1# -------------------------------------------------------------------------------------------- 2# Copyright (c) Microsoft Corporation. All rights reserved. 3# Licensed under the MIT License. See License.txt in the project root for license information. 4# -------------------------------------------------------------------------------------------- 5 6# pylint: disable=line-too-long, too-many-lines 7from argcomplete.completers import FilesCompleter 8 9import six 10 11from knack.arguments import CLIArgumentType, ignore_type 12 13from azure.cli.core.commands.parameters import (get_location_type, get_resource_name_completion_list, 14 tags_type, zone_type, zones_type, 15 file_type, get_resource_group_completion_list, 16 get_three_state_flag, get_enum_type) 17from azure.cli.core.commands.validators import get_default_location_from_resource_group 18from azure.cli.core.commands.template_create import get_folded_parameter_help_string 19from azure.cli.core.local_context import LocalContextAttribute, LocalContextAction, ALL 20from azure.cli.command_modules.network._validators import ( 21 dns_zone_name_type, 22 validate_ssl_cert, validate_cert, validate_inbound_nat_rule_id_list, 23 validate_address_pool_id_list, validate_inbound_nat_rule_name_or_id, 24 validate_address_pool_name_or_id, load_cert_file, validate_metadata, 25 validate_peering_type, validate_dns_record_type, validate_route_filter, validate_target_listener, 26 validate_private_ip_address, 27 get_servers_validator, get_public_ip_validator, get_nsg_validator, get_subnet_validator, 28 get_network_watcher_from_vm, get_network_watcher_from_location, 29 get_asg_validator, get_vnet_validator, validate_ip_tags, validate_ddos_name_or_id, 30 validate_service_endpoint_policy, validate_delegations, validate_subresource_list, 31 validate_er_peer_circuit, validate_ag_address_pools, validate_custom_error_pages, 32 validate_custom_headers, validate_status_code_ranges, validate_subnet_ranges, 33 WafConfigExclusionAction, validate_express_route_peering, validate_virtual_hub, 34 validate_express_route_port, bandwidth_validator_factory, 35 get_header_configuration_validator, validate_nat_gateway, validate_match_variables, 36 validate_waf_policy, get_subscription_list_validator, validate_frontend_ip_configs, 37 validate_user_assigned_identity, validate_virtul_network_gateway, validate_private_dns_zone, 38 NWConnectionMonitorEndpointFilterItemAction, NWConnectionMonitorTestConfigurationHTTPRequestHeaderAction, 39 process_private_link_resource_id_argument, process_private_endpoint_connection_id_argument, 40 validate_vpn_connection_name_or_id, 41 process_vnet_name_or_id, validate_trusted_client_cert) 42from azure.mgmt.trafficmanager.models import MonitorProtocol, ProfileStatus 43from azure.cli.command_modules.network._completers import ( 44 subnet_completion_list, get_lb_subresource_completion_list, get_ag_subresource_completion_list, 45 ag_url_map_rule_completion_list, tm_endpoint_completion_list, service_endpoint_completer, 46 get_sdk_completer) 47from azure.cli.command_modules.network._actions import ( 48 AddBackendAddressCreate, AddBackendAddressCreateForCrossRegionLB, TrustedClientCertificateCreate, 49 SslProfilesCreate, NatRuleCreate) 50from azure.cli.core.util import get_json_object 51from azure.cli.core.profiles import ResourceType 52 53 54# pylint: disable=too-many-locals, too-many-branches, too-many-statements 55def load_arguments(self, _): 56 57 (Access, ApplicationGatewayFirewallMode, ApplicationGatewayProtocol, ApplicationGatewayRedirectType, 58 ApplicationGatewayRequestRoutingRuleType, ApplicationGatewaySkuName, ApplicationGatewaySslProtocol, AuthenticationMethod, 59 Direction, VpnAuthenticationType, 60 ExpressRouteCircuitSkuFamily, ExpressRouteCircuitSkuTier, ExpressRoutePortsEncapsulation, 61 FlowLogFormatType, HTTPMethod, IPAllocationMethod, 62 IPVersion, LoadBalancerSkuName, LoadDistribution, ProbeProtocol, ProcessorArchitecture, Protocol, PublicIPAddressSkuName, PublicIPAddressSkuTier, 63 RouteNextHopType, SecurityRuleAccess, SecurityRuleProtocol, SecurityRuleDirection, TransportProtocol, 64 VirtualNetworkGatewaySkuName, VirtualNetworkGatewayType, VpnClientProtocol, VpnType, 65 ExpressRouteLinkMacSecCipher, 66 ConnectionMonitorEndpointFilterType, ConnectionMonitorTestConfigurationProtocol, 67 PreferredIPVersion, HTTPConfigurationMethod, OutputType, DestinationPortBehavior, CoverageLevel, EndpointType, GatewayLoadBalancerTunnelProtocol, 68 GatewayLoadBalancerTunnelInterfaceType, VpnNatRuleType, VpnNatRuleMode) = self.get_models( 69 'Access', 'ApplicationGatewayFirewallMode', 'ApplicationGatewayProtocol', 'ApplicationGatewayRedirectType', 70 'ApplicationGatewayRequestRoutingRuleType', 'ApplicationGatewaySkuName', 'ApplicationGatewaySslProtocol', 'AuthenticationMethod', 71 'Direction', 'VpnAuthenticationType', 72 'ExpressRouteCircuitSkuFamily', 'ExpressRouteCircuitSkuTier', 'ExpressRoutePortsEncapsulation', 73 'FlowLogFormatType', 'HTTPMethod', 'IPAllocationMethod', 74 'IPVersion', 'LoadBalancerSkuName', 'LoadDistribution', 'ProbeProtocol', 'ProcessorArchitecture', 'Protocol', 'PublicIPAddressSkuName', 'PublicIPAddressSkuTier', 75 'RouteNextHopType', 'SecurityRuleAccess', 'SecurityRuleProtocol', 'SecurityRuleDirection', 'TransportProtocol', 76 'VirtualNetworkGatewaySkuName', 'VirtualNetworkGatewayType', 'VpnClientProtocol', 'VpnType', 77 'ExpressRouteLinkMacSecCipher', 78 'ConnectionMonitorEndpointFilterType', 'ConnectionMonitorTestConfigurationProtocol', 79 'PreferredIPVersion', 'HTTPConfigurationMethod', 'OutputType', 'DestinationPortBehavior', 'CoverageLevel', 'EndpointType', 'GatewayLoadBalancerTunnelProtocol', 80 'GatewayLoadBalancerTunnelInterfaceType', 'VpnNatRuleType', 'VpnNatRuleMode') 81 82 ZoneType = self.get_models('ZoneType', resource_type=ResourceType.MGMT_NETWORK_DNS) 83 84 if self.supported_api_version(min_api='2018-02-01'): 85 ExpressRoutePeeringType = self.get_models('ExpressRoutePeeringType') 86 else: 87 # for Stack compatibility 88 ExpressRoutePeeringType = self.get_models('ExpressRouteCircuitPeeringType') 89 90 default_existing = 'If only one exists, omit to use as default.' 91 92 # taken from Xplat. No enums in SDK 93 routing_registry_values = ['ARIN', 'APNIC', 'AFRINIC', 'LACNIC', 'RIPENCC', 'RADB', 'ALTDB', 'LEVEL3'] 94 95 name_arg_type = CLIArgumentType(options_list=['--name', '-n'], metavar='NAME') 96 nic_type = CLIArgumentType(options_list='--nic-name', metavar='NAME', help='The network interface (NIC).', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/networkInterfaces')) 97 nsg_name_type = CLIArgumentType(options_list='--nsg-name', metavar='NAME', help='Name of the network security group.') 98 circuit_name_type = CLIArgumentType(options_list='--circuit-name', metavar='NAME', help='ExpressRoute circuit name.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/expressRouteCircuits')) 99 virtual_network_name_type = CLIArgumentType(options_list='--vnet-name', metavar='NAME', help='The virtual network (VNet) name.', completer=get_resource_name_completion_list('Microsoft.Network/virtualNetworks'), 100 local_context_attribute=LocalContextAttribute(name='vnet_name', actions=[LocalContextAction.GET])) 101 subnet_name_type = CLIArgumentType(options_list='--subnet-name', metavar='NAME', help='The subnet name.', 102 local_context_attribute=LocalContextAttribute(name='subnet_name', actions=[LocalContextAction.GET])) 103 load_balancer_name_type = CLIArgumentType(options_list='--lb-name', metavar='NAME', help='The load balancer name.', completer=get_resource_name_completion_list('Microsoft.Network/loadBalancers'), id_part='name') 104 private_ip_address_type = CLIArgumentType(help='Static private IP address to use.', validator=validate_private_ip_address) 105 cookie_based_affinity_type = CLIArgumentType(arg_type=get_three_state_flag(positive_label='Enabled', negative_label='Disabled', return_label=True)) 106 http_protocol_type = CLIArgumentType(get_enum_type(ApplicationGatewayProtocol)) 107 ag_servers_type = CLIArgumentType(nargs='+', help='Space-separated list of IP addresses or DNS names corresponding to backend servers.', validator=get_servers_validator()) 108 app_gateway_name_type = CLIArgumentType(help='Name of the application gateway.', options_list='--gateway-name', completer=get_resource_name_completion_list('Microsoft.Network/applicationGateways'), id_part='name') 109 bastion_host_name_type = CLIArgumentType(help='Name of the bastion host.', options_list='--bastion-host-name', completer=get_resource_name_completion_list('Microsoft.Network/bastionHosts'), id_part='name') 110 express_route_link_macsec_cipher_type = CLIArgumentType(get_enum_type(ExpressRouteLinkMacSecCipher)) 111 zone_compatible_type = CLIArgumentType( 112 options_list=['--zone', '-z'], 113 nargs='+', 114 help='Space-separated list of availability zones into which to provision the resource.', 115 choices=['1', '2', '3'] 116 ) 117 edge_zone = CLIArgumentType(help='The name of edge zone.', is_preview=True, min_api='2021-02-01') 118 gateway_lb = CLIArgumentType(help='The reference to gateway load balancer frontend IP. If you want to delete it, ' 119 'input \'\"\"\'(Powershell) or \"\"(Linux)', is_preview=True, min_api='2020-08-01') 120 121 # region NetworkRoot 122 with self.argument_context('network') as c: 123 c.argument('subnet_name', subnet_name_type) 124 c.argument('virtual_network_name', virtual_network_name_type, id_part='name') 125 c.argument('tags', tags_type) 126 c.argument('network_security_group_name', nsg_name_type, id_part='name') 127 c.argument('private_ip_address', private_ip_address_type) 128 c.argument('private_ip_address_version', arg_type=get_enum_type(IPVersion)) 129 c.argument('enable_tcp_reset', arg_type=get_three_state_flag(), help='Receive bidirectional TCP reset on TCP flow idle timeout or unexpected connection termination. Only used when protocol is set to TCP.', min_api='2018-07-01') 130 c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group) 131 c.argument('cache_result', arg_type=get_enum_type(['in', 'out', 'inout']), options_list='--cache', help='Cache the JSON object instead of sending off immediately.') 132 # endregion 133 134 # region ApplicationGateways 135 with self.argument_context('network application-gateway') as c: 136 c.argument('application_gateway_name', app_gateway_name_type, options_list=['--name', '-n']) 137 c.argument('sku', arg_group='Gateway', help='The name of the SKU.', arg_type=get_enum_type(ApplicationGatewaySkuName), default=ApplicationGatewaySkuName.standard_medium.value) 138 c.argument('min_capacity', min_api='2018-07-01', help='Lower bound on the number of application gateway instances.', type=int) 139 c.argument('max_capacity', min_api='2018-12-01', help='Upper bound on the number of application gateway instances.', type=int) 140 c.ignore('virtual_network_type', 'private_ip_address_allocation') 141 c.argument('zones', zones_type) 142 c.argument('custom_error_pages', min_api='2018-08-01', nargs='+', help='Space-separated list of custom error pages in `STATUS_CODE=URL` format.', validator=validate_custom_error_pages) 143 c.argument('firewall_policy', options_list='--waf-policy', min_api='2018-12-01', help='Name or ID of a web application firewall (WAF) policy.', validator=validate_waf_policy) 144 145 with self.argument_context('network application-gateway', arg_group='Identity') as c: 146 c.argument('user_assigned_identity', options_list='--identity', help="Name or ID of the ManagedIdentity Resource", validator=validate_user_assigned_identity) 147 148 with self.argument_context('network application-gateway', arg_group='Network') as c: 149 c.argument('virtual_network_name', virtual_network_name_type) 150 c.argument('private_ip_address') 151 c.argument('public_ip_address_allocation', help='The kind of IP allocation to use when creating a new public IP.', default=IPAllocationMethod.dynamic.value) 152 c.argument('subnet_address_prefix', help='The CIDR prefix to use when creating a new subnet.') 153 c.argument('vnet_address_prefix', help='The CIDR prefix to use when creating a new VNet.') 154 155 with self.argument_context('network application-gateway', arg_group='Gateway') as c: 156 c.argument('servers', ag_servers_type) 157 c.argument('capacity', help='The number of instances to use with the application gateway.', type=int) 158 c.argument('http_settings_cookie_based_affinity', cookie_based_affinity_type, help='Enable or disable HTTP settings cookie-based affinity.') 159 c.argument('http_settings_protocol', http_protocol_type, help='The HTTP settings protocol.') 160 c.argument('enable_http2', arg_type=get_three_state_flag(positive_label='Enabled', negative_label='Disabled'), options_list=['--http2'], help='Use HTTP2 for the application gateway.', min_api='2017-10-01') 161 c.ignore('public_ip_address_type', 'frontend_type', 'subnet_type') 162 c.argument('ssl_profile_id', help='SSL profile resource of the application gateway.', min_api='2020-06-01', is_preview=True) 163 164 with self.argument_context('network application-gateway', arg_group='Private Link Configuration') as c: 165 c.argument('enable_private_link', 166 action='store_true', 167 help='Enable Private Link feature for this application gateway. ' 168 'If both public IP and private IP are enbaled, taking effect only in public frontend IP', 169 default=False) 170 c.argument('private_link_ip_address', help='The static private IP address of a subnet for Private Link. If omitting, a dynamic one will be created') 171 c.argument('private_link_subnet_prefix', help='The CIDR prefix to use when creating a new subnet') 172 c.argument('private_link_subnet', help='The name of the subnet within the same vnet of an application gateway') 173 c.argument('private_link_primary', arg_type=get_three_state_flag(), help='Whether the IP configuration is primary or not') 174 175 with self.argument_context('network application-gateway', arg_group='Mutual Authentication Support') as c: 176 c.argument('trusted_client_cert', min_api='2020-06-01', nargs='+', action=TrustedClientCertificateCreate, is_preview=True) 177 178 with self.argument_context('network application-gateway', arg_group='SSL Profile') as c: 179 c.argument('ssl_profile', min_api='2020-06-01', nargs='+', action=SslProfilesCreate, is_preview=True) 180 181 with self.argument_context('network application-gateway create') as c: 182 c.argument('validate', help='Generate and validate the ARM template without creating any resources.', action='store_true') 183 c.argument('routing_rule_type', arg_group='Gateway', help='The request routing rule type.', arg_type=get_enum_type(ApplicationGatewayRequestRoutingRuleType)) 184 public_ip_help = get_folded_parameter_help_string('public IP address', allow_none=True, allow_new=True, default_none=True) 185 c.argument('public_ip_address', help=public_ip_help, completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses'), arg_group='Network') 186 subnet_help = get_folded_parameter_help_string('subnet', other_required_option='--vnet-name', allow_new=True) 187 c.argument('subnet', help=subnet_help, completer=subnet_completion_list, arg_group='Network') 188 189 with self.argument_context('network application-gateway create', arg_group='Gateway') as c: 190 c.argument('cert_data', options_list='--cert-file', type=file_type, completer=FilesCompleter(), help='The path to the PFX certificate file.') 191 c.argument('frontend_port', help='The front end port number.') 192 c.argument('cert_password', help='The certificate password') 193 c.argument('http_settings_port', help='The HTTP settings port.') 194 c.argument('servers', ag_servers_type) 195 c.argument('key_vault_secret_id', help="Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in Azure KeyVault. You need enable soft delete for keyvault to use this feature.") 196 c.argument('ssl_cert_name', options_list='--ssl-certificate-name', help="The certificate name. Default will be `<application-gateway-name>SslCert`.") 197 198 with self.argument_context('network application-gateway update', arg_group=None) as c: 199 c.argument('sku', default=None) 200 c.argument('enable_http2') 201 c.argument('capacity', help='The number of instances to use with the application gateway.', type=int) 202 203 ag_subresources = [ 204 {'name': 'auth-cert', 'display': 'authentication certificate', 'ref': 'authentication_certificates'}, 205 {'name': 'ssl-cert', 'display': 'SSL certificate', 'ref': 'ssl_certificates'}, 206 {'name': 'frontend-ip', 'display': 'frontend IP configuration', 'ref': 'frontend_ip_configurations'}, 207 {'name': 'frontend-port', 'display': 'frontend port', 'ref': 'frontend_ports'}, 208 {'name': 'address-pool', 'display': 'backend address pool', 'ref': 'backend_address_pools'}, 209 {'name': 'http-settings', 'display': 'backed HTTP settings', 'ref': 'backend_http_settings_collection'}, 210 {'name': 'http-listener', 'display': 'HTTP listener', 'ref': 'http_listeners'}, 211 {'name': 'rule', 'display': 'request routing rule', 'ref': 'request_routing_rules'}, 212 {'name': 'probe', 'display': 'probe', 'ref': 'probes'}, 213 {'name': 'url-path-map', 'display': 'URL path map', 'ref': 'url_path_maps'}, 214 {'name': 'redirect-config', 'display': 'redirect configuration', 'ref': 'redirect_configurations'}, 215 {'name': 'private-link', 'display': 'private link', 'ref': 'private_link_configurations'} 216 ] 217 if self.supported_api_version(min_api='2018-08-01'): 218 ag_subresources.append({'name': 'root-cert', 'display': 'trusted root certificate', 'ref': 'trusted_root_certificates'}) 219 if self.supported_api_version(min_api='2018-12-01'): 220 ag_subresources.append({'name': 'rewrite-rule set', 'display': 'rewrite rule set', 'ref': 'rewrite_rule_sets'}) 221 222 for item in ag_subresources: 223 with self.argument_context('network application-gateway {}'.format(item['name'])) as c: 224 c.argument('item_name', options_list=['--name', '-n'], id_part='child_name_1', help='The name of the {}.'.format(item['display']), completer=get_ag_subresource_completion_list(item['ref'])) 225 c.argument('resource_name', options_list='--gateway-name', help='The name of the application gateway.', id_part='name') 226 c.argument('application_gateway_name', app_gateway_name_type) 227 c.argument('private_ip_address', arg_group=None) 228 c.argument('virtual_network_name', arg_group=None) 229 230 with self.argument_context('network application-gateway {} create'.format(item['name'])) as c: 231 c.argument('item_name', options_list=['--name', '-n'], help='The name of the {}.'.format(item['display']), completer=None) 232 233 with self.argument_context('network application-gateway {} list'.format(item['name'])) as c: 234 c.argument('resource_name', options_list=['--gateway-name'], id_part=None) 235 236 for item in ['create', 'http-settings']: 237 with self.argument_context('network application-gateway {}'.format(item)) as c: 238 c.argument('connection_draining_timeout', min_api='2016-12-01', type=int, help='The time in seconds after a backend server is removed during which on open connection remains active. Range: 0 (disabled) to 3600', arg_group='Gateway' if item == 'create' else None) 239 240 with self.argument_context('network application-gateway address-pool') as c: 241 c.argument('servers', ag_servers_type, arg_group=None) 242 243 for scope in ['auth-cert', 'root-cert']: 244 with self.argument_context('network application-gateway {}'.format(scope)) as c: 245 c.argument('cert_data', options_list='--cert-file', help='Certificate file path.', type=file_type, completer=FilesCompleter(), validator=validate_cert) 246 247 with self.argument_context('network application-gateway root-cert') as c: 248 c.argument('keyvault_secret', help='KeyVault secret ID.') 249 250 with self.argument_context('network application-gateway frontend-ip create') as c: 251 c.argument('public_ip_address', validator=get_public_ip_validator(), help='The name or ID of the public IP address.', completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses')) 252 253 for item in ['create', 'update']: 254 with self.argument_context('network application-gateway frontend-ip {}'.format(item)) as c: 255 c.argument('subnet', validator=get_subnet_validator(), help='The name or ID of the subnet.') 256 c.argument('virtual_network_name', help='The name of the virtual network corresponding to the subnet.', id_part=None, arg_group=None) 257 258 with self.argument_context('network application-gateway frontend-ip update') as c: 259 c.argument('public_ip_address', validator=get_public_ip_validator(), help='The name or ID of the public IP address.', completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses'), deprecate_info=c.deprecate(hide=True)) 260 261 for item in ['frontend-port', 'http-settings']: 262 with self.argument_context('network application-gateway {}'.format(item)) as c: 263 c.argument('port', help='The port number.', type=int) 264 265 for item in ['http-settings', 'probe']: 266 with self.argument_context('network application-gateway {}'.format(item)) as c: 267 c.argument('protocol', http_protocol_type, help='The HTTP settings protocol.') 