Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vnet peering create --allow-vnet-access help text wrong? #9051

Closed
mhyllander opened this issue Apr 10, 2019 · 6 comments · Fixed by #9156
Closed

vnet peering create --allow-vnet-access help text wrong? #9051

mhyllander opened this issue Apr 10, 2019 · 6 comments · Fixed by #9156
Assignees
@tjprescott
Labels
Documentation
Milestone
Sprint 60 (BUILD)

Comments

@mhyllander
Copy link

Describe the bug
It seems to me that the help text for the --allow-vnet-access option of the "az network vnet peering create" command is wrong. I think the effect is the opposite.

To Reproduce
Create two vnets in a resource group, "net-a" and "net-b".

Create a vnet peering:

$ az network vnet peering create --subscription aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --resource-group mhy20190410 --vnet net-a --name net-b-peering --remote-vnet /subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/mhy20190410/providers/Microsoft.Network/virtualNetworks/net-b --allow-vnet-access
{
  "allowForwardedTraffic": false,
  "allowGatewayTransit": false,
  "allowVirtualNetworkAccess": true,
  "etag": "W/\"5c7f3ea1-f893-411f-a593-6f4c2a7a1965\"",
  "id": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/mhy20190410/providers/Microsoft.Network/virtualNetworks/net-a/virtualNetworkPeerings/net-b-peering",
  "name": "net-b-peering",
  "peeringState": "Initiated",
  "provisioningState": "Succeeded",
  "remoteAddressSpace": {
    "addressPrefixes": [
      "10.0.2.0/24"
    ]
  },
  "remoteVirtualNetwork": {
    "id": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourceGroups/mhy20190410/providers/Microsoft.Network/virtualNetworks/net-b",
    "resourceGroup": "mhy20190410"
  },
  "resourceGroup": "mhy20190410",
  "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
  "useRemoteGateways": false
}

The help text for option "--allow-vnet-access" as output by "az network vnet peering create -h" states:

    --allow-vnet-access            : Allows VMs in the remote VNet to access all VMs in the local
                                     VNet.

According to this help text, VMs in net-b will have access to all VMs in net-a.

Whereas the Azure portal displays the following:

VNet peering 2019-04-10 170914

Which indicates that VMs in net-a will have access to VMs in net-b, i.e. the opposite of what the CLI help states.

Expected behavior
I believe the help text for option "--allow-vnet-access" should say the exact opposite.

Environment summary

Additional context
@tjprescott tjprescott added Documentation Network az network vnet/lb/nic/dns/etc... labels Apr 10, 2019
@tjprescott
Copy link
Member

Thanks for the report @mhyllander! I'll take a look.

@tjprescott tjprescott added this to the Sprint 59 milestone Apr 10, 2019
@mhyllander
Copy link
Author

In addition, the help text for option "--allow-forwarded-traffic" says:

    --allow-forwarded-traffic      : Allows forwarded traffic from the VMs in the remote VNet.

This also looks strange. According to the portal:

VNet peering 2019-04-10 172108

This states that the option will allow traffic not originating in net-a to be forwarded to net-b.

@tjprescott tjprescott self-assigned this Apr 17, 2019
@tjprescott tjprescott added Network - NRP Service Attention This issue is responsible by Azure service team. and removed Network az network vnet/lb/nic/dns/etc... labels Apr 17, 2019
@tjprescott
Copy link
Member

@MikhailTryakhov can you give clarification on this? The CLI help was adapted from the help text in the Swagger specs. Here's the text in the Python SDK (which is from the Swagger)

allow_virtual_network_access: Whether the VMs in the linked virtual
     network space would be able to access all the VMs in local Virtual network
     space.
 
 allow_forwarded_traffic: Whether the forwarded traffic from the VMs
     in the remote virtual network will be allowed/disallowed.

If this is incorrect, I'm happy to fix the CLI text, but it should also be fixed in the Swagger.

@MikhailTryakhov
Copy link

@Amo18 can you please fix swagger cause you are an owner of Vnets

@tjprescott
Copy link
Member

@Amo18 if I can get confirmation on whether Swagger or Portal is correct, I can make the update in CLI if needed.

@Am018
Copy link

Am018 commented Apr 18, 2019

Agreed, this needs to be fixed in the Swagger document.

@MikhailTryakhov MikhailTryakhov mentioned this issue Apr 18, 2019
Merged
5 tasks
@tjprescott tjprescott added Network az network vnet/lb/nic/dns/etc... and removed Network - NRP Service Attention This issue is responsible by Azure service team. labels Apr 18, 2019
@tjprescott tjprescott mentioned this issue Apr 19, 2019
Merged
1 task
yugangw-msft pushed a commit that referenced this issue Apr 23, 2019
@tjprescott @yugangw-msft
Fix VNET peering help text #9051. (#9156)
00d4ce5
@yrro yrro mentioned this issue Aug 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tjprescott tjprescott

Labels
Documentation
Projects
None yet
Milestone
Sprint 60 (BUILD)
Development

Successfully merging a pull request may close this issue.

[Network] Fix VNET peering help text
5 participants
@MikhailTryakhov @mhyllander @tjprescott @haroldrandom @Am018