From 84f16a909ef1c0aed418dc29e8d30f21caf69745 Mon Sep 17 00:00:00 2001 From: Lior Stauber Date: Tue, 9 Jul 2024 09:45:51 +0300 Subject: [PATCH] wip --- src/azure-firewall/HISTORY.rst | 5 + .../network/firewall/policy/__init__.py | 1 + .../latest/network/firewall/policy/_deploy.py | 439 +++++ .../policy/intrusion_detection/__init__.py | 3 +- .../intrusion_detection/_policy_draft_show.py | 430 +++++ .../{_show.py => _policy_show.py} | 4 +- .../policy/policy_draft/__cmd_group.py | 23 + .../firewall/policy/policy_draft/__init__.py | 16 + .../firewall/policy/policy_draft/_create.py | 636 +++++++ .../firewall/policy/policy_draft/_delete.py | 162 ++ .../firewall/policy/policy_draft/_show.py | 427 +++++ .../firewall/policy/policy_draft/_update.py | 988 +++++++++++ .../firewall/policy/policy_draft/_wait.py | 451 +++++ .../__cmd_group.py | 24 + .../rule_collection_group_draft/__init__.py | 16 + .../rule_collection_group_draft/_create.py | 950 +++++++++++ .../rule_collection_group_draft/_delete.py | 172 ++ .../rule_collection_group_draft/_show.py | 436 +++++ .../rule_collection_group_draft/_update.py | 1493 +++++++++++++++++ .../rule_collection_group_draft/_wait.py | 438 +++++ src/azure-firewall/azext_firewall/commands.py | 55 +- src/azure-firewall/azext_firewall/custom.py | 1242 +++++++++++++- .../latest/test_azure_firewall_scenario.py | 236 +++ src/azure-firewall/setup.py | 2 +- 24 files changed, 8604 insertions(+), 45 deletions(-) create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_deploy.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_policy_draft_show.py rename src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/{_show.py => _policy_show.py} (99%) create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__cmd_group.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__init__.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_create.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_delete.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_show.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_update.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_wait.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__cmd_group.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__init__.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_create.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_delete.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_show.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_update.py create mode 100644 src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_wait.py diff --git a/src/azure-firewall/HISTORY.rst b/src/azure-firewall/HISTORY.rst index e93eff242ac..d6b910ba191 100644 --- a/src/azure-firewall/HISTORY.rst +++ b/src/azure-firewall/HISTORY.rst @@ -3,6 +3,11 @@ Release History =============== +1.0.2 +++++++ +* `az network firewall policy draft create/update/show`: support policy draft commands +* `az network firewall policy rule collection group draft create/update/show`: support rule collection group draft commands + 1.0.1 ++++++ * `az network firewall policy create/update`: Add parameter `--explicit-proxy` diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/__init__.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/__init__.py index db73033039b..287088ebe61 100644 --- a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/__init__.py +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/__init__.py @@ -15,3 +15,4 @@ from ._show import * from ._update import * from ._wait import * +from ._deploy import * diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_deploy.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_deploy.py new file mode 100644 index 00000000000..16ec0a94784 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_deploy.py @@ -0,0 +1,439 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy deploy", + is_preview=True, +) + +class Deploy(AAZCommand): + """Deploy an Azure firewall policy. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}", "2023-09-01"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_lro_poller(self._execute_operations, self._output) + # self._execute_operations() + # return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + yield self.FirewallPoliciesPost(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=False) + return result + + class FirewallPoliciesPost(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/deploy", + **self.url_parameters + ) + + @property + def method(self): + return "POST" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.etag = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.id = AAZStrType() + _schema_on_200.identity = AAZObjectType() + _schema_on_200.location = AAZStrType() + _schema_on_200.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200.tags = AAZDictType() + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + identity = cls._schema_on_200.identity + identity.principal_id = AAZStrType( + serialized_name="principalId", + flags={"read_only": True}, + ) + identity.tenant_id = AAZStrType( + serialized_name="tenantId", + flags={"read_only": True}, + ) + identity.type = AAZStrType() + identity.user_assigned_identities = AAZDictType( + serialized_name="userAssignedIdentities", + ) + + user_assigned_identities = cls._schema_on_200.identity.user_assigned_identities + user_assigned_identities.Element = AAZObjectType() + + _element = cls._schema_on_200.identity.user_assigned_identities.Element + _element.client_id = AAZStrType( + serialized_name="clientId", + flags={"read_only": True}, + ) + _element.principal_id = AAZStrType( + serialized_name="principalId", + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.base_policy = AAZObjectType( + serialized_name="basePolicy", + ) + _DeployHelper._build_schema_sub_resource_read(properties.base_policy) + properties.child_policies = AAZListType( + serialized_name="childPolicies", + flags={"read_only": True}, + ) + properties.dns_settings = AAZObjectType( + serialized_name="dnsSettings", + ) + properties.explicit_proxy = AAZObjectType( + serialized_name="explicitProxy", + ) + properties.firewalls = AAZListType( + flags={"read_only": True}, + ) + properties.insights = AAZObjectType() + properties.intrusion_detection = AAZObjectType( + serialized_name="intrusionDetection", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.snat = AAZObjectType() + properties.sql = AAZObjectType() + properties.threat_intel_mode = AAZStrType( + serialized_name="threatIntelMode", + ) + properties.threat_intel_whitelist = AAZObjectType( + serialized_name="threatIntelWhitelist", + ) + child_policies = cls._schema_on_200.properties.child_policies + child_policies.Element = AAZObjectType() + _DeployHelper._build_schema_sub_resource_read(child_policies.Element) + + dns_settings = cls._schema_on_200.properties.dns_settings + dns_settings.enable_proxy = AAZBoolType( + serialized_name="enableProxy", + ) + dns_settings.require_proxy_for_network_rules = AAZBoolType( + serialized_name="requireProxyForNetworkRules", + nullable=True, + ) + dns_settings.servers = AAZListType() + + servers = cls._schema_on_200.properties.dns_settings.servers + servers.Element = AAZStrType() + + explicit_proxy = cls._schema_on_200.properties.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolType( + serialized_name="enableExplicitProxy", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolType( + serialized_name="enablePacFile", + nullable=True, + ) + explicit_proxy.http_port = AAZIntType( + serialized_name="httpPort", + ) + explicit_proxy.https_port = AAZIntType( + serialized_name="httpsPort", + ) + explicit_proxy.pac_file = AAZStrType( + serialized_name="pacFile", + ) + explicit_proxy.pac_file_port = AAZIntType( + serialized_name="pacFilePort", + ) + + firewalls = cls._schema_on_200.properties.firewalls + firewalls.Element = AAZObjectType() + _DeployHelper._build_schema_sub_resource_read(firewalls.Element) + + insights = cls._schema_on_200.properties.insights + insights.is_enabled = AAZBoolType( + serialized_name="isEnabled", + ) + insights.log_analytics_resources = AAZObjectType( + serialized_name="logAnalyticsResources", + ) + insights.retention_days = AAZIntType( + serialized_name="retentionDays", + ) + + log_analytics_resources = cls._schema_on_200.properties.insights.log_analytics_resources + log_analytics_resources.default_workspace_id = AAZObjectType( + serialized_name="defaultWorkspaceId", + ) + _DeployHelper._build_schema_sub_resource_read(log_analytics_resources.default_workspace_id) + log_analytics_resources.workspaces = AAZListType() + + workspaces = cls._schema_on_200.properties.insights.log_analytics_resources.workspaces + workspaces.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.insights.log_analytics_resources.workspaces.Element + _element.region = AAZStrType() + _element.workspace_id = AAZObjectType( + serialized_name="workspaceId", + ) + _DeployHelper._build_schema_sub_resource_read(_element.workspace_id) + + intrusion_detection = cls._schema_on_200.properties.intrusion_detection + intrusion_detection.configuration = AAZObjectType() + intrusion_detection.mode = AAZStrType() + + configuration = cls._schema_on_200.properties.intrusion_detection.configuration + configuration.bypass_traffic_settings = AAZListType( + serialized_name="bypassTrafficSettings", + ) + configuration.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + configuration.signature_overrides = AAZListType( + serialized_name="signatureOverrides", + ) + + bypass_traffic_settings = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings + bypass_traffic_settings.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element + _element.description = AAZStrType() + _element.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + _element.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + _element.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + _element.name = AAZStrType() + _element.protocol = AAZStrType() + _element.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + _element.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ip_groups = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ports + destination_ports.Element = AAZStrType() + + source_addresses = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_ip_groups + source_ip_groups.Element = AAZStrType() + + private_ranges = cls._schema_on_200.properties.intrusion_detection.configuration.private_ranges + private_ranges.Element = AAZStrType() + + signature_overrides = cls._schema_on_200.properties.intrusion_detection.configuration.signature_overrides + signature_overrides.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.intrusion_detection.configuration.signature_overrides.Element + _element.id = AAZStrType() + _element.mode = AAZStrType() + + snat = cls._schema_on_200.properties.snat + snat.auto_learn_private_ranges = AAZStrType( + serialized_name="autoLearnPrivateRanges", + ) + snat.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + + private_ranges = cls._schema_on_200.properties.snat.private_ranges + private_ranges.Element = AAZStrType() + + sql = cls._schema_on_200.properties.sql + sql.allow_sql_redirect = AAZBoolType( + serialized_name="allowSqlRedirect", + ) + + threat_intel_whitelist = cls._schema_on_200.properties.threat_intel_whitelist + threat_intel_whitelist.fqdns = AAZListType() + threat_intel_whitelist.ip_addresses = AAZListType( + serialized_name="ipAddresses", + ) + + fqdns = cls._schema_on_200.properties.threat_intel_whitelist.fqdns + fqdns.Element = AAZStrType() + + ip_addresses = cls._schema_on_200.properties.threat_intel_whitelist.ip_addresses + ip_addresses.Element = AAZStrType() + + tags = cls._schema_on_200.tags + tags.Element = AAZStrType() + + return cls._schema_on_200 + + +class _DeployHelper: + """Helper class for Deploy""" + + _schema_sub_resource_read = None + + @classmethod + def _build_schema_sub_resource_read(cls, _schema): + if cls._schema_sub_resource_read is not None: + _schema.id = cls._schema_sub_resource_read.id + return + + cls._schema_sub_resource_read = _schema_sub_resource_read = AAZObjectType() + sub_resource_read = _schema_sub_resource_read + sub_resource_read.id = AAZStrType() + _schema.id = cls._schema_sub_resource_read.id + + +__all__ = ["Deploy"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/__init__.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/__init__.py index 28d5f355813..c5fa287a2b7 100644 --- a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/__init__.py +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/__init__.py @@ -9,4 +9,5 @@ # flake8: noqa from .__cmd_group import * -from ._show import * +from ._policy_show import * +from ._policy_draft_show import * diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_policy_draft_show.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_policy_draft_show.py new file mode 100644 index 00000000000..12fc250c431 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_policy_draft_show.py @@ -0,0 +1,430 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + +class DraftShow(AAZCommand): + """List all intrusion detection configuration + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/firewallpolicyDrafts/default", "2023-09-01", "properties.intrusionDetection.configuration"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self.SubresourceSelector(ctx=self.ctx, name="subresource") + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.name = AAZStrArg( + options=["--name"], + help="The name of the Firewall Policy.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirewallPoliciesGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.selectors.subresource.required(), client_flatten=True) + return result + + class SubresourceSelector(AAZJsonSelector): + + def _get(self): + result = self.ctx.vars.instance + return result.properties.intrusionDetection.configuration + + def _set(self, value): + result = self.ctx.vars.instance + result.properties.intrusionDetection.configuration = value + return + + class FirewallPoliciesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + _ShowHelper._build_schema_firewall_policy_read(cls._schema_on_200) + + return cls._schema_on_200 + + +class _ShowHelper: + """Helper class for Show""" + + _schema_firewall_policy_read = None + + @classmethod + def _build_schema_firewall_policy_read(cls, _schema): + if cls._schema_firewall_policy_read is not None: + _schema.etag = cls._schema_firewall_policy_read.etag + _schema.id = cls._schema_firewall_policy_read.id + _schema.identity = cls._schema_firewall_policy_read.identity + _schema.location = cls._schema_firewall_policy_read.location + _schema.name = cls._schema_firewall_policy_read.name + _schema.properties = cls._schema_firewall_policy_read.properties + _schema.tags = cls._schema_firewall_policy_read.tags + _schema.type = cls._schema_firewall_policy_read.type + return + + cls._schema_firewall_policy_read = _schema_firewall_policy_read = AAZObjectType() + + firewall_policy_read = _schema_firewall_policy_read + firewall_policy_read.etag = AAZStrType( + flags={"read_only": True}, + ) + firewall_policy_read.id = AAZStrType() + firewall_policy_read.identity = AAZObjectType() + firewall_policy_read.location = AAZStrType() + firewall_policy_read.name = AAZStrType( + flags={"read_only": True}, + ) + firewall_policy_read.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + firewall_policy_read.tags = AAZDictType() + firewall_policy_read.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = _schema_firewall_policy_read.properties + properties.base_policy = AAZObjectType( + serialized_name="basePolicy", + ) + + properties.dns_settings = AAZObjectType( + serialized_name="dnsSettings", + ) + properties.explicit_proxy = AAZObjectType( + serialized_name="explicitProxy", + ) + properties.firewalls = AAZListType( + flags={"read_only": True}, + ) + properties.insights = AAZObjectType() + properties.intrusion_detection = AAZObjectType( + serialized_name="intrusionDetection", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.rule_collection_groups = AAZListType( + serialized_name="ruleCollectionGroups", + flags={"read_only": True}, + ) + properties.sku = AAZObjectType() + properties.snat = AAZObjectType() + properties.sql = AAZObjectType() + properties.threat_intel_mode = AAZStrType( + serialized_name="threatIntelMode", + ) + properties.threat_intel_whitelist = AAZObjectType( + serialized_name="threatIntelWhitelist", + ) + + dns_settings = _schema_firewall_policy_read.properties.dns_settings + dns_settings.enable_proxy = AAZBoolType( + serialized_name="enableProxy", + ) + dns_settings.require_proxy_for_network_rules = AAZBoolType( + serialized_name="requireProxyForNetworkRules", + nullable=True, + ) + dns_settings.servers = AAZListType() + + servers = _schema_firewall_policy_read.properties.dns_settings.servers + servers.Element = AAZStrType() + + explicit_proxy = _schema_firewall_policy_read.properties.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolType( + serialized_name="enableExplicitProxy", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolType( + serialized_name="enablePacFile", + nullable=True, + ) + explicit_proxy.http_port = AAZIntType( + serialized_name="httpPort", + ) + explicit_proxy.https_port = AAZIntType( + serialized_name="httpsPort", + ) + explicit_proxy.pac_file = AAZStrType( + serialized_name="pacFile", + ) + explicit_proxy.pac_file_port = AAZIntType( + serialized_name="pacFilePort", + ) + + firewalls = _schema_firewall_policy_read.properties.firewalls + firewalls.Element = AAZObjectType() + cls._build_schema_sub_resource_read(firewalls.Element) + + insights = _schema_firewall_policy_read.properties.insights + insights.is_enabled = AAZBoolType( + serialized_name="isEnabled", + ) + insights.log_analytics_resources = AAZObjectType( + serialized_name="logAnalyticsResources", + ) + insights.retention_days = AAZIntType( + serialized_name="retentionDays", + ) + + log_analytics_resources = _schema_firewall_policy_read.properties.insights.log_analytics_resources + log_analytics_resources.default_workspace_id = AAZObjectType( + serialized_name="defaultWorkspaceId", + ) + cls._build_schema_sub_resource_read(log_analytics_resources.default_workspace_id) + log_analytics_resources.workspaces = AAZListType() + + workspaces = _schema_firewall_policy_read.properties.insights.log_analytics_resources.workspaces + workspaces.Element = AAZObjectType() + + _element = _schema_firewall_policy_read.properties.insights.log_analytics_resources.workspaces.Element + _element.region = AAZStrType() + _element.workspace_id = AAZObjectType( + serialized_name="workspaceId", + ) + cls._build_schema_sub_resource_read(_element.workspace_id) + + intrusion_detection = _schema_firewall_policy_read.properties.intrusion_detection + intrusion_detection.configuration = AAZObjectType() + intrusion_detection.mode = AAZStrType() + + configuration = _schema_firewall_policy_read.properties.intrusion_detection.configuration + configuration.bypass_traffic_settings = AAZListType( + serialized_name="bypassTrafficSettings", + ) + configuration.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + configuration.signature_overrides = AAZListType( + serialized_name="signatureOverrides", + ) + + bypass_traffic_settings = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings + bypass_traffic_settings.Element = AAZObjectType() + + _element = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element + _element.description = AAZStrType() + _element.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + _element.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + _element.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + _element.name = AAZStrType() + _element.protocol = AAZStrType() + _element.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + _element.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ip_groups = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ports + destination_ports.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_ip_groups + source_ip_groups.Element = AAZStrType() + + private_ranges = _schema_firewall_policy_read.properties.intrusion_detection.configuration.private_ranges + private_ranges.Element = AAZStrType() + + signature_overrides = _schema_firewall_policy_read.properties.intrusion_detection.configuration.signature_overrides + signature_overrides.Element = AAZObjectType() + + _element = _schema_firewall_policy_read.properties.intrusion_detection.configuration.signature_overrides.Element + _element.id = AAZStrType() + _element.mode = AAZStrType() + + rule_collection_groups = _schema_firewall_policy_read.properties.rule_collection_groups + rule_collection_groups.Element = AAZObjectType() + cls._build_schema_sub_resource_read(rule_collection_groups.Element) + + sku = _schema_firewall_policy_read.properties.sku + sku.tier = AAZStrType() + + snat = _schema_firewall_policy_read.properties.snat + snat.auto_learn_private_ranges = AAZStrType( + serialized_name="autoLearnPrivateRanges", + ) + snat.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + + private_ranges = _schema_firewall_policy_read.properties.snat.private_ranges + private_ranges.Element = AAZStrType() + + sql = _schema_firewall_policy_read.properties.sql + sql.allow_sql_redirect = AAZBoolType( + serialized_name="allowSqlRedirect", + ) + + threat_intel_whitelist = _schema_firewall_policy_read.properties.threat_intel_whitelist + threat_intel_whitelist.fqdns = AAZListType() + threat_intel_whitelist.ip_addresses = AAZListType( + serialized_name="ipAddresses", + ) + + fqdns = _schema_firewall_policy_read.properties.threat_intel_whitelist.fqdns + fqdns.Element = AAZStrType() + + ip_addresses = _schema_firewall_policy_read.properties.threat_intel_whitelist.ip_addresses + ip_addresses.Element = AAZStrType() + + tags = _schema_firewall_policy_read.tags + tags.Element = AAZStrType() + + _schema.etag = cls._schema_firewall_policy_read.etag + _schema.id = cls._schema_firewall_policy_read.id + _schema.identity = cls._schema_firewall_policy_read.identity + _schema.location = cls._schema_firewall_policy_read.location + _schema.name = cls._schema_firewall_policy_read.name + _schema.properties = cls._schema_firewall_policy_read.properties + _schema.tags = cls._schema_firewall_policy_read.tags + _schema.type = cls._schema_firewall_policy_read.type + + _schema_sub_resource_read = None + + @classmethod + def _build_schema_sub_resource_read(cls, _schema): + if cls._schema_sub_resource_read is not None: + _schema.id = cls._schema_sub_resource_read.id + return + + cls._schema_sub_resource_read = _schema_sub_resource_read = AAZObjectType() + + sub_resource_read = _schema_sub_resource_read + sub_resource_read.id = AAZStrType() + + _schema.id = cls._schema_sub_resource_read.id + + +__all__ = ["DraftShow"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_show.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_policy_show.py similarity index 99% rename from src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_show.py rename to src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_policy_show.py index 3b06d774666..6b49c3d60ba 100644 --- a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_show.py +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/intrusion_detection/_policy_show.py @@ -11,7 +11,7 @@ from azure.cli.core.aaz import * -class Show(AAZCommand): +class PolicyShow(AAZCommand): """List all intrusion detection configuration """ @@ -477,4 +477,4 @@ def _build_schema_sub_resource_read(cls, _schema): _schema.id = cls._schema_sub_resource_read.id -__all__ = ["Show"] +__all__ = ["PolicyShow"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__cmd_group.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__cmd_group.py new file mode 100644 index 00000000000..97867ebdcb9 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__cmd_group.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command_group( + "network firewall policy draft", +) +class __CMDGroup(AAZCommandGroup): + """Manage and configure Azure firewall policy draft. + """ + pass + + +__all__ = ["__CMDGroup"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__init__.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__init__.py new file mode 100644 index 00000000000..3ce619cc658 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/__init__.py @@ -0,0 +1,16 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from .__cmd_group import * +from ._create import * +from ._delete import * +from ._show import * +from ._update import * +from ._wait import * \ No newline at end of file diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_create.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_create.py new file mode 100644 index 00000000000..3c84612a88a --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_create.py @@ -0,0 +1,636 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy draft create", + is_preview=True, +) + +class Create(AAZCommand): + """Create an Azure firewall policy draft. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/firewallPolicyDrafts/default", "2023-09-01"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_lro_poller(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.base_policy = AAZStrArg( + options=["--base-policy"], + help="The name or ID of parent firewall policy from which rules are inherited.", + ) + _args_schema.sql = AAZBoolArg( + options=["--sql"], + help="A flag to indicate if SQL Redirect traffic filtering is enabled.", + is_preview=True, + ) + _args_schema.threat_intel_mode = AAZStrArg( + options=["--threat-intel-mode"], + help="The operation mode for Threat Intelligence.", + enum={"Alert": "Alert", "Deny": "Deny", "Off": "Off"}, + ) + _args_schema.tags = AAZDictArg( + options=["--tags"], + help="Space-separated tags: key[=value] [key[=value] ...]. Use \"\" to clear existing tags.", + ) + + tags = cls._args_schema.tags + tags.Element = AAZStrArg() + + # define Arg Group "DNS" + _args_schema = cls._args_schema + _args_schema.enable_dns_proxy = AAZBoolArg( + options=["--enable-dns-proxy"], + arg_group="DNS", + help="Enable DNS Proxy.", + ) + _args_schema.dns_servers = AAZListArg( + options=["--dns-servers"], + arg_group="DNS", + help="Space-separated list of DNS server IP addresses.", + ) + dns_servers = cls._args_schema.dns_servers + dns_servers.Element = AAZStrArg() + + # define Arg Group "Explicit Proxy" + + _args_schema = cls._args_schema + _args_schema.explicit_proxy = AAZObjectArg( + options=["--explicit-proxy"], + arg_group="Explicit Proxy", + help="Explicit Proxy Settings definition.", + ) + + explicit_proxy = cls._args_schema.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolArg( + options=["enable-explicit-proxy"], + help="When set to true, explicit proxy mode is enabled.", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolArg( + options=["enable-pac-file"], + help="When set to true, pac file port and url needs to be provided.", + nullable=True, + ) + explicit_proxy.http_port = AAZIntArg( + options=["http-port"], + help="Port number for explicit proxy http protocol, cannot be greater than 64000.", + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + explicit_proxy.https_port = AAZIntArg( + options=["https-port"], + help="Port number for explicit proxy https protocol, cannot be greater than 64000.", + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + explicit_proxy.pac_file = AAZStrArg( + options=["pac-file"], + help="SAS URL for PAC file.", + ) + explicit_proxy.pac_file_port = AAZIntArg( + options=["pac-file-port"], + help="Port number for firewall to serve PAC file.", + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + + # define Arg Group "Intrustion Detection" + + _args_schema = cls._args_schema + _args_schema.idps_mode = AAZStrArg( + options=["--idps-mode"], + arg_group="Intrustion Detection", + help="IDPS mode.", + is_preview=True, + enum={"Alert": "Alert", "Deny": "Deny", "Off": "Off"}, + ) + + # define Arg Group "Snat" + + _args_schema = cls._args_schema + _args_schema.auto_learn_private_ranges = AAZStrArg( + options=["--learn-ranges", "--auto-learn-private-ranges"], + arg_group="Snat", + help="The operation mode for automatically learning private ranges to not be SNAT", + enum={"Disabled": "Disabled", "Enabled": "Enabled"}, + ) + _args_schema.private_ranges = AAZListArg( + options=["--private-ranges"], + arg_group="Snat", + help="List of private IP addresses/IP address ranges to not be SNAT.", + ) + + private_ranges = cls._args_schema.private_ranges + private_ranges.Element = AAZStrArg() + + + # define Arg Group "Threat Intel Allowlist" + + _args_schema = cls._args_schema + _args_schema.fqdns = AAZListArg( + options=["--fqdns"], + arg_group="Threat Intel Allowlist", + help="Space-separated list of FQDNs.", + ) + _args_schema.ip_addresses = AAZListArg( + options=["--ip-addresses"], + arg_group="Threat Intel Allowlist", + help="Space-separated list of IPv4 addresses.", + ) + + fqdns = cls._args_schema.fqdns + fqdns.Element = AAZStrArg() + + ip_addresses = cls._args_schema.ip_addresses + ip_addresses.Element = AAZStrArg() + return cls._args_schema + + _args_sub_resource_create = None + + @classmethod + def _build_args_sub_resource_create(cls, _schema): + if cls._args_sub_resource_create is not None: + _schema.id = cls._args_sub_resource_create.id + return + + cls._args_sub_resource_create = AAZObjectArg() + + sub_resource_create = cls._args_sub_resource_create + sub_resource_create.id = AAZStrArg( + options=["id"], + help="Resource ID.", + ) + + _schema.id = cls._args_sub_resource_create.id + + def _execute_operations(self): + self.pre_operations() + yield self.FirewallPolicyDraftsCreateOrUpdate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirewallPolicyDraftsCreateOrUpdate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200, 201]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + typ=AAZObjectType, + typ_kwargs={"flags": {"required": True, "client_flatten": True}} + ) + _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}}) + _builder.set_prop("tags", AAZDictType, ".tags") + + properties = _builder.get(".properties") + if properties is not None: + properties.set_prop("basePolicy", AAZObjectType) + properties.set_prop("dnsSettings", AAZObjectType) + properties.set_prop("explicitProxy", AAZObjectType, ".explicit_proxy") + properties.set_prop("intrusionDetection", AAZObjectType) + properties.set_prop("snat", AAZObjectType) + properties.set_prop("sql", AAZObjectType) + properties.set_prop("threatIntelMode", AAZStrType, ".threat_intel_mode") + properties.set_prop("threatIntelWhitelist", AAZObjectType) + + base_policy = _builder.get(".properties.basePolicy") + if base_policy is not None: + base_policy.set_prop("id", AAZStrType, ".base_policy") + + dns_settings = _builder.get(".properties.dnsSettings") + if dns_settings is not None: + dns_settings.set_prop("enableProxy", AAZBoolType, ".enable_dns_proxy") + dns_settings.set_prop("servers", AAZListType, ".dns_servers") + + servers = _builder.get(".properties.dnsSettings.servers") + if servers is not None: + servers.set_elements(AAZStrType, ".") + + explicit_proxy = _builder.get(".properties.explicitProxy") + if explicit_proxy is not None: + explicit_proxy.set_prop("enableExplicitProxy", AAZBoolType, ".enable_explicit_proxy", typ_kwargs={"nullable": True}) + explicit_proxy.set_prop("enablePacFile", AAZBoolType, ".enable_pac_file", typ_kwargs={"nullable": True}) + explicit_proxy.set_prop("httpPort", AAZIntType, ".http_port") + explicit_proxy.set_prop("httpsPort", AAZIntType, ".https_port") + explicit_proxy.set_prop("pacFile", AAZStrType, ".pac_file") + explicit_proxy.set_prop("pacFilePort", AAZIntType, ".pac_file_port") + + intrusion_detection = _builder.get(".properties.intrusionDetection") + if intrusion_detection is not None: + intrusion_detection.set_prop("mode", AAZStrType, ".idps_mode") + + snat = _builder.get(".properties.snat") + if snat is not None: + snat.set_prop("autoLearnPrivateRanges", AAZStrType, ".auto_learn_private_ranges") + snat.set_prop("privateRanges", AAZListType, ".private_ranges") + + private_ranges = _builder.get(".properties.snat.privateRanges") + if private_ranges is not None: + private_ranges.set_elements(AAZStrType, ".") + + sql = _builder.get(".properties.sql") + if sql is not None: + sql.set_prop("allowSqlRedirect", AAZBoolType, ".sql") + + threat_intel_whitelist = _builder.get(".properties.threatIntelWhitelist") + if threat_intel_whitelist is not None: + threat_intel_whitelist.set_prop("fqdns", AAZListType, ".fqdns") + threat_intel_whitelist.set_prop("ipAddresses", AAZListType, ".ip_addresses") + + fqdns = _builder.get(".properties.threatIntelWhitelist.fqdns") + if fqdns is not None: + fqdns.set_elements(AAZStrType, ".") + + ip_addresses = _builder.get(".properties.threatIntelWhitelist.ipAddresses") + if ip_addresses is not None: + ip_addresses.set_elements(AAZStrType, ".") + + tags = _builder.get(".tags") + if tags is not None: + tags.set_elements(AAZStrType, ".") + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + + _schema_on_200_201 = cls._schema_on_200_201 + _schema_on_200_201.etag = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200_201.id = AAZStrType() + _schema_on_200_201.