Added Support to Input Multiple Managed Identities and Remove Identity Object from Firewall Policy

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_create.py

@@ -131,17 +131,9 @@ def _build_arguments_schema(cls, *args, **kwargs):
                 minimum=0,
             ),
         )
-        explicit_proxy.https_port = AAZIntArg(
-            options=["https-port"],
-            help="Port number for explicit proxy https protocol, cannot be greater than 64000.",
-            fmt=AAZIntArgFormat(
-                maximum=64000,
-                minimum=0,
-            ),
-        )
         explicit_proxy.pac_file = AAZStrArg(
             options=["pac-file"],
-            help="SAS URL for PAC file.",
+            help="URL for PAC file.",
         )
         explicit_proxy.pac_file_port = AAZIntArg(
             options=["pac-file-port"],
@@ -422,7 +414,6 @@ def content(self):
                 explicit_proxy.set_prop("enableExplicitProxy", AAZBoolType, ".enable_explicit_proxy", typ_kwargs={"nullable": True})
                 explicit_proxy.set_prop("enablePacFile", AAZBoolType, ".enable_pac_file", typ_kwargs={"nullable": True})
                 explicit_proxy.set_prop("httpPort", AAZIntType, ".http_port")
-                explicit_proxy.set_prop("httpsPort", AAZIntType, ".https_port")
                 explicit_proxy.set_prop("pacFile", AAZStrType, ".pac_file")
                 explicit_proxy.set_prop("pacFilePort", AAZIntType, ".pac_file_port")
 
@@ -610,9 +601,6 @@ def _build_schema_on_200_201(cls):
             explicit_proxy.http_port = AAZIntType(
                 serialized_name="httpPort",
             )
-            explicit_proxy.https_port = AAZIntType(
-                serialized_name="httpsPort",
-            )
             explicit_proxy.pac_file = AAZStrType(
                 serialized_name="pacFile",
             )

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_deploy.py

@@ -256,9 +256,6 @@ def _build_schema_on_200(cls):
             explicit_proxy.http_port = AAZIntType(
                 serialized_name="httpPort",
             )
-            explicit_proxy.https_port = AAZIntType(
-                serialized_name="httpsPort",
-            )
             explicit_proxy.pac_file = AAZStrType(
                 serialized_name="pacFile",
             )

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_list.py

@@ -271,9 +271,6 @@ def _build_schema_on_200(cls):
             explicit_proxy.http_port = AAZIntType(
                 serialized_name="httpPort",
             )
-            explicit_proxy.https_port = AAZIntType(
-                serialized_name="httpsPort",
-            )
             explicit_proxy.pac_file = AAZStrType(
                 serialized_name="pacFile",
             )
@@ -626,9 +623,6 @@ def _build_schema_on_200(cls):
             explicit_proxy.http_port = AAZIntType(
                 serialized_name="httpPort",
             )
-            explicit_proxy.https_port = AAZIntType(
-                serialized_name="httpsPort",
-            )
             explicit_proxy.pac_file = AAZStrType(
                 serialized_name="pacFile",
             )

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_show.py

@@ -274,9 +274,6 @@ def _build_schema_on_200(cls):
             explicit_proxy.http_port = AAZIntType(
                 serialized_name="httpPort",
             )
-            explicit_proxy.https_port = AAZIntType(
-                serialized_name="httpsPort",
-            )
             explicit_proxy.pac_file = AAZStrType(
                 serialized_name="pacFile",
             )

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_update.py

@@ -135,18 +135,9 @@ def _build_arguments_schema(cls, *args, **kwargs):
                 minimum=0,
             ),
         )
-        explicit_proxy.https_port = AAZIntArg(
-            options=["https-port"],
-            help="Port number for explicit proxy https protocol, cannot be greater than 64000.",
-            nullable=True,
-            fmt=AAZIntArgFormat(
-                maximum=64000,
-                minimum=0,
-            ),
-        )
         explicit_proxy.pac_file = AAZStrArg(
             options=["pac-file"],
-            help="SAS URL for PAC file.",
+            help="URL for PAC file.",
             nullable=True,
         )
         explicit_proxy.pac_file_port = AAZIntArg(
@@ -162,13 +153,6 @@ def _build_arguments_schema(cls, *args, **kwargs):
         # define Arg Group "Identity Instance"
 
