Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Network] az network watcher flow-log: Add support for --vnet, --subnet, --nic as target ID #23231

Merged
merged 7 commits into from
Jul 27, 2022
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions src/azure-cli/azure/cli/command_modules/network/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -7133,13 +7133,59 @@
--name MyFlowLog
--nsg MyNetworkSecurityGroupName
--storage-account account
- name: Create a flow log with VNet name
text: >
az network watcher flow-log create
--location westus
--resource-group MyResourceGroup
--name MyFlowLog
--vnet MyVNetName
--storage-account account
- name: Create a flow log with Subnet name
text: >
az network watcher flow-log create
--location westus
--resource-group MyResourceGroup
--name MyFlowLog
--vnet MyVNetName
--subnet MySubnetName
--storage-account account
- name: Create a flow log with NIC name
text: >
az network watcher flow-log create
--location westus
--resource-group MyResourceGroup
--name MyFlowLog
--nic MyNICName
--storage-account account
- name: Create a flow log with Network Security Group ID (could be in other resource group)
text: >
az network watcher flow-log create
--location westus
--name MyFlowLog
--nsg MyNetworkSecurityGroupID
--storage-account account
- name: Create a flow log with Virtual Network ID (could be in other resource group)
text: >
az network watcher flow-log create
--location westus
--name MyFlowLog
--vnet MyVNetID
--storage-account account
- name: Create a flow log with Subnet ID (could be in other resource group)
text: >
az network watcher flow-log create
--location westus
--name MyFlowLog
--subnet SubnetID
--storage-account account
- name: Create a flow log with Network Interface ID (could be in other resource group)
text: >
az network watcher flow-log create
--location westus
--name MyFlowLog
--nic MyNetworkInterfaceID
--storage-account account
"""

helps['network watcher flow-log list'] = """
Expand Down Expand Up @@ -7197,6 +7243,28 @@
--resource-group MyAnotherResourceGroup
--name MyFlowLog
--nsg MyNSG
- name: Update Virtual Network on another resource group
text: >
az network watcher flow-log update
--location westus
--resource-group MyAnotherResourceGroup
--name MyFlowLog
--vnet MyVNet
- name: Update Subnet on another resource group
text: >
az network watcher flow-log update
--location westus
--resource-group MyAnotherResourceGroup
--name MyFlowLog
--vnet MyVNet
--subnet MySubnet
- name: Update Network Interface on another resource group
text: >
az network watcher flow-log update
--location westus
--resource-group MyAnotherResourceGroup
--name MyFlowLog
--nic MyNIC
- name: Update Workspace on another resource group
text: >
az network watcher flow-log update
Expand Down
3 changes: 3 additions & 0 deletions src/azure-cli/azure/cli/command_modules/network/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -1728,6 +1728,9 @@ def load_arguments(self, _):
c.argument('retention', type=int, help='Number of days to retain logs')
c.argument('storage_account', help='Name or ID of the storage account in which to save the flow logs. '
'Must be in the same region of flow log.')
c.argument('vnet', options_list=['--vnet'], help='Name or ID of the Virtual Network Resource.')
c.argument('subnet', options_list=['--subnet'], help='Name or ID of Subnet')
c.argument('nic', options_list=['--nic'], help='Name or ID of the Network Interface (NIC) Resource.')

# temporary solution for compatible with old show command's parameter
# after old show command's parameter is deprecated and removed,
Expand Down
55 changes: 55 additions & 0 deletions src/azure-cli/azure/cli/command_modules/network/_validators.py
Original file line number Diff line number Diff line change
Expand Up @@ -1522,6 +1522,31 @@ def process_nw_test_connectivity_namespace(cmd, namespace):
namespace.headers = headers


def _process_vnet_name_and_id(vnet, cmd, resource_group_name):
from azure.cli.core.commands.client_factory import get_subscription_id
from msrestazure.tools import is_valid_resource_id, resource_id
if vnet and not is_valid_resource_id(vnet):
vnet = resource_id(
subscription=get_subscription_id(cmd.cli_ctx),
resource_group=resource_group_name,
namespace='Microsoft.Network',
type='virtualNetworks',
name=vnet)
return vnet


