Merge pull request #1 from venkatsvpr/network-october

Per listener/site firewall policy and geo-match operator

Author: venkatsvpr

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs

@@ -113,5 +113,13 @@ public void TestTopLevelWafResourceWithApplicationGateway()
         {
             TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayTopLevelFirewallPolicy -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev)]
+        public void TestApplicationGatewayWithPerSiteFirewallPolicy()
+        {
+            TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayHttpListenerFirewallPolicy -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -58,6 +58,16 @@ public class AzureApplicationGatewayHttpListenerBase : NetworkBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string SslCertificateId { get; set; }
 
+        [Parameter(
+           ParameterSetName = "SetByResourceId",
+           HelpMessage = "FirewallPolicyId")]
+        public string FirewallPolicyId { get; set; }
+
+        [Parameter(
+            ParameterSetName = "SetByResource",
+            HelpMessage = "FirewallPolicy")]
+        public PSApplicationGatewayWebApplicationFirewallPolicy FirewallPolicy { get; set; }
+
         [Parameter(
                 ParameterSetName = "SetByResource",
                 HelpMessage = "Application gateway SslCertificate")]
@@ -97,14 +107,21 @@ public override void ExecuteCmdlet()
                 {
                     this.FrontendIPConfigurationId = this.FrontendIPConfiguration.Id;
                 }
+
                 if (FrontendPort != null)
                 {
                     this.FrontendPortId = this.FrontendPort.Id;
                 }
+
                 if (SslCertificate != null)
                 {
                     this.SslCertificateId = this.SslCertificate.Id;
                 }
+
+                if (FirewallPolicy != null)
+                {
+                    this.FirewallPolicyId = this.FirewallPolicy.Id;
+                }
             }
         }
 
@@ -147,6 +164,12 @@ public PSApplicationGatewayHttpListener NewObject()
                 httpListener.SslCertificate.Id = this.SslCertificateId;
             }
 
+            if (!string.IsNullOrEmpty(this.FirewallPolicyId))
+            {
+                httpListener.FirewallPolicy = new PSResourceId();
+                httpListener.FirewallPolicy.Id = this.FirewallPolicyId;
+            }
+
             if (this.CustomErrorConfiguration != null)
             {
                 httpListener.CustomErrorConfigurations = this.CustomErrorConfiguration?.ToList();

src/Network/Network/ApplicationGateway/HttpListener/AzureApplicationGatewayHttpListenerBase.cs

@@ -80,7 +80,17 @@ public class AzureApplicationGatewayPathRuleConfigBase : NetworkBaseCmdlet
                 HelpMessage = "Application gateway RedirectConfiguration")]
         [ValidateNotNullOrEmpty]
         public PSApplicationGatewayRedirectConfiguration RedirectConfiguration { get; set; }
+        
+        [Parameter(
+           ParameterSetName = "SetByResourceId",
+           HelpMessage = "FirewallPolicyId")]
+        public string FirewallPolicyId { get; set; }
 
+        [Parameter(
+            ParameterSetName = "SetByResource",
+            HelpMessage = "FirewallPolicy")]
+        public PSApplicationGatewayWebApplicationFirewallPolicy FirewallPolicy { get; set; }
+        
         public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
@@ -91,18 +101,26 @@ public override void ExecuteCmdlet()
                 {
                     this.BackendAddressPoolId = this.BackendAddressPool.Id;
                 }
+
                 if (BackendHttpSettings != null)
                 {
                     this.BackendHttpSettingsId = this.BackendHttpSettings.Id;
                 }
+
                 if (RewriteRuleSet != null)
                 {
                     this.RewriteRuleSetId = this.RewriteRuleSet.Id;
                 }
+
                 if (RedirectConfiguration != null)
                 {
                     this.RedirectConfigurationId = this.RedirectConfiguration.Id;
                 }
+
+                if (FirewallPolicy != null)
+                {
+                    this.FirewallPolicyId = this.FirewallPolicy.Id;
+                }
             }
         }
 
@@ -136,6 +154,12 @@ public PSApplicationGatewayPathRule NewObject()
                 pathRule.RedirectConfiguration = new PSResourceId();
                 pathRule.RedirectConfiguration.Id = this.RedirectConfigurationId;
             }
+            
+            if (!string.IsNullOrEmpty(this.FirewallPolicyId))
+            {
+                pathRule.FirewallPolicy = new PSResourceId();
+                pathRule.FirewallPolicy.Id = this.FirewallPolicyId;
+            }
 
             return pathRule;
         }

src/Network/Network/ApplicationGateway/PathRule/AzureApplicationGatewayPathRuleConfigBase.cs

