Remove range for Priority, handle empty name and remove by subnet/ip

Author: madsd

src/Websites/Websites/Cmdlets/AccessRestriction/AddAzureWebAppAccessRestrictionRule.cs

@@ -24,6 +24,7 @@
 using Microsoft.Azure.Management.Internal.Network.Version2017_10_01;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Management.Monitor.Version2018_09_01.Models;
+using System.ComponentModel;
 
 namespace Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps
 {
@@ -53,9 +54,9 @@ public class AddAzureWebAppAccessRestrictionRuleCmdlet : WebAppBaseClientCmdLet
         [ValidateNotNullOrEmpty]
         public string WebAppName { get; set; }
 
-        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
-        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
-        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
+        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
+        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
+        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
         [ValidateNotNullOrEmpty]
         public string Name { get; set; }
 
@@ -68,14 +69,14 @@ public class AddAzureWebAppAccessRestrictionRuleCmdlet : WebAppBaseClientCmdLet
         [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = true, HelpMessage = "Access Restriction priority. E.g.: 500.")]
         [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = true, HelpMessage = "Access Restriction priority. E.g.: 500.")]
         [ValidateNotNullOrEmpty]
-        [ValidateRange(100, 65000)]
         public uint Priority { get; set; }
 
-        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = true, HelpMessage = "Allow or Deny rule.")]
-        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = true, HelpMessage = "Allow or Deny rule.")]
-        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = true, HelpMessage = "Allow or Deny rule.")]
+        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = false, HelpMessage = "Allow or Deny rule.")]
+        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = false, HelpMessage = "Allow or Deny rule.")]
+        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = false, HelpMessage = "Allow or Deny rule.")]
         [ValidateNotNullOrEmpty]
         [ValidateSet("Allow", "Deny")]
+        [DefaultValue("Allow")]
         public string Action { get; set; }
 
         [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = false, HelpMessage = "Deployment Slot name.")]
@@ -121,29 +122,12 @@ public override void ExecuteCmdlet()
                 SiteConfig siteConfig = webApp.SiteConfig;
                 var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
                 IpSecurityRestriction ipSecurityRestriction = null;
-                bool accessRestrictionExists = false;
                 int intPriority = checked((int)Priority);
                 switch (ParameterSetName)
                 {
-                    case IpAddressParameterSet:                        
-                        foreach (var accessRestriction in accessRestrictionList)
-                        {
-                            if (accessRestriction.IpAddress != null && 
-                                accessRestriction.IpAddress == IpAddress && 
-                                accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
-                            {
-                                accessRestrictionExists = true;
-                                accessRestriction.Name = Name;
-                                accessRestriction.Priority = intPriority;
-                                accessRestriction.Description = Description;
-                                break;
-                            }
-                        }
-                        if (!accessRestrictionExists)
-                        {
-                            ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description);
-                            accessRestrictionList.Add(ipSecurityRestriction);
-                        }
+                    case IpAddressParameterSet:                    
+                        ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description);
+                        accessRestrictionList.Add(ipSecurityRestriction);                        
                         break;
 
                     case SubnetNameParameterSet:
@@ -158,29 +142,13 @@ public override void ExecuteCmdlet()
                         {
                             CmdletHelpers.VerifySubnetDelegation(subnetResourceId);
                         }
-                        foreach (var accessRestriction in accessRestrictionList)
-                        {
-                            if (accessRestriction.VnetSubnetResourceId != null &&
-                                accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && 
-                                accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
-                            {
-                                accessRestrictionExists = true;
-                                accessRestriction.Name = Name;
-                                accessRestriction.Priority = intPriority;
-                                accessRestriction.Description = Description;
-                                break;
-                            }
-                        }
-                        if (!accessRestrictionExists)
-                        {
-                            ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description);
-                            accessRestrictionList.Add(ipSecurityRestriction);
-                        }                   
+                        
+                        ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description);
+                        accessRestrictionList.Add(ipSecurityRestriction);                                           
                         break;
                 }
 
