bump k8s-extension version to 1.3.2

scripts/ci/credscan/CredScanSuppressions.json

@@ -82,9 +82,7 @@
     },
     {
       "file": [
-        "src\\communication\\azext_communication\\tests\\latest\\recordings\\test_service_link_to_notification_hub.yaml",
-        "src\\communication\\azext_communication\\tests\\latest\\recordings\\test_service_regenerate_and_link_key.yaml",
-        "src\\communication\\azext_communication\\tests\\latest\\test_communication_scenario.py"
+        "src\\communication\\azext_communication\\tests\\latest\\recordings\\test_communication_scenario.yaml"
       ],
       "_justification": "Dummy resources' tokens left during testing Micorosfot.Communication"
     },

src/aks-preview/HISTORY.rst

@@ -7,7 +7,7 @@ Guidance
 ++++++++
 If there is no rush to release a new version, please just add a description of the modification under the *Pending* section.
 
-To release a new version, please select a new version number (usually plus 1 to the minor of the current latest version number), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` in `setup.py` with this new version number.
+To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.
 
 Pending
 +++++++

src/aks-preview/README.rst

@@ -9,3 +9,29 @@ How to use
 Install this extension using the following CLI command `az extension add --name aks-preview`. You may need to execute some invalid aks command (e.g., `az aks fake`) to refresh the command index to enable aks-preview.
 
 Remove this extension using the following CLI command `az extension remove --name aks-preview`.
+
+Dependency between aks-preview and azure-cli/acs (azure-cli-core)
+=================================================================
+
+.. list-table::
+    :widths: 50 50
+    :header-rows: 1
+
+    * - aks-preview
+      - azure-cli/acs (azure-cli-core), release date
+    * - 0.4.4 ~ 0.5.39
+      - >= 2.0.49
+    * - 0.5.40 ~ 0.5.41
+      - >= `\2.23.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.23.0>`_, 2021/05/06
+    * - 0.5.42 ~ 0.5.44
+      - >= `\2.27.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.27.0>`_, 2021/08/03
+    * - 0.5.45 ~ 0.5.48
+      - >= `\2.30.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.30.0>`_, 2021/11/02
+    * - 0.5.49 ~ 0.5.52
+      - >= `\2.31.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.31.0>`_, 2021/12/07
+    * - 0.5.53 ~ 0.5.66
+      - >= `\2.32.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.32.0>`_, 2022/01/04
+    * - 0.5.67 ~ 0.5.82
+      - >= `\2.35.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.35.0>`_, 2022/04/06
+    * - 0.5.83 ~ latest
+      - >= `\2.37.0 <https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.37.0>`_, 2022/05/24

src/azure-firewall/HISTORY.rst

@@ -2,6 +2,10 @@
 
 Release History
 ===============
+0.14.3
+++++++
+* `az network firewall create`: Support Basic SKU creation with management IP configuration
+
 0.14.2
 ++++++
 * `az network firewall create/update`: add parameter `--fat-flow-logging`

src/azure-firewall/azext_firewall/_help.py

@@ -21,6 +21,9 @@
     - name: Create a Virtual WAN Secure Hub Firewall
       text: |
         az network firewall create -g MyResourceGroup -n MyFirewall --sku AZFW_Hub --tier Standard --virtual-hub MyVirtualHub1 --public-ip-count 1
+    - name: Create a Basic SKU Firewall with Management IP Configuration
+      text: |
+        az network firewall create -g MyResourceGroup -n MyFirewall --sku AZFW_VNet --tier Basic --vnet-name MyVNet --conf-name MyIpConfig --m-conf-name MyManagementIpConfig --m-public-ip MyPublicIp
 """
 
 helps['network firewall delete'] = """

src/azure-firewall/azext_firewall/_params.py

@@ -80,6 +80,18 @@ def load_arguments(self, _):
         c.argument('dns_servers', nargs='+', help='Space-separated list of DNS server IP addresses')
         c.argument('enable_dns_proxy', arg_type=get_three_state_flag(), help='Enable DNS Proxy')
 
+    with self.argument_context('network firewall', arg_group="Data Traffic IP Configuration") as c:
+        c.argument('virtual_network_name', virtual_network_name_type,
+                   help='The virtual network (VNet) name. It should contain one subnet called "AzureFirewallSubnet".')
+        c.argument('conf_name', help='Name of the IP configuration.')
+        c.argument('public_ip', help='Name or ID of the public IP to use.')
+
+    with self.argument_context('network firewall', arg_group="Management IP Configuration") as c:
+        c.argument('management_conf_name', options_list=['--m-conf-name'],
+                   help='Name of the management IP configuration.')
+        c.argument('management_public_ip', options_list=['--m-public-ip'],
+                   help='Name or ID of the public IP to use for management IP configuration.')
+
     with self.argument_context('network firewall threat-intel-allowlist') as c:
         c.argument('ip_addresses', nargs='+', validator=process_threat_intel_allowlist_ip_addresses, help='Space-separated list of IPv4 addresses.')
         c.argument('fqdns', nargs='+', validator=process_threat_intel_allowlist_fqdns, help='Space-separated list of FQDNs.')