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200_201.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200_201.tags = AAZDictType() + _schema_on_200_201.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200_201.properties + properties.base_policy = AAZObjectType( + serialized_name="basePolicy", + ) + _CreateHelper._build_schema_sub_resource_read(properties.base_policy) + properties.child_policies = AAZListType( + serialized_name="childPolicies", + flags={"read_only": True}, + ) + properties.dns_settings = AAZObjectType( + serialized_name="dnsSettings", + ) + properties.explicit_proxy = AAZObjectType( + serialized_name="explicitProxy", + ) + properties.insights = AAZObjectType() + properties.intrusion_detection = AAZObjectType( + serialized_name="intrusionDetection", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.snat = AAZObjectType() + properties.sql = AAZObjectType() + properties.threat_intel_mode = AAZStrType( + serialized_name="threatIntelMode", + ) + properties.threat_intel_whitelist = AAZObjectType( + serialized_name="threatIntelWhitelist", + ) + + dns_settings = cls._schema_on_200_201.properties.dns_settings + dns_settings.enable_proxy = AAZBoolType( + serialized_name="enableProxy", + ) + dns_settings.require_proxy_for_network_rules = AAZBoolType( + serialized_name="requireProxyForNetworkRules", + nullable=True, + ) + dns_settings.servers = AAZListType() + + servers = cls._schema_on_200_201.properties.dns_settings.servers + servers.Element = AAZStrType() + + explicit_proxy = cls._schema_on_200_201.properties.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolType( + serialized_name="enableExplicitProxy", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolType( + serialized_name="enablePacFile", + nullable=True, + ) + explicit_proxy.http_port = AAZIntType( + serialized_name="httpPort", + ) + explicit_proxy.https_port = AAZIntType( + serialized_name="httpsPort", + ) + explicit_proxy.pac_file = AAZStrType( + serialized_name="pacFile", + ) + explicit_proxy.pac_file_port = AAZIntType( + serialized_name="pacFilePort", + ) + + insights = cls._schema_on_200_201.properties.insights + insights.is_enabled = AAZBoolType( + serialized_name="isEnabled", + ) + insights.log_analytics_resources = AAZObjectType( + serialized_name="logAnalyticsResources", + ) + insights.retention_days = AAZIntType( + serialized_name="retentionDays", + ) + + log_analytics_resources = cls._schema_on_200_201.properties.insights.log_analytics_resources + log_analytics_resources.default_workspace_id = AAZObjectType( + serialized_name="defaultWorkspaceId", + ) + _CreateHelper._build_schema_sub_resource_read(log_analytics_resources.default_workspace_id) + log_analytics_resources.workspaces = AAZListType() + + workspaces = cls._schema_on_200_201.properties.insights.log_analytics_resources.workspaces + workspaces.Element = AAZObjectType() + + _element = cls._schema_on_200_201.properties.insights.log_analytics_resources.workspaces.Element + _element.region = AAZStrType() + _element.workspace_id = AAZObjectType( + serialized_name="workspaceId", + ) + _CreateHelper._build_schema_sub_resource_read(_element.workspace_id) + + intrusion_detection = cls._schema_on_200_201.properties.intrusion_detection + intrusion_detection.configuration = AAZObjectType() + intrusion_detection.mode = AAZStrType() + + configuration = cls._schema_on_200_201.properties.intrusion_detection.configuration + configuration.bypass_traffic_settings = AAZListType( + serialized_name="bypassTrafficSettings", + ) + configuration.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + configuration.signature_overrides = AAZListType( + serialized_name="signatureOverrides", + ) + + bypass_traffic_settings = cls._schema_on_200_201.properties.intrusion_detection.configuration.bypass_traffic_settings + bypass_traffic_settings.Element = AAZObjectType() + + _element = cls._schema_on_200_201.properties.intrusion_detection.configuration.bypass_traffic_settings.Element + _element.description = AAZStrType() + _element.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + _element.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + _element.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + _element.name = AAZStrType() + _element.protocol = AAZStrType() + _element.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + _element.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = cls._schema_on_200_201.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ip_groups = cls._schema_on_200_201.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = cls._schema_on_200_201.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ports + destination_ports.Element = AAZStrType() + + source_addresses = cls._schema_on_200_201.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = cls._schema_on_200_201.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_ip_groups + source_ip_groups.Element = AAZStrType() + + private_ranges = cls._schema_on_200_201.properties.intrusion_detection.configuration.private_ranges + private_ranges.Element = AAZStrType() + + signature_overrides = cls._schema_on_200_201.properties.intrusion_detection.configuration.signature_overrides + signature_overrides.Element = AAZObjectType() + + _element = cls._schema_on_200_201.properties.intrusion_detection.configuration.signature_overrides.Element + _element.id = AAZStrType() + _element.mode = AAZStrType() + + snat = cls._schema_on_200_201.properties.snat + snat.auto_learn_private_ranges = AAZStrType( + serialized_name="autoLearnPrivateRanges", + ) + snat.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + + private_ranges = cls._schema_on_200_201.properties.snat.private_ranges + private_ranges.Element = AAZStrType() + + sql = cls._schema_on_200_201.properties.sql + sql.allow_sql_redirect = AAZBoolType( + serialized_name="allowSqlRedirect", + ) + + threat_intel_whitelist = cls._schema_on_200_201.properties.threat_intel_whitelist + threat_intel_whitelist.fqdns = AAZListType() + threat_intel_whitelist.ip_addresses = AAZListType( + serialized_name="ipAddresses", + ) + + fqdns = cls._schema_on_200_201.properties.threat_intel_whitelist.fqdns + fqdns.Element = AAZStrType() + + ip_addresses = cls._schema_on_200_201.properties.threat_intel_whitelist.ip_addresses + ip_addresses.Element = AAZStrType() + + tags = cls._schema_on_200_201.tags + tags.Element = AAZStrType() + + return cls._schema_on_200_201 + + +class _CreateHelper: + """Helper class for Create""" + + @classmethod + def _build_schema_sub_resource_create(cls, _builder): + if _builder is None: + return + _builder.set_prop("id", AAZStrType, ".id") + + _schema_sub_resource_read = None + + @classmethod + def _build_schema_sub_resource_read(cls, _schema): + if cls._schema_sub_resource_read is not None: + _schema.id = cls._schema_sub_resource_read.id + return + + cls._schema_sub_resource_read = _schema_sub_resource_read = AAZObjectType() + sub_resource_read = _schema_sub_resource_read + sub_resource_read.id = AAZStrType() + _schema.id = cls._schema_sub_resource_read.id + + +__all__ = ["Create"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_delete.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_delete.py new file mode 100644 index 00000000000..b5664a7f584 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_delete.py @@ -0,0 +1,162 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy draft delete", + confirmation="Are you sure you want to perform this operation?", + is_preview=True, +) + +class Delete(AAZCommand): + """Delete an Azure firewall policy draft. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/firewallPolicyDrafts/default", "2023-09-01"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_lro_poller(self._execute_operations, None) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + yield self.FirewallPolicyDraftsDelete(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + class FirewallPolicyDraftsDelete(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [204]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_204, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "DELETE" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + def on_200(self, session): + pass + + def on_204(self, session): + pass + + +class _DeleteHelper: + """Helper class for Delete""" + + +__all__ = ["Delete"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_show.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_show.py new file mode 100644 index 00000000000..07574382343 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_show.py @@ -0,0 +1,427 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy draft show", + is_preview=True, +) + +class Show(AAZCommand): + """Show an Azure firewall policy draft. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/firewallPolicyDrafts/default", "2023-09-01"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.expand = AAZStrArg( + options=["--expand"], + help="Expands referenced resources. Default value is None.", + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirewallPolicyDraftsGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirewallPolicyDraftsGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "$expand", self.ctx.args.expand, + ), + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.etag = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.id = AAZStrType() + _schema_on_200.identity = AAZObjectType() + _schema_on_200.location = AAZStrType() + _schema_on_200.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200.tags = AAZDictType() + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + identity = cls._schema_on_200.identity + identity.principal_id = AAZStrType( + serialized_name="principalId", + flags={"read_only": True}, + ) + identity.tenant_id = AAZStrType( + serialized_name="tenantId", + flags={"read_only": True}, + ) + identity.type = AAZStrType() + identity.user_assigned_identities = AAZDictType( + serialized_name="userAssignedIdentities", + ) + + user_assigned_identities = cls._schema_on_200.identity.user_assigned_identities + user_assigned_identities.Element = AAZObjectType() + + _element = cls._schema_on_200.identity.user_assigned_identities.Element + _element.client_id = AAZStrType( + serialized_name="clientId", + flags={"read_only": True}, + ) + _element.principal_id = AAZStrType( + serialized_name="principalId", + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.base_policy = AAZObjectType( + serialized_name="basePolicy", + ) + _ShowHelper._build_schema_sub_resource_read(properties.base_policy) + properties.child_policies = AAZListType( + serialized_name="childPolicies", + flags={"read_only": True}, + ) + properties.dns_settings = AAZObjectType( + serialized_name="dnsSettings", + ) + properties.explicit_proxy = AAZObjectType( + serialized_name="explicitProxy", + ) + properties.firewalls = AAZListType( + flags={"read_only": True}, + ) + properties.insights = AAZObjectType() + properties.intrusion_detection = AAZObjectType( + serialized_name="intrusionDetection", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.snat = AAZObjectType() + properties.sql = AAZObjectType() + properties.threat_intel_mode = AAZStrType( + serialized_name="threatIntelMode", + ) + properties.threat_intel_whitelist = AAZObjectType( + serialized_name="threatIntelWhitelist", + ) + child_policies = cls._schema_on_200.properties.child_policies + child_policies.Element = AAZObjectType() + _ShowHelper._build_schema_sub_resource_read(child_policies.Element) + + dns_settings = cls._schema_on_200.properties.dns_settings + dns_settings.enable_proxy = AAZBoolType( + serialized_name="enableProxy", + ) + dns_settings.require_proxy_for_network_rules = AAZBoolType( + serialized_name="requireProxyForNetworkRules", + nullable=True, + ) + dns_settings.servers = AAZListType() + + servers = cls._schema_on_200.properties.dns_settings.servers + servers.Element = AAZStrType() + + explicit_proxy = cls._schema_on_200.properties.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolType( + serialized_name="enableExplicitProxy", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolType( + serialized_name="enablePacFile", + nullable=True, + ) + explicit_proxy.http_port = AAZIntType( + serialized_name="httpPort", + ) + explicit_proxy.https_port = AAZIntType( + serialized_name="httpsPort", + ) + explicit_proxy.pac_file = AAZStrType( + serialized_name="pacFile", + ) + explicit_proxy.pac_file_port = AAZIntType( + serialized_name="pacFilePort", + ) + + firewalls = cls._schema_on_200.properties.firewalls + firewalls.Element = AAZObjectType() + _ShowHelper._build_schema_sub_resource_read(firewalls.Element) + + insights = cls._schema_on_200.properties.insights + insights.is_enabled = AAZBoolType( + serialized_name="isEnabled", + ) + insights.log_analytics_resources = AAZObjectType( + serialized_name="logAnalyticsResources", + ) + insights.retention_days = AAZIntType( + serialized_name="retentionDays", + ) + + log_analytics_resources = cls._schema_on_200.properties.insights.log_analytics_resources + log_analytics_resources.default_workspace_id = AAZObjectType( + serialized_name="defaultWorkspaceId", + ) + _ShowHelper._build_schema_sub_resource_read(log_analytics_resources.default_workspace_id) + log_analytics_resources.workspaces = AAZListType() + + workspaces = cls._schema_on_200.properties.insights.log_analytics_resources.workspaces + workspaces.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.insights.log_analytics_resources.workspaces.Element + _element.region = AAZStrType() + _element.workspace_id = AAZObjectType( + serialized_name="workspaceId", + ) + _ShowHelper._build_schema_sub_resource_read(_element.workspace_id) + + intrusion_detection = cls._schema_on_200.properties.intrusion_detection + intrusion_detection.configuration = AAZObjectType() + intrusion_detection.mode = AAZStrType() + + configuration = cls._schema_on_200.properties.intrusion_detection.configuration + configuration.bypass_traffic_settings = AAZListType( + serialized_name="bypassTrafficSettings", + ) + configuration.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + configuration.signature_overrides = AAZListType( + serialized_name="signatureOverrides", + ) + + bypass_traffic_settings = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings + bypass_traffic_settings.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element + _element.description = AAZStrType() + _element.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + _element.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + _element.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + _element.name = AAZStrType() + _element.protocol = AAZStrType() + _element.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + _element.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ip_groups = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ports + destination_ports.Element = AAZStrType() + + source_addresses = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_ip_groups + source_ip_groups.Element = AAZStrType() + + private_ranges = cls._schema_on_200.properties.intrusion_detection.configuration.private_ranges + private_ranges.Element = AAZStrType() + + signature_overrides = cls._schema_on_200.properties.intrusion_detection.configuration.signature_overrides + signature_overrides.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.intrusion_detection.configuration.signature_overrides.Element + _element.id = AAZStrType() + _element.mode = AAZStrType() + + snat = cls._schema_on_200.properties.snat + snat.auto_learn_private_ranges = AAZStrType( + serialized_name="autoLearnPrivateRanges", + ) + snat.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + + private_ranges = cls._schema_on_200.properties.snat.private_ranges + private_ranges.Element = AAZStrType() + + sql = cls._schema_on_200.properties.sql + sql.allow_sql_redirect = AAZBoolType( + serialized_name="allowSqlRedirect", + ) + + threat_intel_whitelist = cls._schema_on_200.properties.threat_intel_whitelist + threat_intel_whitelist.fqdns = AAZListType() + threat_intel_whitelist.ip_addresses = AAZListType( + serialized_name="ipAddresses", + ) + + fqdns = cls._schema_on_200.properties.threat_intel_whitelist.fqdns + fqdns.Element = AAZStrType() + + ip_addresses = cls._schema_on_200.properties.threat_intel_whitelist.ip_addresses + ip_addresses.Element = AAZStrType() + + tags = cls._schema_on_200.tags + tags.Element = AAZStrType() + + return cls._schema_on_200 + + +class _ShowHelper: + """Helper class for Show""" + + _schema_sub_resource_read = None + + @classmethod + def _build_schema_sub_resource_read(cls, _schema): + if cls._schema_sub_resource_read is not None: + _schema.id = cls._schema_sub_resource_read.id + return + + cls._schema_sub_resource_read = _schema_sub_resource_read = AAZObjectType() + + sub_resource_read = _schema_sub_resource_read + sub_resource_read.id = AAZStrType() + + _schema.id = cls._schema_sub_resource_read.id + + +__all__ = ["Show"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_update.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_update.py new file mode 100644 index 00000000000..cf8a906cf8b --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_update.py @@ -0,0 +1,988 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy update draft", + is_preview=True, +) + +class Update(AAZCommand): + """Update an Azure firewall policy draft. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/firewallPolicyDrafts/default", "2023-09-01"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + AZ_SUPPORT_GENERIC_UPDATE = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_lro_poller(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.sql = AAZBoolArg( + options=["--sql"], + help="A flag to indicate if SQL Redirect traffic filtering is enabled.", + is_preview=True, + nullable=True, + ) + _args_schema.threat_intel_mode = AAZStrArg( + options=["--threat-intel-mode"], + help="The operation mode for Threat Intelligence.", + nullable=True, + enum={"Alert": "Alert", "Deny": "Deny", "Off": "Off"}, + ) + _args_schema.tags = AAZDictArg( + options=["--tags"], + help="Space-separated tags: key[=value] [key[=value] ...]. Use \"\" to clear existing tags.", + nullable=True, + ) + + tags = cls._args_schema.tags + tags.Element = AAZStrArg( + nullable=True, + ) + + # define Arg Group "DNS" + + _args_schema = cls._args_schema + _args_schema.enable_dns_proxy = AAZBoolArg( + options=["--enable-dns-proxy"], + arg_group="DNS", + help="Enable DNS Proxy.", + nullable=True, + ) + _args_schema.dns_servers = AAZListArg( + options=["--dns-servers"], + arg_group="DNS", + help="Space-separated list of DNS server IP addresses.", + nullable=True, + ) + + dns_servers = cls._args_schema.dns_servers + dns_servers.Element = AAZStrArg( + nullable=True, + ) + + # define Arg Group "Explicit Proxy" + + _args_schema = cls._args_schema + _args_schema.explicit_proxy = AAZObjectArg( + options=["--explicit-proxy"], + arg_group="Explicit Proxy", + help="Explicit Proxy Settings definition.", + nullable=True, + ) + + explicit_proxy = cls._args_schema.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolArg( + options=["enable-explicit-proxy"], + help="When set to true, explicit proxy mode is enabled.", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolArg( + options=["enable-pac-file"], + help="When set to true, pac file port and url needs to be provided.", + nullable=True, + ) + explicit_proxy.http_port = AAZIntArg( + options=["http-port"], + help="Port number for explicit proxy http protocol, cannot be greater than 64000.", + nullable=True, + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + explicit_proxy.https_port = AAZIntArg( + options=["https-port"], + help="Port number for explicit proxy https protocol, cannot be greater than 64000.", + nullable=True, + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + explicit_proxy.pac_file = AAZStrArg( + options=["pac-file"], + help="SAS URL for PAC file.", + nullable=True, + ) + explicit_proxy.pac_file_port = AAZIntArg( + options=["pac-file-port"], + help="Port number for firewall to serve PAC file.", + nullable=True, + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + + # define Arg Group "IntrusionDetection" + + _args_schema = cls._args_schema + _args_schema.configuration = AAZObjectArg( + options=["--configuration"], + arg_group="IntrusionDetection", + help="Intrusion detection configuration properties.", + nullable=True, + ) + + configuration = cls._args_schema.configuration + configuration.bypass_traffic_settings = AAZListArg( + options=["bypass-traffic-settings"], + help="List of rules for traffic to bypass.", + nullable=True, + ) + configuration.private_ranges = AAZListArg( + options=["private-ranges"], + help="IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property", + nullable=True, + ) + configuration.signature_overrides = AAZListArg( + options=["signature-overrides"], + help="List of specific signatures states.", + nullable=True, + ) + + bypass_traffic_settings = cls._args_schema.configuration.bypass_traffic_settings + bypass_traffic_settings.Element = AAZObjectArg( + nullable=True, + ) + + _element = cls._args_schema.configuration.bypass_traffic_settings.Element + _element.description = AAZStrArg( + options=["description"], + help="Description of the bypass traffic rule.", + nullable=True, + ) + _element.destination_addresses = AAZListArg( + options=["destination-addresses"], + help="List of destination IP addresses or ranges for this rule.", + nullable=True, + ) + _element.destination_ip_groups = AAZListArg( + options=["destination-ip-groups"], + help="List of destination IpGroups for this rule.", + nullable=True, + ) + _element.destination_ports = AAZListArg( + options=["destination-ports"], + help="List of destination ports or ranges.", + nullable=True, + ) + _element.name = AAZStrArg( + options=["name"], + help="Name of the bypass traffic rule.", + nullable=True, + ) + _element.protocol = AAZStrArg( + options=["protocol"], + help="The rule bypass protocol.", + nullable=True, + enum={"ANY": "ANY", "ICMP": "ICMP", "TCP": "TCP", "UDP": "UDP"}, + ) + _element.source_addresses = AAZListArg( + options=["source-addresses"], + help="List of source IP addresses or ranges for this rule.", + nullable=True, + ) + _element.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + help="List of source IpGroups for this rule.", + nullable=True, + ) + + destination_addresses = cls._args_schema.configuration.bypass_traffic_settings.Element.destination_addresses + destination_addresses.Element = AAZStrArg( + nullable=True, + ) + + destination_ip_groups = cls._args_schema.configuration.bypass_traffic_settings.Element.destination_ip_groups + destination_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + destination_ports = cls._args_schema.configuration.bypass_traffic_settings.Element.destination_ports + destination_ports.Element = AAZStrArg( + nullable=True, + ) + + source_addresses = cls._args_schema.configuration.bypass_traffic_settings.Element.source_addresses + source_addresses.Element = AAZStrArg( + nullable=True, + ) + + source_ip_groups = cls._args_schema.configuration.bypass_traffic_settings.Element.source_ip_groups + source_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + private_ranges = cls._args_schema.configuration.private_ranges + private_ranges.Element = AAZStrArg( + nullable=True, + ) + + signature_overrides = cls._args_schema.configuration.signature_overrides + signature_overrides.Element = AAZObjectArg( + nullable=True, + ) + + _element = cls._args_schema.configuration.signature_overrides.Element + _element.id = AAZStrArg( + options=["id"], + help="Signature id.", + nullable=True, + ) + _element.mode = AAZStrArg( + options=["mode"], + help="The signature state.", + nullable=True, + enum={"Alert": "Alert", "Deny": "Deny", "Off": "Off"}, + ) + + # define Arg Group "Intrustion Detection" + + _args_schema = cls._args_schema + _args_schema.idps_mode = AAZStrArg( + options=["--idps-mode"], + arg_group="Intrustion Detection", + help="IDPS mode.", + is_preview=True, + nullable=True, + enum={"Alert": "Alert", "Deny": "Deny", "Off": "Off"}, + ) + + # define Arg Group "Snat" + + _args_schema = cls._args_schema + _args_schema.auto_learn_private_ranges = AAZStrArg( + options=["--learn-ranges", "--auto-learn-private-ranges"], + arg_group="Snat", + help="The operation mode for automatically learning private ranges to not be SNAT", + nullable=True, + enum={"Disabled": "Disabled", "Enabled": "Enabled"}, + ) + _args_schema.private_ranges = AAZListArg( + options=["--private-ranges"], + arg_group="Snat", + help="List of private IP addresses/IP address ranges to not be SNAT.", + nullable=True, + ) + + private_ranges = cls._args_schema.private_ranges + private_ranges.Element = AAZStrArg( + nullable=True, + ) + + # define Arg Group "Threat Intel Allowlist" + + _args_schema = cls._args_schema + _args_schema.fqdns = AAZListArg( + options=["--fqdns"], + arg_group="Threat Intel Allowlist", + help="Space-separated list of FQDNs.", + nullable=True, + ) + _args_schema.ip_addresses = AAZListArg( + options=["--ip-addresses"], + arg_group="Threat Intel Allowlist", + help="Space-separated list of IPv4 addresses.", + nullable=True, + ) + + fqdns = cls._args_schema.fqdns + fqdns.Element = AAZStrArg( + nullable=True, + ) + + ip_addresses = cls._args_schema.ip_addresses + ip_addresses.Element = AAZStrArg( + nullable=True, + ) + return cls._args_schema + + _args_sub_resource_update = None + + @classmethod + def _build_args_sub_resource_update(cls, _schema): + if cls._args_sub_resource_update is not None: + _schema.id = cls._args_sub_resource_update.id + return + + cls._args_sub_resource_update = AAZObjectArg( + nullable=True, + ) + + sub_resource_update = cls._args_sub_resource_update + sub_resource_update.id = AAZStrArg( + options=["id"], + help="Resource ID.", + nullable=True, + ) + + _schema.id = cls._args_sub_resource_update.id + + def _execute_operations(self): + self.pre_operations() + self.FirewallPoliciesGet(ctx=self.ctx)() + self.pre_instance_update(self.ctx.vars.instance) + self.InstanceUpdateByJson(ctx=self.ctx)() + self.InstanceUpdateByGeneric(ctx=self.ctx)() + self.post_instance_update(self.ctx.vars.instance) + yield self.FirewallPolicyDraftsCreateOrUpdate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + @register_callback + def pre_instance_update(self, instance): + pass + + @register_callback + def post_instance_update(self, instance): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirewallPoliciesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + _UpdateHelper._build_schema_firewall_policy_draft_read(cls._schema_on_200) + + return cls._schema_on_200 + + class FirewallPolicyDraftsCreateOrUpdate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200, 201]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + value=self.ctx.vars.instance, + ) + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + _UpdateHelper._build_schema_firewall_policy_draft_read(cls._schema_on_200_201) + + return cls._schema_on_200_201 + + class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation): + + def __call__(self, *args, **kwargs): + self._update_instance(self.ctx.vars.instance) + + def _update_instance(self, instance): + _instance_value, _builder = self.new_content_builder( + self.ctx.args, + value=instance, + typ=AAZObjectType + ) + _builder.set_prop("identity", AAZObjectType) + _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}}) + _builder.set_prop("tags", AAZDictType, ".tags") + + identity = _builder.get(".identity") + if identity is not None: + identity.set_prop("type", AAZStrType, ".identity_type") + identity.set_prop("userAssignedIdentities", AAZDictType, ".user_assigned_identities") + + user_assigned_identities = _builder.get(".identity.userAssignedIdentities") + if user_assigned_identities is not None: + user_assigned_identities.set_elements(AAZObjectType, ".") + + properties = _builder.get(".properties") + if properties is not None: + properties.set_prop("basePolicy", AAZObjectType) + properties.set_prop("dnsSettings", AAZObjectType) + properties.set_prop("explicitProxy", AAZObjectType, ".explicit_proxy") + properties.set_prop("intrusionDetection", AAZObjectType) + properties.set_prop("sku", AAZObjectType) + properties.set_prop("snat", AAZObjectType) + properties.set_prop("sql", AAZObjectType) + properties.set_prop("threatIntelMode", AAZStrType, ".threat_intel_mode") + properties.set_prop("threatIntelWhitelist", AAZObjectType) + properties.set_prop("transportSecurity", AAZObjectType) + + dns_settings = _builder.get(".properties.dnsSettings") + if dns_settings is not None: + dns_settings.set_prop("enableProxy", AAZBoolType, ".enable_dns_proxy") + dns_settings.set_prop("servers", AAZListType, ".dns_servers") + + servers = _builder.get(".properties.dnsSettings.servers") + if servers is not None: + servers.set_elements(AAZStrType, ".") + + explicit_proxy = _builder.get(".properties.explicitProxy") + if explicit_proxy is not None: + explicit_proxy.set_prop("enableExplicitProxy", AAZBoolType, ".enable_explicit_proxy", typ_kwargs={"nullable": True}) + explicit_proxy.set_prop("enablePacFile", AAZBoolType, ".enable_pac_file", typ_kwargs={"nullable": True}) + explicit_proxy.set_prop("httpPort", AAZIntType, ".http_port") + explicit_proxy.set_prop("httpsPort", AAZIntType, ".https_port") + explicit_proxy.set_prop("pacFile", AAZStrType, ".pac_file") + explicit_proxy.set_prop("pacFilePort", AAZIntType, ".pac_file_port") + + intrusion_detection = _builder.get(".properties.intrusionDetection") + if intrusion_detection is not None: + intrusion_detection.set_prop("configuration", AAZObjectType, ".configuration") + intrusion_detection.set_prop("mode", AAZStrType, ".idps_mode") + + configuration = _builder.get(".properties.intrusionDetection.configuration") + if configuration is not None: + configuration.set_prop("bypassTrafficSettings", AAZListType, ".bypass_traffic_settings") + configuration.set_prop("privateRanges", AAZListType, ".private_ranges") + configuration.set_prop("signatureOverrides", AAZListType, ".signature_overrides") + + bypass_traffic_settings = _builder.get(".properties.intrusionDetection.configuration.bypassTrafficSettings") + if bypass_traffic_settings is not None: + bypass_traffic_settings.