268 269 with self.argument_context('network application-gateway http-listener') as c: 270 c.argument('frontend_ip', help='The name or ID of the frontend IP configuration.', completer=get_ag_subresource_completion_list('frontend_ip_configurations')) 271 c.argument('frontend_port', help='The name or ID of the frontend port.', completer=get_ag_subresource_completion_list('frontend_ports')) 272 c.argument('ssl_cert', help='The name or ID of the SSL certificate to use.', completer=get_ag_subresource_completion_list('ssl_certificates')) 273 c.ignore('protocol') 274 c.argument('host_name', help='Host name to use for multisite gateways.') 275 c.argument('host_names', nargs='+', is_preview=True, help='Space-separated list of host names that allows special wildcard characters as well.', min_api='2019-11-01') 276 c.argument('firewall_policy', min_api='2019-09-01', help='Name or ID of a Firewall Policy resource.') 277 c.argument('ssl_profile', min_api='2020-06-01', help='SSL profile resource of the application gateway.', completer=get_ag_subresource_completion_list('ssl_profiles')) 278 279 with self.argument_context('network application-gateway http-listener create') as c: 280 c.argument('frontend_ip', help='The name or ID of the frontend IP configuration. {}'.format(default_existing)) 281 282 with self.argument_context('network application-gateway private-link', arg_group=None) as c: 283 c.argument('frontend_ip', help='The frontend IP which the Private Link will associate to') 284 c.argument('private_link_name', options_list=['--name', '-n'], help='The name of Private Link.') 285 c.argument('private_link_ip_address', options_list='--ip-address', help='The static private IP address of a subnet for Private Link. If omitting, a dynamic one will be created') 286 c.argument('private_link_subnet_prefix', options_list='--subnet-prefix', help='The CIDR prefix to use when creating a new subnet') 287 c.argument('private_link_subnet_name_or_id', options_list='--subnet', help='The name or an existing ID of a subnet within the same vnet of an application gateway') 288 c.argument('private_link_primary', options_list='--primary', arg_type=get_three_state_flag(), help='Whether the IP configuration is primary or not') 289 290 with self.argument_context('network application-gateway private-link list', arg_group=None) as c: 291 c.argument('application_gateway_name', id_part=None) 292 293 with self.argument_context('network application-gateway private-link ip-config', arg_group=None) as c: 294 c.argument('private_link_ip_name', options_list='--name', help='The name of the private IP for Private Link') 295 c.argument('private_link_name', options_list='--private-link', help='The name of Private Link.') 296 297 with self.argument_context('network application-gateway private-link ip-config list', arg_group=None) as c: 298 c.argument('application_gateway_name', id_part=None) 299 300 with self.argument_context('network application-gateway rewrite-rule') as c: 301 rewrite_rule_set_name_type = CLIArgumentType(help='Name of the rewrite rule set.', options_list='--rule-set-name', id_part='child_name_1') 302 rewrite_rule_name_type = CLIArgumentType(help='Name of the rewrite rule.', options_list='--rule-name', id_part='child_name_2') 303 c.argument('rule_name', rewrite_rule_name_type, options_list=['--name', '-n']) 304 c.argument('rule_set_name', rewrite_rule_set_name_type) 305 c.argument('application_gateway_name', app_gateway_name_type) 306 c.argument('response_headers', nargs='+', help='Space-separated list of HEADER=VALUE pairs.', validator=get_header_configuration_validator('response_headers'), completer=get_sdk_completer('application_gateways', 'list_available_response_headers')) 307 c.argument('request_headers', nargs='+', help='Space-separated list of HEADER=VALUE pairs.', validator=get_header_configuration_validator('request_headers'), completer=get_sdk_completer('application_gateways', 'list_available_request_headers')) 308 c.argument('sequence', type=int, help='Determines the execution order of the rule in the rule set.') 309 310 with self.argument_context('network application-gateway rewrite-rule', arg_group='URL Configuration') as c: 311 c.argument('modified_path', help='Url path for url rewrite') 312 c.argument('modified_query_string', help='Query string for url rewrite.') 313 c.argument('enable_reroute', arg_type=get_three_state_flag(), help='If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path.') 314 315 with self.argument_context('network application-gateway rewrite-rule condition') as c: 316 c.argument('rule_name', rewrite_rule_name_type) 317 c.argument('variable', help='The variable whose value is being evaluated.', completer=get_sdk_completer('application_gateways', 'list_available_server_variables')) 318 c.argument('pattern', help='The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition') 319 c.argument('ignore_case', arg_type=get_three_state_flag(), help='Make comparison case-insensitive.') 320 c.argument('negate', arg_type=get_three_state_flag(), help='Check the negation of the condition.') 321 322 with self.argument_context('network application-gateway rule create') as c: 323 c.argument('address_pool', help='The name or ID of the backend address pool. {}'.format(default_existing)) 324 c.argument('http_settings', help='The name or ID of the HTTP settings. {}'.format(default_existing)) 325 c.argument('http_listener', help='The name or ID of the HTTP listener. {}'.format(default_existing)) 326 327 for scope in ['rewrite-rule list', 'rewrite-rule condition list']: 328 with self.argument_context('network application-gateway {}'.format(scope)) as c: 329 c.argument('application_gateway_name', app_gateway_name_type, id_part=None) 330 331 with self.argument_context('network application-gateway http-settings') as c: 332 c.argument('cookie_based_affinity', cookie_based_affinity_type, help='Enable or disable cookie-based affinity.') 333 c.argument('timeout', help='Request timeout in seconds.') 334 c.argument('probe', help='Name or ID of the probe to associate with the HTTP settings.', completer=get_ag_subresource_completion_list('probes')) 335 c.argument('auth_certs', nargs='+', min_api='2016-09-01', help='Space-separated list of authentication certificates (names or IDs) to associate with the HTTP settings.') 336 c.argument('root_certs', nargs='+', min_api='2019-04-01', help='Space-separated list of trusted root certificates (names or IDs) to associate with the HTTP settings. --host-name or --host-name-from-backend-pool is required when this field is set.') 337 338 with self.argument_context('network application-gateway probe') as c: 339 c.argument('host', help='The name of the host to send the probe.') 340 c.argument('path', help='The relative path of the probe. Valid paths start from "/"') 341 c.argument('interval', help='The time interval in seconds between consecutive probes.') 342 c.argument('threshold', help='The number of failed probes after which the back end server is marked down.') 343 c.argument('timeout', help='The probe timeout in seconds.') 344 c.argument('port', type=int, min_api='2019-04-01', 345 help='Custom port which will be used for probing the backend servers. ' 346 'The valid value ranges from 1 to 65535. ' 347 'In case not set, port from http settings will be used. ' 348 'This property is valid for Standard_v2 and WAF_v2 only.') 349 350 with self.argument_context('network application-gateway rule') as c: 351 c.argument('address_pool', help='The name or ID of the backend address pool.', completer=get_ag_subresource_completion_list('backend_address_pools')) 352 c.argument('http_listener', help='The name or ID of the HTTP listener.', completer=get_ag_subresource_completion_list('http_listeners')) 353 c.argument('http_settings', help='The name or ID of the backend HTTP settings.', completer=get_ag_subresource_completion_list('backend_http_settings_collection')) 354 c.argument('rule_type', help='The rule type (Basic, PathBasedRouting).') 355 c.argument('url_path_map', help='The name or ID of the URL path map.', completer=get_ag_subresource_completion_list('url_path_maps')) 356 c.argument('rewrite_rule_set', min_api='2019-04-01', help='The name or ID of the rewrite rule set.') 357 c.argument('priority', type=int, help='Priority of the request routing rule. Range from 1 to 2000') 358 359 with self.argument_context('network application-gateway ssl-cert') as c: 360 c.argument('cert_data', options_list='--cert-file', type=file_type, completer=FilesCompleter(), help='The path to the PFX certificate file.', validator=validate_ssl_cert) 361 c.argument('cert_password', help='Certificate password.') 362 c.argument('key_vault_secret_id', help="Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in Azure KeyVault.") 363 364 with self.argument_context('network application-gateway ssl-policy') as c: 365 c.argument('clear', action='store_true', help='Clear SSL policy.') 366 c.argument('disabled_ssl_protocols', nargs='+', help='Space-separated list of protocols to disable.', arg_type=get_enum_type(ApplicationGatewaySslProtocol)) 367 368 with self.argument_context('network application-gateway url-path-map') as c: 369 c.argument('rule_name', help='The name of the url-path-map rule.', arg_group='First Rule') 370 c.argument('paths', nargs='+', help='Space-separated list of paths to associate with the rule. Valid paths start and end with "/" (ex: "/bar/")', arg_group='First Rule') 371 c.argument('address_pool', help='The name or ID of the backend address pool to use with the created rule.', completer=get_ag_subresource_completion_list('backend_address_pools'), arg_group='First Rule') 372 c.argument('http_settings', help='The name or ID of the HTTP settings to use with the created rule.', completer=get_ag_subresource_completion_list('backend_http_settings_collection'), arg_group='First Rule') 373 c.argument('firewall_policy', min_api='2019-09-01', help='Name or ID of a Firewall Policy resource.', arg_group='First Rule') 374 c.argument('rewrite_rule_set', min_api='2019-04-01', help='The name or ID of the rewrite rule set. If not specified, the default for the map will be used.', arg_group='First Rule') 375 376 with self.argument_context('network application-gateway url-path-map create') as c: 377 c.argument('default_address_pool', help='The name or ID of the default backend address pool, if different from --address-pool.', completer=get_ag_subresource_completion_list('backend_address_pools')) 378 c.argument('default_http_settings', help='The name or ID of the default HTTP settings, if different from --http-settings.', completer=get_ag_subresource_completion_list('backend_http_settings_collection')) 379 c.argument('default_rewrite_rule_set', min_api='2019-04-01', help='The name or ID of the default rewrite rule set, if different from --rewrite-rule-set.') 380 381 with self.argument_context('network application-gateway url-path-map update') as c: 382 c.argument('default_address_pool', help='The name or ID of the default backend address pool.', completer=get_ag_subresource_completion_list('backend_address_pools')) 383 c.argument('default_http_settings', help='The name or ID of the default HTTP settings.', completer=get_ag_subresource_completion_list('backend_http_settings_collection')) 384 c.argument('default_rewrite_rule_set', min_api='2019-04-01', help='The name or ID of the default rewrite rule set.') 385 386 with self.argument_context('network application-gateway url-path-map rule') as c: 387 c.argument('item_name', options_list=['--name', '-n'], help='The name of the url-path-map rule.', completer=ag_url_map_rule_completion_list, id_part='child_name_2') 388 c.argument('url_path_map_name', options_list='--path-map-name', help='The name of the URL path map.', completer=get_ag_subresource_completion_list('url_path_maps'), id_part='child_name_1') 389 c.argument('address_pool', help='The name or ID of the backend address pool. If not specified, the default for the map will be used.', completer=get_ag_subresource_completion_list('backend_address_pools')) 390 c.argument('http_settings', help='The name or ID of the HTTP settings. If not specified, the default for the map will be used.', completer=get_ag_subresource_completion_list('backend_http_settings_collection')) 391 for item in ['address_pool', 'http_settings', 'redirect_config', 'paths', 'rewrite_rule_set', 'firewall_policy']: 392 c.argument(item, arg_group=None) 393 394 with self.argument_context('network application-gateway url-path-map rule create') as c: 395 c.argument('item_name', options_list=['--name', '-n'], help='The name of the url-path-map rule.', completer=None) 396 397 with self.argument_context('network application-gateway waf-config') as c: 398 c.argument('disabled_rule_groups', nargs='+') 399 c.argument('disabled_rules', nargs='+') 400 c.argument('enabled', help='Specify whether the application firewall is enabled.', arg_type=get_enum_type(['true', 'false'])) 401 c.argument('firewall_mode', min_api='2016-09-01', help='Web application firewall mode.', arg_type=get_enum_type(ApplicationGatewayFirewallMode, default='detection')) 402 403 with self.argument_context('network application-gateway waf-config', min_api='2018-08-01') as c: 404 c.argument('file_upload_limit', help='File upload size limit in MB.', type=int) 405 c.argument('max_request_body_size', help='Max request body size in KB.', type=int) 406 c.argument('request_body_check', arg_type=get_three_state_flag(), help='Allow WAF to check the request body.') 407 c.argument('exclusions', nargs='+', options_list='--exclusion', action=WafConfigExclusionAction) 408 409 for item in ['ssl-policy', 'waf-config']: 410 with self.argument_context('network application-gateway {}'.format(item)) as c: 411 c.argument('application_gateway_name', app_gateway_name_type) 412 413 with self.argument_context('network application-gateway waf-config list-rule-sets') as c: 414 c.argument('_type', options_list=['--type']) 415 416 with self.argument_context('network application-gateway redirect-config', min_api='2017-06-01') as c: 417 c.argument('redirect_type', options_list=['--type', '-t'], help='HTTP redirection type', arg_type=get_enum_type(ApplicationGatewayRedirectType)) 418 c.argument('include_path', arg_type=get_three_state_flag()) 419 c.argument('include_query_string', arg_type=get_three_state_flag()) 420 c.argument('target_listener', validator=validate_target_listener, help='Name or ID of the HTTP listener to redirect the request to.') 421 c.argument('target_url', help='URL to redirect the request to.') 422 423 with self.argument_context('network application-gateway ssl-policy predefined', min_api='2017-06-01') as c: 424 c.argument('predefined_policy_name', name_arg_type) 425 426 with self.argument_context('network application-gateway ssl-policy', min_api='2017-06-01') as c: 427 c.argument('policy_name', name_arg_type) 428 c.argument('cipher_suites', nargs='+') 429 c.argument('min_protocol_version') 430 c.argument('disabled_ssl_protocols', nargs='+', help='Space-separated list of protocols to disable.') 431 432 with self.argument_context('network application-gateway http-settings', min_api='2017-06-01') as c: 433 c.argument('host_name', help='Host header sent to the backend servers.') 434 c.argument('host_name_from_backend_pool', help='Use host name of the backend server as the host header.', arg_type=get_three_state_flag()) 435 c.argument('affinity_cookie_name', help='Name used for the affinity cookie.') 436 c.argument('enable_probe', help='Whether the probe is enabled.', arg_type=get_three_state_flag()) 437 c.argument('path', help='Path that will prefix all HTTP requests.') 438 439 with self.argument_context('network application-gateway probe', min_api='2017-06-01') as c: 440 c.argument('host', default=None, required=False, help='The name of the host to send the probe.') 441 c.argument('host_name_from_http_settings', help='Use host header from HTTP settings.', arg_type=get_three_state_flag()) 442 c.argument('min_servers', type=int, help='Minimum number of servers that are always marked healthy.') 443 c.argument('match_body', help='Body that must be contained in the health response.') 444 c.argument('match_status_codes', nargs='+', help='Space-separated list of allowed ranges of healthy status codes for the health response.') 445 446 with self.argument_context('network application-gateway url-path-map', min_api='2017-06-01') as c: 447 c.argument('default_redirect_config', help='The name or ID of the default redirect configuration.') 448 c.argument('redirect_config', help='The name or ID of the redirect configuration to use with the created rule.', arg_group='First Rule') 449 450 with self.argument_context('network application-gateway rule', min_api='2017-06-01') as c: 451 c.argument('redirect_config', help='The name or ID of the redirect configuration to use with the created rule.') 452 453 with self.argument_context('network application-gateway identity', min_api='2019-04-01') as c: 454 c.argument('application_gateway_name', app_gateway_name_type) 455 456 with self.argument_context('network application-gateway client-cert', min_api='2020-06-01', id_part=None) as c: 457 c.argument('application_gateway_name', app_gateway_name_type) 458 c.argument('client_cert_name', options_list='--name', help='Name of the trusted client certificate that is unique within an Application Gateway') 459 460 with self.argument_context('network application-gateway client-cert add', min_api='2020-06-01') as c: 461 c.argument('client_cert_data', options_list='--data', type=file_type, completer=FilesCompleter(), help='Certificate public data.', validator=validate_trusted_client_cert) 462 463 with self.argument_context('network application-gateway client-cert update', min_api='2020-06-01') as c: 464 c.argument('client_cert_data', options_list='--data', type=file_type, completer=FilesCompleter(), help='Certificate public data.', validator=validate_trusted_client_cert) 465 466 with self.argument_context('network application-gateway ssl-profile', min_api='2020-06-01', id_part=None) as c: 467 c.argument('application_gateway_name', app_gateway_name_type) 468 c.argument('ssl_profile_name', options_list='--name', help='Name of the SSL profile that is unique within an Application Gateway.') 469 c.argument('policy_name', help='Name of Ssl Policy.') 470 c.argument('policy_type', help='Type of Ssl Policy.', choices=['Custom', 'Predefined']) 471 c.argument('min_protocol_version', help='Minimum version of Ssl protocol to be supported on application gateway.') 472 c.argument('cipher_suites', nargs='+', help='Ssl cipher suites to be enabled in the specified order to application gateway.') 473 c.argument('disabled_ssl_protocols', options_list=['--disabled-ssl-protocols', '--disabled-protocols'], nargs='+', help='Space-separated list of protocols to disable.') 474 c.argument('trusted_client_certificates', options_list=['--trusted-client-certificates', '--trusted-client-cert'], nargs='+', help='Array of references to application gateway trusted client certificates.') 475 c.argument('client_auth_configuration', options_list=['--client-auth-configuration', '--client-auth-config'], help='Client authentication configuration of the application gateway resource.', choices=['True', 'False']) 476 477 with self.argument_context('network application-gateway show-backend-health') as c: 478 c.argument('expand', help='Expands BackendAddressPool and BackendHttpSettings referenced in backend health.') 479 480 with self.argument_context('network application-gateway show-backend-health', min_api='2019-04-01', is_preview=True, arg_group="Probe Operation") as c: 481 c.argument('protocol', http_protocol_type, help='The HTTP settings protocol.') 482 c.argument('host', help='The name of the host to send the probe.') 483 c.argument('path', help='The relative path of the probe. Valid paths start from "/"') 484 c.argument('timeout', help='The probe timeout in seconds.') 485 c.argument('host_name_from_http_settings', help='Use host header from HTTP settings.', 486 arg_type=get_three_state_flag()) 487 c.argument('match_body', help='Body that must be contained in the health response.') 488 c.argument('match_status_codes', nargs='+', 489 help='Space-separated list of allowed ranges of healthy status codes for the health response.') 490 c.argument('address_pool', help='The name or ID of the backend address pool.', completer=get_ag_subresource_completion_list('backend_address_pools')) 491 c.argument('http_settings', help='The name or ID of the HTTP settings.', completer=get_ag_subresource_completion_list('backend_http_settings_collection')) 492 493 # endregion 494 495 # region WebApplicationFirewallPolicy 496 (WebApplicationFirewallAction, WebApplicationFirewallMatchVariable, 497 WebApplicationFirewallOperator, WebApplicationFirewallRuleType, 498 WebApplicationFirewallTransform, 499 OwaspCrsExclusionEntryMatchVariable, OwaspCrsExclusionEntrySelectorMatchOperator, 500 WebApplicationFirewallEnabledState, WebApplicationFirewallMode) = self.get_models( 501 'WebApplicationFirewallAction', 'WebApplicationFirewallMatchVariable', 502 'WebApplicationFirewallOperator', 'WebApplicationFirewallRuleType', 503 'WebApplicationFirewallTransform', 504 'OwaspCrsExclusionEntryMatchVariable', 'OwaspCrsExclusionEntrySelectorMatchOperator', 505 'WebApplicationFirewallEnabledState', 'WebApplicationFirewallMode') 506 with self.argument_context('network application-gateway waf-policy', min_api='2018-12-01') as c: 507 c.argument('policy_name', name_arg_type, id_part='name', help='The name of the application gateway WAF policy.') 