//Parse single NetworkRule IpRule in SDK to wrapped property PSIpRule
public static PSIpRule ParsePSNetworkRuleIPRule(IPRule ipRule)
{
PSIpRule returnRule = new PSIpRule();
returnRule.Action = ParsePSNetworkRuleAction(ipRule.Action);
returnRule.IPAddressOrRange = ipRule.IPAddressOrRange;
return(returnRule);
}
//Parse wrapped property PSIpRule to single NetworkRule IpRule in SDK
public static IPRule ParseStorageNetworkRuleIPRule(PSIpRule ipRule)
{
IPRule returnRule = new IPRule();
returnRule.Action = ParseStorageNetworkRuleAction(ipRule.Action);
returnRule.IPAddressOrRange = ipRule.IPAddressOrRange;
return(returnRule);
}
/// <summary>
/// Remove one IpRule from IpRule List
/// </summary>
/// <param name="ruleList">The IpRule List</param>
/// <param name="ruleToRemove">The IP Rule to remove</param>
/// <returns>true if reove success</returns>
public bool RemoveIpRule(IList <IPRule> ruleList, IPRule ruleToRemove)
{
foreach (IPRule rule in ruleList)
{
if (rule.IPAddressOrRange == ruleToRemove.IPAddressOrRange)
{
ruleList.Remove(rule);
return(true);
}
}
return(false);
}
public override void ExecuteCmdlet()
{
// Update the NetworlruleSet
if (ShouldProcess(target: Name, action: string.Format("Update NetworkruleSet for {0} Namespace in {1} ResourceGroup", Name, ResourceGroupName)))
{
try
{
if (ParameterSetName.Equals(NetwrokruleSetPropertiesParameterSet))
{
PSNetworkRuleSetAttributes networkRuleSetAttributes = new PSNetworkRuleSetAttributes()
{
DefaultAction = DefaultAction,
TrustedServiceAccessEnabled = TrustedServiceAccessEnabled.IsPresent,
IpRules = IPRule.OfType <PSNWRuleSetIpRulesAttributes>().ToList(),
VirtualNetworkRules = VirtualNetworkRule.OfType <PSNWRuleSetVirtualNetworkRulesAttributes>().ToList(),
PublicNetworkAccess = PublicNetworkAccess
};
WriteObject(Client.CreateOrUpdateNetworkRuleSet(ResourceGroupName, Name, networkRuleSetAttributes));
}
if (ParameterSetName.Equals(NetwrokruleSetInputObjectParameterSet))
{
WriteObject(Client.CreateOrUpdateNetworkRuleSet(ResourceGroupName, Name, InputObject));
}
if (ParameterSetName.Equals("NetworkRuleSetResourceIdParameterSet"))
{
ResourceIdentifier getParamGeoDR = GetResourceDetailsFromId(ResourceId);
PSNetworkRuleSetAttributes getNWRuleSet = Client.GetNetworkRuleSet(getParamGeoDR.ResourceGroupName, getParamGeoDR.ParentResource);
if (ResourceGroupName != null && getParamGeoDR.ResourceName != null)
{
if (ShouldProcess(target: Name, action: string.Format("updating NetwrokruleSet", Name, ResourceGroupName)))
{
WriteObject(Client.CreateOrUpdateNetworkRuleSet(ResourceGroupName, Name, getNWRuleSet));
}
}
}
}
catch (Management.EventHub.Models.ErrorResponseException ex)
{
WriteError(Eventhub.EventHubsClient.WriteErrorforBadrequest(ex));
}
}
}
public bool PostNewIPRule(IPRule rule)
{
userContext.VerifyPermission(PermissionToken.ManageIPRules);
if (string.IsNullOrEmpty(rule?.Address))
{
throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest);
}
bool result = false;
repo.HandleTransaction(ctx => {
result = ipRuleManager.AddPermBannedIP(ctx, rule);
ctx.AuditLogger.SysLog($"added {rule.Address} to banned IPs");
});
return(result);
}
public static IRule CreateRule(string line)
{
IPRule ipRule = null;
if (IPRule.CreateIPRule(line, out ipRule))
{
return(ipRule);
}
HostRule hostRule = null;
if (HostRule.CreateHostnameRule(line, out hostRule))
{
return(hostRule);
}
return(null);
}
public ActionResult <bool> PostNewIPRule(IPRule rule)
{
_userContext.VerifyPermission(PermissionToken.ManageIPRules);
if (string.IsNullOrEmpty(rule?.Address))
{
return(BadRequest());
}
bool result = false;
_repo.HandleTransaction(ctx =>
{
result = _ipRuleManager.AddPermBannedIP(ctx, rule);
ctx.AuditLogger.SysLog($"added {rule.Address} to banned IPs");
});
return(result);
}
public bool AddPermBannedIP(IDatabaseContext db, IPRule ipRule)
{
if (ipRule == null)
{
throw new ArgumentNullException(nameof(ipRule));
}
lock (lockStr) {
if (permBannedIPs.Contains(ipRule.Address))
{
return(false);
}
db.Save(ipRule);
permBannedIPs.Add(ipRule.Address);
return(true);
}
}
public bool PostNewPermBannedIp(IPRule rule)
{
userContext.VerifyPermission(PermissionToken.ManageIPRules);
if (string.IsNullOrEmpty(rule?.Address))
{
throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest);
}
if (ipRuleManager.PermBannedIPs.Contains(rule.Address))
{
return(false);
}
ipRuleManager.PermBannedIPs.Add(rule.Address);
repo.HandleTransaction(ctx => {
ctx.Save(rule);
ctx.AuditLogger.SysLog("added " + rule.Address + " to banned IPs");
});
return(true);
