Skip to content

PS changes to show appgw and agc in waf policy #28197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+95 −3
Open

PS changes to show appgw and agc in waf policy #28197

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
76a0090
PS changes to show appgw and agc in waf policy
Jul 16, 2025
3a1b9de
Adding test file and docs
Jul 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3027,7 +3027,11 @@ function Test-ApplicationGatewayTopLevelFirewallPolicy
$appgw = Get-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname
$policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname

# Second check firewll policy
# Check if Application Gateway resource can be seen in WAF Policy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dont see the new test, are you planning to write a new test? I see the test recording with a new test name

example:
https://github.com/Azure/azure-powershell/pull/24425/files#diff-8246fd889bc16feb6d86237629d27aaab4218db5d1eda39aec6b2b6e846804ff

need it inside ApplicationGatewayTests.cs and ApplicationGatewayTests.ps1

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dont need to create a new test to test the application gateway policy since the data is already there in the test. The test recording is the for the prod test which I did for the application gateway for containers field. Details are there in the description section.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a comment here explaining we are depending on a manually created AGC-security policy deployment in which subs and which rg?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is to check the application gateway resource id. For the AGC end to end test details are there in the description section.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I thought those are the changes for AGC. So we are not adding scenario tests to verify if AGC are referencing the waf policy? If there is anything related can you share a link here?

Assert-AreEqual $policy.ApplicationGateways.Count 1
Assert-AreEqual $policy.ApplicationGateways[0].Id $appgw.Id

# Second check firewall policy
Assert-AreEqual $policy.Id $appgw.FirewallPolicy.Id
Assert-AreEqual $policy.CustomRules[0].Name $rule.Name
Assert-AreEqual $policy.CustomRules[0].RuleType $rule.RuleType
Expand Down
83 changes: 83 additions & 0 deletions ...ts/TestApplicationGatewayTopLevelFirewallPolicy_with_ApplicationGatewayForContainers.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
{
"Entries": [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if no test is added, dont think we need recording, check with PS team

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this recording is for the end to end test for AGC. Who can i check with in the ps team?

{
"RequestUri": "/subscriptions/66de82f3-ad93-4605-bbdb-237fe7ef3a06/resourceGroups/appgwTest/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/testwafpolicy?api-version=2024-07-01",
"EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNjZkZTgyZjMtYWQ5My00NjA1LWJiZGItMjM3ZmU3ZWYzYTA2L3Jlc291cmNlR3JvdXBzL2FwcGd3VGVzdC9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvQXBwbGljYXRpb25HYXRld2F5V2ViQXBwbGljYXRpb25GaXJld2FsbFBvbGljaWVzL3Rlc3R3YWZwb2xpY3k/YXBpLXZlcnNpb249MjAyNC0wNy0wMQ==",
"RequestMethod": "GET",
"RequestHeaders": {
"Accept-Language": [
"en-US"
],
"x-ms-client-request-id": [
"3c7cba41-58c5-44b4-b9ab-0c151d8a00a1"
],
"User-Agent": [
"FxVersion/8.0.1825.31117",
"OSName/Windows",
"OSVersion/Microsoft.Windows.10.0.26100",
"Microsoft.Azure.Management.Network.NetworkManagementClient/27.0.0.0"
]
},
"RequestBody": "",
"ResponseHeaders": {
"Cache-Control": [
"no-cache"
],
"Pragma": [
"no-cache"
],
"ETag": [
"W/\"a949eda1-7aa8-45e2-8cb8-a841e9abfda9\""
],
"x-ms-request-id": [
"e4bd761a-88f6-41a0-8365-1f0be052247e"
],
"x-ms-correlation-request-id": [
"66c82526-dcbf-4c48-b285-883089b91c92"
],
"x-ms-arm-service-request-id": [
"a2233ca6-235f-4819-afa5-d65697024b56"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
],
"x-ms-ratelimit-remaining-subscription-reads": [
"1099"
],
"x-ms-ratelimit-remaining-subscription-global-reads": [
"16499"
],
"x-ms-routing-request-id": [
"WESTCENTRALUS:20250717T212311Z:66c82526-dcbf-4c48-b285-883089b91c92"
],
"X-Content-Type-Options": [
"nosniff"
],
"X-Cache": [
"CONFIG_NOCACHE"
],
"X-MSEdge-Ref": [
"Ref A: E73FDF56A0D5454CA123397B9E08DFC2 Ref B: CYS013050704031 Ref C: 2025-07-17T21:23:11Z"
],
"Date": [
"Thu, 17 Jul 2025 21:23:11 GMT"
],
"Content-Length": [
"973"
],
"Content-Type": [
"application/json; charset=utf-8"
],
"Expires": [
"-1"
]
},
"ResponseBody": "{\r\n \"name\": \"testwafpolicy\",\r\n \"id\": \"/subscriptions/66de82f3-ad93-4605-bbdb-237fe7ef3a06/resourceGroups/appgwTest/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/testwafpolicy\",\r\n \"etag\": \"W/\\\"a949eda1-7aa8-45e2-8cb8-a841e9abfda9\\\"\",\r\n \"type\": \"Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies\",\r\n \"location\": \"eastus2euap\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"customRules\": [],\r\n \"policySettings\": {\r\n \"requestBodyCheck\": true,\r\n \"maxRequestBodySizeInKb\": 128,\r\n \"fileUploadLimitInMb\": 100,\r\n \"state\": \"Disabled\",\r\n \"mode\": \"Detection\",\r\n \"requestBodyInspectLimitInKB\": 128,\r\n \"fileUploadEnforcement\": true,\r\n \"requestBodyEnforcement\": true\r\n },\r\n \"managedRules\": {\r\n \"managedRuleSets\": [\r\n {\r\n \"ruleSetType\": \"Microsoft_DefaultRuleSet\",\r\n \"ruleSetVersion\": \"2.1\",\r\n \"ruleGroupOverrides\": []\r\n }\r\n ],\r\n \"exclusions\": []\r\n },\r\n \"applicationGatewayForContainers\": [\r\n {\r\n \"id\": \"/subscriptions/66de82f3-ad93-4605-bbdb-237fe7ef3a06/resourcegroups/appgwtest/providers/microsoft.servicenetworking/trafficcontrollers/test1\"\r\n }\r\n ]\r\n }\r\n}",
"StatusCode": 200
}
],
"Names": {},
"Variables": {
"SubscriptionId": "66de82f3-ad93-4605-bbdb-237fe7ef3a06"
}
}
5 changes: 5 additions & 0 deletions src/Network/Network/Models/PSApplicationGatewayWebApplicationFirewallPolicy.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
// limitations under the License.
//

