Added Support for SQL Redirect for Azure Firewall Policies

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.cs

@@ -140,5 +140,13 @@ public void TestAzureFirewallPolicyPrivateRangeCRUD()
         {
             TestRunner.RunTestScript("Test-AzureFirewallPolicyPrivateRangeCRUD");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallPolicySQLCRUD()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallPolicySqlCRUD");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1

@@ -1461,4 +1461,53 @@ function Test-AzureFirewallPolicyPrivateRangeCRUD {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+<#
+.SYNOPSIS
+Tests AzureFirewall Policy PrivateRange
+#>
+function Test-AzureFirewallPolicySqlCRUD {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallPolicyName = Get-ResourceName
+    $azureFirewallPolicyName2 = Get-ResourceName
+    $location = "eastus2euap"
+
+    try {
+
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
+
+        # test new AzureFirewallPolicy with sql redirect
+        $allowSQL = New-AzFirewallPolicySQL -AllowSqlRedirect
+        $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -Sql $allowSQL
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+        Assert-NotNull $getAzureFirewallPolicy.SQL
+        Assert-AreEqual true $getAzureFirewallPolicy.SQL.AllowSqlRedirect
+
+        # test set AzureFirewallPolicy without sql redirect
+        $disAllowSQL = New-AzFirewallPolicySQL
+        $azureFirewallPolicy = Set-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -SQL $disAllowSQL
+        Assert-Null $getAzureFirewallPolicy.SQL.AllowSqlRedirect
+
+        # test set AzureFirewallPolicy with sql redirect
+        $azureFirewallPolicy = Set-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -SQL $allowSQL
+        Assert-NotNull $getAzureFirewallPolicy.SQL
+        Assert-AreEqual true $getAzureFirewallPolicy.SQL
+
+        # test new AzureFirewallPolicy without sql redirect
+        $azureFirewallPolicy2 = New-AzFirewallPolicy -Name $azureFirewallPolicyName2 -ResourceGroupName $rgname -Location $location
+        $getAzureFirewallPolicy2 = Get-AzFirewallPolicy -Name $azureFirewallPolicyName2 -ResourceGroupName $rgname
+        Assert-Null $getAzureFirewallPolicy2.SQL
+
+        #verification
+        Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
+        Assert-AreEqual $azureFirewallPolicyName $getAzureFirewallPolicy.Name
+        Assert-NotNull $getAzureFirewallPolicy.Location
+        Assert-AreEqual (Normalize-Location $location) $getAzureFirewallPolicy.Location
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }

src/Network/Network/Az.Network.psd1

@@ -507,7 +507,7 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'New-AzFirewallPolicyIntrusionDetectionBypassTraffic', 
                'New-AzFirewallPolicyIntrusionDetectionSignatureOverride', 
                'New-AzFirewallPolicyThreatIntelWhitelist', 
-               'New-AzFirewallPolicyDnsSetting', 'New-AzVirtualRouter', 
+               'New-AzFirewallPolicyDnsSetting', 'New-AzFirewallPolicySQL', 'New-AzVirtualRouter', 
                'Remove-AzVirtualRouter', 'Get-AzVirtualRouter', 
                'Update-AzVirtualRouter', 'Add-AzVirtualRouterPeer', 
                'Update-AzVirtualRouterPeer', 'Remove-AzVirtualRouterPeer', 

src/Network/Network/AzureFirewallPolicy/NewAzureFirewallPolicyCommand.cs

@@ -138,6 +138,11 @@ public class NewAzureFirewallPolicyCommand : AzureFirewallPolicyBaseCmdlet
         )]
         public string[] PrivateRange { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Firewall policy SQL setting")]
+        public PSAzureFirewallPolicySQL SQL { get; set; }
+
         public override void Execute()
         {
 
