def pre_operations()

in src/azure-firewall/azext_firewall/custom.py [0:0]

• 87 lines of code
• 48 McCabe index (conditional complexity)

    def pre_operations(self):
        args = self.ctx.args
        if has_value(args.public_ip_count) and has_value(args.public_ip):
            raise CLIError(
                'usage error: Cannot add both --public-ip-count and --public-ip at the same time.')
        if has_value(args.sku):
            sku = args.sku.to_serialized_data()
            if sku.lower() == 'azfw_hub':
                if not has_value(args.virtual_hub):
                    raise CLIError(
                        'usage error: virtual hub is mandatory for azure firewall on virtual hub.')
                if not has_value(args.public_ip_count) and not has_value(args.public_ip):
                    raise CLIError(
                        'usage error: One of public-ip or public-ip-count should be provided for azure firewall on virtual hub.')
                if has_value(args.allow_active_ftp):
                    raise CLIError('usage error: allow active ftp is not allowed for azure firewall on virtual hub.')

                if has_value(args.public_ip):
                    args.ip_configurations = [{
                        "name": args.conf_name if has_value(args.conf_name) else "AzureFirewallIpConfiguration0",
                        "public_ip_address": args.public_ip}]

        if has_value(args.firewall_policy) and any([args.enable_dns_proxy, args.dns_servers]):
            raise CLIError('usage error: firewall policy and dns settings cannot co-exist.')

        # validate basic sku firewall
        if has_value(args.tier) and has_value(args.sku):
            tier = args.tier.to_serialized_data()
            if tier.lower() == 'basic' and sku.lower() == 'azfw_vnet' \
                    and not all([args.m_conf_name, args.m_public_ip]):
                err_msg = "When creating Basic SKU firewall, both --m-conf-name and --m-public-ip-address should be provided."
                raise ValidationError(err_msg)

        args.additional_properties = {}
        if has_value(args.private_ranges):
            private_ranges = args.private_ranges.to_serialized_data()
            args.additional_properties['Network.SNAT.PrivateRanges'] = ', '.join(private_ranges)

        if not has_value(args.sku) or sku.lower() == 'azfw_vnet':
            if not has_value(args.firewall_policy):
                if has_value(args.enable_dns_proxy):
                    # service side requires lowercase
                    if args.enable_dns_proxy:
                        args.additional_properties['Network.DNS.EnableProxy'] = 'true'
                    else:
                        args.additional_properties['Network.DNS.EnableProxy'] = 'false'
                if has_value(args.dns_servers):
                    dns_servers = args.dns_servers.to_serialized_data()
                    args.additional_properties['Network.DNS.Servers'] = ','.join(dns_servers or '')

        if has_value(args.allow_active_ftp) and args.allow_active_ftp:
            args.additional_properties['Network.FTP.AllowActiveFTP'] = 'true'

        if has_value(args.enable_fat_flow_logging) and args.enable_fat_flow_logging:
            args.additional_properties['Network.AdditionalLogs.EnableFatFlowLogging'] = 'true'

        if has_value(args.enable_udp_log_optimization) and args.enable_udp_log_optimization:
            args.additional_properties['Network.AdditionalLogs.EnableUdpLogOptimization'] = 'true'

        if has_value(args.route_server_id):
            args.additional_properties['Network.RouteServerInfo.RouteServerID'] = args.route_server_id

        if has_value(args.conf_name) and has_value(args.sku) and sku.lower() == 'azfw_vnet':
            subnet_id = resource_id(
                subscription=get_subscription_id(self.cli_ctx),
                resource_group=args.resource_group,
                namespace='Microsoft.Network',
                type='virtualNetworks',
                name=args.vnet_name,
                child_type_1='subnets',
                child_name_1='AzureFirewallSubnet'
            )
            args.ip_configurations = [{"name": args.conf_name,
                                       "subnet": subnet_id if has_value(subnet_id) else None,
                                       "public_ip_address": args.public_ip if has_value(args.public_ip) else None}]

        if has_value(args.tier) and has_value(args.sku):
            if tier.lower() == 'basic' and sku.lower() == 'azfw_vnet':
                management_subnet_id = resource_id(
                    subscription=get_subscription_id(self.cli_ctx),
                    resource_group=args.resource_group,
                    namespace='Microsoft.Network',
                    type='virtualNetworks',
                    name=args.vnet_name,
                    child_type_1='subnets',
                    child_name_1='AzureFirewallManagementSubnet'
                )
                args.mgmt_ip_conf_subnet = management_subnet_id

        if has_value(args.enable_explicit_proxy):
            args.additional_properties['Network.ExplicitProxy.EnableExplicitProxy'] = args.enable_explicit_proxy
        if has_value(args.http_port):
            args.additional_properties['Network.ExplicitProxy.HttpPort'] = args.http_port
        if has_value(args.https_port):
            args.additional_properties['Network.ExplicitProxy.HttpsPort'] = args.https_port
        if has_value(args.enable_pac_file):
            args.additional_properties['Network.ExplicitProxy.EnablePacFile'] = args.enable_pac_file
        if has_value(args.pac_file_port):
            args.additional_properties['Network.ExplicitProxy.PacFilePort'] = args.pac_file_port
        if has_value(args.pac_file):
            args.additional_properties['Network.ExplicitProxy.PacFile'] = args.pac_file