azure-powershell icon indicating copy to clipboard operation
azure-powershell copied to clipboard
verified publisher icon Azure

Azure Firewall Needs to Support -WhatIf

Open bewatersmsft opened this issue 8 months ago • 7 comments

Description

Currently does not support whatif and executes anyways

https://github.com/Azure/azure-powershell/blob/main/documentation/development-docs/design-guidelines/cmdlet-best-practices.md#shouldprocess

Issue script & Debug output

https://github.com/Azure/azure-powershell/blob/main/documentation/development-docs/design-guidelines/cmdlet-best-practices.md#shouldprocess

Environment data

https://github.com/Azure/azure-powershell/blob/main/documentation/development-docs/design-guidelines/cmdlet-best-practices.md#shouldprocess

Module versions

https://github.com/Azure/azure-powershell/blob/main/documentation/development-docs/design-guidelines/cmdlet-best-practices.md#shouldprocess

Error output

https://github.com/Azure/azure-powershell/blob/main/documentation/development-docs/design-guidelines/cmdlet-best-practices.md#shouldprocess

bewatersmsft avatar Apr 29 '25 06:04 bewatersmsft

I just experienced this with Set-AzFirewallPolicyRuleCollectionGroup The docs say it's supported https://learn.microsoft.com/en-us/powershell/module/az.network/set-azfirewallpolicyrulecollectiongroup?view=azps-13.4.0

JC-wk avatar Apr 29 '25 18:04 JC-wk

@JCFTW I'm from the Firewall team and checked our powershell code and I can see that we did not implement the support for -WhatIf. I added an internal item to track this status so we can approach it. This issue has been linked internally

bewatersmsft avatar Apr 29 '25 20:04 bewatersmsft

Thanks for confirming. A quick win would be to throw an error for now if WhatIf is called until it can be properly implemented if it would take time to implement fully. Yes I did screw over my firewall rules whilst I was testing.

JC-wk avatar Apr 30 '25 07:04 JC-wk

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

microsoft-github-policy-service[bot] avatar May 05 '25 04:05 microsoft-github-policy-service[bot]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @gopimsft, @gimotwanMSFT, @avripintoms.

microsoft-github-policy-service[bot] avatar May 05 '25 04:05 microsoft-github-policy-service[bot]

@JC-wk I feel you. I broke our firewall rules yesterday while testing with az module 14.5.0 — six months after the issue was first reported... @bewatersmsft, could you at least remove -WhatIf support from the command until it's fully implemented, or throw an error as @JC-wk suggested? That could’ve saved me from an incident.

axelbodin avatar Oct 28 '25 09:10 axelbodin

Made a PR to just remove https://github.com/Azure/azure-powershell/pull/28766

bewatersmsft avatar Oct 28 '25 17:10 bewatersmsft