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.intrusionDetection.configuration.bypassTrafficSettings[]") + if _elements is not None: + _elements.set_prop("description", AAZStrType, ".description") + _elements.set_prop("destinationAddresses", AAZListType, ".destination_addresses") + _elements.set_prop("destinationIpGroups", AAZListType, ".destination_ip_groups") + _elements.set_prop("destinationPorts", AAZListType, ".destination_ports") + _elements.set_prop("name", AAZStrType, ".name") + _elements.set_prop("protocol", AAZStrType, ".protocol") + _elements.set_prop("sourceAddresses", AAZListType, ".source_addresses") + _elements.set_prop("sourceIpGroups", AAZListType, ".source_ip_groups") + + destination_addresses = _builder.get(".properties.intrusionDetection.configuration.bypassTrafficSettings[].destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + destination_ip_groups = _builder.get(".properties.intrusionDetection.configuration.bypassTrafficSettings[].destinationIpGroups") + if destination_ip_groups is not None: + destination_ip_groups.set_elements(AAZStrType, ".") + + destination_ports = _builder.get(".properties.intrusionDetection.configuration.bypassTrafficSettings[].destinationPorts") + if destination_ports is not None: + destination_ports.set_elements(AAZStrType, ".") + + source_addresses = _builder.get(".properties.intrusionDetection.configuration.bypassTrafficSettings[].sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get(".properties.intrusionDetection.configuration.bypassTrafficSettings[].sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + private_ranges = _builder.get(".properties.intrusionDetection.configuration.privateRanges") + if private_ranges is not None: + private_ranges.set_elements(AAZStrType, ".") + + signature_overrides = _builder.get(".properties.intrusionDetection.configuration.signatureOverrides") + if signature_overrides is not None: + signature_overrides.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.intrusionDetection.configuration.signatureOverrides[]") + if _elements is not None: + _elements.set_prop("id", AAZStrType, ".id") + _elements.set_prop("mode", AAZStrType, ".mode") + + snat = _builder.get(".properties.snat") + if snat is not None: + snat.set_prop("autoLearnPrivateRanges", AAZStrType, ".auto_learn_private_ranges") + snat.set_prop("privateRanges", AAZListType, ".private_ranges") + + private_ranges = _builder.get(".properties.snat.privateRanges") + if private_ranges is not None: + private_ranges.set_elements(AAZStrType, ".") + + sql = _builder.get(".properties.sql") + if sql is not None: + sql.set_prop("allowSqlRedirect", AAZBoolType, ".sql") + + threat_intel_whitelist = _builder.get(".properties.threatIntelWhitelist") + if threat_intel_whitelist is not None: + threat_intel_whitelist.set_prop("fqdns", AAZListType, ".fqdns") + threat_intel_whitelist.set_prop("ipAddresses", AAZListType, ".ip_addresses") + + fqdns = _builder.get(".properties.threatIntelWhitelist.fqdns") + if fqdns is not None: + fqdns.set_elements(AAZStrType, ".") + + ip_addresses = _builder.get(".properties.threatIntelWhitelist.ipAddresses") + if ip_addresses is not None: + ip_addresses.set_elements(AAZStrType, ".") + + tags = _builder.get(".tags") + if tags is not None: + tags.set_elements(AAZStrType, ".") + + return _instance_value + + class InstanceUpdateByGeneric(AAZGenericInstanceUpdateOperation): + + def __call__(self, *args, **kwargs): + self._update_instance_by_generic( + self.ctx.vars.instance, + self.ctx.generic_update_args + ) + + +class _UpdateHelper: + """Helper class for Update""" + + @classmethod + def _build_schema_sub_resource_update(cls, _builder): + if _builder is None: + return + _builder.set_prop("id", AAZStrType, ".id") + + _schema_firewall_policy_draft_read = None + + @classmethod + def _build_schema_firewall_policy_draft_read(cls, _schema): + if cls._schema_firewall_policy_draft_read is not None: + _schema.etag = cls._schema_firewall_policy_draft_read.etag + _schema.id = cls._schema_firewall_policy_draft_read.id + _schema.name = cls._schema_firewall_policy_draft_read.name + _schema.properties = cls._schema_firewall_policy_draft_read.properties + _schema.tags = cls._schema_firewall_policy_draft_read.tags + _schema.type = cls._schema_firewall_policy_draft_read.type + return + + cls._schema_firewall_policy_draft_read = _schema_firewall_policy_read = AAZObjectType() + + firewall_policy_read = _schema_firewall_policy_read + firewall_policy_read.etag = AAZStrType( + flags={"read_only": True}, + ) + firewall_policy_read.id = AAZStrType() + firewall_policy_read.name = AAZStrType( + flags={"read_only": True}, + ) + firewall_policy_read.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + firewall_policy_read.tags = AAZDictType() + firewall_policy_read.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = _schema_firewall_policy_read.properties + properties.base_policy = AAZObjectType( + serialized_name="basePolicy", + ) + cls._build_schema_sub_resource_read(properties.base_policy) + properties.dns_settings = AAZObjectType( + serialized_name="dnsSettings", + ) + properties.explicit_proxy = AAZObjectType( + serialized_name="explicitProxy", + ) + properties.firewalls = AAZListType( + flags={"read_only": True}, + ) + properties.insights = AAZObjectType() + properties.intrusion_detection = AAZObjectType( + serialized_name="intrusionDetection", + ) + properties.sku = AAZObjectType() + properties.snat = AAZObjectType() + properties.sql = AAZObjectType() + properties.threat_intel_mode = AAZStrType( + serialized_name="threatIntelMode", + ) + properties.threat_intel_whitelist = AAZObjectType( + serialized_name="threatIntelWhitelist", + ) + + dns_settings = _schema_firewall_policy_read.properties.dns_settings + dns_settings.enable_proxy = AAZBoolType( + serialized_name="enableProxy", + ) + dns_settings.require_proxy_for_network_rules = AAZBoolType( + serialized_name="requireProxyForNetworkRules", + nullable=True, + ) + dns_settings.servers = AAZListType() + + servers = _schema_firewall_policy_read.properties.dns_settings.servers + servers.Element = AAZStrType() + + explicit_proxy = _schema_firewall_policy_read.properties.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolType( + serialized_name="enableExplicitProxy", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolType( + serialized_name="enablePacFile", + nullable=True, + ) + explicit_proxy.http_port = AAZIntType( + serialized_name="httpPort", + ) + explicit_proxy.https_port = AAZIntType( + serialized_name="httpsPort", + ) + explicit_proxy.pac_file = AAZStrType( + serialized_name="pacFile", + ) + explicit_proxy.pac_file_port = AAZIntType( + serialized_name="pacFilePort", + ) + + insights = _schema_firewall_policy_read.properties.insights + insights.is_enabled = AAZBoolType( + serialized_name="isEnabled", + ) + insights.log_analytics_resources = AAZObjectType( + serialized_name="logAnalyticsResources", + ) + insights.retention_days = AAZIntType( + serialized_name="retentionDays", + ) + + log_analytics_resources = _schema_firewall_policy_read.properties.insights.log_analytics_resources + log_analytics_resources.default_workspace_id = AAZObjectType( + serialized_name="defaultWorkspaceId", + ) + cls._build_schema_sub_resource_read(log_analytics_resources.default_workspace_id) + log_analytics_resources.workspaces = AAZListType() + + workspaces = _schema_firewall_policy_read.properties.insights.log_analytics_resources.workspaces + workspaces.Element = AAZObjectType() + + _element = _schema_firewall_policy_read.properties.insights.log_analytics_resources.workspaces.Element + _element.region = AAZStrType() + _element.workspace_id = AAZObjectType( + serialized_name="workspaceId", + ) + cls._build_schema_sub_resource_read(_element.workspace_id) + + intrusion_detection = _schema_firewall_policy_read.properties.intrusion_detection + intrusion_detection.configuration = AAZObjectType() + intrusion_detection.mode = AAZStrType() + + configuration = _schema_firewall_policy_read.properties.intrusion_detection.configuration + configuration.bypass_traffic_settings = AAZListType( + serialized_name="bypassTrafficSettings", + ) + configuration.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + configuration.signature_overrides = AAZListType( + serialized_name="signatureOverrides", + ) + + bypass_traffic_settings = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings + bypass_traffic_settings.Element = AAZObjectType() + + _element = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element + _element.description = AAZStrType() + _element.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + _element.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + _element.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + _element.name = AAZStrType() + _element.protocol = AAZStrType() + _element.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + _element.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ip_groups = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ports + destination_ports.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_read.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_ip_groups + source_ip_groups.Element = AAZStrType() + + private_ranges = _schema_firewall_policy_read.properties.intrusion_detection.configuration.private_ranges + private_ranges.Element = AAZStrType() + + signature_overrides = _schema_firewall_policy_read.properties.intrusion_detection.configuration.signature_overrides + signature_overrides.Element = AAZObjectType() + + _element = _schema_firewall_policy_read.properties.intrusion_detection.configuration.signature_overrides.Element + _element.id = AAZStrType() + _element.mode = AAZStrType() + + snat = _schema_firewall_policy_read.properties.snat + snat.auto_learn_private_ranges = AAZStrType( + serialized_name="autoLearnPrivateRanges", + ) + snat.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + + private_ranges = _schema_firewall_policy_read.properties.snat.private_ranges + private_ranges.Element = AAZStrType() + + sql = _schema_firewall_policy_read.properties.sql + sql.allow_sql_redirect = AAZBoolType( + serialized_name="allowSqlRedirect", + ) + + threat_intel_whitelist = _schema_firewall_policy_read.properties.threat_intel_whitelist + threat_intel_whitelist.fqdns = AAZListType() + threat_intel_whitelist.ip_addresses = AAZListType( + serialized_name="ipAddresses", + ) + + fqdns = _schema_firewall_policy_read.properties.threat_intel_whitelist.fqdns + fqdns.Element = AAZStrType() + + ip_addresses = _schema_firewall_policy_read.properties.threat_intel_whitelist.ip_addresses + ip_addresses.Element = AAZStrType() + + tags = _schema_firewall_policy_read.tags + tags.Element = AAZStrType() + + _schema.etag = cls._schema_firewall_policy_draft_read.etag + _schema.id = cls._schema_firewall_policy_draft_read.id + _schema.name = cls._schema_firewall_policy_draft_read.name + _schema.properties = cls._schema_firewall_policy_draft_read.properties + _schema.tags = cls._schema_firewall_policy_draft_read.tags + _schema.type = cls._schema_firewall_policy_draft_read.type + + _schema_sub_resource_read = None + + @classmethod + def _build_schema_sub_resource_read(cls, _schema): + if cls._schema_sub_resource_read is not None: + _schema.id = cls._schema_sub_resource_read.id + return + + cls._schema_sub_resource_read = _schema_sub_resource_read = AAZObjectType() + + sub_resource_read = _schema_sub_resource_read + sub_resource_read.id = AAZStrType() + + _schema.id = cls._schema_sub_resource_read.id + + +__all__ = ["Update"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_wait.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_wait.py new file mode 100644 index 00000000000..6fa4905c73d --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/policy_draft/_wait.py @@ -0,0 +1,451 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy draft wait", +) +class Wait(AAZWaitCommand): + """Place the CLI in a waiting state until a condition is met. + """ + + _aaz_info = { + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/firewallPolicyDrafts/default", "2023-09-01"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.expand = AAZStrArg( + options=["--expand"], + help="Expands referenced resources. Default value is None.", + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirewallPoliciesGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=False) + return result + + class FirewallPoliciesGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "$expand", self.ctx.args.expand, + ), + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.etag = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.id = AAZStrType() + _schema_on_200.identity = AAZObjectType() + _schema_on_200.location = AAZStrType() + _schema_on_200.name = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200.tags = AAZDictType() + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + identity = cls._schema_on_200.identity + identity.principal_id = AAZStrType( + serialized_name="principalId", + flags={"read_only": True}, + ) + identity.tenant_id = AAZStrType( + serialized_name="tenantId", + flags={"read_only": True}, + ) + identity.type = AAZStrType() + identity.user_assigned_identities = AAZDictType( + serialized_name="userAssignedIdentities", + ) + + user_assigned_identities = cls._schema_on_200.identity.user_assigned_identities + user_assigned_identities.Element = AAZObjectType() + + _element = cls._schema_on_200.identity.user_assigned_identities.Element + _element.client_id = AAZStrType( + serialized_name="clientId", + flags={"read_only": True}, + ) + _element.principal_id = AAZStrType( + serialized_name="principalId", + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.base_policy = AAZObjectType( + serialized_name="basePolicy", + ) + _WaitHelper._build_schema_sub_resource_read(properties.base_policy) + properties.child_policies = AAZListType( + serialized_name="childPolicies", + flags={"read_only": True}, + ) + properties.dns_settings = AAZObjectType( + serialized_name="dnsSettings", + ) + properties.explicit_proxy = AAZObjectType( + serialized_name="explicitProxy", + ) + properties.firewalls = AAZListType( + flags={"read_only": True}, + ) + properties.insights = AAZObjectType() + properties.intrusion_detection = AAZObjectType( + serialized_name="intrusionDetection", + ) + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.rule_collection_groups = AAZListType( + serialized_name="ruleCollectionGroups", + flags={"read_only": True}, + ) + properties.sku = AAZObjectType() + properties.snat = AAZObjectType() + properties.sql = AAZObjectType() + properties.threat_intel_mode = AAZStrType( + serialized_name="threatIntelMode", + ) + properties.threat_intel_whitelist = AAZObjectType( + serialized_name="threatIntelWhitelist", + ) + properties.transport_security = AAZObjectType( + serialized_name="transportSecurity", + ) + + child_policies = cls._schema_on_200.properties.child_policies + child_policies.Element = AAZObjectType() + _WaitHelper._build_schema_sub_resource_read(child_policies.Element) + + dns_settings = cls._schema_on_200.properties.dns_settings + dns_settings.enable_proxy = AAZBoolType( + serialized_name="enableProxy", + ) + dns_settings.require_proxy_for_network_rules = AAZBoolType( + serialized_name="requireProxyForNetworkRules", + nullable=True, + ) + dns_settings.servers = AAZListType() + + servers = cls._schema_on_200.properties.dns_settings.servers + servers.Element = AAZStrType() + + explicit_proxy = cls._schema_on_200.properties.explicit_proxy + explicit_proxy.enable_explicit_proxy = AAZBoolType( + serialized_name="enableExplicitProxy", + nullable=True, + ) + explicit_proxy.enable_pac_file = AAZBoolType( + serialized_name="enablePacFile", + nullable=True, + ) + explicit_proxy.http_port = AAZIntType( + serialized_name="httpPort", + ) + explicit_proxy.https_port = AAZIntType( + serialized_name="httpsPort", + ) + explicit_proxy.pac_file = AAZStrType( + serialized_name="pacFile", + ) + explicit_proxy.pac_file_port = AAZIntType( + serialized_name="pacFilePort", + ) + + firewalls = cls._schema_on_200.properties.firewalls + firewalls.Element = AAZObjectType() + _WaitHelper._build_schema_sub_resource_read(firewalls.Element) + + insights = cls._schema_on_200.properties.insights + insights.is_enabled = AAZBoolType( + serialized_name="isEnabled", + ) + insights.log_analytics_resources = AAZObjectType( + serialized_name="logAnalyticsResources", + ) + insights.retention_days = AAZIntType( + serialized_name="retentionDays", + ) + + log_analytics_resources = cls._schema_on_200.properties.insights.log_analytics_resources + log_analytics_resources.default_workspace_id = AAZObjectType( + serialized_name="defaultWorkspaceId", + ) + _WaitHelper._build_schema_sub_resource_read(log_analytics_resources.default_workspace_id) + log_analytics_resources.workspaces = AAZListType() + + workspaces = cls._schema_on_200.properties.insights.log_analytics_resources.workspaces + workspaces.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.insights.log_analytics_resources.workspaces.Element + _element.region = AAZStrType() + _element.workspace_id = AAZObjectType( + serialized_name="workspaceId", + ) + _WaitHelper._build_schema_sub_resource_read(_element.workspace_id) + + intrusion_detection = cls._schema_on_200.properties.intrusion_detection + intrusion_detection.configuration = AAZObjectType() + intrusion_detection.mode = AAZStrType() + + configuration = cls._schema_on_200.properties.intrusion_detection.configuration + configuration.bypass_traffic_settings = AAZListType( + serialized_name="bypassTrafficSettings", + ) + configuration.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + configuration.signature_overrides = AAZListType( + serialized_name="signatureOverrides", + ) + + bypass_traffic_settings = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings + bypass_traffic_settings.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element + _element.description = AAZStrType() + _element.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + _element.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + _element.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + _element.name = AAZStrType() + _element.protocol = AAZStrType() + _element.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + _element.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ip_groups = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.destination_ports + destination_ports.Element = AAZStrType() + + source_addresses = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = cls._schema_on_200.properties.intrusion_detection.configuration.bypass_traffic_settings.Element.source_ip_groups + source_ip_groups.Element = AAZStrType() + + private_ranges = cls._schema_on_200.properties.intrusion_detection.configuration.private_ranges + private_ranges.Element = AAZStrType() + + signature_overrides = cls._schema_on_200.properties.intrusion_detection.configuration.signature_overrides + signature_overrides.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.intrusion_detection.configuration.signature_overrides.Element + _element.id = AAZStrType() + _element.mode = AAZStrType() + + rule_collection_groups = cls._schema_on_200.properties.rule_collection_groups + rule_collection_groups.Element = AAZObjectType() + _WaitHelper._build_schema_sub_resource_read(rule_collection_groups.Element) + + sku = cls._schema_on_200.properties.sku + sku.tier = AAZStrType() + + snat = cls._schema_on_200.properties.snat + snat.auto_learn_private_ranges = AAZStrType( + serialized_name="autoLearnPrivateRanges", + ) + snat.private_ranges = AAZListType( + serialized_name="privateRanges", + ) + + private_ranges = cls._schema_on_200.properties.snat.private_ranges + private_ranges.Element = AAZStrType() + + sql = cls._schema_on_200.properties.sql + sql.allow_sql_redirect = AAZBoolType( + serialized_name="allowSqlRedirect", + ) + + threat_intel_whitelist = cls._schema_on_200.properties.threat_intel_whitelist + threat_intel_whitelist.fqdns = AAZListType() + threat_intel_whitelist.ip_addresses = AAZListType( + serialized_name="ipAddresses", + ) + + fqdns = cls._schema_on_200.properties.threat_intel_whitelist.fqdns + fqdns.Element = AAZStrType() + + ip_addresses = cls._schema_on_200.properties.threat_intel_whitelist.ip_addresses + ip_addresses.Element = AAZStrType() + + transport_security = cls._schema_on_200.properties.transport_security + transport_security.certificate_authority = AAZObjectType( + serialized_name="certificateAuthority", + ) + + certificate_authority = cls._schema_on_200.properties.transport_security.certificate_authority + certificate_authority.key_vault_secret_id = AAZStrType( + serialized_name="keyVaultSecretId", + ) + certificate_authority.name = AAZStrType() + + tags = cls._schema_on_200.tags + tags.Element = AAZStrType() + + return cls._schema_on_200 + + +class _WaitHelper: + """Helper class for Wait""" + + _schema_sub_resource_read = None + + @classmethod + def _build_schema_sub_resource_read(cls, _schema): + if cls._schema_sub_resource_read is not None: + _schema.id = cls._schema_sub_resource_read.id + return + + cls._schema_sub_resource_read = _schema_sub_resource_read = AAZObjectType() + + sub_resource_read = _schema_sub_resource_read + sub_resource_read.id = AAZStrType() + + _schema.id = cls._schema_sub_resource_read.id + + +__all__ = ["Wait"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__cmd_group.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__cmd_group.py new file mode 100644 index 00000000000..5dab8dd2d07 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__cmd_group.py @@ -0,0 +1,24 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command_group( + "network firewall policy rule-collection-group draft", + is_preview=True, +) +class __CMDGroup(AAZCommandGroup): + """Manage and configure Azure firewall policy rule collection group draft. + """ + pass + + +__all__ = ["__CMDGroup"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__init__.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__init__.py new file mode 100644 index 00000000000..3ce619cc658 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/__init__.py @@ -0,0 +1,16 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from .__cmd_group import * +from ._create import * +from ._delete import * +from ._show import * +from ._update import * +from ._wait import * \ No newline at end of file diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_create.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_create.py new file mode 100644 index 00000000000..1777fdc19bf --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_create.py @@ -0,0 +1,950 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy rule-collection-group draft create", + is_preview=True, +) +class Create(AAZCommand): + """Create an Azure firewall policy rule collection group draft. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/rulecollectiongroups/{}/ruleCollectionGroupDrafts/default", "2023-09-01"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_lro_poller(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Firewall Policy.", + required=True, + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + ) + + # define Arg Group "Parameters" + + # define Arg Group "Properties" + + _args_schema = cls._args_schema + _args_schema.priority = AAZIntArg( + options=["--priority"], + arg_group="Properties", + help="Priority of the Firewall Policy Rule Collection Group", + fmt=AAZIntArgFormat( + maximum=65000, + minimum=100, + ), + ) + _args_schema.rule_collections = AAZListArg( + options=["--rule-collections"], + arg_group="Properties", + help="Group of Firewall Policy rule collections.", + ) + + rule_collections = cls._args_schema.rule_collections + rule_collections.Element = AAZObjectArg() + + _element = cls._args_schema.rule_collections.Element + _element.firewall_policy_filter_rule_collection = AAZObjectArg( + options=["firewall-policy-filter-rule-collection"], + ) + _element.firewall_policy_nat_rule_collection = AAZObjectArg( + options=["firewall-policy-nat-rule-collection"], + ) + _element.name = AAZStrArg( + options=["name"], + help="The name of the rule collection.", + ) + _element.priority = AAZIntArg( + options=["priority"], + help="Priority of the Firewall Policy Rule Collection resource.", + fmt=AAZIntArgFormat( + maximum=65000, + minimum=100, + ), + ) + + firewall_policy_filter_rule_collection = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection + firewall_policy_filter_rule_collection.action = AAZObjectArg( + options=["action"], + help="The action type of a Filter rule collection.", + ) + firewall_policy_filter_rule_collection.rules = AAZListArg( + options=["rules"], + help="List of rules included in a rule collection.", + ) + + action = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.action + action.type = AAZStrArg( + options=["type"], + help="The type of action.", + enum={"Allow": "Allow", "Deny": "Deny"}, + ) + + rules = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules + rules.Element = AAZObjectArg() + cls._build_args_firewall_policy_rule_create(rules.Element) + + firewall_policy_nat_rule_collection = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection + firewall_policy_nat_rule_collection.action = AAZObjectArg( + options=["action"], + help="The action type of a Nat rule collection.", + ) + firewall_policy_nat_rule_collection.rules = AAZListArg( + options=["rules"], + help="List of rules included in a rule collection.", + ) + + action = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.action + action.type = AAZStrArg( + options=["type"], + help="The type of action.", + enum={"DNAT": "DNAT"}, + ) + + rules = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules + rules.Element = AAZObjectArg() + cls._build_args_firewall_policy_rule_create(rules.Element) + return cls._args_schema + + _args_firewall_policy_rule_collection_group_draft_create = None + + @classmethod + def _build_args_firewall_policy_rule_create(cls, _schema): + if cls._args_firewall_policy_rule_collection_group_draft_create is not None: + _schema.application_rule = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule + _schema.description = cls._args_firewall_policy_rule_collection_group_draft_create.description + _schema.name = cls._args_firewall_policy_rule_collection_group_draft_create.name + _schema.nat_rule = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule + _schema.network_rule = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule + return + + cls._args_firewall_policy_rule_collection_group_draft_create = AAZObjectArg() + + firewall_policy_rule_create = cls._args_firewall_policy_rule_collection_group_draft_create + firewall_policy_rule_create.application_rule = AAZObjectArg( + options=["application-rule"], + ) + firewall_policy_rule_create.nat_rule = AAZObjectArg( + options=["nat-rule"], + ) + firewall_policy_rule_create.network_rule = AAZObjectArg( + options=["network-rule"], + ) + firewall_policy_rule_create.description = AAZStrArg( + options=["description"], + help="Description of the rule.", + ) + firewall_policy_rule_create.name = AAZStrArg( + options=["name"], + help="Name of the rule.", + ) + + application_rule = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule + application_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + help="List of destination IP addresses or Service Tags.", + ) + application_rule.fqdn_tags = AAZListArg( + options=["fqdn-tags"], + help="List of FQDN Tags for this rule.", + ) + application_rule.protocols = AAZListArg( + options=["protocols"], + help="Array of Application Protocols.", + ) + application_rule.source_addresses = AAZListArg( + options=["source-addresses"], + help="List of source IP addresses for this rule.", + ) + application_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + help="List of source IpGroups for this rule.", + ) + application_rule.target_fqdns = AAZListArg( + options=["target-fqdns"], + help="List of FQDNs for this rule.", + ) + application_rule.target_urls = AAZListArg( + options=["target-urls"], + help="List of Urls for this rule condition.", + ) + application_rule.terminate_tls = AAZBoolArg( + options=["terminate-tls"], + help="Terminate TLS connections for this rule.", + ) + application_rule.web_categories = AAZListArg( + options=["web-categories"], + help="List of destination azure web categories.", + ) + + destination_addresses = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.destination_addresses + destination_addresses.Element = AAZStrArg() + + fqdn_tags = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.fqdn_tags + fqdn_tags.Element = AAZStrArg() + + protocols = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.protocols + protocols.Element = AAZObjectArg() + + _element = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.protocols.Element + _element.port = AAZIntArg( + options=["port"], + help="Port number for the protocol, cannot be greater than 64000.", + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + _element.protocol_type = AAZStrArg( + options=["protocol-type"], + help="Protocol type.", + enum={"Http": "Http", "Https": "Https"}, + ) + + source_addresses = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.source_addresses + source_addresses.Element = AAZStrArg() + + source_ip_groups = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg() + + target_fqdns = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.target_fqdns + target_fqdns.Element = AAZStrArg() + + target_urls = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.target_urls + target_urls.Element = AAZStrArg() + + web_categories = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule.web_categories + web_categories.Element = AAZStrArg() + + nat_rule = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule + nat_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + help="List of destination IP addresses or Service Tags.", + ) + nat_rule.destination_ports = AAZListArg( + options=["destination-ports"], + help="List of destination ports.", + ) + nat_rule.ip_protocols = AAZListArg( + options=["ip-protocols"], + help="Array of FirewallPolicyRuleNetworkProtocols.", + ) + nat_rule.source_addresses = AAZListArg( + options=["source-addresses"], + help="List of source IP addresses for this rule.", + ) + nat_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + help="List of source IpGroups for this rule.", + ) + nat_rule.translated_address = AAZStrArg( + options=["translated-address"], + help="The translated address for this NAT rule.", + ) + nat_rule.translated_fqdn = AAZStrArg( + options=["translated-fqdn"], + help="The translated FQDN for this NAT rule.", + ) + nat_rule.translated_port = AAZStrArg( + options=["translated-port"], + help="The translated port for this NAT rule.", + ) + + destination_addresses = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule.destination_addresses + destination_addresses.Element = AAZStrArg() + + destination_ports = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule.destination_ports + destination_ports.Element = AAZStrArg() + + ip_protocols = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule.ip_protocols + ip_protocols.Element = AAZStrArg( + enum={"Any": "Any", "ICMP": "ICMP", "TCP": "TCP", "UDP": "UDP"}, + ) + + source_addresses = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule.source_addresses + source_addresses.Element = AAZStrArg() + + source_ip_groups = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg() + + network_rule = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule + network_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + help="List of destination IP addresses or Service Tags.", + ) + network_rule.destination_fqdns = AAZListArg( + options=["destination-fqdns"], + help="List of destination FQDNs.", + ) + network_rule.destination_ip_groups = AAZListArg( + options=["destination-ip-groups"], + help="List of destination IpGroups for this rule.", + ) + network_rule.destination_ports = AAZListArg( + options=["destination-ports"], + help="List of destination ports.", + ) + network_rule.ip_protocols = AAZListArg( + options=["ip-protocols"], + help="Array of FirewallPolicyRuleNetworkProtocols.", + ) + network_rule.source_addresses = AAZListArg( + options=["source-addresses"], + help="List of source IP addresses for this rule.", + ) + network_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + help="List of source IpGroups for this rule.", + ) + + destination_addresses = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule.destination_addresses + destination_addresses.Element = AAZStrArg() + + destination_fqdns = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule.destination_fqdns + destination_fqdns.Element = AAZStrArg() + + destination_ip_groups = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule.destination_ip_groups + destination_ip_groups.Element = AAZStrArg() + + destination_ports = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule.destination_ports + destination_ports.Element = AAZStrArg() + + ip_protocols = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule.ip_protocols + ip_protocols.Element = AAZStrArg( + enum={"Any": "Any", "ICMP": "ICMP", "TCP": "TCP", "UDP": "UDP"}, + ) + + source_addresses = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule.source_addresses + source_addresses.Element = AAZStrArg() + + source_ip_groups = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg() + + _schema.application_rule = cls._args_firewall_policy_rule_collection_group_draft_create.application_rule + _schema.description = cls._args_firewall_policy_rule_collection_group_draft_create.description + _schema.name = cls._args_firewall_policy_rule_collection_group_draft_create.name + _schema.nat_rule = cls._args_firewall_policy_rule_collection_group_draft_create.nat_rule + _schema.network_rule = cls._args_firewall_policy_rule_collection_group_draft_create.network_rule + + def _execute_operations(self): + self.pre_operations() + yield self.FirewallPolicyRuleCollectionGroupsCreateOrUpdate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirewallPolicyRuleCollectionGroupsCreateOrUpdate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200, 201]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}/ruleCollectionGroupDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "ruleCollectionGroupName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + typ=AAZObjectType, + typ_kwargs={"flags": {"required": True, "client_flatten": True}} + ) + _builder.set_prop("name", AAZStrType, ".name") + _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}}) + + properties = _builder.get(".properties") + if properties is not None: + properties.set_prop("priority", AAZIntType, ".priority") + properties.set_prop("ruleCollections", AAZListType, ".rule_collections") + + rule_collections = _builder.get(".properties.ruleCollections") + if rule_collections is not None: + rule_collections.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.ruleCollections[]") + if _elements is not None: + _elements.set_prop("name", AAZStrType, ".name") + _elements.set_prop("priority", AAZIntType, ".priority") + _elements.set_const("ruleCollectionType", "FirewallPolicyFilterRuleCollection", AAZStrType, ".firewall_policy_filter_rule_collection", typ_kwargs={"flags": {"required": True}}) + _elements.set_const("ruleCollectionType", "FirewallPolicyNatRuleCollection", AAZStrType, ".firewall_policy_nat_rule_collection", typ_kwargs={"flags": {"required": True}}) + _elements.discriminate_by("ruleCollectionType", "FirewallPolicyFilterRuleCollection") + _elements.discriminate_by("ruleCollectionType", "FirewallPolicyNatRuleCollection") + + disc_firewall_policy_filter_rule_collection = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}") + if disc_firewall_policy_filter_rule_collection is not None: + disc_firewall_policy_filter_rule_collection.set_prop("action", AAZObjectType, ".firewall_policy_filter_rule_collection.action") + disc_firewall_policy_filter_rule_collection.set_prop("rules", AAZListType, ".firewall_policy_filter_rule_collection.rules") + + action = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.action") + if action is not None: + action.set_prop("type", AAZStrType, ".type") + + rules = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules") + if rules is not None: + _CreateHelper._build_schema_firewall_policy_rule_create(rules.set_elements(AAZObjectType, ".")) + + disc_firewall_policy_nat_rule_collection = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}") + if disc_firewall_policy_nat_rule_collection is not None: + disc_firewall_policy_nat_rule_collection.set_prop("action", AAZObjectType, ".firewall_policy_nat_rule_collection.action") + disc_firewall_policy_nat_rule_collection.set_prop("rules", AAZListType, ".firewall_policy_nat_rule_collection.rules") + + action = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.action") + if action is not None: + action.set_prop("type", AAZStrType, ".type") + + rules = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules") + if rules is not None: + _CreateHelper._build_schema_firewall_policy_rule_create(rules.set_elements(AAZObjectType, ".")) + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + + _schema_on_200_201 = cls._schema_on_200_201 + _schema_on_200_201.etag = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200_201.id = AAZStrType() + _schema_on_200_201.name = AAZStrType() + _schema_on_200_201.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200_201.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200_201.properties + properties.priority = AAZIntType() + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.rule_collections = AAZListType( + serialized_name="ruleCollections", + ) + + rule_collections = cls._schema_on_200_201.properties.rule_collections + rule_collections.Element = AAZObjectType() + + _element = cls._schema_on_200_201.properties.rule_collections.Element + _element.name = AAZStrType() + _element.priority = AAZIntType() + _element.rule_collection_type = AAZStrType( + serialized_name="ruleCollectionType", + flags={"required": True}, + ) + + disc_firewall_policy_filter_rule_collection = cls._schema_on_200_201.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection") + disc_firewall_policy_filter_rule_collection.action = AAZObjectType() + disc_firewall_policy_filter_rule_collection.rules = AAZListType() + + action = cls._schema_on_200_201.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").action + action.type = AAZStrType() + + rules = cls._schema_on_200_201.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").rules + rules.Element = AAZObjectType() + _CreateHelper._build_schema_firewall_policy_rule_read(rules.Element) + + disc_firewall_policy_nat_rule_collection = cls._schema_on_200_201.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection") + disc_firewall_policy_nat_rule_collection.action = AAZObjectType() + disc_firewall_policy_nat_rule_collection.rules = AAZListType() + + action = cls._schema_on_200_201.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").action + action.type = AAZStrType() + + rules = cls._schema_on_200_201.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").rules + rules.Element = AAZObjectType() + _CreateHelper._build_schema_firewall_policy_rule_read(rules.Element) + + return cls._schema_on_200_201 + + +class _CreateHelper: + """Helper class for Create""" + + @classmethod + def _build_schema_firewall_policy_rule_create(cls, _builder): + if _builder is None: + return + _builder.set_prop("description", AAZStrType, ".description") + _builder.set_prop("name", AAZStrType, ".name") + _builder.set_const("ruleType", "ApplicationRule", AAZStrType, ".application_rule", typ_kwargs={"flags": {"required": True}}) + _builder.set_const("ruleType", "NatRule", AAZStrType, ".nat_rule", typ_kwargs={"flags": {"required": True}}) + _builder.set_const("ruleType", "NetworkRule", AAZStrType, ".network_rule", typ_kwargs={"flags": {"required": True}}) + _builder.discriminate_by("ruleType", "ApplicationRule") + _builder.discriminate_by("ruleType", "NatRule") + _builder.discriminate_by("ruleType", "NetworkRule") + + disc_application_rule = _builder.get("{ruleType:ApplicationRule}") + if disc_application_rule is not None: + disc_application_rule.set_prop("destinationAddresses", AAZListType, ".application_rule.destination_addresses") + disc_application_rule.set_prop("fqdnTags", AAZListType, ".application_rule.fqdn_tags") + disc_application_rule.set_prop("protocols", AAZListType, ".application_rule.protocols") + disc_application_rule.set_prop("sourceAddresses", AAZListType, ".application_rule.source_addresses") + disc_application_rule.set_prop("sourceIpGroups", AAZListType, ".application_rule.source_ip_groups") + disc_application_rule.set_prop("targetFqdns", AAZListType, ".application_rule.target_fqdns") + disc_application_rule.set_prop("targetUrls", AAZListType, ".application_rule.target_urls") + disc_application_rule.set_prop("terminateTLS", AAZBoolType, ".application_rule.terminate_tls") + disc_application_rule.set_prop("webCategories", AAZListType, ".application_rule.web_categories") + + destination_addresses = _builder.get("{ruleType:ApplicationRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + fqdn_tags = _builder.get("{ruleType:ApplicationRule}.fqdnTags") + if fqdn_tags is not None: + fqdn_tags.set_elements(AAZStrType, ".") + + protocols = _builder.get("{ruleType:ApplicationRule}.protocols") + if protocols is not None: + protocols.set_elements(AAZObjectType, ".") + + _elements = _builder.get("{ruleType:ApplicationRule}.protocols[]") + if _elements is not None: + _elements.set_prop("port", AAZIntType, ".port") + _elements.set_prop("protocolType", AAZStrType, ".protocol_type") + + source_addresses = _builder.get("{ruleType:ApplicationRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get("{ruleType:ApplicationRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + target_fqdns = _builder.get("{ruleType:ApplicationRule}.targetFqdns") + if target_fqdns is not None: + target_fqdns.set_elements(AAZStrType, ".") + + target_urls = _builder.get("{ruleType:ApplicationRule}.targetUrls") + if target_urls is not None: + target_urls.set_elements(AAZStrType, ".") + + web_categories = _builder.get("{ruleType:ApplicationRule}.webCategories") + if web_categories is not None: + web_categories.set_elements(AAZStrType, ".") + + disc_nat_rule = _builder.get("{ruleType:NatRule}") + if disc_nat_rule is not None: + disc_nat_rule.set_prop("destinationAddresses", AAZListType, ".nat_rule.destination_addresses") + disc_nat_rule.set_prop("destinationPorts", AAZListType, ".nat_rule.destination_ports") + disc_nat_rule.set_prop("ipProtocols", AAZListType, ".nat_rule.ip_protocols") + disc_nat_rule.set_prop("sourceAddresses", AAZListType, ".nat_rule.source_addresses") + disc_nat_rule.set_prop("sourceIpGroups", AAZListType, ".nat_rule.source_ip_groups") + disc_nat_rule.set_prop("translatedAddress", AAZStrType, ".nat_rule.translated_address") + disc_nat_rule.set_prop("translatedFqdn", AAZStrType, ".nat_rule.translated_fqdn") + disc_nat_rule.set_prop("translatedPort", AAZStrType, ".nat_rule.translated_port") + + destination_addresses = _builder.get("{ruleType:NatRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + destination_ports = _builder.get("{ruleType:NatRule}.destinationPorts") + if destination_ports is not None: + destination_ports.set_elements(AAZStrType, ".") + + ip_protocols = _builder.get("{ruleType:NatRule}.ipProtocols") + if ip_protocols is not None: + ip_protocols.set_elements(AAZStrType, ".") + + source_addresses = _builder.get("{ruleType:NatRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get("{ruleType:NatRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + disc_network_rule = _builder.get("{ruleType:NetworkRule}") + if disc_network_rule is not None: + disc_network_rule.set_prop("destinationAddresses", AAZListType, ".network_rule.destination_addresses") + disc_network_rule.set_prop("destinationFqdns", AAZListType, ".network_rule.destination_fqdns") + disc_network_rule.set_prop("destinationIpGroups", AAZListType, ".network_rule.destination_ip_groups") + disc_network_rule.set_prop("destinationPorts", AAZListType, ".network_rule.destination_ports") + disc_network_rule.set_prop("ipProtocols", AAZListType, ".network_rule.ip_protocols") + disc_network_rule.set_prop("sourceAddresses", AAZListType, ".network_rule.source_addresses") + disc_network_rule.set_prop("sourceIpGroups", AAZListType, ".network_rule.source_ip_groups") + + destination_addresses = _builder.get("{ruleType:NetworkRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + destination_fqdns = _builder.get("{ruleType:NetworkRule}.destinationFqdns") + if destination_fqdns is not None: + destination_fqdns.set_elements(AAZStrType, ".") + + destination_ip_groups = _builder.get("{ruleType:NetworkRule}.destinationIpGroups") + if destination_ip_groups is not None: + destination_ip_groups.set_elements(AAZStrType, ".") + + destination_ports = _builder.get("{ruleType:NetworkRule}.destinationPorts") + if destination_ports is not None: + destination_ports.set_elements(AAZStrType, ".") + + ip_protocols = _builder.get("{ruleType:NetworkRule}.ipProtocols") + if ip_protocols is not None: + ip_protocols.set_elements(AAZStrType, ".") + + source_addresses = _builder.get("{ruleType:NetworkRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get("{ruleType:NetworkRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + _schema_firewall_policy_rule_read = None + + @classmethod + def _build_schema_firewall_policy_rule_read(cls, _schema): + if cls._schema_firewall_policy_rule_read is not None: + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + return + + cls._schema_firewall_policy_rule_read = _schema_firewall_policy_rule_read = AAZObjectType() + + firewall_policy_rule_read = _schema_firewall_policy_rule_read + firewall_policy_rule_read.description = AAZStrType() + firewall_policy_rule_read.name = AAZStrType() + firewall_policy_rule_read.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + disc_application_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule") + disc_application_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_application_rule.fqdn_tags = AAZListType( + serialized_name="fqdnTags", + ) + disc_application_rule.protocols = AAZListType() + disc_application_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_application_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_application_rule.target_fqdns = AAZListType( + serialized_name="targetFqdns", + ) + disc_application_rule.target_urls = AAZListType( + serialized_name="targetUrls", + ) + disc_application_rule.terminate_tls = AAZBoolType( + serialized_name="terminateTLS", + ) + disc_application_rule.web_categories = AAZListType( + serialized_name="webCategories", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").destination_addresses + destination_addresses.Element = AAZStrType() + + fqdn_tags = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").fqdn_tags + fqdn_tags.Element = AAZStrType() + + protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols + protocols.Element = AAZObjectType() + + _element = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols.Element + _element.port = AAZIntType() + _element.protocol_type = AAZStrType( + serialized_name="protocolType", + ) + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + target_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_fqdns + target_fqdns.Element = AAZStrType() + + target_urls = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_urls + target_urls.Element = AAZStrType() + + web_categories = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").web_categories + web_categories.Element = AAZStrType() + + disc_nat_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule") + disc_nat_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_nat_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_nat_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_nat_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_nat_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_nat_rule.translated_address = AAZStrType( + serialized_name="translatedAddress", + ) + disc_nat_rule.translated_fqdn = AAZStrType( + serialized_name="translatedFqdn", + ) + disc_nat_rule.translated_port = AAZStrType( + serialized_name="translatedPort", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + disc_network_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule") + disc_network_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_network_rule.destination_fqdns = AAZListType( + serialized_name="destinationFqdns", + ) + disc_network_rule.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + disc_network_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_network_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_network_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_network_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_fqdns + destination_fqdns.Element = AAZStrType() + + destination_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + + +__all__ = ["Create"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_delete.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_delete.py new file mode 100644 index 00000000000..9e10a253c99 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_delete.py @@ -0,0 +1,172 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy rule-collection-group draft delete", + is_preview=True, + confirmation="Are you sure you want to perform this operation?", +) + +class Delete(AAZCommand): + """Delete an Azure Firewall policy rule collection draft group. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/rulecollectiongroups/{}/ruleCollectionGroupDrafts/default", "2023-09-01"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_lro_poller(self._execute_operations, None) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + id_part="child_name_1", + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + yield self.FirewallPolicyRuleCollectionGroupsDelete(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + class FirewallPolicyRuleCollectionGroupsDelete(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [204]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_204, + self.on_error, + lro_options={"final-state-via": "location"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}/ruleCollectionGroupDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "DELETE" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "ruleCollectionGroupName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + def on_200(self, session): + pass + + def on_204(self, session): + pass + + +class _DeleteHelper: + """Helper class for Delete""" + + +__all__ = ["Delete"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_show.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_show.py new file mode 100644 index 00000000000..8bdc3bb8740 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_show.py @@ -0,0 +1,436 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy rule-collection-group draft show", + is_preview=True, +) +class Show(AAZCommand): + """Show an Azure firewall policy rule collection group draft. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/rulecollectiongroups/{}/ruleCollectionGroupDrafts/default", "2023-09-01"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + id_part="child_name_1", + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirewallPolicyRuleCollectionGroupsGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirewallPolicyRuleCollectionGroupsGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}/ruleCollectionGroupDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "ruleCollectionGroupName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.etag = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.id = AAZStrType() + _schema_on_200.name = AAZStrType() + _schema_on_200.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.priority = AAZIntType() + properties.rule_collections = AAZListType( + serialized_name="ruleCollections", + ) + + rule_collections = cls._schema_on_200.properties.rule_collections + rule_collections.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.rule_collections.Element + _element.name = AAZStrType() + _element.priority = AAZIntType() + _element.rule_collection_type = AAZStrType( + serialized_name="ruleCollectionType", + flags={"required": True}, + ) + + disc_firewall_policy_filter_rule_collection = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection") + disc_firewall_policy_filter_rule_collection.action = AAZObjectType() + disc_firewall_policy_filter_rule_collection.rules = AAZListType() + + action = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").action + action.type = AAZStrType() + + rules = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").rules + rules.Element = AAZObjectType() + _ShowHelper._build_schema_firewall_policy_rule_read(rules.Element) + + disc_firewall_policy_nat_rule_collection = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection") + disc_firewall_policy_nat_rule_collection.action = AAZObjectType() + disc_firewall_policy_nat_rule_collection.rules = AAZListType() + + action = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").action + action.type = AAZStrType() + + rules = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").rules + rules.Element = AAZObjectType() + _ShowHelper._build_schema_firewall_policy_rule_read(rules.Element) + + return cls._schema_on_200 + + +class _ShowHelper: + """Helper class for Show""" + + _schema_firewall_policy_rule_read = None + + @classmethod + def _build_schema_firewall_policy_rule_read(cls, _schema): + if cls._schema_firewall_policy_rule_read is not None: + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + return + + cls._schema_firewall_policy_rule_read = _schema_firewall_policy_rule_read = AAZObjectType() + + firewall_policy_rule_read = _schema_firewall_policy_rule_read + firewall_policy_rule_read.description = AAZStrType() + firewall_policy_rule_read.name = AAZStrType() + firewall_policy_rule_read.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + disc_application_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule") + disc_application_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_application_rule.fqdn_tags = AAZListType( + serialized_name="fqdnTags", + ) + disc_application_rule.protocols = AAZListType() + disc_application_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_application_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_application_rule.target_fqdns = AAZListType( + serialized_name="targetFqdns", + ) + disc_application_rule.target_urls = AAZListType( + serialized_name="targetUrls", + ) + disc_application_rule.terminate_tls = AAZBoolType( + serialized_name="terminateTLS", + ) + disc_application_rule.web_categories = AAZListType( + serialized_name="webCategories", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").destination_addresses + destination_addresses.Element = AAZStrType() + + fqdn_tags = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").fqdn_tags + fqdn_tags.Element = AAZStrType() + + protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols + protocols.Element = AAZObjectType() + + _element = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols.Element + _element.port = AAZIntType() + _element.protocol_type = AAZStrType( + serialized_name="protocolType", + ) + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + target_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_fqdns + target_fqdns.Element = AAZStrType() + + target_urls = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_urls + target_urls.Element = AAZStrType() + + web_categories = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").web_categories + web_categories.Element = AAZStrType() + + disc_nat_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule") + disc_nat_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_nat_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_nat_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_nat_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_nat_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_nat_rule.translated_address = AAZStrType( + serialized_name="translatedAddress", + ) + disc_nat_rule.translated_fqdn = AAZStrType( + serialized_name="translatedFqdn", + ) + disc_nat_rule.translated_port = AAZStrType( + serialized_name="translatedPort", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + disc_network_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule") + disc_network_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_network_rule.destination_fqdns = AAZListType( + serialized_name="destinationFqdns", + ) + disc_network_rule.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + disc_network_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_network_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_network_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_network_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_fqdns + destination_fqdns.Element = AAZStrType() + + destination_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + + +__all__ = ["Show"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_update.