Merge pull request #9406 from Azure/waf-add-transforms

Add transforms to WAF match condition object (and other new auto-complete values)

Author: markcowl

src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.ps1

@@ -22,14 +22,15 @@ function Test-PolicyCrud
     $resourceGroup = TestSetup-CreateResourceGroup
     $resourceGroupName = $resourceGroup.ResourceGroupName
     $tags = @{"tag1" = "value1"; "tag2" = "value2"}
-    $matchCondition1 = New-AzFrontDoorWafMatchConditionObject -MatchVariable RequestHeader -OperatorProperty Contains -Selector "UserAgent" -MatchValue "Windows"
+    $matchCondition1 = New-AzFrontDoorWafMatchConditionObject -MatchVariable RequestHeader -OperatorProperty Contains -Selector "UserAgent" -MatchValue "WINDOWS" -Transform "Uppercase"
     $customRule1 = New-AzFrontDoorWafCustomRuleObject -Name "Rule1" -RuleType MatchRule -MatchCondition $matchCondition1 -Action Block -Priority 2
 
     $ruleOverride = New-AzFrontDoorWafManagedRuleOverrideObject -RuleId "942100" -Action Log
     $override1 = New-AzFrontDoorWafRuleGroupOverrideObject -RuleGroupName SQLI -ManagedRuleOverride $ruleOverride
-    $managedRule1 = New-AzFrontDoorWafManagedRuleObject -Type DefaultRuleSet -Version "preview-0.1" -RuleGroupOverride $override1
+    $managedRule1 = New-AzFrontDoorWafManagedRuleObject -Type DefaultRuleSet -Version "1.0" -RuleGroupOverride $override1
+    $managedRule2 = New-AzFrontDoorWafManagedRuleObject -Type BotProtection -Version "preview-0.1"
 
-    New-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName -Customrule $customRule1 -ManagedRule $managedRule1 -EnabledState Enabled -Mode Prevention
+    New-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName -Customrule $customRule1 -ManagedRule $managedRule1,$managedRule2 -EnabledState Enabled -Mode Prevention
 
     $retrievedPolicy = Get-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName 
     Assert-NotNull $retrievedPolicy
@@ -38,7 +39,16 @@ function Test-PolicyCrud
     Assert-AreEqual $customRule1.RuleType $retrievedPolicy.CustomRules[0].RuleType
     Assert-AreEqual $customRule1.Action $retrievedPolicy.CustomRules[0].Action
     Assert-AreEqual $customRule1.Priority $retrievedPolicy.CustomRules[0].Priority
+    Assert-AreEqual $matchCondition1.MatchVariable $retrievedPolicy.CustomRules[0].MatchConditions[0].MatchVariable
+    Assert-AreEqual $matchCondition1.Selector $retrievedPolicy.CustomRules[0].MatchConditions[0].Selector
+    Assert-AreEqual $matchCondition1.OperatorProperty $retrievedPolicy.CustomRules[0].MatchConditions[0].OperatorProperty
+    Assert-AreEqual $matchCondition1.MatchValue[0] $retrievedPolicy.CustomRules[0].MatchConditions[0].MatchValue[0]
+    Assert-AreEqual $matchCondition1.Transform[0] $retrievedPolicy.CustomRules[0].MatchConditions[0].Transform[0]
     Assert-AreEqual $managedRule1.RuleGroupOverrides[0].ManagedRuleOverrides[0].Action $retrievedPolicy.ManagedRules[0].RuleGroupOverrides[0].ManagedRuleOverrides[0].Action
+    Assert-AreEqual $managedRule1.RuleSetType $retrievedPolicy.ManagedRules[0].RuleSetType
+    Assert-AreEqual $managedRule1.RuleSetVersion $retrievedPolicy.ManagedRules[0].RuleSetVersion
+    Assert-AreEqual $managedRule2.RuleSetType $retrievedPolicy.ManagedRules[1].RuleSetType
+    Assert-AreEqual $managedRule2.RuleSetVersion $retrievedPolicy.ManagedRules[1].RuleSetVersion
 
     $customRule2 = New-AzFrontDoorWafCustomRuleObject -Name "Rule2" -RuleType MatchRule -MatchCondition $matchCondition1 -Action Log -Priority 2
     $updatedPolicy = Update-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName -Customrule $customRule2
@@ -64,14 +74,15 @@ function Test-PolicyCrudWithPiping
     $resourceGroup = TestSetup-CreateResourceGroup
     $resourceGroupName = $resourceGroup.ResourceGroupName
     $tag = @{"tag1" = "value1"; "tag2" = "value2"}
-    $matchCondition1 = New-AzFrontDoorWafMatchConditionObject -MatchVariable RequestHeader -OperatorProperty Contains -Selector "UserAgent" -MatchValue "Windows"
+    $matchCondition1 = New-AzFrontDoorWafMatchConditionObject -MatchVariable RequestHeader -OperatorProperty Contains -Selector "UserAgent" -MatchValue "WINDOWS" -Transform "Uppercase"
     $customRule1 = New-AzFrontDoorWafCustomRuleObject -Name "Rule1" -RuleType MatchRule -MatchCondition $matchCondition1 -Action Block -Priority 2
 