def _process_subnet_name_and_id(subnet, vnet, cmd, resource_group_name):
from azure.cli.core.azclierror import UnrecognizedArgumentError
from msrestazure.tools import is_valid_resource_id, resource_id
if subnet and not is_valid_resource_id(subnet):
vnet = _process_vnet_name_and_id(vnet, cmd, resource_group_name)
if vnet is None:
raise UnrecognizedArgumentError('vnet should be provided when input subnet name instead of subnet id')

subnet = vnet + f'/subnets/{subnet}'
return subnet

srisakthimaheswari marked this conversation as resolved.
Show resolved Hide resolved

def process_nw_flow_log_create_namespace(cmd, namespace):
"""
Flow Log is the sub-resource of Network Watcher, they must be in the same region and subscription.
Expand All @@ -1541,10 +1566,40 @@ def process_nw_flow_log_create_namespace(cmd, namespace):
if namespace.traffic_analytics_workspace and not is_valid_resource_id(namespace.traffic_analytics_workspace):
err_body = '--workspace ID / --workspace NAME --resource-group WORKSPACE_RESOURCE_GROUP'

if namespace.vnet and not is_valid_resource_id(namespace.vnet):
err_body = '--vnet ID / --vnet NAME --resource-group VNET_RESOURCE_GROUP'

if namespace.subnet and not is_valid_resource_id(namespace.subnet):
err_body = '--subnet ID / --subnet NAME --resource-group SUBNET_RESOURCE_GROUP'

if namespace.nic and not is_valid_resource_id(namespace.nic):
err_body = '--nic ID / --nic NAME --resource-group NIC_RESOURCE_GROUP'

if err_body is not None:
raise CLIError(err_tpl.format(err_body))

# for both create and update
if namespace.vnet and not is_valid_resource_id(namespace.vnet):
kwargs = {
'subscription': get_subscription_id(cmd.cli_ctx),
'resource_group': namespace.resource_group_name,
'namespace': 'Microsoft.Network',
'type': 'virtualNetworks',
'name': namespace.vnet
}
namespace.vnet = resource_id(**kwargs)
if namespace.subnet and not is_valid_resource_id(namespace.subnet):
namespace.subnet = _process_subnet_name_and_id(namespace.subnet,
namespace.vnet, cmd, namespace.resource_group_name)
if namespace.nic and not is_valid_resource_id(namespace.nic):
kwargs = {
'subscription': get_subscription_id(cmd.cli_ctx),
'resource_group': namespace.resource_group_name,
'namespace': 'Microsoft.Network',
'type': 'networkInterfaces',
'name': namespace.nic
}
namespace.nic = resource_id(**kwargs)
if namespace.nsg and not is_valid_resource_id(namespace.nsg):
kwargs = {
'subscription': get_subscription_id(cmd.cli_ctx),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1220,7 +1220,7 @@ def _make_singular(value):
'set_nsg_flow_logging',
validator=process_nw_flow_log_set_namespace,
deprecate_info=self.deprecate(redirect='network watcher flow-log create', hide=False))
g.custom_show_command('show', 'show_nsg_flow_logging', validator=process_nw_flow_log_show_namespace)
g.custom_show_command('show', 'show_nw_flow_logging', validator=process_nw_flow_log_show_namespace)

with self.command_group('network watcher flow-log',
network_watcher_flow_log_sdk,
Expand Down
43 changes: 34 additions & 9 deletions src/azure-cli/azure/cli/command_modules/network/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
from azure.cli.core.commands.client_factory import get_subscription_id, get_mgmt_service_client

from azure.cli.core.util import CLIError, sdk_no_wait, find_child_item, find_child_collection
from azure.cli.core.azclierror import InvalidArgumentValueError, RequiredArgumentMissingError, \
from azure.cli.core.azclierror import InvalidArgumentValueError, RequiredArgumentMissingError, MutuallyExclusiveArgumentError, \
UnrecognizedArgumentError, ResourceNotFoundError, CLIInternalError, ArgumentUsageError
from azure.cli.core.profiles import ResourceType, supported_api_version

