search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.91k stars 2.87k forks source link

az network firewall policy rule-collection-group collection rule add #29011

Open jdjames1 opened 1 month ago

jdjames1 commented 1 month ago

Describe the bug

trying to add a new collection rule via azcli using azure shell fails with a "Cannot find corresponding rule."

documentation appears to be incorrect - https://learn.microsoft.com/en-us/cli/azure/network/firewall/policy/rule-collection-group/collection/rule?view=azure-cli-latest#az-network-firewall-policy-rule-collection-group-collection-rule-add

as --name and --rcg-name have the same description so its unclear what it should be.

within the json template it looks like this

        "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups",
        "apiVersion": "2023-11-01",
        "name": "[concat(parameters('firewallPolicies_AzFwPolTest_name'), '/testing312')]",
        "location": "uksouth",
        "dependsOn": [
            "[resourceId('Microsoft.Network/firewallPolicies', parameters('firewallPolicies_AzFwPolTest_name'))]

so a concat of the policy name and the actual name

Related command

az network firewall policy rule-collection-group collection rule add --collection-name TestRules --name testing1312 --policy-name $firewallPolicyName --resource-group $resourceGroupName --rcg-name testing312 --rule-type NetworkRule

Errors

"Cannot find corresponding rule."

Issue script & Debug output

cli.knack.cli: Command arguments: ['network', 'firewall', 'policy', 'rule-collection-group', 'collection', 'rule', 'add', '--collection-name', 'TestRules', '--name', 'testing1312', '--policy-name', 'AzFwPolTest', '--resource-group', 'AZFirewallTesting', '--rcg-name', 'testing312', '--rule-type', 'NetworkRule', '--debug'] cli.knack.cli: init debug log: Enable color in terminal. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f77745bc160>, <function OutputProducer.on_global_arguments at 0x7f77744d6d30>, <function CLIQuery.on_global_arguments at 0x7f777446c310>] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_firewall'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: network 0.776 115 353 cli.azure.cli.core: privatedns 0.023 14 60 cli.azure.cli.core: Total (2) 0.799 129 413 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_next'] cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: ai-examples 0.105 1 1 /usr/lib/python3.9/site-packages/azure-cli-extensions/ai-examples cli.azure.cli.core: azure-firewall 0.037 16 61 /home//.azure/cliextensions/azure-firewall cli.azure.cli.core: Total (2) 0.142 17 62
cli.azure.cli.core: Loaded 144 groups, 475 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : network firewall policy rule-collection-group collection rule add cli.azure.cli.core: Command table: network firewall policy rule-collection-group collection rule add cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f777391d820>] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home//.azure/commands/2024-05-23.14-44-26.network_firewall_policy_rule-collection-group_collection_rule_add.11697.log'. az_command_data_logger: command args: network firewall policy rule-collection-group collection rule add --collection-name {} --name {} --policy-name {} --resource-group {} --rcg-name {} --rule-type {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f77738c5430>] cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad [] cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f77738ec430>, <function register_cache_arguments..add_cache_arguments at 0x7f777388f310>] cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded [] cli.knack.cli: Event: CommandInvoker.OnPreParseArgs [] cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f77744d6dc0>, <function CLIQuery.handle_query_parameter at 0x7f777446c3a0>, <function register_ids_argument..parse_ids_arguments at 0x7f777388f280>] az_command_data_logger: extension name: azure-firewall az_command_data_logger: extension version: 1.0.1 This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342 urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 200 2284 msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://management.core.windows.net/'} cli.azure.cli.core.auth.adal_authentication: MSIAuthenticationWrapper.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={} urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342 urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 200 2284 msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://management.core.windows.net/'} cli.azure.cli.core.auth.adal_authentication: Normalize expires_on: '1716479762' -> 1716479762 cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/**/resourceGroups/AZFirewallTesting/providers/Microsoft.Network/firewallPolicies/AzFwPolTest/ruleCollectionGroups/testing312?api-version=2022-01-01' cli.azure.cli.core.sdk.policies: Request method: 'GET' cli.azure.cli.core.sdk.policies: Request headers: cli.azure.cli.core.sdk.policies: 'Accept': 'application/json' cli.azure.cli.core.sdk.policies: 'CommandName': 'network firewall policy rule-collection-group collection rule add' cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--collection-name --name --policy-name --resource-group --rcg-name --rule-type --debug' cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (RPM) azsdk-python-core/1.28.0 Python/3.9.19 (Linux-5.10.102.2-microsoft-standard-x86_64-with-glibc2.35) cloud-shell/1.0' cli.azure.cli.core.sdk.policies: 'Authorization': '*' cli.azure.cli.core.sdk.policies: Request body: cli.azure.cli.core.sdk.policies: This request has no body urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443 urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions//resourceGroups/AZFirewallTesting/providers/Microsoft.Network/firewallPolicies/AzFwPolTest/ruleCollectionGroups/testing312?api-version=2022-01-01 HTTP/1.1" 200 740 cli.azure.cli.core.sdk.policies: Response status: 200 cli.azure.cli.core.sdk.policies: Response headers: cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache' cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache' cli.azure.cli.core.sdk.policies: 'Content-Length': '740' cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8' cli.azure.cli.core.sdk.policies: 'Expires': '-1' cli.azure.cli.core.sdk.policies: 'ETag': '"e53a2253-db6c-4652-bf67-ea13cfc85e4a"' cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11999' cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '8588b8ac-2300-401c-a444-34421cf5a1a9' cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '8588b8ac-2300-401c-a444-34421cf5a1a9' cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTEUROPE:20240523T144426Z:8588b8ac-2300-401c-a444-34421cf5a1a9' cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains' cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff' cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE' cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 687E0A00538F4CDE8FD225302A84AF08 Ref B: AMS231020614031 Ref C: 2024-05-23T14:44:26Z' cli.azure.cli.core.sdk.policies: 'Date': 'Thu, 23 May 2024 14:44:26 GMT' cli.azure.cli.core.sdk.policies: Response content: cli.azure.cli.core.sdk.policies: { "properties": { "size": "0.00131321 MB", "priority": 101, "ruleCollections": [ { "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [], "name": "rulestesting312", "priority": 102 } ], "provisioningState": "Succeeded" }, "id": "/subscriptions/*/resourceGroups/AZFirewallTesting/providers/Microsoft.Network/firewallPolicies/AzFwPolTest/ruleCollectionGroups/testing312", "name": "testing312", "type": "Microsoft.Network/FirewallPolicies/RuleCollectionGroups", "etag": "e53a2253-db6c-4652-bf67-ea13cfc85e4a", "location": "uksouth" } cli.azure.cli.core.azclierror: Traceback (most recent call last): File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 664, in execute raise ex File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 731, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 712, in _run_job result = LongRunningOperation(cmd_copy.cli_ctx, 'Starting {}'.format(cmd_copy.name))(result) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 1039, in call result = poller.result() File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_poller.py", line 108, in result self.wait(timeout) File "/usr/lib64/az/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 76, in wrapper_use_tracer return func(args, kwargs) File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_poller.py", line 130, in wait raise self._exception File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_poller.py", line 83, in _start for polling_method in self._polling_generator: File "/home//.azure/cliextensions/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/_update.py", line 643, in _execute_operations self.pre_instance_update(self.ctx.vars.instance) File "/home//.azure/cliextensions/azure-firewall/azext_firewall/custom.py", line 1727, in pre_instance_update raise CLIError("Cannot find corresponding rule.") knack.util.CLIError: Cannot find corresponding rule.