         _args_schema = cls._args_schema
-        _args_schema.identity_type = AAZStrArg(
-            options=["--identity-type"],
-            arg_group="Identity Instance",
-            help="The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.",
-            nullable=True,
-            enum={"None": "None", "SystemAssigned": "SystemAssigned", "SystemAssigned, UserAssigned": "SystemAssigned, UserAssigned", "UserAssigned": "UserAssigned"},
-        )
         _args_schema.user_assigned_identities = AAZDictArg(
             options=["--user-assigned-identities"],
             arg_group="Identity Instance",
@@ -657,12 +641,16 @@ def _update_instance(self, instance):
 
             identity = _builder.get(".identity")
             if identity is not None:
-                identity.set_prop("type", AAZStrType, ".identity_type")
-                identity.set_prop("userAssignedIdentities", AAZDictType, ".user_assigned_identities")
+                identity_type = _builder.get(".identity.type")
+                if identity_type == "None":
+                    identity.set_prop("type", AAZStrType, ".identity_type")
+                else:    
+                    identity.set_prop("type", AAZStrType, ".identity_type")
+                    identity.set_prop("userAssignedIdentities", AAZDictType, ".user_assigned_identities")
 
-            user_assigned_identities = _builder.get(".identity.userAssignedIdentities")
-            if user_assigned_identities is not None:
-                user_assigned_identities.set_elements(AAZObjectType, ".")
+                    user_assigned_identities = _builder.get(".identity.userAssignedIdentities")
+                    if user_assigned_identities is not None:
+                        user_assigned_identities.set_elements(AAZObjectType, ".")
 
             properties = _builder.get(".properties")
             if properties is not None:
@@ -691,7 +679,6 @@ def _update_instance(self, instance):
                 explicit_proxy.set_prop("enableExplicitProxy", AAZBoolType, ".enable_explicit_proxy", typ_kwargs={"nullable": True})
                 explicit_proxy.set_prop("enablePacFile", AAZBoolType, ".enable_pac_file", typ_kwargs={"nullable": True})
                 explicit_proxy.set_prop("httpPort", AAZIntType, ".http_port")
-                explicit_proxy.set_prop("httpsPort", AAZIntType, ".https_port")
                 explicit_proxy.set_prop("pacFile", AAZStrType, ".pac_file")
                 explicit_proxy.set_prop("pacFilePort", AAZIntType, ".pac_file_port")
 
@@ -952,9 +939,6 @@ def _build_schema_firewall_policy_read(cls, _schema):
         explicit_proxy.http_port = AAZIntType(
             serialized_name="httpPort",
         )
-        explicit_proxy.https_port = AAZIntType(
-            serialized_name="httpsPort",
-        )
         explicit_proxy.pac_file = AAZStrType(
             serialized_name="pacFile",
         )

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_wait.py

@@ -272,9 +272,6 @@ def _build_schema_on_200(cls):
             explicit_proxy.http_port = AAZIntType(
                 serialized_name="httpPort",
             )
-            explicit_proxy.https_port = AAZIntType(
-                serialized_name="httpsPort",
-            )
             explicit_proxy.pac_file = AAZStrType(
                 serialized_name="pacFile",
             )