@@ -169,7 +174,8 @@ private PSAzureFirewallPolicy CreateAzureFirewallPolicy()
                     Tier = this.SkuTier ?? MNM.FirewallPolicySkuTier.Standard
                 },
                 IntrusionDetection = this.IntrusionDetection,
-                PrivateRange = this.PrivateRange
+                PrivateRange = this.PrivateRange,
+                SQL = this.SQL
             };
 
             if (this.UserAssignedIdentityId != null)

src/Network/Network/AzureFirewallPolicy/SQL/NewAzureFirewallPolicySQLCommand.cs

@@ -0,0 +1,45 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Network.Models;
+using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
+using System.Linq;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet(VerbsCommon.New, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "FirewallPolicySQL", SupportsShouldProcess = true), OutputType(typeof(PSAzureFirewallPolicySQL))]
+    public class NewAzureFirewallPolicySQLCommand : NetworkBaseCmdlet
+    {
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Allow SQL Redirect. By default it is disabled."
+        )]
+        public SwitchParameter AllowSqlRedirect { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+
+            var sql = new PSAzureFirewallPolicySQL
+            {
+                AllowSqlRedirect = this.AllowSqlRedirect.IsPresent ? true : (bool?)null
+            };
+
+            WriteObject(sql);
+        }
+
+    }
+}

src/Network/Network/AzureFirewallPolicy/SetAzureFirewallPolicyCommand.cs

@@ -156,6 +156,11 @@ public class SetAzureFirewallPolicyCommand : AzureFirewallPolicyBaseCmdlet
             HelpMessage = "The Private IP Range")]
         public string[] PrivateRange { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Firewall policy SQL setting")]
+        public PSAzureFirewallPolicySQL SQL { get; set; }
+
         private void AddPremiumProperties(PSAzureFirewallPolicy firewallPolicy)
         {
             firewallPolicy.Sku = new PSAzureFirewallPolicySku
@@ -238,6 +243,7 @@ public override void Execute()
                 this.UserAssignedIdentityId = this.IsParameterBound(c => c.UserAssignedIdentityId) ? UserAssignedIdentityId : (InputObject.Identity?.UserAssignedIdentities != null ? InputObject.Identity.UserAssignedIdentities?.First().Key : null);
                 this.SkuTier = this.IsParameterBound(c => c.SkuTier) ? SkuTier : (InputObject.Sku?.Tier != null ? InputObject.Sku.Tier : null);
                 this.PrivateRange = this.IsParameterBound(c => c.PrivateRange) ? PrivateRange : InputObject.PrivateRange;
+                this.SQL = this.IsParameterBound(c => c.SQL) ? SQL : (InputObject.SQL != null ? InputObject.SQL : null);
 
                 var firewallPolicy = new PSAzureFirewallPolicy()
                 {
@@ -248,7 +254,8 @@ public override void Execute()
                     ThreatIntelWhitelist = this.ThreatIntelWhitelist,
                     BasePolicy = this.BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(this.BasePolicy) : null,
                     DnsSettings = this.DnsSetting,
-                    PrivateRange = this.PrivateRange
+                    PrivateRange = this.PrivateRange,
+                    SQL = this.SQL
                 };
 
                 AddPremiumProperties(firewallPolicy);
@@ -271,7 +278,8 @@ public override void Execute()
                     ThreatIntelWhitelist = this.ThreatIntelWhitelist,
                     BasePolicy = BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(BasePolicy) : null,
                     DnsSettings = this.DnsSetting,
-                    PrivateRange = this.PrivateRange
+                    PrivateRange = this.PrivateRange,
+                    SQL = this.SQL
                 };
 
                 AddPremiumProperties(firewallPolicy);

src/Network/Network/Models/AzureFirewallPolicy/PSAzureFirewallPolicy.cs

@@ -53,6 +53,7 @@ public class PSAzureFirewallPolicy : PSTopLevelResource
         public PSAzureFirewallPolicySNAT Snat { get; set; }
 
         private const string IANAPrivateRanges = "IANAPrivateRanges";
+        public PSAzureFirewallPolicySQL SQL { get; set; }
 
         public string[] PrivateRange
         {

src/Network/Network/Models/AzureFirewallPolicy/PSAzureFirewallPolicySQL.cs

@@ -0,0 +1,27 @@
+//
+// Copyright (c) Microsoft.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Newtonsoft.Json;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSAzureFirewallPolicySQL
+    {
+        public bool? AllowSqlRedirect { get; set; }
+    }
+}