src/azure-firewall/azext_firewall/custom.py

@@ -7,7 +7,9 @@
 from knack.util import CLIError
 from knack.log import get_logger
 from azure.cli.core.util import sdk_no_wait
-from azure.cli.core.azclierror import UserFault, ServiceError
+from azure.cli.core.azclierror import UserFault, ServiceError, ValidationError
+from azure.cli.core.commands.client_factory import get_subscription_id
+from msrestazure.tools import is_valid_resource_id, resource_id
 from ._client_factory import network_client_factory
 
 logger = get_logger(__name__)
@@ -69,23 +71,31 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
                           virtual_hub=None, sku=None,
                           dns_servers=None, enable_dns_proxy=None,
                           threat_intel_mode=None, hub_public_ip_count=None, allow_active_ftp=None, tier=None,
-                          enable_fat_flow_logging=False):
+                          enable_fat_flow_logging=False, virtual_network_name=None, conf_name=None, public_ip=None,
+                          management_conf_name=None, management_public_ip=None):
     if firewall_policy and any([enable_dns_proxy, dns_servers]):
         raise CLIError('usage error: firewall policy and dns settings cannot co-exist.')
     if sku and sku.lower() == 'azfw_hub' and not all([virtual_hub, hub_public_ip_count]):
         raise CLIError('usage error: virtual hub and hub ip addresses are mandatory for azure firewall on virtual hub.')
     if sku and sku.lower() == 'azfw_hub' and allow_active_ftp:
         raise CLIError('usage error: allow active ftp is not allowed for azure firewall on virtual hub.')
+    # validate basic sku firewall
+    if tier and tier.lower() == 'basic' and not all([management_conf_name, management_public_ip]):
+        err_msg = "When creating Basic SKU firewall, both --m-conf-name and --m-public-ip-address should be provided."
+        raise ValidationError(err_msg)
+
     client = network_client_factory(cmd.cli_ctx).azure_firewalls
     (AzureFirewall,
      SubResource,
      AzureFirewallSku,
      HubIPAddresses,
-     HubPublicIPAddresses) = cmd.get_models('AzureFirewall',
-                                            'SubResource',
-                                            'AzureFirewallSku',
-                                            'HubIPAddresses',
-                                            'HubPublicIPAddresses')
+     HubPublicIPAddresses,
+     AzureFirewallIPConfiguration) = cmd.get_models('AzureFirewall',
+                                                    'SubResource',
+                                                    'AzureFirewallSku',
+                                                    'HubIPAddresses',
+                                                    'HubPublicIPAddresses',
+                                                    'AzureFirewallIPConfiguration')
     sku_instance = AzureFirewallSku(name=sku, tier=tier)
     firewall = AzureFirewall(location=location,
                              tags=tags,
@@ -124,6 +134,56 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
             firewall.additional_properties = {}
         firewall.additional_properties['Network.AdditionalLogs.EnableFatFlowLogging'] = "true"
 
+    if conf_name is not None:
+        subnet_id = resource_id(
+            subscription=get_subscription_id(cmd.cli_ctx),
+            resource_group=resource_group_name,
+            namespace='Microsoft.Network',
+            type='virtualNetworks',
+            name=virtual_network_name,
+            child_type_1='subnets',
+            child_name_1='AzureFirewallSubnet'
+        )
+        if public_ip and not is_valid_resource_id(public_ip):
+            public_ip = resource_id(
+                subscription=get_subscription_id(cmd.cli_ctx),
+                resource_group=resource_group_name,
+                namespace='Microsoft.Network',
+                type='publicIPAddresses',
+                name=public_ip
+            )
+        config = AzureFirewallIPConfiguration(
+            name=conf_name,
+            subnet=SubResource(id=subnet_id) if virtual_network_name else None,
+            public_ip_address=SubResource(id=public_ip) if public_ip else None
+        )
+        _upsert(firewall, 'ip_configurations', config, 'name', warn=False)
+
+    if tier and tier.lower() == 'basic':
+        management_subnet_id = resource_id(
+            subscription=get_subscription_id(cmd.cli_ctx),
+            resource_group=resource_group_name,
+            namespace='Microsoft.Network',
+            type='virtualNetworks',
+            name=virtual_network_name,
+            child_type_1='subnets',
+            child_name_1='AzureFirewallManagementSubnet'
+        )
+        if not is_valid_resource_id(management_public_ip):
+            management_public_ip = resource_id(
+                subscription=get_subscription_id(cmd.cli_ctx),
+                resource_group=resource_group_name,
+                namespace='Microsoft.Network',
+                type='publicIPAddresses',
+                name=management_public_ip
+            )
+        management_config = AzureFirewallIPConfiguration(
+            name=management_conf_name,
+            subnet=SubResource(id=management_subnet_id),
+            public_ip_address=SubResource(id=management_public_ip)
+        )
+        firewall.management_ip_configuration = management_config
+
     return client.begin_create_or_update(resource_group_name, azure_firewall_name, firewall)