Expand Down Expand Up @@ -6287,7 +6287,6 @@ def set_nsg_flow_logging(cmd, client, watcher_rg, watcher_name, nsg, storage_acc
config = LongRunningOperation(cmd.cli_ctx)(client.begin_get_flow_log_status(watcher_rg,
watcher_name,
flowlog_status_parameters))

try:
if not config.flow_analytics_configuration.network_watcher_flow_analytics_configuration.workspace_id:
config.flow_analytics_configuration = None
Expand Down Expand Up @@ -6350,7 +6349,7 @@ def set_nsg_flow_logging(cmd, client, watcher_rg, watcher_name, nsg, storage_acc

# combination of resource_group_name and nsg is for old output
# combination of location and flow_log_name is for new output
def show_nsg_flow_logging(cmd, client, watcher_rg, watcher_name, location=None, resource_group_name=None, nsg=None,
def show_nw_flow_logging(cmd, client, watcher_rg, watcher_name, location=None, resource_group_name=None, nsg=None,
flow_log_name=None):
# deprecated approach to show flow log
if nsg is not None:
Expand All @@ -6369,7 +6368,10 @@ def create_nw_flow_log(cmd,
watcher_rg,
watcher_name,
flow_log_name,
nsg,
nsg=None,
vnet=None,
subnet=None,
nic=None,
storage_account=None,
resource_group_name=None,
enabled=None,
Expand All @@ -6381,11 +6383,20 @@ def create_nw_flow_log(cmd,
traffic_analytics_enabled=None,
tags=None):
FlowLog = cmd.get_models('FlowLog')
flow_log = FlowLog(location=location,
target_resource_id=nsg,
storage_id=storage_account,
enabled=enabled,
tags=tags)

if sum(map(bool, [vnet, subnet, nic, nsg])) == 0:
raise RequiredArgumentMissingError("Please enter atleast one target resource ID.")
if sum(map(bool, [vnet, nic, nsg])) > 1:
raise MutuallyExclusiveArgumentError("Please enter only one target resource ID.")

if subnet is not None:
flow_log = FlowLog(location=location, target_resource_id=subnet, storage_id=storage_account, enabled=enabled, tags=tags)
elif vnet is not None and subnet is None:
flow_log = FlowLog(location=location, target_resource_id=vnet, storage_id=storage_account, enabled=enabled, tags=tags)
elif nic is not None:
flow_log = FlowLog(location=location, target_resource_id=nic, storage_id=storage_account, enabled=enabled, tags=tags)
elif nsg is not None:
flow_log = FlowLog(location=location, target_resource_id=nsg, storage_id=storage_account, enabled=enabled, tags=tags)

if retention > 0:
RetentionPolicyParameters = cmd.get_models('RetentionPolicyParameters')
Expand Down Expand Up @@ -6436,6 +6447,9 @@ def update_nw_flow_log(cmd,
resource_group_name=None, # dummy parameter to let it appear in command
enabled=None,
nsg=None,
vnet=None,
subnet=None,
nic=None,
storage_account=None,
retention=0,
log_format=None,
Expand All @@ -6448,6 +6462,17 @@ def update_nw_flow_log(cmd,
c.set_param('enabled', enabled)
c.set_param('tags', tags)
c.set_param('storage_id', storage_account)

if sum(map(bool, [vnet, nic, nsg])) > 1:
raise MutuallyExclusiveArgumentError("Please enter only one target resource ID.")

if subnet is not None:
c.set_param('target_resource_id', subnet)
elif vnet is not None and subnet is None:
c.set_param('target_resource_id', vnet)
elif nic is not None:
c.set_param('target_resource_id', nic)
else:
c.set_param('target_resource_id', nsg)

with cmd.update_context(instance.retention_policy) as c:
Expand Down
Loading