private void AddPremiumProperties(PSAzureFirewallPolicy firewallPolicy)
{
firewallPolicy.Sku = new PSAzureFirewallPolicySku
{
Tier = this.SkuTier ?? MNM.FirewallPolicySkuTier.Standard
};
firewallPolicy.IntrusionDetection = this.IntrusionDetection;
if (this.UserAssignedIdentityId != null)
{
firewallPolicy.Identity = new PSManagedServiceIdentity
{
Type = MNM.ResourceIdentityType.UserAssigned,
UserAssignedIdentities = new Dictionary <string, PSManagedServiceIdentityUserAssignedIdentitiesValue>
{
{ this.UserAssignedIdentityId, new PSManagedServiceIdentityUserAssignedIdentitiesValue() }
}
};
}
else if (this.Identity != null)
{
firewallPolicy.Identity = this.Identity;
}
if (this.TransportSecurityKeyVaultSecretId != null)
{
if (this.TransportSecurityName == null)
{
throw new ArgumentException("TransportSecurityName must be provided with TransportSecurityKeyVaultSecretId");
}
if (this.Identity == null && this.UserAssignedIdentityId == null)
{
throw new ArgumentException("Identity must be provided with TransportSecurityKeyVaultSecretId");
}
firewallPolicy.TransportSecurity = new PSAzureFirewallPolicyTransportSecurity
{
CertificateAuthority = new PSAzureFirewallPolicyTransportSecurityCertificateAuthority
{
Name = this.TransportSecurityName,
KeyVaultSecretId = this.TransportSecurityKeyVaultSecretId
}
};
}
}
private PSAzureFirewallPolicy CreateAzureFirewallPolicy()
{
var firewall = new PSAzureFirewallPolicy()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
BasePolicy = BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(BasePolicy) : null
};
// Map to the sdk object
var azureFirewallPolicyModel = NetworkResourceManagerProfile.Mapper.Map <MNM.FirewallPolicy>(firewall);
azureFirewallPolicyModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create AzureFirewall call
this.AzureFirewallPolicyClient.CreateOrUpdate(this.ResourceGroupName, this.Name, azureFirewallPolicyModel);
return(this.GetAzureFirewallPolicy(this.ResourceGroupName, this.Name));
}
private PSAzureFirewallPolicy CreateAzureFirewallPolicy()
{
var firewallPolicy = new PSAzureFirewallPolicy()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
ThreatIntelWhitelist = this.ThreatIntelWhitelist,
BasePolicy = BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(BasePolicy) : null,
DnsSettings = this.DnsSetting,
Sku = new PSAzureFirewallPolicySku {
Tier = this.SkuTier ?? MNM.FirewallPolicySkuTier.Standard
},
IntrusionDetection = this.IntrusionDetection
};
if (this.UserAssignedIdentityId != null)
{
firewallPolicy.Identity = new PSManagedServiceIdentity
{
Type = MNM.ResourceIdentityType.UserAssigned,
UserAssignedIdentities = new Dictionary <string, PSManagedServiceIdentityUserAssignedIdentitiesValue>
{
{ this.UserAssignedIdentityId, new PSManagedServiceIdentityUserAssignedIdentitiesValue() }
}
};
}
else if (this.Identity != null)
{
firewallPolicy.Identity = this.Identity;
}
if (this.TransportSecurityKeyVaultSecretId != null)
{
if (this.TransportSecurityName == null)
{
throw new ArgumentException("TransportSecurityName must be provided with TransportSecurityKeyVaultSecretId");
}
if (this.Identity == null && this.UserAssignedIdentityId == null)
{
throw new ArgumentException("Identity must be provided with TransportSecurityKeyVaultSecretId");
}
firewallPolicy.TransportSecurity = new PSAzureFirewallPolicyTransportSecurity
{
CertificateAuthority = new PSAzureFirewallPolicyTransportSecurityCertificateAuthority
