Merge pull request #1 from htippanaboya/network-2022-07-01

Merging Network 2022 07 01 into main

src/Batch/Batch.Test/Batch.Test.csproj

@@ -16,7 +16,7 @@
     <PackageReference Include="Microsoft.Azure.Batch" Version="15.3.0" />
     <PackageReference Include="Microsoft.Azure.Management.Batch" Version="14.0.0" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.0" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/CognitiveServices/CognitiveServices.Test/CognitiveServices.Test.csproj

@@ -11,8 +11,8 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
     <PackageReference Include="Microsoft.Azure.Management.CognitiveServices" Version="8.4.0" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/Compute/Compute.Test/Compute.Test.csproj

@@ -14,7 +14,7 @@
     <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.4.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.Compute" Version="58.0.0" />
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="4.0.0-preview.1" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/ContainerRegistry/ContainerRegistry.Test/ContainerRegistry.Test.csproj

@@ -12,7 +12,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Management.ContainerRegistry" Version="4.0.0" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.6.0">
       <NoWarn>NU1608</NoWarn>

src/CosmosDB/CosmosDB.Test/CosmosDB.Test.csproj

@@ -5,7 +5,7 @@
   <Import Project="$(MSBuildThisFileDirectory)..\..\Az.Test.props" />
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
     <PackageReference Include="Microsoft.Azure.Management.CosmosDB" Version="3.7.0-preview" />
   </ItemGroup>
 </Project>

src/DataLakeStore/DataLakeStore.Test/DataLakeStore.Test.csproj

@@ -12,7 +12,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Management.DataLake.Store" Version="2.4.2-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/Dns/Dns.Test/Dns.Test.csproj

@@ -12,7 +12,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Management.Dns" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
   </ItemGroup>
 
 </Project>

src/HDInsight/HDInsight.Test/HDInsight.Test.csproj

@@ -17,7 +17,7 @@
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="4.0.0-preview.1" />
     <PackageReference Include="Microsoft.Azure.Management.ManagedServiceIdentity" Version="0.11.0" />
     <PackageReference Include="Microsoft.Azure.Management.OperationalInsights" Version="0.25.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/HPCCache/HPCCache.Test/HPCCache.Test.csproj

@@ -17,7 +17,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Management.Authorization" Version="2.13.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.Storage" Version="14.5.0" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.0" />
   </ItemGroup>
 

src/KeyVault/KeyVault.Test/KeyVault.Test.csproj

@@ -13,7 +13,8 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="4.0.0-preview.1" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/Monitor/Monitor.Test/Monitor.Test.csproj

@@ -14,7 +14,7 @@
     <PackageReference Include="Microsoft.Azure.Management.Monitor" Version="0.26.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.ApplicationInsights" Version="0.3.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.OperationalInsights" Version="0.25.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/NetAppFiles/NetAppFiles.Test/NetAppFiles.Test.csproj

@@ -11,7 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
     <PackageReference Include="Microsoft.Azure.Management.NetApp" Version="1.16.0" />
   </ItemGroup>
 

src/Network/Network.Test/Network.Test.csproj

@@ -14,7 +14,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.4.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="24.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="25.0.0" />
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="4.0.0-preview.1" />
     <PackageReference Include="Microsoft.Azure.Insights" Version="0.16.0-preview" />

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs

@@ -44,6 +44,14 @@ public void TestAvailableWafRuleSets()
             TestRunner.RunTestScript("Test-AvailableWafRuleSets");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev)]
+        public void TestWafDynamicManifest()
+        {
+            TestRunner.RunTestScript("Test-WafDynamicManifest");
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         [Trait(Category.Owner, NrpTeamAlias.nvadev)]
@@ -237,5 +245,13 @@ public void TestApplicationGatewayFirewallPolicyWithUppercaseTransform()
         {
             TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyWithUppercaseTransform");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)]
+        public void TestApplicationGatewayFirewallPolicyWithCustomBlockResponse()
+        {
+            TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyWithCustomBlockResponse");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -54,6 +54,25 @@ function Test-AvailableWafRuleSets
 	Assert-NotNull $result.Value[0].RuleGroups[0].Rules[0].RuleId
 }
 
