Address bastion native client Issues and add proper error messages (#…

…7555) * Add proper error message for --target-ip-address-flag issue * Fix indentation * Add recordings file * update ver * update recordings file * Changes to support premium SKU for native client * Change method name * upload latest recordsings * Add changes to history.txt and update version * Upgrade cli version to 1.0.0 removing preview flag * force push to rerun build * force push to rerun build
Azure · Jun 12, 2024 · 10a145e · 10a145e
1 parent abf72ff
commit 10a145e
Show file tree

Hide file tree

Showing 7 changed files with 1,028 additions and 999 deletions.
diff --git a/src/bastion/HISTORY.rst b/src/bastion/HISTORY.rst
@@ -2,6 +2,14 @@
 
 Release History
 ===============
+1.0.0
+++++++
+* Removing preview flag and update MFA documentation.
+* Adding support for premium SKU.
+* Giving proper error message when using --target-ip-address flag with IpConnect feature.
+* Fix error messages to display appropriate messages.
+* Fix formatting issues.
+
 0.3.0
 ++++++
 * Removing preview flag.

diff --git a/src/bastion/azext_bastion/BastionServiceConstants.py b/src/bastion/azext_bastion/BastionServiceConstants.py
@@ -14,3 +14,4 @@ class BastionSku(Enum):
     Standard = "Standard"
     Developer = "Developer"
     QuickConnect = "QuickConnect"
+    Premium = "Premium"
diff --git a/src/bastion/azext_bastion/_params.py b/src/bastion/azext_bastion/_params.py
@@ -40,7 +40,9 @@ def load_arguments(self, _):  # pylint: disable=unused-argument
                    arg_type=get_three_state_flag())
         c.argument("auth_type", help="Auth type to use for RDP connections.", required=False,
                    options_list=["--auth-type"])
-        c.argument('enable_mfa', help='Enable RDS auth for MFA if supported by the target machine.',
+        c.argument('enable_mfa', help="Login to AAD enabled Windows machines using new protocol "
+                   "that authenticates using MFA if supported by target machine. "
+                   "Available on Windows 10 20H2+, Windows 11 21H2+, WS 2022.",
                    arg_type=get_three_state_flag())
     with self.argument_context("network bastion tunnel") as c:
         c.argument("port", help="Local port to use for the tunneling.", options_list=["--port"])

diff --git a/src/bastion/azext_bastion/aaz/latest/network/__cmd_group.py b/src/bastion/azext_bastion/aaz/latest/network/__cmd_group.py
@@ -13,7 +13,7 @@
 
 @register_command_group(
     "network",
-    is_preview=True,
+    is_preview=False,
 )
 class __CMDGroup(AAZCommandGroup):
     """Manage Azure Network resources.

diff --git a/src/bastion/azext_bastion/custom.py b/src/bastion/azext_bastion/custom.py
@@ -149,9 +149,9 @@ def ssh_bastion_host(cmd, auth_type, target_resource_id, target_ip_address, reso
     if not resource_port:
         resource_port = 22
 
-    if bastion['sku']['name'] == BastionSku.Basic.value or bastion['sku']['name'] == BastionSku.Standard.value and \
+    if _is_sku_standard_or_higher(bastion['sku']['name']) is not True or \
        bastion['enableTunneling'] is not True:
-        raise ClientRequestError('Bastion Host SKU must be Standard and Native Client must be enabled.')
+        raise ClientRequestError('Bastion Host SKU must be Standard or Premium and Native Client must be enabled.')
 
     ip_connect = _is_ipconnect_request(bastion, target_ip_address)
     if ip_connect:
@@ -244,9 +244,9 @@ def rdp_bastion_host(cmd, target_resource_id, target_ip_address, resource_group_
     if not resource_port:
         resource_port = 3389
 
-    if bastion['sku']['name'] == BastionSku.Basic.value or bastion['sku']['name'] == BastionSku.Standard.value and \
+    if _is_sku_standard_or_higher(bastion['sku']['name']) is not True or \
        bastion['enableTunneling'] is not True:
-        raise ClientRequestError('Bastion Host SKU must be Standard and Native Client must be enabled.')
+        raise ClientRequestError('Bastion Host SKU must be Standard or Premium and Native Client must be enabled.')
 
     ip_connect = _is_ipconnect_request(bastion, target_ip_address)
 
@@ -319,17 +319,31 @@ def rdp_bastion_host(cmd, target_resource_id, target_ip_address, resource_group_
 
 
 def _is_ipconnect_request(bastion, target_ip_address):
-    if 'enableIpConnect' in bastion and bastion['enableIpConnect'] is True and target_ip_address:
-        return True
-
+    if target_ip_address:
+        if 'enableIpConnect' in bastion and bastion['enableIpConnect'] is True:
+            return True
+        err_msg = "`--target-ip-address` flag cannot be used when IpConnect is not enabled. " \
+                  "Please use --target-resource-id flag instead."
+        raise InvalidArgumentValueError(err_msg)
     return False
 
 
+def _is_sku_standard_or_higher(sku):
+    allowed_skus = {
+        BastionSku.Standard.value,
+        BastionSku.Premium.value
+    }
+    return sku in allowed_skus
+
+
 def handle_error_response(response):
-    errorMessage = json.loads(response.content).get('message', None)
-    if errorMessage:
-        raise ClientRequestError("Request failed with error: " + errorMessage)
-    raise ClientRequestError("Request to EncodingReservedUnitTypes v2 API endpoint failed.")
+    try:
+        errorMessage = json.loads(response.content).get('message', None)
+        if errorMessage:
+            raise ClientRequestError("Request failed with error: " + errorMessage)
+        raise ClientRequestError("Server could not process the request to generate RDP file.")
+    except json.JSONDecodeError:
+        raise ClientRequestError("Server could not process the request to generate RDP file.")
 
 
 def _validate_resourceid(target_resource_id):
@@ -384,9 +398,9 @@ def create_bastion_tunnel(cmd, target_resource_id, target_ip_address, resource_g
         "name": bastion_host_name
     })
 
-    if bastion['sku']['name'] == BastionSku.Basic.value or bastion['sku']['name'] == BastionSku.Standard.value and \
+    if _is_sku_standard_or_higher(bastion['sku']['name']) is not True or \
        bastion['enableTunneling'] is not True:
-        raise ClientRequestError('Bastion Host SKU must be Standard and Native Client must be enabled.')
+        raise ClientRequestError('Bastion Host SKU must be Standard or Premium and Native Client must be enabled.')
 
     ip_connect = _is_ipconnect_request(bastion, target_ip_address)
     if ip_connect:

diff --git a/src/bastion/azext_bastion/tests/latest/recordings/test_bastion_host_crud.yaml b/src/bastion/azext_bastion/tests/latest/recordings/test_bastion_host_crud.yaml
diff --git a/src/bastion/setup.py b/src/bastion/setup.py
@@ -10,7 +10,7 @@
 
 
 # HISTORY.rst entry.
-VERSION = '0.3.0'
+VERSION = '1.0.0'
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers