Add new parameter to enable Dnstap logging in Azure Firewall

src/azure-firewall/HISTORY.rst

@@ -2,6 +2,11 @@
 
 Release History
 ===============
+
+1.5.0
+++++++
+* `az network firewall create`: Add parameter `--enable-dnstap-logging`
+
 1.4.0
 ++++++
 * `az network firewall create`: Add parameters `--min-capacity` and `--max-capacity` to support autoscale configuration

src/azure-firewall/azext_firewall/_params.py

@@ -66,6 +66,8 @@ def load_arguments(self, _):
                    arg_type=get_three_state_flag(), help='Allow fat flow logging. By default it is false.')
         c.argument('enable_udp_log_optimization', options_list=['--enable-udp-log-optimization', '--udp-log-optimization'],
                    arg_type=get_three_state_flag(), help='Allow UDP log optimization. By default it is false.')
+        c.argument('enable_dnstap_logging', options_list=['--enable-dnstap-logging', '--dnstap-logging'],
+                   arg_type=get_three_state_flag(), help='Allow dnstap logging. By default it is false.')
 
     with self.argument_context('network firewall', arg_group='Virtual Hub Public Ip') as c:
         c.argument('hub_public_ip_count', options_list=['--public-ip-count', '--count'], type=int,

src/azure-firewall/azext_firewall/custom.py

@@ -103,6 +103,9 @@ def _build_arguments_schema(cls, *args, **kwargs):
         args_schema.enable_udp_log_optimization = AAZBoolArg(
             options=['--enable-udp-log-optimization', '--udp-log-optimization'],
             help="Allow UDP log optimization. By default it is false.")
+        args_schema.enable_dnstap_logging = AAZBoolArg(
+            options=['--enable-dnstap-logging', '--dnstap-logging'],
+            help="Allow dnstap logging. By default it is false.")
         args_schema.dns_servers = AAZListArg(
             options=['--dns-servers'],
             arg_group="DNS",
@@ -259,6 +262,9 @@ def pre_operations(self):
         if has_value(args.route_server_id):
             args.additional_properties['Network.RouteServerInfo.RouteServerID'] = args.route_server_id
 
+        if has_value(args.enable_dnstap_logging) and args.enable_dnstap_logging:
+            args.additional_properties['Network.AdditionalLogs.EnableDnstapLogging'] = 'true'
+
         if has_value(args.conf_name) and has_value(args.sku) and sku.lower() == 'azfw_vnet':
             subnet_id = resource_id(
                 subscription=get_subscription_id(self.cli_ctx),
@@ -325,6 +331,10 @@ def _build_arguments_schema(cls, *args, **kwargs):
             options=['--enable-udp-log-optimization', '--udp-log-optimization'],
             help="Allow UDP log optimization. By default it is false.",
             nullable=True)
+        args_schema.enable_dnstap_logging = AAZBoolArg(
+            options=['--enable-dnstap-logging', '--dnstap-logging'],
+            help="Allow dnstap logging. By default it is false.",
+            nullable=True)
         args_schema.dns_servers = AAZListArg(
             options=['--dns-servers'],
             arg_group="DNS",
@@ -455,6 +465,14 @@ def pre_instance_update(self, instance):
             elif 'Network.AdditionalLogs.EnableUdpLogOptimization' in instance.properties.additional_properties:
                 del instance.properties.additional_properties['Network.AdditionalLogs.EnableUdpLogOptimization']
 
+        if has_value(args.enable_dnstap_logging):
+            if not has_value(instance.properties.additional_properties):
+                instance.properties.additional_properties = {}
+            if args.enable_dnstap_logging:
+                instance.properties.additional_properties['Network.AdditionalLogs.EnableDnstapLogging'] = 'true'
+            elif 'Network.AdditionalLogs.EnableDnstapLogging' in instance.properties.additional_properties:
+                del instance.properties.additional_properties['Network.AdditionalLogs.EnableDnstapLogging']
+
 
 # pylint: disable=unused-argument
 def create_af_ip_configuration(cmd, resource_group_name, azure_firewall_name, item_name,