     $ruleOverride = New-AzFrontDoorWafManagedRuleOverrideObject -RuleId "942100" -Action Log
     $override1 = New-AzFrontDoorWafRuleGroupOverrideObject -RuleGroupName SQLI -ManagedRuleOverride $ruleOverride
-    $managedRule1 = New-AzFrontDoorWafManagedRuleObject -Type DefaultRuleSet -Version "preview-0.1" -RuleGroupOverride $override1
+    $managedRule1 = New-AzFrontDoorWafManagedRuleObject -Type DefaultRuleSet -Version "1.0" -RuleGroupOverride $override1
+    $managedRule2 = New-AzFrontDoorWafManagedRuleObject -Type BotProtection -Version "preview-0.1"
 
-    New-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName -Customrule $customRule1 -ManagedRule $managedRule1 -EnabledState Enabled -Mode Prevention
+    New-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName -Customrule $customRule1 -ManagedRule $managedRule1,$managedRule2 -EnabledState Enabled -Mode Prevention
 
     $customRule2 = New-AzFrontDoorWafCustomRuleObject -Name "Rule2" -RuleType MatchRule -MatchCondition $matchCondition1 -Action Log -Priority 2
     $updatedPolicy = Get-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName | Update-AzFrontDoorWafPolicy -Customrule $customRule2

src/FrontDoor/FrontDoor.Test/SessionRecords/Microsoft.Azure.Commands.FrontDoor.Test.ScenarioTests.ScenarioTest.WebApplicationFireWallPolicyTests/TestPolicyCrud.json

@@ -18,6 +18,10 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* New-AzFrontDoorWafMatchConditionObject
+    - Add transforms support and new operator auto-complete value (RegEx)
+* New-AzFrontDoorWafManagedRuleObject
+    - Add new auto-complete values
 
 ## Version 1.0.0
 * Rename WAF cmdlets to include 'Waf'

src/FrontDoor/FrontDoor.Test/SessionRecords/Microsoft.Azure.Commands.FrontDoor.Test.ScenarioTests.ScenarioTest.WebApplicationFireWallPolicyTests/TestPolicyCrudWithPiping.json

@@ -30,14 +30,14 @@ public class NewAzureRmFrontDoorWafManagedRuleObject : AzureFrontDoorCmdletBase
         /// Type of the ruleset (e.g.: DefaultRuleSet)
         /// </summary>
         [Parameter(Mandatory = true, HelpMessage = "Type of the ruleset")]
-        [PSArgumentCompleter("DefaultRuleSet")]
+        [PSArgumentCompleter("BotProtection", "DefaultRuleSet")]
         public string Type { get; set; }
 
         /// <summary>
         /// Version of the ruleset (e.g.: preview-0.1)
         /// </summary>
         [Parameter(Mandatory = true, HelpMessage = "Version of the ruleset")]
-        [PSArgumentCompleter("preview-0.1")]
+        [PSArgumentCompleter("1.0", "preview-0.1")]
         public string Version { get; set; }
 
         /// <summary>

src/FrontDoor/FrontDoor/ChangeLog.md

@@ -43,8 +43,8 @@ public class NewAzureRmFrontDoorWafMatchConditionObject : AzureFrontDoorCmdletBa
         /// 'Contains', 'LessThan', 'GreaterThan', 'LessThanOrEqual',
         /// 'GreaterThanOrEqual', 'BeginsWith', 'EndsWith'
         /// </summary>
-        [Parameter(Mandatory = true, HelpMessage = "Describes operator to be matched. Possible values include: 'Any', 'IPMatch', 'GeoMatch', 'Equal', 'Contains', 'LessThan', 'GreaterThan', 'LessThanOrEqual', 'GreaterThanOrEqual', 'BeginsWith', 'EndsWith''")]
-        [PSArgumentCompleter("Any", "IPMatch", "GeoMatch", "Equal", "Contains", "LessThan", "GreaterThan", "LessThanOrEqual", "GreaterThanOrEqual", "BeginsWith", "EndsWith")]
+        [Parameter(Mandatory = true, HelpMessage = "Describes operator to be matched. Possible values include: 'Any', 'IPMatch', 'GeoMatch', 'Equal', 'Contains', 'LessThan', 'GreaterThan', 'LessThanOrEqual', 'GreaterThanOrEqual', 'BeginsWith', 'EndsWith', 'RegEx'")]
+        [PSArgumentCompleter("Any", "IPMatch", "GeoMatch", "Equal", "Contains", "LessThan", "GreaterThan", "LessThanOrEqual", "GreaterThanOrEqual", "BeginsWith", "EndsWith", "RegEx")]
         public string OperatorProperty { get; set; }
 
