Azure · qwordy · Feb 28, 2020 · Feb 21, 2020 · yungezz · Feb 24, 2020
@@ -15,7 +15,7 @@
 from ._completers import get_hostname_completion_list
 from ._constants import FUNCTIONS_VERSIONS_FUNCTIONAPP, RUNTIME_TO_IMAGE_FUNCTIONAPP
 from ._validators import (validate_timeout_value, validate_site_create, validate_asp_create,
-                          validate_add_vnet, validate_front_end_scale_factor, validate_ase_create)
+                          validate_add_vnet, validate_front_end_scale_factor, validate_ase_create, validate_ip_address)
 
 
 AUTH_TYPES = {
@@ -556,7 +556,7 @@ def load_arguments(self, _):
             c.argument('description', help='Description of the access restriction rule')
             c.argument('action', arg_type=get_enum_type(ACCESS_RESTRICTION_ACTION_TYPES),
                        help="Allow or deny access")
-            c.argument('ip_address', help="IP address or CIDR range")
+            c.argument('ip_address', help="IP address or CIDR range", validator=validate_ip_address)
             c.argument('vnet_name', help="vNet name")
             c.argument('subnet', help="Subnet name (requires vNet name) or subnet resource id")
             c.argument('ignore_missing_vnet_service_endpoint',
@@ -570,7 +570,7 @@ def load_arguments(self, _):
             c.argument('name', arg_type=webapp_name_arg_type)
             c.argument('rule_name', options_list=['--rule-name', '-r'],
                        help='Name of the access restriction to remove')
-            c.argument('ip_address', help="IP address or CIDR range")
+            c.argument('ip_address', help="IP address or CIDR range", validator=validate_ip_address)
             c.argument('vnet_name', help="vNet name")
             c.argument('subnet', help="Subnet name (requires vNet name) or subnet resource id")
             c.argument('scm_site', help='True if access restriction should be removed from scm site',

@@ -162,3 +162,23 @@ def validate_asp_sku(cmd, namespace):
         if res.get('properties').get('hostingEnvironment') is not None:
             raise CLIError("Only pricing tier 'Isolated' is allowed in this app service plan. Use this link to "
                            "learn more: https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans")
+
+
+def validate_ip_address(namespace):
+    if namespace.ip_address is not None:
+        # IPv6
+        if ':' in namespace.ip_address:
+            if namespace.ip_address.count(':') > 1:
+                if '/' not in namespace.ip_address:
+                    namespace.ip_address = namespace.ip_address + '/128'
+                    return
+                return
+        # IPv4
+        elif '.' in namespace.ip_address:
+            if namespace.ip_address.count('.') == 3:
+                if '/' not in namespace.ip_address:
+                    namespace.ip_address = namespace.ip_address + '/32'
+                    return
+                return
+
+        raise CLIError('Invalid IP address')
@@ -38,7 +38,7 @@ def add_webapp_access_restriction(
     configs = get_site_configs(cmd, resource_group_name, name, slot)
 
     if (ip_address and subnet) or (not ip_address and not subnet):
-        raise CLIError('Usage error: --subnet | --ip_address')
+        raise CLIError('Usage error: --subnet | --ip-address')
 
     # get rules list
     access_rules = configs.scm_ip_security_restrictions if scm_site else configs.ip_security_restrictions