+function Test-WafDynamicManifest
+{
+	$location = "westus";
+	$result = Get-AzApplicationGatewayWafDynamicManifest -Location $location
+	# need to add the correct path - alon
+	Assert-NotNull $result
+	Assert-NotNull $result.defaultRuleSetType
+	Assert-NotNull $result.defaultRuleSetVersion
+	Assert-NotNull $result.availableRuleSets[0].RuleSetType
+	Assert-NotNull $result.availableRuleSets[0].RuleSetVersion
+	Assert-NotNull $result.availableRuleSets[0].tiers[0]
+	Assert-NotNull $result.availableRuleSets[0].RuleGroups
+	Assert-True { $result.availableRuleSets[0].RuleGroups.Count -gt 0 }
+	Assert-NotNull $result.availableRuleSets[0].RuleGroups[0].RuleGroupName
+	Assert-NotNull $result.availableRuleSets[0].RuleGroups[0].Rules
+	Assert-True { $result.availableRuleSets[0].RuleGroups[0].Rules.Count -gt 0 }
+	Assert-NotNull $result.availableRuleSets[0].RuleGroups[0].Rules[0].RuleId
+}
+
 <#
 .SYNOPSIS
 Application gateway tests
@@ -4270,3 +4289,91 @@ function Test-ApplicationGatewayFirewallPolicyWithUppercaseTransform
 		Clean-ResourceGroup $rgname
 	}
 }
+
+function Test-ApplicationGatewayFirewallPolicyWithCustomBlockResponse
+{
+	# Setup
+	$location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "West US 2"
+
+	$rgname = Get-ResourceGroupName
+	$wafPolicy = Get-ResourceName
+
+	try
+	{
+		$resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"}
+
+		# Test both status and body are present
+		$customBlockResponseBody = "Sorry! Forbidden"
+		$policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70 -CustomBlockResponseStatusCode 405 -CustomBlockResponseBody $customBlockResponseBody
+		$managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2"
+		$managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet
+		New-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname -Location $location -ManagedRule $managedRule -PolicySetting $policySettings
+
+		$policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname
+
+		Assert-AreEqual $policySettings.FileUploadLimitInMb $policy.PolicySettings.FileUploadLimitInMb 
+		Assert-AreEqual $policySettings.MaxRequestBodySizeInKb $policy.PolicySettings.MaxRequestBodySizeInKb 
+		Assert-AreEqual $policySettings.RequestBodyCheck $policy.PolicySettings.RequestBodyCheck 
+		Assert-AreEqual $policySettings.Mode $policy.PolicySettings.Mode 
+		Assert-AreEqual $policySettings.State $policy.PolicySettings.State 
+		Assert-AreEqual $policySettings.CustomBlockResponseStatusCode $policy.CustomBlockResponseStatusCode
+		Assert-AreEqual $customBlockResponseBody $policy.CustomBlockResponseBody
+
+		# test status code alone present
+		$policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70 -CustomBlockResponseStatusCode 405
+		$managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2"
+		$managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet
+		Set-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname -ManagedRule $managedRule -PolicySetting $policySettings
+
+		$policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname
+
+		# Check firewall policy
+		Assert-AreEqual $policySettings.FileUploadLimitInMb $policy.PolicySettings.FileUploadLimitInMb 
+		Assert-AreEqual $policySettings.MaxRequestBodySizeInKb $policy.PolicySettings.MaxRequestBodySizeInKb 
+		Assert-AreEqual $policySettings.RequestBodyCheck $policy.PolicySettings.RequestBodyCheck 
+		Assert-AreEqual $policySettings.Mode $policy.PolicySettings.Mode 
+		Assert-AreEqual $policySettings.State $policy.PolicySettings.State 
+		Assert-AreEqual $policySettings.CustomBlockResponseStatusCode $policy.CustomBlockResponseStatusCode
+		Assert-Null 	$policy.CustomBlockResponseBody
+
+		# test body alone present 
+		$customBlockResponseBody = "Sorry! Forbidden. You can't access"
+		$policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70 -CustomBlockResponseBody $customBlockResponseBody
+		$managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2"
+		$managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet
+		Set-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname -ManagedRule $managedRule -PolicySetting $policySettings
+
+		$policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname
+
+		# Check firewall policy
+		Assert-AreEqual $policySettings.FileUploadLimitInMb $policy.PolicySettings.FileUploadLimitInMb 
+		Assert-AreEqual $policySettings.MaxRequestBodySizeInKb $policy.PolicySettings.MaxRequestBodySizeInKb 
+		Assert-AreEqual $policySettings.RequestBodyCheck $policy.PolicySettings.RequestBodyCheck 
+		Assert-AreEqual $policySettings.Mode $policy.PolicySettings.Mode 
+		Assert-AreEqual $policySettings.State $policy.PolicySettings.State 
+		Assert-Null 	$policy.CustomBlockResponseStatusCode
+		Assert-AreEqual $customBlockResponseBody $policy.CustomBlockResponseBody 
+
+		# test both are not present
+		$policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70
+		$managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2"
+		$managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet
+		Set-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname -ManagedRule $managedRule -PolicySetting $policySettings
+
+		$policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicy -ResourceGroupName $rgname
+
+		# Check firewall policy
+		Assert-AreEqual $policySettings.FileUploadLimitInMb $policy.PolicySettings.FileUploadLimitInMb 
+		Assert-AreEqual $policySettings.MaxRequestBodySizeInKb $policy.PolicySettings.MaxRequestBodySizeInKb 
+		Assert-AreEqual $policySettings.RequestBodyCheck $policy.PolicySettings.RequestBodyCheck 
+		Assert-AreEqual $policySettings.Mode $policy.PolicySettings.Mode 
+		Assert-AreEqual $policySettings.State $policy.PolicySettings.State 
+		Assert-Null 	$policy.CustomBlockResponseStatusCode
+		Assert-Null 	$policy.CustomBlockResponseBody
+	}
+	finally
+	{
+		# Cleanup
+		Clean-ResourceGroup $rgname
+	}
+}

src/Network/Network/ApplicationGateway/GetAzureApplicationGatewayWafDynamicManifests.cs