508 c.argument('rule_set_type', options_list='--type', 509 arg_type=get_enum_type(['Microsoft_BotManagerRuleSet', 'OWASP']), 510 help='The type of the web application firewall rule set.') 511 c.argument('rule_set_version', 512 options_list='--version', 513 arg_type=get_enum_type(['0.1', '2.2.9', '3.0', '3.1']), 514 help='The version of the web application firewall rule set type. ' 515 '0.1 is used for Microsoft_BotManagerRuleSet') 516 517 with self.argument_context('network application-gateway waf-policy policy-setting', min_api='2019-09-01') as c: 518 c.argument('policy_name', options_list='--policy-name', id_part=None, 519 help='The name of the web application firewall policy.') 520 c.argument('state', 521 arg_type=get_enum_type(WebApplicationFirewallEnabledState), 522 help='Describes if the policy is in enabled state or disabled state.') 523 c.argument('mode', 524 arg_type=get_enum_type(WebApplicationFirewallMode), 525 help='Describes if it is in detection mode or prevention mode at policy level.') 526 c.argument('request_body_check', 527 arg_type=get_three_state_flag(), 528 help='Specified to require WAF to check request Body.') 529 c.argument('max_request_body_size_in_kb', 530 type=int, 531 help='Maximum request body size in Kb for WAF.') 532 c.argument('file_upload_limit_in_mb', 533 type=int, 534 help='Maximum file upload size in Mb for WAF."') 535 536 with self.argument_context('network application-gateway waf-policy custom-rule', min_api='2018-12-01') as c: 537 c.argument('policy_name', options_list='--policy-name') 538 c.argument('rule_name', options_list=['--name', '-n'], id_part='child_name_1', help='Name of the WAF policy rule.') 539 c.argument('priority', type=int, help='Rule priority. Lower values are evaluated prior to higher values.') 540 c.argument('action', arg_type=get_enum_type(WebApplicationFirewallAction), help='Action to take.') 541 c.argument('rule_type', arg_type=get_enum_type(WebApplicationFirewallRuleType), help='Type of rule.') 542 543 with self.argument_context('network application-gateway waf-policy custom-rule list', min_api='2018-12-01') as c: 544 c.argument('policy_name', options_list='--policy-name', id_part=None) 545 546 with self.argument_context('network application-gateway waf-policy custom-rule match-condition', 547 min_api='2018-12-01') as c: 548 c.argument('operator', arg_type=get_enum_type(WebApplicationFirewallOperator), help='Operator for matching.') 549 c.argument('negation_condition', 550 options_list='--negate', 551 arg_type=get_three_state_flag(), 552 help='Match the negative of the condition.') 553 c.argument('match_values', 554 options_list='--values', 555 nargs='+', 556 help='Space-separated list of values to match.') 557 c.argument('transforms', 558 arg_type=get_enum_type(WebApplicationFirewallTransform), 559 nargs='+', 560 help='Space-separated list of transforms to apply when matching.') 561 if WebApplicationFirewallMatchVariable: 562 waf_custom_rule_match_variables = list(WebApplicationFirewallMatchVariable) 563 help_string = 'Space-separated list of variables to use when matching. ' \ 564 'Variable values: {}'.format(', '.join(waf_custom_rule_match_variables)) 565 c.argument('match_variables', nargs='+', help=help_string, validator=validate_match_variables) 566 c.argument('index', type=int, help='Index of the match condition to remove.') 567 568 with self.argument_context('network application-gateway waf-policy custom-rule match-condition list', min_api='2018-12-01') as c: 569 c.argument('policy_name', options_list='--policy-name', id_part=None) 570 571 with self.argument_context('network application-gateway waf-policy managed-rule') as c: 572 c.argument('policy_name', options_list='--policy-name', id_part=None, 573 help='The name of the web application firewall policy.') 574 575 with self.argument_context('network application-gateway waf-policy managed-rule rule-set', 576 min_api='2019-09-01') as c: 577 c.argument('rule_group_name', 578 options_list='--group-name', 579 help='The name of the web application firewall rule set group.') 580 c.argument('rules', nargs='+', help='List of rules that will be disabled. If provided, --group-name must be provided too') 581 582 with self.argument_context('network application-gateway waf-policy managed-rule exclusion', 583 min_api='2019-09-01') as c: 584 c.argument('match_variable', 585 arg_type=get_enum_type(OwaspCrsExclusionEntryMatchVariable), 586 help='The variable to be excluded.') 587 c.argument('selector_match_operator', 588 arg_type=get_enum_type(OwaspCrsExclusionEntrySelectorMatchOperator), 589 help='When matchVariable is a collection, operate on the selector to ' 590 'specify which elements in the collection this exclusion applies to.') 591 c.argument('selector', 592 help='When matchVariable is a collection, operator used to ' 593 'specify which elements in the collection this exclusion applies to.') 594 # region 595 596 # region ApplicationSecurityGroups 597 with self.argument_context('network asg') as c: 598 c.argument('application_security_group_name', name_arg_type, id_part='name', help='The name of the application security group.') 599 # endregion 600 601 # region DDoS Protection Plans 602 with self.argument_context('network ddos-protection') as c: 603 for dest in ['ddos_plan_name', 'ddos_protection_plan_name']: 604 c.argument(dest, name_arg_type, help='Name of the DDoS protection plan.', id_part='name') 605 c.argument('vnets', nargs='*', help='Space-separated list of VNets (name or IDs) to associate with the plan.', validator=get_vnet_validator('vnets')) 606 # endregion 607 608 # region DNS 609 with self.argument_context('network dns') as c: 610 c.argument('record_set_name', name_arg_type, help='The name of the record set, relative to the name of the zone.') 611 c.argument('relative_record_set_name', name_arg_type, help='The name of the record set, relative to the name of the zone.') 612 c.argument('zone_name', options_list=['--zone-name', '-z'], help='The name of the zone.', type=dns_zone_name_type) 613 c.argument('metadata', nargs='+', help='Metadata in space-separated key=value pairs. This overwrites any existing metadata.', validator=validate_metadata) 614 615 with self.argument_context('network dns list-references') as c: 616 c.argument('target_resources', nargs='+', min_api='2018-05-01', help='Space-separated list of resource IDs you wish to query.', validator=validate_subresource_list) 617 618 with self.argument_context('network dns zone') as c: 619 c.argument('zone_name', name_arg_type) 620 c.ignore('location') 621 622 c.argument('zone_type', help='Type of DNS zone to create.', deprecate_info=c.deprecate(), arg_type=get_enum_type(ZoneType)) 623 624 c.argument('registration_vnets', 625 arg_group='Private Zone', 626 nargs='+', 627 help='Space-separated names or IDs of virtual networks that register hostnames in this DNS zone. ' 628 'Number of private DNS zones with virtual network auto-registration enabled is 1. ' 629 'If you need to increase this limit, please contact Azure Support: ' 630 'https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits', 631 validator=get_vnet_validator('registration_vnets')) 632 c.argument('resolution_vnets', 633 arg_group='Private Zone', 634 nargs='+', 635 help='Space-separated names or IDs of virtual networks that resolve records in this DNS zone.', 636 validator=get_vnet_validator('resolution_vnets')) 637 638 with self.argument_context('network dns zone import') as c: 639 c.argument('file_name', options_list=['--file-name', '-f'], type=file_type, completer=FilesCompleter(), help='Path to the DNS zone file to import') 640 641 with self.argument_context('network dns zone export') as c: 642 c.argument('file_name', options_list=['--file-name', '-f'], type=file_type, completer=FilesCompleter(), help='Path to the DNS zone file to save') 643 644 with self.argument_context('network dns zone update') as c: 645 c.ignore('if_none_match') 646 647 with self.argument_context('network dns zone create') as c: 648 c.argument('parent_zone_name', options_list=['--parent-name', '-p'], help='Specify if parent zone exists for this zone and delegation for the child zone in the parent is to be added.') 649 650 with self.argument_context('network dns record-set') as c: 651 c.argument('target_resource', min_api='2018-05-01', help='ID of an Azure resource from which the DNS resource value is taken.') 652 for item in ['record_type', 'record_set_type']: 653 c.argument(item, ignore_type, validator=validate_dns_record_type) 654 655 for item in ['', 'a', 'aaaa', 'caa', 'cname', 'mx', 'ns', 'ptr', 'srv', 'txt']: 656 with self.argument_context('network dns record-set {} create'.format(item)) as c: 657 c.argument('ttl', help='Record set TTL (time-to-live)') 658 c.argument('if_none_match', help='Create the record set only if it does not already exist.', action='store_true') 659 660 for item in ['a', 'aaaa', 'caa', 'cname', 'mx', 'ns', 'ptr', 'srv', 'txt']: 661 with self.argument_context('network dns record-set {} add-record'.format(item)) as c: 662 c.argument('ttl', type=int, help='Record set TTL (time-to-live)') 663 c.argument('record_set_name', 664 options_list=['--record-set-name', '-n'], 665 help='The name of the record set relative to the zone. ' 666 'Creates a new record set if one does not exist.') 667 c.argument('if_none_match', help='Create the record set only if it does not already exist.', 668 action='store_true') 669 670 with self.argument_context('network dns record-set {} remove-record'.format(item)) as c: 671 c.argument('record_set_name', options_list=['--record-set-name', '-n'], help='The name of the record set relative to the zone.') 672 c.argument('keep_empty_record_set', action='store_true', help='Keep the empty record set if the last record is removed.') 673 674 with self.argument_context('network dns record-set cname set-record') as c: 675 c.argument('record_set_name', options_list=['--record-set-name', '-n'], help='The name of the record set relative to the zone. Creates a new record set if one does not exist.') 676 c.argument('ttl', help='Record set TTL (time-to-live)') 677 c.argument('if_none_match', help='Create the record set only if it does not already exist.', 678 action='store_true') 679 680 with self.argument_context('network dns record-set soa') as c: 681 c.argument('relative_record_set_name', ignore_type, default='@') 682 c.argument('if_none_match', help='Create the record set only if it does not already exist.', 683 action='store_true') 684 685 with self.argument_context('network dns record-set a') as c: 686 c.argument('ipv4_address', options_list=['--ipv4-address', '-a'], help='IPv4 address in string notation.') 687 688 with self.argument_context('network dns record-set aaaa') as c: 689 c.argument('ipv6_address', options_list=['--ipv6-address', '-a'], help='IPv6 address in string notation.') 690 691 with self.argument_context('network dns record-set caa') as c: 692 c.argument('value', help='Value of the CAA record.') 693 c.argument('flags', help='Integer flags for the record.', type=int) 694 c.argument('tag', help='Record tag') 695 696 with self.argument_context('network dns record-set cname') as c: 697 c.argument('cname', options_list=['--cname', '-c'], help='Value of the cname record-set. It should be Canonical name.') 698 699 with self.argument_context('network dns record-set mx') as c: 700 c.argument('exchange', options_list=['--exchange', '-e'], help='Exchange metric.') 701 c.argument('preference', options_list=['--preference', '-p'], help='Preference metric.') 702 703 with self.argument_context('network dns record-set ns') as c: 704 c.argument('dname', options_list=['--nsdname', '-d'], help='Name server domain name.') 705 706 with self.argument_context('network dns record-set ns add-record') as c: 707 c.argument('subscription_id', options_list=['--subscriptionid', '-s'], help='Subscription id to add name server record') 708 c.ignore('_subscription') 709 710 with self.argument_context('network dns record-set ptr') as c: 711 c.argument('dname', options_list=['--ptrdname', '-d'], help='PTR target domain name.') 712 713 with self.argument_context('network dns record-set soa') as c: 714 c.argument('host', options_list=['--host', '-t'], help='Host name.') 715 c.argument('email', options_list=['--email', '-e'], help='Email address.') 716 c.argument('expire_time', options_list=['--expire-time', '-x'], help='Expire time (seconds).') 717 c.argument('minimum_ttl', options_list=['--minimum-ttl', '-m'], help='Minimum TTL (time-to-live, seconds).') 718 c.argument('refresh_time', options_list=['--refresh-time', '-f'], help='Refresh value (seconds).') 719 c.argument('retry_time', options_list=['--retry-time', '-r'], help='Retry time (seconds).') 720 c.argument('serial_number', options_list=['--serial-number', '-s'], help='Serial number.') 721 722 with self.argument_context('network dns record-set srv') as c: 723 c.argument('priority', type=int, options_list=['--priority', '-p'], help='Priority metric.') 724 c.argument('weight', type=int, options_list=['--weight', '-w'], help='Weight metric.') 725 c.argument('port', type=int, options_list=['--port', '-r'], help='Service port.') 726 c.argument('target', options_list=['--target', '-t'], help='Target domain name.') 727 728 with self.argument_context('network dns record-set txt') as c: 729 c.argument('value', options_list=['--value', '-v'], nargs='+', help='Space-separated list of text values which will be concatenated together.') 730 731 # endregion 732 733 # region ExpressRoutes 734 device_path_values = ['primary', 'secondary'] 735 er_circuit_name_type = CLIArgumentType(options_list='--circuit-name', metavar='NAME', help='ExpressRoute circuit name.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/expressRouteCircuits')) 736 er_gateway_name_type = CLIArgumentType(options_list='--gateway-name', metavar='NAME', help='ExpressRoute gateway name.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/expressRouteGateways')) 737 er_port_name_type = CLIArgumentType(options_list='--port-name', metavar='NAME', help='ExpressRoute port name.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/expressRoutePorts')) 738 er_bandwidth_type = CLIArgumentType(options_list='--bandwidth', nargs='+') 739 sku_family_type = CLIArgumentType(help='Chosen SKU family of ExpressRoute circuit.', arg_type=get_enum_type(ExpressRouteCircuitSkuFamily), default=ExpressRouteCircuitSkuFamily.metered_data.value) 740 sku_tier_type = CLIArgumentType(help='SKU Tier of ExpressRoute circuit.', arg_type=get_enum_type(ExpressRouteCircuitSkuTier), default=ExpressRouteCircuitSkuTier.standard.value) 741 with self.argument_context('network express-route') as c: 742 c.argument('circuit_name', circuit_name_type, options_list=['--name', '-n']) 743 c.argument('sku_family', sku_family_type) 744 c.argument('sku_tier', sku_tier_type) 745 c.argument('bandwidth_in_mbps', er_bandwidth_type, validator=bandwidth_validator_factory(mbps=True), help='Bandwidth of the circuit. Usage: INT {Mbps,Gbps}. Defaults to Mbps') 746 c.argument('service_provider_name', options_list='--provider', help="Name of the ExpressRoute Service Provider.") 747 c.argument('peering_location', help="Name of the peering location.") 748 c.argument('peering_name', help='The name of the peering') 749 c.argument('device_path', options_list='--path', arg_type=get_enum_type(device_path_values), 750 help='The path of the device') 751 c.argument('vlan_id', type=int) 752 c.argument('allow_global_reach', arg_type=get_three_state_flag(), min_api='2018-07-01', help='Enable global reach on the circuit.') 753 c.argument('express_route_port', help='Name or ID of an ExpressRoute port.', min_api='2018-08-01', validator=validate_express_route_port) 754 c.argument('allow_classic_operations', arg_type=get_three_state_flag(), min_api='2017-10-01', help='Allow classic operations.') 755 756 with self.argument_context('network express-route update') as c: 757 c.argument('sku_family', sku_family_type, default=None) 758 c.argument('sku_tier', sku_tier_type, default=None) 759 760 with self.argument_context('network express-route auth') as c: 761 c.argument('circuit_name', circuit_name_type) 762 c.argument('authorization_name', name_arg_type, id_part='child_name_1', help='Authorization name') 763 764 with self.argument_context('network express-route auth create') as c: 765 c.argument('authorization_parameters', ignore_type) 766 c.extra('cmd') 767 768 with self.argument_context('network express-route peering') as c: 769 # Using six.integer_types so we get int for Py3 and long for Py2 770 c.argument('peer_asn', help='Autonomous system number of the customer/connectivity provider.', type=six.integer_types[-1]) 771 c.argument('vlan_id', help='Identifier used to identify the customer.') 772 c.argument('circuit_name', circuit_name_type) 773 c.argument('peering_name', name_arg_type, id_part='child_name_1') 774 c.argument('peering_type', validator=validate_peering_type, arg_type=get_enum_type(ExpressRoutePeeringType), help='BGP peering type for the circuit.') 775 c.argument('sku_family', arg_type=get_enum_type(ExpressRouteCircuitSkuFamily)) 776 c.argument('sku_tier', arg_type=get_enum_type(ExpressRouteCircuitSkuTier)) 777 c.argument('primary_peer_address_prefix', options_list=['--primary-peer-subnet'], help='/30(ipv4) or /126(ipv6) subnet used to configure IP addresses for primary interface.') 778 c.argument('secondary_peer_address_prefix', options_list=['--secondary-peer-subnet'], help='/30(ipv4) or /126(ipv6) subnet used to configure IP addresses for secondary interface.') 779 c.argument('shared_key', help='Key for generating an MD5 for the BGP session.') 780 781 with self.argument_context('network express-route peering', arg_group='Microsoft Peering') as c: 782 c.argument('ip_version', min_api='2017-06-01', help='The IP version to update Microsoft Peering settings for.', arg_type=get_enum_type(['IPv4', 'IPv6'])) 783 c.argument('advertised_public_prefixes', nargs='+', help='Space-separated list of prefixes to be advertised through the BGP peering.') 784 c.argument('customer_asn', help='Autonomous system number of the customer.') 785 c.argument('routing_registry_name', arg_type=get_enum_type(routing_registry_values), help='Internet Routing Registry / Regional Internet Registry') 786 c.argument('route_filter', min_api='2016-12-01', help='Name or ID of a route filter to apply to the peering settings.', validator=validate_route_filter) 787 c.argument('legacy_mode', min_api='2017-10-01', type=int, help='Integer representing the legacy mode of the peering.') 788 789 with self.argument_context('network express-route peering connection') as c: 790 c.argument('authorization_key', help='The authorization key used when the peer circuit is in another subscription.') 791 c.argument('address_prefix', help='/29 IP address space to carve out customer addresses for tunnels.') 792 c.argument('peering_name', options_list=['--peering-name'], help='Name of BGP peering (i.e. AzurePrivatePeering).', id_part='child_name_1') 793 c.argument('connection_name', options_list=['--name', '-n'], help='Name of the peering connection.', id_part='child_name_2') 794 c.argument('peer_circuit', help='Name or ID of the peer ExpressRoute circuit.', validator=validate_er_peer_circuit) 795 796 with self.argument_context('network express-route peering connection list') as c: 797 c.argument('circuit_name', id_part=None) 798 c.argument('peering_name', id_part=None) 799 800 with self.argument_context('network express-route peering peer-connection') as c: 801 c.argument('circuit_name', circuit_name_type, id_part=None) 802 c.argument('peering_name', options_list=['--peering-name'], help='Name of BGP peering (i.e. AzurePrivatePeering).', id_part=None) 803 c.argument('connection_name', options_list=['--name', '-n'], help='Name of the peering peer-connection.', id_part=None) 804 # endregion 805 806 # region ExpressRoute Gateways 807 with self.argument_context('network express-route gateway', min_api='2018-08-01') as c: 808 c.argument('express_route_gateway_name', er_gateway_name_type, options_list=['--name', '-n']) 809 c.argument('min_val', help='Minimum number of scale units deployed for gateway.', type=int, arg_group='Autoscale') 810 c.argument('max_val', help='Maximum number of scale units deployed for gateway.', type=int, arg_group='Autoscale') 811 c.argument('virtual_hub', help='Name or ID of the virtual hub to associate with the gateway.', validator=validate_virtual_hub) 812 813 with self.argument_context('network express-route gateway connection', min_api='2018-08-01') as c: 814 c.argument('express_route_gateway_name', er_gateway_name_type) 815 c.argument('connection_name', options_list=['--name', '-n'], help='ExpressRoute connection name.', id_part='child_name_1') 816 c.argument('routing_weight', help='Routing weight associated with the connection.', type=int) 817 c.argument('authorization_key', help='Authorization key to establish the connection.') 