Security admin rule update for 'virtual-network-manager' is dropping values. #6787

jago2136 · 2023-09-20T18:41:10Z

Describe the bug

When trying to update a security admin rule for AvNM, many of the properties are not making it to the request body. Source, Direction, and Protocol are the ones I have observed.

Related command

az network manager security-admin-config rule-collection rule update

Errors

The properties I define on the command line are not translated to the request body.

Issue script & Debug output

C:\Users\jaredgorthy>az network manager security-admin-config rule-collection rule update --configuration-name "secAdmin" --network-manager-name "jaredgorthy" --resource-group "jaredgorthy-testResources" --rule-collection-name "sampleRuleCollection" --rule-name "sampleRule" --access "Allow" --debug
cli.knack.cli: Command arguments: ['network', 'manager', 'security-admin-config', 'rule-collection', 'rule', 'update', '--configuration-name', 'secAdmin', '--network-manager-name', 'jaredgorthy', '--resource-group', 'jaredgorthy-testResources', '--rule-collection-name', 'sampleRuleCollection', '--rule-name', 'sampleRule', '--access', 'Allow', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x01E5A580>, <function OutputProducer.on_global_arguments at 0x0205B7C0>, <function CLIQuery.on_global_arguments at 0x02078418>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_network_manager']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: network 0.733 115 453
cli.azure.cli.core: privatedns 0.035 14 60
cli.azure.cli.core: Total (2) 0.768 129 513
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: virtual-network-manager 0.104 11 35 C:\Users\jaredgorthy.azure\cliextensions\virtual-network-manager
cli.azure.cli.core: Total (1) 0.104 11 35
cli.azure.cli.core: Loaded 138 groups, 548 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : network manager security-admin-config rule-collection rule update
cli.azure.cli.core: Command table: network manager security-admin-config rule-collection rule update
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x0423C730>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\jaredgorthy.azure\commands\2023-09-20.11-39-03.network_manager_security-admin-config_rule-collection_rule_update.4040.log'.
az_command_data_logger: command args: network manager security-admin-config rule-collection rule update --configuration-name {} --network-manager-name {} --resource-group {} --rule-collection-name {} --rule-name {} --access {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x04265D60>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x042A1CD0>, <function register_cache_arguments..add_cache_arguments at 0x042A1EC8>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x0205B808>, <function CLIQuery.handle_query_parameter at 0x02078460>, <function register_ids_argument..parse_ids_arguments at 0x042A1E80>]
az_command_data_logger: extension name: virtual-network-manager
az_command_data_logger: extension version: 1.0.0b2
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\jaredgorthy\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\jaredgorthy.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: c3b033b8-aa29-4a08-b621-015910832a4f
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/f0dc2b34-dfad-40e4-83e0-2309fed8d00b/resourceGroups/jaredgorthy-testResources/providers/Microsoft.Network/networkManagers/jaredgorthy/securityAdminConfigurations/secAdmin/ruleCollections/sampleRuleCollection/rules/sampleRule?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'f86b8ee5-57e4-11ee-8e45-a4ae1284d41e'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network manager security-admin-config rule-collection rule update'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--configuration-name --network-manager-name --resource-group --rule-collection-name --rule-name --access --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.52.0 (MSI) (AAZ) azsdk-python-core/1.26.0 Python/3.10.10 (Windows-10-10.0.22621-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/f0dc2b34-dfad-40e4-83e0-2309fed8d00b/resourceGroups/jaredgorthy-testResources/providers/Microsoft.Network/networkManagers/jaredgorthy/securityAdminConfigurations/secAdmin/ruleCollections/sampleRuleCollection/rules/sampleRule?api-version=2022-01-01 HTTP/1.1" 200 1068
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1068'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11999'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '7cd717bf-8e09-4292-b5df-146815b4e5be'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '7cd717bf-8e09-4292-b5df-146815b4e5be'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTUS2:20230920T183904Z:7cd717bf-8e09-4292-b5df-146815b4e5be'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: CA5473A133374176A34A4C773DBB38C1 Ref B: CO6AA3150219029 Ref C: 2023-09-20T18:39:02Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Wed, 20 Sep 2023 18:39:03 