         /// <summary>
@@ -65,6 +65,13 @@ public class NewAzureRmFrontDoorWafMatchConditionObject : AzureFrontDoorCmdletBa
         [Parameter(Mandatory = false, HelpMessage = "Describes if this is negate condition or not. Default value is false")]
         public bool NegateCondition { get; set; }
 
+        /// <summary>
+        /// Tranforms value.
+        /// </summary>
+        [Parameter(Mandatory = false, HelpMessage = "Transforms to apply. Possible values include: 'Lowercase', 'Uppercase', 'Trim', 'UrlDecode', 'UrlEncode', 'RemoveNulls'.")]
+        [PSArgumentCompleter("Lowercase", "Uppercase", "Trim", "UrlDecode", "UrlEncode", "RemoveNulls")]
+        public string[] Transform { get; set; }
+
         public override void ExecuteCmdlet()
         {
             ValidateArguments();
@@ -75,7 +82,8 @@ public override void ExecuteCmdlet()
                 MatchValue = MatchValue?.ToList(),
                 NegateCondition = !this.IsParameterBound(c => c.NegateCondition) ? false : NegateCondition,
                 OperatorProperty = OperatorProperty,
-                Selector = Selector
+                Selector = Selector,
+                Transform = Transform?.ToList()
             };
             WriteObject(matchCondition);
         }

src/FrontDoor/FrontDoor/Cmdlets/NewAzureRmFrontDoorWafManagedRuleObject.cs

@@ -393,6 +393,7 @@ public static PSMatchCondition ToPSMatchCondition(this sdkMatchCondition sdkMatc
                 OperatorProperty = sdkMatchCondition.OperatorProperty,
                 Selector = sdkMatchCondition.Selector,
                 NegateCondition = sdkMatchCondition.NegateCondition,
+                Transform = sdkMatchCondition.Transforms?.ToList()
             };
         }
 
@@ -432,7 +433,8 @@ public static sdkMatchCondition ToSdkMatchCondition(this PSMatchCondition psMatc
                 MatchVariable = psMatchCondition.MatchVariable,
                 NegateCondition = psMatchCondition.NegateCondition,
                 Selector = psMatchCondition.Selector,
-                OperatorProperty = psMatchCondition.OperatorProperty
+                OperatorProperty = psMatchCondition.OperatorProperty,
+                Transforms = psMatchCondition.Transform
             };
         }
 

src/FrontDoor/FrontDoor/Cmdlets/NewAzureRmFrontDoorWafMatchConditionObject.cs

@@ -28,5 +28,7 @@ public class PSMatchCondition
         public string Selector { get; set; }
 
         public bool? NegateCondition { get; set; }
+
+        public List<string> Transform { get; set; }
     }
 }

src/FrontDoor/FrontDoor/Helpers/ModelExtensions.cs

@@ -20,12 +20,12 @@ Enable HTTPS for a custom domain using Front Door managed certificate or using o
 ### [Get-AzFrontDoor](Get-AzFrontDoor.md)
 Get Front Door load balancer
 
-### [Get-AzFrontDoorWafPolicy](Get-AzFrontDoorWafPolicy.md)
-Get WAF policy
-
 ### [Get-AzFrontDoorFrontendEndpoint](Get-AzFrontDoorFrontendEndpoint.md)
 Get a front door frontend endpoint.
 
+### [Get-AzFrontDoorWafPolicy](Get-AzFrontDoorWafPolicy.md)
+Get WAF policy
+
 ### [New-AzFrontDoor](New-AzFrontDoor.md)
 Create a new Azure Front Door load balancer
 
@@ -35,12 +35,6 @@ Create a PSBackend object
 ### [New-AzFrontDoorBackendPoolObject](New-AzFrontDoorBackendPoolObject.md)
 Create a PSBackendPool object for Front Door creation
 
-### [New-AzFrontDoorWafCustomRuleObject](New-AzFrontDoorWafCustomRuleObject.md)
-Create CustomRule Object for WAF policy creation
-
-### [New-AzFrontDoorWafPolicy](New-AzFrontDoorWafPolicy.md)
-Create WAF policy
-
 ### [New-AzFrontDoorFrontendEndpointObject](New-AzFrontDoorFrontendEndpointObject.md)
 Create a PSFrontendEndpoint Object for Front Door creation
 
