Open LeoH2K opened 1 year ago
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @fwsuppgithub.
Author: | LeoH2K |
---|---|
Assignees: | - |
Labels: | `Service Attention`, `bug`, `customer-reported`, `Network - Firewall` |
Milestone: | - |
Any update on this? We've got a requirement to automate Azure FW policies through PowerShell and this AzModule command just doesn't work.
> $RG = 'rg-FW'
> $FWP = 'FirewallPolicy_test-1-fw_premium_07600a'
> $fw = 'test-1-fw'
> $RCGName = 'lewisRuleCollectionGroup'
> $fwobj = Get-AzFirewall -ResourceGroupName $rg -Name $fw
> $FWPObj = Get-AzFirewallPolicy -ResourceGroupName $rg -Name $FWP
> $RCGID = $FWPObj.RuleCollectionGroups.where({ $_.id -match $RCGName })[0].id
#This doesn't work
> $DebugPreference='Continue'
> $RCGobj = Get-AzFirewallPolicyRuleCollectionGroup -ResourceId $RCGID -debug -verbose
> Get-AzFirewallPolicyRuleCollectionGroup -ResourceId $rcgobj.Properties.id -Debug -Verbose
DEBUG: 3:24:48 PM - GetAzureFirewallPolicyRuleCollectionGroupCommand begin processing with ParameterSet 'GetByResourceIdParameterSet'.
DEBUG: 3:24:48 PM - using account id 'test@infrapractice.3cloudsolutions.com'...
DEBUG: 3:24:48 PM - [ConfigManager] Got [False] from [DisplayBreakingChangeWarning], Module = [], Cmdlet = [].
DEBUG: 3:24:48 PM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:24:48 PM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: AzureQoSEvent: Module: Az.Network:6.2.0; CommandName: Get-AzFirewallPolicyRuleCollectionGroup; PSVersion: 7.3.9; IsSuccess: True; Duration: 00:00:00.0005601
DEBUG: 3:24:48 PM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: 3:24:48 PM - GetAzureFirewallPolicyRuleCollectionGroupCommand end processing.
DEBUG: Setting WindowTitle: Test [main] - PowerShell 7.3 (53148)
> Resolve-AzError
DEBUG: 3:24:50 PM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 3:24:50 PM - using account id 'test@infrapractice.3cloudsolutions.com'...
DEBUG: 3:24:50 PM - [ConfigManager] Got [False] from [DisplayBreakingChangeWarning], Module = [], Cmdlet = [].
DEBUG: 3:24:50 PM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:24:50 PM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: AzureQoSEvent: Module: Az.Accounts:2.13.0; CommandName: Resolve-AzError; PSVersion: 7.3.9; IsSuccess: True; Duration: 00:00:00.0006650
DEBUG: 3:24:50 PM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: 3:24:50 PM - ResolveError end processing.
DEBUG: Setting WindowTitle: Test [main] - PowerShell 7.3 (53148)
> $RCGIDArray = $RCGID -split "/"
> $RCGobj = Get-AzFirewallPolicyRuleCollectionGroup -ResourceGroupName $RCGIDArray[4] -AzureFirewallPolicyName $RCGIDArray[8] -Name $RCGIDArray[10]
$RCGobj = Get-AzFirewallPolicyRuleCollectionGroup -ResourceGroupName $RCGIDArray[4] -AzureFirewallPolicyName $RCGIDArray[8] -Name $RCGIDArray[10] -debug
DEBUG: 3:29:43 PM - GetAzureFirewallPolicyRuleCollectionGroupCommand begin processing with ParameterSet 'GetByNameParameterSet'.
DEBUG: 3:29:43 PM - using account id 'test@infrapractice.3cloudsolutions.com'...
DEBUG: 3:29:43 PM - [ConfigManager] Got [False] from [DisplayBreakingChangeWarning], Module = [], Cmdlet = [].
