[Firewall]az network firewall create: Add new parameter --tier (#…

…3250)

* --tier

* history

* test

* test1

* test2

src/azure-firewall/HISTORY.rst

@@ -2,14 +2,16 @@
 
 Release History
 ===============
-0.9.1
+
+0.10.0
 ++++++
+* `az network firewall create`: Add new parameter `--tier`
 * Migrate to Track2 SDK.
 
 0.9.0
 ++++++
-* az network firewall policy rule-collection-group collection add-filter-collection: Add parameter 'web-categories'
-* az network firewall policy rule-collection-group collection rule add: Add parameter 'web-categories'
+* `az network firewall policy rule-collection-group collection add-filter-collection`: Add parameter 'web-categories'
+* `az network firewall policy rule-collection-group collection rule add`: Add parameter 'web-categories'
 
 0.8.0
 ++++++

src/azure-firewall/azext_firewall/_params.py

@@ -27,10 +27,10 @@ def load_arguments(self, _):
 
     (AzureFirewallNetworkRuleProtocol, AzureFirewallRCActionType,
      AzureFirewallNatRCActionType, FirewallPolicySkuTier, FirewallPolicyIntrusionDetectionStateType,
-     FirewallPolicyIntrusionDetectionProtocol) = \
+     FirewallPolicyIntrusionDetectionProtocol, AzureFirewallSkuTier) = \
         self.get_models('AzureFirewallNetworkRuleProtocol', 'AzureFirewallRCActionType',
                         'AzureFirewallNatRCActionType', 'FirewallPolicySkuTier', 'FirewallPolicyIntrusionDetectionStateType',
-                        'FirewallPolicyIntrusionDetectionProtocol')
+                        'FirewallPolicyIntrusionDetectionProtocol', 'AzureFirewallSkuTier')
 
     firewall_name_type = CLIArgumentType(options_list=['--firewall-name', '-f'], metavar='NAME', help='Azure Firewall name.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/azureFirewalls'))
     collection_name_type = CLIArgumentType(options_list=['--collection-name', '-c'], help='Name of the rule collection.', id_part='child_name_1')
@@ -58,6 +58,7 @@ def load_arguments(self, _):
         c.argument('virtual_hub', options_list=['--virtual-hub', '--vhub'],
                    help='Name or ID of the virtualHub to which the firewall belongs.',
                    validator=validate_virtual_hub)
+        c.argument('tier', arg_type=get_enum_type(AzureFirewallSkuTier, AzureFirewallSkuTier.standard), help='Tier of an azure firewall. --tier will take effect only when --sku is set')
         c.argument('sku', arg_type=get_enum_type(['AZFW_VNet', 'AZFW_Hub']), help='SKU of Azure firewall. This field cannot be updated after the creation. '
                                                                                   'The default sku in server end is AZFW_VNet. '
                                                                                   'If you want to attach azure firewall to vhub, you should set sku to AZFW_Hub.')

src/azure-firewall/azext_firewall/custom.py

@@ -68,7 +68,7 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
                           tags=None, zones=None, private_ranges=None, firewall_policy=None,
                           virtual_hub=None, sku=None,
                           dns_servers=None, enable_dns_proxy=None,
-                          threat_intel_mode=None, hub_public_ip_count=None, allow_active_ftp=None):
+                          threat_intel_mode=None, hub_public_ip_count=None, allow_active_ftp=None, tier=None):
     if firewall_policy and any([enable_dns_proxy, dns_servers]):
         raise CLIError('usage error: firewall policy and dns settings cannot co-exist.')
     if sku and sku.lower() == 'azfw_hub' and not all([virtual_hub, hub_public_ip_count]):
@@ -85,7 +85,7 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
                                             'AzureFirewallSku',
                                             'HubIPAddresses',
                                             'HubPublicIPAddresses')
-    sku_instance = AzureFirewallSku(name=sku, tier='Standard')
+    sku_instance = AzureFirewallSku(name=sku, tier=tier)
     firewall = AzureFirewall(location=location,
                              tags=tags,
                              zones=zones,
@@ -618,20 +618,19 @@ def update_azure_firewall_policies(cmd,
         user_assigned_identities_instance[user_assigned_identity] = user_assigned_indentity_instance
         identity_instance = ManagedServiceIdentity(
             type="UserAssigned",
-            Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties=user_assigned_identities_instance
+            user_assigned_identities=user_assigned_identities_instance
         )
         instance.identity = identity_instance
 
     return instance
 
 
 def set_azure_firewall_policies(cmd, resource_group_name, firewall_policy_name, parameters):
-    # Firewall Policy can't contain premium only properties - Identity
-    # if parameters.identity is None:
-    #     ManagedServiceIdentity = cmd.get_models('ManagedServiceIdentity')
+    if parameters.identity is None:
+        ManagedServiceIdentity = cmd.get_models('ManagedServiceIdentity')
 
-    #     identity = ManagedServiceIdentity(type="None", Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties=None)
-    #     parameters.identity = identity
+        identity = ManagedServiceIdentity(type="None", user_assigned_identities=None)
+        parameters.identity = identity
 
     client = network_client_factory(cmd.cli_ctx).firewall_policies
     return client.begin_create_or_update(resource_group_name, firewall_policy_name, parameters)