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_update.py new file mode 100644 index 00000000000..55f42f20539 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_update.py @@ -0,0 +1,1493 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy rule-collection-group update", + is_preview=True, +) +class Update(AAZCommand): + """Update an Azure firewall policy rule collection group. + """ + + _aaz_info = { + "version": "2023-09-01", + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/rulecollectiongroups/{}/ruleCollectionGroupDrafts/default", "2023-09-01"], + ] + } + + AZ_SUPPORT_NO_WAIT = True + + AZ_SUPPORT_GENERIC_UPDATE = True + + def _handler(self, command_args): + super()._handler(command_args) + return self.build_lro_poller(self._execute_operations, self._output) + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + id_part="child_name_1", + ) + + # define Arg Group "Parameters" + + # define Arg Group "Properties" + + _args_schema = cls._args_schema + _args_schema.priority = AAZIntArg( + options=["--priority"], + arg_group="Properties", + help="Priority of the Firewall Policy Rule Collection Group", + nullable=True, + fmt=AAZIntArgFormat( + maximum=65000, + minimum=100, + ), + ) + _args_schema.rule_collections = AAZListArg( + options=["--rule-collections"], + arg_group="Properties", + help="Group of Firewall Policy rule collections.", + nullable=True, + ) + + rule_collections = cls._args_schema.rule_collections + rule_collections.Element = AAZObjectArg( + nullable=True, + ) + + _element = cls._args_schema.rule_collections.Element + _element.firewall_policy_filter_rule_collection = AAZObjectArg( + options=["firewall-policy-filter-rule-collection"], + ) + _element.firewall_policy_nat_rule_collection = AAZObjectArg( + options=["firewall-policy-nat-rule-collection"], + ) + _element.collection_name = AAZStrArg( + options=["collection-name"], + help="The name of the rule collection.", + nullable=True, + ) + _element.priority = AAZIntArg( + options=["priority"], + help="Priority of the Firewall Policy Rule Collection resource.", + nullable=True, + fmt=AAZIntArgFormat( + maximum=65000, + minimum=100, + ), + ) + + firewall_policy_filter_rule_collection = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection + firewall_policy_filter_rule_collection.action = AAZObjectArg( + options=["action"], + help="The action type of a Filter rule collection.", + nullable=True, + ) + firewall_policy_filter_rule_collection.rules = AAZListArg( + options=["rules"], + help="List of rules included in a rule collection.", + nullable=True, + ) + + action = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.action + action.type = AAZStrArg( + options=["type"], + help="The type of action.", + nullable=True, + enum={"Allow": "Allow", "Deny": "Deny"}, + ) + + rules = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules + rules.Element = AAZObjectArg( + nullable=True, + ) + + _element = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element + _element.application_rule = AAZObjectArg( + options=["application-rule"], + ) + _element.nat_rule = AAZObjectArg( + options=["nat-rule"], + ) + _element.network_rule = AAZObjectArg( + options=["network-rule"], + ) + _element.description = AAZStrArg( + options=["description"], + nullable=True, + ) + _element.name = AAZStrArg( + options=["name"], + nullable=True, + ) + + application_rule = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule + application_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + nullable=True, + ) + application_rule.fqdn_tags = AAZListArg( + options=["fqdn-tags"], + nullable=True, + ) + application_rule.protocols = AAZListArg( + options=["protocols"], + nullable=True, + ) + application_rule.source_addresses = AAZListArg( + options=["source-addresses"], + nullable=True, + ) + application_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + nullable=True, + ) + application_rule.target_fqdns = AAZListArg( + options=["target-fqdns"], + nullable=True, + ) + application_rule.target_urls = AAZListArg( + options=["target-urls"], + nullable=True, + ) + application_rule.terminate_tls = AAZBoolArg( + options=["terminate-tls"], + nullable=True, + ) + application_rule.web_categories = AAZListArg( + options=["web-categories"], + nullable=True, + ) + + destination_addresses = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.destination_addresses + destination_addresses.Element = AAZStrArg( + nullable=True, + ) + + fqdn_tags = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.fqdn_tags + fqdn_tags.Element = AAZStrArg( + nullable=True, + ) + + protocols = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.protocols + protocols.Element = AAZObjectArg( + nullable=True, + ) + + _element = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.protocols.Element + _element.port = AAZIntArg( + options=["port"], + nullable=True, + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + _element.protocol_type = AAZStrArg( + options=["protocol-type"], + nullable=True, + enum={"Http": "Http", "Https": "Https"}, + ) + + source_addresses = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.source_addresses + source_addresses.Element = AAZStrArg( + nullable=True, + ) + + source_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + target_fqdns = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.target_fqdns + target_fqdns.Element = AAZStrArg( + nullable=True, + ) + + target_urls = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.target_urls + target_urls.Element = AAZStrArg( + nullable=True, + ) + + web_categories = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.application_rule.web_categories + web_categories.Element = AAZStrArg( + nullable=True, + ) + + nat_rule = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.nat_rule + nat_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + nullable=True, + ) + nat_rule.destination_ports = AAZListArg( + options=["destination-ports"], + nullable=True, + ) + nat_rule.ip_protocols = AAZListArg( + options=["ip-protocols"], + nullable=True, + ) + nat_rule.source_addresses = AAZListArg( + options=["source-addresses"], + nullable=True, + ) + nat_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + nullable=True, + ) + nat_rule.translated_address = AAZStrArg( + options=["translated-address"], + nullable=True, + ) + nat_rule.translated_fqdn = AAZStrArg( + options=["translated-fqdn"], + nullable=True, + ) + nat_rule.translated_port = AAZStrArg( + options=["translated-port"], + nullable=True, + ) + + destination_addresses = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.nat_rule.destination_addresses + destination_addresses.Element = AAZStrArg( + nullable=True, + ) + + destination_ports = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.nat_rule.destination_ports + destination_ports.Element = AAZStrArg( + nullable=True, + ) + + ip_protocols = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.nat_rule.ip_protocols + ip_protocols.Element = AAZStrArg( + nullable=True, + enum={"Any": "Any", "ICMP": "ICMP", "TCP": "TCP", "UDP": "UDP"}, + ) + + source_addresses = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.nat_rule.source_addresses + source_addresses.Element = AAZStrArg( + nullable=True, + ) + + source_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.nat_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + network_rule = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule + network_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + nullable=True, + ) + network_rule.destination_fqdns = AAZListArg( + options=["destination-fqdns"], + nullable=True, + ) + network_rule.destination_ip_groups = AAZListArg( + options=["destination-ip-groups"], + nullable=True, + ) + network_rule.destination_ports = AAZListArg( + options=["destination-ports"], + nullable=True, + ) + network_rule.ip_protocols = AAZListArg( + options=["ip-protocols"], + nullable=True, + ) + network_rule.source_addresses = AAZListArg( + options=["source-addresses"], + nullable=True, + ) + network_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + nullable=True, + ) + + destination_addresses = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule.destination_addresses + destination_addresses.Element = AAZStrArg( + nullable=True, + ) + + destination_fqdns = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule.destination_fqdns + destination_fqdns.Element = AAZStrArg( + nullable=True, + ) + + destination_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule.destination_ip_groups + destination_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + destination_ports = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule.destination_ports + destination_ports.Element = AAZStrArg( + nullable=True, + ) + + ip_protocols = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule.ip_protocols + ip_protocols.Element = AAZStrArg( + nullable=True, + enum={"Any": "Any", "ICMP": "ICMP", "TCP": "TCP", "UDP": "UDP"}, + ) + + source_addresses = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule.source_addresses + source_addresses.Element = AAZStrArg( + nullable=True, + ) + + source_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_filter_rule_collection.rules.Element.network_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + firewall_policy_nat_rule_collection = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection + firewall_policy_nat_rule_collection.action = AAZObjectArg( + options=["action"], + help="The action type of a Nat rule collection.", + nullable=True, + ) + firewall_policy_nat_rule_collection.rules = AAZListArg( + options=["rules"], + help="List of rules included in a rule collection.", + nullable=True, + ) + + action = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.action + action.type = AAZStrArg( + options=["type"], + help="The type of action.", + nullable=True, + enum={"DNAT": "DNAT"}, + ) + + rules = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules + rules.Element = AAZObjectArg( + nullable=True, + ) + + _element = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element + _element.application_rule = AAZObjectArg( + options=["application-rule"], + ) + _element.nat_rule = AAZObjectArg( + options=["nat-rule"], + ) + _element.network_rule = AAZObjectArg( + options=["network-rule"], + ) + _element.description = AAZStrArg( + options=["description"], + nullable=True, + ) + _element.name = AAZStrArg( + options=["name"], + nullable=True, + ) + + application_rule = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule + application_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + nullable=True, + ) + application_rule.fqdn_tags = AAZListArg( + options=["fqdn-tags"], + nullable=True, + ) + application_rule.protocols = AAZListArg( + options=["protocols"], + nullable=True, + ) + application_rule.source_addresses = AAZListArg( + options=["source-addresses"], + nullable=True, + ) + application_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + nullable=True, + ) + application_rule.target_fqdns = AAZListArg( + options=["target-fqdns"], + nullable=True, + ) + application_rule.target_urls = AAZListArg( + options=["target-urls"], + nullable=True, + ) + application_rule.terminate_tls = AAZBoolArg( + options=["terminate-tls"], + nullable=True, + ) + application_rule.web_categories = AAZListArg( + options=["web-categories"], + nullable=True, + ) + + destination_addresses = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.destination_addresses + destination_addresses.Element = AAZStrArg( + nullable=True, + ) + + fqdn_tags = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.fqdn_tags + fqdn_tags.Element = AAZStrArg( + nullable=True, + ) + + protocols = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.protocols + protocols.Element = AAZObjectArg( + nullable=True, + ) + + _element = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.protocols.Element + _element.port = AAZIntArg( + options=["port"], + nullable=True, + fmt=AAZIntArgFormat( + maximum=64000, + minimum=0, + ), + ) + _element.protocol_type = AAZStrArg( + options=["protocol-type"], + nullable=True, + enum={"Http": "Http", "Https": "Https"}, + ) + + source_addresses = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.source_addresses + source_addresses.Element = AAZStrArg( + nullable=True, + ) + + source_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + target_fqdns = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.target_fqdns + target_fqdns.Element = AAZStrArg( + nullable=True, + ) + + target_urls = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.target_urls + target_urls.Element = AAZStrArg( + nullable=True, + ) + + web_categories = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.application_rule.web_categories + web_categories.Element = AAZStrArg( + nullable=True, + ) + + nat_rule = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.nat_rule + nat_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + nullable=True, + ) + nat_rule.destination_ports = AAZListArg( + options=["destination-ports"], + nullable=True, + ) + nat_rule.ip_protocols = AAZListArg( + options=["ip-protocols"], + nullable=True, + ) + nat_rule.source_addresses = AAZListArg( + options=["source-addresses"], + nullable=True, + ) + nat_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + nullable=True, + ) + nat_rule.translated_address = AAZStrArg( + options=["translated-address"], + nullable=True, + ) + nat_rule.translated_fqdn = AAZStrArg( + options=["translated-fqdn"], + nullable=True, + ) + nat_rule.translated_port = AAZStrArg( + options=["translated-port"], + nullable=True, + ) + + destination_addresses = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.nat_rule.destination_addresses + destination_addresses.Element = AAZStrArg( + nullable=True, + ) + + destination_ports = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.nat_rule.destination_ports + destination_ports.Element = AAZStrArg( + nullable=True, + ) + + ip_protocols = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.nat_rule.ip_protocols + ip_protocols.Element = AAZStrArg( + nullable=True, + enum={"Any": "Any", "ICMP": "ICMP", "TCP": "TCP", "UDP": "UDP"}, + ) + + source_addresses = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.nat_rule.source_addresses + source_addresses.Element = AAZStrArg( + nullable=True, + ) + + source_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.nat_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + network_rule = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule + network_rule.destination_addresses = AAZListArg( + options=["destination-addresses"], + nullable=True, + ) + network_rule.destination_fqdns = AAZListArg( + options=["destination-fqdns"], + nullable=True, + ) + network_rule.destination_ip_groups = AAZListArg( + options=["destination-ip-groups"], + nullable=True, + ) + network_rule.destination_ports = AAZListArg( + options=["destination-ports"], + nullable=True, + ) + network_rule.ip_protocols = AAZListArg( + options=["ip-protocols"], + nullable=True, + ) + network_rule.source_addresses = AAZListArg( + options=["source-addresses"], + nullable=True, + ) + network_rule.source_ip_groups = AAZListArg( + options=["source-ip-groups"], + nullable=True, + ) + + destination_addresses = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule.destination_addresses + destination_addresses.Element = AAZStrArg( + nullable=True, + ) + + destination_fqdns = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule.destination_fqdns + destination_fqdns.Element = AAZStrArg( + nullable=True, + ) + + destination_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule.destination_ip_groups + destination_ip_groups.Element = AAZStrArg( + nullable=True, + ) + + destination_ports = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule.destination_ports + destination_ports.Element = AAZStrArg( + nullable=True, + ) + + ip_protocols = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule.ip_protocols + ip_protocols.Element = AAZStrArg( + nullable=True, + enum={"Any": "Any", "ICMP": "ICMP", "TCP": "TCP", "UDP": "UDP"}, + ) + + source_addresses = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule.source_addresses + source_addresses.Element = AAZStrArg( + nullable=True, + ) + + source_ip_groups = cls._args_schema.rule_collections.Element.firewall_policy_nat_rule_collection.rules.Element.network_rule.source_ip_groups + source_ip_groups.Element = AAZStrArg( + nullable=True, + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirewallPolicyRuleCollectionGroupsGet(ctx=self.ctx)() + self.pre_instance_update(self.ctx.vars.instance) + self.InstanceUpdateByJson(ctx=self.ctx)() + self.InstanceUpdateByGeneric(ctx=self.ctx)() + self.post_instance_update(self.ctx.vars.instance) + yield self.FirewallPolicyRuleCollectionGroupsCreateOrUpdate(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + @register_callback + def pre_instance_update(self, instance): + pass + + @register_callback + def post_instance_update(self, instance): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True) + return result + + class FirewallPolicyRuleCollectionGroupsGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}/ruleCollectionGroupDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "ruleCollectionGroupName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + _UpdateHelper._build_schema_firewall_policy_rule_collection_group_read(cls._schema_on_200) + + return cls._schema_on_200 + + class FirewallPolicyRuleCollectionGroupsCreateOrUpdate(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [202]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + if session.http_response.status_code in [200, 201]: + return self.client.build_lro_polling( + self.ctx.args.no_wait, + session, + self.on_200_201, + self.on_error, + lro_options={"final-state-via": "azure-async-operation"}, + path_format_arguments=self.url_parameters, + ) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}/ruleCollectionGroupDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "PUT" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "ruleCollectionGroupName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Content-Type", "application/json", + ), + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + @property + def content(self): + _content_value, _builder = self.new_content_builder( + self.ctx.args, + value=self.ctx.vars.instance, + ) + + return self.serialize_content(_content_value) + + def on_200_201(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200_201 + ) + + _schema_on_200_201 = None + + @classmethod + def _build_schema_on_200_201(cls): + if cls._schema_on_200_201 is not None: + return cls._schema_on_200_201 + + cls._schema_on_200_201 = AAZObjectType() + _UpdateHelper._build_schema_firewall_policy_rule_collection_group_read(cls._schema_on_200_201) + + return cls._schema_on_200_201 + + class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation): + + def __call__(self, *args, **kwargs): + self._update_instance(self.ctx.vars.instance) + + def _update_instance(self, instance): + _instance_value, _builder = self.new_content_builder( + self.ctx.args, + value=instance, + typ=AAZObjectType + ) + _builder.set_prop("name", AAZStrType, ".name") + _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}}) + + properties = _builder.get(".properties") + if properties is not None: + properties.set_prop("priority", AAZIntType, ".priority") + properties.set_prop("ruleCollections", AAZListType, ".rule_collections") + + rule_collections = _builder.get(".properties.ruleCollections") + if rule_collections is not None: + rule_collections.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.ruleCollections[]") + if _elements is not None: + _elements.set_prop("name", AAZStrType, ".collection_name") + _elements.set_prop("priority", AAZIntType, ".priority") + _elements.set_const("ruleCollectionType", "FirewallPolicyFilterRuleCollection", AAZStrType, ".firewall_policy_filter_rule_collection", typ_kwargs={"flags": {"required": True}}) + _elements.set_const("ruleCollectionType", "FirewallPolicyNatRuleCollection", AAZStrType, ".firewall_policy_nat_rule_collection", typ_kwargs={"flags": {"required": True}}) + _elements.discriminate_by("ruleCollectionType", "FirewallPolicyFilterRuleCollection") + _elements.discriminate_by("ruleCollectionType", "FirewallPolicyNatRuleCollection") + + disc_firewall_policy_filter_rule_collection = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}") + if disc_firewall_policy_filter_rule_collection is not None: + disc_firewall_policy_filter_rule_collection.set_prop("action", AAZObjectType, ".firewall_policy_filter_rule_collection.action") + disc_firewall_policy_filter_rule_collection.set_prop("rules", AAZListType, ".firewall_policy_filter_rule_collection.rules") + + action = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.action") + if action is not None: + action.set_prop("type", AAZStrType, ".type") + + rules = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules") + if rules is not None: + rules.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]") + if _elements is not None: + _elements.set_prop("description", AAZStrType, ".description") + _elements.set_prop("name", AAZStrType, ".name") + _elements.set_const("ruleType", "ApplicationRule", AAZStrType, ".application_rule", typ_kwargs={"flags": {"required": True}}) + _elements.set_const("ruleType", "NatRule", AAZStrType, ".nat_rule", typ_kwargs={"flags": {"required": True}}) + _elements.set_const("ruleType", "NetworkRule", AAZStrType, ".network_rule", typ_kwargs={"flags": {"required": True}}) + _elements.discriminate_by("ruleType", "ApplicationRule") + _elements.discriminate_by("ruleType", "NatRule") + _elements.discriminate_by("ruleType", "NetworkRule") + + disc_application_rule = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}") + if disc_application_rule is not None: + disc_application_rule.set_prop("destinationAddresses", AAZListType, ".application_rule.destination_addresses") + disc_application_rule.set_prop("fqdnTags", AAZListType, ".application_rule.fqdn_tags") + disc_application_rule.set_prop("protocols", AAZListType, ".application_rule.protocols") + disc_application_rule.set_prop("sourceAddresses", AAZListType, ".application_rule.source_addresses") + disc_application_rule.set_prop("sourceIpGroups", AAZListType, ".application_rule.source_ip_groups") + disc_application_rule.set_prop("targetFqdns", AAZListType, ".application_rule.target_fqdns") + disc_application_rule.set_prop("targetUrls", AAZListType, ".application_rule.target_urls") + disc_application_rule.set_prop("terminateTLS", AAZBoolType, ".application_rule.terminate_tls") + disc_application_rule.set_prop("webCategories", AAZListType, ".application_rule.web_categories") + + destination_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + fqdn_tags = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.fqdnTags") + if fqdn_tags is not None: + fqdn_tags.set_elements(AAZStrType, ".") + + protocols = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.protocols") + if protocols is not None: + protocols.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.protocols[]") + if _elements is not None: + _elements.set_prop("port", AAZIntType, ".port") + _elements.set_prop("protocolType", AAZStrType, ".protocol_type") + + source_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + target_fqdns = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.targetFqdns") + if target_fqdns is not None: + target_fqdns.set_elements(AAZStrType, ".") + + target_urls = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.targetUrls") + if target_urls is not None: + target_urls.set_elements(AAZStrType, ".") + + web_categories = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:ApplicationRule}.webCategories") + if web_categories is not None: + web_categories.set_elements(AAZStrType, ".") + + disc_nat_rule = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NatRule}") + if disc_nat_rule is not None: + disc_nat_rule.set_prop("destinationAddresses", AAZListType, ".nat_rule.destination_addresses") + disc_nat_rule.set_prop("destinationPorts", AAZListType, ".nat_rule.destination_ports") + disc_nat_rule.set_prop("ipProtocols", AAZListType, ".nat_rule.ip_protocols") + disc_nat_rule.set_prop("sourceAddresses", AAZListType, ".nat_rule.source_addresses") + disc_nat_rule.set_prop("sourceIpGroups", AAZListType, ".nat_rule.source_ip_groups") + disc_nat_rule.set_prop("translatedAddress", AAZStrType, ".nat_rule.translated_address") + disc_nat_rule.set_prop("translatedFqdn", AAZStrType, ".nat_rule.translated_fqdn") + disc_nat_rule.set_prop("translatedPort", AAZStrType, ".nat_rule.translated_port") + + destination_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NatRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + destination_ports = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NatRule}.destinationPorts") + if destination_ports is not None: + destination_ports.set_elements(AAZStrType, ".") + + ip_protocols = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NatRule}.ipProtocols") + if ip_protocols is not None: + ip_protocols.set_elements(AAZStrType, ".") + + source_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NatRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NatRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + disc_network_rule = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}") + if disc_network_rule is not None: + disc_network_rule.set_prop("destinationAddresses", AAZListType, ".network_rule.destination_addresses") + disc_network_rule.set_prop("destinationFqdns", AAZListType, ".network_rule.destination_fqdns") + disc_network_rule.set_prop("destinationIpGroups", AAZListType, ".network_rule.destination_ip_groups") + disc_network_rule.set_prop("destinationPorts", AAZListType, ".network_rule.destination_ports") + disc_network_rule.set_prop("ipProtocols", AAZListType, ".network_rule.ip_protocols") + disc_network_rule.set_prop("sourceAddresses", AAZListType, ".network_rule.source_addresses") + disc_network_rule.set_prop("sourceIpGroups", AAZListType, ".network_rule.source_ip_groups") + + destination_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + destination_fqdns = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}.destinationFqdns") + if destination_fqdns is not None: + destination_fqdns.set_elements(AAZStrType, ".") + + destination_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}.destinationIpGroups") + if destination_ip_groups is not None: + destination_ip_groups.set_elements(AAZStrType, ".") + + destination_ports = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}.destinationPorts") + if destination_ports is not None: + destination_ports.set_elements(AAZStrType, ".") + + ip_protocols = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}.ipProtocols") + if ip_protocols is not None: + ip_protocols.set_elements(AAZStrType, ".") + + source_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyFilterRuleCollection}.rules[]{ruleType:NetworkRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + disc_firewall_policy_nat_rule_collection = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}") + if disc_firewall_policy_nat_rule_collection is not None: + disc_firewall_policy_nat_rule_collection.set_prop("action", AAZObjectType, ".firewall_policy_nat_rule_collection.action") + disc_firewall_policy_nat_rule_collection.set_prop("rules", AAZListType, ".firewall_policy_nat_rule_collection.rules") + + action = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.action") + if action is not None: + action.set_prop("type", AAZStrType, ".type") + + rules = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules") + if rules is not None: + rules.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]") + if _elements is not None: + _elements.set_prop("description", AAZStrType, ".description") + _elements.set_prop("name", AAZStrType, ".name") + _elements.set_const("ruleType", "ApplicationRule", AAZStrType, ".application_rule", typ_kwargs={"flags": {"required": True}}) + _elements.set_const("ruleType", "NatRule", AAZStrType, ".nat_rule", typ_kwargs={"flags": {"required": True}}) + _elements.set_const("ruleType", "NetworkRule", AAZStrType, ".network_rule", typ_kwargs={"flags": {"required": True}}) + _elements.discriminate_by("ruleType", "ApplicationRule") + _elements.discriminate_by("ruleType", "NatRule") + _elements.discriminate_by("ruleType", "NetworkRule") + + disc_application_rule = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}") + if disc_application_rule is not None: + disc_application_rule.set_prop("destinationAddresses", AAZListType, ".application_rule.destination_addresses") + disc_application_rule.set_prop("fqdnTags", AAZListType, ".application_rule.fqdn_tags") + disc_application_rule.set_prop("protocols", AAZListType, ".application_rule.protocols") + disc_application_rule.set_prop("sourceAddresses", AAZListType, ".application_rule.source_addresses") + disc_application_rule.set_prop("sourceIpGroups", AAZListType, ".application_rule.source_ip_groups") + disc_application_rule.set_prop("targetFqdns", AAZListType, ".application_rule.target_fqdns") + disc_application_rule.set_prop("targetUrls", AAZListType, ".application_rule.target_urls") + disc_application_rule.set_prop("terminateTLS", AAZBoolType, ".application_rule.terminate_tls") + disc_application_rule.set_prop("webCategories", AAZListType, ".application_rule.web_categories") + + destination_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + fqdn_tags = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.fqdnTags") + if fqdn_tags is not None: + fqdn_tags.set_elements(AAZStrType, ".") + + protocols = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.protocols") + if protocols is not None: + protocols.set_elements(AAZObjectType, ".") + + _elements = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.protocols[]") + if _elements is not None: + _elements.set_prop("port", AAZIntType, ".port") + _elements.set_prop("protocolType", AAZStrType, ".protocol_type") + + source_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + target_fqdns = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.targetFqdns") + if target_fqdns is not None: + target_fqdns.set_elements(AAZStrType, ".") + + target_urls = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.targetUrls") + if target_urls is not None: + target_urls.set_elements(AAZStrType, ".") + + web_categories = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:ApplicationRule}.webCategories") + if web_categories is not None: + web_categories.set_elements(AAZStrType, ".") + + disc_nat_rule = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NatRule}") + if disc_nat_rule is not None: + disc_nat_rule.set_prop("destinationAddresses", AAZListType, ".nat_rule.destination_addresses") + disc_nat_rule.set_prop("destinationPorts", AAZListType, ".nat_rule.destination_ports") + disc_nat_rule.set_prop("ipProtocols", AAZListType, ".nat_rule.ip_protocols") + disc_nat_rule.set_prop("sourceAddresses", AAZListType, ".nat_rule.source_addresses") + disc_nat_rule.set_prop("sourceIpGroups", AAZListType, ".nat_rule.source_ip_groups") + disc_nat_rule.set_prop("translatedAddress", AAZStrType, ".nat_rule.translated_address") + disc_nat_rule.set_prop("translatedFqdn", AAZStrType, ".nat_rule.translated_fqdn") + disc_nat_rule.set_prop("translatedPort", AAZStrType, ".nat_rule.translated_port") + + destination_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NatRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + destination_ports = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NatRule}.destinationPorts") + if destination_ports is not None: + destination_ports.set_elements(AAZStrType, ".") + + ip_protocols = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NatRule}.ipProtocols") + if ip_protocols is not None: + ip_protocols.set_elements(AAZStrType, ".") + + source_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NatRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NatRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + disc_network_rule = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}") + if disc_network_rule is not None: + disc_network_rule.set_prop("destinationAddresses", AAZListType, ".network_rule.destination_addresses") + disc_network_rule.set_prop("destinationFqdns", AAZListType, ".network_rule.destination_fqdns") + disc_network_rule.set_prop("destinationIpGroups", AAZListType, ".network_rule.destination_ip_groups") + disc_network_rule.set_prop("destinationPorts", AAZListType, ".network_rule.destination_ports") + disc_network_rule.set_prop("ipProtocols", AAZListType, ".network_rule.ip_protocols") + disc_network_rule.set_prop("sourceAddresses", AAZListType, ".network_rule.source_addresses") + disc_network_rule.set_prop("sourceIpGroups", AAZListType, ".network_rule.source_ip_groups") + + destination_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}.destinationAddresses") + if destination_addresses is not None: + destination_addresses.set_elements(AAZStrType, ".") + + destination_fqdns = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}.destinationFqdns") + if destination_fqdns is not None: + destination_fqdns.set_elements(AAZStrType, ".") + + destination_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}.destinationIpGroups") + if destination_ip_groups is not None: + destination_ip_groups.set_elements(AAZStrType, ".") + + destination_ports = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}.destinationPorts") + if destination_ports is not None: + destination_ports.set_elements(AAZStrType, ".") + + ip_protocols = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}.ipProtocols") + if ip_protocols is not None: + ip_protocols.set_elements(AAZStrType, ".") + + source_addresses = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}.sourceAddresses") + if source_addresses is not None: + source_addresses.set_elements(AAZStrType, ".") + + source_ip_groups = _builder.get(".properties.ruleCollections[]{ruleCollectionType:FirewallPolicyNatRuleCollection}.rules[]{ruleType:NetworkRule}.sourceIpGroups") + if source_ip_groups is not None: + source_ip_groups.set_elements(AAZStrType, ".") + + return _instance_value + + class InstanceUpdateByGeneric(AAZGenericInstanceUpdateOperation): + + def __call__(self, *args, **kwargs): + self._update_instance_by_generic( + self.ctx.vars.instance, + self.ctx.generic_update_args + ) + + +class _UpdateHelper: + """Helper class for Update""" + + _schema_firewall_policy_rule_collection_group_read = None + + @classmethod + def _build_schema_firewall_policy_rule_collection_group_read(cls, _schema): + if cls._schema_firewall_policy_rule_collection_group_read is not None: + _schema.etag = cls._schema_firewall_policy_rule_collection_group_read.etag + _schema.id = cls._schema_firewall_policy_rule_collection_group_read.id + _schema.name = cls._schema_firewall_policy_rule_collection_group_read.name + _schema.properties = cls._schema_firewall_policy_rule_collection_group_read.properties + _schema.type = cls._schema_firewall_policy_rule_collection_group_read.type + return + + cls._schema_firewall_policy_rule_collection_group_read = _schema_firewall_policy_rule_collection_group_read = AAZObjectType() + + firewall_policy_rule_collection_group_read = _schema_firewall_policy_rule_collection_group_read + firewall_policy_rule_collection_group_read.etag = AAZStrType( + flags={"read_only": True}, + ) + firewall_policy_rule_collection_group_read.id = AAZStrType() + firewall_policy_rule_collection_group_read.name = AAZStrType() + firewall_policy_rule_collection_group_read.