Skip to content

Commit

Permalink
Merge pull request AzureArcForKubernetes#168 from AzureArcForKubernet…
Browse files Browse the repository at this point in the history
…es/release-1.3.2

bump k8s-extension version to 1.3.2
  • Loading branch information
bavneetsingh16 authored Aug 17, 2022
2 parents 0662a37 + fd1f014 commit 85a879d
Show file tree
Hide file tree
Showing 90 changed files with 11,773 additions and 1,747 deletions.
4 changes: 1 addition & 3 deletions scripts/ci/credscan/CredScanSuppressions.json
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,7 @@
},
{
"file": [
"src\\communication\\azext_communication\\tests\\latest\\recordings\\test_service_link_to_notification_hub.yaml",
"src\\communication\\azext_communication\\tests\\latest\\recordings\\test_service_regenerate_and_link_key.yaml",
"src\\communication\\azext_communication\\tests\\latest\\test_communication_scenario.py"
"src\\communication\\azext_communication\\tests\\latest\\recordings\\test_communication_scenario.yaml"
],
"_justification": "Dummy resources' tokens left during testing Micorosfot.Communication"
},
Expand Down
2 changes: 1 addition & 1 deletion src/aks-preview/HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Guidance
++++++++
If there is no rush to release a new version, please just add a description of the modification under the *Pending* section.

To release a new version, please select a new version number (usually plus 1 to the minor of the current latest version number), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` in `setup.py` with this new version number.
To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.

Pending
+++++++
Expand Down
26 changes: 26 additions & 0 deletions src/aks-preview/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,29 @@ How to use
Install this extension using the following CLI command `az extension add --name aks-preview`. You may need to execute some invalid aks command (e.g., `az aks fake`) to refresh the command index to enable aks-preview.

Remove this extension using the following CLI command `az extension remove --name aks-preview`.

Dependency between aks-preview and azure-cli/acs (azure-cli-core)
=================================================================

.. list-table::
:widths: 50 50
:header-rows: 1

* - aks-preview
- azure-cli/acs (azure-cli-core), release date
* - 0.4.4 ~ 0.5.39
- >= 2.0.49
* - 0.5.40 ~ 0.5.41
- >= `\2.23.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.23.0>`_, 2021/05/06
* - 0.5.42 ~ 0.5.44
- >= `\2.27.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.27.0>`_, 2021/08/03
* - 0.5.45 ~ 0.5.48
- >= `\2.30.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.30.0>`_, 2021/11/02
* - 0.5.49 ~ 0.5.52
- >= `\2.31.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.31.0>`_, 2021/12/07
* - 0.5.53 ~ 0.5.66
- >= `\2.32.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.32.0>`_, 2022/01/04
* - 0.5.67 ~ 0.5.82
- >= `\2.35.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.35.0>`_, 2022/04/06
* - 0.5.83 ~ latest
- >= `\2.37.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.37.0>`_, 2022/05/24
4 changes: 4 additions & 0 deletions src/azure-firewall/HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
Release History
===============
0.14.3
++++++
* `az network firewall create`: Support Basic SKU creation with management IP configuration

0.14.2
++++++
* `az network firewall create/update`: add parameter `--fat-flow-logging`
Expand Down
3 changes: 3 additions & 0 deletions src/azure-firewall/azext_firewall/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@
- name: Create a Virtual WAN Secure Hub Firewall
text: |
az network firewall create -g MyResourceGroup -n MyFirewall --sku AZFW_Hub --tier Standard --virtual-hub MyVirtualHub1 --public-ip-count 1
- name: Create a Basic SKU Firewall with Management IP Configuration
text: |
az network firewall create -g MyResourceGroup -n MyFirewall --sku AZFW_VNet --tier Basic --vnet-name MyVNet --conf-name MyIpConfig --m-conf-name MyManagementIpConfig --m-public-ip MyPublicIp
"""

helps['network firewall delete'] = """
Expand Down
12 changes: 12 additions & 0 deletions src/azure-firewall/azext_firewall/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,18 @@ def load_arguments(self, _):
c.argument('dns_servers', nargs='+', help='Space-separated list of DNS server IP addresses')
c.argument('enable_dns_proxy', arg_type=get_three_state_flag(), help='Enable DNS Proxy')

with self.argument_context('network firewall', arg_group="Data Traffic IP Configuration") as c:
c.argument('virtual_network_name', virtual_network_name_type,
help='The virtual network (VNet) name. It should contain one subnet called "AzureFirewallSubnet".')
c.argument('conf_name', help='Name of the IP configuration.')
c.argument('public_ip', help='Name or ID of the public IP to use.')

with self.argument_context('network firewall', arg_group="Management IP Configuration") as c:
c.argument('management_conf_name', options_list=['--m-conf-name'],
help='Name of the management IP configuration.')
c.argument('management_public_ip', options_list=['--m-public-ip'],
help='Name or ID of the public IP to use for management IP configuration.')

