Azcli fails to create FrontDoor WAF Policy

See original GitHub issue

Describe the bug

Command Name az network front-door waf-policy create Extension Name: front-door. Version: 1.0.17. az-cli fails to create the azure front-door WAF policy with the latest version.

Errors:

(BadRequest) WebApplicationFirewallPolicy validation failed. More information "Policy ArmResourceId has incorrect formatting".
Code: BadRequest
Message: WebApplicationFirewallPolicy validation failed. More information "Policy ArmResourceId has incorrect formatting".

Debug logs (With confidential data removed):

cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/XXXXX/resourceGroups/XXXXXX/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/XXXXXXX?api-version=2020-11-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
cli.azure.cli.core.sdk.policies:     'Content-Length': '230'
cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': 'XXXXXXXX'
cli.azure.cli.core.sdk.policies:     'CommandName': 'network front-door waf-policy create'
cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--name --resource-group --mode --sku --request-body-check --debug'
cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.43.0 (HOMEBREW) azsdk-python-mgmt-frontdoor/1.0.0 Python/3.10.8 (macOS-12.6.1-x86_64-i386-64bit)'
cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"location": "global", "sku": {"name": "Premium_AzureFrontDoor"}, "properties": {"policySettings": {"enabledState": "Enabled", "mode": "Detection", "requestBodyCheck": "Enabled"}, "customRules": {"rules": []}, "managedRules": {}}}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/XXXXX/resourceGroups/XXXXXX/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/XXXXXXX?api-version=2020-11-01 HTTP/1.1" 400 179
cli.azure.cli.core.sdk.policies: Response status: 400
cli.azure.cli.core.sdk.policies: Response headers:
....
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
  "error": {
    "code": "BadRequest",
    "message": "WebApplicationFirewallPolicy validation failed. More information \"Policy ArmResourceId has incorrect formatting\"."
  }
}

To Reproduce:

Steps to reproduce the behaviour. Note that argument values have been redacted, as they may contain sensitive information.

  • az network front-door waf-policy create --name {} --resource-group {} --mode {} --sku {} --request-body-check {} --debug

Expected Behavior

Front door policy is created

Environment Summary

macOS-12.6.1-x86_64-i386-64bit, Darwin 21.6.0
Python 3.10.8
Installer: HOMEBREW

azure-cli 2.43.0

Extensions:
front-door 1.0.17
azure-firewall 0.14.4
log-analytics-solution 0.1.1
aks-preview 0.5.118
logic 0.1.6
azure-devops 0.25.0
storage-preview 0.8.3
sentinel 0.2.0
ssh 1.1.3
log-analytics 0.2.2
scheduled-query 0.5.1

Dependencies:
msal 1.20.0
azure-mgmt-resource 21.1.0b1

Additional Context

Issue Analytics

  • State:closed
  • Created 9 months ago
  • Comments:9 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
alsastrecommented, Dec 12, 2022

I am not trying to manage the Azure Front Door but create WAF Policies for Front door (Microsoft.Network/frontdoorWebApplicationFirewallPolicies)

0reactions
navba-MSFTcommented, Dec 20, 2022

@alsastre Thanks for getting back. We have filed the above PR to include the proper help message to the waf-policy name parameter to mention - “Name must begin with a letter and contain only letters and numbers.

Read more comments on GitHub >

github_iconTop Results From Across the Web

az network front-door waf-policy - Microsoft Learn
This reference is part of the front-door extension for the Azure CLI (version 2.0.68 or higher). The extension will automatically install the first...
Read more >
Managing Azure Front Door with the Azure CLI
Before we can assign the new WAF policy, we first need to find out the resource id. Then we can assign it to...
Read more >
Azure Front Door Standard/Premium - Tips, Tricks, and ...
This isn't made clear by the UI error ( Failed to delete the custom domain(s) ) or the CLI error ( (BadRequest) Property...
Read more >
Advanced access restriction scenarios in Azure App Service
Run az afd profile create to create an Azure Front Door profile. ... Azure CLI for Azure Front Door WAF Policy, visit Front...
Read more >
Unable to fetch the Get-AzDiagnosticSetting via powershell in ...
... for the front door using remote PowerShell & from Azure CLI. AzureCLI Cmdlet: az monitor diagnostic-settings show --resource-group ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found