public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
IDictionary <string, IList <string> > httpHeader = null;
if (HttpHeader != null)
{
httpHeader = ConvertHeaderHashtable(HttpHeader);
}
int intPriority = checked ((int)Priority);
switch (ParameterSetName)
{
case IpAddressParameterSet:
ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case ServiceTagParameterSet:
ipSecurityRestriction = new IpSecurityRestriction(ServiceTag, null, null, null, null, Action, "ServiceTag", intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case SubnetNameParameterSet:
case SubnetIdParameterSet:
var Subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId;
//Fetch RG of given SubNet
var subNetResourceGroupName = CmdletHelpers.GetSubnetResourceGroupName(DefaultContext, Subnet, VirtualNetworkName);
//If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call.
subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName;
var subnetResourceId = CmdletHelpers.ValidateSubnet(Subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id);
if (!IgnoreMissingServiceEndpoint)
{
CmdletHelpers.VerifySubnetDelegation(subnetResourceId);
}
ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
}
if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'"))
{
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionSettings);
}
}
}
}
public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
bool accessRestrictionExists = false;
int intPriority = checked ((int)Priority);
switch (ParameterSetName)
{
case IpAddressParameterSet:
foreach (var accessRestriction in accessRestrictionList)
{
if (accessRestriction.IpAddress != null &&
accessRestriction.IpAddress == IpAddress &&
accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
accessRestrictionExists = true;
accessRestriction.Name = Name;
accessRestriction.Priority = intPriority;
accessRestriction.Description = Description;
break;
}
}
if (!accessRestrictionExists)
{
ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description);
accessRestrictionList.Add(ipSecurityRestriction);
}
break;
case SubnetNameParameterSet:
case SubnetIdParameterSet:
var Subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId;
//Fetch RG of given SubNet
var subNetResourceGroupName = CmdletHelpers.GetSubnetResourceGroupName(DefaultContext, Subnet, VirtualNetworkName);
//If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call.
subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName;
var subnetResourceId = CmdletHelpers.ValidateSubnet(Subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id);
if (!IgnoreMissingServiceEndpoint)
{
CmdletHelpers.VerifySubnetDelegation(subnetResourceId);
}
foreach (var accessRestriction in accessRestrictionList)
{
if (accessRestriction.VnetSubnetResourceId != null &&
accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() &&
accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
{
accessRestrictionExists = true;
accessRestriction.Name = Name;
accessRestriction.Priority = intPriority;
accessRestriction.Description = Description;
break;
}
}
if (!accessRestrictionExists)
{
ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description);
accessRestrictionList.Add(ipSecurityRestriction);
}
break;
}
string updateAction = accessRestrictionExists ? "Updating" : "Adding";
if (ShouldProcess(WebAppName, $"{updateAction} Access Restriction Rule '{Name}' for Web App '{WebAppName}'"))
{
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionSettings);
}
}
}
}
