in pkg/azure/client.go [227:278]
func (az *azClient) BuildPolicy(erulesList azurefirewallrulesv1.AzureFirewallRulesList, erulesSourceAddresses map[string][]string) (err error) {
ruleCollections := BuildFirewallConfig(erulesList, erulesSourceAddresses)
fwRuleCollectionGrpObj := &n.FirewallPolicyRuleCollectionGroup{
FirewallPolicyRuleCollectionGroupProperties: &(n.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Int32Ptr(az.fwPolicyRuleCollectionGroupPriority),
RuleCollections: ruleCollections,
}),
}
if az.configIsSame(fwRuleCollectionGrpObj) {
klog.Info("cache: Config has NOT changed! No need to connect to ARM.")
return
}
configJSON, _ := dumpSanitizedJSON(fwRuleCollectionGrpObj)
klog.Infof("Generated config:\n%s", string(configJSON))
//Poll for policy provisioning state and update the policy if the provisioning state is not "Updating"
isPolicyInUpdatingState := false
for {
fwPolicyObj, err := az.fwPolicyClient.Get(az.ctx, string(az.resourceGroupName), az.fwPolicyName, &a.FirewallPoliciesClientGetOptions{Expand: nil})
if err != nil || *fwPolicyObj.Properties.ProvisioningState != a.ProvisioningStateUpdating {
break
} else {
if !isPolicyInUpdatingState {
klog.Info("FW Policy is in the Updating state, waiting for the update to complete.....")
isPolicyInUpdatingState = true
}
}
}
// Initiate deployment
klog.Info("BEGIN firewall policy deployment")
fwRuleCollectionGrp, err1 := az.fwPolicyRuleCollectionGroupClient.CreateOrUpdate(az.ctx, string(az.resourceGroupName), az.fwPolicyName, az.fwPolicyRuleCollectionGroupName, *fwRuleCollectionGrpObj)
err1 = fwRuleCollectionGrp.WaitForCompletionRef(az.ctx, az.fwPolicyRuleCollectionGroupClient.BaseClient.Client)
// Cache Phase //
// ----------- //
if err1 != nil {
az.configCache = nil
klog.Error("Error updating the Firewall Policy: ", err1)
return
}
klog.Info("cache: Updated with latest applied config.")
az.updateCache(fwRuleCollectionGrpObj)
klog.Info("Applied generated firewall policy configuration.....")
return
}