using Microsoft.Azure.Management.Network.Models;
using Microsoft.WindowsAzure.Commands.Common.Attributes;
using Newtonsoft.Json;
using System.Collections.Generic;
Expand All @@ -32,5 +33,9 @@ public class PSApplicationGatewayWebApplicationFirewallPolicy : PSTopLevelResour
public int? CustomBlockResponseStatusCode { get; set; }

public string CustomBlockResponseBody { get; set; }

public System.Collections.Generic.IList<ApplicationGateway> ApplicationGateways { get; set; }

public System.Collections.Generic.IList<ApplicationGatewayForContainersReferenceDefinition> ApplicationGatewayForContainers { get; set; }
Comment on lines +37 to +39
Copy link
Preview

Copilot AI Jul 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the shorter 'IList' instead of the fully qualified 'System.Collections.Generic.IList' since 'System.Collections.Generic' is already imported at the top of the file.

Suggested change
public System.Collections.Generic.IList<ApplicationGateway> ApplicationGateways { get; set; }
public System.Collections.Generic.IList<ApplicationGatewayForContainersReferenceDefinition> ApplicationGatewayForContainers { get; set; }
public IList<ApplicationGateway> ApplicationGateways { get; set; }
public IList<ApplicationGatewayForContainersReferenceDefinition> ApplicationGatewayForContainers { get; set; }

Copilot uses AI. Check for mistakes.

Comment on lines +37 to +39
Copy link
Preview

Copilot AI Jul 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the shorter 'IList' instead of the fully qualified 'System.Collections.Generic.IList' since 'System.Collections.Generic' is already imported at the top of the file.

Suggested change
public System.Collections.Generic.IList<ApplicationGateway> ApplicationGateways { get; set; }
public System.Collections.Generic.IList<ApplicationGatewayForContainersReferenceDefinition> ApplicationGatewayForContainers { get; set; }
public IList<ApplicationGateway> ApplicationGateways { get; set; }
public IList<ApplicationGatewayForContainersReferenceDefinition> ApplicationGatewayForContainers { get; set; }

Copilot uses AI. Check for mistakes.

}
}
4 changes: 2 additions & 2 deletions src/Network/Network/help/Get-AzApplicationGatewayFirewallPolicy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ schema: 2.0.0
# Get-AzApplicationGatewayFirewallPolicy

## SYNOPSIS
Gets an application gateway firewall policy.
Gets an application gateway or application gateway for containers firewall policy.

## SYNTAX

Expand All @@ -18,7 +18,7 @@ Get-AzApplicationGatewayFirewallPolicy [-Name <String>] [-ResourceGroupName <Str
```

## DESCRIPTION
The **Get-AzApplicationGatewayFirewallPolicy** cmdlet gets an application gateway firewall policy..
The **Get-AzApplicationGatewayFirewallPolicy** cmdlet gets an application gateway or application gateway for containers firewall policy..

## EXAMPLES

Expand Down