Network: Mark read-only properties as such

[anton-evseev]

Added "readOnly" to Network's properties that should be read-only

Contribution checklist:

• I have reviewed the documentation for the workflow.
• Validation tools were run on swagger spec(s) and have all been fixed in this PR.
• The OpenAPI Hub was used for checking validation status and next steps.

ARM API Review Checklist

• Service team MUST add the "WaitForARMFeedback" label if the management plane API changes fall into one of the below categories.
• adding/removing APIs.
• adding/removing properties.
• adding/removing API-version.
• adding a new service in Azure.

Failure to comply may result in delays for manifest application. Note this does not apply to data plane APIs.

• If you are blocked on ARM review and want to get the PR merged urgently, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.
  Please follow the link to find more details on API review process.

[AutorestCI]

Automation for azure-sdk-for-python

Encountered a Subprocess error: (azure-sdk-for-python)

Command: ['/usr/local/bin/autorest', '/tmp/tmpxpd549wb/rest/specification/network/resource-manager/readme.md', '--keep-version-file', '--multiapi', '--no-async', '--python', '--python-mode=update', '--python-sdks-folder=/tmp/tmpxpd549wb/sdk/sdk', '--use=@microsoft.azure/autorest.python@4.0.70', '--version=preview']
Finished with return code -6
and output:

AutoRest code generation utility [version: 2.0.4283; node: v10.15.3]
(C) 2018 Microsoft Corporation.
https://aka.ms/autorest
   Loading AutoRest core      '/root/.autorest/@microsoft.azure_autorest-core@2.0.4405/node_modules/@microsoft.azure/autorest-core/dist' (2.0.4405)
   Loading AutoRest extension '@microsoft.azure/autorest.python' (4.0.70->4.0.70)
   Loading AutoRest extension '@microsoft.azure/autorest.modeler' (2.3.44->2.3.44)
Processing batch task - {"tag":"package-2019-09"} .

<--- Last few GCs --->

[2807:0x2893cc0]   109801 ms: Mark-sweep 1378.0 (1425.1) -> 1377.9 (1425.6) MB, 1554.8 / 0.0 ms  (average mu = 0.110, current mu = 0.001) allocation failure scavenge might not succeed
[2807:0x2893cc0]   111761 ms: Mark-sweep 1378.4 (1425.6) -> 1378.2 (1426.1) MB, 1957.5 / 0.0 ms  (average mu = 0.055, current mu = 0.001) allocation failure scavenge might not succeed


<--- JS stacktrace --->

==== JS stack trace =========================================

    0: ExitFrame [pc: 0x2e292ccdbe1d]
    1: StubFrame [pc: 0x2e292cd0544d]
Security context: 0x172d7811e6e9 <JSObject>
    2: memoize(aka memoize) [0x2c10845e6651] [/root/.autorest/@microsoft.azure_autorest-core@2.0.4405/node_modules/@microsoft.azure/autorest-core/dist/lib/ref/yaml.js:1] [bytecode=0x31773a8a92c9 offset=0](this=0x15c0612826f1 <undefined>,factory=0x2c10845e66c1 <JSFunction ParseNodeInternal.yamlNode.valueFunc.yamlNodeScala...

FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
 1: 0x8dc510 node::Abort() [node]
 2: 0x8dc55c  [node]
 3: 0xad9b5e v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [node]
 4: 0xad9d94 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [node]
 5: 0xec7bf2  [node]
 6: 0xec7cf8 v8::internal::Heap::CheckIneffectiveMarkCompact(unsigned long, double) [node]
 7: 0xed3dd2 v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) [node]
 8: 0xed4704 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [node]
 9: 0xed7371 v8::internal::Heap::AllocateRawWithRetryOrFail(int, v8::internal::AllocationSpace, v8::internal::AllocationAlignment) [node]
10: 0xea07f4 v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationSpace) [node]
11: 0x114018e v8::internal::Runtime_AllocateInNewSpace(int, v8::internal::Object**, v8::internal::Isolate*) [node]
12: 0x2e292ccdbe1d

[azuresdkci]

Can one of the admins verify this patch?