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + firewall_policy_rule_collection_group_read.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = _schema_firewall_policy_rule_collection_group_read.properties + properties.priority = AAZIntType() + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.rule_collections = AAZListType( + serialized_name="ruleCollections", + ) + + rule_collections = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections + rule_collections.Element = AAZObjectType() + + _element = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections.Element + _element.name = AAZStrType() + _element.priority = AAZIntType() + _element.rule_collection_type = AAZStrType( + serialized_name="ruleCollectionType", + flags={"required": True}, + ) + + disc_firewall_policy_filter_rule_collection = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection") + disc_firewall_policy_filter_rule_collection.action = AAZObjectType() + disc_firewall_policy_filter_rule_collection.rules = AAZListType() + + action = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").action + action.type = AAZStrType() + + rules = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").rules + rules.Element = AAZObjectType() + cls._build_schema_firewall_policy_rule_read(rules.Element) + + disc_firewall_policy_nat_rule_collection = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection") + disc_firewall_policy_nat_rule_collection.action = AAZObjectType() + disc_firewall_policy_nat_rule_collection.rules = AAZListType() + + action = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").action + action.type = AAZStrType() + + rules = _schema_firewall_policy_rule_collection_group_read.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").rules + rules.Element = AAZObjectType() + cls._build_schema_firewall_policy_rule_read(rules.Element) + + _schema.etag = cls._schema_firewall_policy_rule_collection_group_read.etag + _schema.id = cls._schema_firewall_policy_rule_collection_group_read.id + _schema.name = cls._schema_firewall_policy_rule_collection_group_read.name + _schema.properties = cls._schema_firewall_policy_rule_collection_group_read.properties + _schema.type = cls._schema_firewall_policy_rule_collection_group_read.type + + _schema_firewall_policy_rule_read = None + + @classmethod + def _build_schema_firewall_policy_rule_read(cls, _schema): + if cls._schema_firewall_policy_rule_read is not None: + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + return + + cls._schema_firewall_policy_rule_read = _schema_firewall_policy_rule_read = AAZObjectType() + + firewall_policy_rule_read = _schema_firewall_policy_rule_read + firewall_policy_rule_read.description = AAZStrType() + firewall_policy_rule_read.name = AAZStrType() + firewall_policy_rule_read.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + disc_application_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule") + disc_application_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_application_rule.fqdn_tags = AAZListType( + serialized_name="fqdnTags", + ) + disc_application_rule.protocols = AAZListType() + disc_application_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_application_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_application_rule.target_fqdns = AAZListType( + serialized_name="targetFqdns", + ) + disc_application_rule.target_urls = AAZListType( + serialized_name="targetUrls", + ) + disc_application_rule.terminate_tls = AAZBoolType( + serialized_name="terminateTLS", + ) + disc_application_rule.web_categories = AAZListType( + serialized_name="webCategories", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").destination_addresses + destination_addresses.Element = AAZStrType() + + fqdn_tags = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").fqdn_tags + fqdn_tags.Element = AAZStrType() + + protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols + protocols.Element = AAZObjectType() + + _element = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols.Element + _element.port = AAZIntType() + _element.protocol_type = AAZStrType( + serialized_name="protocolType", + ) + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + target_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_fqdns + target_fqdns.Element = AAZStrType() + + target_urls = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_urls + target_urls.Element = AAZStrType() + + web_categories = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").web_categories + web_categories.Element = AAZStrType() + + disc_nat_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule") + disc_nat_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_nat_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_nat_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_nat_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_nat_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_nat_rule.translated_address = AAZStrType( + serialized_name="translatedAddress", + ) + disc_nat_rule.translated_fqdn = AAZStrType( + serialized_name="translatedFqdn", + ) + disc_nat_rule.translated_port = AAZStrType( + serialized_name="translatedPort", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + disc_network_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule") + disc_network_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_network_rule.destination_fqdns = AAZListType( + serialized_name="destinationFqdns", + ) + disc_network_rule.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + disc_network_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_network_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_network_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_network_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_fqdns + destination_fqdns.Element = AAZStrType() + + destination_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + + +__all__ = ["Update"] diff --git a/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_wait.py b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_wait.py new file mode 100644 index 00000000000..b1b1be17857 --- /dev/null +++ b/src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/rule_collection_group_draft/_wait.py @@ -0,0 +1,438 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# +# Code generated by aaz-dev-tools +# -------------------------------------------------------------------------------------------- + +# pylint: skip-file +# flake8: noqa + +from azure.cli.core.aaz import * + + +@register_command( + "network firewall policy rule-collection-group wait", +) +class Wait(AAZWaitCommand): + """Place the CLI in a waiting state until a condition is met. + """ + + _aaz_info = { + "resources": [ + ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/firewallpolicies/{}/rulecollectiongroups/{}/ruleCollectionGroupDrafts/default", "2023-09-01"], + ] + } + + def _handler(self, command_args): + super()._handler(command_args) + self._execute_operations() + return self._output() + + _args_schema = None + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + if cls._args_schema is not None: + return cls._args_schema + cls._args_schema = super()._build_arguments_schema(*args, **kwargs) + + # define Arg Group "" + + _args_schema = cls._args_schema + _args_schema.policy_name = AAZStrArg( + options=["--policy-name"], + help="The name of the Firewall Policy.", + required=True, + id_part="name", + ) + _args_schema.resource_group = AAZResourceGroupNameArg( + required=True, + ) + _args_schema.name = AAZStrArg( + options=["-n", "--name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + id_part="child_name_1", + ) + return cls._args_schema + + def _execute_operations(self): + self.pre_operations() + self.FirewallPolicyRuleCollectionGroupsGet(ctx=self.ctx)() + self.post_operations() + + @register_callback + def pre_operations(self): + pass + + @register_callback + def post_operations(self): + pass + + def _output(self, *args, **kwargs): + result = self.deserialize_output(self.ctx.vars.instance, client_flatten=False) + return result + + class FirewallPolicyRuleCollectionGroupsGet(AAZHttpOperation): + CLIENT_TYPE = "MgmtClient" + + def __call__(self, *args, **kwargs): + request = self.make_request() + session = self.client.send_request(request=request, stream=False, **kwargs) + if session.http_response.status_code in [200]: + return self.on_200(session) + + return self.on_error(session.http_response) + + @property + def url(self): + return self.client.format_url( + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}/ruleCollectionGroupDrafts/default", + **self.url_parameters + ) + + @property + def method(self): + return "GET" + + @property + def error_format(self): + return "ODataV4Format" + + @property + def url_parameters(self): + parameters = { + **self.serialize_url_param( + "firewallPolicyName", self.ctx.args.policy_name, + required=True, + ), + **self.serialize_url_param( + "resourceGroupName", self.ctx.args.resource_group, + required=True, + ), + **self.serialize_url_param( + "ruleCollectionGroupName", self.ctx.args.name, + required=True, + ), + **self.serialize_url_param( + "subscriptionId", self.ctx.subscription_id, + required=True, + ), + } + return parameters + + @property + def query_parameters(self): + parameters = { + **self.serialize_query_param( + "api-version", "2023-09-01", + required=True, + ), + } + return parameters + + @property + def header_parameters(self): + parameters = { + **self.serialize_header_param( + "Accept", "application/json", + ), + } + return parameters + + def on_200(self, session): + data = self.deserialize_http_content(session) + self.ctx.set_var( + "instance", + data, + schema_builder=self._build_schema_on_200 + ) + + _schema_on_200 = None + + @classmethod + def _build_schema_on_200(cls): + if cls._schema_on_200 is not None: + return cls._schema_on_200 + + cls._schema_on_200 = AAZObjectType() + + _schema_on_200 = cls._schema_on_200 + _schema_on_200.etag = AAZStrType( + flags={"read_only": True}, + ) + _schema_on_200.id = AAZStrType() + _schema_on_200.name = AAZStrType() + _schema_on_200.properties = AAZObjectType( + flags={"client_flatten": True}, + ) + _schema_on_200.type = AAZStrType( + flags={"read_only": True}, + ) + + properties = cls._schema_on_200.properties + properties.priority = AAZIntType() + properties.provisioning_state = AAZStrType( + serialized_name="provisioningState", + flags={"read_only": True}, + ) + properties.rule_collections = AAZListType( + serialized_name="ruleCollections", + ) + + rule_collections = cls._schema_on_200.properties.rule_collections + rule_collections.Element = AAZObjectType() + + _element = cls._schema_on_200.properties.rule_collections.Element + _element.name = AAZStrType() + _element.priority = AAZIntType() + _element.rule_collection_type = AAZStrType( + serialized_name="ruleCollectionType", + flags={"required": True}, + ) + + disc_firewall_policy_filter_rule_collection = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection") + disc_firewall_policy_filter_rule_collection.action = AAZObjectType() + disc_firewall_policy_filter_rule_collection.rules = AAZListType() + + action = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").action + action.type = AAZStrType() + + rules = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyFilterRuleCollection").rules + rules.Element = AAZObjectType() + _WaitHelper._build_schema_firewall_policy_rule_read(rules.Element) + + disc_firewall_policy_nat_rule_collection = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection") + disc_firewall_policy_nat_rule_collection.action = AAZObjectType() + disc_firewall_policy_nat_rule_collection.rules = AAZListType() + + action = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").action + action.type = AAZStrType() + + rules = cls._schema_on_200.properties.rule_collections.Element.discriminate_by("rule_collection_type", "FirewallPolicyNatRuleCollection").rules + rules.Element = AAZObjectType() + _WaitHelper._build_schema_firewall_policy_rule_read(rules.Element) + + return cls._schema_on_200 + + +class _WaitHelper: + """Helper class for Wait""" + + _schema_firewall_policy_rule_read = None + + @classmethod + def _build_schema_firewall_policy_rule_read(cls, _schema): + if cls._schema_firewall_policy_rule_read is not None: + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + return + + cls._schema_firewall_policy_rule_read = _schema_firewall_policy_rule_read = AAZObjectType() + + firewall_policy_rule_read = _schema_firewall_policy_rule_read + firewall_policy_rule_read.description = AAZStrType() + firewall_policy_rule_read.name = AAZStrType() + firewall_policy_rule_read.rule_type = AAZStrType( + serialized_name="ruleType", + flags={"required": True}, + ) + + disc_application_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule") + disc_application_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_application_rule.fqdn_tags = AAZListType( + serialized_name="fqdnTags", + ) + disc_application_rule.protocols = AAZListType() + disc_application_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_application_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_application_rule.target_fqdns = AAZListType( + serialized_name="targetFqdns", + ) + disc_application_rule.target_urls = AAZListType( + serialized_name="targetUrls", + ) + disc_application_rule.terminate_tls = AAZBoolType( + serialized_name="terminateTLS", + ) + disc_application_rule.web_categories = AAZListType( + serialized_name="webCategories", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").destination_addresses + destination_addresses.Element = AAZStrType() + + fqdn_tags = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").fqdn_tags + fqdn_tags.Element = AAZStrType() + + protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols + protocols.Element = AAZObjectType() + + _element = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").protocols.Element + _element.port = AAZIntType() + _element.protocol_type = AAZStrType( + serialized_name="protocolType", + ) + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + target_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_fqdns + target_fqdns.Element = AAZStrType() + + target_urls = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").target_urls + target_urls.Element = AAZStrType() + + web_categories = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "ApplicationRule").web_categories + web_categories.Element = AAZStrType() + + disc_nat_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule") + disc_nat_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_nat_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_nat_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_nat_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_nat_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + disc_nat_rule.translated_address = AAZStrType( + serialized_name="translatedAddress", + ) + disc_nat_rule.translated_fqdn = AAZStrType( + serialized_name="translatedFqdn", + ) + disc_nat_rule.translated_port = AAZStrType( + serialized_name="translatedPort", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NatRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + disc_network_rule = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule") + disc_network_rule.destination_addresses = AAZListType( + serialized_name="destinationAddresses", + ) + disc_network_rule.destination_fqdns = AAZListType( + serialized_name="destinationFqdns", + ) + disc_network_rule.destination_ip_groups = AAZListType( + serialized_name="destinationIpGroups", + ) + disc_network_rule.destination_ports = AAZListType( + serialized_name="destinationPorts", + ) + disc_network_rule.ip_protocols = AAZListType( + serialized_name="ipProtocols", + ) + disc_network_rule.source_addresses = AAZListType( + serialized_name="sourceAddresses", + ) + disc_network_rule.source_ip_groups = AAZListType( + serialized_name="sourceIpGroups", + ) + + destination_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_addresses + destination_addresses.Element = AAZStrType() + + destination_fqdns = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_fqdns + destination_fqdns.Element = AAZStrType() + + destination_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ip_groups + destination_ip_groups.Element = AAZStrType() + + destination_ports = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").destination_ports + destination_ports.Element = AAZStrType() + + ip_protocols = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").ip_protocols + ip_protocols.Element = AAZStrType() + + source_addresses = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_addresses + source_addresses.Element = AAZStrType() + + source_ip_groups = _schema_firewall_policy_rule_read.discriminate_by("rule_type", "NetworkRule").source_ip_groups + source_ip_groups.Element = AAZStrType() + + _schema.description = cls._schema_firewall_policy_rule_read.description + _schema.name = cls._schema_firewall_policy_rule_read.name + _schema.rule_type = cls._schema_firewall_policy_rule_read.rule_type + _schema.discriminate_by( + "rule_type", + "ApplicationRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "ApplicationRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NatRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NatRule", + ) + ) + _schema.discriminate_by( + "rule_type", + "NetworkRule", + cls._schema_firewall_policy_rule_read.discriminate_by( + "rule_type", + "NetworkRule", + ) + ) + + +__all__ = ["Wait"] diff --git a/src/azure-firewall/azext_firewall/commands.py b/src/azure-firewall/azext_firewall/commands.py index d12d76e9ef9..e2a48c18bb6 100644 --- a/src/azure-firewall/azext_firewall/commands.py +++ b/src/azure-firewall/azext_firewall/commands.py @@ -90,15 +90,16 @@ def load_command_table(self, _): # region AzureFirewallPolicies with self.command_group('network firewall policy'): - from .custom import AzureFirewallPoliciesCreate, AzureFirewallPoliciesUpdate + from .custom import AzureFirewallPoliciesCreate, AzureFirewallPoliciesUpdate, AzureFirewallPoliciesDeploy self.command_table['network firewall policy create'] = AzureFirewallPoliciesCreate(loader=self) self.command_table['network firewall policy update'] = AzureFirewallPoliciesUpdate(loader=self) + self.command_table['network firewall policy deploy'] = AzureFirewallPoliciesDeploy(loader=self) with self.command_group('network firewall policy intrusion-detection'): - from .custom import IntrusionDetectionAdd, IntrusionDetectionRemove, IntrusionDetectionList - self.command_table['network firewall policy intrusion-detection add'] = IntrusionDetectionAdd(loader=self) - self.command_table['network firewall policy intrusion-detection remove'] = IntrusionDetectionRemove(loader=self) - self.command_table['network firewall policy intrusion-detection list'] = IntrusionDetectionList(loader=self) + from .custom import AzureFirewallPolicyIntrusionDetectionAdd, AzureFirewallPolicyIntrusionDetectionRemove, AzureFirewallPolicyIntrusionDetectionList + self.command_table['network firewall policy intrusion-detection add'] = AzureFirewallPolicyIntrusionDetectionAdd(loader=self) + self.command_table['network firewall policy intrusion-detection remove'] = AzureFirewallPolicyIntrusionDetectionRemove(loader=self) + self.command_table['network firewall policy intrusion-detection list'] = AzureFirewallPolicyIntrusionDetectionList(loader=self) with self.command_group('network firewall policy rule-collection-group'): from .custom import RuleCollectionGroupCreate, RuleCollectionGroupUpdate @@ -106,15 +107,43 @@ def load_command_table(self, _): self.command_table['network firewall policy rule-collection-group update'] = RuleCollectionGroupUpdate(loader=self) with self.command_group('network firewall policy rule-collection-group collection'): - from .custom import NatCollectionAdd, FilterCollectionAdd, CollectionRemove - self.command_table['network firewall policy rule-collection-group collection add-nat-collection'] = NatCollectionAdd(loader=self) - self.command_table['network firewall policy rule-collection-group collection add-filter-collection'] = FilterCollectionAdd(loader=self) - self.command_table['network firewall policy rule-collection-group collection remove'] = CollectionRemove(loader=self) + from .custom import RuleCollectionGroupNatCollectionAdd, RuleCollectionGroupFilterCollectionAdd, RuleCollectionGroupCollectionRemove + self.command_table['network firewall policy rule-collection-group collection add-nat-collection'] = RuleCollectionGroupNatCollectionAdd(loader=self) + self.command_table['network firewall policy rule-collection-group collection add-filter-collection'] = RuleCollectionGroupFilterCollectionAdd(loader=self) + self.command_table['network firewall policy rule-collection-group collection remove'] = RuleCollectionGroupCollectionRemove(loader=self) with self.command_group('network firewall policy rule-collection-group collection rule'): - from .custom import FilterRuleAdd, FilterRuleUpdate, FilterRuleRemove - self.command_table['network firewall policy rule-collection-group collection rule add'] = FilterRuleAdd(loader=self) - self.command_table['network firewall policy rule-collection-group collection rule update'] = FilterRuleUpdate(loader=self) - self.command_table['network firewall policy rule-collection-group collection rule remove'] = FilterRuleRemove(loader=self) + from .custom import RuleCollectionGroupFilterRuleAdd, RuleCollectionGroupFilterRuleUpdate, RuleCollectionGroupFilterRuleRemove + self.command_table['network firewall policy rule-collection-group collection rule add'] = RuleCollectionGroupFilterRuleAdd(loader=self) + self.command_table['network firewall policy rule-collection-group collection rule update'] = RuleCollectionGroupFilterRuleUpdate(loader=self) + self.command_table['network firewall policy rule-collection-group collection rule remove'] = RuleCollectionGroupFilterRuleRemove(loader=self) + + with self.command_group('network firewall policy draft'): + from .custom import AzureFirewallPolicyDraftsCreate, AzureFirewallPolicyDraftsUpdate + self.command_table['network firewall policy draft create'] = AzureFirewallPolicyDraftsCreate(loader=self) + self.command_table['network firewall policy draft update'] = AzureFirewallPolicyDraftsUpdate(loader=self) + + with self.command_group('network firewall policy draft intrusion-detection'): + from .custom import AzureFirewallPolicyDraftIntrusionDetectionAdd, AzureFirewallPolicyDraftIntrusionDetectionRemove, AzureFirewallPolicyDraftIntrusionDetectionList + self.command_table['network firewall policy draft intrusion-detection add'] = AzureFirewallPolicyDraftIntrusionDetectionAdd(loader=self) + self.command_table['network firewall policy draft intrusion-detection remove'] = AzureFirewallPolicyDraftIntrusionDetectionRemove(loader=self) + self.command_table['network firewall policy draft intrusion-detection list'] = AzureFirewallPolicyDraftIntrusionDetectionList(loader=self) + + with self.command_group('network firewall policy rule-collection-group draft'): + from .custom import RuleCollectionGroupDraftCreate, RuleCollectionGroupDraftUpdate + self.command_table['network firewall policy rule-collection-group draft create'] = RuleCollectionGroupDraftCreate(loader=self) + self.command_table['network firewall policy rule-collection-group draft update'] = RuleCollectionGroupDraftUpdate(loader=self) + + with self.command_group('network firewall policy rule-collection-group draft collection'): + from .custom import RuleCollectionGroupDraftNatCollectionAdd, RuleCollectionGroupDraftFilterCollectionAdd, RuleCollectionGroupDraftCollectionRemove + self.command_table['network firewall policy rule-collection-group draft collection add-nat-collection'] = RuleCollectionGroupDraftNatCollectionAdd(loader=self) + self.command_table['network firewall policy rule-collection-group draft collection add-filter-collection'] = RuleCollectionGroupDraftFilterCollectionAdd(loader=self) + self.command_table['network firewall policy rule-collection-group draft collection remove'] = RuleCollectionGroupDraftCollectionRemove(loader=self) + + with self.command_group('network firewall policy rule-collection-group draft collection rule'): + from .custom import RuleCollectionGroupDraftFilterRuleAdd, RuleCollectionGroupDraftFilterRuleUpdate, RuleCollectionGroupDraftFilterRuleRemove + self.command_table['network firewall policy rule-collection-group draft collection rule add'] = RuleCollectionGroupDraftFilterRuleAdd(loader=self) + self.command_table['network firewall policy rule-collection-group draft collection rule update'] = RuleCollectionGroupDraftFilterRuleUpdate(loader=self) + self.command_table['network firewall policy rule-collection-group draft collection rule remove'] = RuleCollectionGroupDraftFilterRuleRemove(loader=self) # endregion diff --git a/src/azure-firewall/azext_firewall/custom.py b/src/azure-firewall/azext_firewall/custom.py index 11351c735bf..3e965907de7 100644 --- a/src/azure-firewall/azext_firewall/custom.py +++ b/src/azure-firewall/azext_firewall/custom.py @@ -18,10 +18,15 @@ from .aaz.latest.network.firewall import Create as _AzureFirewallCreate, Update as _AzureFirewallUpdate, \ Show as _AzureFirewallShow from .aaz.latest.network.firewall.policy import Create as _AzureFirewallPoliciesCreate, \ - Update as _AzureFirewallPoliciesUpdate + Update as _AzureFirewallPoliciesUpdate, Deploy as _AzureFirewallPoliciesDeploy from .aaz.latest.network.firewall.policy.rule_collection_group import Create as _RuleCollectionGroupCreate, \ Update as _RuleCollectionGroupUpdate -from .aaz.latest.network.firewall.policy.intrusion_detection import Show as _IntrusionDetectionShow +from .aaz.latest.network.firewall.policy.intrusion_detection import PolicyShow as _PolicyIntrusionDetectionShow, \ + DraftShow as _PolicyDraftIntrusionDetectionShow +from .aaz.latest.network.firewall.policy.policy_draft import Create as _AzureFirewallPolicyDraftsCreate, \ + Update as _AzureFirewallPolicyDraftsUpdate +from .aaz.latest.network.firewall.policy.rule_collection_group.rule_collection_group_draft import Create as _RuleCollectionGroupDraftCreate, \ + Update as _RuleCollectionGroupDraftUpdate logger = get_logger(__name__) @@ -675,7 +680,6 @@ def create_af_application_rule(cmd, resource_group_name, azure_firewall_name, co @register_command( "network firewall threat-intel-allowlist create", - is_preview=True, ) class ThreatIntelAllowListCreate(_AzureFirewallUpdate): """Create an Azure Firewall Threat Intelligence Allow List. @@ -731,7 +735,6 @@ def _output(self, *args, **kwargs): @register_command( "network firewall threat-intel-allowlist update", - is_preview=True, ) class ThreatIntelAllowListUpdate(_AzureFirewallUpdate): """Update Azure Firewall Threat Intelligence Allow List. @@ -789,7 +792,6 @@ def _output(self, *args, **kwargs): @register_command( "network firewall threat-intel-allowlist show", - is_preview=True, ) class ThreatIntelAllowListShow(_AzureFirewallShow): """ @@ -809,7 +811,6 @@ def _output(self, *args, **kwargs): @register_command( "network firewall threat-intel-allowlist delete", - is_preview=True, ) class ThreatIntelAllowListDelete(_AzureFirewallUpdate): """ @@ -908,7 +909,7 @@ def pre_operations(self): args.user_assigned_identities = None -class IntrusionDetectionAdd(_AzureFirewallPoliciesUpdate): +class