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
if (ShouldProcess(this.Name, "Add Storage Account NetworkRules"))
{
var storageAccount = this.StorageClient.StorageAccounts.GetProperties(
this.ResourceGroupName,
this.Name);
NetworkRuleSet storageACL = storageAccount.NetworkRuleSet;
if (storageACL == null)
{
storageACL = new NetworkRuleSet();
}
bool ruleChanged = false;
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (string s in VirtualNetworkResourceId)
{
bool ruleExist = false;
foreach (VirtualNetworkRule originRule in storageACL.VirtualNetworkRules)
{
if (originRule.VirtualNetworkResourceId.Equals(s, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add VirtualNetworkRule as it already exist: {0}", s));
break;
}
}
if (!ruleExist)
{
VirtualNetworkRule rule = new VirtualNetworkRule(s);
storageACL.VirtualNetworkRules.Add(rule);
ruleChanged = true;
}
}
break;
case IpRuleStringParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (string s in IPAddressOrRange)
{
bool ruleExist = false;
foreach (IPRule originRule in storageACL.IpRules)
{
if (originRule.IPAddressOrRange.Equals(s, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add IPAddressOrRange as it already exist: {0}", s));
break;
}
}
if (!ruleExist)
{
IPRule rule = new IPRule(s);
storageACL.IpRules.Add(rule);
ruleChanged = true;
}
}
break;
case ResourceAccessRuleStringParameterSet:
if (storageACL.ResourceAccessRules == null)
{
storageACL.ResourceAccessRules = new List <ResourceAccessRule>();
}
bool ResourceAccessruleExist = false;
foreach (ResourceAccessRule originRule in storageACL.ResourceAccessRules)
{
if (originRule.TenantId.Equals(this.TenantId, System.StringComparison.InvariantCultureIgnoreCase) &&
originRule.ResourceId.Equals(this.ResourceId, System.StringComparison.InvariantCultureIgnoreCase))
{
ResourceAccessruleExist = true;
WriteDebug(string.Format("Skip add ResourceAccessRule as it already exist, TenantId: {0}, ResourceId: {1}", this.TenantId, this.ResourceId));
break;
}
}
if (!ResourceAccessruleExist)
{
ResourceAccessRule rule = new ResourceAccessRule(this.TenantId, this.ResourceId);
storageACL.ResourceAccessRules.Add(rule);
ruleChanged = true;
}
break;
case NetworkRuleObjectParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (PSVirtualNetworkRule rule in VirtualNetworkRule)
{
bool ruleExist = false;
foreach (VirtualNetworkRule originRule in storageACL.VirtualNetworkRules)
{
if (originRule.VirtualNetworkResourceId.Equals(rule.VirtualNetworkResourceId, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add IPAddressOrRange as it already exist: {0}", rule.VirtualNetworkResourceId));
break;
}
}
if (!ruleExist)
{
storageACL.VirtualNetworkRules.Add(PSNetworkRuleSet.ParseStorageNetworkRuleVirtualNetworkRule(rule));
ruleChanged = true;
}
}
break;
case ResourceAccessRuleObjectParameterSet:
if (storageACL.ResourceAccessRules == null)
{
storageACL.ResourceAccessRules = new List <ResourceAccessRule>();
}
foreach (PSResourceAccessRule rule in ResourceAccessRule)
{
bool ruleExist = false;
foreach (ResourceAccessRule originRule in storageACL.ResourceAccessRules)
{
if (originRule.TenantId.Equals(rule.TenantId, System.StringComparison.InvariantCultureIgnoreCase) &&
originRule.ResourceId.Equals(rule.ResourceId, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add ResourceAccessRule as it already exist, TenantId: {0}, ResourceId: {1}", rule.TenantId, rule.ResourceId));
break;
}
}
if (!ruleExist)
{
storageACL.ResourceAccessRules.Add(PSNetworkRuleSet.ParseStorageResourceAccessRule(rule));
ruleChanged = true;
}
}
break;
case IpRuleObjectParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (PSIpRule rule in IPRule)
{
bool ruleExist = false;
foreach (IPRule originRule in storageACL.IpRules)
{
if (originRule.IPAddressOrRange.Equals(rule.IPAddressOrRange, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add IPAddressOrRange as it already exist: {0}", rule.IPAddressOrRange));
break;
}
}
if (!ruleExist)
{
storageACL.IpRules.Add(PSNetworkRuleSet.ParseStorageNetworkRuleIPRule(rule));
ruleChanged = true;
}
}
break;
}
if (ruleChanged)
{
StorageAccountUpdateParameters updateParameters = new StorageAccountUpdateParameters();
updateParameters.NetworkRuleSet = storageACL;
var updatedAccountResponse = this.StorageClient.StorageAccounts.Update(
this.ResourceGroupName,
this.Name,
updateParameters);
storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
}
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
case NetworkRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).VirtualNetworkRules);
break;
