From cf3501362b0ef76e6517286bda1b828ba53604d9 Mon Sep 17 00:00:00 2001 From: Jianhui Harold Date: Tue, 2 Jun 2020 10:46:27 +0800 Subject: [PATCH] [Firewall] Add dns proxy settings for network firewall (#1795) --- src/azure-firewall/azext_firewall/_params.py | 9 +- src/azure-firewall/azext_firewall/custom.py | 20 +- .../test_azure_firewall_ip_config.yaml | 12 +- ...t_azure_firewall_management_ip_config.yaml | 28 +- ...t_azure_firewall_with_firewall_policy.yaml | 8 +- .../test_firewall_with_dns_proxy.yaml | 714 ++++++++++++++++++ .../latest/test_azure_firewall_scenario.py | 34 + 7 files changed, 798 insertions(+), 27 deletions(-) create mode 100644 src/azure-firewall/azext_firewall/tests/latest/recordings/test_firewall_with_dns_proxy.yaml diff --git a/src/azure-firewall/azext_firewall/_params.py b/src/azure-firewall/azext_firewall/_params.py index 3503aa0b313..c8ab79ef356 100644 --- a/src/azure-firewall/azext_firewall/_params.py +++ b/src/azure-firewall/azext_firewall/_params.py @@ -7,7 +7,8 @@ import argparse from azure.cli.core.commands.parameters import ( - get_resource_name_completion_list, tags_type, get_enum_type, get_location_type, zones_type) + get_resource_name_completion_list, tags_type, get_enum_type, get_location_type, zones_type, + get_three_state_flag) from azure.cli.core.commands.validators import get_default_location_from_resource_group from knack.arguments import CLIArgumentType @@ -56,6 +57,12 @@ def load_arguments(self, _): 'The default sku in server end is AZFW_VNet. ' 'If you want to attach azure firewall to vhub, you should set sku to AZFW_Hub.') c.argument('private_ranges', nargs='+', validator=process_private_ranges, help='Space-separated list of SNAT private range. Validate values are single Ip, Ip prefixes or a single special value "IANAPrivateRanges"') + + with self.argument_context('network firewall', arg_group='DNS') as c: + c.argument('dns_servers', nargs='+', help='Space-separated list of DNS server IP addresses') + c.argument('enable_dns_proxy', arg_type=get_three_state_flag(), help='Enable DNS Proxy') + c.argument('dns_require_proxy_for_network_rules', arg_type=get_three_state_flag(), help='Requires DNS Proxy functionality for FQDNs within Network Rules') + with self.argument_context('network firewall threat-intel-whitelist') as c: c.argument('ip_addresses', nargs='+', validator=process_threat_intel_whitelist_ip_addresses, help='Space-separated list of IPv4 addresses.') c.argument('fqdns', nargs='+', validator=process_threat_intel_whitelist_fqdns, help='Space-separated list of FQDNs.') diff --git a/src/azure-firewall/azext_firewall/custom.py b/src/azure-firewall/azext_firewall/custom.py index 4fde57aff56..2a7806653a8 100644 --- a/src/azure-firewall/azext_firewall/custom.py +++ b/src/azure-firewall/azext_firewall/custom.py @@ -65,7 +65,8 @@ def _find_item_at_path(instance, path): # region AzureFirewall def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, location=None, tags=None, zones=None, private_ranges=None, firewall_policy=None, - virtual_hub=None, sku=None): + virtual_hub=None, sku=None, + dns_servers=None, enable_dns_proxy=None, dns_require_proxy_for_network_rules=None): client = network_client_factory(cmd.cli_ctx).azure_firewalls AzureFirewall, SubResource, AzureFirewallSku = cmd.get_models('AzureFirewall', 'SubResource', 'AzureFirewallSku') sku_instance = AzureFirewallSku(name=sku, tier='Standard') @@ -80,11 +81,18 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio if firewall.additional_properties is None: firewall.additional_properties = {} firewall.additional_properties['Network.SNAT.PrivateRanges'] = private_ranges + + firewall.additional_properties['DNSEnableProxy'] = enable_dns_proxy if enable_dns_proxy is not None else False + firewall.additional_properties['DNSRequireProxyForNetworkRules'] = \ + dns_require_proxy_for_network_rules if dns_require_proxy_for_network_rules is not None else True + firewall.additional_properties['DNSServer'] = dns_servers + return client.create_or_update(resource_group_name, azure_firewall_name, firewall) def update_azure_firewall(cmd, instance, tags=None, zones=None, private_ranges=None, - firewall_policy=None, virtual_hub=None): + firewall_policy=None, virtual_hub=None, + dns_servers=None, enable_dns_proxy=None, dns_require_proxy_for_network_rules=None): SubResource = cmd.get_models('SubResource') if tags is not None: instance.tags = tags @@ -101,6 +109,14 @@ def update_azure_firewall(cmd, instance, tags=None, zones=None, private_ranges=N instance.virtual_hub = None else: instance.virtual_hub = SubResource(id=virtual_hub) + + if enable_dns_proxy is not None: + instance.additional_properties['DNSEnableProxy'] = enable_dns_proxy + if dns_require_proxy_for_network_rules is not None: + instance.additional_properties['DNSRequireProxyForNetworkRules'] = dns_require_proxy_for_network_rules + if dns_servers is not None: + instance.additional_properties['DNSServer'] = dns_servers + return instance diff --git a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_ip_config.yaml b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_ip_config.yaml index b8af428ac75..3d450216990 100644 --- a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_ip_config.yaml +++ b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_ip_config.yaml @@ -285,7 +285,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip\",\r\n @@ -391,7 +391,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip\",\r\n @@ -502,7 +502,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip2\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2\",\r\n @@ -608,7 +608,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip2\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2\",\r\n @@ -720,7 +720,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet\",\r\n @@ -835,7 +835,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet\",\r\n diff --git a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_management_ip_config.yaml b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_management_ip_config.yaml index da8450d3aaf..03f565035d0 100644 --- a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_management_ip_config.yaml +++ b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_management_ip_config.yaml @@ -285,7 +285,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip\",\r\n @@ -391,7 +391,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip\",\r\n @@ -502,7 +502,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip2\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2\",\r\n @@ -608,7 +608,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip2\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip2\",\r\n @@ -719,7 +719,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip3?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip3?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip3\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip3\",\r\n @@ -825,7 +825,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip3?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip3?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip3\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip3\",\r\n @@ -936,7 +936,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip4?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip4?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip4\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip4\",\r\n @@ -1042,7 +1042,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip4?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip4?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip4\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/publicIPAddresses/pubip4\",\r\n @@ -1154,7 +1154,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet\",\r\n @@ -1269,7 +1269,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet\",\r\n @@ -1389,7 +1389,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet2?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet2?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet2\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet2\",\r\n @@ -1504,7 +1504,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet2?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet2?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet2\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet2\",\r\n @@ -1624,7 +1624,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet4?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet4?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet4\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet4\",\r\n @@ -1739,7 +1739,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet4?