AzureFirewallPolicyIntrusionDetectionAdd(_AzureFirewallPoliciesUpdate): """ Add overrided intrusion signature or a bypass rule or private ranges list for intrusion detection """ @@ -1019,9 +1020,8 @@ def _output(self, *args, **kwargs): @register_command( "network firewall policy intrusion-detection list", - is_preview=True, ) -class IntrusionDetectionList(_IntrusionDetectionShow): +class AzureFirewallPolicyIntrusionDetectionList(_PolicyIntrusionDetectionShow): """ List all intrusion detection configuration """ @@ -1039,7 +1039,7 @@ def _output(self, *args, **kwargs): self.ctx.vars.instance.properties.intrusion_detection.configuration, client_flatten=True) -class IntrusionDetectionRemove(_AzureFirewallPoliciesUpdate): +class AzureFirewallPolicyIntrusionDetectionRemove(_AzureFirewallPoliciesUpdate): """ Remove overrided intrusion signature or a bypass rule """ @@ -1086,6 +1086,215 @@ def _output(self, *args, **kwargs): self.ctx.vars.instance.properties.intrusion_detection.configuration, client_flatten=True) +class AzureFirewallPolicyDraftsCreate(_AzureFirewallPolicyDraftsCreate): + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZResourceIdArgFormat + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.base_policy._fmt = AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network" + "/firewallPolicies/{}", + ) + return args_schema + + def pre_operations(self): + args = self.ctx.args + if has_value(args.dns_servers): + if not has_value(args.enable_dns_proxy): + args.enable_dns_proxy = False + + +class AzureFirewallPolicyDraftsUpdate(_AzureFirewallPolicyDraftsUpdate): + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.configuration._registered = False + return args_schema + + +class AzureFirewallPoliciesDeploy(_AzureFirewallPoliciesDeploy): + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + args_schema = super()._build_arguments_schema(*args, **kwargs) + return args_schema + + +class AzureFirewallPolicyDraftIntrusionDetectionAdd(_AzureFirewallPolicyDraftsUpdate): + """ + Add overrided intrusion signature or a bypass rule or private ranges list for intrusion detection + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg, AAZListArg, AAZArgEnum, AAZResourceIdArg, AAZResourceIdArgFormat + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._options = ['--policy-name'] + args_schema.signature_id = AAZStrArg( + options=['--signature-id'], + help="Signature id." + ) + args_schema.signature_mode = AAZStrArg( + options=['--mode'], + help="The signature state" + ) + args_schema.signature_mode.enum = AAZArgEnum({'Off': 'off', 'Alert': 'Alert', 'Deny': 'Deny'}) + args_schema.bypass_rule_name = AAZStrArg( + options=['--rule-name'], + help="Name of the bypass traffic rule" + ) + args_schema.bypass_rule_description = AAZStrArg( + options=['--rule-description'], + help="Description of the bypass traffic rule" + ) + args_schema.bypass_rule_protocol = AAZStrArg( + options=['--rule-protocol'], + help="The rule bypass protocol" + ) + args_schema.bypass_rule_protocol.enum = AAZArgEnum({'TCP': 'TCP', 'UDP': 'UDP', 'ICMP': 'ICMP', 'Any': 'Any'}) + args_schema.bypass_rule_source_addresses = AAZListArg( + options=['--rule-src-addresses'], + help="Space-separated list of source IP addresses or ranges for this rule" + ) + args_schema.bypass_rule_source_addresses.Element = AAZStrArg() + args_schema.bypass_rule_destination_addresses = AAZListArg( + options=['--rule-dest-addresses'], + help="Space-separated list of destination IP addresses or ranges for this rule" + ) + args_schema.bypass_rule_destination_addresses.Element = AAZStrArg() + args_schema.bypass_rule_destination_ports = AAZListArg( + options=['--rule-dest-ports'], + help="Space-separated list of destination ports or ranges" + ) + args_schema.bypass_rule_destination_ports.Element = AAZStrArg() + args_schema.bypass_rule_source_ip_groups = AAZListArg( + options=['--rule-src-ip-groups'], + help="Space-separated list of source IpGroups" + ) + args_schema.bypass_rule_source_ip_groups.Element = AAZStrArg() + args_schema.bypass_rule_destination_ip_groups = AAZListArg( + options=['--rule-dest-ip-groups'], + help="Space-separated list of destination IpGroups for this rule" + ) + args_schema.bypass_rule_destination_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + + return args_schema + + def pre_instance_update(self, instance): + from azure.cli.core.azclierror import RequiredArgumentMissingError, InvalidArgumentValueError + args = self.ctx.args + if not has_value(instance.properties.intrusion_detection): + raise RequiredArgumentMissingError( + 'Intrusion detection mode is not set. Setting it by update command first') + + if has_value(args.signature_id) and has_value(args.signature_mode): + signature_override = { + 'id': args.signature_id, + 'mode': args.signature_mode + } + if has_value(instance.properties.intrusion_detection.configuration): + for overrided_signature in instance.properties.intrusion_detection.configuration.signature_overrides: + if overrided_signature.id == args.signature_id: + raise InvalidArgumentValueError( + f'Signature ID {args.signature_id} exists. Delete it first or try update instead') + instance.properties.intrusion_detection.configuration.signature_overrides.append(signature_override) + else: + instance.properties.intrusion_detection.configuration = { + 'signatureOverrides': [signature_override] + } + + if has_value(args.bypass_rule_name): + bypass_traffic = { + 'name': args.bypass_rule_name, + 'description': args.bypass_rule_description, + 'protocol': args.bypass_rule_protocol, + 'sourceAddresses': args.bypass_rule_source_addresses, + 'destinationAddresses': args.bypass_rule_destination_addresses, + 'destinationPorts': args.bypass_rule_destination_ports, + 'sourceIpGroups': args.bypass_rule_source_ip_groups, + 'destinationIpGroups': args.bypass_rule_destination_ip_groups, + } + instance.properties.intrusion_detection.configuration.bypass_traffic_settings.append(bypass_traffic) + + if has_value(args.private_ranges): + instance.properties.intrusion_detection.configuration.private_ranges = args.private_ranges + + def _output(self, *args, **kwargs): + return self.deserialize_output( + self.ctx.vars.instance.properties.intrusion_detection.configuration, client_flatten=True) + + +@register_command( + "network firewall policy draft intrusion-detection list", + is_preview=True, +) +class AzureFirewallPolicyDraftIntrusionDetectionList(_PolicyDraftIntrusionDetectionShow): + """ + List all intrusion detection configuration + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._options = ['--policy-name'] + return args_schema + + def _output(self, *args, **kwargs): + if not has_value(self.ctx.vars.instance.properties.intrusion_detection.configuration): + return [] + return self.deserialize_output( + self.ctx.vars.instance.properties.intrusion_detection.configuration, client_flatten=True) + + +class AzureFirewallPolicyDraftIntrusionDetectionRemove(_AzureFirewallPolicyDraftsUpdate): + """ + Remove overrided intrusion signature or a bypass rule + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._options = ['--policy-name'] + args_schema.signature_id = AAZStrArg( + options=['--signature-id'], + help="Signature id." + ) + args_schema.bypass_rule_name = AAZStrArg( + options=['--rule-name'], + help="Name of the bypass traffic rule" + ) + return args_schema + + def pre_instance_update(self, instance): + from azure.cli.core.azclierror import RequiredArgumentMissingError, InvalidArgumentValueError + args = self.ctx.args + if not has_value(instance.properties.intrusion_detection): + raise RequiredArgumentMissingError( + 'Intrusion detection mode is not set. Setting it by update command first') + + if has_value(args.signature_id): + signatures = instance.properties.intrusion_detection.configuration.signature_overrides + new_signatures = [s for s in signatures if s.id != args.signature_id] + if len(signatures) == len(new_signatures): + raise InvalidArgumentValueError(f"Signature ID {args.signature_id} doesn't exist") + instance.properties.intrusion_detection.configuration.signature_overrides = new_signatures + + if has_value(args.bypass_rule_name): + bypass_settings = instance.properties.intrusion_detection.configuration.bypass_traffic_settings + new_bypass_settings = [s for s in bypass_settings if s.name != args.bypass_rule_name] + if len(bypass_settings) == len(new_bypass_settings): + raise InvalidArgumentValueError(f"Bypass rule with name {args.bypass_rule_name} doesn't exist") + instance.properties.intrusion_detection.configuration.bypass_traffic_settings = new_bypass_settings + + def _output(self, *args, **kwargs): + return self.deserialize_output( + self.ctx.vars.instance.properties.intrusion_detection.configuration, client_flatten=True) + + class RuleCollectionGroupCreate(_RuleCollectionGroupCreate): @classmethod def _build_arguments_schema(cls, *args, **kwargs): @@ -1116,11 +1325,40 @@ def pre_instance_update(self, instance): instance.properties.priority = args.priority +class RuleCollectionGroupDraftCreate(_RuleCollectionGroupDraftCreate): + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.priority._required = True + args_schema.rule_collections._registered = False + return args_schema + + +class RuleCollectionGroupDraftUpdate(_RuleCollectionGroupDraftUpdate): + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg, AAZDictArg + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.tags = AAZDictArg( + options=["--tags"], + help="Space-separated tags: key[=value] [key[=value] ...].", + ) + args_schema.tags.Element = AAZStrArg() + args_schema.rule_collections._registered = False + return args_schema + + def pre_instance_update(self, instance): + args = self.ctx.args + if has_value(args.tags): + instance.tags = args.tags + if has_value(args.priority): + instance.properties.priority = args.priority + + @register_command( "network firewall policy rule-collection-group collection add-nat-collection", - is_preview=True, ) -class NatCollectionAdd(_RuleCollectionGroupUpdate): +class RuleCollectionGroupNatCollectionAdd(_RuleCollectionGroupUpdate): """ Add a NAT collection into an Azure firewall policy rule collection group. @@ -1272,9 +1510,8 @@ def _output(self, *args, **kwargs): @register_command( "network firewall policy rule-collection-group collection add-filter-collection", - is_preview=True, ) -class FilterCollectionAdd(_RuleCollectionGroupUpdate): +class RuleCollectionGroupFilterCollectionAdd(_RuleCollectionGroupUpdate): """ Add a filter collection into an Azure firewall policy rule collection group. @@ -1400,7 +1637,6 @@ def _build_arguments_schema(cls, *args, **kwargs): options=['--enable-tls-inspection', '--enable-tls-insp'], help="Enable flag to terminate TLS connection for this rule", default=False, - is_preview=True, arg_group="Application Rule" ) args_schema.fqdn_tags = AAZListArg( @@ -1424,7 +1660,6 @@ def _build_arguments_schema(cls, *args, **kwargs): args_schema.target_urls = AAZListArg( options=["--target-urls"], help="Space-separated list of target urls for this rule.", - is_preview=True, arg_group="Application Rule" ) args_schema.target_urls.Element = AAZStrArg() @@ -1501,9 +1736,8 @@ def _output(self, *args, **kwargs): @register_command( "network firewall policy rule-collection-group collection remove", - is_preview=True, ) -class CollectionRemove(_RuleCollectionGroupUpdate): +class RuleCollectionGroupCollectionRemove(_RuleCollectionGroupUpdate): """ Remove a rule collection from an Azure firewall policy rule collection group. """ @@ -1555,9 +1789,8 @@ def _output(self, *args, **kwargs): @register_command( "network firewall policy rule-collection-group collection rule add", - is_preview=True, ) -class FilterRuleAdd(_RuleCollectionGroupUpdate): +class RuleCollectionGroupFilterRuleAdd(_RuleCollectionGroupUpdate): """ Add a rule into an Azure firewall policy rule collection. """ @@ -1589,7 +1822,6 @@ def _build_arguments_schema(cls, *args, **kwargs): options=['--enable-tls-inspection', '--enable-tls-insp'], help="Enable flag to terminate TLS connection for this rule", default=False, - is_preview=True, arg_group="Application Rule" ) args_schema.fqdn_tags = AAZListArg( @@ -1613,7 +1845,6 @@ def _build_arguments_schema(cls, *args, **kwargs): args_schema.target_urls = AAZListArg( options=["--target-urls"], help="Space-separated list of target urls for this rule.", - is_preview=True, arg_group="Application Rule" ) args_schema.target_urls.Element = AAZStrArg() @@ -1786,9 +2017,8 @@ def pre_instance_update(self, instance): @register_command( "network firewall policy rule-collection-group collection rule remove", - is_preview=True, ) -class FilterRuleRemove(_RuleCollectionGroupUpdate): +class RuleCollectionGroupFilterRuleRemove(_RuleCollectionGroupUpdate): """ Remove a rule from an Azure firewall policy rule collection. Filter collection supports having a list of network rules or application rules. @@ -1853,9 +2083,8 @@ def pre_instance_update(self, instance): @register_command( "network firewall policy rule-collection-group collection rule update", - is_preview=True, ) -class FilterRuleUpdate(_RuleCollectionGroupUpdate): +class RuleCollectionGroupFilterRuleUpdate(_RuleCollectionGroupUpdate): """ Update a rule of an Azure firewall policy rule collection. Filter collection supports having a list of network rules or application rules. @@ -1895,7 +2124,6 @@ def _build_arguments_schema(cls, *args, **kwargs): options=['--enable-tls-inspection', '--enable-tls-insp'], help="Enable flag to terminate TLS connection for this rule", default=False, - is_preview=True, arg_group="Application Rule" ) args_schema.fqdn_tags = AAZListArg( @@ -1919,7 +2147,965 @@ def _build_arguments_schema(cls, *args, **kwargs): args_schema.target_urls = AAZListArg( options=["--target-urls"], help="Space-separated list of target urls for this rule.", - is_preview=True, + arg_group="Application Rule" + ) + args_schema.target_urls.Element = AAZStrArg() + args_schema.web_categories = AAZListArg( + options=["--web-categories"], + help="Space-separated list of web categories for this rule.", + arg_group="Application Rule" + ) + args_schema.web_categories.Element = AAZStrArg() + args_schema.ip_protocols = AAZListArg( + options=["--ip-protocols"], + help="Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. ", + arg_group="Common Rule", + ) + args_schema.ip_protocols.Element = AAZStrArg() + args_schema.ip_protocols.enum = AAZArgEnum({'TCP': 'TCP', 'UDP': 'UDP', 'Any': 'Any', 'ICMP': 'ICMP'}) + args_schema.description = AAZStrArg( + options=["--description"], + help="The description of rule.", + arg_group="Common Rule" + ) + args_schema.destination_addresses = AAZListArg( + options=["--destination-addresses", "--dest-addr"], + help="Space-separated list of destination IP addresses.", + arg_group="Common Rule" + ) + args_schema.destination_addresses.Element = AAZStrArg() + args_schema.destination_ports = AAZListArg( + options=["--destination-ports"], + help="Space-separated list of destination ports. This argument is supported for Nat and Network Rule.", + arg_group="Common Rule" + ) + args_schema.destination_ports.Element = AAZStrArg() + args_schema.source_addresses = AAZListArg( + options=["--source-addresses"], + help="Space-separated list of source IP ddresses.", + arg_group="Common Rule" + ) + args_schema.source_addresses.Element = AAZStrArg() + args_schema.source_ip_groups = AAZListArg( + options=["--source-ip-groups"], + help="Space-separated list of name or resource id of source IpGroups.", + arg_group="Common Rule" + ) + args_schema.source_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + args_schema.translated_address = AAZStrArg( + options=["--translated-address"], + help="Translated address for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.translated_fqdn = AAZStrArg( + options=["--translated-fqdn"], + help="Translated FQDN for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.translated_port = AAZStrArg( + options=["--translated-port"], + help="Translated port for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.destination_ip_groups = AAZListArg( + options=['--destination-ip-groups', '--dest-ipg'], + help="Space-separated list of name or resource id of destination IpGroups.", + arg_group="Network Rule" + ) + args_schema.destination_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + args_schema.destination_fqdns = AAZListArg( + options=["--destination-fqdns"], + help="Space-separated list of destination FQDNs.", + arg_group="Network Rule" + ) + args_schema.destination_fqdns.Element = AAZStrArg() + args_schema.rule_name = AAZStrArg( + help="The name of rule.", + ) + args_schema.rule_name._registered = False + args_schema.priority._registered = False + args_schema.rule_collections._registered = False + return args_schema + + def pre_operations(self): + args = self.ctx.args + args.rule_name = args.name + args.name = args.rcg_name + + def pre_instance_update(self, instance): + args = self.ctx.args + target_rule_collection = None + for rule_collection in instance.properties.rule_collections: + if rule_collection.name == args.collection_name: + target_rule_collection = rule_collection + + if target_rule_collection is None: + raise UserFault("Cannot find corresponding rule, please check parameters") + + new_rule = None + for i, rule in enumerate(target_rule_collection.rules): + if args.rule_name == rule.name: + if rule.rule_type == "NetworkRule": + new_rule = { + 'name': args.rule_name, + 'description': args.description if has_value(args.description) else rule.description, + 'rule_type': 'NetworkRule', + 'ip_protocols': args.ip_protocols if has_value(args.ip_protocols) else rule.ip_protocols, + 'source_addresses': args.source_addresses if has_value(args.source_addresses) else rule.source_addresses, + 'destination_addresses': args.destination_addresses if has_value(args.destination_addresses) else rule.destination_addresses, + 'destination_ports': args.destination_ports if has_value(args.destination_ports) else rule.destination_ports, + 'source_ip_groups': args.source_ip_groups if has_value(args.source_ip_groups) else rule.source_ip_groups, + 'destination_ip_groups': args.destination_ip_groups if has_value(args.destination_ip_groups) else rule.destination_ip_groups, + 'destination_fqdns': args.destination_fqdns if has_value(args.destination_fqdns) else rule.destination_fqdns + } + elif rule.rule_type == 'ApplicationRule': + protocols = rule.protocols + if has_value(args.protocols): + protocols = list( + map(lambda x: {'protocol_type': x[0], 'port': int(x[1])}, + args.protocols.to_serialized_data().items())) + new_rule = { + 'name': args.rule_name, + 'description': args.description if has_value(args.description) else rule.description, + 'rule_type': 'ApplicationRule', + 'source_addresses': args.source_addresses if has_value(args.source_addresses) else rule.source_addresses, + 'protocols': protocols, + 'destination_addresses': args.destination_addresses if has_value(args.destination_addresses) else rule.destination_addresses, + 'fqdn_tags': args.fqdn_tags if has_value(args.fqdn_tags) else rule.fqdn_tags, + 'target_fqdns': args.target_fqdns if has_value(args.target_fqdns) else rule.target_fqdns, + 'target_urls': args.target_urls if has_value(args.target_urls) else rule.target_urls, + 'source_ip_groups': args.source_ip_groups if has_value(args.source_ip_groups) else rule.source_ip_groups, + 'terminate_tls': args.enable_tls_inspection if has_value(args.enable_tls_inspection) else rule.enable_tls_inspection, + 'web_categories': args.web_categories if has_value(args.web_categories) else rule.web_categories + } + elif rule.rule_type == 'NatRule': + new_rule = { + 'name': args.rule_name, + 'description': args.description if has_value(args.description) else rule.description, + 'rule_type': 'NatRule', + 'ip_protocols': args.ip_protocols if has_value(args.ip_protocols) else rule.ip_protocols, + 'source_addresses': args.source_addresses if has_value(args.source_addresses) else rule.source_addresses, + 'destination_addresses': args.destination_addresses if has_value(args.destination_addresses) else rule.destination_addresses, + 'destination_ports': args.destination_ports if has_value(args.destination_ports) else rule.destination_ports, + 'translated_address': args.translated_address if has_value(args.translated_address) else rule.translated_address, + 'translated_fqdn': args.translated_fqdn if has_value(args.translated_fqdn) else rule.translated_fqdn, + 'translated_port': args.translated_port if has_value(args.translated_port) else rule.translated_port, + 'source_ip_groups': args.source_ip_groups if has_value(args.source_ip_groups) else rule.source_ip_groups + } + else: + raise ServiceError(f'Undefined rule_type : {rule.rule_type}') + if new_rule is not None: + target_rule_collection.rules[i] = new_rule + if new_rule is None: + raise UserFault(f'{args.rule_name} does not exist!!!') + + +@register_command( + "network firewall policy rule-collection-group draft collection add-nat-collection", + is_preview=True, +) +class RuleCollectionGroupDraftNatCollectionAdd(_RuleCollectionGroupDraftUpdate): + """ + Add a NAT collection into an Azure firewall policy rule collection group draft. + + :example: Add a NAT collection into the rule collection group draft + az network firewall policy rule-collection-group draft collection add-nat-collection -n + nat_collection --collection-priority 10003 --policy-name {policy} -g {rg} --rule-collection- + group-name {collectiongroup} --action DNAT --rule-name network_rule --description "test" + --destination-addresses "202.120.36.15" --source-addresses "202.120.36.13" "202.120.36.14" + --translated-address 128.1.1.1 --translated-port 1234 --destination-ports 12000 12001 --ip- + protocols TCP UDP + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg, AAZListArg, AAZArgEnum, AAZResourceIdArg, AAZResourceIdArgFormat, \ + AAZIntArg, AAZIntArgFormat + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._required = True + args_schema.name._options = ['--name', '-n'] + args_schema.name.help = 'The name of the collection in Firewall Policy Rule Collection Group.' + args_schema.name._arg_group = "" + args_schema.name._id_part = None + args_schema.policy_name._id_part = None + args_schema.rcg_name = AAZStrArg( + options=["--rcg-name", "--rule-collection-group-name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.collection_priority = AAZIntArg( + options=["--collection-priority"], + arg_group="", + help="The priority of the rule in Firewall Policy Rule Collection Group.", + required=True, + fmt=AAZIntArgFormat( + maximum=65000, + minimum=100, + ), + ) + args_schema.nat_action = AAZStrArg( + options=["--action"], + help="The action type of a rule collection.", + ) + args_schema.nat_action.enum = AAZArgEnum({'DNAT': 'DNAT', 'SNAT': 'SNAT'}) + args_schema.ip_protocols = AAZListArg( + options=["--ip-protocols"], + help="Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. ", + required=True, + arg_group="Common Rule", + ) + args_schema.ip_protocols.Element = AAZStrArg() + args_schema.ip_protocols.enum = AAZArgEnum({'TCP': 'TCP', 'UDP': 'UDP', 'Any': 'Any', 'ICMP': 'ICMP'}) + args_schema.description = AAZStrArg( + options=["--description"], + help="The description of rule.", + arg_group="Common Rule" + ) + args_schema.destination_addresses = AAZListArg( + options=["--destination-addresses", "--dest-addr"], + help="Space-separated list of destination IP addresses.", + arg_group="Common Rule" + ) + args_schema.destination_addresses.Element = AAZStrArg() + args_schema.destination_ports = AAZListArg( + options=["--destination-ports"], + help="Space-separated list of destination ports. This argument is supported for Nat and Network Rule.", + arg_group="Common Rule" + ) + args_schema.destination_ports.Element = AAZStrArg() + args_schema.rule_name = AAZStrArg( + options=["--rule-name"], + help="The name of rule.", + arg_group="Common Rule" + ) + args_schema.source_addresses = AAZListArg( + options=["--source-addresses"], + help="Space-separated list of source IP ddresses.", + arg_group="Common Rule" + ) + args_schema.source_addresses.Element = AAZStrArg() + args_schema.source_ip_groups = AAZListArg( + options=["--source-ip-groups"], + help="Space-separated list of name or resource id of source IpGroups.", + arg_group="Common Rule" + ) + args_schema.source_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + args_schema.translated_address = AAZStrArg( + options=["--translated-address"], + help="Translated address for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.translated_fqdn = AAZStrArg( + options=["--translated-fqdn"], + help="Translated FQDN for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.translated_port = AAZStrArg( + options=["--translated-port"], + help="Translated port for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.rule_collection_name = AAZStrArg( + help="The name of the rule collection.", + ) + args_schema.rule_collection_name._registered = False + args_schema.priority._registered = False + args_schema.rule_collections._registered = False + return args_schema + + def pre_operations(self): + args = self.ctx.args + args.rule_collection_name = args.name + args.name = args.rcg_name + + def pre_instance_update(self, instance): + args = self.ctx.args + nat_rule = { + 'name': args.rule_name, + 'description': args.description, + 'rule_type': 'NatRule', + 'ip_protocols': args.ip_protocols, + 'source_addresses': args.source_addresses, + 'destination_addresses': args.destination_addresses, + 'destination_ports': args.destination_ports, + 'translated_address': args.translated_address, + 'translated_fqdn': args.translated_fqdn, + 'translated_port': args.translated_port, + 'source_ip_groups': args.source_ip_groups + } + rule_collection = { + 'name': args.rule_collection_name, + 'priority': args.collection_priority, + 'rule_collection_type': 'FirewallPolicyNatRuleCollection', + 'action': { + 'type': args.nat_action + }, + 'rules': [nat_rule] + } + instance.properties.rule_collections.append(rule_collection) + + def _output(self, *args, **kwargs): + return {'ruleCollections': self.deserialize_output(self.ctx.vars.instance.properties.rule_collections, + client_flatten=True)} + + +@register_command( + "network firewall policy rule-collection-group draft collection add-filter-collection", + is_preview=True, +) +class RuleCollectionGroupDraftFilterCollectionAdd(_RuleCollectionGroupDraftUpdate): + """ + Add a filter collection into an Azure firewall policy rule collection group draft. + + :example: Add a filter collection with Network rule into the rule collection group draft + az network firewall policy rule-collection-group draft collection add-filter-collection -g {rg} + --policy-name {policy} --rule-collection-group-name {collectiongroup} --name + filter_collection --action Allow --rule-name network_rule --rule-type NetworkRule + --description "test" --destination-addresses "202.120.36.15" --source-addresses + "202.120.36.13" "202.120.36.14" --destination-ports 12003 12004 --ip-protocols TCP UDP + --collection-priority 11002 + + :example: Add a filter collection with Application rule into the rule collection group draft + az network firewall policy rule-collection-group draft collection add-filter-collection -g {rg} + --policy-name {policy} --rule-collection-group-name {collectiongroup} --name + filter_collection --action Allow --rule-name application_rule --rule-type ApplicationRule + --description "test" --destination-addresses "202.120.36.15" "202.120.36.16" --source- + addresses "202.120.36.13" "202.120.36.14" --protocols Http=12800 Https=12801 --fqdn-tags + AzureBackup HDInsight --collection-priority 11100 + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg, AAZListArg, AAZArgEnum, AAZBoolArg, AAZDictArg, AAZResourceIdArg, \ + AAZResourceIdArgFormat, AAZIntArg, AAZIntArgFormat + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._required = True + args_schema.name._options = ['--name', '-n'] + args_schema.name.help = 'The name of the collection in Firewall Policy Rule Collection Group.' + args_schema.name._arg_group = "" + args_schema.name._id_part = None + args_schema.policy_name._id_part = None + args_schema.rcg_name = AAZStrArg( + options=["--rcg-name", "--rule-collection-group-name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.collection_priority = AAZIntArg( + options=["--collection-priority"], + arg_group="", + help="The priority of the rule in Firewall Policy Rule Collection Group.", + required=True, + fmt=AAZIntArgFormat( + maximum=65000, + minimum=100, + ), + ) + args_schema.filter_action = AAZStrArg( + options=["--action"], + help="The action type of a rule collection.", + ) + args_schema.filter_action.enum = AAZArgEnum({'Allow': 'Allow', 'Deny': 'Deny'}) + args_schema.ip_protocols = AAZListArg( + options=["--ip-protocols"], + help="Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. ", + arg_group="Common Rule", + ) + args_schema.ip_protocols.Element = AAZStrArg() + args_schema.ip_protocols.enum = AAZArgEnum({'TCP': 'TCP', 'UDP': 'UDP', 'Any': 'Any', 'ICMP': 'ICMP'}) + args_schema.description = AAZStrArg( + options=["--description"], + help="The description of rule.", + arg_group="Common Rule" + ) + args_schema.destination_addresses = AAZListArg( + options=["--destination-addresses", "--dest-addr"], + help="Space-separated list of destination IP addresses.", + arg_group="Common Rule" + ) + args_schema.destination_addresses.Element = AAZStrArg() + args_schema.destination_ports = AAZListArg( + options=["--destination-ports"], + help="Space-separated list of destination ports. This argument is supported for Nat and Network Rule.", + arg_group="Common Rule" + ) + args_schema.destination_ports.Element = AAZStrArg() + args_schema.rule_name = AAZStrArg( + options=["--rule-name"], + help="The name of rule.", + arg_group="Common Rule" + ) + args_schema.rule_type = AAZStrArg( + options=["--rule-type"], + help="The type of rule.", + arg_group="Common Rule" + ) + args_schema.rule_type.enum = AAZArgEnum({'ApplicationRule': 'ApplicationRule', + 'NetworkRule': 'NetworkRule', + 'NatRule': 'NatRule'}) + args_schema.source_addresses = AAZListArg( + options=["--source-addresses"], + help="Space-separated list of source IP ddresses.", + arg_group="Common Rule" + ) + args_schema.source_addresses.Element = AAZStrArg() + args_schema.source_ip_groups = AAZListArg( + options=["--source-ip-groups"], + help="Space-separated list of name or resource id of source IpGroups.", + arg_group="Common Rule" + ) + args_schema.source_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + args_schema.destination_ip_groups = AAZListArg( + options=['--destination-ip-groups', '--dest-ipg'], + help="Space-separated list of name or resource id of destination IpGroups.", + arg_group="Network Rule" + ) + args_schema.destination_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + args_schema.destination_fqdns = AAZListArg( + options=["--destination-fqdns"], + help="Space-separated list of destination FQDNs.", + arg_group="Network Rule" + ) + args_schema.destination_fqdns.Element = AAZStrArg() + args_schema.enable_tls_inspection = AAZBoolArg( + options=['--enable-tls-inspection', '--enable-tls-insp'], + help="Enable flag to terminate TLS connection for this rule", + default=False, + arg_group="Application Rule" + ) + args_schema.fqdn_tags = AAZListArg( + options=["--fqdn-tags"], + help="Space-separated list of FQDN tags for this rule.", + arg_group="Application Rule" + ) + args_schema.fqdn_tags.Element = AAZStrArg() + args_schema.protocols = AAZDictArg( + options=["--protocols"], + help="Space-separated list of protocols and port numbers to use, in PROTOCOL=PORT format.", + arg_group="Application Rule" + ) + args_schema.protocols.Element = AAZStrArg() + args_schema.target_fqdns = AAZListArg( + options=["--target-fqdns"], + help="Space-separated list of FQDNs for this rule.", + arg_group="Application Rule" + ) + args_schema.target_fqdns.Element = AAZStrArg() + args_schema.target_urls = AAZListArg( + options=["--target-urls"], + help="Space-separated list of target urls for this rule.", + arg_group="Application Rule" + ) + args_schema.target_urls.Element = AAZStrArg() + args_schema.web_categories = AAZListArg( + options=["--web-categories"], + help="Space-separated list of web categories for this rule.", + arg_group="Application Rule" + ) + args_schema.web_categories.Element = AAZStrArg() + args_schema.rule_collection_name = AAZStrArg( + help="The name of the rule collection.", + ) + args_schema.rule_collection_name._registered = False + args_schema.priority._registered = False + args_schema.rule_collections._registered = False + return args_schema + + def pre_operations(self): + args = self.ctx.args + args.rule_collection_name = args.name + args.name = args.rcg_name + + def pre_instance_update(self, instance): + args = self.ctx.args + if has_value(args.target_fqdns) and has_value(args.fqdn_tags): + raise ArgumentUsageError('usage error: --target-fqdns | --fqdn-tags') + + if args.rule_type == 'NetworkRule': + rule = { + 'name': args.rule_name, + 'description': args.description, + 'rule_type': 'NetworkRule', + 'ip_protocols': args.ip_protocols, + 'source_addresses': args.source_addresses, + 'destination_addresses': args.destination_addresses, + 'destination_ports': args.destination_ports, + 'source_ip_groups': args.source_ip_groups, + 'destination_ip_groups': args.destination_ip_groups, + 'destination_fqdns': args.destination_fqdns + } + else: + protocols = [] + if has_value(args.protocols): + protocols = list(map(lambda x: {'protocol_type': x[0], 'port': int(x[1])}, args.protocols.to_serialized_data().items())) + rule = { + 'name': args.rule_name, + 'description': args.description, + 'rule_type': 'ApplicationRule', + 'source_addresses': args.source_addresses, + 'protocols': protocols, + 'destination_addresses': args.destination_addresses, + 'fqdn_tags': args.fqdn_tags, + 'target_fqdns': args.target_fqdns, + 'target_urls': args.target_urls, + 'source_ip_groups': args.source_ip_groups, + 'terminate_tls': args.enable_tls_inspection, + 'web_categories': args.web_categories + } + rule_collection = { + 'name': args.rule_collection_name, + 'priority': args.collection_priority, + 'rule_collection_type': 'FirewallPolicyFilterRuleCollection', + 'action': { + 'type': args.filter_action + }, + 'rules': [rule] + } + instance.properties.rule_collections.append(rule_collection) + + def _output(self, *args, **kwargs): + return {'ruleCollections': self.deserialize_output(self.ctx.vars.instance.properties.rule_collections, + client_flatten=True)} + + +@register_command( + "network firewall policy rule-collection-group draft collection remove", + is_preview=True, +) +class RuleCollectionGroupDraftCollectionRemove(_RuleCollectionGroupDraftUpdate): + """ + Remove a rule collection from an Azure firewall policy rule collection group draft. + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._required = True + args_schema.name.help = 'The name of the collection in Firewall Policy Rule Collection Group.' + args_schema.name._arg_group = "" + args_schema.name._id_part = None + args_schema.policy_name._id_part = None + args_schema.rcg_name = AAZStrArg( + options=["--rcg-name", "--rule-collection-group-name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.rule_collection_name = AAZStrArg( + help="The name of the rule collection.", + ) + args_schema.rule_collection_name._registered = False + args_schema.priority._registered = False + args_schema.rule_collections._registered = False + return args_schema + + def pre_operations(self): + args = self.ctx.args + args.rule_collection_name = args.name + args.name = args.rcg_name + + def pre_instance_update(self, instance): + args = self.ctx.args + removed_rule_collection = None + for rule_collection in instance.properties.rule_collections: + if rule_collection.name == args.rule_collection_name: + removed_rule_collection = rule_collection + + if removed_rule_collection is not None: + new_rule_collections = copy.deepcopy(instance.properties.rule_collections.to_serialized_data()) + new_rule_collections.remove(removed_rule_collection.to_serialized_data()) + instance.properties.rule_collections = new_rule_collections + + def _output(self, *args, **kwargs): + return {'ruleCollections': self.deserialize_output(self.ctx.vars.instance.properties.rule_collections, + client_flatten=True)} + + +@register_command( + "network firewall policy rule-collection-group draft collection rule add", + is_preview=True, +) +class RuleCollectionGroupDraftFilterRuleAdd(_RuleCollectionGroupDraftUpdate): + """ + Add a rule into an Azure firewall policy draft rule collection. + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg, AAZListArg, AAZArgEnum, AAZBoolArg, AAZDictArg, AAZResourceIdArg, \ + AAZResourceIdArgFormat + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._required = True + args_schema.name._options = ['--name', '-n'] + args_schema.name.help = 'The name of rule.' + args_schema.name._arg_group = 'Common Rule' + args_schema.name._id_part = None + args_schema.policy_name._id_part = None + args_schema.collection_name = AAZStrArg( + options=["--collection-name"], + help="The name of the rule collection in Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.rcg_name = AAZStrArg( + options=["--rcg-name", "--rule-collection-group-name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.enable_tls_inspection = AAZBoolArg( + options=['--enable-tls-inspection', '--enable-tls-insp'], + help="Enable flag to terminate TLS connection for this rule", + default=False, + arg_group="Application Rule" + ) + args_schema.fqdn_tags = AAZListArg( + options=["--fqdn-tags"], + help="Space-separated list of FQDN tags for this rule.", + arg_group="Application Rule" + ) + args_schema.fqdn_tags.Element = AAZStrArg() + args_schema.protocols = AAZDictArg( + options=["--protocols"], + help="Space-separated list of protocols and port numbers to use, in PROTOCOL=PORT format.", + arg_group="Application Rule" + ) + args_schema.protocols.Element = AAZStrArg() + args_schema.target_fqdns = AAZListArg( + options=["--target-fqdns"], + help="Space-separated list of FQDNs for this rule.", + arg_group="Application Rule" + ) + args_schema.target_fqdns.Element = AAZStrArg() + args_schema.target_urls = AAZListArg( + options=["--target-urls"], + help="Space-separated list of target urls for this rule.", + arg_group="Application Rule" + ) + args_schema.target_urls.Element = AAZStrArg() + args_schema.web_categories = AAZListArg( + options=["--web-categories"], + help="Space-separated list of web categories for this rule.", + arg_group="Application Rule" + ) + args_schema.web_categories.Element = AAZStrArg() + args_schema.ip_protocols = AAZListArg( + options=["--ip-protocols"], + help="Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. ", + arg_group="Common Rule", + ) + args_schema.ip_protocols.Element = AAZStrArg() + args_schema.ip_protocols.enum = AAZArgEnum({'TCP': 'TCP', 'UDP': 'UDP', 'Any': 'Any', 'ICMP': 'ICMP'}) + args_schema.description = AAZStrArg( + options=["--description"], + help="The description of rule.", + arg_group="Common Rule" + ) + args_schema.destination_addresses = AAZListArg( + options=["--destination-addresses", "--dest-addr"], + help="Space-separated list of destination IP addresses.", + arg_group="Common Rule" + ) + args_schema.destination_addresses.Element = AAZStrArg() + args_schema.destination_ports = AAZListArg( + options=["--destination-ports"], + help="Space-separated list of destination ports. This argument is supported for Nat and Network Rule.", + arg_group="Common Rule" + ) + args_schema.destination_ports.Element = AAZStrArg() + args_schema.rule_type = AAZStrArg( + options=["--rule-type"], + help="The type of rule.", + required=True, + arg_group="Common Rule" + ) + args_schema.rule_type.enum = AAZArgEnum({'ApplicationRule': 'ApplicationRule', + 'NetworkRule': 'NetworkRule', + 'NatRule': 'NatRule'}) + args_schema.source_addresses = AAZListArg( + options=["--source-addresses"], + help="Space-separated list of source IP ddresses.", + arg_group="Common Rule" + ) + args_schema.source_addresses.Element = AAZStrArg() + args_schema.source_ip_groups = AAZListArg( + options=["--source-ip-groups"], + help="Space-separated list of name or resource id of source IpGroups.", + arg_group="Common Rule" + ) + args_schema.source_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + args_schema.translated_address = AAZStrArg( + options=["--translated-address"], + help="Translated address for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.translated_fqdn = AAZStrArg( + options=["--translated-fqdn"], + help="Translated FQDN for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.translated_port = AAZStrArg( + options=["--translated-port"], + help="Translated port for this NAT rule collection.", + arg_group="Nat Rule" + ) + args_schema.destination_ip_groups = AAZListArg( + options=['--destination-ip-groups', '--dest-ipg'], + help="Space-separated list of name or resource id of destination IpGroups.", + arg_group="Network Rule" + ) + args_schema.destination_ip_groups.Element = AAZResourceIdArg( + fmt=AAZResourceIdArgFormat( + template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/ipGroups/{}" + ) + ) + args_schema.destination_fqdns = AAZListArg( + options=["--destination-fqdns"], + help="Space-separated list of destination FQDNs.", + arg_group="Network Rule" + ) + args_schema.destination_fqdns.Element = AAZStrArg() + args_schema.rule_name = AAZStrArg( + help="The name of rule.", + ) + args_schema.rule_name._registered = False + args_schema.priority._registered = False + args_schema.rule_collections._registered = False + return args_schema + + def pre_operations(self): + args = self.ctx.args + args.rule_name = args.name + args.name = args.rcg_name + + def pre_instance_update(self, instance): + args = self.ctx.args + target_rule_collection = None + for rule_collection in instance.properties.rule_collections: + if rule_collection.name == args.collection_name: + target_rule_collection = rule_collection + + if target_rule_collection is None: + raise CLIError("Cannot find corresponding rule.") + + if target_rule_collection.rule_collection_type == "FirewallPolicyFilterRuleCollection" and args.rule_type == 'NatRule': + raise CLIError("FirewallPolicyFilterRule doesn't support Nat rule.") + + if target_rule_collection.rule_collection_type == "FirewallPolicyNatRuleCollection" and args.rule_type in ['NetworkRule', 'ApplicationRule']: + raise CLIError("FirewallPolicyNatRule supports neither Network rule nor Application rule.") + + rule = None + if args.rule_type == "NetworkRule": + rule = { + 'name': args.rule_name, + 'description': args.description, + 'rule_type': 'NetworkRule', + 'ip_protocols': args.ip_protocols, + 'source_addresses': args.source_addresses, + 'destination_addresses': args.destination_addresses, + 'destination_ports': args.destination_ports, + 'source_ip_groups': args.source_ip_groups, + 'destination_ip_groups': args.destination_ip_groups, + 'destination_fqdns': args.destination_fqdns + } + elif args.rule_type == 'ApplicationRule': + protocols = [] + if has_value(args.protocols): + protocols = list( + map(lambda x: {'protocol_type': x[0], 'port': int(x[1])}, args.protocols.to_serialized_data().items())) + rule = { + 'name': args.rule_name, + 'description': args.description, + 'rule_type': 'ApplicationRule', + 'source_addresses': args.source_addresses, + 'protocols': protocols, + 'destination_addresses': args.destination_addresses, + 'fqdn_tags': args.fqdn_tags, + 'target_fqdns': args.target_fqdns, + 'target_urls': args.target_urls, + 'source_ip_groups': args.source_ip_groups, + 'terminate_tls': args.enable_tls_inspection, + 'web_categories': args.web_categories + } + + elif args.rule_type == 'NatRule': + rule = { + 'name': args.rule_name, + 'description': args.description, + 'rule_type': 'NatRule', + 'ip_protocols': args.ip_protocols, + 'source_addresses': args.source_addresses, + 'destination_addresses': args.destination_addresses, + 'destination_ports': args.destination_ports, + 'translated_address': args.translated_address, + 'translated_fqdn': args.translated_fqdn, + 'translated_port': args.translated_port, + 'source_ip_groups': args.source_ip_groups + } + + target_rule_collection.rules.append(rule) + + +@register_command( + "network firewall policy rule-collection-group draft collection rule remove", + is_preview=True, +) +class RuleCollectionGroupDraftFilterRuleRemove(_RuleCollectionGroupDraftUpdate): + """ + Remove a rule from an Azure firewall policy rule collection draft. + Filter collection supports having a list of network rules or application rules. + NatRule collection supports including a list of nat rules. + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._required = True + args_schema.name._options = ['--name', '-n'] + args_schema.name.help = 'The name of rule.' + args_schema.name._arg_group = 'Common Rule' + args_schema.name._id_part = None + args_schema.policy_name._id_part = None + args_schema.collection_name = AAZStrArg( + options=["--collection-name"], + help="The name of the rule collection in Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.rcg_name = AAZStrArg( + options=["--rcg-name", "--rule-collection-group-name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.rule_name = AAZStrArg( + help="The name of rule.", + ) + args_schema.rule_name._registered = False + args_schema.priority._registered = False + args_schema.rule_collections._registered = False + return args_schema + + def pre_operations(self): + args = self.ctx.args + args.rule_name = args.name + args.name = args.rcg_name + + def pre_instance_update(self, instance): + args = self.ctx.args + target_rule_collection = None + for rule_collection in instance.properties.rule_collections: + if rule_collection.name == args.collection_name: + target_rule_collection = rule_collection + + if target_rule_collection is None: + raise CLIError("Cannot find corresponding rule collection.") + + removed_rule = None + for rule in target_rule_collection.rules: + if rule.name == args.rule_name: + removed_rule = rule + + if removed_rule is not None: + new_rules = copy.deepcopy(target_rule_collection.rules.to_serialized_data()) + new_rules.remove(removed_rule.to_serialized_data()) + target_rule_collection.rules = new_rules + + +@register_command( + "network firewall policy rule-collection-group draft collection rule update", + is_preview=True, +) +class RuleCollectionGroupDraftFilterRuleUpdate(_RuleCollectionGroupDraftUpdate): + """ + Update a rule of an Azure firewall policy rule collection. + Filter collection supports having a list of network rules or application rules. + NatRule collection supports including a list of nat rules. + + :example: Update a rule of an Azure firewall policy rule collection. + az network firewall policy rule-collection-group draft collection rule update -g {rg} --policy- + name {policy} --rule-collection-group-name {rcg} --collection-name {cn} -n {rule_name} + --target-fqdns XXX + + """ + + @classmethod + def _build_arguments_schema(cls, *args, **kwargs): + from azure.cli.core.aaz import AAZStrArg, AAZBoolArg, AAZListArg, AAZDictArg, AAZArgEnum, AAZResourceIdArg, \ + AAZResourceIdArgFormat + args_schema = super()._build_arguments_schema(*args, **kwargs) + args_schema.name._required = True + args_schema.name._options = ['--name', '-n'] + args_schema.name.help = 'The name of rule.' + args_schema.name._arg_group = 'Common Rule' + args_schema.name._id_part = None + args_schema.policy_name._id_part = None + args_schema.collection_name = AAZStrArg( + options=["--collection-name"], + help="The name of the rule collection in Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.rcg_name = AAZStrArg( + options=["--rcg-name", "--rule-collection-group-name"], + help="The name of the Firewall Policy Rule Collection Group.", + required=True, + arg_group="", + ) + args_schema.enable_tls_inspection = AAZBoolArg( + options=['--enable-tls-inspection', '--enable-tls-insp'], + help="Enable flag to terminate TLS connection for this rule", + default=False, + arg_group="Application Rule" + ) + args_schema.fqdn_tags = AAZListArg( + options=["--fqdn-tags"], + help="Space-separated list of FQDN tags for this rule.", + arg_group="Application Rule" + ) + args_schema.fqdn_tags.Element = AAZStrArg() + args_schema.protocols = AAZDictArg( + options=["--protocols"], + help="Space-separated list of protocols and port numbers to use, in PROTOCOL=PORT format.", + arg_group="Application Rule" + ) + args_schema.protocols.Element = AAZStrArg() + args_schema.target_fqdns = AAZListArg( + options=["--target-fqdns"], + help="Space-separated list of FQDNs for this rule.", + arg_group="Application Rule" + ) + args_schema.target_fqdns.Element = AAZStrArg() + args_schema.target_urls = AAZListArg( + options=["--target-urls"], + help="Space-separated list of target urls for this rule.", arg_group="Application Rule" ) args_schema.target_urls.Element = AAZStrArg() diff --git a/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py b/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py index 17ba790c6bd..fd9a24e471f 100644 --- a/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py +++ b/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py @@ -1093,3 +1093,239 @@ def test_azure_firewall_policy_with_snat(self, resource_group): ]) self.cmd("network firewall policy delete -n {policy} -g {rg}") + + @AllowLargeResponse(size_kb=10240) + @ResourceGroupPreparer(name_prefix='cli_test_azure_firewall_policy_draft', location='westus2') + def test_azure_policy_draft(self, resource_group, resource_group_location): + self.kwargs.update({ + 'policy': 'myclipolicy', + 'rg': resource_group, + 'ipconfig': 'myipconfig1', + 'location': resource_group_location, + 'collectiongroup': 'myclirulecollectiongroup', + 'collection_group_priority': 10000 + }) + self.cmd('network firewall policy create -g {rg} -n {policy} -l {location} --sku Premium --idps-mode Off', checks=[ + self.check('type', 'Microsoft.Network/FirewallPolicies'), + self.check('name', '{policy}') + ]) + + self.kwargs.update({'location': 'westus2'}) + self.cmd('network firewall policy draft create -g {rg} --name {policy}', checks=[ + self.check('type', 'Microsoft.Network/FirewallPolicies/FirewallPolicyDrafts'), + self.check('name', '{policy}') + ]) + + self.cmd( + 'network firewall policy draft update -g {rg} --name {policy} --threat-intel-mode Deny --idps-mode Alert', + checks=[ + self.check('type', 'Microsoft.Network/FirewallPolicies/FirewallPolicyDrafts'), + self.check('threatIntelMode', 'Deny'), + self.check('name', '{policy}'), + self.check('intrusionDetection.mode', 'Alert') + ]) + + self.cmd('network firewall policy draft intrusion-detection add -g {rg} --policy-name {policy} --mode Deny --signature-id 10001 --private-ranges 167.220.204.0/24 167.221.205.101/32', + checks=[ + self.check('bypassTrafficSettings', []), + self.check('length(signatureOverrides)', 1), + self.check('signatureOverrides[0]', {'id': '10001', 'mode': 'Deny'}), + self.check('privateRanges[0]', "167.220.204.0/24"), + self.check('privateRanges[1]', "167.221.205.101/32") + ]) + + self.cmd('network firewall policy draft intrusion-detection add -g {rg} --policy-name {policy} --mode Alert --signature-id 20001 --private-ranges 167.220.208.0/24 167.221.205.102/32', + checks=[ + self.check('bypassTrafficSettings', []), + self.check('length(signatureOverrides)', 2), + self.check('signatureOverrides[0]', {'id': '10001', 'mode': 'Deny'}), + self.check('signatureOverrides[1]', {'id': '20001', 'mode': 'Alert'}), + self.check('privateRanges[0]', "167.220.208.0/24"), + self.check('privateRanges[1]', "167.221.205.102/32") + ]) + + self.cmd('network firewall policy draft intrusion-detection add -g {rg} --policy-name {policy} ' + '--rule-name bypass-rule-1 ' + '--rule-protocol TCP ' + '--rule-src-addresses 10.0.0.12 10.0.0.15 ' + '--rule-dest-addresses 192.168.0.103 192.168.0.104 ' + '--rule-dest-ports 8080 9090 5432', + checks=[ + self.check('length(bypassTrafficSettings)', 1), + self.check('bypassTrafficSettings[0].description', None), + self.check('bypassTrafficSettings[0].destinationAddresses', ['192.168.0.103', '192.168.0.104']), + self.check('bypassTrafficSettings[0].destinationIpGroups', None), + self.check('bypassTrafficSettings[0].protocol', 'TCP'), + self.check('bypassTrafficSettings[0].destinationPorts', ['8080', '9090', '5432']), + self.check('length(signatureOverrides)', 2), + self.check('signatureOverrides[0]', {'id': '10001', 'mode': 'Deny'}), + self.check('signatureOverrides[1]', {'id': '20001', 'mode': 'Alert'}), + ]) + + self.cmd('network firewall policy draft intrusion-detection list -g {rg} --policy-name {policy}', + checks=[ + self.check('length(bypassTrafficSettings)', 1), + self.check('length(signatureOverrides)', 2), + self.check('length(privateRanges)', 2) + ]) + + self.cmd('network firewall policy draft intrusion-detection remove -g {rg} --policy-name {policy} ' + '--rule-name bypass-rule-1 ' + '--signature-id 10001') + + self.cmd('network firewall policy draft intrusion-detection list -g {rg} --policy-name {policy}', + checks=[ + self.check('length(bypassTrafficSettings)', 0), + self.check('length(signatureOverrides)', 1), + self.check('length(privateRanges)', 2) + ]) + + self.cmd('network firewall policy show -g {rg} -n {policy}', + checks=[ + self.check('threatIntelMode', 'Alert') + ]) + + self.cmd('network firewall policy deploy -g {rg} --name {policy}') + + self.cmd('network firewall policy show -g {rg} -n {policy}', + checks=[ + self.check('threatIntelMode', 'Deny') + ]) + + self.cmd('network firewall policy intrusion-detection list -g {rg} --policy-name {policy}', + checks=[ + self.check('length(bypassTrafficSettings)', 0), + self.check('length(signatureOverrides)', 1), + self.check('length(privateRanges)', 2) + ]) + + self.cmd('network firewall policy delete -g {rg} --name {policy}') + + + @AllowLargeResponse(size_kb=10240) + @ResourceGroupPreparer(name_prefix='cli_test_azure_firewall_policy_draft', location='westus2') + def test_azure_policy_rcg_draft(self, resource_group, resource_group_location): + self.kwargs.update({ + 'policy': 'myclipolicy', + 'rg': resource_group, + 'ipconfig': 'myipconfig1', + 'location': resource_group_location, + 'collectiongroup': 'myclirulecollectiongroup', + 'collection_group_priority': 10000 + }) + self.cmd('network firewall policy create -g {rg} -n {policy} -l {location}', checks=[ + self.check('type', 'Microsoft.Network/FirewallPolicies'), + self.check('name', '{policy}') + ]) + + self.kwargs.update({'location': 'westus2'}) + self.cmd('network firewall policy draft create -g {rg} --name {policy}', checks=[ + self.check('type', 'Microsoft.Network/FirewallPolicies/FirewallPolicyDrafts'), + self.check('name', '{policy}') + ]) + + self.cmd('network firewall policy rule-collection-group create -g {rg} --priority {collection_group_priority} --policy-name {policy} -n {collectiongroup}', checks=[ + self.check('type', 'Microsoft.Network/FirewallPolicies/RuleCollectionGroups'), + self.check('name', '{collectiongroup}') + ]) + + self.cmd('network firewall policy rule-collection-group draft create -g {rg} --name {collectiongroup} --priority 150 --policy-name {policy}', checks=[ + self.check('type', 'Microsoft.Network/FirewallPolicies/RuleCollectionGroups/RuleCollectionGroupDrafts'), + self.check('name', '{collectiongroup}'), + self.check('priority', 150) + ]) + + self.cmd('network firewall policy rule-collection-group draft update -g {rg} --policy-name {policy} --name {collectiongroup} --priority 12000', checks=[ + self.check('priority', 12000) + ]) + + self.cmd('network firewall policy rule-collection-group draft show -g {rg} --policy-name {policy} -n {collectiongroup}', checks=[ + self.check('priority', 12000) + ]) + + self.cmd('az network firewall policy rule-collection-group draft collection add-nat-collection -n nat-collection \ + --policy-name {policy} --rule-collection-group-name {collectiongroup} -g {rg} --collection-priority 10005 \ + --action DNAT --rule-name network-rule --description "test" \ + --destination-addresses "202.120.36.15" --source-addresses "202.120.36.13" "202.120.36.14" \ + --translated-address 128.1.1.1 --translated-port 1234 \ + --destination-ports 12000 --ip-protocols TCP UDP', checks=[ + self.check('length(ruleCollections)', 1), + self.check('ruleCollections[0].ruleCollectionType', "FirewallPolicyNatRuleCollection"), + self.check('ruleCollections[0].name', "nat-collection") + ]) + + self.cmd('network firewall policy rule-collection-group draft collection add-filter-collection -g {rg} --policy-name {policy} \ + --rule-collection-group-name {collectiongroup} -n filter-collection-1 --collection-priority 13000 \ + --action Allow --rule-name network-rule --rule-type NetworkRule \ + --description "test" --destination-addresses "202.120.36.15" --source-addresses "202.120.36.13" "202.120.36.14" \ + --destination-ports 12003 12004 --ip-protocols Any ICMP', checks=[ + self.check('length(ruleCollections)', 2), + self.check('ruleCollections[1].ruleCollectionType', "FirewallPolicyFilterRuleCollection"), + self.check('ruleCollections[1].name', "filter-collection-1") + ]) + + self.cmd('network firewall policy rule-collection-group draft collection add-filter-collection -g {rg} --policy-name {policy} \ + --rule-collection-group-name {collectiongroup} -n filter-collection-2 --collection-priority 14000 \ + --action Allow --rule-name application-rule --rule-type ApplicationRule \ + --description "test" --destination-addresses "202.120.36.15" "202.120.36.16" --source-addresses "202.120.36.13" "202.120.36.14" --protocols Http=12800 Https=12801 \ + --fqdn-tags AzureBackup HDInsight ' + '--target-urls www.google.com www.bing.com ' + '--enable-tls-inspection true', + checks=[ + self.check('length(ruleCollections)', 3), + self.check('ruleCollections[2].ruleCollectionType', "FirewallPolicyFilterRuleCollection"), + self.check('ruleCollections[2].name', "filter-collection-2"), + self.check('ruleCollections[2].rules[0].ruleType', 'ApplicationRule'), + self.check('ruleCollections[2].rules[0].terminateTLS', True), + self.check('ruleCollections[2].rules[0].targetUrls', ['www.google.com', 'www.bing.com']) + ]) + + self.cmd('az network firewall policy rule-collection-group draft collection add-nat-collection -n nat-collection-2 \ + --policy-name {policy} --rule-collection-group-name {collectiongroup} -g {rg} --collection-priority 1000 \ + --action DNAT --rule-name network-rule --description "test" \ + --destination-addresses "202.120.36.15" --source-addresses "202.120.36.13" "202.120.36.14" \ + --translated-fqdn www.google.com --translated-port 1234 \ + --destination-ports 12000 --ip-protocols TCP UDP', checks=[ + self.check('length(ruleCollections)', 4), + self.check('ruleCollections[3].ruleCollectionType', "FirewallPolicyNatRuleCollection"), + self.check('ruleCollections[3].name', "nat-collection-2") + ]) + + self.cmd('network firewall policy rule-collection-group draft collection rule add -g {rg} --policy-name {policy} ' + '--rule-collection-group-name {collectiongroup} --collection-name filter-collection-2 --name application-rule-2 ' + '--rule-type ApplicationRule --description "test" --source-addresses 202.120.36.13 202.120.36.14 ' + '--destination-addresses 202.120.36.15 202.120.36.16 --protocols Http=12800 Https=12801 --target-fqdns www.bing.com', + checks=[ + self.check('length(ruleCollections[2].rules)', 2), + ]) + + + self.cmd('network firewall policy rule-collection-group draft collection rule remove -g {rg} --policy-name {policy} \ + --rule-collection-group-name {collectiongroup} --collection-name filter-collection-1 --name network-rule-2', checks=[ + self.check('length(ruleCollections[1].rules)', 1), + self.check('ruleCollections[1].rules[0].name', 'network-rule') + ]) + + self.cmd('network firewall policy rule-collection-group draft collection remove -g {rg} --policy-name {policy} \ + --rule-collection-group-name {collectiongroup} --name filter-collection-1', checks=[ + self.check('length(ruleCollections)', 3) + ]) + + self.cmd('network firewall policy rule-collection-group draft show -g {rg} --policy-name {policy} --name {collectiongroup}', + checks=[ + self.check('length(ruleCollections[1].rules)', 2), + self.check('ruleCollections[1].rules[0].name', 'application-rule'), + self.check('length(ruleCollections)', 3) + ]) + + self.cmd('network firewall policy deploy -g {rg} --name {policy}') + + self.cmd('network firewall policy rule-collection-group show -g {rg} --policy-name {policy} --name {collectiongroup}', + checks=[ + self.check('length(ruleCollections[1].rules)', 2), + self.check('ruleCollections[1].rules[0].name', 'application-rule'), + self.check('length(ruleCollections)', 3) + ]) + + self.cmd('network firewall policy delete -g {rg} --name {policy}') + diff --git a/src/azure-firewall/setup.py b/src/azure-firewall/setup.py index 161b675cb81..4246c5f4812 100644 --- a/src/azure-firewall/setup.py +++ b/src/azure-firewall/setup.py @@ -8,7 +8,7 @@ from codecs import open from setuptools import setup, find_packages -VERSION = "1.0.1" +VERSION = "1.1.0" CLASSIFIERS = [ 'Development Status :: 4 - Beta',