLIError(f"Failed to delete '{item_name}' on '{resource_name}'")
 
-    func_name = 'delete_network_resource_property_entry_{}_{}'.format(resource, prop)
+    func_name = f'delete_network_resource_property_entry_{resource}_{prop}'
     setattr(sys.modules[__name__], func_name, delete_func)
     return func_name
diff --git a/src/azure-firewall/azext_firewall/commands.py b/src/azure-firewall/azext_firewall/commands.py
@@ -26,28 +26,28 @@ def load_command_table(self, _):
     )
 
     network_firewall_sdk = CliCommandType(
-        operations_tmpl='azext_firewall.vendored_sdks.v2020_07_01.operations#AzureFirewallsOperations.{}',
+        operations_tmpl='azext_firewall.vendored_sdks.v2021_08_01.operations#AzureFirewallsOperations.{}',
         client_factory=cf_firewalls,
         resource_type=CUSTOM_FIREWALL,
         min_api='2018-08-01'
     )
 
     network_firewall_fqdn_tags_sdk = CliCommandType(
-        operations_tmpl='azext_firewall.vendored_sdks.v2020_07_01.operations#AzureFirewallFqdnTagsOperations.{}',
+        operations_tmpl='azext_firewall.vendored_sdks.v2021_08_01.operations#AzureFirewallFqdnTagsOperations.{}',
         client_factory=cf_firewall_fqdn_tags,
         resource_type=CUSTOM_FIREWALL,
         min_api='2018-08-01'
     )
 
     network_firewall_policies_sdk = CliCommandType(
-        operations_tmpl='azext_firewall.vendored_sdks.v2020_07_01.operations#FirewallPoliciesOperations.{}',
+        operations_tmpl='azext_firewall.vendored_sdks.v2021_08_01.operations#FirewallPoliciesOperations.{}',
         client_factory=cf_firewall_policies,
         resource_type=CUSTOM_FIREWALL,
         min_api='2019-07-01'
     )
 
     network_firewall_policy_rule_groups = CliCommandType(
-        operations_tmpl='azext_firewall.vendored_sdks.v2020_07_01.operations#FirewallPolicyRuleCollectionGroupsOperations.{}',
+        operations_tmpl='azext_firewall.vendored_sdks.v2021_08_01.operations#FirewallPolicyRuleCollectionGroupsOperations.{}',
         client_factory=cf_firewall_policy_rule_collection_groups,
         resource_type=CUSTOM_FIREWALL,
         min_api='2019-07-01'
@@ -99,19 +99,19 @@ def load_command_table(self, _):
     }
 
     for rule_type, af_rule in af_rules.items():
-        with self.command_group('network firewall {}'.format(af_rule['scope']), network_firewall_sdk) as g:
-            g.custom_command('create', 'create_af_{}'.format(rule_type), validator=af_rule['validator'])
-            g.custom_command('list', build_af_rule_list(rule_type, '{}_collections'.format(rule_type)))
-            g.custom_show_command('show', build_af_rule_show(rule_type, '{}_collections'.format(rule_type)))
-            g.custom_command('delete', build_af_rule_delete(rule_type, '{}_collections'.format(rule_type)))
+        with self.command_group(f'network firewall {af_rule["scope"]}', network_firewall_sdk) as g:
+            g.custom_command('create', f'create_af_{rule_type}', validator=af_rule['validator'])
+            g.custom_command('list', build_af_rule_list(rule_type, f'{rule_type}_collections'))
+            g.custom_show_command('show', build_af_rule_show(rule_type, f'{rule_type}_collections'))
+            g.custom_command('delete', build_af_rule_delete(rule_type, f'{rule_type}_collections'))
 
     af_collections = {
         'network_rule_collections': 'network-rule collection',
         'nat_rule_collections': 'nat-rule collection',
         'application_rule_collections': 'application-rule collection'
     }
     for subresource, scope in af_collections.items():
-        with self.command_group('network firewall {}'.format(scope), network_util) as g:
+        with self.command_group(f'network firewall {scope}', network_util) as g:
             g.command('list', list_network_resource_property('azure_firewalls', subresource))
             g.show_command('show', get_network_resource_property_entry('azure_firewalls', subresource))
             g.command('delete', delete_network_resource_property_entry('azure_firewalls', subresource))
@@ -131,7 +131,7 @@ def load_command_table(self, _):
                                  setter_type=network_firewall_policies_custom,
                                  exception_handler=exception_handler)
 
-    with self.command_group('network firewall policy intrusion-detection', resource_type=CUSTOM_FIREWALL, min_api='2020-07-01', is_preview=True) as g:
+    with self.command_group('network firewall policy intrusion-detection', resource_type=CUSTOM_FIREWALL, min_api='2021-08-01', is_preview=True) as g:
         g.custom_command('add', 'add_firewall_policy_intrusion_detection_config', exception_handler=exception_handler)
         g.custom_command('remove', 'remove_firewall_policy_intrusion_detection_config')
         g.custom_command('list', 'list_firewall_policy_intrusion_detection_config')
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,9 @@ @@
     Release History
     ===============
+.14.0
+    ++++++
+    * `az network firewall policy intrusion-detection add`: add new parameter --private-ranges
 .13.0
     ++++++
@@ Expand Down @@