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet4?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet4\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_management_ip_config000001/providers/Microsoft.Network/virtualNetworks/myvnet4\",\r\n diff --git a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_with_firewall_policy.yaml b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_with_firewall_policy.yaml index 724f61d1083..f84f50d7362 100644 --- a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_with_firewall_policy.yaml +++ b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_with_firewall_policy.yaml @@ -8457,7 +8457,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/publicIPAddresses/pubip\",\r\n @@ -8565,7 +8565,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/publicIPAddresses/pubip?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"pubip\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/publicIPAddresses/pubip\",\r\n @@ -8632,7 +8632,7 @@ interactions: accept-language: - en-US method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/virtualNetworks/myvnet\",\r\n @@ -8749,7 +8749,7 @@ interactions: - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.0.81 method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/virtualNetworks/myvnet?api-version=2020-04-01 response: body: string: "{\r\n \"name\": \"myvnet\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_azure_firewall_with_firewall_policy000001/providers/Microsoft.Network/virtualNetworks/myvnet\",\r\n diff --git a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_firewall_with_dns_proxy.yaml b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_firewall_with_dns_proxy.yaml new file mode 100644 index 00000000000..94f00291068 --- /dev/null +++ b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_firewall_with_dns_proxy.yaml @@ -0,0 +1,714 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall create + Connection: + - keep-alive + ParameterSetName: + - -g -n --dns-servers --dns-proxy-enabled --dns-require-proxy-for-network-rules + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-resource/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/test_firewall_with_dns_proxy000001?api-version=2019-07-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001","name":"test_firewall_with_dns_proxy000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2020-06-01T08:30:44Z","StorageType":"Standard_LRS","type":"test"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '471' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:30:47 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus", "properties": {"additionalProperties": {"DNSEnableProxy": + "False", "DNSRequireProxyForNetworkRules": "False", "DNSServer": "[''10.0.0.2'', + ''10.0.0.3'']"}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall create + Connection: + - keep-alive + Content-Length: + - '175' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - -g -n --dns-servers --dns-proxy-enabled --dns-require-proxy-for-network-rules + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: "{\r\n \"name\": \"fw01\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01\"\ + ,\r\n \"etag\": \"W/\\\"be67484c-e034-4bf8-b703-094328e0f8e3\\\"\",\r\n \ + \ \"type\": \"Microsoft.Network/azureFirewalls\",\r\n \"location\": \"westus\"\ + ,\r\n \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n \ + \ \"sku\": {\r\n \"name\": \"AZFW_VNet\",\r\n \"tier\": \"Standard\"\ + \r\n },\r\n \"threatIntelMode\": \"Alert\",\r\n \"additionalProperties\"\ + : {\r\n \"DNSEnableProxy\": \"False\",\r\n \"DNSRequireProxyForNetworkRules\"\ + : \"False\",\r\n \"DNSServer\": \"['10.0.0.2', '10.0.0.3']\"\r\n },\r\ + \n \"ipConfigurations\": [],\r\n \"networkRuleCollections\": [],\r\n\ + \ \"applicationRuleCollections\": [],\r\n \"natRuleCollections\": []\r\ + \n }\r\n}" + headers: + azure-asyncnotification: + - Enabled + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/0fcb15d5-8798-407a-8807-13d6491ac9ee?api-version=2019-11-01 + cache-control: + - no-cache + content-length: + - '829' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:30:53 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - 9025b040-2c74-46c4-8365-c1032f641617 + x-ms-ratelimit-remaining-subscription-writes: + - '1196' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall create + Connection: + - keep-alive + ParameterSetName: + - -g -n --dns-servers --dns-proxy-enabled --dns-require-proxy-for-network-rules + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/0fcb15d5-8798-407a-8807-13d6491ac9ee?api-version=2019-11-01 + response: + body: + string: "{\r\n \"status\": \"Succeeded\"\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '29' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - a7e19e51-ed79-4d81-98f5-d64ee543e876 + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall create + Connection: + - keep-alive + ParameterSetName: + - -g -n --dns-servers --dns-proxy-enabled --dns-require-proxy-for-network-rules + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: "{\r\n \"name\": \"fw01\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01\"\ + ,\r\n \"etag\": \"W/\\\"71ed3ada-1a10-4d1c-9a88-ac658a1743aa\\\"\",\r\n \ + \ \"type\": \"Microsoft.Network/azureFirewalls\",\r\n \"location\": \"westus\"\ + ,\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n\ + \ \"sku\": {\r\n \"name\": \"AZFW_VNet\",\r\n \"tier\": \"Standard\"\ + \r\n },\r\n \"threatIntelMode\": \"Alert\",\r\n \"additionalProperties\"\ + : {\r\n \"DNSEnableProxy\": \"False\",\r\n \"DNSRequireProxyForNetworkRules\"\ + : \"False\",\r\n \"DNSServer\": \"['10.0.0.2', '10.0.0.3']\"\r\n },\r\ + \n \"ipConfigurations\": [],\r\n \"networkRuleCollections\": [],\r\n\ + \ \"applicationRuleCollections\": [],\r\n \"natRuleCollections\": []\r\ + \n }\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '830' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:05 GMT + etag: + - W/"71ed3ada-1a10-4d1c-9a88-ac658a1743aa" + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - 3213d278-3905-4ff9-86ba-0e1e3f08a55d + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall show + Connection: + - keep-alive + ParameterSetName: + - -g -n + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: "{\r\n \"name\": \"fw01\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01\"\ + ,\r\n \"etag\": \"W/\\\"71ed3ada-1a10-4d1c-9a88-ac658a1743aa\\\"\",\r\n \ + \ \"type\": \"Microsoft.Network/azureFirewalls\",\r\n \"location\": \"westus\"\ + ,\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n\ + \ \"sku\": {\r\n \"name\": \"AZFW_VNet\",\r\n \"tier\": \"Standard\"\ + \r\n },\r\n \"threatIntelMode\": \"Alert\",\r\n \"additionalProperties\"\ + : {\r\n \"DNSEnableProxy\": \"False\",\r\n \"DNSRequireProxyForNetworkRules\"\ + : \"False\",\r\n \"DNSServer\": \"['10.0.0.2', '10.0.0.3']\"\r\n },\r\ + \n \"ipConfigurations\": [],\r\n \"networkRuleCollections\": [],\r\n\ + \ \"applicationRuleCollections\": [],\r\n \"natRuleCollections\": []\r\ + \n }\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '830' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:05 GMT + etag: + - W/"71ed3ada-1a10-4d1c-9a88-ac658a1743aa" + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - 7fb472a4-f395-4701-b893-26d41748cfff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall update + Connection: + - keep-alive + ParameterSetName: + - -g -n --dns-proxy-enabled + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: "{\r\n \"name\": \"fw01\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01\"\ + ,\r\n \"etag\": \"W/\\\"71ed3ada-1a10-4d1c-9a88-ac658a1743aa\\\"\",\r\n \ + \ \"type\": \"Microsoft.Network/azureFirewalls\",\r\n \"location\": \"westus\"\ + ,\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n\ + \ \"sku\": {\r\n \"name\": \"AZFW_VNet\",\r\n \"tier\": \"Standard\"\ + \r\n },\r\n \"threatIntelMode\": \"Alert\",\r\n \"additionalProperties\"\ + : {\r\n \"DNSEnableProxy\": \"False\",\r\n \"DNSRequireProxyForNetworkRules\"\ + : \"False\",\r\n \"DNSServer\": \"['10.0.0.2', '10.0.0.3']\"\r\n },\r\ + \n \"ipConfigurations\": [],\r\n \"networkRuleCollections\": [],\r\n\ + \ \"applicationRuleCollections\": [],\r\n \"natRuleCollections\": []\r\ + \n }\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '830' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:07 GMT + etag: + - W/"71ed3ada-1a10-4d1c-9a88-ac658a1743aa" + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - 5e4f3e55-7cdd-40bc-a63f-972a22e6d91e + status: + code: 200 + message: OK +- request: + body: 