@@ -0,0 +1,44 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Models;
+using Microsoft.Azure.Management.Network;
+using System.Linq;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ApplicationGatewayWafDynamicManifest"), OutputType(typeof(PSApplicationGatewayWafDynamicManifests))]
+    public class GetAzureApplicationGatewayWafDynamicManifests : NetworkBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "The location.",
+            ValueFromPipelineByPropertyName = true)]
+        [ValidateNotNullOrEmpty]
+        public string Location { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+            var wafDynamicManifests = this.NetworkClient.NetworkManagementClient.ApplicationGatewayWafDynamicManifests.Get(Location);
+            PSApplicationGatewayWafDynamicManifests pswafDynamicManifests;
+            var wafDynamicManifest = wafDynamicManifests.First();
+            pswafDynamicManifests = NetworkResourceManagerProfile.Mapper.Map<PSApplicationGatewayWafDynamicManifests>(wafDynamicManifest);
+            pswafDynamicManifests.DefaultRuleSetVersion = wafDynamicManifest.RuleSetVersion;
+            pswafDynamicManifests.DefaultRuleSetType = wafDynamicManifest.RuleSetType;
+            WriteObject(pswafDynamicManifests);
+        }
+    }
+}

src/Network/Network/Az.Network.psd1

@@ -85,6 +85,7 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'Remove-AzApplicationGatewayAutoscaleConfiguration', 
                'Set-AzApplicationGatewayAutoscaleConfiguration', 
                'Get-AzApplicationGatewayAvailableWafRuleSet', 
+               'Get-AzApplicationGatewayWafDynamicManifest', 
                'Get-AzApplicationGatewayAvailableSslOption', 
                'Add-AzApplicationGatewayBackendAddressPool', 
                'Get-AzApplicationGatewayBackendAddressPool', 

src/Network/Network/ChangeLog.md

@@ -19,6 +19,9 @@
 --->
 
 ## Upcoming Release
+* Added optional parameters `CustomBlockResponseStatusCode` and `CustomBlockResponseBody` parameter to `AzApplicationGatewayFirewallPolicySettings`
+* Added a new cmdlet to get the application gateway waf manifest and rules
+    - `Get-AzApplicationGatewayWafDynamicManifest`
 
 ## Version 5.1.2
 * Upgraded AutoMapper to Microsoft.Azure.PowerShell.AutoMapper 6.2.2 with fix [#18721]

src/Network/Network/Common/NetworkResourceManagerProfile.cs

@@ -1038,6 +1038,7 @@ private static void Initialize()
                 cfg.CreateMap<CNM.PSApplicationGatewayPrivateLinkConfiguration, MNM.ApplicationGatewayPrivateLinkConfiguration>();
                 cfg.CreateMap<CNM.PSApplicationGatewayPrivateLinkIpConfiguration, MNM.ApplicationGatewayPrivateLinkIpConfiguration>();
                 cfg.CreateMap<CNM.PSApplicationGatewayPrivateEndpointConnection, MNM.ApplicationGatewayPrivateEndpointConnection>();
+                cfg.CreateMap<CNM.PSApplicationGatewayWafDynamicManifests, MNM.ApplicationGatewayWafDynamicManifestResult>();
 
                 // MNM to CNM
                 cfg.CreateMap<MNM.ApplicationGateway, CNM.PSApplicationGateway>();
@@ -1113,6 +1114,7 @@ private static void Initialize()
                 cfg.CreateMap<MNM.ApplicationGatewayPrivateLinkConfiguration, CNM.PSApplicationGatewayPrivateLinkConfiguration>();
                 cfg.CreateMap<MNM.ApplicationGatewayPrivateLinkIpConfiguration, CNM.PSApplicationGatewayPrivateLinkIpConfiguration>();
                 cfg.CreateMap<MNM.ApplicationGatewayPrivateEndpointConnection, CNM.PSApplicationGatewayPrivateEndpointConnection>();
+                cfg.CreateMap<MNM.ApplicationGatewayWafDynamicManifestResult, CNM.PSApplicationGatewayWafDynamicManifests>();
 
                 // Application Security Groups
                 // CNM to MNM