{afd} Create fd url bug fix, edit doc for log scurbbing (#7709)

* scrubbing

* log scrubbing

* UT done

* add exanple

* official release

* version update

* up to 1.1.0

* lint

* rerun UT

* UT

* lint

* rule_exclusions

* abbr added

* lint

* add examples

* fix a bug in create fd, edit docs for log scrubbing

* rerun test

* fix for python version lower than 3.10

* version update

---------

Co-authored-by: Jingnan Xu <[email protected]>

src/front-door/HISTORY.rst

@@ -2,6 +2,10 @@
 
 Release History
 ===============
+1.1.1
+++++++
+* fix url bugs for US gov, edit new examples for log scurbbing
+
 1.1.0
 ++++++
 * az network front-door waf-policy create/update add: log scurbbing support

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_create.py

@@ -112,7 +112,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
         _args_schema.log_scrubbing = AAZObjectArg(
             options=["--log-scrubbing"],
             arg_group="PolicySettings",
-            help="Defines rules that scrub sensitive fields in the Web Application Firewall logs.",
+            help="Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing \"{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null",
         )
         _args_schema.mode = AAZStrArg(
             options=["--mode"],

src/front-door/azext_front_door/aaz/latest/network/front_door/waf_policy/_update.py

@@ -19,8 +19,8 @@ class Update(AAZCommand):
 
     :example: update log scrubbing
         az network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}"
-        az network front-door waf-policy update -g rg -n n1 --log-scrubbing scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:EqualsAny}"
-        az network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}" scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:EqualsAny}"
+        az network front-door waf-policy update -g rg -n n1 --log-scrubbing scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:Equals}"
+        az network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:RequestBodyJsonArgNames,selector-match-operator:EqualsAny}],state:Enabled}" scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:EqualsAny}"
     """
 
     _aaz_info = {
@@ -129,7 +129,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
         _args_schema.log_scrubbing = AAZObjectArg(
             options=["--log-scrubbing"],
             arg_group="PolicySettings",
-            help="Defines rules that scrub sensitive fields in the Web Application Firewall logs.",
+            help="Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing \"{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null",
             nullable=True,
         )
         _args_schema.mode = AAZStrArg(

src/front-door/azext_front_door/custom.py

@@ -167,6 +167,27 @@ def create_front_door(cmd, resource_group_name, front_door_name, backend_address
     load_balancing_settings_name = 'DefaultLoadBalancingSettings'
     routing_rule_name = 'DefaultRoutingRule'
 
+    cloud = cmd.cli_ctx.cloud.name
+    endpoint = cmd.cli_ctx.cloud.endpoints.management
+
+    cloud_url = 'azurefd.net'
+
+    if cloud == 'AzureCloud':
+        cloud_url = 'azurefd.net'
+    elif cloud == 'AzureChinaCloud':
+        cloud_url = 'azurefd.net'
+    elif cloud == 'AzureUSGovernment':
+        cloud_url = 'azurefd.us'
+    elif cloud == 'AzureGermanCloud':
+        cloud_url = 'azurefd.net'
+    else:
+        cloud_url = 'azurefd.net'
+
+    if 'eaglex.ic.gov' in endpoint.lower():
+        cloud_url = 'azurefd.eaglex.ic.gov'
+    if 'microsoft.scloud' in endpoint.lower():
+        cloud_url = 'azurefd.microsoft.scloud'
+
     # get the IDs to fill the references
     backend_pool_id = _front_door_subresource_id(
         cmd, resource_group_name, front_door_name, 'backendPools', backend_pool_name)
@@ -213,7 +234,7 @@ def create_front_door(cmd, resource_group_name, front_door_name, backend_address
         frontend_endpoints=[
             FrontendEndpoint(
                 name=frontend_endpoint_name,
-                host_name=frontend_host_name if frontend_host_name else '{}.azurefd.net'.format(front_door_name),
+                host_name=frontend_host_name if frontend_host_name else '{}.{}'.format(front_door_name, cloud_url),
                 session_affinity_enabled_state='Disabled',
                 resource_state='Enabled'
             )

src/front-door/azext_front_door/tests/latest/test_backend_pool_scenarios.py

@@ -8,7 +8,7 @@
 
 class BackendPoolScenarioTest(ScenarioTest):
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_backend_pool_basic(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),
@@ -39,7 +39,7 @@ def test_backend_pool_basic(self, resource_group):
                      self.check('length(@)', 1),
                  ])
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_backend_pool_backend(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),

src/front-door/azext_front_door/tests/latest/test_front_door_scenarios.py

@@ -9,7 +9,7 @@
 class FrontDoorBasicScenarioTests(ScenarioTest):
 
