Azure · msJinLei · Apr 1, 2020 · Jan 30, 2020 · Jan 30, 2020 · Mar 31, 2020
diff --git a/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestriction.json b/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestriction.json
diff --git a/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionScm.json b/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionScm.json
diff --git a/...ebsites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionSlot.json b/...ebsites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionSlot.json
diff --git a/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestGetWebAppAccessRestriction.json b/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestGetWebAppAccessRestriction.json
diff --git a/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestriction.json b/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestriction.json
diff --git a/...sites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestrictionScm.json b/...sites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestrictionScm.json
diff --git a/...s.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionComplex.json b/...s.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionComplex.json
diff --git a/...es.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionSimple.json b/...es.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionSimple.json
diff --git a/src/Websites/Websites/Cmdlets/AccessRestriction/AddAzureWebAppAccessRestrictionRule.cs b/src/Websites/Websites/Cmdlets/AccessRestriction/AddAzureWebAppAccessRestrictionRule.cs
@@ -17,13 +17,8 @@
 using System.Management.Automation;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.WebSites.Models;
-using System;
 using Microsoft.Azure.Commands.WebApps.Utilities;
-using System.Linq;
-using Microsoft.Azure.Commands.Common.Authentication;
-using Microsoft.Azure.Management.Internal.Network.Version2017_10_01;
-using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
-using Microsoft.Azure.Management.Monitor.Version2018_09_01.Models;
+using System;
 
 namespace Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps
 {
@@ -53,9 +48,9 @@ public class AddAzureWebAppAccessRestrictionRuleCmdlet : WebAppBaseClientCmdLet
         [ValidateNotNullOrEmpty]
         public string WebAppName { get; set; }
 
-        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
-        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
-        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
+        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
+        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
+        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
         [ValidateNotNullOrEmpty]
         public string Name { get; set; }
 
@@ -68,15 +63,14 @@ public class AddAzureWebAppAccessRestrictionRuleCmdlet : WebAppBaseClientCmdLet
         [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = true, HelpMessage = "Access Restriction priority. E.g.: 500.")]
         [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = true, HelpMessage = "Access Restriction priority. E.g.: 500.")]
         [ValidateNotNullOrEmpty]
-        [ValidateRange(100, 65000)]
         public uint Priority { get; set; }
 
-        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = true, HelpMessage = "Allow or Deny rule.")]
-        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = true, HelpMessage = "Allow or Deny rule.")]
-        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = true, HelpMessage = "Allow or Deny rule.")]
+        [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = false, HelpMessage = "Allow or Deny rule.")]
+        [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = false, HelpMessage = "Allow or Deny rule.")]
+        [Parameter(ParameterSetName = SubnetIdParameterSet, Mandatory = false, HelpMessage = "Allow or Deny rule.")]
         [ValidateNotNullOrEmpty]
         [ValidateSet("Allow", "Deny")]
-        public string Action { get; set; }
+        public string Action { get; set; } = "Allow";
 
         [Parameter(ParameterSetName = IpAddressParameterSet, Mandatory = false, HelpMessage = "Deployment Slot name.")]
         [Parameter(ParameterSetName = SubnetNameParameterSet, Mandatory = false, HelpMessage = "Deployment Slot name.")]
@@ -121,29 +115,12 @@ public override void ExecuteCmdlet()
                 SiteConfig siteConfig = webApp.SiteConfig;
                 var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
                 IpSecurityRestriction ipSecurityRestriction = null;
-                bool accessRestrictionExists = false;
                 int intPriority = checked((int)Priority);
                 switch (ParameterSetName)
                 {
-                    case IpAddressParameterSet:                        
-                        foreach (var accessRestriction in accessRestrictionList)
-                        {
-                            if (accessRestriction.IpAddress != null && 
-                                accessRestriction.IpAddress == IpAddress && 
-                                accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
-                            {
-                                accessRestrictionExists = true;
-                                accessRestriction.Name = Name;
-                                accessRestriction.Priority = intPriority;
-                                accessRestriction.Description = Description;
-                                break;
-                            }
-                        }
-                        if (!accessRestrictionExists)
-                        {
-                            ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description);
-                            accessRestrictionList.Add(ipSecurityRestriction);
-                        }
+                    case IpAddressParameterSet:                    
+                        ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description);
+                        accessRestrictionList.Add(ipSecurityRestriction);                        
                         break;
 