{
Name = this.TransportSecurityName,
KeyVaultSecretId = this.TransportSecurityKeyVaultSecretId
}
};
}
// Map to the sdk object
var azureFirewallPolicyModel = NetworkResourceManagerProfile.Mapper.Map <MNM.FirewallPolicy>(firewallPolicy);
azureFirewallPolicyModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create AzureFirewall call
this.AzureFirewallPolicyClient.CreateOrUpdate(this.ResourceGroupName, this.Name, azureFirewallPolicyModel);
return(this.GetAzureFirewallPolicy(this.ResourceGroupName, this.Name));
}
public override void Execute()
{
base.Execute();
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceInfo = new ResourceIdentifier(ResourceId);
ResourceGroupName = resourceInfo.ResourceGroupName;
Name = resourceInfo.ResourceName;
}
else if (this.IsParameterBound(c => c.InputObject))
{
ResourceGroupName = InputObject.ResourceGroupName;
Name = InputObject.Name;
}
if (!NetworkBaseCmdlet.IsResourcePresent(() => GetAzureFirewallPolicy(ResourceGroupName, Name)))
{
throw new ArgumentException(Microsoft.Azure.Commands.Network.Properties.Resources.ResourceNotFound);
}
if (this.IsParameterBound(c => c.InputObject))
{
this.Location = this.IsParameterBound(c => c.Location) ? Location : InputObject.Location;
this.ThreatIntelMode = this.IsParameterBound(c => c.ThreatIntelMode) ? ThreatIntelMode : InputObject.ThreatIntelMode;
this.ThreatIntelWhitelist = this.IsParameterBound(c => c.ThreatIntelWhitelist) ? ThreatIntelWhitelist : InputObject.ThreatIntelWhitelist;
this.BasePolicy = this.IsParameterBound(c => c.BasePolicy) ? BasePolicy : (InputObject.BasePolicy != null ? InputObject.BasePolicy.Id : null);
this.DnsSetting = this.IsParameterBound(c => c.DnsSetting) ? DnsSetting : (InputObject.DnsSettings != null ? InputObject.DnsSettings : null);
this.IntrusionDetection = this.IsParameterBound(c => c.IntrusionDetection) ? IntrusionDetection : (InputObject.IntrusionDetection != null ? InputObject.IntrusionDetection : null);
this.TransportSecurityName = this.IsParameterBound(c => c.TransportSecurityName) ? TransportSecurityName : (InputObject.TransportSecurity?.CertificateAuthority != null ? InputObject.TransportSecurity.CertificateAuthority.Name : null);
this.TransportSecurityKeyVaultSecretId = this.IsParameterBound(c => c.TransportSecurityKeyVaultSecretId) ? TransportSecurityKeyVaultSecretId : (InputObject.TransportSecurity?.CertificateAuthority != null ? InputObject.TransportSecurity.CertificateAuthority.KeyVaultSecretId : null);
this.Identity = this.IsParameterBound(c => c.Identity) ? Identity : (InputObject.Identity != null ? InputObject.Identity : null);
this.UserAssignedIdentityId = this.IsParameterBound(c => c.UserAssignedIdentityId) ? UserAssignedIdentityId : (InputObject.Identity?.UserAssignedIdentities != null ? InputObject.Identity.UserAssignedIdentities?.First().Key : null);
this.SkuTier = this.IsParameterBound(c => c.SkuTier) ? SkuTier : (InputObject.Sku?.Tier != null ? InputObject.Sku.Tier : null);
this.PrivateRange = this.IsParameterBound(c => c.PrivateRange) ? PrivateRange : InputObject.PrivateRange;
var firewallPolicy = new PSAzureFirewallPolicy()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
ThreatIntelWhitelist = this.ThreatIntelWhitelist,
BasePolicy = this.BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(this.BasePolicy) : null,
DnsSettings = this.DnsSetting,
PrivateRange = this.PrivateRange
};
AddPremiumProperties(firewallPolicy);