case IpRuleStringParameterSet:
case IpRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).IpRules);
break;
case ResourceAccessRuleStringParameterSet:
case ResourceAccessRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).ResourceAccessRules);
break;
}
}
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
if (ShouldProcess(this.Name, "Add Storage Account NetworkRules"))
{
var storageAccount = this.StorageClient.StorageAccounts.GetProperties(
this.ResourceGroupName,
this.Name);
NetworkRuleSet storageACL = storageAccount.NetworkRuleSet;
if (storageACL == null)
{
storageACL = new NetworkRuleSet();
}
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (string s in VirtualNetworkResourceId)
{
VirtualNetworkRule rule = new VirtualNetworkRule(s);
storageACL.VirtualNetworkRules.Add(rule);
}
break;
case IpRuleStringParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (string s in IPAddressOrRange)
{
IPRule rule = new IPRule(s);
storageACL.IpRules.Add(rule);
}
break;
case NetworkRuleObjectParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (PSVirtualNetworkRule rule in VirtualNetworkRule)
{
storageACL.VirtualNetworkRules.Add(PSNetworkRuleSet.ParseStorageNetworkRuleVirtualNetworkRule(rule));
}
break;
case IpRuleObjectParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (PSIpRule rule in IPRule)
{
storageACL.IpRules.Add(PSNetworkRuleSet.ParseStorageNetworkRuleIPRule(rule));
}
break;
}
StorageAccountUpdateParameters updateParameters = new StorageAccountUpdateParameters();
updateParameters.NetworkRuleSet = storageACL;
var updatedAccountResponse = this.StorageClient.StorageAccounts.Update(
this.ResourceGroupName,
this.Name,
updateParameters);
storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
case NetworkRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).VirtualNetworkRules);
break;
case IpRuleStringParameterSet:
case IpRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).IpRules);
break;
}
}
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
if (ShouldProcess(this.Name, "Remove Storage Account Networkrules"))
{
var storageAccount = this.StorageClient.StorageAccounts.GetProperties(
this.ResourceGroupName,
this.Name);
NetworkRuleSet storageACL = storageAccount.NetworkRuleSet;
if (storageACL == null)
{
storageACL = new NetworkRuleSet();
}
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (string s in VirtualNetworkResourceId)
{
VirtualNetworkRule rule = new VirtualNetworkRule(s);
if (!RemoveNetworkRule(storageACL.VirtualNetworkRules, rule))
{
throw new ArgumentOutOfRangeException("VirtualNetworkResourceId", String.Format("Can't remove VirtualNetworkRule with specific ResourceId since not exist: {0}", rule.VirtualNetworkResourceId));
}
}
break;
case IpRuleStringParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (string s in IPAddressOrRange)
{
IPRule rule = new IPRule(s);
if (!RemoveIpRule(storageACL.IpRules, rule))
{
throw new ArgumentOutOfRangeException("IPAddressOrRange", String.Format("Can't remove IpRule with specific IPAddressOrRange since not exist: {0}", rule.IPAddressOrRange));
}
}
break;
case NetworkRuleObjectParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (PSVirtualNetworkRule rule in VirtualNetworkRule)
{
if (!RemoveNetworkRule(storageACL.VirtualNetworkRules, PSNetworkRuleSet.ParseStorageNetworkRuleVirtualNetworkRule(rule)))
{
throw new ArgumentOutOfRangeException("VirtualNetworkRule", String.Format("Can't remove VirtualNetworkRule with specific ResourceId since not exist: {0}", rule.VirtualNetworkResourceId));
}
}
break;
case IpRuleObjectParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (PSIpRule rule in IPRule)
{
if (!RemoveIpRule(storageACL.IpRules, PSNetworkRuleSet.ParseStorageNetworkRuleIPRule(rule)))
{
throw new ArgumentOutOfRangeException("IPRule", String.Format("Can't remove IpRule with specific IPAddressOrRange since not exist: {0}", rule.IPAddressOrRange));
}
}
break;
}
StorageAccountUpdateParameters updateParameters = new StorageAccountUpdateParameters();
updateParameters.NetworkRuleSet = storageACL;
var updatedAccountResponse = this.StorageClient.StorageAccounts.Update(
this.ResourceGroupName,
this.Name,
updateParameters);
storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
case NetworkRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).VirtualNetworkRules);
break;
case IpRuleStringParameterSet:
case IpRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).IpRules);
break;
}
}
}
public PSIPRule(IPRule rule)
{
Action = rule.Action;
IPAddressOrRange = rule.IPAddressOrRange;
Validate();
}