     # @record_only()  # This test requires resources in the specific subscription
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_front_door_basic_scenario(self, resource_group):
         front_endpoint_name = f"{self.create_random_name('clife', 16)}"
         front_endpoint_host_name = f"{front_endpoint_name}.clitest.azfdtest.xyz"
@@ -39,7 +39,7 @@ def test_front_door_basic_scenario(self, resource_group):
         self.cmd('network front-door frontend-endpoint create -g {rg} -f {front_door} -n {front_endpoint_name} '
                  '--host-name {front_endpoint_host_name} --session-affinity-enabled')
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_front_door_check_name_availability(self, resource_group):
         front_door_name = self.create_random_name(prefix='frontdoor', length=20)
         available_checks = [JMESPathCheck('nameAvailability', 'Available')]
@@ -50,7 +50,7 @@ def test_front_door_check_name_availability(self, resource_group):
         unavailable_checks = [JMESPathCheck('nameAvailability', "Not Available")]
         self.cmd(f'network front-door check-name-availability --name {front_door_name} --resource-type Microsoft.Network/frontdoors', checks=unavailable_checks)
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_front_door_purge_endpoint(self, resource_group):
         front_door_name = self.create_random_name(prefix='frontdoor', length=20)
 

src/front-door/azext_front_door/tests/latest/test_frontend_endpoint_scenarios.py

@@ -7,7 +7,7 @@
 
 class FrontendEndpointScenarioTests(ScenarioTest):
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_frontend_endpoint_basic(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),
@@ -19,7 +19,7 @@ def test_frontend_endpoint_basic(self, resource_group):
                  ])
         self.cmd('network front-door frontend-endpoint show -f {front_door} -g {rg} -n DefaultFrontendEndpoint ')
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_frontend_endpoint_wait(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),

src/front-door/azext_front_door/tests/latest/test_load_balancing_scenarios.py

@@ -7,7 +7,7 @@
 
 class LoadBalancingScenarioTest(ScenarioTest):
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_load_balancing_basic(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),

src/front-door/azext_front_door/tests/latest/test_probe_scenarios.py

@@ -7,7 +7,7 @@
 
 class ProbeScenarioTest(ScenarioTest):
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_probe_basic(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),

src/front-door/azext_front_door/tests/latest/test_route_rule_scenarios.py

@@ -7,7 +7,7 @@
 
 class RouteRuleScenarioTests(ScenarioTest):
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_route_rule_basic(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),

src/front-door/azext_front_door/tests/latest/test_rules_engine_scenarios.py

@@ -7,7 +7,7 @@
 
 class RulesEngineScenarioTests(ScenarioTest):
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_rules_engine_basic(self, resource_group):
         self.kwargs.update({
             'front_door': self.create_random_name('clifrontdoor', 20),

src/front-door/azext_front_door/tests/latest/test_waf_scenarios.py

@@ -12,7 +12,7 @@
 
 class WafTests(WafScenarioMixin, ScenarioTest):
     @live_only()  # --defer seems not work with VCR.py well
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_waf_log_scrubbing(self, resource_group):
         blockpolicy = self.create_random_name(prefix='cli', length=24)
         cmd = 'az network front-door waf-policy create -g {resource_group} -n {blockpolicy} --mode prevention --sku Standard_AzureFrontDoor'.format(**locals())
@@ -29,7 +29,7 @@ def test_waf_log_scrubbing(self, resource_group):
         self.assertEqual(result['policySettings']['logScrubbing']['state'], "Enabled")
 
     @live_only()  # --defer seems not work with VCR.py well
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_waf_policy_basic(self, resource_group):
         # multi-line comment below
         """
@@ -208,7 +208,7 @@ def test_waf_policy_basic(self, resource_group):
         self.assertEqual(len(result), 5)
         self.assertEqual(len([policy for policy in result if policy['name'] == blockpolicy]), 0)
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_waf_policy_custom_rule_matching(self, resource_group):
         # multi-line comment below
         """
@@ -272,7 +272,7 @@ def test_waf_policy_custom_rule_matching(self, resource_group):
             r = requests.post('http://{hostName}/'.format(**locals()), data="'key':'value'")
             self.assertEqual(r.status_code, 200)
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_waf_policy_managed_rules(self, resource_group):
         # multi-line comment below
         """
@@ -344,7 +344,7 @@ def test_waf_policy_managed_rules(self, resource_group):
         rule = [rule for rule in sqlGroup['rules'] if rule['ruleId'] == ruleid][0]
         self.assertEqual(rule['ruleId'], ruleid)
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     @live_only()  # --defer seems not work with VCR.py well
     def test_waf_policy_custom_rules(self, resource_group):
         # multi-line comment below
@@ -488,7 +488,7 @@ def test_waf_policy_custom_rules(self, resource_group):
         result = self.cmd(cmd).get_output_in_json()
         self.assertEqual(len(result), 2)
 
-    @ResourceGroupPreparer(location='westus')
+    @ResourceGroupPreparer(location='westus', additional_tags={'owner': 'jingnanxu'})
     def test_waf_exclusions(self, resource_group):
         # multi-line comment below
         """

src/front-door/setup.py

@@ -8,7 +8,7 @@
 from codecs import open
 from setuptools import setup, find_packages
 
-VERSION = "1.1.0"
+VERSION = "1.1.1"
 
 CLASSIFIERS = [
     'Development Status :: 4 - Beta',