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"name":"sampleRule","id":"/subscriptions/f0dc2b34-dfad-40e4-83e0-2309fed8d00b/resourceGroups/jaredgorthy-testResources/providers/Microsoft.Network/networkManagers/jaredgorthy/securityAdminConfigurations/secAdmin/ruleCollections/sampleRuleCollection/rules/sampleRule","type":"Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules","etag":""26009b12-0000-0100-0000-650b39fb0000"","properties":{"description":"","flag":"","priority":1,"protocol":"Tcp","direction":"Outbound","access":"Deny","sources":[{"addressPrefixType":"IPPrefix","addressPrefix":""}],"destinations":[{"addressPrefixType":"IPPrefix","addressPrefix":""}],"sourcePortRanges":["0-65532"],"destinationPortRanges":["0-65535"],"provisioningState":"Succeeded","resourceGuid":"fe5bc401-e4f7-41de-a320-7fcb6df8265a"},"kind":"Custom","systemData":{"createdBy":"[email protected]","createdByType":"User","createdAt":"2022-11-01T17:41:04.6137946Z","lastModifiedBy":"[email protected]","lastModifiedByType":"User","lastModifiedAt":"2023-09-20T18:29:11.4777095Z"}}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/f0dc2b34-dfad-40e4-83e0-2309fed8d00b/resourceGroups/jaredgorthy-testResources/providers/Microsoft.Network/networkManagers/jaredgorthy/securityAdminConfigurations/secAdmin/ruleCollections/sampleRuleCollection/rules/sampleRule?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '346'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'f86b8ee5-57e4-11ee-8e45-a4ae1284d41e'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network manager security-admin-config rule-collection rule update'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--configuration-name --network-manager-name --resource-group --rule-collection-name --rule-name --access --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.52.0 (MSI) (AAZ) azsdk-python-core/1.26.0 Python/3.10.10 (Windows-10-10.0.22621-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"kind": "Custom", "properties": {"access": "Deny", "description": "", "destinationPortRanges": ["0-65535"], "destinations": [{"addressPrefix": "", "addressPrefixType": "IPPrefix"}], "direction": "Outbound", "priority": 1, "protocol": "Tcp", "sourcePortRanges": ["0-65532"], "sources": [{"addressPrefix": "", "addressPrefixType": "IPPrefix"}]}}
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/f0dc2b34-dfad-40e4-83e0-2309fed8d00b/resourceGroups/jaredgorthy-testResources/providers/Microsoft.Network/networkManagers/jaredgorthy/securityAdminConfigurations/secAdmin/ruleCollections/sampleRuleCollection/rules/sampleRule?api-version=2022-01-01 HTTP/1.1" 200 1028
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1028'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '1199'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '212e1552-734b-48c3-8c74-493e227d73cc'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '212e1552-734b-48c3-8c74-493e227d73cc'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTUS2:20230920T183906Z:212e1552-734b-48c3-8c74-493e227d73cc'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: D980150A2DC440D1B0C6713BE2409C05 Ref B: CO6AA3150219029 Ref C: 2023-09-20T18:39:04Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Wed, 20 Sep 2023 18:39:05 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"name":"sampleRule","id":"/subscriptions/f0dc2b34-dfad-40e4-83e0-2309fed8d00b/resourceGroups/jaredgorthy-testResources/providers/Microsoft.Network/networkManagers/jaredgorthy/securityAdminConfigurations/secAdmin/ruleCollections/sampleRuleCollection/rules/sampleRule","type":"Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules","etag":"","properties":{"description":"","flag":"","priority":1,"protocol":"Tcp","direction":"Outbound","access":"Deny","sources":[{"addressPrefixType":"IPPrefix","addressPrefix":""}],"destinations":[{"addressPrefixType":"IPPrefix","addressPrefix":""}],"sourcePortRanges":["0-65532"],"destinationPortRanges":["0-65535"],"provisioningState":"Succeeded","resourceGuid":"fe5bc401-e4f7-41de-a320-7fcb6df8265a"},"kind":"Custom","systemData":{"createdBy":"[email protected]","createdByType":"User","createdAt":"2022-11-01T17:41:04.6137946Z","lastModifiedBy":"[email protected]","lastModifiedByType":"User","lastModifiedAt":"2023-09-20T18:39:05.1981342Z"}}
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x04263F58>, <function x509_from_base64_to_hex_transform at 0x04263FA0>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult []
{
"access": "Deny",
"description": "",
"destinationPortRanges": [
"0-65535"
],
"destinations": [
{
"addressPrefix": "",
"addressPrefixType": "IPPrefix"
}
],
"direction": "Outbound",
"etag": "",
"id": "/subscriptions/f0dc2b34-dfad-40e4-83e0-2309fed8d00b/resourceGroups/jaredgorthy-testResources/providers/Microsoft.Network/networkManagers/jaredgorthy/securityAdminConfigurations/secAdmin/ruleCollections/sampleRuleCollection/rules/sampleRule",
"kind": "Custom",
"name": "sampleRule",
"priority": 1,
"protocol": "Tcp",
"provisioningState": "Succeeded",
"resourceGroup": "jaredgorthy-testResources",
"sourcePortRanges": [
"0-65532"
],
"sources": [
{
"addressPrefix": "",
"addressPrefixType": "IPPrefix"
}
],
"systemData": {
"createdAt": "2022-11-01T17:41:04.6137946Z",
"createdBy": "[email protected]",
"createdByType": "User",
"lastModifiedAt": "2023-09-20T18:39:05.1981342Z",
"lastModifiedBy": "[email protected]",
"lastModifiedByType": "User"
},
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules"
}
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x0423C850>]
az_command_data_logger: exit code: 0
cli.main: Command ran in 5.351 seconds (init: 0.648, invoke: 4.703)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3591 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init.pyc C:\Users\jaredgorthy.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