@@ -50,6 +44,12 @@ Create a PSHealthProbeSetting object for Front Door creation
 ### [New-AzFrontDoorLoadBalancingSettingObject](New-AzFrontDoorLoadBalancingSettingObject.md)
 Create a PSLoadBalancingSetting object for Front Door creation
 
+### [New-AzFrontDoorRoutingRuleObject](New-AzFrontDoorRoutingRuleObject.md)
+Create a PSRoutingRuleObject for Front Door creation
+
+### [New-AzFrontDoorWafCustomRuleObject](New-AzFrontDoorWafCustomRuleObject.md)
+Create CustomRule Object for WAF policy creation
+
 ### [New-AzFrontDoorWafManagedRuleObject](New-AzFrontDoorWafManagedRuleObject.md)
 Create ManagedRule Object for WAF policy creation
 
@@ -59,8 +59,8 @@ Create managed rule override object
 ### [New-AzFrontDoorWafMatchConditionObject](New-AzFrontDoorWafMatchConditionObject.md)
 Create MatchCondition Object for WAF policy creation
 
-### [New-AzFrontDoorRoutingRuleObject](New-AzFrontDoorRoutingRuleObject.md)
-Create a PSRoutingRuleObject for Front Door creation
+### [New-AzFrontDoorWafPolicy](New-AzFrontDoorWafPolicy.md)
+Create WAF policy
 
 ### [New-AzFrontDoorWafRuleGroupOverrideObject](New-AzFrontDoorWafRuleGroupOverrideObject.md)
 Create RuleGroupOverride Object for WAF policy creation

src/FrontDoor/FrontDoor/Models/PSMatchCondition.cs

@@ -13,9 +13,9 @@ Create MatchCondition Object for WAF policy creation
 ## SYNTAX
 
 ```
-New-AzFrontDoorWafMatchConditionObject -MatchVariable <String> -OperatorProperty <String> [-MatchValue <String[]>]
- [-Selector <String>] [-NegateCondition <Boolean>] [-DefaultProfile <IAzureContextContainer>]
- [<CommonParameters>]
+New-AzFrontDoorWafMatchConditionObject -MatchVariable <String> -OperatorProperty <String>
+ [-MatchValue <String[]>] [-Selector <String>] [-NegateCondition <Boolean>] [-Transform <String[]>]
+ [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -28,9 +28,19 @@ Create MatchCondition Object for WAF policy creation
 PS C:\> New-AzFrontDoorWafMatchConditionObject -MatchVariable RequestHeader -OperatorProperty Contains -Selector "User-Agent" -MatchValue "Windows"
 
 
-MatchVariable OperatorProperty MatchValue Selector   NegateCondition
-------------- ---------------- ---------- --------   ---------------
-RequestHeader         Contains {Windows}  User-Agent           False
+MatchVariable OperatorProperty MatchValue Selector   NegateCondition Transform
+------------- ---------------- ---------- --------   --------------- ---------
+RequestHeader Contains         {Windows}  User-Agent           False
+```
+
+### Example 2
+```powershell
+PS C:\> New-AzFrontDoorWafMatchConditionObject -MatchVariable RequestHeader -OperatorProperty Contains -Selector "User-Agent" -MatchValue "WINDOWS" -Transform Uppercase
+
+
+MatchVariable OperatorProperty MatchValue Selector   NegateCondition Transform
+------------- ---------------- ---------- --------   --------------- ---------
+RequestHeader Contains         {WINDOWS}  User-Agent           False {Uppercase}
 ```
 
 Create a MatchCondition object
@@ -101,7 +111,7 @@ Accept wildcard characters: False
 
 ### -OperatorProperty
 Describes operator to be matched.
-Possible values include: 'Any', 'IPMatch', 'GeoMatch', 'Equal', 'Contains', 'LessThan', 'GreaterThan', 'LessThanOrEqual', 'GreaterThanOrEqual', 'BeginsWith', 'EndsWith''
+Possible values include: 'Any', 'IPMatch', 'GeoMatch', 'Equal', 'Contains', 'LessThan', 'GreaterThan', 'LessThanOrEqual', 'GreaterThanOrEqual', 'BeginsWith', 'EndsWith', 'RegEx'
 
 ```yaml
 Type: System.String
@@ -130,6 +140,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Transform
+Transforms to apply. Possible values include: 'Lowercase', 'Uppercase', 'Trim', 'UrlDecode', 'UrlEncode', 'RemoveNulls'.
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).