@@ -31,7 +31,7 @@ public class AzureApplicationGatewayFirewallConditionBase : NetworkBaseCmdlet
         [Parameter(
             Mandatory = true,
             HelpMessage = "Describes operator to be matched.")]
-        [ValidateSet("IPMatch", "Equal", "Contains", "LessThan", "GreaterThan", "LessThanOrEqual", "GreaterThanOrEqual", "BeginsWith", "EndsWith", "Regex", IgnoreCase = true)]
+        [ValidateSet("IPMatch", "Equal", "Contains", "LessThan", "GreaterThan", "LessThanOrEqual", "GreaterThanOrEqual", "BeginsWith", "EndsWith", "Regex", "GeoMatch", IgnoreCase = true)]
         [ValidateNotNullOrEmpty]
         public string Operator { get; set; }
 

src/Network/Network/FirewallPolicy/FirewallCondition/AzureApplicationGatewayFirewallConditionBase.cs

@@ -34,6 +34,7 @@ public class PSApplicationGatewayHttpListener : PSChildResource
         public string ProvisioningState { get; set; }
         public string Type { get; set; }
         public List<PSApplicationGatewayCustomError> CustomErrorConfigurations { get; set; }
+        public PSResourceId FirewallPolicy { get; set; }
 
         [JsonIgnore]
         public string FrontendIpConfigurationText
@@ -52,5 +53,11 @@ public string SslCertificateText
         {
             get { return JsonConvert.SerializeObject(SslCertificate, Formatting.Indented, new JsonSerializerSettings() { NullValueHandling = NullValueHandling.Ignore }); }
         }
+
+        [JsonIgnore]
+        public string FirewallPolicyText
+        {
+            get { return JsonConvert.SerializeObject(FirewallPolicy, Formatting.Indented, new JsonSerializerSettings() { NullValueHandling = NullValueHandling.Ignore }); }
+        }
     }
 }

src/Network/Network/Models/PSApplicationGatewayHttpListener.cs

@@ -24,6 +24,8 @@ public class PSApplicationGatewayPathRule : PSChildResource
         public PSResourceId BackendHttpSettings { get; set; }
         public PSResourceId RewriteRuleSet { get; set; }
         public PSResourceId RedirectConfiguration { get; set; }
+        public PSResourceId FirewallPolicy { get; set; }
+
         public string Type { get; set; }
 
         [JsonIgnore]
@@ -55,5 +57,11 @@ public string RewriteRuleSetText
         {
             get { return JsonConvert.SerializeObject(RewriteRuleSet, Formatting.Indented, new JsonSerializerSettings() { NullValueHandling = NullValueHandling.Ignore }); }
         }
+        
+        [JsonIgnore]
+        public string FirewallPolicyText
+        {
+            get { return JsonConvert.SerializeObject(FirewallPolicy, Formatting.Indented, new JsonSerializerSettings() { NullValueHandling = NullValueHandling.Ignore }); }
+        }
     }
 }

