[Service Fabric] `az sf managed-cluster network-security-rule add`: Add command to add network security rule to managed cluster #26510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

yanzhudd merged 18 commits into Azure:dev from mwesigwaguma:addnetworksecurityrule

Jun 28, 2023

src/azure-cli/azure/cli/command_modules/servicefabric/_help.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -464,6 +464,21 @@ @@
             az sf managed-cluster client-certificate delete -g testRG -c testCluster --common-name Contoso.com
     """
+    helps['sf managed-cluster network-security-rule'] = """
+    type: group
+    short-summary: network security rule of a manged cluster.
+    """
+    helps['sf managed-cluster network-security-rule add'] = """
+    type: command
+    short-summary: Add a network security rule to a manged cluster.
+    examples:
+      - name: Add network security rule.
+        text: >
+            az sf managed-cluster network-security-rule add -g testRG -c testCluster --name 'network security rule name' --access allow --description 'network security rule description' --direction inbound --protocol tcp --priority 1200 \
+              --source-port-ranges 1-1000 --dest-port-ranges 1-65535 --source-addr-prefixes 167.220.242.0/27 167.220.0.0/23 131.107.132.16/28 167.220.81.128/26 --dest-addr-prefixes 194.69.104.0/25 194.69.119.64/26 167.220.249.128/26 255.255.255.255/32
+    """
     helps['sf managed-node-type'] = """
     type: group
     short-summary: Manage a node type of an Azure Service Fabric managed cluster.
@@ Expand Down @@

src/azure-cli/azure/cli/command_modules/servicefabric/_params.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -12,7 +12,8 @@ @@
         validate_create_service, validate_update_application,
         validate_update_managed_application, validate_update_managed_service,
         validate_create_managed_service_correlation, validate_create_managed_service_load_metric,
-        validate_update_managed_service_load_metric, validate_update_managed_service_correlation)
+        validate_update_managed_service_load_metric, validate_update_managed_service_correlation,
+        validate_add_network_security_rule)
     from azure.cli.core.commands.parameters import (get_enum_type,
                                                     get_three_state_flag,
                                                     resource_group_name_type,
@@ Expand Down Expand Up @@
             c.argument('thumbprint', nargs='+', help='A single or Space-separated list of client certificate thumbprint(s) to be remove.')
             c.argument('common_name', nargs='+', help='A single or Space-separated list of client certificate common name(s) to be remove.')
-        # managed node type
+        with self.argument_context('sf managed-cluster network-security-rule add', validator=validate_add_network_security_rule) as c:
+            c.argument('name', help='Network security rule name')
+            c.argument('access', arg_type=get_enum_type(['allow', 'deny']), help='Allows or denies network traffic')
+            c.argument('direction', arg_type=get_enum_type(['inbound', 'outbound']), help='Network security rule direction')
+            c.argument('description', help='Network security rule description')
+            c.argument('priority', type=int, help='Integer that shows priority for rule')
+            c.argument('protocol', arg_type=get_enum_type(['tcp', 'https', 'http', 'udp', 'icmp', 'ah', 'esp', 'any']), help='Network protocol')
+            c.argument('source_port_ranges', nargs='+', help='A single or space separated list of source port ranges')
+            c.argument('dest_port_ranges', nargs='+', help='A single or space separated list of destination port ranges')
+            c.argument('source_addr_prefixes', nargs='+', help='The CIDR or source IP ranges. A single or space separated list of source address prefixes')
+            c.argument('dest_addr_prefixes', nargs='+', help='CIDR or destination IP ranges. A single or space separated list of destination address prefixes')
+        # managed node type
         capacity = CLIArgumentType(
             options_list=['--capacity'],
             action=AddNodeTypeCapacityAction,
@@ Expand Down @@