818 c.argument('enable_internet_security', options_list='--internet-security', arg_type=get_three_state_flag(), help='Enable internet security. A virtual hub can have the ability to propagate a learned default route to this ExpressRoute connection. This ref https://review.docs.microsoft.com/en-us/azure/virtual-wan/effective-routes-virtual-hub?branch=pr-en-us-91866#aboutdefaultroute might be helpful.', min_api='2019-09-01') 819 820 with self.argument_context('network express-route gateway connection', arg_group='Peering', min_api='2018-08-01') as c: 821 c.argument('peering', help='Name or ID of an ExpressRoute peering.', validator=validate_express_route_peering) 822 c.argument('circuit_name', er_circuit_name_type, id_part=None) 823 824 with self.argument_context('network express-route gateway connection', arg_group='Routing Configuration', min_api='2020-04-01', is_preview=True) as c: 825 c.argument('associated_route_table', options_list=['--associated', '--associated-route-table'], help='The resource id of route table associated with this routing configuration.') 826 c.argument('propagated_route_tables', options_list=['--propagated', '--propagated-route-tables'], nargs='+', help='Space-separated list of resource id of propagated route tables.') 827 c.argument('labels', nargs='+', help='Space-separated list of labels for propagated route tables.') 828 829 with self.argument_context('network express-route gateway connection list', min_api='2018-08-01') as c: 830 c.argument('express_route_gateway_name', er_gateway_name_type, id_part=None) 831 832 with self.argument_context('network express-route port', min_api='2018-08-01') as c: 833 c.argument('express_route_port_name', er_port_name_type, options_list=['--name', '-n']) 834 c.argument('encapsulation', arg_type=get_enum_type(ExpressRoutePortsEncapsulation), help='Encapsulation method on physical ports.') 835 c.argument('bandwidth_in_gbps', er_bandwidth_type, validator=bandwidth_validator_factory(mbps=False), 836 help='Bandwidth of the circuit. Usage: INT {Mbps,Gbps}. Defaults to Gbps') 837 c.argument('peering_location', help='The name of the peering location that the port is mapped to physically.') 838 839 with self.argument_context('network express-route port generate-loa', min_api='2020-06-01') as c: 840 c.argument('customer_name', help='The customer name') 841 c.argument('file_path', 842 options_list=['--file', '-f'], 843 help="Directory or the file path of the letter to be saved to. If the file name extension is not .pdf, Azure CLI will help to append. " 844 "Be careful, the existing file might get overwritten") 845 846 with self.argument_context('network express-route port link', min_api='2018-08-01') as c: 847 c.argument('express_route_port_name', er_port_name_type) 848 c.argument('link_name', options_list=['--name', '-n'], id_part='child_name_1', 849 help='The link name of the ExpressRoute Port') 850 851 with self.argument_context('network express-route port link list', min_api='2018-08-01') as c: 852 c.argument('express_route_port_name', er_port_name_type, id_part=None) 853 854 with self.argument_context('network express-route port link update', min_api='2019-08-01') as c: 855 c.argument('admin_state', 856 arg_type=get_three_state_flag(positive_label='Enabled', negative_label='Disabled', return_label=True), 857 help='Enable/Disable administrative state of an ExpressRoute Link') 858 859 with self.argument_context('network express-route port link update', arg_group='MACsec', min_api='2019-08-01') as c: 860 c.argument('macsec_cak_secret_identifier', 861 help='The connectivity association key (CAK) ID that stored in the KeyVault.') 862 c.argument('macsec_ckn_secret_identifier', 863 help='The connectivity key name (CKN) that stored in the KeyVault.') 864 c.argument('macsec_cipher', arg_type=express_route_link_macsec_cipher_type, help='Cipher Method') 865 c.argument('macsec_sci_state', arg_type=get_three_state_flag(positive_label='Enabled', negative_label='Disabled', return_label=True), help='Sci mode', min_api='2020-06-01') 866 867 with self.argument_context('network express-route port location', min_api='2018-08-01') as c: 868 c.argument('location_name', options_list=['--location', '-l']) 869 870 with self.argument_context('network express-route port identity assign', arg_group='Identity', min_api='2019-08-01') as c: 871 c.argument('user_assigned_identity', options_list='--identity', 872 help="Name or ID of the ManagedIdentity Resource", validator=validate_user_assigned_identity) 873 # endregion 874 875 # region PrivateEndpoint 876 private_endpoint_name = CLIArgumentType(options_list='--endpoint-name', id_part='name', help='Name of the private endpoint.', completer=get_resource_name_completion_list('Microsoft.Network/interfaceEndpoints')) 877 878 with self.argument_context('network private-endpoint') as c: 879 c.argument('private_endpoint_name', private_endpoint_name, options_list=['--name', '-n']) 880 c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group) 881 subnet_help = get_folded_parameter_help_string('subnet', other_required_option='--vnet-name') + ' and do not specify the --vnet-name' 882 c.argument('subnet', validator=get_subnet_validator(), help=subnet_help, id_part=None) 883 c.argument('virtual_network_name', help='The virtual network (VNet) associated with the subnet (Omit if supplying a subnet id).', metavar='', id_part=None) 884 c.argument('private_connection_resource_id', help='The resource id of the private endpoint to connect to') 885 c.argument('group_ids', nargs='+', options_list=[c.deprecate(target='--group-ids', redirect='--group-id'), '--group-id'], 886 help='The ID of the group obtained from the remote resource that this private endpoint should connect to. ' 887 'You can use "az network private-link-resource list" to obtain the supported group ids. You must provide this except for PrivateLinkService') 888 c.argument('request_message', help='A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars.') 889 c.argument('manual_request', help="Use manual request to establish the connection. Configure it as 'true' when you don't have access to the subscription of private link service.", arg_type=get_three_state_flag()) 890 c.argument('connection_name', help='Name of the private link service connection.') 891 c.ignore('expand') 892 c.argument('edge_zone', edge_zone) 893 894 with self.argument_context('network private-endpoint dns-zone-group') as c: 895 c.argument('private_dns_zone', help='Name or ID of the private dns zone.', validator=validate_private_dns_zone) 896 c.argument('private_dns_zone_name', options_list=['--zone-name'], help='Name of the private dns zone.') 897 c.argument('private_dns_zone_group_name', options_list=['--name', '-n'], help='Name of the private dns zone group.') 898 c.argument('private_endpoint_name', private_endpoint_name, id_part=None) 899 # endregion 900 901 # region PrivateLinkService 902 service_name = CLIArgumentType(options_list='--service-name', id_part='name', help='Name of the private link service.', completer=get_resource_name_completion_list('Microsoft.Network/privateLinkServices')) 903 with self.argument_context('network private-link-service') as c: 904 c.argument('service_name', service_name, options_list=['--name', '-n']) 905 c.argument('auto_approval', nargs='+', help='Space-separated list of subscription IDs to auto-approve.', validator=get_subscription_list_validator('auto_approval', 'PrivateLinkServicePropertiesAutoApproval')) 906 c.argument('visibility', nargs='+', help='Space-separated list of subscription IDs for which the private link service is visible.', validator=get_subscription_list_validator('visibility', 'PrivateLinkServicePropertiesVisibility')) 907 c.argument('frontend_ip_configurations', nargs='+', options_list='--lb-frontend-ip-configs', help='Space-separated list of names or IDs of load balancer frontend IP configurations to link to. If names are used, also supply `--lb-name`.', validator=validate_frontend_ip_configs) 908 c.argument('load_balancer_name', options_list='--lb-name', help='Name of the load balancer to retrieve frontend IP configs from. Ignored if a frontend IP configuration ID is supplied.') 909 c.argument('private_endpoint_connections', nargs='+', help='Space-separated list of private endpoint connections.') 910 c.argument('fqdns', nargs='+', help='Space-separated list of FQDNs.') 911 c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group) 912 c.argument('enable_proxy_protocol', help='Enable proxy protocol for private link service.', arg_type=get_three_state_flag(), min_api='2019-09-01') 913 c.argument('edge_zone', edge_zone) 914 915 with self.argument_context('network private-link-service', arg_group='IP Configuration') as c: 916 c.argument('private_ip_address', private_ip_address_type) 917 c.argument('private_ip_allocation_method', help='Private IP address allocation method', arg_type=get_enum_type(IPAllocationMethod)) 918 c.argument('private_ip_address_version', help='IP version of the private IP address.', arg_type=get_enum_type(IPVersion, 'ipv4')) 919 c.argument('public_ip_address', help='Name or ID of the a public IP address to use.', completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses'), validator=get_public_ip_validator()) 920 c.argument('subnet', help='Name or ID of subnet to use. If name provided, also supply `--vnet-name`.', validator=get_subnet_validator()) 921 c.argument('virtual_network_name', options_list='--vnet-name') 922 923 with self.argument_context('network private-link-service connection') as c: 924 c.argument('service_name', service_name, id_part=None) 925 c.argument('pe_connection_name', help='Name of the private endpoint connection. List them by using "az network private-link-service show".', options_list=['--name', '-n']) 926 c.argument('action_required', help='A message indicating if changes on the service provider require any updates on the consumer.') 927 c.argument('description', help='The reason for approval/rejection of the connection.') 928 c.argument('connection_status', help='Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.', arg_type=get_enum_type(['Approved', 'Rejected', 'Removed'])) 929 930 with self.argument_context('network private-link-service ip-configs') as c: 931 c.argument('service_name', service_name) 932 c.argument('ip_config_name', help='Name of the ip configuration.', options_list=['--name', '-n']) 933 c.argument('virtual_network_name', id_part=None) 934 # endregion 935 936 # region LoadBalancers 937 with self.argument_context('network lb rule create') as c: 938 c.argument('backend_address_pool_name', help='The name of the backend address pool. {}'.format(default_existing)) 939 c.argument('frontend_ip_name', help='The name of the frontend IP configuration. {}'.format(default_existing)) 940 941 for item in ['rule', 'pool']: 942 with self.argument_context('network lb inbound-nat-{} create'.format(item)) as c: 943 c.argument('frontend_ip_name', help='The name of the frontend IP configuration. {}'.format(default_existing)) 944 945 lb_subresources = [ 946 {'name': 'address-pool', 'display': 'backend address pool', 'ref': 'backend_address_pools'}, 947 {'name': 'frontend-ip', 'display': 'frontend IP configuration', 'ref': 'frontend_ip_configurations'}, 948 {'name': 'inbound-nat-rule', 'display': 'inbound NAT rule', 'ref': 'inbound_nat_rules'}, 949 {'name': 'inbound-nat-pool', 'display': 'inbound NAT pool', 'ref': 'inbound_nat_pools'}, 950 {'name': 'rule', 'display': 'load balancing rule', 'ref': 'load_balancing_rules'}, 951 {'name': 'probe', 'display': 'probe', 'ref': 'probes'}, 952 {'name': 'outbound-rule', 'display': 'outbound rule', 'ref': 'outbound_rules'}, 953 ] 954 for item in lb_subresources: 955 with self.argument_context('network lb {}'.format(item['name'])) as c: 956 c.argument('item_name', options_list=['--name', '-n'], help='The name of the {}'.format(item['display']), completer=get_lb_subresource_completion_list(item['ref']), id_part='child_name_1') 957 c.argument('resource_name', options_list='--lb-name', help='The name of the load balancer.', completer=get_resource_name_completion_list('Microsoft.Network/loadBalancers')) 958 c.argument('load_balancer_name', load_balancer_name_type) 959 960 with self.argument_context('network lb') as c: 961 c.argument('load_balancer_name', load_balancer_name_type, options_list=['--name', '-n']) 962 c.argument('frontend_port', help='Port number') 963 c.argument('frontend_port_range_start', help='Port number') 964 c.argument('frontend_port_range_end', help='Port number') 965 c.argument('backend_port', help='Port number') 966 c.argument('frontend_ip_name', help='The name of the frontend IP configuration.', completer=get_lb_subresource_completion_list('frontend_ip_configurations')) 967 c.argument('floating_ip', help='Enable floating IP.', arg_type=get_three_state_flag()) 968 c.argument('idle_timeout', help='Idle timeout in minutes.', type=int) 969 c.argument('protocol', help='Network transport protocol.', arg_type=get_enum_type(TransportProtocol)) 970 c.argument('private_ip_address_version', min_api='2019-04-01', help='The private IP address version to use.', default=IPVersion.I_PV4.value if IPVersion else '') 971 for item in ['backend_pool_name', 'backend_address_pool_name']: 972 c.argument(item, options_list='--backend-pool-name', help='The name of the backend address pool.', completer=get_lb_subresource_completion_list('backend_address_pools')) 973 974 with self.argument_context('network lb create') as c: 975 c.argument('frontend_ip_zone', zone_type, min_api='2017-06-01', options_list=['--frontend-ip-zone'], help='used to create internal facing Load balancer') 976 c.argument('validate', help='Generate and validate the ARM template without creating any resources.', action='store_true') 977 c.argument('sku', min_api='2017-08-01', help='Load balancer SKU', arg_type=get_enum_type(LoadBalancerSkuName, default='basic')) 978 c.argument('edge_zone', edge_zone) 979 980 with self.argument_context('network lb create', arg_group='Public IP') as c: 981 public_ip_help = get_folded_parameter_help_string('public IP address', allow_none=True, allow_new=True) 982 c.argument('public_ip_address', help=public_ip_help, completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses')) 983 c.argument('public_ip_address_allocation', help='IP allocation method.', arg_type=get_enum_type(IPAllocationMethod)) 984 c.argument('public_ip_dns_name', help='Globally unique DNS name for a new public IP.') 985 c.argument('public_ip_zone', zone_type, min_api='2017-06-01', options_list=['--public-ip-zone'], help='used to created a new public ip for the load balancer, a.k.a public facing Load balancer') 986 c.ignore('public_ip_address_type') 987 988 with self.argument_context('network lb create', arg_group='Subnet') as c: 989 subnet_help = get_folded_parameter_help_string('subnet', other_required_option='--vnet-name', allow_new=True, allow_none=True, default_none=True) 990 c.argument('subnet', help=subnet_help, completer=subnet_completion_list) 991 c.argument('subnet_address_prefix', help='The CIDR address prefix to use when creating a new subnet.') 992 c.argument('virtual_network_name', virtual_network_name_type) 993 c.argument('vnet_address_prefix', help='The CIDR address prefix to use when creating a new VNet.') 994 c.ignore('vnet_type', 'subnet_type') 995 996 with self.argument_context('network lb address-pool') as c: 997 c.argument('load_balancer_name', load_balancer_name_type, id_part=None) 998 c.argument('backend_address_pool_name', 999 options_list=['--name', '-n'], 1000 help='The name of the backend address pool. {}'.format(default_existing)) 1001 c.argument('backend_addresses', options_list=['--backend-address'], nargs='+', action=AddBackendAddressCreate, is_preview=True) 1002 c.argument('backend_addresses_config_file', type=get_json_object, is_preview=True) 1003 c.argument('vnet', help='Name or Id of the virtual network applied to all backend addresses.', validator=process_vnet_name_or_id) 1004 1005 with self.argument_context('network lb address-pool address') as c: 1006 c.argument('backend_address_pool_name', 1007 options_list=['--pool-name'], 1008 help='The name of the backend address pool. {}'.format(default_existing)) 1009 c.argument('address_name', options_list=['--name', '-n'], help='Name of the backend address.') 1010 c.argument('vnet', help='Name or Id of the virtual network.', validator=process_vnet_name_or_id) 1011 c.argument('ip_address', help='Ip Address within the Virtual Network.') 1012 c.argument('subnet', help='Name or Id of the existing subnet.(If name is provided, vnet is also required;If id, vnet is not required)', min_api='2020-11-01') 1013 1014 with self.argument_context('network lb address-pool tunnel-interface', min_api='2021-02-01') as c: 1015 c.argument('backend_address_pool_name', options_list=['--address-pool'], help='The name of the backend address pool. {}'.format(default_existing)) 1016 c.argument('protocol', arg_type=get_enum_type(GatewayLoadBalancerTunnelProtocol), help='Protocol of gateway load balancer tunnel interface.') 1017 c.argument('identifier', help='Identifier of gateway load balancer tunnel interface.', type=int) 1018 c.argument('port', help='Port of gateway load balancer tunnel interface.') 1019 c.argument('traffic_type', options_list='--type', arg_type=get_enum_type(GatewayLoadBalancerTunnelInterfaceType), help='Traffic type of gateway load balancer tunnel interface.') 1020 c.argument('index', type=int, help='Index of the tunnel interfaces to change') 1021 1022 with self.argument_context('network lb frontend-ip') as c: 1023 c.argument('zone', zone_type, min_api='2017-06-01', max_api='2020-07-01') 1024 c.argument('zone', zone_compatible_type, min_api='2020-08-01') 1025 1026 for item in ['create', 'update']: 1027 with self.argument_context('network lb frontend-ip {}'.format(item)) as c: 1028 c.argument('public_ip_address', help='Name or ID of the existing public IP to associate with the configuration.') 1029 c.argument('subnet', help='Name or ID of an existing subnet. If name is specified, also specify --vnet-name.') 1030 c.argument('virtual_network_name', virtual_network_name_type, help='The virtual network (VNet) associated with the subnet (Omit if supplying a subnet id).', id_part=None, metavar='') 1031 c.ignore('private_ip_address_allocation') 1032 1033 with self.argument_context('network lb frontend-ip create') as c: 1034 c.argument('private_ip_address', help='Static private IP address to associate with the configuration.') 1035 1036 with self.argument_context('network lb frontend-ip update') as c: 1037 c.argument('private_ip_address', help='Static private IP address to associate with the configuration. Use ""(\'""\' in PowerShell) to remove the static address and use a dynamic address instead.') 1038 c.argument('gateway_lb', gateway_lb) 1039 1040 with self.argument_context('network lb probe') as c: 1041 c.argument('interval', help='Probing time interval in seconds.') 1042 c.argument('path', help='The endpoint to interrogate (http only).') 1043 c.argument('port', help='The port to interrogate.') 1044 c.argument('protocol', help='The protocol to probe.', arg_type=get_enum_type(ProbeProtocol)) 1045 c.argument('threshold', help='The number of consecutive probe failures before an instance is deemed unhealthy.') 1046 1047 with self.argument_context('network lb outbound-rule') as c: 1048 c.argument('backend_address_pool', options_list='--address-pool', help='Name or ID of the backend address pool.') 1049 c.argument('frontend_ip_configurations', options_list='--frontend-ip-configs', help='Space-separated list of frontend IP configuration names or IDs.', nargs='+') 1050 c.argument('protocol', arg_type=get_enum_type(TransportProtocol), help='Network transport protocol.') 