src/Network/Network/Models/PSApplicationGatewayPathRule.cs

@@ -19,6 +19,7 @@ New-AzApplicationGatewayHttpListener -Name <String> [-FrontendIPConfigurationId
  [-FrontendPortId <String>] [-SslCertificateId <String>] [-HostName <String>]
  [-RequireServerNameIndication <String>] -Protocol <String>
  [-CustomErrorConfiguration <PSApplicationGatewayCustomError[]>] [-DefaultProfile <IAzureContextContainer>]
+ [-FirewallPolicyId <String>]
  [<CommonParameters>]
 ```
 
@@ -27,6 +28,7 @@ New-AzApplicationGatewayHttpListener -Name <String> [-FrontendIPConfigurationId
 New-AzApplicationGatewayHttpListener -Name <String>
  [-FrontendIPConfiguration <PSApplicationGatewayFrontendIPConfiguration>]
  [-FrontendPort <PSApplicationGatewayFrontendPort>] [-SslCertificate <PSApplicationGatewaySslCertificate>]
+ [-FirewallPolicy <PSApplicationGatewayWebApplicationFirewallPolicy>]
  [-HostName <String>] [-RequireServerNameIndication <String>] -Protocol <String>
  [-CustomErrorConfiguration <PSApplicationGatewayCustomError[]>] [-DefaultProfile <IAzureContextContainer>]
  [<CommonParameters>]
@@ -52,6 +54,13 @@ PS C:\>$Listener = New-AzApplicationGatewayHttpListener -Name "Listener01" -Prot
 This command creates an HTTP listener that uses SSL offload and provides the SSL certificate in the $SSLCert01 variable.
 The command stores the result in the variable named $Listener.
 
+### Example 3: Create an HTTP listener with firewall-policy
+```
+PS C:\>$Listener = New-AzApplicationGatewayHttpListener -Name "Listener01" -Protocol "Http" -FrontendIpConfiguration $FIp01 -FrontendPort $FP01 -FirewallPolicy $firewallPolicy
+```
+
+This command creates an HTTP listener named Listener01, FirewallPolicy as $firewallPolicy and stores the result in the variable named $Listener.
+
 ## PARAMETERS
 
 ### -CustomErrorConfiguration
@@ -234,6 +243,43 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -FirewallPolicy
+Specifies the object reference to a top-level firewall policy. 
+The object reference can be created by using New-AzApplicationGatewayWebApplicationFirewallPolicy cmdlet.
+$firewallPolicy = New-AzApplicationGatewayFirewallPolicy -Name "wafPolicy1" -ResourceGroup "rgName"
+A firewall policy created using the above commandlet can be referred at a path-rule level. 
+he above command would create a default policy settings and managed rules.
+Instead of the default values, users can specify PolicySettings, ManagedRules by using New-AzApplicationGatewayFirewallPolicySettings and New-AzApplicationGatewayFirewallPolicyManagedRules respectively.
+
+```yaml
+Type: Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayWebApplicationFirewallPolicy
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -FirewallPolicyId
+Specifies the ID of an existing top-level web application firewall resource.
+Firewall policy IDs can be returned by using the Get-AzApplicationGatewayWebApplicationFirewallPolicy cmdlet. 
+After we have the ID you can use *FirewallPolicyId* parameter instead of *FirewallPolicy* parameter.
+For instance:
+-FirewallPolicyId  “/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/<firewallPolicyName>”
+
+```yaml
+Type: Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayWebApplicationFirewallPolicy
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
 

src/Network/Network/help/New-AzApplicationGatewayHttpListener.md

@@ -17,7 +17,7 @@ Creates an application gateway path rule.
 ```
 New-AzApplicationGatewayPathRuleConfig -Name <String> -Paths <String[]> [-BackendAddressPoolId <String>]
  [-BackendHttpSettingsId <String>] [-RewriteRuleSetId <String>] [-RedirectConfigurationId <String>]
- [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-FirewallPolicyId <String>] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ### SetByResource
@@ -26,6 +26,7 @@ New-AzApplicationGatewayPathRuleConfig -Name <String> -Paths <String[]>
  [-BackendAddressPool <PSApplicationGatewayBackendAddressPool>]
  [-BackendHttpSettings <PSApplicationGatewayBackendHttpSettings>]
  [-RewriteRuleSet <PSApplicationGatewayRewriteRuleSet>]
+ [-FirewallPolicy <PSApplicationGatewayWebApplicationFirewallPolicy>]
  [-RedirectConfiguration <PSApplicationGatewayRedirectConfiguration>]
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
@@ -53,6 +54,13 @@ The next two commands create a backend address pool and a backend HTTP settings
 The fourth command creates the path rule object and is stored in a variable named $PathRuleConfig.
 The fifth command uses **Add-AzApplicationGatewayUrlPathMapConfig** to add the configuration settings and the new path rule contained within those settings to ContosoApplicationGateway.
 
+### Example 2
+```
+PS C:\> $PathRuleConfig = New-AzApplicationGatewayPathRuleConfig -Name "base" -Paths "/base" -BackendAddressPool $AddressPool -BackendHttpSettings $HttpSettings -FirewallPolicy $firewallPolicy
+```
+
+These command creates a path-rule with the Name as "base", Paths as "/base", BackendAddressPool as $AddressPool, BackendHttpSettings as $HttpSettings and FirewallPolicy as $firewallPolicy.ngs and the new path rule contained within those settings to ContosoApplicationGateway.
+
 ## PARAMETERS
 
 ### -BackendAddressPool
@@ -141,6 +149,43 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -FirewallPolicy
+Specifies the object reference to a top-level firewall policy. 
+The object reference can be created by using New-AzApplicationGatewayWebApplicationFirewallPolicy cmdlet.
+$firewallPolicy = New-AzApplicationGatewayFirewallPolicy -Name "wafPolicy1" -ResourceGroup "rgName"
+A firewall policy created using the above commandlet can be referred at a path-rule level. 
+he above command would create a default policy settings and managed rules.
+Instead of the default values, users can specify PolicySettings, ManagedRules by using New-AzApplicationGatewayFirewallPolicySettings and New-AzApplicationGatewayFirewallPolicyManagedRules respectively.
+
+```yaml
+Type: Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayWebApplicationFirewallPolicy
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -FirewallPolicyId
+Specifies the ID of an existing top-level web application firewall resource.
+Firewall policy IDs can be returned by using the Get-AzApplicationGatewayWebApplicationFirewallPolicy cmdlet. 
+After we have the ID you can use *FirewallPolicyId* parameter instead of *FirewallPolicy* parameter.
+For instance:
+-FirewallPolicyId  "/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/<firewallPolicyName>"
+
+```yaml
+Type: Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayWebApplicationFirewallPolicy
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -DefaultProfile
 The credentials, account, tenant, and subscription used for communication with azure.