-                string updateAction = accessRestrictionExists ? "Updating" : "Adding";
-                if (ShouldProcess(WebAppName, $"{updateAction} Access Restriction Rule '{Name}' for Web App '{WebAppName}'"))
+                if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'"))
                 {
                     // Update web app configuration
                     WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);

src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs

@@ -18,6 +18,8 @@
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.WebSites.Models;
 using Microsoft.Azure.Management.Internal.Network.Version2017_10_01.Models;
+using Microsoft.Azure.Commands.WebApps.Utilities;
+using System.ComponentModel;
 
 namespace Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps
 {
@@ -38,25 +40,47 @@ public class RemoveAzureWebAppAccessRestrictionRuleCmdlet : WebAppBaseClientCmdL
         [ValidateNotNullOrEmpty]
         public string WebAppName { get; set; }
 
-        [Parameter(Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]        
+        [Parameter(Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
         [ValidateNotNullOrEmpty]
         public string Name { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Allow or Deny rule.")]
+        [ValidateNotNullOrEmpty]
+        [ValidateSet("Allow", "Deny")]
+        [DefaultValue("Allow")]
+        public string Action { get; set; }
+
         [Parameter(Mandatory = false, HelpMessage = "Rule is aimed for Main site or Scm site.")]
         [ValidateNotNullOrEmpty]
         public SwitchParameter TargetScmSite { get; set; }
 
         [Parameter(Mandatory = false, HelpMessage = "Deployment Slot name.")]
         public string SlotName { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Ip Address v4 or v6 CIDR range. E.g.: 192.168.0.0/24")]
+        [ValidateNotNullOrEmpty]
+        public string IpAddress { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Name of Subnet.")]
+        [ValidateNotNullOrEmpty]
+        public string SubnetName { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Name of Virtual Network (must be in same resource group as Web App).")]
+        [ValidateNotNullOrEmpty]
+        public string VirtualNetworkName { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "ResourceId of Subnet.")]
+        [ValidateNotNullOrEmpty]
+        public string SubnetId { get; set; }
+
         [Parameter(Mandatory = false, HelpMessage = "Return the access restriction config object.")]
         public SwitchParameter PassThru { get; set; }
 
         public override void ExecuteCmdlet()
         {
             if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
             {
-                if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule '{Name}' from Web App '{WebAppName}'"))
+                if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule from Web App '{WebAppName}'"))
                 {
                     var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
                     SiteConfig siteConfig = webApp.SiteConfig;
@@ -66,12 +90,44 @@ public override void ExecuteCmdlet()
 
                     foreach (var accessRestriction in accessRestrictionList)
                     {
-                        if (accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                        if (!string.IsNullOrWhiteSpace(Name))
+                        {
+                            if (!string.IsNullOrWhiteSpace(accessRestriction.Name) &&  accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                            {
+                                ipSecurityRestriction = accessRestriction;
+                                accessRestrictionExists = true;
+                                break;
+                            }
+                        }
+                        else if (!string.IsNullOrWhiteSpace(IpAddress))
                         {
-                            ipSecurityRestriction = accessRestriction;
-                            accessRestrictionExists = true;
-                            break;
+                            if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == IpAddress.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                            {
+                                if (!string.IsNullOrWhiteSpace(Name))                                
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())                                    
+                                        continue;                                    
+                                
+                                ipSecurityRestriction = accessRestriction;
+                                accessRestrictionExists = true;
+                                break;
+                            }
                         }
+                        else if (!string.IsNullOrWhiteSpace(SubnetId) || (!string.IsNullOrWhiteSpace(SubnetName) && !string.IsNullOrWhiteSpace(VirtualNetworkName)))
+                        {
+                            var subnet = !string.IsNullOrWhiteSpace(SubnetId) ? SubnetId : SubnetName;
+                            var subnetResourceId = CmdletHelpers.ValidateSubnet(subnet, VirtualNetworkName, ResourceGroupName, DefaultContext.Subscription.Id);
+                            if (!string.IsNullOrWhiteSpace(accessRestriction.VnetSubnetResourceId) && accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                            {
+                                if (!string.IsNullOrWhiteSpace(Name))
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                                        continue;
+
+                                ipSecurityRestriction = accessRestriction;
+                                accessRestrictionExists = true;
+                                break;
+                            }
+                        }
+
                     }
                     if (accessRestrictionExists)
                     {