                     case SubnetNameParameterSet:
@@ -158,29 +135,13 @@ public override void ExecuteCmdlet()
                         {
                             CmdletHelpers.VerifySubnetDelegation(subnetResourceId);
                         }
-                        foreach (var accessRestriction in accessRestrictionList)
-                        {
-                            if (accessRestriction.VnetSubnetResourceId != null &&
-                                accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && 
-                                accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
-                            {
-                                accessRestrictionExists = true;
-                                accessRestriction.Name = Name;
-                                accessRestriction.Priority = intPriority;
-                                accessRestriction.Description = Description;
-                                break;
-                            }
-                        }
-                        if (!accessRestrictionExists)
-                        {
-                            ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description);
-                            accessRestrictionList.Add(ipSecurityRestriction);
-                        }                   
+
+                        ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description);
+                        accessRestrictionList.Add(ipSecurityRestriction);                                           
                         break;
                 }
 
-                string updateAction = accessRestrictionExists ? "Updating" : "Adding";
-                if (ShouldProcess(WebAppName, $"{updateAction} Access Restriction Rule '{Name}' for Web App '{WebAppName}'"))
+                if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'"))
                 {
                     // Update web app configuration
                     WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);

diff --git a/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs b/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs
@@ -17,7 +17,7 @@
 using System.Management.Automation;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.WebSites.Models;
-using Microsoft.Azure.Management.Internal.Network.Version2017_10_01.Models;
+using Microsoft.Azure.Commands.WebApps.Utilities;
 
 namespace Microsoft.Azure.Commands.WebApps.Cmdlets.WebApps
 {
@@ -38,25 +38,46 @@ public class RemoveAzureWebAppAccessRestrictionRuleCmdlet : WebAppBaseClientCmdL
         [ValidateNotNullOrEmpty]
         public string WebAppName { get; set; }
 
-        [Parameter(Mandatory = true, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]        
+        [Parameter(Mandatory = false, HelpMessage = "Access Restriction rule name. E.g.: DeveloperWorkstation.")]
         [ValidateNotNullOrEmpty]
         public string Name { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Allow or Deny rule.")]
+        [ValidateNotNullOrEmpty]
+        [ValidateSet("Allow", "Deny")]
+        public string Action { get; set; } = "Allow";
+
         [Parameter(Mandatory = false, HelpMessage = "Rule is aimed for Main site or Scm site.")]
         [ValidateNotNullOrEmpty]
         public SwitchParameter TargetScmSite { get; set; }
 
         [Parameter(Mandatory = false, HelpMessage = "Deployment Slot name.")]
         public string SlotName { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Ip Address v4 or v6 CIDR range. E.g.: 192.168.0.0/24")]
+        [ValidateNotNullOrEmpty]
+        public string IpAddress { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Name of Subnet.")]
+        [ValidateNotNullOrEmpty]
+        public string SubnetName { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Name of Virtual Network (must be in same resource group as Web App).")]
+        [ValidateNotNullOrEmpty]
+        public string VirtualNetworkName { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "ResourceId of Subnet.")]
+        [ValidateNotNullOrEmpty]
+        public string SubnetId { get; set; }
+
         [Parameter(Mandatory = false, HelpMessage = "Return the access restriction config object.")]
         public SwitchParameter PassThru { get; set; }
 
         public override void ExecuteCmdlet()
         {
             if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
             {
-                if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule '{Name}' from Web App '{WebAppName}'"))
+                if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule from Web App '{WebAppName}'"))
                 {
                     var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
                     SiteConfig siteConfig = webApp.SiteConfig;
@@ -66,12 +87,44 @@ public override void ExecuteCmdlet()
 
