search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.6k stars 2.81k forks source link

PaloAlto cloud ngfw firewall creation fails using azure.mgmt.paloaltonetworksngfw package #30618

Closed pythondev786 closed 1 year ago

pythondev786 commented 1 year ago

Describe the bug PaloAlto cloud NGFW creation fails with the following error Exception: (ResourceCreationFailed) ResourceCreationFailed: Internal Server Error Code: ResourceCreationFailed Message: ResourceCreationFailed: Internal Server Error

To Reproduce Run the following script. populate data variable with the values attached in the file data.txt before running the script


from azure.identity import DefaultAzureCredential
from azure.mgmt.paloaltonetworksngfw import PaloAltoNetworksNgfwMgmtClient

official_sub_id = '###################################'
credential = DefaultAzureCredential()
client = PaloAltoNetworksNgfwMgmtClient(credential=credential,
                    subscription_id=official_sub_id,
                    base_url='https://management.azure.com')

location = 'XXXXX'
subscription_id = 'XXXXX'
resource_group = 'automation'
fw_name = 'could-firewall-test-1'
pub_ip = '20.XX.XX.XX'
vnet_name = 'fw-hub'
ip_fw_trust = '10.0.0.4'

data = {}   #replace the line with the contents of attached file data.txt
firewall_res = client.firewalls.models.FirewallResource.from_dict(data=data)
result = client.firewalls.begin_create_or_update(resource_group_name='automation', firewall_name='cloud-firewall-test-2', resource=firewall_res)```

[Uploading data.txt…]()

**Expected behavior**
PaloAlto networks cloud ngfw firewall should be created

**Additional context**
Re-tried by changing the locations multiple times but same error was seen
pythondev786 commented 1 year ago

I see file is not uploaded properly. Hence posting the daya value below

data = {'associated_rulestack': {'location': location,
                          'resource_id': f'/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/PaloAltoNetworks.Cloudngfw/localRulestacks/{fw_name}-lrs',
                          'rulestack_id': f'SUBSCRIPTION~{subscription_id}~RG~{resource_group}~STACK~{fw_name}-lrs'},
 'dns_settings': {'enable_dns_proxy': 'DISABLED', 'enabled_dns_type': 'CUSTOM'},
 'id': f'/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/PaloAltoNetworks.Cloudngfw/firewalls/{fw_name}',
 'is_panorama_managed': 'FALSE',
 'location': location,
 'marketplace_details': {'offer_id': 'pan_swfw_cloud_ngfw',
                         'publisher_id': 'paloaltonetworks'},
 'name': fw_name,
 'network_profile': {'egress_nat_ip': [{'address': f'{pub_ip}',
                                        'resource_id': f'/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Network/publicIPAddresses/{fw_name}-public-ip'}],
                     'enable_egress_nat': 'ENABLED',
                     'network_type': 'VNET',
                     'public_ips': [{'address': pub_ip,
                                     'resource_id': f'/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Network/publicIPAddresses/{fw_name}-public-ip'}],
                     'vnet_configuration': {'ip_of_trust_subnet_for_udr': {'address': ip_fw_trust},
                                            'trust_subnet': {'resource_id': f'/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Network/virtualNetworks/{vnet_name}-vnet/subnets/subnet1'},
                                            'un_trust_subnet': {'resource_id': f'/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Network/virtualNetworks/{vnet_name}-vnet/subnets/subnet2'},
                                            'vnet': {'resource_id': f'/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Network/virtualNetworks/{vnet_name}-vnet'}}},

 'plan_data': {'billing_cycle': 'MONTHLY',
               'plan_id': 'XXXXX',
               'usage_type': 'PAYG'},
 'provisioning_state': 'Succeeded',
 'type': 'paloaltonetworks.cloudngfw/firewalls'}
kashifkhan commented 1 year ago

Thank you for your feedback @pythondev786 . We will investigate and get back to you asap.

msyyc commented 1 year ago

When use json-like object, please use camel-case instead of snake-case. Here is detailed info: https://github.com/Azure/azure-sdk-for-python/issues/30544#issuecomment-1571277159. And there are also sample which may help: https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/paloaltonetworks/azure-mgmt-paloaltonetworksngfw/generated_samples/firewalls_create_or_update_maximum_set_gen.py

github-actions[bot] commented 1 year ago

Hi @pythondev786. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

pythondev786 commented 1 year ago

Hi @msyyc, Thanks for your inputs along with link to examples. I see some of the parameters I had used were not correct. I'll try it again with correct parameters and open a ticket if this is really an issue.