DEBUG: [Common.Authentication]: Authenticating using Account: 'test@infrapractice.3cloudsolutions.com', environment: 'AzureCloud', tenant: 'Tenant-id-11-22-33-44'
DEBUG: 3:29:43 PM - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 3:29:43 PM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'Tenant-id-11-22-33-44', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'test@infrapractice.3cloudsolutions.com'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - be061e56-881b-4a38-bef3-86a51727d989] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - be061e56-881b-4a38-bef3-86a51727d989] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - be061e56-881b-4a38-bef3-86a51727d989] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - be061e56-881b-4a38-bef3-86a51727d989] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - be061e56-881b-4a38-bef3-86a51727d989] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z] Found 1 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z] Returning 1 accounts
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] MSAL MSAL.NetCore with assembly version '4.49.1.0'. CorrelationId(b671289e-fe10-4bb6-8260-e619aa82f69f)
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] LoginHint provided: False
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] Account provided: True
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] ForceRefresh: False
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - b671289e-fe10-4bb6-8260-e619aa82f69f
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] Access token is not expired. Returning the found cache entry. [Current time (11/10/2023 21:29:43) - Expiration Time (11/10/2023 22:36:55 +00:00) - Extended Expiration Time (11/10/2023 22:36:55 +00:00)]
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22621 [2023-11-10 21:29:43Z - b671289e-fe10-4bb6-8260-e619aa82f69f] AT expiration time: 11/10/2023 10:36:55 PM +00:00, scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: Cache
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2023-11-10T22:36:55.0000000+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'Tenant-id-11-22-33-44', UserId: 'test@infrapractice.3cloudsolutions.com'
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://management.azure.com/subscriptions/sub-id-11-22-33-44/resourceGroups/rg-FW/providers/Microsoft.Network/firewallPolicies/FirewallPolicy_test-1-fw_premium_07600a/ruleCollectionGroups/LewisRuleCollectionGroup?api-version=2023-05-01
Headers:
Accept-Language : en-US
x-ms-client-request-id : 48ea5edf-2fa9-4eda-97bd-745cd0dc7ef1
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Cache-Control : no-cache
Pragma : no-cache
ETag : "ddfa4a53-dbcd-4eae-9909-eba9ef0a0ad4"
Server : Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-reads: 11999
x-ms-request-id : 1e4dae38-90a1-4a2a-b58f-df6c462f1b21
x-ms-correlation-request-id : 1e4dae38-90a1-4a2a-b58f-df6c462f1b21
x-ms-routing-request-id : NORTHCENTRALUS:20231110T212936Z:1e4dae38-90a1-4a2a-b58f-df6c462f1b21
Strict-Transport-Security : max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
Date : Fri, 10 Nov 2023 21:29:36 GMT
Body:
{
"properties": {
"size": "0.00139904 MB",
"priority": 1000,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"action": {
"type": "Allow"
},
"rules": [
{
"ruleType": "NetworkRule",
"ipv6Rule": false,
"name": "test1",
"ipProtocols": [
"Any"
],
"sourceAddresses": [
"1.1.1.1"
],
"sourceIpGroups": [],
"destinationAddresses": [
"10.1.1.1"
],
"destinationIpGroups": [],
"destinationFqdns": [],
"destinationPorts": [
"53"
]
}
],
"name": "LewisNetworkRuleCollection",
"priority": 1999
}
],
"provisioningState": "Succeeded"
},
"id": "/subscriptions/sub-id-11-22-33-44/resourceGroups/rg-FW/providers/Microsoft.Network/firewallPolicies/FirewallPolicy_test-1-fw_premium_07600a/ruleCollectionGroups/LewisRuleCollectionGroup",
"name": "LewisRuleCollectionGroup",
"type": "Microsoft.Network/FirewallPolicies/RuleCollectionGroups",
"etag": "ddfa4a53-dbcd-4eae-9909-eba9ef0a0ad4",
"location": "eastus"
}
DEBUG: 3:29:43 PM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:29:43 PM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: AzureQoSEvent: Module: Az.Network:6.2.0; CommandName: Get-AzFirewallPolicyRuleCollectionGroup; PSVersion: 7.3.9; IsSuccess: True; Duration: 00:00:00.5467800
DEBUG: 3:29:43 PM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: 3:29:43 PM - GetAzureFirewallPolicyRuleCollectionGroupCommand end processing.
DEBUG: Setting WindowTitle: test [main] - PowerShell 7.3 (53148)
dsf
Any update on this?
Come on guys, still broken. Could someone look into this?
Description
Get-AzFirewallPolicyRuleCollectionGroup
source code has the parameter for resourceid but not used in theexecutecmdlet
. When I run the cmdlet, returns nothing but accepts the Resource ID string.Issue script & Debug output
Environment data
Module versions
Error output