1051 c.argument('outbound_ports', type=int, help='The number of outbound ports to be used for NAT.') 1052 1053 with self.argument_context('network lb rule') as c: 1054 c.argument('load_distribution', help='Affinity rule settings.', arg_type=get_enum_type(LoadDistribution)) 1055 c.argument('probe_name', help='Name of an existing probe to associate with this rule.') 1056 c.argument('disable_outbound_snat', min_api='2018-08-01', help='Configures SNAT for the VMs in the backend pool to use the publicIP address specified in the frontend of the load balancing rule.', arg_type=get_three_state_flag()) 1057 c.argument('backend_pools_name', nargs='+', help='List of name of the backend address pool', min_api='2021-02-01', is_preview=True) 1058 # endregion 1059 1060 # region cross-region load balancer 1061 with self.argument_context('network cross-region-lb rule create') as c: 1062 c.argument('backend_address_pool_name', 1063 help='The name of the backend address pool. {}'.format(default_existing)) 1064 c.argument('frontend_ip_name', help='The name of the frontend IP configuration. {}'.format(default_existing)) 1065 1066 cross_region_lb_subresources = [ 1067 {'name': 'address-pool', 'display': 'backend address pool', 'ref': 'backend_address_pools'}, 1068 {'name': 'frontend-ip', 'display': 'frontend IP configuration', 'ref': 'frontend_ip_configurations'}, 1069 {'name': 'rule', 'display': 'load balancing rule', 'ref': 'load_balancing_rules'}, 1070 {'name': 'probe', 'display': 'probe', 'ref': 'probes'}, 1071 ] 1072 for item in cross_region_lb_subresources: 1073 with self.argument_context('network cross-region-lb {}'.format(item['name'])) as c: 1074 c.argument('item_name', options_list=['--name', '-n'], help='The name of the {}'.format(item['display']), 1075 completer=get_lb_subresource_completion_list(item['ref']), id_part='child_name_1') 1076 c.argument('resource_name', options_list='--lb-name', help='The name of the load balancer.', 1077 completer=get_resource_name_completion_list('Microsoft.Network/loadBalancers')) 1078 c.argument('load_balancer_name', load_balancer_name_type) 1079 1080 with self.argument_context('network cross-region-lb') as c: 1081 c.argument('load_balancer_name', load_balancer_name_type, options_list=['--name', '-n']) 1082 c.argument('frontend_port', help='Port number') 1083 c.argument('frontend_port_range_start', help='Port number') 1084 c.argument('frontend_port_range_end', help='Port number') 1085 c.argument('backend_port', help='Port number') 1086 c.argument('frontend_ip_name', help='The name of the frontend IP configuration.', 1087 completer=get_lb_subresource_completion_list('frontend_ip_configurations')) 1088 c.argument('floating_ip', help='Enable floating IP.', arg_type=get_three_state_flag()) 1089 c.argument('idle_timeout', help='Idle timeout in minutes.', type=int) 1090 c.argument('protocol', help='Network transport protocol.', arg_type=get_enum_type(TransportProtocol)) 1091 for item in ['backend_pool_name', 'backend_address_pool_name']: 1092 c.argument(item, options_list='--backend-pool-name', help='The name of the backend address pool.', 1093 completer=get_lb_subresource_completion_list('backend_address_pools')) 1094 1095 with self.argument_context('network cross-region-lb create') as c: 1096 c.argument('frontend_ip_zone', zone_type, min_api='2017-06-01', options_list=['--frontend-ip-zone'], 1097 help='used to create internal facing Load balancer') 1098 c.argument('validate', help='Generate and validate the ARM template without creating any resources.', 1099 action='store_true') 1100 1101 with self.argument_context('network cross-region-lb create', arg_group='Public IP') as c: 1102 public_ip_help = get_folded_parameter_help_string('public IP address', allow_none=True, allow_new=True) 1103 c.argument('public_ip_address', help=public_ip_help, 1104 completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses')) 1105 c.argument('public_ip_address_allocation', options_list=['--public-ip-address-allocation', '--address-allocation'], help='IP allocation method.', 1106 arg_type=get_enum_type(IPAllocationMethod)) 1107 c.argument('public_ip_dns_name', help='Globally unique DNS name for a new public IP.') 1108 c.argument('public_ip_zone', zone_type, min_api='2017-06-01', options_list=['--public-ip-zone'], 1109 help='used to created a new public ip for the load balancer, a.k.a public facing Load balancer') 1110 c.ignore('public_ip_address_type') 1111 1112 with self.argument_context('network cross-region-lb address-pool') as c: 1113 c.argument('load_balancer_name', load_balancer_name_type, id_part=None) 1114 c.argument('backend_address_pool_name', 1115 options_list=['--name', '-n'], 1116 help='The name of the backend address pool. {}'.format(default_existing)) 1117 c.argument('backend_addresses', options_list=['--backend-address'], nargs='+', action=AddBackendAddressCreateForCrossRegionLB, 1118 is_preview=True) 1119 c.argument('backend_addresses_config_file', options_list=['--backend-addresses-config-file', '--config-file'], type=get_json_object, is_preview=True) 1120 1121 with self.argument_context('network cross-region-lb address-pool address') as c: 1122 c.argument('backend_address_pool_name', 1123 options_list=['--pool-name'], 1124 help='The name of the backend address pool. {}'.format(default_existing)) 1125 c.argument('address_name', options_list=['--name', '-n'], help='Name of the backend address.') 1126 c.argument('frontend_ip_address', help='Resource id of the frontend ip configuration defined in regional loadbalancer.') 1127 1128 with self.argument_context('network cross-region-lb frontend-ip') as c: 1129 c.argument('zone', zone_type, min_api='2017-06-01') 1130 1131 for item in ['create', 'update']: 1132 with self.argument_context('network cross-region-lb frontend-ip {}'.format(item)) as c: 1133 c.argument('public_ip_address', 1134 help='Name or ID of the existing public IP to associate with the configuration.') 1135 1136 with self.argument_context('network cross-region-lb probe') as c: 1137 c.argument('interval', help='Probing time interval in seconds.') 1138 c.argument('path', help='The endpoint to interrogate (http only).') 1139 c.argument('port', help='The port to interrogate.') 1140 c.argument('protocol', help='The protocol to probe.', arg_type=get_enum_type(ProbeProtocol)) 1141 c.argument('threshold', help='The number of consecutive probe failures before an instance is deemed unhealthy.') 1142 1143 with self.argument_context('network cross-region-lb rule') as c: 1144 c.argument('load_distribution', help='Affinity rule settings.', arg_type=get_enum_type(LoadDistribution)) 1145 c.argument('probe_name', help='Name of an existing probe to associate with this rule.') 1146 c.argument('backend_pools_name', nargs='+', help='List of name of the backend address pool', min_api='2021-02-01', is_preview=True) 1147 # endregion 1148 1149 # region LocalGateway 1150 with self.argument_context('network local-gateway') as c: 1151 c.argument('local_network_gateway_name', name_arg_type, help='Name of the local network gateway.', completer=get_resource_name_completion_list('Microsoft.Network/localNetworkGateways'), id_part='name') 1152 c.argument('local_address_prefix', nargs='+', options_list='--local-address-prefixes', help='List of CIDR block prefixes representing the address space of the OnPremise VPN\'s subnet.') 1153 c.argument('gateway_ip_address', help='Gateway\'s public IP address. (e.g. 10.1.1.1).') 1154 c.argument('bgp_peering_address', arg_group='BGP Peering', help='IP address from the OnPremise VPN\'s subnet to use for BGP peering.') 1155 1156 with self.argument_context('network local-gateway create') as c: 1157 c.ignore('use_bgp_settings') 1158 1159 for item in ['local-gateway', 'vnet-gateway']: 1160 with self.argument_context('network {}'.format(item)) as c: 1161 c.argument('asn', type=int, arg_group='BGP Peering', help='Autonomous System Number to use for the BGP settings.') 1162 c.argument('peer_weight', arg_group='BGP Peering', help='Weight (0-100) added to routes learned through BGP peering.') 1163 # endregion 1164 1165 # region NetworkInterfaces (NIC) 1166 with self.argument_context('network nic') as c: 1167 c.argument('enable_accelerated_networking', min_api='2016-09-01', options_list=['--accelerated-networking'], help='Enable accelerated networking.', arg_type=get_three_state_flag()) 1168 c.argument('network_interface_name', nic_type, options_list=['--name', '-n']) 1169 c.argument('internal_dns_name_label', options_list='--internal-dns-name', help='The internal DNS name label.', arg_group='DNS') 1170 c.argument('dns_servers', help='Space-separated list of DNS server IP addresses.', nargs='+', arg_group='DNS') 1171 c.argument('enable_ip_forwarding', options_list='--ip-forwarding', help='Enable IP forwarding.', arg_type=get_three_state_flag()) 1172 1173 with self.argument_context('network nic create') as c: 1174 c.argument('private_ip_address_version', min_api='2016-09-01', help='The private IP address version to use.', default=IPVersion.I_PV4.value if IPVersion else '') 1175 c.argument('network_interface_name', nic_type, options_list=['--name', '-n'], id_part=None) 1176 c.argument('edge_zone', edge_zone) 1177 1178 public_ip_help = get_folded_parameter_help_string('public IP address', allow_none=True, default_none=True) 1179 c.argument('public_ip_address', help=public_ip_help, completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses')) 1180 1181 nsg_help = get_folded_parameter_help_string('network security group', allow_none=True, default_none=True) 1182 c.argument('network_security_group', help=nsg_help, completer=get_resource_name_completion_list('Microsoft.Network/networkSecurityGroups')) 1183 1184 subnet_help = get_folded_parameter_help_string('subnet', other_required_option='--vnet-name', allow_cross_sub=False) 1185 c.argument('subnet', help=subnet_help, completer=subnet_completion_list) 1186 1187 with self.argument_context('network nic update') as c: 1188 c.argument('network_security_group', help='Name or ID of the associated network security group.', validator=get_nsg_validator(), completer=get_resource_name_completion_list('Microsoft.Network/networkSecurityGroups')) 1189 c.argument('dns_servers', help='Space-separated list of DNS server IP addresses. Use ""(\'""\' in PowerShell) to revert to default Azure servers.', nargs='+', arg_group='DNS') 1190 1191 for item in ['create', 'ip-config update', 'ip-config create']: 1192 with self.argument_context('network nic {}'.format(item)) as c: 1193 c.argument('application_security_groups', min_api='2017-09-01', help='Space-separated list of application security groups.', nargs='+', validator=get_asg_validator(self, 'application_security_groups')) 1194 1195 with self.argument_context('network nic {}'.format(item), arg_group='Load Balancer') as c: 1196 c.extra('load_balancer_name', options_list='--lb-name', completer=get_resource_name_completion_list('Microsoft.Network/loadBalancers'), help='The name of the load balancer to use when adding NAT rules or address pools by name (ignored when IDs are specified).') 1197 c.argument('load_balancer_backend_address_pool_ids', options_list='--lb-address-pools', nargs='+', validator=validate_address_pool_id_list, help='Space-separated list of names or IDs of load balancer address pools to associate with the NIC. If names are used, --lb-name must be specified.', completer=get_lb_subresource_completion_list('backendAddressPools')) 1198 c.argument('load_balancer_inbound_nat_rule_ids', options_list='--lb-inbound-nat-rules', nargs='+', validator=validate_inbound_nat_rule_id_list, help='Space-separated list of names or IDs of load balancer inbound NAT rules to associate with the NIC. If names are used, --lb-name must be specified.', completer=get_lb_subresource_completion_list('inboundNatRules')) 1199 1200 with self.argument_context('network nic {}'.format(item), arg_group='Application Gateway') as c: 1201 c.argument('app_gateway_backend_address_pools', options_list='--app-gateway-address-pools', nargs='+', help='Space-separated list of names or IDs of application gateway backend address pools to associate with the NIC. If names are used, --gateway-name must be specified.', validator=validate_ag_address_pools, completer=get_ag_subresource_completion_list('backendAddressPools')) 1202 c.extra('application_gateway_name', app_gateway_name_type, help='The name of the application gateway to use when adding address pools by name (ignored when IDs are specified).') 1203 1204 with self.argument_context('network nic ip-config') as c: 1205 c.argument('network_interface_name', options_list='--nic-name', metavar='NIC_NAME', help='The network interface (NIC).', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/networkInterfaces')) 1206 c.argument('ip_config_name', options_list=['--name', '-n'], metavar='IP_CONFIG_NAME', help='The name of the IP configuration.', id_part='child_name_1') 1207 c.argument('resource_name', options_list='--nic-name', metavar='NIC_NAME', help='The network interface (NIC).', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/networkInterfaces')) 1208 c.argument('item_name', options_list=['--name', '-n'], metavar='IP_CONFIG_NAME', help='The name of the IP configuration.', id_part='child_name_1') 1209 c.argument('subnet', validator=get_subnet_validator(), help='Name or ID of an existing subnet. If name is specified, also specify --vnet-name.') 1210 c.argument('virtual_network_name', help='The virtual network (VNet) associated with the subnet (Omit if supplying a subnet id).', id_part=None, metavar='') 1211 c.argument('public_ip_address', help='Name or ID of the public IP to use.', validator=get_public_ip_validator()) 1212 c.argument('make_primary', action='store_true', help='Set to make this configuration the primary one for the NIC.') 1213 c.argument('private_ip_address', private_ip_address_type, help='Static IP address to use or ""(\'""\' in PowerShell) to use a dynamic address.') 1214 c.argument('gateway_lb', gateway_lb) 1215 1216 with self.argument_context('network nic ip-config address-pool') as c: 1217 c.argument('load_balancer_name', options_list='--lb-name', help='The name of the load balancer containing the address pool (Omit if suppying an address pool ID).', completer=get_resource_name_completion_list('Microsoft.Network/loadBalancers')) 1218 c.argument('application_gateway_name', app_gateway_name_type, help='The name of an application gateway containing the address pool (Omit if suppying an address pool ID).', id_part=None) 1219 c.argument('backend_address_pool', options_list='--address-pool', help='The name or ID of an existing backend address pool.', validator=validate_address_pool_name_or_id) 1220 1221 with self.argument_context('network nic ip-config inbound-nat-rule') as c: 1222 c.argument('load_balancer_name', options_list='--lb-name', help='The name of the load balancer associated with the NAT rule (Omit if suppying a NAT rule ID).', completer=get_resource_name_completion_list('Microsoft.Network/loadBalancers')) 1223 c.argument('inbound_nat_rule', options_list='--inbound-nat-rule', help='The name or ID of an existing inbound NAT rule.', validator=validate_inbound_nat_rule_name_or_id) 1224 1225 for item in ['address-pool', 'inbound-nat-rule']: 1226 with self.argument_context('network nic ip-config {}'.format(item)) as c: 1227 c.argument('ip_config_name', options_list=['--ip-config-name', '-n'], metavar='IP_CONFIG_NAME', help='The name of the IP configuration.', id_part=None) 1228 c.argument('network_interface_name', nic_type, id_part=None) 1229 1230 # endregion 1231 1232 # region NetworkSecurityGroups 1233 with self.argument_context('network nsg') as c: 1234 c.argument('network_security_group_name', name_arg_type, completer=get_resource_name_completion_list('Microsoft.Network/networkSecurityGroups'), id_part='name') 1235 1236 with self.argument_context('network nsg create') as c: 1237 c.argument('name', name_arg_type) 1238 1239 with self.argument_context('network nsg rule') as c: 1240 c.argument('security_rule_name', name_arg_type, id_part='child_name_1', help='Name of the network security group rule') 1241 c.argument('network_security_group_name', options_list='--nsg-name', metavar='NSGNAME', help='Name of the network security group', id_part='name') 1242 c.argument('include_default', help='Include default security rules in the output.') 1243 1244 with self.argument_context('network nsg rule create') as c: 1245 c.argument('network_security_group_name', options_list='--nsg-name', metavar='NSGNAME', help='Name of the network security group', id_part=None) 1246 1247 for item in ['create', 'update']: 1248 with self.argument_context('network nsg rule {}'.format(item)) as c: 1249 c.argument('priority', help='Rule priority, between 100 (highest priority) and 4096 (lowest priority). Must be unique for each rule in the collection.', type=int) 1250 c.argument('description', help='Rule description') 1251 c.argument('access', help=None, arg_type=get_enum_type(SecurityRuleAccess), default=SecurityRuleAccess.allow.value if item == 'create' else None) 1252 c.argument('protocol', help='Network protocol this rule applies to.', arg_type=get_enum_type(SecurityRuleProtocol), default=SecurityRuleProtocol.asterisk.value if item == 'create' else None) 1253 c.argument('direction', help=None, arg_type=get_enum_type(SecurityRuleDirection), default=SecurityRuleDirection.inbound.value if item == 'create' else None) 1254 1255 with self.argument_context('network nsg rule {}'.format(item), min_api='2017-06-01') as c: 1256 c.argument('source_port_ranges', nargs='+', help="Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports.", arg_group='Source') 1257 c.argument('source_address_prefixes', 1258 nargs='+', 1259 help="Space-separated list of CIDR prefixes or IP ranges. " 1260 "Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' " 1261 "to match all IPs. Besides, it also supports all available Service Tags like " 1262 "'ApiManagement', 'SqlManagement', 'AzureMonitor', etc.", 1263 arg_group='Source') 1264 c.argument('destination_port_ranges', nargs='+', help="Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports.", arg_group='Destination') 1265 c.argument('destination_address_prefixes', 1266 nargs='+', 1267 help="Space-separated list of CIDR prefixes or IP ranges. " 1268 "Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' " 1269 "to match all IPs. Besides, it also supports all available Service Tags like " 1270 "'ApiManagement', 'SqlManagement', 'AzureMonitor', etc.", 1271 arg_group='Destination') 1272 1273 with self.argument_context('network nsg rule {}'.format(item), max_api='2017-03-01') as c: 1274 c.argument('source_port_range', help="Port or port range between 0-65535. Use '*' to match all ports.", arg_group='Source') 1275 c.argument('source_address_prefix', 1276 help="Space-separated list of CIDR prefixes or IP ranges. " 1277 "Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' " 1278 "to match all IPs. Besides, it also supports all available Service Tags like " 1279 "'ApiManagement', 'SqlManagement', 'AzureMonitor', etc.", 1280 arg_group='Source') 1281 c.argument('destination_port_range', help="Port or port range between 0-65535. Use '*' to match all ports.", arg_group='Destination') 1282 c.argument('destination_address_prefix', 1283 help="Space-separated list of CIDR prefixes or IP ranges. " 1284 "Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' " 1285 "to match all IPs. Besides, it also supports all available Service Tags like " 1286 "'ApiManagement', 'SqlManagement', 'AzureMonitor', etc.", 1287 arg_group='Destination') 1288 1289 with self.argument_context('network nsg rule {}'.format(item), min_api='2017-09-01') as c: 1290 c.argument('source_asgs', nargs='+', help="Space-separated list of application security group names or IDs. Limited by backend server, temporarily this argument only supports one application security group name or ID", arg_group='Source', validator=get_asg_validator(self, 'source_asgs')) 1291 c.argument('destination_asgs', nargs='+', help="Space-separated list of application security group names or IDs. Limited by backend server, temporarily this argument only supports one application security group name or ID", arg_group='Destination', validator=get_asg_validator(self, 'destination_asgs')) 1292 1293 # endregion 1294 1295 # region NetworkWatchers 1296 with self.argument_context('network watcher') as c: 1297 c.argument('network_watcher_name', name_arg_type, help='Name of the Network Watcher.') 1298 c.argument('location', validator=None) 1299 c.ignore('watcher_rg') 1300 c.ignore('watcher_name') 1301 1302 with self.argument_context('network watcher connection-monitor') as c: 1303 c.argument('network_watcher_name', arg_type=ignore_type, options_list=['--__NETWORK_WATCHER_NAME']) 1304 c.argument('connection_monitor_name', name_arg_type, help='Connection monitor name.') 1305 1306 # connection monitor V1 parameter set 1307 with self.argument_context('network watcher connection-monitor', arg_group='V1 Endpoint') as c: 1308 c.argument('source_resource', help='Name or ID of the resource from which to originate traffic. ' 1309 'Currently only Virtual Machines are supported.') 1310 c.argument('source_port', help='Port number from which to originate traffic.') 1311 c.argument('dest_resource', help='Name of ID of the resource to receive traffic. ' 1312 'Currently only Virtual Machines are supported.') 1313 c.argument('dest_port', help='Port number on which to receive traffic.') 1314 c.argument('dest_address', help='The IP address or URI at which to receive traffic.') 1315 c.argument('monitoring_interval', help='Monitoring interval in seconds.', type=int, default=60) 1316 c.argument('do_not_start', action='store_true', 1317 help='Create the connection monitor but do not start it immediately.') 1318 1319 nw_validator = get_network_watcher_from_location(remove=True, watcher_name='network_watcher_name', rg_name='resource_group_name') 1320 for scope in ['list', 'show', 'start', 'stop', 'delete', 'query']: 1321 with self.argument_context('network watcher connection-monitor {}'.format(scope)) as c: 1322 c.extra('location', get_location_type(self.cli_ctx), required=True) 1323 c.argument('resource_group_name', arg_type=ignore_type, validator=nw_validator) 1324 1325 # connection monitor V2 parameter set 1326 with self.argument_context('network watcher connection-monitor', min_api='2019-11-01', arg_group='V2') as c: 1327 c.argument('notes', help='Optional notes to be associated with the connection monitor') 1328 1329 # Argument Group for endpoint to create a V2 connection monitor 1330 with self.argument_context('network watcher connection-monitor', 1331 arg_group='V2 Endpoint', 1332 min_api='2019-11-01') as c: 1333 c.argument('endpoint_dest_name', 1334 help='The name of the destination of connection monitor endpoint. ' 1335 'If you are creating a V2 Connection Monitor, it\'s required') 1336 c.argument('endpoint_dest_resource_id', 1337 help='Resource ID of the destination of connection monitor endpoint') 1338 c.argument('endpoint_dest_address', 1339 help='Address of the destination of connection monitor endpoint (IP or domain name)') 1340 c.argument('endpoint_dest_type', 1341 arg_type=get_enum_type(EndpointType), 1342 help='The endpoint type') 1343 c.argument('endpoint_dest_coverage_level', 1344 arg_type=get_enum_type(CoverageLevel), 1345 help='Test coverage for the endpoint') 1346 c.argument('endpoint_source_name', 1347 help='The name of the source of connection monitor endpoint. ' 1348 'If you are creating a V2 Connection Monitor, it\'s required') 1349 c.argument('endpoint_source_resource_id', 1350 help='Resource ID of the source of connection monitor endpoint. ' 1351 'If endpoint is intended to used as source, this option is required.') 