Skip to content

Commit

Permalink
[Firewall] az network firewall create: add support public-ip for vh…
Browse files Browse the repository at this point in the history
…ub sku firewall (#8253)

* change validation

* fix and test

* reove unused file

* update version

* Fix check
  • Loading branch information
Pan-Qi authored Nov 19, 2024
1 parent bcf51dc commit eb8290c
Show file tree
Hide file tree
Showing 5 changed files with 58,979 additions and 8 deletions.
3 changes: 3 additions & 0 deletions src/azure-firewall/HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
Release History
===============
1.2.2
++++++
* `az network firewall create`: add support public-ip for vhub sku firewall

1.2.1
++++++
Expand Down
25 changes: 19 additions & 6 deletions src/azure-firewall/azext_firewall/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -191,13 +191,26 @@ def _build_arguments_schema(cls, *args, **kwargs):

def pre_operations(self):
args = self.ctx.args
if has_value(args.public_ip_count) and has_value(args.public_ip):
raise CLIError(
'usage error: Cannot add both --public-ip-count and --public-ip at the same time.')
if has_value(args.sku):
sku = args.sku.to_serialized_data()
if sku.lower() == 'azfw_hub' and not all([args.virtual_hub, args.public_ip_count]):
raise CLIError(
'usage error: virtual hub and hub ip addresses are mandatory for azure firewall on virtual hub.')
if sku.lower() == 'azfw_hub' and has_value(args.allow_active_ftp):
raise CLIError('usage error: allow active ftp is not allowed for azure firewall on virtual hub.')
if sku.lower() == 'azfw_hub':
if not has_value(args.virtual_hub):
raise CLIError(
'usage error: virtual hub is mandatory for azure firewall on virtual hub.')
if not has_value(args.public_ip_count) and not has_value(args.public_ip):
raise CLIError(
'usage error: One of public-ip or public-ip-count should be provided for azure firewall on virtual hub.')
if has_value(args.allow_active_ftp):
raise CLIError('usage error: allow active ftp is not allowed for azure firewall on virtual hub.')

if has_value(args.public_ip):
args.ip_configurations = [{
"name": args.conf_name if has_value(args.conf_name) else "AzureFirewallIpConfiguration0",
"public_ip_address": args.public_ip}]

if has_value(args.firewall_policy) and any([args.enable_dns_proxy, args.dns_servers]):
raise CLIError('usage error: firewall policy and dns settings cannot co-exist.')

Expand Down Expand Up @@ -238,7 +251,7 @@ def pre_operations(self):
if has_value(args.route_server_id):
args.additional_properties['Network.RouteServerInfo.RouteServerID'] = args.route_server_id

if has_value(args.conf_name):
if has_value(args.conf_name) and has_value(args.sku) and sku.lower() == 'azfw_vnet':
subnet_id = resource_id(
subscription=get_subscription_id(self.cli_ctx),
resource_group=args.resource_group,
Expand Down
Loading

0 comments on commit eb8290c

Please sign in to comment.