From 04c76ba89d8f3f06373aa2453cfadc7ba82011b5 Mon Sep 17 00:00:00 2001 From: JasonYeMSFT Date: Tue, 28 Nov 2023 16:00:32 -0800 Subject: [PATCH] Improve warning message on firewall error (#2215) * Improve warning message on firewall error * Include tested IP address in warning message --- src/postgres/tree/ClientConfigFactory.ts | 11 ++++++++++- src/postgres/tree/PostgresServerTreeItem.ts | 6 ++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/postgres/tree/ClientConfigFactory.ts b/src/postgres/tree/ClientConfigFactory.ts index 271f5b92..3b65467a 100644 --- a/src/postgres/tree/ClientConfigFactory.ts +++ b/src/postgres/tree/ClientConfigFactory.ts @@ -68,8 +68,17 @@ export class PostgresClientConfigFactory { } else if (parsedError.errorType === firewallNotConfiguredErrorType || parsedError.errorType === timeoutErrorType) { // The time out error are common when the firewall rules doesn't grant access from the current IP address. // If the client is blocked by the firewall, let the user go to Azure Portal to grant access. + const publicIp = PostgresServerTreeItem.ipAddr; + let ipMessage: string; + if (publicIp !== undefined) { + ipMessage = localize("ipAlreadyInFirewall", "The IP address '{0}' already exists in the firewall rules.", publicIp); + } else { + // The code should never reach here but handle it just in case. + ipMessage = "Your IP address is already in the firewall rules."; + } + const configureFirewallMessage = localize("mustConfigureFirewall", "Some network environments may not report the actual public-facing IP address needed to access your server. Contact your network administrator to add the actual IP address to the firewall rules."); throw { - message: localize("mustConfigureFirewall", 'Must configure firewall from Azure Portal to grant access.'), + message: `${ipMessage} ${configureFirewallMessage}`, code: firewallNotConfiguredErrorType }; } else { diff --git a/src/postgres/tree/PostgresServerTreeItem.ts b/src/postgres/tree/PostgresServerTreeItem.ts index 20e7dbe7..30e7e41d 100644 --- a/src/postgres/tree/PostgresServerTreeItem.ts +++ b/src/postgres/tree/PostgresServerTreeItem.ts @@ -38,6 +38,8 @@ interface IPersistedServer { export class PostgresServerTreeItem extends AzExtParentTreeItem { public static contextValue: string = "postgresServer"; public static serviceName: string = "ms-azuretools.vscode-azuredatabases.postgresPasswords"; + public static ipAddr: string | undefined; + public readonly contextValue: string = PostgresServerTreeItem.contextValue; public readonly childTypeLabel: string = "Database"; public readonly serverType: PostgresServerType; @@ -225,6 +227,10 @@ export class PostgresServerTreeItem extends AzExtParentTreeItem { const client: AbstractPostgresClient = await createAbstractPostgresClient(serverType, [context, this.subscription]); const results: SingleModels.FirewallRule[] = (await uiUtils.listAllIterator(client.firewallRules.listByServer(nonNullProp(this, 'resourceGroup'), nonNullProp(this, 'azureName')))); const publicIp: string = await getPublicIp(context); + + // Cache/update the ip address for potential error reporting. + PostgresServerTreeItem.ipAddr = publicIp; + return isIpInRanges(publicIp, results); } catch (error) { // We cannot get the firewall rules from attached databases because we cannot get the subscription object.