src/azure-cli/azure/cli/command_modules/servicefabric/_validators.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -120,6 +120,15 @@ def validate_create_managed_cluster(cmd, namespace): @@
                 raise CLIError("--upgrade-cadence should only be used whe --upgrade-mode is set to 'Automatic'.")
+    def validate_add_network_security_rule(cmd, namespace):
+        client = servicefabric_managed_client_factory(cmd.cli_ctx)
+        cluster = _safe_get_resource(client.managed_clusters.get,
+                                     (namespace.resource_group_name, namespace.cluster_name))
+        if cluster is None or cluster.cluster_state != 'Ready':
+            raise ValidationError("cluster state is invalid for this operation")
     def validate_create_managed_service(namespace):
         validate_tags(namespace)
         if namespace.service_type is None:
@@ Expand Down @@

src/azure-cli/azure/cli/command_modules/servicefabric/commands.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -163,6 +163,10 @@ def load_command_table(self, _): @@
             g.custom_command('add', 'add_client_cert')
             g.custom_command('delete', 'delete_client_cert')
+        with self.command_group('sf managed-cluster network-security-rule', managed_cluster_mgmt,
+                                custom_command_type=managed_cluster_custom_type) as g:
+            g.custom_command('add', 'add_network_security_rule')
         with self.command_group('sf managed-node-type', node_type_mgmt,
                                 custom_command_type=managed_node_type_custom_type) as g:
             g.command('list', 'list_by_managed_clusters')
@@ Expand Down @@

src/azure-cli/azure/cli/command_modules/servicefabric/operations/managed_clusters.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,7 @@ @@
         _create_resource_group_name
     )
     from azure.mgmt.servicefabricmanagedclusters.models import (
+        NetworkSecurityRule,
         ManagedCluster,
         Sku,
         ClientCertificate
@@ Expand Down Expand Up @@
         resource_client = resource_client_factory(cli_ctx).resource_groups
         rg = resource_client.get(resource_group_name)
         return rg.location
+    def add_network_security_rule(cmd,
+                                  client,
+                                  resource_group_name,
+                                  cluster_name,
+                                  name=None,
+                                  access=None,
+                                  description=None,
+                                  direction=None,
+                                  protocol=None,
+                                  priority=None,
+                                  source_port_ranges=None,
+                                  dest_port_ranges=None,
+                                  dest_addr_prefixes=None,
+                                  source_addr_prefixes=None):
+        try:
+            cluster = client.managed_clusters.get(resource_group_name, cluster_name)
+            if cluster.network_security_rules is None:
+                cluster.network_security_rules = []
+            new_network_securityRule = NetworkSecurityRule(name=name,
+                                                           access=access,
+                                                           description=description,
+                                                           direction=direction,
+                                                           protocol='*' if protocol == 'any' else protocol,
+                                                           priority=priority,
+                                                           source_port_ranges=source_port_ranges,
+                                                           destination_port_ranges=dest_port_ranges,
+                                                           destination_address_prefixes=dest_addr_prefixes,
+                                                           source_address_prefixes=source_addr_prefixes)
+            cluster.network_security_rules.append(new_network_securityRule)
+            poller = client.managed_clusters.begin_create_or_update(resource_group_name, cluster_name, cluster)
+            return LongRunningOperation(cmd.cli_ctx)(poller)
+        except HttpResponseError as ex:
+            logger.error("HttpResponseError: %s", ex)
+            raise

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Service Fabric] `az sf managed-cluster network-security-rule add`: Add command to add network security rule to managed cluster #26510

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

[Service Fabric] az sf managed-cluster network-security-rule add: Add command to add network security rule to managed cluster #26510

Uh oh!

[Service Fabric] az sf managed-cluster network-security-rule add: Add command to add network security rule to managed cluster #26510

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

[Service Fabric] `az sf managed-cluster network-security-rule add`: Add command to add network security rule to managed cluster #26510

[Service Fabric] `az sf managed-cluster network-security-rule add`: Add command to add network security rule to managed cluster #26510