                     foreach (var accessRestriction in accessRestrictionList)
                     {
-                        if (accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                        if (!string.IsNullOrWhiteSpace(Name))
+                        {
+                            if (!string.IsNullOrWhiteSpace(accessRestriction.Name) &&  accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                            {
+                                ipSecurityRestriction = accessRestriction;
+                                accessRestrictionExists = true;
+                                break;
+                            }
+                        }
+                        else if (!string.IsNullOrWhiteSpace(IpAddress))
                         {
-                            ipSecurityRestriction = accessRestriction;
-                            accessRestrictionExists = true;
-                            break;
+                            if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == IpAddress.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                            {
+                                if (!string.IsNullOrWhiteSpace(Name))                                
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())                                    
+                                        continue;                                    
+
+                                ipSecurityRestriction = accessRestriction;
+                                accessRestrictionExists = true;
+                                break;
+                            }
                         }
+                        else if (!string.IsNullOrWhiteSpace(SubnetId) || (!string.IsNullOrWhiteSpace(SubnetName) && !string.IsNullOrWhiteSpace(VirtualNetworkName)))
+                        {
+                            var subnet = !string.IsNullOrWhiteSpace(SubnetId) ? SubnetId : SubnetName;
+                            var subnetResourceId = CmdletHelpers.ValidateSubnet(subnet, VirtualNetworkName, ResourceGroupName, DefaultContext.Subscription.Id);
+                            if (!string.IsNullOrWhiteSpace(accessRestriction.VnetSubnetResourceId) && accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                            {
+                                if (!string.IsNullOrWhiteSpace(Name))
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
+                                        continue;
+
+                                ipSecurityRestriction = accessRestriction;
+                                accessRestrictionExists = true;
+                                break;
+                            }
+                        }
+
                     }
                     if (accessRestrictionExists)
                     {

diff --git a/src/Websites/Websites/help/Add-AzWebAppAccessRestrictionRule.md b/src/Websites/Websites/help/Add-AzWebAppAccessRestrictionRule.md
@@ -13,24 +13,24 @@ Adds an Access Restiction rule to an Azure Web App.
 
 ### IpAddressParameterSet (Default)
 ```
-Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> -Name <String>
- [-Description <String>] -Priority <UInt32> -Action <String> [-SlotName <String>] [-TargetScmSite]
+Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> [-Name <String>]
+ [-Description <String>] -Priority <UInt32> [-Action <String>] [-SlotName <String>] [-TargetScmSite]
  -IpAddress <String> [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
 
 ### SubnetNameParameterSet
 ```
-Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> -Name <String>
- [-Description <String>] -Priority <UInt32> -Action <String> [-SlotName <String>] [-TargetScmSite]
+Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> [-Name <String>]
+ [-Description <String>] -Priority <UInt32> [-Action <String>] [-SlotName <String>] [-TargetScmSite]
  -SubnetName <String> -VirtualNetworkName <String> [-IgnoreMissingServiceEndpoint] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### SubnetIdParameterSet
 ```
-Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> -Name <String>
- [-Description <String>] -Priority <UInt32> -Action <String> [-SlotName <String>] [-TargetScmSite]
+Add-AzWebAppAccessRestrictionRule [-ResourceGroupName] <String> [-WebAppName] <String> [-Name <String>]
+ [-Description <String>] -Priority <UInt32> [-Action <String>] [-SlotName <String>] [-TargetScmSite]
  -SubnetId <String> [-IgnoreMissingServiceEndpoint] [-PassThru] [-DefaultProfile <IAzureContextContainer>]
  [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
@@ -67,9 +67,9 @@ Parameter Sets: (All)
 Aliases:
 Accepted values: Allow, Deny
 
-Required: True
+Required: False
 Position: Named
-Default value: None
+Default value: Allow
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
@@ -142,7 +142,7 @@ Type: System.String
 Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False