var azureFirewallPolicyModel = NetworkResourceManagerProfile.Mapper.Map <MNM.FirewallPolicy>(firewallPolicy);
// Execute the PUT AzureFirewall Policy call
this.AzureFirewallPolicyClient.CreateOrUpdate(ResourceGroupName, Name, azureFirewallPolicyModel);
var getAzureFirewall = this.GetAzureFirewallPolicy(ResourceGroupName, Name);
WriteObject(getAzureFirewall);
}
else
{
var firewallPolicy = new PSAzureFirewallPolicy()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
ThreatIntelWhitelist = this.ThreatIntelWhitelist,
BasePolicy = BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(BasePolicy) : null,
DnsSettings = this.DnsSetting,
PrivateRange = this.PrivateRange
};
AddPremiumProperties(firewallPolicy);
// Map to the sdk object
var azureFirewallPolicyModel = NetworkResourceManagerProfile.Mapper.Map <MNM.FirewallPolicy>(firewallPolicy);
azureFirewallPolicyModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create AzureFirewall call
this.AzureFirewallPolicyClient.CreateOrUpdate(this.ResourceGroupName, this.Name, azureFirewallPolicyModel);
var getAzureFirewallPolicy = this.GetAzureFirewallPolicy(ResourceGroupName, Name);
WriteObject(getAzureFirewallPolicy);
}
}
public override void Execute()
{
base.Execute();
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceInfo = new ResourceIdentifier(ResourceId);
ResourceGroupName = resourceInfo.ResourceGroupName;
Name = resourceInfo.ResourceName;
}
else if (this.IsParameterBound(c => c.InputObject))
{
ResourceGroupName = InputObject.ResourceGroupName;
Name = InputObject.Name;
}
if (!NetworkBaseCmdlet.IsResourcePresent(() => GetAzureFirewallPolicy(ResourceGroupName, Name)))
{
throw new ArgumentException(Microsoft.Azure.Commands.Network.Properties.Resources.ResourceNotFound);
}
if (this.IsParameterBound(c => c.InputObject))
{
this.Location = this.IsParameterBound(c => c.Location) ? Location : InputObject.Location;
this.ThreatIntelMode = this.IsParameterBound(c => c.ThreatIntelMode) ? ThreatIntelMode : InputObject.ThreatIntelMode;
this.BasePolicy = this.IsParameterBound(c => c.BasePolicy) ? BasePolicy : (InputObject.BasePolicy != null ? InputObject.BasePolicy.Id : null);
var firewallPolicy = new PSAzureFirewallPolicy()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
BasePolicy = this.BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(this.BasePolicy) : null
};
var azureFirewallPolicyModel = NetworkResourceManagerProfile.Mapper.Map <MNM.FirewallPolicy>(firewallPolicy);
// Execute the PUT AzureFirewall Policy call
this.AzureFirewallPolicyClient.CreateOrUpdate(ResourceGroupName, Name, azureFirewallPolicyModel);
var getAzureFirewall = this.GetAzureFirewallPolicy(ResourceGroupName, Name);
WriteObject(getAzureFirewall);
}
else
{
var firewallPolicy = new PSAzureFirewallPolicy()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
BasePolicy = BasePolicy != null ? new Microsoft.Azure.Management.Network.Models.SubResource(BasePolicy) : null
};
// Map to the sdk object
var azureFirewallPolicyModel = NetworkResourceManagerProfile.Mapper.Map <MNM.FirewallPolicy>(firewallPolicy);
azureFirewallPolicyModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create AzureFirewall call
this.AzureFirewallPolicyClient.CreateOrUpdate(this.ResourceGroupName, this.Name, azureFirewallPolicyModel);
var getAzureFirewallPolicy = this.GetAzureFirewallPolicy(ResourceGroupName, Name);
WriteObject(getAzureFirewallPolicy);
}
}