cli.azure.cli.core.azclierror: Cannot find corresponding rule. az_command_data_logger: Cannot find corresponding rule. cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f777391da60>] az_command_data_logger: exit code: 1 cli.main: Command ran in 1.889 seconds (init: 0.175, invoke: 1.714) telemetry.main: Begin splitting cli events and extra events, total events: 1 telemetry.client: Accumulated 0 events. Flush the clients. telemetry.main: Finish splitting cli events and extra events, cli events: 1 telemetry.save: Save telemetry record of length 4245 in cache telemetry.main: Begin creating telemetry upload process. telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/**/.azure" telemetry.process: Return from creating process telemetry.main: Finish creating telemetry upload process.

Expected behavior

collection rule to be created.

Environment Summary

azure-cli 2.61.0

core 2.61.0 telemetry 1.1.0

Extensions: ai-examples 0.2.5 azure-firewall 1.0.1 ml 2.26.0 ssh 2.0.3

Dependencies: msal 1.28.0 azure-mgmt-resource 23.1.1

Python location '/usr/bin/python3.9' Extensions directory '/home/jonathan/.azure/cliextensions' Extensions system directory '/usr/lib/python3.9/site-packages/azure-cli-extensions'

Python (Linux) 3.9.19 (main, Mar 28 2024, 18:56:59) [GCC 11.2.0]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

yonzhan commented 1 month ago

Thank you for opening this issue, we will look into it.