1352 c.argument('endpoint_source_address', 1353 help='Address of the source of connection monitor endpoint (IP or domain name)') 1354 c.argument('endpoint_source_type', 1355 arg_type=get_enum_type(EndpointType), 1356 help='The endpoint type') 1357 c.argument('endpoint_source_coverage_level', 1358 arg_type=get_enum_type(CoverageLevel), 1359 help='Test coverage for the endpoint') 1360 1361 # Argument Group for test configuration to create a V2 connection monitor 1362 with self.argument_context('network watcher connection-monitor', 1363 arg_group='V2 Test Configuration', 1364 min_api='2019-11-01') as c: 1365 c.argument('test_config_name', 1366 help='The name of the connection monitor test configuration. ' 1367 'If you are creating a V2 Connection Monitor, it\'s required') 1368 c.argument('test_config_frequency', 1369 options_list='--frequency', 1370 help='The frequency of test evaluation, in seconds', 1371 type=int, 1372 default=60) 1373 c.argument('test_config_protocol', 1374 options_list='--protocol', 1375 help='The protocol to use in test evaluation', 1376 arg_type=get_enum_type(ConnectionMonitorTestConfigurationProtocol)) 1377 c.argument('test_config_preferred_ip_version', 1378 options_list='--preferred-ip-version', 1379 help='The preferred IP version to use in test evaluation. ' 1380 'The connection monitor may choose to use a different version depending on other parameters', 1381 arg_type=get_enum_type(PreferredIPVersion)) 1382 c.argument('test_config_threshold_failed_percent', 1383 options_list='--threshold-failed-percent', 1384 help='The maximum percentage of failed checks permitted for a test to evaluate as successful', 1385 type=int) 1386 c.argument('test_config_threshold_round_trip_time', 1387 options_list='--threshold-round-trip-time', 1388 help='The maximum round-trip time in milliseconds permitted for a test to evaluate as successful', 1389 type=int) 1390 # TCP protocol configuration 1391 c.argument('test_config_tcp_port', 1392 options_list='--tcp-port', 1393 help='The port to connect to', 1394 type=int) 1395 c.argument('test_config_tcp_port_behavior', 1396 options_list='--tcp-port-behavior', 1397 help='Destination port behavior', 1398 arg_type=get_enum_type(DestinationPortBehavior)) 1399 c.argument('test_config_tcp_disable_trace_route', 1400 options_list='--tcp-disable-trace-route', 1401 help='Value indicating whether path evaluation with trace route should be disabled. ' 1402 'false is default.', 1403 arg_type=get_three_state_flag()) 1404 # ICMP protocol configuration 1405 c.argument('test_config_icmp_disable_trace_route', 1406 options_list='--icmp-disable-trace-route', 1407 help='Value indicating whether path evaluation with trace route should be disabled. ' 1408 'false is default.', 1409 arg_type=get_three_state_flag()) 1410 # HTTP protocol configuration 1411 c.argument('test_config_http_port', 1412 options_list='--http-port', 1413 help='The port to connect to', 1414 type=int) 1415 c.argument('test_config_http_method', 1416 options_list='--http-method', 1417 help='The HTTP method to use', 1418 arg_type=get_enum_type(HTTPConfigurationMethod)) 1419 c.argument('test_config_http_path', 1420 options_list='--http-path', 1421 help='The path component of the URI. For instance, "/dir1/dir2"') 1422 c.argument('test_config_http_valid_status_codes', 1423 options_list='--http-valid-status-codes', 1424 help='Space-separated list of HTTP status codes to consider successful. ' 1425 'For instance, "2xx 301-304 418"', 1426 nargs='+') 1427 c.argument('test_config_http_prefer_https', 1428 options_list='--https-prefer', 1429 help='Value indicating whether HTTPS is preferred ' 1430 'over HTTP in cases where the choice is not explicit', 1431 arg_type=get_three_state_flag()) 1432 1433 # Argument Group for test group to create a V2 connection monitor 1434 with self.argument_context('network watcher connection-monitor', 1435 arg_group='V2 Test Group', 1436 min_api='2019-11-01') as c: 1437 c.argument('test_group_name', 1438 help='The name of the connection monitor test group', 1439 default='DefaultTestGroup') 1440 c.argument('test_group_disable', 1441 help='Value indicating whether test group is disabled. false is default.', 1442 arg_type=get_three_state_flag()) 1443 1444 # Argument Group for output to create a V2 connection monitor 1445 with self.argument_context('network watcher connection-monitor', 1446 arg_group='V2 Output', 1447 min_api='2019-11-01') as c: 1448 c.argument('output_type', 1449 help='Connection monitor output destination type. Currently, only "Workspace" is supported', 1450 arg_type=get_enum_type(OutputType)) 1451 c.argument('workspace_ids', 1452 help='Space-separated list of ids of log analytics workspace', 1453 nargs='+') 1454 1455 # Argument Group for connection monitor V2 endpoint 1456 with self.argument_context('network watcher connection-monitor endpoint', min_api='2019-11-01') as c: 1457 c.argument('connection_monitor_name', 1458 options_list=['--connection-monitor'], 1459 help='Connection monitor name.') 1460 c.argument('name', 1461 arg_type=name_arg_type, 1462 help='The name of the connection monitor endpoint') 1463 c.argument('endpoint_resource_id', 1464 options_list=['--resource-id'], 1465 help='Resource ID of the connection monitor endpoint') 1466 c.argument('address', 1467 help='Address of the connection monitor endpoint (IP or domain name)') 1468 c.argument('address_include', 1469 nargs='+', 1470 help='List of address of the endpoint item which needs to be included to the endpoint scope') 1471 c.argument('address_exclude', 1472 nargs='+', 1473 help='List of address of the endpoint item which needs to be included to the endpoint scope') 1474 c.argument('endpoint_type', 1475 options_list=['--type'], 1476 help='The endpoint type', 1477 arg_type=get_enum_type(EndpointType)) 1478 c.argument('coverage_level', 1479 arg_type=get_enum_type(CoverageLevel), 1480 help='Test coverage for the endpoint') 1481 c.argument('filter_type', 1482 arg_type=get_enum_type(ConnectionMonitorEndpointFilterType), 1483 deprecate_info=c.deprecate(hide=False), 1484 help="The behavior of the endpoint filter. Currently only 'Include' is supported.") 1485 c.argument('filter_items', 1486 options_list=['--filter-item'], 1487 action=NWConnectionMonitorEndpointFilterItemAction, 1488 deprecate_info=c.deprecate(hide=False), 1489 nargs='+', 1490 help="List of property=value pairs to define filter items. " 1491 "Property currently include: type, address. " 1492 "Property value of type supports 'AgentAddress' only now.") 1493 1494 with self.argument_context('network watcher connection-monitor endpoint', 1495 min_api='2019-11-01', 1496 arg_group='V2 Test Group') as c: 1497 c.argument('test_groups', 1498 nargs='+', 1499 help='Space-separated list of names of test group which only need to be affected if specified') 1500 c.argument('source_test_groups', 1501 nargs='+', 1502 help='Space-separated list of names for test group to reference as source') 1503 c.argument('dest_test_groups', 1504 nargs='+', 1505 help='Space-separated list of names for test group to reference as destination') 1506 1507 # Argument Group for connection monitor V2 test configuration 1508 with self.argument_context('network watcher connection-monitor test-configuration', 1509 min_api='2019-11-01') as c: 1510 c.argument('connection_monitor_name', 1511 options_list=['--connection-monitor'], 1512 help='Connection monitor name') 1513 c.argument('name', 1514 arg_type=name_arg_type, 1515 help='The name of the connection monitor test configuration') 1516 c.argument('frequency', 1517 help='The frequency of test evaluation, in seconds', 1518 type=int, 1519 default=60) 1520 c.argument('protocol', 1521 help='The protocol to use in test evaluation', 1522 arg_type=get_enum_type(ConnectionMonitorTestConfigurationProtocol)) 1523 c.argument('preferred_ip_version', 1524 help='The preferred IP version to use in test evaluation. ' 1525 'The connection monitor may choose to use a different version depending on other parameters', 1526 arg_type=get_enum_type(PreferredIPVersion)) 1527 c.argument('threshold_failed_percent', 1528 help='The maximum percentage of failed checks permitted for a test to evaluate as successful', 1529 type=int) 1530 c.argument('threshold_round_trip_time', 1531 help='The maximum round-trip time in milliseconds permitted for a test to evaluate as successful', 1532 type=int) 1533 c.argument('test_groups', 1534 help='Space-separated list of names of test group which only need to be affected if specified', 1535 nargs='+') 1536 # TCP protocol configuration 1537 with self.argument_context('network watcher connection-monitor test-configuration', 1538 min_api='2019-11-01', 1539 arg_group='TCP Protocol') as c: 1540 c.argument('tcp_port', 1541 help='The port to connect to', 1542 type=int) 1543 c.argument('tcp_disable_trace_route', 1544 help='Value indicating whether path evaluation with trace route should be disabled. ' 1545 'false is default.', 1546 arg_type=get_three_state_flag()) 1547 c.argument('tcp_port_behavior', 1548 help='Destination port behavior', 1549 arg_type=get_enum_type(DestinationPortBehavior)) 1550 # ICMP protocol configuration 1551 with self.argument_context('network watcher connection-monitor test-configuration', 1552 min_api='2019-11-01', 1553 arg_group='ICMP Protocol') as c: 1554 c.argument('icmp_disable_trace_route', 1555 help='Value indicating whether path evaluation with trace route should be disabled. ' 1556 'false is default.', 1557 arg_type=get_three_state_flag()) 1558 # HTTP protocol configuration 1559 with self.argument_context('network watcher connection-monitor test-configuration', 1560 min_api='2019-11-01', 1561 arg_group='HTTP Protocol') as c: 1562 c.argument('http_port', 1563 help='The port to connect to', 1564 type=int) 1565 c.argument('http_method', 1566 help='The HTTP method to use', 1567 arg_type=get_enum_type(HTTPConfigurationMethod)) 1568 c.argument('http_path', 1569 help='The path component of the URI. For instance, "/dir1/dir2"') 1570 c.argument('http_valid_status_codes', 1571 nargs='+', 1572 help='Space-separated list of HTTP status codes to consider successful. ' 1573 'For instance, "2xx 301-304 418"') 1574 c.argument('http_prefer_https', 1575 help='Value indicating whether HTTPS is preferred ' 1576 'over HTTP in cases where the choice is not explicit', 1577 arg_type=get_three_state_flag()) 1578 c.argument('http_request_headers', 1579 options_list=['--http-request-header'], 1580 help='The HTTP headers to transmit with the request. ' 1581 'List of property=value pairs to define HTTP headers.', 1582 nargs='+', 1583 action=NWConnectionMonitorTestConfigurationHTTPRequestHeaderAction) 1584 1585 with self.argument_context('network watcher connection-monitor test-group', min_api='2019-11-01') as c: 1586 c.argument('connection_monitor_name', 1587 options_list=['--connection-monitor'], 1588 help='Connection monitor name.') 1589 c.argument('name', 1590 arg_type=name_arg_type, 1591 help='The name of the connection monitor test group') 1592 c.argument('disable', 1593 help='Value indicating whether test group is disabled. false is default.', 1594 arg_type=get_three_state_flag()) 1595 1596 with self.argument_context('network watcher connection-monitor output', min_api='2019-11-01') as c: 1597 c.argument('connection_monitor_name', 1598 options_list=['--connection-monitor'], 1599 help='Connection monitor name.') 1600 c.argument('out_type', 1601 options_list=['--type'], 1602 help='Connection monitor output destination type. Currently, only "Workspace" is supported', 1603 arg_type=get_enum_type(OutputType)) 1604 c.argument('workspace_id', help='The id of log analytics workspace') 1605 1606 with self.argument_context('network watcher configure') as c: 1607 c.argument('locations', get_location_type(self.cli_ctx), options_list=['--locations', '-l'], nargs='+') 1608 c.argument('enabled', arg_type=get_three_state_flag()) 1609 1610 with self.argument_context('network watcher show-topology') as c: 1611 c.extra('location') 1612 1613 with self.argument_context('network watcher show-topology', arg_group='Target') as c: 1614 c.ignore('network_watcher_name', 'resource_group_name') 1615 c.argument('target_resource_group_name', options_list=['--resource-group', '-g'], completer=get_resource_group_completion_list) 1616 c.argument('target_vnet', options_list=['--vnet'], help='Name or ID of the virtual network to target.') 1617 c.argument('target_subnet', options_list=['--subnet'], help='Name or ID of the subnet to target. If name is used, --vnet NAME must also be supplied.') 1618 1619 with self.argument_context('network watcher create') as c: 1620 c.argument('location', validator=get_default_location_from_resource_group) 1621 1622 for item in ['test-ip-flow', 'show-next-hop', 'show-security-group-view', 'packet-capture create']: 1623 with self.argument_context('network watcher {}'.format(item)) as c: 1624 c.argument('watcher_name', ignore_type, validator=get_network_watcher_from_vm) 1625 c.ignore('location') 1626 c.ignore('watcher_rg') 1627 c.argument('vm', help='Name or ID of the VM to target. If the name of the VM is provided, the --resource-group is required.') 1628 c.argument('resource_group_name', help='Name of the resource group the target VM is in.') 1629 c.argument('nic', help='Name or ID of the NIC resource to test. If the VM has multiple NICs and IP forwarding is enabled on any of them, this parameter is required.') 1630 1631 with self.argument_context('network watcher test-connectivity') as c: 1632 c.argument('source_port', type=int) 1633 c.argument('dest_resource', arg_group='Destination') 1634 c.argument('dest_address', arg_group='Destination') 1635 c.argument('dest_port', type=int, arg_group='Destination') 1636 c.argument('protocol', arg_type=get_enum_type(Protocol), help='Protocol to test on.') 1637 1638 with self.argument_context('network watcher test-connectivity', arg_group='HTTP Configuration') as c: 1639 c.argument('method', arg_type=get_enum_type(HTTPMethod), help='HTTP method to use.') 1640 c.argument('headers', nargs='+', help='Space-separated list of headers in `KEY=VALUE` format.') 1641 c.argument('valid_status_codes', nargs='+', type=int, help='Space-separated list of HTTP status codes considered valid.') 1642 1643 with self.argument_context('network watcher packet-capture') as c: 1644 c.argument('capture_name', name_arg_type, help='Name of the packet capture session.') 1645 c.argument('storage_account', arg_group='Storage') 1646 c.argument('storage_path', arg_group='Storage') 1647 c.argument('file_path', arg_group='Storage') 1648 c.argument('filters', type=get_json_object) 1649 1650 with self.argument_context('network watcher flow-log') as c: 1651 c.argument('location', get_location_type(self.cli_ctx), 1652 help='Location to identify the exclusive Network Watcher under a region. ' 1653 'Only one Network Watcher can be existed per subscription and region.') 1654 c.argument('flow_log_name', name_arg_type, help='The name of the flow logger', min_api='2019-11-01') 1655 c.argument('nsg', help='Name or ID of the network security group.') 1656 c.argument('enabled', arg_type=get_three_state_flag(), help='Enable logging', default='true') 1657 c.argument('retention', type=int, help='Number of days to retain logs') 1658 c.argument('storage_account', help='Name or ID of the storage account in which to save the flow logs. ' 1659 'Must be in the same region of flow log.') 1660 1661 # temporary solution for compatible with old show command's parameter 1662 # after old show command's parameter is deprecated and removed, 1663 # this argument group "network watcher flow-log show" should be removed 1664 with self.argument_context('network watcher flow-log show') as c: 1665 c.argument('nsg', 1666 deprecate_info=c.deprecate(redirect='--location and --name combination', hide=False), 1667 help='Name or ID of the network security group.') 1668 1669 with self.argument_context('network watcher flow-log', arg_group='Format', min_api='2018-10-01') as c: 1670 c.argument('log_format', options_list='--format', help='File type of the flow log.', arg_type=get_enum_type(FlowLogFormatType)) 1671 c.argument('log_version', help='Version (revision) of the flow log.', type=int) 1672 1673 with self.argument_context('network watcher flow-log', arg_group='Traffic Analytics', min_api='2018-10-01') as c: 1674 c.argument('traffic_analytics_interval', type=int, options_list='--interval', help='Interval in minutes at which to conduct flow analytics. Temporarily allowed values are 10 and 60.', min_api='2018-12-01') 1675 c.argument('traffic_analytics_workspace', 1676 options_list='--workspace', 1677 help='Name or ID of a Log Analytics workspace. Must be in the same region of flow log') 1678 c.argument('traffic_analytics_enabled', options_list='--traffic-analytics', arg_type=get_three_state_flag(), help='Enable traffic analytics. Defaults to true if `--workspace` is provided.') 1679 1680 for item in ['list', 'stop', 'delete', 'show', 'show-status']: 1681 with self.argument_context('network watcher packet-capture {}'.format(item)) as c: 1682 c.extra('location') 1683 c.argument('location', get_location_type(self.cli_ctx), required=True) 1684 c.argument('packet_capture_name', name_arg_type) 1685 c.argument('network_watcher_name', ignore_type, options_list=['--network-watcher-name'], validator=get_network_watcher_from_location(remove=True, rg_name='resource_group_name', watcher_name='network_watcher_name')) 1686 c.ignore('resource_group_name') 1687 1688 with self.argument_context('network watcher test-ip-flow') as c: 1689 c.argument('direction', arg_type=get_enum_type(Direction)) 1690 c.argument('protocol', arg_type=get_enum_type(Protocol)) 1691 1692 with self.argument_context('network watcher show-next-hop') as c: 1693 c.argument('source_ip', help='Source IPv4 address.') 1694 c.argument('dest_ip', help='Destination IPv4 address.') 1695 1696 with self.argument_context('network watcher troubleshooting') as c: 1697 c.argument('resource', help='Name or ID of the resource to troubleshoot.') 1698 c.argument('resource_type', help='The resource type', options_list=['--resource-type', '-t'], id_part='resource_type', arg_type=get_enum_type(['vnetGateway', 'vpnConnection'])) 1699 1700 with self.argument_context('network watcher run-configuration-diagnostic', arg_group='Target') as c: 1701 c.argument('resource', help='Name or ID of the target resource to diagnose. If an ID is given, other resource arguments should not be given.') 1702 c.argument('resource_type', help='The resource type', options_list=['--resource-type', '-t'], id_part='resource_type', arg_type=get_enum_type(['virtualMachines', 'networkInterfaces', 'applicationGateways'])) 1703 c.argument('parent', help='The parent path. (ex: virtualMachineScaleSets/vmss1)') 1704 c.argument('resource_group_name') 1705 1706 with self.argument_context('network watcher run-configuration-diagnostic', arg_group='Query') as c: 1707 c.argument('queries', help='JSON list of queries to use. Use `@{path}` to load from a file.', type=get_json_object) 1708 c.argument('direction', arg_type=get_enum_type(Direction), help='Direction of the traffic.') 1709 c.argument('protocol', arg_type=get_enum_type(Protocol), help='Protocol to be verified on.') 1710 c.argument('destination', help="Traffic destination. Accepted values are '*', IP address/CIDR, or service tag.") 1711 c.argument('source', help="Traffic source. Accepted values are '*', IP address/CIDR, or service tag.") 1712 c.argument('destination_port', options_list='--port', help="Traffic destination port. Accepted values are '*', port number (3389) or port range (80-100).") 1713 # endregion 1714 1715 # region NetworkProfile 1716 network_profile_name = CLIArgumentType(options_list='--profile-name', metavar='NAME', help='The network profile name.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/networkProfiles')) 1717 1718 with self.argument_context('network profile') as c: 1719 c.argument('network_profile_name', network_profile_name, options_list=['--name', '-n']) 1720 # endregion 1721 1722 # region CustomIpPrefix 1723 with self.argument_context('network custom-ip prefix') as c: 1724 c.argument('custom_ip_prefix_name', name_arg_type, completer=get_resource_name_completion_list('Microsoft.Network/customIpPrefixes'), id_part='name', help='The name of the custom IP prefix.') 1725 c.argument('signed_message', help='Signed message for WAN validation.') 1726 c.argument('authorization_message', help='Authorization message for WAN validation.') 1727 c.argument('custom_ip_prefix_parent', help='The Parent CustomIpPrefix for IPv6 /64 CustomIpPrefix.', options_list=['--cip-prefix-parent', '-c']) 1728 c.argument('zone', zone_type, min_api='2017-06-01', max_api='2020-07-01') 1729 c.argument('zone', zone_compatible_type, min_api='2020-08-01') 1730 c.argument('cidr', help='The prefix range in CIDR notation. Should include the start address and the prefix length.') 