From 76a0090f24172544dbcbd9ac94202ed984925f59 Mon Sep 17 00:00:00 2001 From: "Karan Bazaz (from Dev Box)" Date: Wed, 16 Jul 2025 15:24:37 -0700 Subject: [PATCH 1/4] PS changes to show appgw and agc in waf policy --- .../Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 | 6 +++++- .../PSApplicationGatewayWebApplicationFirewallPolicy.cs | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 index f9663ce23ee7..89dce63cfd53 100644 --- a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 +++ b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 @@ -3027,7 +3027,11 @@ function Test-ApplicationGatewayTopLevelFirewallPolicy $appgw = Get-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname $policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname - # Second check firewll policy + # Check if Application Gateway resource can be seen in WAF Policy + Assert-AreEqual $policy.ApplicationGateways.Count 1 + Assert-AreEqual $policy.ApplicationGateways[0].Id $appgw.Id + + # Second check firewall policy Assert-AreEqual $policy.Id $appgw.FirewallPolicy.Id Assert-AreEqual $policy.CustomRules[0].Name $rule.Name Assert-AreEqual $policy.CustomRules[0].RuleType $rule.RuleType diff --git a/src/Network/Network/Models/PSApplicationGatewayWebApplicationFirewallPolicy.cs b/src/Network/Network/Models/PSApplicationGatewayWebApplicationFirewallPolicy.cs index 3c8b820e3ea2..809a561c6d6d 100644 --- a/src/Network/Network/Models/PSApplicationGatewayWebApplicationFirewallPolicy.cs +++ b/src/Network/Network/Models/PSApplicationGatewayWebApplicationFirewallPolicy.cs @@ -13,6 +13,7 @@ // limitations under the License. // +using Microsoft.Azure.Management.Network.Models; using Microsoft.WindowsAzure.Commands.Common.Attributes; using Newtonsoft.Json; using System.Collections.Generic; @@ -32,5 +33,9 @@ public class PSApplicationGatewayWebApplicationFirewallPolicy : PSTopLevelResour public int? CustomBlockResponseStatusCode { get; set; } public string CustomBlockResponseBody { get; set; } + + public System.Collections.Generic.IList ApplicationGateways { get; set; } + + public System.Collections.Generic.IList ApplicationGatewayForContainers { get; set; } } } \ No newline at end of file From 3a1b9de327cc8a1190ffaa9efedcd82374fdd435 Mon Sep 17 00:00:00 2001 From: "Karan Bazaz (from Dev Box)" Date: Thu, 17 Jul 2025 17:02:34 -0700 Subject: [PATCH 2/4] Adding test file and docs --- .../ScenarioTests/ApplicationGatewayTests.ps1 | 4 +- ..._with_ApplicationGatewayForContainers.json | 83 +++++++++++++++++++ .../Get-AzApplicationGatewayFirewallPolicy.md | 4 +- 3 files changed, 87 insertions(+), 4 deletions(-) create mode 100644 src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayTopLevelFirewallPolicy_with_ApplicationGatewayForContainers.json diff --git a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 index 89dce63cfd53..0934cc1361b7 100644 --- a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 +++ b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 @@ -3028,8 +3028,8 @@ function Test-ApplicationGatewayTopLevelFirewallPolicy $policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname # Check if Application Gateway resource can be seen in WAF Policy - Assert-AreEqual $policy.ApplicationGateways.Count 1 - Assert-AreEqual $policy.ApplicationGateways[0].Id $appgw.Id + Assert-AreEqual $policy.ApplicationGateways.Count 1 + Assert-AreEqual $policy.ApplicationGateways[0].Id $appgw.Id # Second check firewall policy Assert-AreEqual $policy.Id $appgw.FirewallPolicy.Id diff --git a/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayTopLevelFirewallPolicy_with_ApplicationGatewayForContainers.json b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayTopLevelFirewallPolicy_with_ApplicationGatewayForContainers.json new file mode 100644 index 000000000000..f453278a6ae6 --- /dev/null +++ b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayTopLevelFirewallPolicy_with_ApplicationGatewayForContainers.json @@ -0,0 +1,83 @@ +{ + "Entries": [ + { + "RequestUri": "/subscriptions/66de82f3-ad93-4605-bbdb-237fe7ef3a06/resourceGroups/appgwTest/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/testwafpolicy?api-version=2024-07-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNjZkZTgyZjMtYWQ5My00NjA1LWJiZGItMjM3ZmU3ZWYzYTA2L3Jlc291cmNlR3JvdXBzL2FwcGd3VGVzdC9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvQXBwbGljYXRpb25HYXRld2F5V2ViQXBwbGljYXRpb25GaXJld2FsbFBvbGljaWVzL3Rlc3R3YWZwb2xpY3k/YXBpLXZlcnNpb249MjAyNC0wNy0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept-Language": [ + "en-US" + ], + "x-ms-client-request-id": [ + "3c7cba41-58c5-44b4-b9ab-0c151d8a00a1" + ], + "User-Agent": [ + "FxVersion/8.0.1825.31117", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.26100", + "Microsoft.Azure.Management.Network.NetworkManagementClient/27.0.