feat: add firewall steps#1198
Conversation
Add CreateFirewall (public IP + firewall + IP config, exports FWPRIVATE_IP) and UpdateFirewallPolicy (applies rule JSON via az rest PUT with dynamic location substitution) to lib/steps/azure. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
xinWeiWei24
requested review from
liyu-ma,
vittoriasalim and
wonderyl
as code owners
| AzCli(serviceConnection, "Create firewall ${name}", script) | ||
| } | ||
|
|
||
| UpdateFirewallPolicy = lambda serviceConnection: str, resourceGroup: str, name: str, subscription: str, policyPath: str, location: str -> steps.Step { |
There was a problem hiding this comment.
nit: prefer subscription to come before resourceGroup in param order
resourceGroup: str, name: str, subscription
There was a problem hiding this comment.
Thanks! changed
| sed 's|"location": "[^"]*"|"location": "${location}"|g' "${policyPath}" > "$POLICY_TMP" | ||
| az rest \\ | ||
| --method put \\ | ||
| --uri "https://management.azure.com/subscriptions/${subscription}/resourceGroups/${resourceGroup}/providers/Microsoft.Network/azureFirewalls/${name}?api-version=2023-09-01" \\ |
There was a problem hiding this comment.
api-version seems pretty old, do we want to pin to this version?
There was a problem hiding this comment.
change to AI suggested newer and stable version: 2025-01-01
| --name "${name}" \\ | ||
| --subscription "${subscription}" \\ | ||
| --query "ipConfigurations[0].privateIPAddress" -o tsv) | ||
| echo "##vso[task.setvariable variable=FWPRIVATE_IP]$FWPRIVATE_IP" |
There was a problem hiding this comment.
Nit (as in another PR): would it be better let user to specify name
There was a problem hiding this comment.
Added exportVar to specify the export parameter name
| AzCli(serviceConnection, "Create firewall ${name}", script) | ||
| } | ||
|
|
||
| UpdateFirewallPolicy = lambda serviceConnection: str, subscription: str, resourceGroup: str, name: str, policyPath: str, location: str -> steps.Step { |
There was a problem hiding this comment.
how do you use this funciton?
There was a problem hiding this comment.
It’s called in pipelines with a firewall policy json file path input
| @@ -0,0 +1,51 @@ | |||
| import azure_pipelines.ap.steps | |||
|
|
|||
| CreateFirewall = lambda serviceConnection: str, subscription: str, resourceGroup: str, name: str, location: str, vnetName: str, publicIpName: str, exportVar: str = "FWPRIVATE_IP" -> steps.Step { | |||
There was a problem hiding this comment.
FWPRIVATE_IP please avoid using abbr. FW to make it easier to read.
| @@ -0,0 +1,51 @@ | |||
| import azure_pipelines.ap.steps | |||
|
|
|||
| CreateFirewall = lambda serviceConnection: str, subscription: str, resourceGroup: str, name: str, location: str, vnetName: str, publicIpName: str, exportVar: str = "FWPRIVATE_IP" -> steps.Step { | |||
There was a problem hiding this comment.
This is a great example that you encapsulate a few steps into one function and only expose a small interface.
4 participants
Add CreateFirewall (public IP + firewall + IP config, exports FWPRIVATE_IP) and UpdateFirewallPolicy (applies rule JSON via az rest PUT with dynamic location substitution) to lib/steps/azure.