src/Websites/Websites/help/Add-AzWebAppAccessRestrictionRule.md

@@ -13,24 +13,24 @@ Adds an Access Restiction rule to an Azure Web App.
 
 ### IpAddressParameterSet (Default)
 ```
-Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> -Name <String>
- [-Description <String>] -Priority <UInt32> -Action <String> [-SlotName <String>] [-TargetScmSite]
+Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> [-Name <String>]
+ [-Description <String>] -Priority <UInt32> [-Action <String>] [-SlotName <String>] [-TargetScmSite]
  -IpAddress <String> [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
 
 ### SubnetNameParameterSet
 ```
-Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> -Name <String>
- [-Description <String>] -Priority <UInt32> -Action <String> [-SlotName <String>] [-TargetScmSite]
+Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> [-Name <String>]
+ [-Description <String>] -Priority <UInt32> [-Action <String>] [-SlotName <String>] [-TargetScmSite]
  -SubnetName <String> -VirtualNetworkName <String> [-IgnoreMissingServiceEndpoint] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### SubnetIdParameterSet
 ```
-Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> -Name <String>
- [-Description <String>] -Priority <UInt32> -Action <String> [-SlotName <String>] [-TargetScmSite]
+Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> [-Name <String>]
+ [-Description <String>] -Priority <UInt32> [-Action <String>] [-SlotName <String>] [-TargetScmSite]
  -SubnetId <String> [-IgnoreMissingServiceEndpoint] [-PassThru] [-DefaultProfile <IAzureContextContainer>]
  [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
@@ -67,9 +67,9 @@ Parameter Sets: (All)
 Aliases:
 Accepted values: Allow, Deny
 
-Required: True
+Required: False
 Position: Named
-Default value: None
+Default value: Allow
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
@@ -142,7 +142,7 @@ Type: System.String
 Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False

src/Websites/Websites/help/Remove-AzWebAppAccessRestrictionRule.md

@@ -12,9 +12,10 @@ Removes an Access Restriction rule from an Azure Web App.
 ## SYNTAX
 
 ```
-Remove-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> -Name <String>
- [-TargetScmSite] [-SlotName <String>] [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
- [-Confirm] [<CommonParameters>]
+Remove-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> [-Name <String>]
+ [-Action <String>] [-TargetScmSite] [-SlotName <String>] [-IpAddress <String>] [-SubnetName <String>]
+ [-VirtualNetworkName <String>] [-SubnetId <String>] [-PassThru] [-DefaultProfile <IAzureContextContainer>]
+ [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -31,6 +32,22 @@ This command removes the IpRule access restriction rule from Azure Web App named
 
 ## PARAMETERS
 
+### -Action
+Allow or Deny rule.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+Accepted values: Allow, Deny
+
+Required: False
+Position: Named
+Default value: Allow
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -DefaultProfile
 The credentials, account, tenant, and subscription used for communication with azure.
 
@@ -46,6 +63,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -IpAddress
+Ip Address v4 or v6 CIDR range. E.g.: 192.168.0.0/24
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Name
 Access Restriction Rule Name
 
@@ -54,7 +86,7 @@ Type: System.String
 Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
@@ -106,6 +138,36 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -SubnetId
+ResourceId of Subnet.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -SubnetName
+Name of Subnet.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -TargetScmSite
 Rule is aimed for Main site or Scm site.
 
@@ -121,6 +183,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -VirtualNetworkName
+Name of Virtual Network (must be in same resource group as Web App).
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -WebAppName
 The name of the web app.