1731 1732 with self.argument_context('network custom-ip prefix update') as c: 1733 c.argument('commissioned_state', options_list='--state', help='Commissioned State of the custom ip prefix.', arg_type=get_enum_type(['commission', 'decommission', 'deprovision', 'provision'])) 1734 # endregion 1735 1736 # region PublicIPAddresses 1737 with self.argument_context('network public-ip') as c: 1738 c.argument('public_ip_address_name', name_arg_type, completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses'), id_part='name', help='The name of the public IP address.') 1739 c.argument('name', name_arg_type, completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses'), help='The name of the public IP address.') 1740 c.argument('reverse_fqdn', help='Reverse FQDN (fully qualified domain name).') 1741 c.argument('dns_name', help='Globally unique DNS entry.') 1742 c.argument('idle_timeout', help='Idle timeout in minutes.') 1743 c.argument('zone', zone_type, min_api='2017-06-01', max_api='2020-07-01') 1744 c.argument('zone', zone_compatible_type, min_api='2020-08-01') 1745 c.argument('ip_tags', nargs='+', min_api='2017-11-01', help="Space-separated list of IP tags in 'TYPE=VAL' format.", validator=validate_ip_tags) 1746 c.argument('ip_address', help='The IP address associated with the public IP address resource.') 1747 1748 with self.argument_context('network public-ip create') as c: 1749 c.argument('name', completer=None) 1750 c.argument('sku', min_api='2017-08-01', help='Name of a public IP address SKU', arg_type=get_enum_type(PublicIPAddressSkuName)) 1751 c.argument('tier', min_api='2020-07-01', help='Tier of a public IP address SKU and Global tier is only supported for standard SKU public IP addresses', arg_type=get_enum_type(PublicIPAddressSkuTier)) 1752 c.ignore('dns_name_type') 1753 c.argument('edge_zone', edge_zone) 1754 1755 for item in ['create', 'update']: 1756 with self.argument_context('network public-ip {}'.format(item)) as c: 1757 c.argument('allocation_method', help='IP address allocation method', arg_type=get_enum_type(IPAllocationMethod)) 1758 c.argument('version', min_api='2016-09-01', help='IP address type.', arg_type=get_enum_type(IPVersion, 'ipv4')) 1759 1760 with self.argument_context('network public-ip update') as c: 1761 c.argument('sku', min_api='2017-08-01', help='Public IP SKU', arg_type=get_enum_type(PublicIPAddressSkuName)) 1762 1763 for scope in ['public-ip', 'lb frontend-ip', 'cross-region-lb frontend-ip']: 1764 with self.argument_context('network {}'.format(scope), min_api='2018-07-01') as c: 1765 c.argument('public_ip_prefix', help='Name or ID of a public IP prefix.') 1766 1767 with self.argument_context('network public-ip prefix') as c: 1768 c.argument('public_ip_prefix_name', name_arg_type, completer=get_resource_name_completion_list('Microsoft.Network/publicIPPrefixes'), id_part='name', help='The name of the public IP prefix.') 1769 c.argument('prefix_length', options_list='--length', help='Length of the prefix (i.e. `XX.XX.XX.XX/<Length>`)') 1770 c.argument('zone', zone_type, max_api='2020-07-01') 1771 c.argument('zone', zone_compatible_type, min_api='2020-08-01') 1772 1773 with self.argument_context('network public-ip prefix create') as c: 1774 c.argument('edge_zone', edge_zone) 1775 c.argument('version', min_api='2019-08-01', help='IP address type.', arg_type=get_enum_type(IPVersion, 'ipv4')) 1776 c.argument('custom_ip_prefix_name', min_api='2020-06-01', help='The customIpPrefix that this prefix is associated with.') 1777 # endregion 1778 1779 # region RouteFilters 1780 with self.argument_context('network route-filter') as c: 1781 c.argument('route_filter_name', name_arg_type, help='Name of the route filter.') 1782 c.argument('expand', arg_type=get_enum_type(['peerings'])) 1783 1784 with self.argument_context('network route-filter rule') as c: 1785 c.argument('route_filter_name', options_list=['--filter-name'], help='Name of the route filter.', id_part='name') 1786 c.argument('rule_name', name_arg_type, help='Name of the route filter rule.', id_part='child_name_1') 1787 c.argument('access', help='The access type of the rule.', arg_type=get_enum_type(Access)) 1788 c.argument('communities', nargs='+') 1789 # endregion 1790 1791 # region RouteTables 1792 with self.argument_context('network route-table') as c: 1793 c.argument('route_table_name', name_arg_type, help='Name of the route table.', completer=get_resource_name_completion_list('Microsoft.Network/routeTables'), id_part='name') 1794 c.argument('disable_bgp_route_propagation', arg_type=get_three_state_flag(), min_api='2017-10-01', help='Disable routes learned by BGP.') 1795 1796 with self.argument_context('network route-table create') as c: 1797 c.extra('tags') 1798 c.extra('location') 1799 c.extra('cmd') 1800 c.argument('location', get_location_type(self.cli_ctx)) 1801 c.ignore('parameters') 1802 1803 with self.argument_context('network route-table route') as c: 1804 c.argument('route_name', name_arg_type, id_part='child_name_1', help='Route name') 1805 c.argument('route_table_name', options_list='--route-table-name', help='Route table name') 1806 c.argument('next_hop_type', help='The type of Azure hop the packet should be sent to.', arg_type=get_enum_type(RouteNextHopType)) 1807 c.argument('next_hop_ip_address', help='The IP address packets should be forwarded to when using the VirtualAppliance hop type.') 1808 c.argument('address_prefix', help='The destination CIDR to which the route applies.') 1809 1810 # endregion 1811 1812 # region ServiceEndpoint 1813 service_endpoint_policy_name = CLIArgumentType(options_list='--policy-name', id_part='name', help='Name of the service endpoint policy.', completer=get_resource_name_completion_list('Microsoft.Network/serviceEndpointPolicies')) 1814 1815 with self.argument_context('network service-endpoint policy') as c: 1816 c.argument('service_endpoint_policy_name', service_endpoint_policy_name, options_list=['--name', '-n']) 1817 1818 with self.argument_context('network service-endpoint policy show') as c: 1819 c.ignore('expand') 1820 1821 with self.argument_context('network service-endpoint policy-definition') as c: 1822 c.argument('service_endpoint_policy_name', service_endpoint_policy_name) 1823 c.argument('service_endpoint_policy_definition_name', name_arg_type, help='Name of the service endpoint policy definition', id_part='child_name_1') 1824 c.argument('description', help='Description of the policy definition.') 1825 c.argument('service', help='Service name the policy definition applies to.', completer=service_endpoint_completer) 1826 c.argument('service_resources', help='Space-separated list of service resources the definition applies to.', nargs='+') 1827 1828 with self.argument_context('network service-endpoint policy-definition list') as c: 1829 c.argument('service_endpoint_policy_name', service_endpoint_policy_name, id_part=None) 1830 # endregion 1831 1832 # region TrafficManagers 1833 monitor_protocol_type = CLIArgumentType(help='Monitor protocol.', arg_type=get_enum_type(MonitorProtocol, default='http')) 1834 with self.argument_context('network traffic-manager profile') as c: 1835 c.argument('traffic_manager_profile_name', name_arg_type, id_part='name', help='Traffic manager profile name', completer=get_resource_name_completion_list('Microsoft.Network/trafficManagerProfiles')) 1836 c.argument('profile_name', name_arg_type, id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/trafficManagerProfiles')) 1837 c.argument('profile_status', options_list=['--status'], help='Status of the Traffic Manager profile.', arg_type=get_enum_type(ProfileStatus)) 1838 c.argument('routing_method', help='Routing method.', arg_type=get_enum_type(['Performance', 'Weighted', 'Priority', 'Geographic', 'Multivalue', 'Subnet'])) 1839 c.argument('unique_dns_name', help="Relative DNS name for the traffic manager profile. Resulting FQDN will be `<unique-dns-name>.trafficmanager.net` and must be globally unique.") 1840 c.argument('max_return', help="Maximum number of endpoints to be returned for MultiValue routing type.", type=int) 1841 c.argument('ttl', help='DNS config time-to-live in seconds.', type=int) 1842 1843 with self.argument_context('network traffic-manager profile', arg_group='Monitor Configuration') as c: 1844 c.argument('monitor_path', help='Path to monitor. Use ""(\'""\' in PowerShell) for none.', options_list=['--path', c.deprecate(target='--monitor-path', redirect='--path', hide=True)]) 1845 c.argument('monitor_port', help='Port to monitor.', type=int, options_list=['--port', c.deprecate(target='--monitor-port', redirect='--port', hide=True)]) 1846 c.argument('monitor_protocol', monitor_protocol_type, options_list=['--protocol', c.deprecate(target='--monitor-protocol', redirect='--protocol', hide=True)]) 1847 c.argument('timeout', help='The time in seconds allowed for endpoints to respond to a health check.', type=int) 1848 c.argument('interval', help='The interval in seconds at which health checks are conducted.', type=int) 1849 c.argument('max_failures', help='The number of consecutive failed health checks tolerated before an endpoint is considered degraded.', type=int) 1850 c.argument('monitor_custom_headers', options_list='--custom-headers', help='Space-separated list of NAME=VALUE pairs.', nargs='+', validator=validate_custom_headers) 1851 c.argument('status_code_ranges', help='Space-separated list of status codes in MIN-MAX or VAL format.', nargs='+', validator=validate_status_code_ranges) 1852 1853 with self.argument_context('network traffic-manager profile update') as c: 1854 c.argument('monitor_protocol', monitor_protocol_type, default=None) 1855 1856 with self.argument_context('network traffic-manager profile check-dns') as c: 1857 c.argument('name', name_arg_type, help='DNS prefix to verify availability for.', required=True) 1858 c.argument('type', ignore_type, default='Microsoft.Network/trafficManagerProfiles') 1859 1860 endpoint_types = ['azureEndpoints', 'externalEndpoints', 'nestedEndpoints'] 1861 with self.argument_context('network traffic-manager endpoint') as c: 1862 c.argument('endpoint_name', name_arg_type, id_part='child_name_1', help='Endpoint name.', completer=tm_endpoint_completion_list) 1863 c.argument('endpoint_type', options_list=['--type', '-t'], help='Endpoint type.', id_part='child_name_1', arg_type=get_enum_type(endpoint_types)) 1864 c.argument('profile_name', help='Name of parent profile.', completer=get_resource_name_completion_list('Microsoft.Network/trafficManagerProfiles'), id_part='name') 1865 c.argument('endpoint_location', help="Location of the external or nested endpoints when using the 'Performance' routing method.") 1866 c.argument('endpoint_monitor_status', help='The monitoring status of the endpoint.') 1867 c.argument('endpoint_status', arg_type=get_enum_type(['Enabled', 'Disabled']), help="The status of the endpoint. If enabled the endpoint is probed for endpoint health and included in the traffic routing method.") 1868 c.argument('min_child_endpoints', help="The minimum number of endpoints that must be available in the child profile for the parent profile to be considered available. Only applicable to an endpoint of type 'NestedEndpoints'.") 1869 c.argument('priority', help="Priority of the endpoint when using the 'Priority' traffic routing method. Values range from 1 to 1000, with lower values representing higher priority.", type=int) 1870 c.argument('target', help='Fully-qualified DNS name of the endpoint.') 1871 c.argument('target_resource_id', help="The Azure Resource URI of the endpoint. Not applicable for endpoints of type 'ExternalEndpoints'.") 1872 c.argument('weight', help="Weight of the endpoint when using the 'Weighted' traffic routing method. Values range from 1 to 1000.", type=int) 1873 c.argument('geo_mapping', help="Space-separated list of country/region codes mapped to this endpoint when using the 'Geographic' routing method.", nargs='+') 1874 c.argument('subnets', nargs='+', help='Space-separated list of subnet CIDR prefixes (10.0.0.0/24) or subnet ranges (10.0.0.0-11.0.0.0).', validator=validate_subnet_ranges) 1875 c.argument('monitor_custom_headers', nargs='+', options_list='--custom-headers', help='Space-separated list of custom headers in KEY=VALUE format.', validator=validate_custom_headers) 1876 1877 with self.argument_context('network traffic-manager endpoint create') as c: 1878 c.argument('target', help='Fully-qualified DNS name of the endpoint.') 1879 1880 # endregion 1881 1882 # region VirtualNetworks 1883 with self.argument_context('network vnet') as c: 1884 c.argument('virtual_network_name', virtual_network_name_type, options_list=['--name', '-n'], id_part='name') 1885 c.argument('vnet_prefixes', nargs='+', help='Space-separated list of IP address prefixes for the VNet.', options_list='--address-prefixes', metavar='PREFIX') 1886 c.argument('dns_servers', nargs='+', help='Space-separated list of DNS server IP addresses.', metavar='IP') 1887 c.argument('ddos_protection', arg_type=get_three_state_flag(), help='Control whether DDoS protection is enabled.', min_api='2017-09-01') 1888 c.argument('ddos_protection_plan', help='Name or ID of a DDoS protection plan to associate with the VNet.', min_api='2018-02-01', validator=validate_ddos_name_or_id) 1889 c.argument('vm_protection', arg_type=get_three_state_flag(), help='Enable VM protection for all subnets in the VNet.', min_api='2017-09-01') 1890 c.argument('flowtimeout', type=int, help='The FlowTimeout value (in minutes) for the Virtual Network', min_api='2021-02-01', is_preview=True) 1891 1892 with self.argument_context('network vnet check-ip-address') as c: 1893 c.argument('ip_address', required=True) 1894 1895 with self.argument_context('network vnet create') as c: 1896 c.argument('location', get_location_type(self.cli_ctx)) 1897 c.argument('vnet_name', virtual_network_name_type, options_list=['--name', '-n'], completer=None, 1898 local_context_attribute=LocalContextAttribute(name='vnet_name', actions=[LocalContextAction.SET], scopes=[ALL])) 1899 c.argument('edge_zone', edge_zone) 1900 1901 with self.argument_context('network vnet create', arg_group='Subnet') as c: 1902 c.argument('subnet_name', help='Name of a new subnet to create within the VNet.', 1903 local_context_attribute=LocalContextAttribute(name='subnet_name', actions=[LocalContextAction.SET], scopes=[ALL])) 1904 c.argument('subnet_prefix', help='IP address prefix for the new subnet. If omitted, automatically reserves a /24 (or as large as available) block within the VNet address space.', metavar='PREFIX', max_api='2018-07-01') 1905 c.argument('subnet_prefix', options_list='--subnet-prefixes', nargs='+', min_api='2018-08-01', help='Space-separated list of address prefixes in CIDR format for the new subnet. If omitted, automatically reserves a /24 (or as large as available) block within the VNet address space.', metavar='PREFIXES') 1906 c.argument('network_security_group', options_list=['--network-security-group', '--nsg'], validator=get_nsg_validator(), help='Name or ID of a network security group (NSG).') 1907 1908 with self.argument_context('network vnet update') as c: 1909 c.argument('address_prefixes', nargs='+') 1910 1911 with self.argument_context('network vnet delete') as c: 1912 c.argument('virtual_network_name', local_context_attribute=None) 1913 1914 with self.argument_context('network vnet peering') as c: 1915 c.argument('virtual_network_name', virtual_network_name_type) 1916 c.argument('virtual_network_peering_name', options_list=['--name', '-n'], help='The name of the VNet peering.', id_part='child_name_1') 1917 c.argument('remote_virtual_network', options_list=['--remote-vnet', c.deprecate(target='--remote-vnet-id', hide=True, expiration='3.0.0')], help='Resource ID or name of the remote VNet.') 1918 1919 with self.argument_context('network vnet peering create') as c: 1920 c.argument('allow_virtual_network_access', options_list='--allow-vnet-access', action='store_true', help='Allows access from the local VNet to the remote VNet.') 1921 c.argument('allow_gateway_transit', action='store_true', help='Allows gateway link to be used in the remote VNet.') 1922 c.argument('allow_forwarded_traffic', action='store_true', help='Allows forwarded traffic from the local VNet to the remote VNet.') 1923 c.argument('use_remote_gateways', action='store_true', help='Allows VNet to use the remote VNet\'s gateway. Remote VNet gateway must have --allow-gateway-transit enabled for remote peering. Only 1 peering can have this flag enabled. Cannot be set if the VNet already has a gateway.') 1924 1925 with self.argument_context('network vnet subnet') as c: 1926 c.argument('subnet_name', arg_type=subnet_name_type, options_list=['--name', '-n'], id_part='child_name_1') 1927 c.argument('nat_gateway', min_api='2019-02-01', validator=validate_nat_gateway, help='Name or ID of a NAT gateway to attach.') 1928 c.argument('address_prefix', metavar='PREFIX', help='Address prefix in CIDR format.', max_api='2018-07-01') 1929 c.argument('address_prefix', metavar='PREFIXES', options_list='--address-prefixes', nargs='+', help='Space-separated list of address prefixes in CIDR format.', min_api='2018-08-01') 1930 c.argument('virtual_network_name', virtual_network_name_type) 1931 c.argument('network_security_group', options_list=['--network-security-group', '--nsg'], validator=get_nsg_validator(), help='Name or ID of a network security group (NSG).') 1932 c.argument('route_table', help='Name or ID of a route table to associate with the subnet.') 1933 c.argument('service_endpoints', nargs='+', min_api='2017-06-01') 1934 c.argument('service_endpoint_policy', nargs='+', min_api='2018-07-01', help='Space-separated list of names or IDs of service endpoint policies to apply.', validator=validate_service_endpoint_policy) 1935 c.argument('delegations', nargs='+', min_api='2017-08-01', help='Space-separated list of services to whom the subnet should be delegated. (e.g. Microsoft.Sql/servers)', validator=validate_delegations) 1936 c.argument('disable_private_endpoint_network_policies', arg_type=get_three_state_flag(), min_api='2019-04-01', help='Disable private endpoint network policies on the subnet.') 1937 c.argument('disable_private_link_service_network_policies', arg_type=get_three_state_flag(), min_api='2019-04-01', help='Disable private link service network policies on the subnet.') 1938 1939 with self.argument_context('network vnet subnet create') as c: 1940 c.argument('subnet_name', arg_type=subnet_name_type, options_list=['--name', '-n'], id_part='child_name_1', 1941 local_context_attribute=LocalContextAttribute(name='subnet_name', actions=[LocalContextAction.SET], scopes=[ALL])) 1942 1943 with self.argument_context('network vnet subnet update') as c: 1944 c.argument('network_security_group', validator=get_nsg_validator(), help='Name or ID of a network security group (NSG). Use empty string ""(\'""\' in PowerShell) to detach it.') 1945 c.argument('route_table', help='Name or ID of a route table to associate with the subnet. Use empty string ""(\'""\' in PowerShell) to detach it. You can also append "--remove routeTable" in "az network vnet subnet update" to detach it.') 1946 1947 for scope in ['network vnet subnet list', 'network vnet peering list']: 1948 with self.argument_context(scope) as c: 1949 c.argument('ids', deprecate_info=c.deprecate(hide=True, expiration='3.0.0')) 1950 c.argument('virtual_network_name', id_part=None) 1951 1952 with self.argument_context('network vnet subnet delete') as c: 1953 c.argument('subnet_name', local_context_attribute=None) 1954 1955 # endregion 1956 1957 # region VirtualNetworkGateways 1958 vnet_gateway_type = CLIArgumentType(help='The gateway type.', arg_type=get_enum_type(VirtualNetworkGatewayType), default=VirtualNetworkGatewayType.vpn.value) 1959 vnet_gateway_sku_type = CLIArgumentType(help='VNet gateway SKU.', arg_type=get_enum_type(VirtualNetworkGatewaySkuName), default=VirtualNetworkGatewaySkuName.basic.value) 1960 vnet_gateway_routing_type = CLIArgumentType(help='VPN routing type.', arg_type=get_enum_type(VpnType), default=VpnType.route_based.value) 1961 with self.argument_context('network vnet-gateway') as c: 1962 c.argument('virtual_network_gateway_name', options_list=['--name', '-n'], help='Name of the VNet gateway.', completer=get_resource_name_completion_list('Microsoft.Network/virtualNetworkGateways'), id_part='name') 1963 c.argument('cert_name', help='Root certificate name', options_list=['--name', '-n']) 1964 c.argument('gateway_name', help='Virtual network gateway name') 1965 c.argument('gateway_type', vnet_gateway_type) 1966 c.argument('gateway_default_site', help='Name or ID of a local network gateway representing a local network site with default routes.') 1967 c.argument('sku', vnet_gateway_sku_type) 1968 c.argument('vpn_type', vnet_gateway_routing_type) 1969 c.argument('bgp_peering_address', arg_group='BGP Peering', help='IP address to use for BGP peering.') 