az network firewall policy rule-collection-group collection rule add

[jdjames1]

Describe the bug

trying to add a new collection rule via azcli using azure shell fails with a "Cannot find corresponding rule."

documentation appears to be incorrect - https://learn.microsoft.com/en-us/cli/azure/network/firewall/policy/rule-collection-group/collection/rule?view=azure-cli-latest#az-network-firewall-policy-rule-collection-group-collection-rule-add

as --name and --rcg-name have the same description so its unclear what it should be.

within the json template it looks like this

---

        "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups",
        "apiVersion": "2023-11-01",
        "name": "[concat(parameters('firewallPolicies_AzFwPolTest_name'), '/testing312')]",
        "location": "uksouth",
        "dependsOn": [
            "[resourceId('Microsoft.Network/firewallPolicies', parameters('firewallPolicies_AzFwPolTest_name'))]

---

so a concat of the policy name and the actual name

Related command

az network firewall policy rule-collection-group collection rule add --collection-name TestRules --name testing1312 --policy-name $firewallPolicyName --resource-group $resourceGroupName --rcg-name testing312 --rule-type NetworkRule

Errors

"Cannot find corresponding rule."

Issue script & Debug output

cli.knack.cli: Command arguments: ['network', 'firewall', 'policy', 'rule-collection-group', 'collection', 'rule', 'add', '--collection-name', 'TestRules', '--name', 'testing1312', '--policy-name', 'AzFwPolTest', '--resource-group', 'AZFirewallTesting', '--rcg-name', 'testing312', '--rule-type', 'NetworkRule', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f77745bc160>, <function OutputProducer.on_global_arguments at 0x7f77744d6d30>, <function CLIQuery.on_global_arguments at 0x7f777446c310>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_firewall']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: network 0.776 115 353
cli.azure.cli.core: privatedns 0.023 14 60
cli.azure.cli.core: Total (2) 0.799 129 413
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: ai-examples 0.105 1 1 /usr/lib/python3.9/site-packages/azure-cli-extensions/ai-examples
cli.azure.cli.core: azure-firewall 0.037 16 61 /home//.azure/cliextensions/azure-firewall
cli.azure.cli.core: Total (2) 0.142 17 62
cli.azure.cli.core: Loaded 144 groups, 475 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : network firewall policy rule-collection-group collection rule add
cli.azure.cli.core: Command table: network firewall policy rule-collection-group collection rule add
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f777391d820>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home//.azure/commands/2024-05-23.14-44-26.network_firewall_policy_rule-collection-group_collection_rule_add.11697.log'.
az_command_data_logger: command args: network firewall policy rule-collection-group collection rule add --collection-name {} --name {} --policy-name {} --resource-group {} --rcg-name {} --rule-type {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f77738c5430>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f77738ec430>, <function register_cache_arguments..add_cache_arguments at 0x7f777388f310>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f77744d6dc0>, <function CLIQuery.handle_query_parameter at 0x7f777446c3a0>, <function register_ids_argument..parse_ids_arguments at 0x7f777388f280>]
az_command_data_logger: extension name: azure-firewall
az_command_data_logger: extension version: 1.0.1
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342
urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 200 2284
msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://management.core.windows.net/'}
cli.azure.cli.core.auth.adal_authentication: MSIAuthenticationWrapper.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342
urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 200 2284
msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://management.core.windows.net/'}
cli.azure.cli.core.auth.adal_authentication: Normalize expires_on: '1716479762' -> 1716479762
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/**/resourceGroups/AZFirewallTesting/providers/Microsoft.Network/firewallPolicies/AzFwPolTest/ruleCollectionGroups/testing312?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network firewall policy rule-collection-group collection rule add'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--collection-name --name --policy-name --resource-group --rcg-name --rule-type --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (RPM) azsdk-python-core/1.28.0 Python/3.9.19 (Linux-5.10.102.2-microsoft-standard-x86_64-with-glibc2.35) cloud-shell/1.0'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions//resourceGroups/AZFirewallTesting/providers/Microsoft.Network/firewallPolicies/AzFwPolTest/ruleCollectionGroups/testing312?api-version=2022-01-01 HTTP/1.1" 200 740
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '740'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'ETag': '"e53a2253-db6c-4652-bf67-ea13cfc85e4a"'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11999'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '8588b8ac-2300-401c-a444-34421cf5a1a9'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '8588b8ac-2300-401c-a444-34421cf5a1a9'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTEUROPE:20240523T144426Z:8588b8ac-2300-401c-a444-34421cf5a1a9'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 687E0A00538F4CDE8FD225302A84AF08 Ref B: AMS231020614031 Ref C: 2024-05-23T14:44:26Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Thu, 23 May 2024 14:44:26 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"properties": {
"size": "0.00131321 MB",
"priority": 101,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"action": {
"type": "Allow"
},
"rules": [],
"name": "rulestesting312",
"priority": 102
}
],
"provisioningState": "Succeeded"
},
"id": "/subscriptions//resourceGroups/AZFirewallTesting/providers/Microsoft.Network/firewallPolicies/AzFwPolTest/ruleCollectionGroups/testing312",
"name": "testing312",
"type": "Microsoft.Network/FirewallPolicies/RuleCollectionGroups",
"etag": "e53a2253-db6c-4652-bf67-ea13cfc85e4a",
"location": "uksouth"
}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 664, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 712, in _run_job
result = LongRunningOperation(cmd_copy.cli_ctx, 'Starting {}'.format(cmd_copy.name))(result)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 1039, in call
result = poller.result()
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_poller.py", line 108, in result
self.wait(timeout)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 76, in wrapper_use_tracer
return func(*args, kwargs)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_poller.py", line 130, in wait
raise self._exception
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/aaz/_poller.py", line 83, in _start
for polling_method in self._polling_generator:
File "/home//.azure/cliextensions/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/rule_collection_group/_update.py", line 643, in _execute_operations
self.pre_instance_update(self.ctx.vars.instance)
File "/home/*/.azure/cliextensions/azure-firewall/azext_firewall/custom.py", line 1727, in pre_instance_update
raise CLIError("Cannot find corresponding rule.")
knack.util.CLIError: Cannot find corresponding rule.

cli.azure.cli.core.azclierror: Cannot find corresponding rule.
az_command_data_logger: Cannot find corresponding rule.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f777391da60>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 1.889 seconds (init: 0.175, invoke: 1.714)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4245 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/**/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

Expected behavior

collection rule to be created.

Environment Summary

azure-cli 2.61.0

core 2.61.0
telemetry 1.1.0

Extensions:
ai-examples 0.2.5
azure-firewall 1.0.1
ml 2.26.0
ssh 2.0.3

Dependencies:
msal 1.28.0
azure-mgmt-resource 23.1.1

Python location '/usr/bin/python3.9'
Extensions directory '/home/jonathan/.azure/cliextensions'
Extensions system directory '/usr/lib/python3.9/site-packages/azure-cli-extensions'

Python (Linux) 3.9.19 (main, Mar 28 2024, 18:56:59)
[GCC 11.2.0]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.