Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az network nic ip-config update command is overwriting existing applicationSecurityGroups #27936

Open
OlafHaalstra opened this issue Nov 28, 2023 · 3 comments
Open

az network nic ip-config update command is overwriting existing applicationSecurityGroups #27936

OlafHaalstra opened this issue Nov 28, 2023 · 3 comments
Assignees
@necusjz
Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. Network az network vnet/lb/nic/dns/etc... question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Backlog

Comments

@OlafHaalstra
Copy link

Describe the bug

When running:

az network nic ip-config update --name ipconfig1 --nice-name "NIC-Name" --resource-group rg-name --add "applicationSecurityGroups" "id=/subscription/.../asg-name"

The result is that only 1 ASG is now part of the NIC instead of being added to the list (overwrite instead of add)

I also tried explicitly adding it to an index but that doesn't exist:

az network nic ip-config update --name ipconfig1 --nice-name "NIC-Name" --resource-group rg-name --add "applicationSecurityGroups[0]" "id=/subscription/.../asg-name"

Related command

az network nic ip-config update --name ipconfig1 --nice-name "NIC-Name" --resource-group rg-name --add "applicationSecurityGroups" "id=/subscription/.../asg-name"

Errors

index 0 doesn't exist on applicationSecurityGroups

Issue script & Debug output

Redacted for sensitivity, can be provided later if required

Expected behavior

Should not delete existing ASGs

Environment Summary

az --version
azure-cli 2.54.0

core 2.54.0
telemetry 1.1.0

Extensions:
datafactory 0.10.0

Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2

Python location '/opt/homebrew/Cellar/azure-cli/2.54.0/libexec/bin/python'
Extensions directory '/Users/user/.azure/cliextensions'

Python (Darwin) 3.11.6 (main, Oct 2 2023, 13:45:54) [Clang 15.0.0 (clang-1500.0.40.1)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response
@OlafHaalstra OlafHaalstra added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Nov 28, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. Network az network vnet/lb/nic/dns/etc... labels Nov 28, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Nov 28, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Nov 28, 2023

Thank you for opening this issue, we will look into it.

@yonzhan yonzhan added this to the Backlog milestone Nov 28, 2023
@yonzhan yonzhan removed the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Nov 28, 2023
@necusjz
Copy link
Member

necusjz commented Nov 29, 2023

A workable solution:

Directly use --asgs, e.g., az network nic ip-config update -n ipconfig1 -g {rg} --nic-name {nic_name} --asgs {asg_name1} {asg_name2}...

az network nic show -n {nic_name} -g {rg} can get the complete list of asgs.

@OlafHaalstra
Copy link
Author

OlafHaalstra commented Dec 2, 2023
edited
Loading

A workable solution:

Directly use --asgs, e.g., az network nic ip-config update -n ipconfig1 -g {rg} --nic-name {nic_name} --asgs {asg_name1} {asg_name2}...

az network nic show -n {nic_name} -g {rg} can get the complete list of asgs.

In that case you still have to pass all the already existing ASGs, correct? It defeats the purpose of having an add function in that case.

You proposed solution also works with the --add parameter, as long as you specify all the prior existing ASGs. My current solution is:

NEW_ASG="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.Network/applicationSecurityGroups/new-asg"

NEW_ASGS=$(az network nic ip-config show \
    --name ipconfig1 \
    --nic-name "nic-$NAME" \
    --resource-group $RESOURCEGROUP \
    --query "applicationSecurityGroups" | jq ". + [{id: \"$NEW_ASG\", resourceGroup: \"$RESOURCEGROUP\"}]" | jq ".")

az network nic ip-config update --name ipconfig1 --nic-name "nic-$NAME" \
    --resource-group $RESOURCEGROUP \
    --set application_security_groups="$NEW_ASGS"

Here I'm using --set since that is more explicit what is happening, but currently using --add would yield the same result.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@necusjz necusjz

Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. Network az network vnet/lb/nic/dns/etc... question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@OlafHaalstra @necusjz @yonzhan