1970 c.argument('public_ip_address', options_list=['--public-ip-addresses'], nargs='+', help='Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway.', completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses')) 1971 c.argument('address_prefixes', help='Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient.', nargs='+', arg_group='VPN Client') 1972 c.argument('radius_server', min_api='2017-06-01', help='Radius server address to connect to.', arg_group='VPN Client') 1973 c.argument('radius_secret', min_api='2017-06-01', help='Radius secret to use for authentication.', arg_group='VPN Client') 1974 c.argument('client_protocol', min_api='2017-06-01', help='Protocols to use for connecting', nargs='+', arg_group='VPN Client', arg_type=get_enum_type(VpnClientProtocol)) 1975 c.argument('custom_routes', min_api='2019-02-01', help='Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient.', nargs='+', arg_group='VPN Client') 1976 c.argument('vpn_auth_type', min_api='2020-11-01', nargs='+', help='VPN authentication types enabled for the virtual network gateway.', arg_type=get_enum_type(VpnAuthenticationType)) 1977 1978 with self.argument_context('network vnet-gateway', arg_group='AAD Authentication', min_api='2020-11-01') as c: 1979 c.argument('aad_tenant', help='The AAD Tenant URI of the VirtualNetworkGateway.') 1980 c.argument('aad_audience', help='The AADAudience ID of the VirtualNetworkGateway.') 1981 c.argument('aad_issuer', help='The AAD Issuer URI of the VirtualNetworkGateway.') 1982 1983 with self.argument_context('network vnet-gateway', arg_group='Root Cert Authentication', min_api='2020-11-01') as c: 1984 c.argument('root_cert_data', help='Base64 contents of the root certificate file or file path.', type=file_type, completer=FilesCompleter()) 1985 c.argument('root_cert_name', help='Root certificate name') 1986 1987 with self.argument_context('network vnet-gateway', arg_group='Nat Rule', min_api='2021-02-01') as c: 1988 c.argument('nat_rule', nargs='+', action=NatRuleCreate) 1989 1990 with self.argument_context('network vnet-gateway update') as c: 1991 c.argument('gateway_type', vnet_gateway_type, default=None) 1992 c.argument('sku', vnet_gateway_sku_type, default=None) 1993 c.argument('vpn_type', vnet_gateway_routing_type, default=None) 1994 1995 with self.argument_context('network vnet-gateway create') as c: 1996 vnet_help = "Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'." 1997 c.argument('virtual_network', options_list='--vnet', help=vnet_help) 1998 c.argument('vpn_gateway_generation', arg_type=get_enum_type(['Generation1', 'Generation2']), min_api='2019-07-01', help='The generation for the virtual network gateway. vpn_gateway_generation should not be provided if gateway_type is not Vpn.') 1999 c.argument('edge_zone', edge_zone, min_api='2021-02-01') 2000 2001 with self.argument_context('network vnet-gateway update') as c: 2002 c.argument('enable_bgp', help='Enable BGP (Border Gateway Protocol)', arg_group='BGP Peering', arg_type=get_enum_type(['true', 'false'])) 2003 c.argument('virtual_network', virtual_network_name_type, options_list='--vnet', help="Name or ID of a virtual network that contains a subnet named 'GatewaySubnet'.") 2004 c.extra('address_prefixes', options_list='--address-prefixes', help='List of address prefixes for the VPN gateway. Prerequisite for uploading certificates.', nargs='+') 2005 2006 with self.argument_context('network vnet-gateway aad assign', min_api='2019-04-01') as c: 2007 c.argument('aad_tenant', options_list='--tenant', help='The AADTenant URI of the VirtualNetworkGateway.') 2008 c.argument('aad_audience', options_list='--audience', help='The AADAudience ID of the VirtualNetworkGateway.') 2009 c.argument('aad_issuer', options_list='--issuer', help='The AADIssuer URI of the VirtualNetworkGateway.') 2010 2011 with self.argument_context('network vnet-gateway root-cert create') as c: 2012 c.argument('public_cert_data', help='Base64 contents of the root certificate file or file path.', type=file_type, completer=FilesCompleter(), validator=load_cert_file('public_cert_data')) 2013 c.argument('cert_name', help='Root certificate name', options_list=['--name', '-n']) 2014 c.argument('gateway_name', help='Virtual network gateway name') 2015 2016 with self.argument_context('network vnet-gateway revoked-cert create') as c: 2017 c.argument('thumbprint', help='Certificate thumbprint.') 2018 2019 with self.argument_context('network vnet-gateway packet-capture start') as c: 2020 c.argument('filter_data', options_list=['--filter'], help='Data filter.') 2021 2022 with self.argument_context('network vnet-gateway packet-capture stop') as c: 2023 c.argument('sas_url', options_list=['--sas-url'], 2024 help='The SAS url to be used for packet capture.') 2025 2026 with self.argument_context('network vnet-gateway vpn-client') as c: 2027 c.argument('processor_architecture', help='Processor architecture of the target system.', arg_type=get_enum_type(ProcessorArchitecture)) 2028 c.argument('authentication_method', help='Method used to authenticate with the generated client.', arg_type=get_enum_type(AuthenticationMethod)) 2029 c.argument('radius_server_auth_certificate', help='Public certificate data for the Radius server auth certificate in Base-64 format. Required only if external Radius auth has been configured with EAPTLS auth.') 2030 c.argument('client_root_certificates', nargs='+', help='Space-separated list of client root certificate public certificate data in Base-64 format. Optional for external Radius-based auth with EAPTLS') 2031 c.argument('use_legacy', min_api='2017-06-01', help='Generate VPN client package using legacy implementation.', arg_type=get_three_state_flag()) 2032 2033 with self.argument_context('network vnet-gateway disconnect-vpn-connections') as c: 2034 c.argument('vpn_connection_ids', options_list=['--vpn-connections'], nargs='+', 2035 help='List of Name or ID of VPN connections.', 2036 validator=validate_vpn_connection_name_or_id) 2037 2038 with self.argument_context('network vnet-gateway nat-rule', min_api='2021-02-01') as c: 2039 c.argument('name', help='The name of the resource that is unique within a resource group. This name can be used to access the resource.') 2040 c.argument('rule_type', options_list='--type', help='The type of NAT rule for VPN NAT.', arg_type=get_enum_type(VpnNatRuleType)) 2041 c.argument('mode', help='The Source NAT direction of a VPN NAT.', arg_type=get_enum_type(VpnNatRuleMode)) 2042 c.argument('internal_mappings', nargs='+', help='The private IP address internal mapping for NAT.') 2043 c.argument('external_mappings', nargs='+', help='The private IP address external mapping for NAT.') 2044 c.argument('ip_config_id', help='The IP Configuration ID this NAT rule applies to.') 2045 # endregion 2046 2047 # region VirtualNetworkGatewayConnections 2048 with self.argument_context('network vpn-connection') as c: 2049 c.argument('virtual_network_gateway_connection_name', options_list=['--name', '-n'], metavar='NAME', id_part='name', help='Connection name.') 2050 c.argument('shared_key', help='Shared IPSec key.') 2051 c.argument('connection_name', help='Connection name.') 2052 c.argument('routing_weight', type=int, help='Connection routing weight') 2053 c.argument('use_policy_based_traffic_selectors', min_api='2017-03-01', help='Enable policy-based traffic selectors.', arg_type=get_three_state_flag()) 2054 c.argument('express_route_gateway_bypass', min_api='2018-07-01', arg_type=get_three_state_flag(), help='Bypass ExpressRoute gateway for data forwarding.') 2055 c.argument('ingress_nat_rule', nargs='+', help='List of ingress NatRules.', min_api='2021-02-01', is_preview=True) 2056 c.argument('egress_nat_rule', nargs='+', help='List of egress NatRules.', min_api='2021-02-01', is_preview=True) 2057 2058 with self.argument_context('network vpn-connection list') as c: 2059 c.argument('virtual_network_gateway_name', options_list=['--vnet-gateway'], help='Name of the VNet gateway.', completer=get_resource_name_completion_list('Microsoft.Network/virtualNetworkGateways')) 2060 2061 with self.argument_context('network vpn-connection create') as c: 2062 c.argument('connection_name', options_list=['--name', '-n'], metavar='NAME', help='Connection name.') 2063 c.ignore('connection_type') 2064 for item in ['vnet_gateway2', 'local_gateway2', 'express_route_circuit2']: 2065 c.argument(item, arg_group='Destination') 2066 2067 with self.argument_context('network vpn-connection update') as c: 2068 c.argument('enable_bgp', help='Enable BGP (Border Gateway Protocol)', arg_type=get_enum_type(['true', 'false'])) 2069 2070 with self.argument_context('network vpn-connection shared-key') as c: 2071 c.argument('connection_shared_key_name', options_list=['--name', '-n'], id_part='name') 2072 c.argument('virtual_network_gateway_connection_name', options_list='--connection-name', metavar='NAME', id_part='name') 2073 c.argument('key_length', type=int, help='The virtual network connection reset shared key length, should between 1 and 128.') 2074 c.argument('value', help='The virtual network connection shared key value.') 2075 2076 with self.argument_context('network vpn-connection show-device-config-script') as c: 2077 c.argument('vendor', help='The vendor for the VPN device.') 2078 c.argument('device_family', help='The device family for the vpn device.') 2079 c.argument('firmware_version', help='The firmware version for the vpn device.') 2080 2081 with self.argument_context('network vpn-connection packet-capture start') as c: 2082 c.argument('filter_data', options_list=['--filter'], help='Data filter.') 2083 2084 with self.argument_context('network vpn-connection packet-capture stop') as c: 2085 c.argument('sas_url', options_list=['--sas-url'], 2086 help='The SAS url to be used for packet capture on VPN connection.') 2087 2088 with self.argument_context('network vrouter') as c: 2089 c.argument('virtual_router_name', options_list=['--name', '-n'], help='The name of the Virtual Router.') 2090 c.argument('hosted_gateway', 2091 deprecate_info=c.deprecate(redirect='--hosted-subnet', hide=False), 2092 help='Name or ID of the virtual network gateway with ExpressRouter on which VirtualRouter is hosted.', 2093 validator=validate_virtul_network_gateway) 2094 c.argument('hosted_subnet', help='The ID of a subnet where VirtualRouter would be deployed') 2095 2096 with self.argument_context('network vrouter peering') as c: 2097 c.argument('virtual_router_name', options_list=['--vrouter-name'], help='The name of the Virtual Router.') 2098 c.argument('peering_name', options_list=['--name', '-n'], help='The name of the Virtual Router Peering') 2099 c.argument('peer_asn', type=int, help='Peer ASN. Its range is from 1 to 4294967295.') 2100 c.argument('peer_ip', help='Peer IP address.') 2101 2102 with self.argument_context('network routeserver') as c: 2103 c.argument('virtual_hub_name', options_list=['--name', '-n'], id_part='name', 2104 help='The name of the Route Server.') 2105 c.argument('hosted_subnet', help='The ID of a subnet where Route Server would be deployed') 2106 c.argument('allow_branch_to_branch_traffic', options_list=['--allow-b2b-traffic'], 2107 arg_type=get_three_state_flag(), help='Allow branch to branch traffic.') 2108 c.argument('public_ip_address', validator=get_public_ip_validator(), 2109 help='The name or ID of the public IP address.', 2110 completer=get_resource_name_completion_list('Microsoft.Network/publicIPAddresses'), 2111 min_api='2021-02-01') 2112 2113 with self.argument_context('network routeserver create') as c: 2114 c.argument('virtual_hub_name', id_part=None) 2115 2116 with self.argument_context('network routeserver peering') as c: 2117 c.argument('virtual_hub_name', options_list=[ 2118 '--routeserver', c.deprecate(target='--vrouter-name', redirect='--routeserver', hide=True) 2119 ], id_part='name', help='The name of the Route Server.') 2120 c.argument('connection_name', options_list=['--name', '-n'], id_part='child_name_1', 2121 help='The name of the Route Server Peering') 2122 c.argument('peer_asn', type=int, help='Peer ASN. Its range is from 1 to 4294967295.') 2123 c.argument('peer_ip', help='Peer IP address.') 2124 2125 with self.argument_context('network routeserver peering create') as c: 2126 c.argument('virtual_hub_name', id_part=None) 2127 c.argument('connection_name', id_part=None) 2128 2129 with self.argument_context('network routeserver peering list') as c: 2130 c.argument('virtual_hub_name', id_part=None) 2131 2132 for scope in ['vpn-connection', 'vnet-gateway', 'vnet-gateway vpn-client']: 2133 with self.argument_context('network {} ipsec-policy'.format(scope), arg_group='Security Association') as c: 2134 c.argument('sa_data_size_kilobytes', options_list=['--sa-max-size'], type=int, help='The payload size in KB for P2S client.') 2135 c.argument('sa_life_time_seconds', options_list=['--sa-lifetime'], type=int, help='The lifetime in seconds for P2S client.') 2136 with self.argument_context('network {} ipsec-policy'.format(scope), arg_group='IKE Phase 1') as c: 2137 c.argument('dh_group', arg_type=get_enum_type(self.get_models('DhGroup')), 2138 help='The DH Groups used for initial SA.') 2139 c.argument('ipsec_encryption', arg_type=get_enum_type(self.get_models('IpsecEncryption')), 2140 help='The IPSec encryption algorithm.') 2141 c.argument('ipsec_integrity', arg_type=get_enum_type(self.get_models('IpsecIntegrity')), 2142 help='The IPSec integrity algorithm.') 2143 with self.argument_context('network {} ipsec-policy'.format(scope), arg_group='IKE Phase 2') as c: 2144 c.argument('pfs_group', arg_type=get_enum_type(self.get_models('PfsGroup')), 2145 help='The Pfs Groups used for new child SA.') 2146 c.argument('ike_encryption', arg_type=get_enum_type(self.get_models('IkeEncryption')), 2147 help='The IKE encryption algorithm.') 2148 c.argument('ike_integrity', arg_type=get_enum_type(self.get_models('IkeIntegrity')), 2149 help='The IKE integrity algorithm.') 2150 2151 # endregion 2152 2153 # region Remove --ids from listsaz 2154 for scope in ['express-route auth', 'express-route peering']: 2155 with self.argument_context('network {} list'.format(scope)) as c: 2156 c.argument('circuit_name', id_part=None) 2157 2158 with self.argument_context('network nic ip-config list') as c: 2159 c.argument('resource_name', id_part=None) 2160 2161 with self.argument_context('network nsg rule list') as c: 2162 c.argument('network_security_group_name', id_part=None) 2163 2164 with self.argument_context('network route-filter rule list') as c: 2165 c.argument('route_filter_name', id_part=None) 2166 2167 with self.argument_context('network route-table route list') as c: 2168 c.argument('route_table_name', id_part=None) 2169 2170 with self.argument_context('network traffic-manager endpoint list') as c: 2171 c.argument('profile_name', id_part=None) 2172 # endregion 2173 2174 # region Bastion 2175 with self.argument_context('network bastion') as c: 2176 c.argument('bastion_host_name', bastion_host_name_type, options_list=['--name', '-n']) 2177 c.argument('public_ip_address', help='Name or ID of the Azure public IP. The SKU of the public IP must be Standard.', validator=get_public_ip_validator()) 2178 c.argument('virtual_network_name', options_list=['--vnet-name'], help='Name of the virtual network. It must have a subnet called AzureBastionSubnet.', validator=get_subnet_validator()) 2179 c.argument('resource_port', help='Resource port of the target VM to which the bastion will connect.', options_list=['--resource-port']) 2180 c.argument('target_resource_id', help='ResourceId of the target Virtual Machine.', options_list=['--target-resource-id']) 2181 c.ignore('subnet') 2182 for item in ['ssh', 'rdp']: 2183 with self.argument_context('network bastion {}'.format(item)) as c: 2184 c.argument('auth_type', help='Auth type to use for SSH connections.', options_list=['--auth-type']) 2185 c.argument('username', help='User name for SSH connections.', options_list=['--username']) 2186 c.argument('ssh_key', help='SSH key file location for SSH connections.', options_list=['--ssh-key']) 2187 with self.argument_context('network bastion tunnel') as c: 2188 c.argument('port', help='Local port to use for the tunneling.', options_list=['--port']) 2189 c.argument('timeout', help='Timeout for connection to bastion host tunnel.', options_list=['--timeout']) 2190 # endregion 2191 2192 # region security partner provider 2193 with self.argument_context('network security-partner-provider') as c: 2194 SecurityProviderName = self.get_models('SecurityProviderName') 2195 c.argument('security_provider_name', arg_type=get_enum_type(SecurityProviderName), help='The security provider name', options_list=['--provider']) 2196 c.argument('security_partner_provider_name', options_list=['--name', '-n'], help='Name of the Security Partner Provider.') 2197 c.argument('virtual_hub', options_list=['--vhub'], help='Name or ID of the virtual hub to which the Security Partner Provider belongs.', validator=validate_virtual_hub) 2198 # endregion 2199 2200 # region PrivateLinkResource and PrivateEndpointConnection 2201 from azure.cli.command_modules.network.private_link_resource_and_endpoint_connections.custom import TYPE_CLIENT_MAPPING, register_providers 2202 register_providers() 2203 for scope in ['private-link-resource', 'private-endpoint-connection']: 2204 with self.argument_context('network {} list'.format(scope)) as c: 2205 c.argument('name', required=False, help='Name of the resource. If provided, --type and --resource-group must be provided too', options_list=['--name', '-n']) 2206 c.argument('resource_provider', required=False, help='Type of the resource. If provided, --name and --resource-group must be provided too', options_list='--type', arg_type=get_enum_type(TYPE_CLIENT_MAPPING.keys())) 2207 c.argument('resource_group_name', required=False, help='Name of resource group. If provided, --name and --type must be provided too') 2208 c.extra('id', help='ID of the resource', validator=process_private_link_resource_id_argument) 2209 for scope in ['show', 'approve', 'reject', 'delete']: 2210 with self.argument_context('network private-endpoint-connection {}'.format(scope)) as c: 2211 c.extra('connection_id', options_list=['--id'], help='ID of the private endpoint connection', validator=process_private_endpoint_connection_id_argument) 2212 c.argument('approval_description', options_list=['--description', '-d'], help='Comments for the approval.') 2213 c.argument('rejection_description', options_list=['--description', '-d'], 2214 help='Comments for the rejection.') 2215 c.argument('name', required=False, help='Name of the private endpoint connection', 2216 options_list=['--name', '-n']) 2217 c.argument('resource_provider', required=False, help='Type of the resource.', options_list='--type', 2218 arg_type=get_enum_type(TYPE_CLIENT_MAPPING.keys())) 2219 c.argument('resource_group_name', required=False) 2220 c.argument('resource_name', required=False, help='Name of the resource') 2221 # endregion 2222 2223 # region Network Virtual Appliance 2224 with self.argument_context('network virtual-appliance', arg_group='Sku') as c: 2225 c.argument('vendor', help='Virtual Appliance Vendor.') 2226 c.argument('bundled_scale_unit', options_list=['--scale-unit'], help='Virtual Appliance Scale Unit.') 2227 c.argument('market_place_version', options_list=['--version', '-v'], help='Virtual Appliance Version.') 2228 with self.argument_context('network virtual-appliance') as c: 2229 c.argument('network_virtual_appliance_name', help='The name of Network Virtual Appliance', options_list=['--name', '-n']) 2230 c.argument('boot_strap_configuration_blobs', options_list=['--boot-strap-config-blobs', '--boot-blobs'], nargs='+', help='Space-separated list of BootStrapConfigurationBlobs storage URLs.') 2231 c.argument('cloud_init_configuration_blobs', options_list=['--cloud-init-config-blobs', '--cloud-blobs'], nargs='+', help='Space-separated list of CloudInitConfigurationBlob storage URLs.') 2232 c.argument('virtual_hub', options_list=['--vhub'], help='Name or ID of the virtual hub to which the Security Partner Provider belongs.', validator=validate_virtual_hub) 2233 c.argument('cloud_init_configuration', options_list=['--cloud-init-config', '--init-config'], help='CloudInitConfiguration scripts that will be run during cloud initialization') 2234 c.argument('asn', type=int, help='VirtualAppliance ASN. The valid value ranges from 1 to 4294967295. ') 2235 2236 with self.argument_context('network virtual-appliance sku') as c: 2237 c.argument('sku_name', help='The name of Network Virtual Appliance SKU', options_list=['--name', '-n']) 2238 2239 with self.argument_context('network virtual-appliance site') as c: 2240 c.argument('network_virtual_appliance_name', options_list=['--appliance-name']) 2241 c.argument('site_name', help='The name of Network Virtual Appliance Site', options_list=['--name', '-n']) 2242 c.argument('address_prefix', help='Address Prefix of Network Virtual Appliance Site') 2243 with self.argument_context('network virtual-appliance site', arg_group='Breakout of O365') as c: 2244 c.argument('allow', arg_type=get_three_state_flag(), help='Flag to control breakout of o365 allow category.') 2245 c.argument('optimize', arg_type=get_three_state_flag(), help='Flag to control breakout of o365 optimize category.') 2246 c.argument('default', arg_type=get_three_state_flag(), help='Flag to control breakout of o365 default category.') 2247 # endregion 2248