[AutorestCI]

Automation for azure-sdk-for-go

A PR has been created for you:
Azure/azure-sdk-for-go#6023

[yungezz]

just curious, type is readonly?

[anton-evseev]

Yes, they are set by the server (e.g. Microsoft.Network/applicationGateways)

[yungezz]

this should be settable at creation time.

[anton-evseev]

I tried sending PUT request with custom rule inside defaultSecurityRules but it was overwritten. makes sense since it's read-only on backend

PS C:\Users\v-anevse> ARMClient.exe PUT /subscriptions/947d47b4-7883-4bb9-9d85-c5e8e2f572ce/resourceGroups/v-anevse/providers/Microsoft.Network/networkSecurityGroups/test-nsgro?api-version=2019-08-01 "{\`"location\`":\`"eastus\`",\`"properties\`":{\`"defaultSecurityRules\`":[{\`"name\`":\`"SomeTestRule\`",\`"properties\`":{\`"protocol\`":\`"*\`",\`"sourceAddressPrefix\`":\`"*\`",\`"destinationAddressPrefix\`":\`"*\`",\`"access\`":\`"Allow\`",\`"destinationPortRange\`":\`"80\`",\`"sourcePortRange\`":\`"*\`",\`"priority\`":130,\`"direction\`":\`"Inbound\`"}}]}}"

{
  "name": "test-nsgro",
  "id": "/subscriptions/947d47b4-7883-4bb9-9d85-c5e8e2f572ce/resourceGroups/v-anevse/providers/Microsoft.Network/networkSecurityGroups/test-nsgro",
  "etag": "W/\"f69a2d77-5d33-423a-abf0-fa9f925602ca\"",
  "type": "Microsoft.Network/networkSecurityGroups",
  "location": "eastus",
  "properties": {
    "provisioningState": "Updating",
    "resourceGuid": "a2c98794-04b0-4cee-8fde-90c5d77e70fe",
    "securityRules": [],
    "defaultSecurityRules": [
      {
        "name": "AllowVnetInBound",
        "id": "/subscriptions/947d47b4-7883-4bb9-9d85-c5e8e2f572ce/resourceGroups/v-anevse/providers/Microsoft.Network/networkSecurityGroups/test-nsgro/defaultSecurityRules/AllowVnetInBound",
        "etag": "W/\"f69a2d77-5d33-423a-abf0-fa9f925602ca\"",
        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
        "properties": {
          "provisioningState": "Updating",
          "description": "Allow inbound traffic from all VMs in VNET",
          "protocol": "*",
          "sourcePortRange": "*",
          "destinationPortRange": "*",
          "sourceAddressPrefix": "VirtualNetwork",
          "destinationAddressPrefix": "VirtualNetwork",
          "access": "Allow",
          "priority": 65000,
          "direction": "Inbound",
          "sourcePortRanges": [],
          "destinationPortRanges": [],
          "sourceAddressPrefixes": [],
          "destinationAddressPrefixes": []
        }
      },
      {
        "name": "AllowAzureLoadBalancerInBound",
        "id": "/subscriptions/947d47b4-7883-4bb9-9d85-c5e8e2f572ce/resourceGroups/v-anevse/providers/Microsoft.Network/networkSecurityGroups/test-nsgro/defaultSecurityRules/AllowAzureLoadBalancerInBound",
        "etag": "W/\"f69a2d77-5d33-423a-abf0-fa9f925602ca\"",
        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
        "properties": {
          "provisioningState": "Updating",
          "description": "Allow inbound traffic from azure load balancer",
          "protocol": "*",
          "sourcePortRange": "*",
          "destinationPortRange": "*",
          "sourceAddressPrefix": "AzureLoadBalancer",
          "destinationAddressPrefix": "*",
          "access": "Allow",
          "priority": 65001,
          "direction": "Inbound",
          "sourcePortRanges": [],
          "destinationPortRanges": [],
          "sourceAddressPrefixes": [],
          "destinationAddressPrefixes": []
        }
      },
      ...
    ]
  }
}