'b''{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01", + "location": "westus", "properties": {"applicationRuleCollections": [], "natRuleCollections": + [], "networkRuleCollections": [], "ipConfigurations": [], "threatIntelMode": + "Alert", "sku": {"name": "AZFW_VNet", "tier": "Standard"}, "additionalProperties": + {"DNSEnableProxy": "True", "DNSRequireProxyForNetworkRules": "False", "DNSServer": + "[\''10.0.0.2\'', \''10.0.0.3\'']"}}}''' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall update + Connection: + - keep-alive + Content-Length: + - '566' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - -g -n --dns-proxy-enabled + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: "{\r\n \"name\": \"fw01\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01\"\ + ,\r\n \"etag\": \"W/\\\"b31ab246-14d7-481b-a14f-1c0abf861264\\\"\",\r\n \ + \ \"type\": \"Microsoft.Network/azureFirewalls\",\r\n \"location\": \"westus\"\ + ,\r\n \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n \ + \ \"sku\": {\r\n \"name\": \"AZFW_VNet\",\r\n \"tier\": \"Standard\"\ + \r\n },\r\n \"threatIntelMode\": \"Alert\",\r\n \"additionalProperties\"\ + : {\r\n \"DNSEnableProxy\": \"True\",\r\n \"DNSRequireProxyForNetworkRules\"\ + : \"False\",\r\n \"DNSServer\": \"['10.0.0.2', '10.0.0.3']\"\r\n },\r\ + \n \"ipConfigurations\": [],\r\n \"networkRuleCollections\": [],\r\n\ + \ \"applicationRuleCollections\": [],\r\n \"natRuleCollections\": []\r\ + \n }\r\n}" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/3a2fe600-4230-4a1e-8280-fa876f4eb198?api-version=2019-11-01 + cache-control: + - no-cache + content-length: + - '828' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - 269142ab-934c-4344-83f8-527dc85bbd7d + x-ms-ratelimit-remaining-subscription-writes: + - '1197' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall update + Connection: + - keep-alive + ParameterSetName: + - -g -n --dns-proxy-enabled + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/3a2fe600-4230-4a1e-8280-fa876f4eb198?api-version=2019-11-01 + response: + body: + string: "{\r\n \"status\": \"Succeeded\"\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '29' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:19 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - f9ece1a5-9c7b-4d81-8c62-9b89ccba86e0 + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall update + Connection: + - keep-alive + ParameterSetName: + - -g -n --dns-proxy-enabled + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: "{\r\n \"name\": \"fw01\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01\"\ + ,\r\n \"etag\": \"W/\\\"4d908590-c125-4f7f-bb03-f87318852b9c\\\"\",\r\n \ + \ \"type\": \"Microsoft.Network/azureFirewalls\",\r\n \"location\": \"westus\"\ + ,\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n\ + \ \"sku\": {\r\n \"name\": \"AZFW_VNet\",\r\n \"tier\": \"Standard\"\ + \r\n },\r\n \"threatIntelMode\": \"Alert\",\r\n \"additionalProperties\"\ + : {\r\n \"DNSEnableProxy\": \"True\",\r\n \"DNSRequireProxyForNetworkRules\"\ + : \"False\",\r\n \"DNSServer\": \"['10.0.0.2', '10.0.0.3']\"\r\n },\r\ + \n \"ipConfigurations\": [],\r\n \"networkRuleCollections\": [],\r\n\ + \ \"applicationRuleCollections\": [],\r\n \"natRuleCollections\": []\r\ + \n }\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '829' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:19 GMT + etag: + - W/"4d908590-c125-4f7f-bb03-f87318852b9c" + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - a3722b9a-bb7d-4ca0-9402-6227ff8d6e0a + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall show + Connection: + - keep-alive + ParameterSetName: + - -g -n + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: "{\r\n \"name\": \"fw01\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01\"\ + ,\r\n \"etag\": \"W/\\\"4d908590-c125-4f7f-bb03-f87318852b9c\\\"\",\r\n \ + \ \"type\": \"Microsoft.Network/azureFirewalls\",\r\n \"location\": \"westus\"\ + ,\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n\ + \ \"sku\": {\r\n \"name\": \"AZFW_VNet\",\r\n \"tier\": \"Standard\"\ + \r\n },\r\n \"threatIntelMode\": \"Alert\",\r\n \"additionalProperties\"\ + : {\r\n \"DNSEnableProxy\": \"True\",\r\n \"DNSRequireProxyForNetworkRules\"\ + : \"False\",\r\n \"DNSServer\": \"['10.0.0.2', '10.0.0.3']\"\r\n },\r\ + \n \"ipConfigurations\": [],\r\n \"networkRuleCollections\": [],\r\n\ + \ \"applicationRuleCollections\": [],\r\n \"natRuleCollections\": []\r\ + \n }\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '829' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:20 GMT + etag: + - W/"4d908590-c125-4f7f-bb03-f87318852b9c" + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - a1c7ca3c-967d-4629-9e50-30f6aec8d6ef + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall delete + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g --name + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + accept-language: + - en-US + method: DELETE + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test_firewall_with_dns_proxy000001/providers/Microsoft.Network/azureFirewalls/fw01?api-version=2019-11-01 + response: + body: + string: '' + headers: + azure-asyncnotification: + - Enabled + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/e8008a5c-7597-4aec-a6fd-7b34406f102c?api-version=2019-11-01 + cache-control: + - no-cache + content-length: + - '0' + date: + - Mon, 01 Jun 2020 08:31:21 GMT + expires: + - '-1' + location: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operationResults/e8008a5c-7597-4aec-a6fd-7b34406f102c?api-version=2019-11-01 + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - 20838281-f55c-4b5a-8d0e-7ec5969a8fa2 + x-ms-ratelimit-remaining-subscription-deletes: + - '14999' + status: + code: 202 + message: Accepted +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - network firewall delete + Connection: + - keep-alive + ParameterSetName: + - -g --name + User-Agent: + - python/3.7.4 (Linux-4.15.0-99-generic-x86_64-with-debian-buster-sid) msrest/0.6.9 + msrest_azure/0.6.3 azure-mgmt-network/9.0.0 Azure-SDK-For-Python AZURECLI/2.7.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/e8008a5c-7597-4aec-a6fd-7b34406f102c?api-version=2019-11-01 + response: + body: + string: "{\r\n \"status\": \"Succeeded\"\r\n}" + headers: + cache-control: + - no-cache + content-length: + - '29' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 01 Jun 2020 08:31:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-arm-service-request-id: + - 75870380-59e0-45c8-a2bb-cf3a243900d9 + status: + code: 200 + message: OK +version: 1 diff --git a/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py b/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py index 3359cc8bdf6..54e916c6937 100644 --- a/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py +++ b/src/azure-firewall/azext_firewall/tests/latest/test_azure_firewall_scenario.py @@ -416,3 +416,37 @@ def test_azure_firewall_policy(self, resource_group, resource_group_location): ]) self.cmd('network firewall policy delete -g {rg} --name {policy}') + + @ResourceGroupPreparer(name_prefix='test_firewall_with_dns_proxy') + def test_firewall_with_dns_proxy(self, resource_group): + self.kwargs.update({ + 'rg': resource_group, + 'fw': 'fw01', + 'dns_servers': '10.0.0.2 10.0.0.3' + }) + + creation_data = self.cmd('network firewall create -g {rg} -n {fw} ' + '--dns-servers {dns_servers} ' + '--enable-dns-proxy false ' + '--dns-require-proxy-for-network-rules false').get_output_in_json() + self.assertEqual(creation_data['name'], self.kwargs['fw']) + self.assertEqual(creation_data['DNSServer'], "['10.0.0.2', '10.0.0.3']") + self.assertEqual(creation_data['DNSEnableProxy'], 'False') + self.assertEqual(creation_data['DNSRequireProxyForNetworkRules'], 'False') + + show_data = self.cmd('network firewall show -g {rg} -n {fw}').get_output_in_json() + self.assertEqual(show_data['name'], self.kwargs['fw']) + self.assertEqual(show_data['DNSServer'], "['10.0.0.2', '10.0.0.3']") + self.assertEqual(show_data['DNSEnableProxy'], 'False') + self.assertEqual(show_data['DNSRequireProxyForNetworkRules'], 'False') + + self.cmd('network firewall update -g {rg} -n {fw} ' + '--enable-dns-proxy true').get_output_in_json() + + show_data = self.cmd('network firewall show -g {rg} -n {fw}').get_output_in_json() + self.assertEqual(show_data['name'], self.kwargs['fw']) + self.assertEqual(show_data['DNSServer'], "['10.0.0.2', '10.0.0.3']") + self.assertEqual(show_data['DNSEnableProxy'], 'True') + self.assertEqual(show_data['DNSRequireProxyForNetworkRules'], 'False') + + self.cmd('network firewall delete -g {rg} --name {fw}')