Expected behavior

I expect the properties defined in my command to be updated in the resource.

Environment Summary

azure-cli 2.52.0

core 2.52.0
telemetry 1.1.0

Extensions:
account 0.2.5
azure-devops 0.26.0
virtual-network-manager 1.0.0b2

Dependencies:
msal 1.24.0b1
azure-mgmt-resource 23.1.0b2

Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\jaredgorthy.azure\cliextensions'
Development extension sources:
C:\CLI_test\azure-cli-extensions

Python (Windows) 3.10.10 (tags/v3.10.10:aad5f6a, Feb 7 2023, 17:05:00) [MSC v.1929 32 bit (Intel)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

yonzhan · 2023-09-20T18:41:24Z

Thank you for opening this issue, we will look into it.

jago2136 added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Sep 20, 2023

microsoft-github-policy-service bot added the Network label Sep 20, 2023

microsoft-github-policy-service bot assigned necusjz Sep 20, 2023

microsoft-github-policy-service bot added Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 20, 2023

yonzhan removed the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Sep 21, 2023

yonzhan added this to the Backlog milestone Sep 21, 2023

calvinhzy mentioned this issue Oct 10, 2023

[Network-Manager] BREAKING CHANGE: Make some params required and remove some non-updatable params, fixes for upcoming GA #6843

Merged

3 tasks

calvinhzy closed this as completed in #6843 Oct 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security admin rule update for 'virtual-network-manager' is dropping values. #6787

Security admin rule update for 'virtual-network-manager' is dropping values. #6787

jago2136 commented Sep 20, 2023 •

edited

Loading

yonzhan commented Sep 20, 2023

Security admin rule update for 'virtual-network-manager' is dropping values. #6787

Security admin rule update for 'virtual-network-manager' is dropping values. #6787

Comments

jago2136 commented Sep 20, 2023 • edited Loading

Describe the bug

Related command

Errors

Issue script & Debug output

Expected behavior

Environment Summary

Additional context

yonzhan commented Sep 20, 2023

jago2136 commented Sep 20, 2023 •

edited

Loading