with self.argument_context('network firewall threat-intel-allowlist') as c:
c.argument('ip_addresses', nargs='+', validator=process_threat_intel_allowlist_ip_addresses, help='Space-separated list of IPv4 addresses.')
c.argument('fqdns', nargs='+', validator=process_threat_intel_allowlist_fqdns, help='Space-separated list of FQDNs.')
Expand Down
74 changes: 67 additions & 7 deletions src/azure-firewall/azext_firewall/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
from knack.util import CLIError
from knack.log import get_logger
from azure.cli.core.util import sdk_no_wait
from azure.cli.core.azclierror import UserFault, ServiceError
from azure.cli.core.azclierror import UserFault, ServiceError, ValidationError
from azure.cli.core.commands.client_factory import get_subscription_id
from msrestazure.tools import is_valid_resource_id, resource_id
from ._client_factory import network_client_factory

logger = get_logger(__name__)
Expand Down Expand Up @@ -69,23 +71,31 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
virtual_hub=None, sku=None,
dns_servers=None, enable_dns_proxy=None,
threat_intel_mode=None, hub_public_ip_count=None, allow_active_ftp=None, tier=None,
enable_fat_flow_logging=False):
enable_fat_flow_logging=False, virtual_network_name=None, conf_name=None, public_ip=None,
management_conf_name=None, management_public_ip=None):
if firewall_policy and any([enable_dns_proxy, dns_servers]):
raise CLIError('usage error: firewall policy and dns settings cannot co-exist.')
if sku and sku.lower() == 'azfw_hub' and not all([virtual_hub, hub_public_ip_count]):
raise CLIError('usage error: virtual hub and hub ip addresses are mandatory for azure firewall on virtual hub.')
if sku and sku.lower() == 'azfw_hub' and allow_active_ftp:
raise CLIError('usage error: allow active ftp is not allowed for azure firewall on virtual hub.')
# validate basic sku firewall
if tier and tier.lower() == 'basic' and not all([management_conf_name, management_public_ip]):
err_msg = "When creating Basic SKU firewall, both --m-conf-name and --m-public-ip-address should be provided."
raise ValidationError(err_msg)

client = network_client_factory(cmd.cli_ctx).azure_firewalls
(AzureFirewall,
SubResource,
AzureFirewallSku,
HubIPAddresses,
HubPublicIPAddresses) = cmd.get_models('AzureFirewall',
'SubResource',
'AzureFirewallSku',
'HubIPAddresses',
'HubPublicIPAddresses')
HubPublicIPAddresses,
AzureFirewallIPConfiguration) = cmd.get_models('AzureFirewall',
'SubResource',
'AzureFirewallSku',
'HubIPAddresses',
'HubPublicIPAddresses',
'AzureFirewallIPConfiguration')
sku_instance = AzureFirewallSku(name=sku, tier=tier)
firewall = AzureFirewall(location=location,
tags=tags,
Expand Down Expand Up @@ -124,6 +134,56 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
firewall.additional_properties = {}
firewall.additional_properties['Network.AdditionalLogs.EnableFatFlowLogging'] = "true"

if conf_name is not None:
subnet_id = resource_id(
subscription=get_subscription_id(cmd.cli_ctx),
resource_group=resource_group_name,
namespace='Microsoft.Network',
type='virtualNetworks',
name=virtual_network_name,
child_type_1='subnets',
child_name_1='AzureFirewallSubnet'
)
if public_ip and not is_valid_resource_id(public_ip):
public_ip = resource_id(
subscription=get_subscription_id(cmd.cli_ctx),
resource_group=resource_group_name,
namespace='Microsoft.Network',
type='publicIPAddresses',
name=public_ip
)
config = AzureFirewallIPConfiguration(
name=conf_name,
subnet=SubResource(id=subnet_id) if virtual_network_name else None,
public_ip_address=SubResource(id=public_ip) if public_ip else None
)
_upsert(firewall, 'ip_configurations', config, 'name', warn=False)

if tier and tier.lower() == 'basic':
management_subnet_id = resource_id(
subscription=get_subscription_id(cmd.cli_ctx),
resource_group=resource_group_name,
namespace='Microsoft.Network',
type='virtualNetworks',
name=virtual_network_name,
child_type_1='subnets',
child_name_1='AzureFirewallManagementSubnet'
)
if not is_valid_resource_id(management_public_ip):
management_public_ip = resource_id(
subscription=get_subscription_id(cmd.cli_ctx),
resource_group=resource_group_name,
namespace='Microsoft.Network',
type='publicIPAddresses',
name=management_public_ip
)
management_config = AzureFirewallIPConfiguration(
name=management_conf_name,
subnet=SubResource(id=management_subnet_id),
public_ip_address=SubResource(id=management_public_ip)
)
firewall.management_ip_configuration = management_config

return client.begin_create_or_update(resource_group_name, azure_firewall_name, firewall)


Expand Down
Loading

0 comments on commit 85a879d

Please sign in to comment.