public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
IDictionary <string, IList <string> > httpHeader = null;
if (HttpHeader != null)
{
httpHeader = ConvertHeaderHashtable(HttpHeader);
}
int intPriority = checked ((int)Priority);
switch (ParameterSetName)
{
case IpAddressParameterSet:
ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case ServiceTagParameterSet:
ipSecurityRestriction = new IpSecurityRestriction(ServiceTag, null, null, null, null, Action, "ServiceTag", intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case SubnetNameParameterSet:
case SubnetIdParameterSet:
var Subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId;
//Fetch RG of given SubNet
var subNetResourceGroupName = CmdletHelpers.GetSubnetResourceGroupName(DefaultContext, Subnet, VirtualNetworkName);
//If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call.
subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName;
var subnetResourceId = CmdletHelpers.ValidateSubnet(Subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id);
if (!IgnoreMissingServiceEndpoint)
{
CmdletHelpers.VerifySubnetDelegation(subnetResourceId);
}
ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
}
if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'"))
{
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionSettings);
}
}
}
}
public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule '{Name}' from Web App '{WebAppName}'"))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
bool accessRestrictionExists = false;
foreach (var accessRestriction in accessRestrictionList)
{
if (accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
{
ipSecurityRestriction = accessRestriction;
accessRestrictionExists = true;
break;
}
}
if (accessRestrictionExists)
{
accessRestrictionList.Remove(ipSecurityRestriction);
}
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionConfig = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionConfig);
}
}
}
}
public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
bool accessRestrictionExists = false;
int intPriority = checked ((int)Priority);
switch (ParameterSetName)
{
case IpAddressParameterSet:
foreach (var accessRestriction in accessRestrictionList)
{
if (accessRestriction.IpAddress != null &&
accessRestriction.IpAddress == IpAddress &&
accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
accessRestrictionExists = true;
accessRestriction.Name = Name;
accessRestriction.Priority = intPriority;
accessRestriction.Description = Description;
break;
}
}
if (!accessRestrictionExists)
{
ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description);
accessRestrictionList.Add(ipSecurityRestriction);
}
break;
case SubnetNameParameterSet:
case SubnetIdParameterSet:
var Subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId;
//Fetch RG of given SubNet
var subNetResourceGroupName = CmdletHelpers.GetSubnetResourceGroupName(DefaultContext, Subnet, VirtualNetworkName);
//If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call.
subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName;
var subnetResourceId = CmdletHelpers.ValidateSubnet(Subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id);
if (!IgnoreMissingServiceEndpoint)
{
CmdletHelpers.VerifySubnetDelegation(subnetResourceId);
}
foreach (var accessRestriction in accessRestrictionList)
{
if (accessRestriction.VnetSubnetResourceId != null &&
accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() &&
accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
accessRestrictionExists = true;
accessRestriction.Name = Name;
accessRestriction.Priority = intPriority;
accessRestriction.Description = Description;
break;
}
}
if (!accessRestrictionExists)
{
ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description);
accessRestrictionList.Add(ipSecurityRestriction);
}
break;
}
string updateAction = accessRestrictionExists ? "Updating" : "Adding";
if (ShouldProcess(WebAppName, $"{updateAction} Access Restriction Rule '{Name}' for Web App '{WebAppName}'"))
{
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionSettings);
}
}
}
}
public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
IDictionary <string, IList <string> > httpHeader = null;
if (HttpHeader != null)
{
httpHeader = ConvertHeaderHashtable(HttpHeader);
}
int intPriority = checked ((int)Priority);
switch (ParameterSetName)
{
case IpAddressParameterSet:
CheckDuplicateIPRestriction(IpAddress, accessRestrictionList);
ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case ServiceTagParameterSet:
CheckDuplicateIPRestriction(ServiceTag, accessRestrictionList);
ipSecurityRestriction = new IpSecurityRestriction(ServiceTag, null, null, null, null, Action, "ServiceTag", intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case SubnetNameParameterSet:
case SubnetIdParameterSet:
var subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId;
//Fetch RG of given SubNet
var subNetResourceGroupName = NetworkClient.GetSubnetResourceGroupName(subnet, VirtualNetworkName);
//If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call.
subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName;
var subnetResourceId = NetworkClient.ValidateSubnet(subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id);
CheckDuplicateServiceEndpointRestriction(subnetResourceId, accessRestrictionList);
if (!IgnoreMissingServiceEndpoint)
{
var subnetSubcriptionId = CmdletHelpers.GetSubscriptionIdFromResourceId(subnetResourceId);
if (subnetSubcriptionId != DefaultContext.Subscription.Id)
{
throw new Exception("Service endpoint cannot be validated. Subnet is in another subscription. Use -IgnoreMissingServiceEndpoint and manually verify that 'Microsoft.Web' service endpoint is enabled on the subnet.");
}
var serviceEndpointServiceName = "Microsoft.Web";
var serviceEndpointLocations = new List <string>()
{
"*"
};
NetworkClient.EnsureSubnetServiceEndpoint(subnetResourceId, serviceEndpointServiceName, serviceEndpointLocations);
}
ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
}
if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'"))
{
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionSettings);
}
}
}
}
public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule from Web App '{WebAppName}'"))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
bool accessRestrictionExists = false;
foreach (var accessRestriction in accessRestrictionList)
{
if (!string.IsNullOrWhiteSpace(Name))
{
if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
ipSecurityRestriction = accessRestriction;
accessRestrictionExists = true;
break;
}
}
else if (!string.IsNullOrWhiteSpace(IpAddress))
{
if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == IpAddress.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
if (!string.IsNullOrWhiteSpace(Name))
{
if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
continue;
}
}
ipSecurityRestriction = accessRestriction;
accessRestrictionExists = true;
break;
}
}
else if (!string.IsNullOrWhiteSpace(SubnetId) || (!string.IsNullOrWhiteSpace(SubnetName) && !string.IsNullOrWhiteSpace(VirtualNetworkName)))
{
var subnet = !string.IsNullOrWhiteSpace(SubnetId) ? SubnetId : SubnetName;
var subnetResourceId = CmdletHelpers.ValidateSubnet(subnet, VirtualNetworkName, ResourceGroupName, DefaultContext.Subscription.Id);
if (!string.IsNullOrWhiteSpace(accessRestriction.VnetSubnetResourceId) && accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
if (!string.IsNullOrWhiteSpace(Name))
{
if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
continue;
}
}
ipSecurityRestriction = accessRestriction;
accessRestrictionExists = true;
break;
}
}
}
if (accessRestrictionExists)
{
accessRestrictionList.Remove(ipSecurityRestriction);
}
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionConfig = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionConfig);
}
}
}
}