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "ETag": [ + "W/\"a949eda1-7aa8-45e2-8cb8-a841e9abfda9\"" + ], + "x-ms-request-id": [ + "e4bd761a-88f6-41a0-8365-1f0be052247e" + ], + "x-ms-correlation-request-id": [ + "66c82526-dcbf-4c48-b285-883089b91c92" + ], + "x-ms-arm-service-request-id": [ + "a2233ca6-235f-4819-afa5-d65697024b56" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "1099" + ], + "x-ms-ratelimit-remaining-subscription-global-reads": [ + "16499" + ], + "x-ms-routing-request-id": [ + "WESTCENTRALUS:20250717T212311Z:66c82526-dcbf-4c48-b285-883089b91c92" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "X-Cache": [ + "CONFIG_NOCACHE" + ], + "X-MSEdge-Ref": [ + "Ref A: E73FDF56A0D5454CA123397B9E08DFC2 Ref B: CYS013050704031 Ref C: 2025-07-17T21:23:11Z" + ], + "Date": [ + "Thu, 17 Jul 2025 21:23:11 GMT" + ], + "Content-Length": [ + "973" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"name\": \"testwafpolicy\",\r\n \"id\": \"/subscriptions/66de82f3-ad93-4605-bbdb-237fe7ef3a06/resourceGroups/appgwTest/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/testwafpolicy\",\r\n \"etag\": \"W/\\\"a949eda1-7aa8-45e2-8cb8-a841e9abfda9\\\"\",\r\n \"type\": \"Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies\",\r\n \"location\": \"eastus2euap\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"customRules\": [],\r\n \"policySettings\": {\r\n \"requestBodyCheck\": true,\r\n \"maxRequestBodySizeInKb\": 128,\r\n \"fileUploadLimitInMb\": 100,\r\n \"state\": \"Disabled\",\r\n \"mode\": \"Detection\",\r\n \"requestBodyInspectLimitInKB\": 128,\r\n \"fileUploadEnforcement\": true,\r\n \"requestBodyEnforcement\": true\r\n },\r\n \"managedRules\": {\r\n \"managedRuleSets\": [\r\n {\r\n \"ruleSetType\": \"Microsoft_DefaultRuleSet\",\r\n \"ruleSetVersion\": \"2.1\",\r\n \"ruleGroupOverrides\": []\r\n }\r\n ],\r\n \"exclusions\": []\r\n },\r\n \"applicationGatewayForContainers\": [\r\n {\r\n \"id\": \"/subscriptions/66de82f3-ad93-4605-bbdb-237fe7ef3a06/resourcegroups/appgwtest/providers/microsoft.servicenetworking/trafficcontrollers/test1\"\r\n }\r\n ]\r\n }\r\n}", + "StatusCode": 200 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "66de82f3-ad93-4605-bbdb-237fe7ef3a06" + } +} \ No newline at end of file diff --git a/src/Network/Network/help/Get-AzApplicationGatewayFirewallPolicy.md b/src/Network/Network/help/Get-AzApplicationGatewayFirewallPolicy.md index cb96ed45f495..8fbeb22f412b 100644 --- a/src/Network/Network/help/Get-AzApplicationGatewayFirewallPolicy.md +++ b/src/Network/Network/help/Get-AzApplicationGatewayFirewallPolicy.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-AzApplicationGatewayFirewallPolicy ## SYNOPSIS -Gets an application gateway firewall policy. +Gets an application gateway or application gateway for containers firewall policy. ## SYNTAX @@ -18,7 +18,7 @@ Get-AzApplicationGatewayFirewallPolicy [-Name ] [-ResourceGroupName Date: Tue, 22 Jul 2025 19:59:20 -0700 Subject: [PATCH 3/4] Adding Change log file --- src/Network/Network/ChangeLog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md index 0310267d5c64..79d1b37f0da7 100644 --- a/src/Network/Network/ChangeLog.md +++ b/src/Network/Network/ChangeLog.md @@ -21,6 +21,7 @@ ## Upcoming Release * Updated cmdlet `New-AzFirewallPolicyApplicationRule` to use HTTPS as the default protocol when creating a new FQDN Tag application rule. * Added `EnableDnstapLogging` parameter to `New-AzFirewall` +* Changes to show appgw and agc in waf policy ## Version 7.18.0 * Added a new command which creates an object for CaptureSetting, and added properties 'FileCount', 'FileSizeInBytes', and 'SessionTimeLimitInSeconds', which helps to configure the capture setting for packet capture as well as support for it for the following cmdlets: From aab0aee5c450e6e316eb6bc900a605f78568e829 Mon Sep 17 00:00:00 2001 From: Yan Xu Date: Wed, 23 Jul 2025 13:58:07 +0800 Subject: [PATCH 4/4] Update src/Network/Network/ChangeLog.md --- src/Network/Network/ChangeLog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md index 79d1b37f0da7..a620e02e9be6 100644 --- a/src/Network/Network/ChangeLog.md +++ b/src/Network/Network/ChangeLog.md @@ -19,9 +19,9 @@ ---> ## Upcoming Release +* Returned appgw and agc in waf policy * Updated cmdlet `New-AzFirewallPolicyApplicationRule` to use HTTPS as the default protocol when creating a new FQDN Tag application rule. * Added `EnableDnstapLogging` parameter to `New-AzFirewall` -* Changes to show appgw and agc in waf policy ## Version 7.18.0 * Added a new command which creates an object for CaptureSetting, and added properties 'FileCount', 'FileSizeInBytes', and 'SessionTimeLimitInSeconds', which helps to configure the capture setting for packet capture as well as support for it for the following cmdlets: