[Azure Firewall] az network firewall policy: Add new parameter `--s…

…ql` (#4850) * [AzureFirewall`az network firewall policy` : Add new parameter `--sql`] * update * re-record several tests Co-authored-by: necusjz <necusjz@gmail.com>
Azure · May 19, 2022 · 2fbab6f · 2fbab6f
1 parent 2cbe182
commit 2fbab6f
Show file tree

Hide file tree

Showing 12 changed files with 918 additions and 474 deletions.
diff --git a/src/azure-firewall/HISTORY.rst b/src/azure-firewall/HISTORY.rst
@@ -2,6 +2,10 @@
 
 Release History
 ===============
+0.14.1
+++++++
+* `az network firewall policy`: add parameter `sql`
+
 0.14.0
 ++++++
 * `az network firewall policy intrusion-detection add`: add new parameter --private-ranges

diff --git a/src/azure-firewall/azext_firewall/_params.py b/src/azure-firewall/azext_firewall/_params.py
@@ -163,6 +163,7 @@ def load_arguments(self, _):
         c.argument('threat_intel_mode', arg_type=get_enum_type(['Alert', 'Deny', 'Off']), help='The operation mode for Threat Intelligence.')
         c.argument('sku', arg_type=get_enum_type(FirewallPolicySkuTier), help='SKU of Firewall policy', is_preview=True)
         c.argument('user_assigned_identity', options_list='--identity', help="Name or ID of the ManagedIdentity Resource")
+        c.argument('sql', arg_type=get_three_state_flag(), help='A flag to indicate if SQL Redirect traffic filtering is enabled.', is_preview=True)
 
     with self.argument_context('network firewall policy', arg_group='Threat Intel Allowlist') as c:
         c.argument('ip_addresses', nargs='+', help='Space-separated list of IPv4 addresses.')

diff --git a/src/azure-firewall/azext_firewall/custom.py b/src/azure-firewall/azext_firewall/custom.py
@@ -494,7 +494,7 @@ def create_azure_firewall_policies(cmd, resource_group_name, firewall_policy_nam
                                    threat_intel_mode=None, location=None, tags=None, ip_addresses=None,
                                    fqdns=None,
                                    dns_servers=None, enable_dns_proxy=None,
-                                   sku=None, intrusion_detection_mode=None,
+                                   sku=None, intrusion_detection_mode=None, sql=None,
                                    key_vault_secret_id=None, certificate_name=None, user_assigned_identity=None):
     client = network_client_factory(cmd.cli_ctx).firewall_policies
     (FirewallPolicy,
@@ -546,6 +546,11 @@ def create_azure_firewall_policies(cmd, resource_group_name, firewall_policy_nam
                                                                   name=certificate_name)
             firewall_policy.transport_security = FirewallPolicyTransportSecurity(certificate_authority=certificate_auth)
 
+    if cmd.supported_api_version(min_api='2021-03-01'):
+        if sql is not None:
+            FirewallPolicySQL = cmd.get_models('FirewallPolicySQL')
+            firewall_policy.sql = FirewallPolicySQL(allow_sql_redirect=sql)
+
     # identity
     if user_assigned_identity is not None:
         user_assigned_indentity_instance = ManagedServiceIdentityUserAssignedIdentitiesValue()
@@ -565,7 +570,7 @@ def update_azure_firewall_policies(cmd,
                                    instance, tags=None, threat_intel_mode=None, ip_addresses=None,
                                    fqdns=None,
                                    dns_servers=None, enable_dns_proxy=None,
-                                   sku=None, intrusion_detection_mode=None,
+                                   sku=None, intrusion_detection_mode=None, sql=None,
                                    key_vault_secret_id=None, certificate_name=None, user_assigned_identity=None):
 
     (FirewallPolicyThreatIntelWhitelist, FirewallPolicySku) = cmd.get_models('FirewallPolicyThreatIntelWhitelist',
@@ -612,6 +617,11 @@ def update_azure_firewall_policies(cmd,
                                                                   name=certificate_name)
             instance.transport_security = FirewallPolicyTransportSecurity(certificate_authority=certificate_auth)
 
+    if cmd.supported_api_version(min_api='2021-03-01'):
+        if sql is not None:
+            FirewallPolicySQL = cmd.get_models('FirewallPolicySQL')
+            instance.sql = FirewallPolicySQL(allow_sql_redirect=sql)
+
     # identity
     (ManagedServiceIdentityUserAssignedIdentitiesValue,
      ManagedServiceIdentity) = cmd.get_models('Components1Jq1T4ISchemasManagedserviceidentity\

diff --git a/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_ip_config.yaml b/src/azure-firewall/azext_firewall/tests/latest/recordings/test_azure_firewall_ip_config.yaml
diff --git a/...wall/azext_firewall/tests/latest/recordings/test_azure_firewall_management_ip_config.yaml b/...wall/azext_firewall/tests/latest/recordings/test_azure_firewall_management_ip_config.yaml