src/azure-firewall/azext_firewall/custom.py

@@ -147,15 +147,6 @@ def _build_arguments_schema(cls, *args, **kwargs):
                 minimum=0,
             ),
         )
-        args_schema.https_port = AAZBoolArg(
-            options=["--https-port"],
-            arg_group="Explicit Proxy",
-            help="Port number for explicit proxy https protocol, cannot be greater than 64000.",
-            fmt=AAZIntArgFormat(
-                maximum=64000,
-                minimum=0,
-            ),
-        )
         args_schema.enable_pac_file = AAZBoolArg(
             options=["--enable-pac-file"],
             arg_group="Explicit Proxy",
@@ -282,8 +273,6 @@ def pre_operations(self):
             args.additional_properties['Network.ExplicitProxy.EnableExplicitProxy'] = args.enable_explicit_proxy
         if has_value(args.http_port):
             args.additional_properties['Network.ExplicitProxy.HttpPort'] = args.http_port
-        if has_value(args.https_port):
-            args.additional_properties['Network.ExplicitProxy.HttpsPort'] = args.https_port
         if has_value(args.enable_pac_file):
             args.additional_properties['Network.ExplicitProxy.EnablePacFile'] = args.enable_pac_file
         if has_value(args.pac_file_port):
@@ -863,30 +852,32 @@ def _output(self, *args, **kwargs):
 class AzureFirewallPoliciesCreate(_AzureFirewallPoliciesCreate):
     @classmethod
     def _build_arguments_schema(cls, *args, **kwargs):
-        from azure.cli.core.aaz import AAZResourceIdArg, AAZResourceIdArgFormat
+        from azure.cli.core.aaz import AAZListArg, AAZResourceIdArg, AAZResourceIdArgFormat
         args_schema = super()._build_arguments_schema(*args, **kwargs)
-        args_schema.identity = AAZResourceIdArg(
+        args_schema.identity = AAZListArg(
             options=['--identity'],
-            help="Name or ID of the ManagedIdentity Resource.",
+            help="Space-separated list of ManagedIdentity Resource IDs."
+        )
+        args_schema.identity.Element = AAZResourceIdArg(
             fmt=AAZResourceIdArgFormat(
-                template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/"
-                         "Microsoft.ManagedIdentity/userAssignedIdentities/{}",
+                template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{}",
             )
         )
         args_schema.base_policy._fmt = AAZResourceIdArgFormat(
             template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network"
                      "/firewallPolicies/{}",
         )
-        args_schema.identity_type._registered = False
+
         args_schema.user_assigned_identities._registered = False
 
         return args_schema
 
     def pre_operations(self):
         args = self.ctx.args
         if has_value(args.identity):
+            identities = [id.to_serialized_data() for id in args.identity]
             args.identity_type = "UserAssigned"
-            args.user_assigned_identities = {args.identity.to_serialized_data(): {}}
+            args.user_assigned_identities = {id: {} for id in identities}
 
         if has_value(args.dns_servers):
             if not has_value(args.enable_dns_proxy):
@@ -896,17 +887,21 @@ def pre_operations(self):
 class AzureFirewallPoliciesUpdate(_AzureFirewallPoliciesUpdate):
     @classmethod
     def _build_arguments_schema(cls, *args, **kwargs):
-        from azure.cli.core.aaz import AAZResourceIdArg, AAZResourceIdArgFormat
+        from azure.cli.core.aaz import AAZListArg, AAZResourceIdArg, AAZResourceIdArgFormat, AAZStrArg
         args_schema = super()._build_arguments_schema(*args, **kwargs)
-        args_schema.identity = AAZResourceIdArg(
+        args_schema.identity = AAZListArg(
             options=['--identity'],
-            help="Name or ID of the ManagedIdentity Resource.",
+            help="Space-separated list of ManagedIdentity Resource IDs."
+        )
+        args_schema.identity.Element = AAZResourceIdArg(
             fmt=AAZResourceIdArgFormat(
-                template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/"
-                         "Microsoft.ManagedIdentity/userAssignedIdentities/{}",
+                template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{}",
             )
         )
-        args_schema.identity_type._registered = False
+        args_schema.identity_type = AAZStrArg(
+            options=['--identity-type'],
+            help="The type of identity used for the firewall policy.Set None to remove the identity."
+        )
         args_schema.user_assigned_identities._registered = False
         args_schema.configuration._registered = False
 
@@ -915,9 +910,13 @@ def _build_arguments_schema(cls, *args, **kwargs):
     def pre_operations(self):
         args = self.ctx.args
         if has_value(args.identity):
+            identities = [id.to_serialized_data() for id in args.identity]
             args.identity_type = "UserAssigned"
-            args.user_assigned_identities = {args.identity.to_serialized_data(): {}}
-        elif args.sku == 'Premium':
+            args.user_assigned_identities = {id: {} for id in identities}
+        elif(has_value(args.identity_type == 'None')):
+            args.identity_type = "None"
+            args.user_assigned_identities = None
+        elif args.sku == 'Basic':
             args.identity_type = "None"
             args.user_assigned_identities = None