public static void AssertPolicyUpdate(CdnWebApplicationFirewallPolicy updatedPolicy, CdnWebApplicationFirewallPolicyPatchOptions updateOptions)
{
Assert.AreEqual(updatedPolicy.Data.Tags.Count, updateOptions.Tags.Count);
foreach (var kv in updatedPolicy.Data.Tags)
{
Assert.True(updateOptions.Tags.ContainsKey(kv.Key));
Assert.AreEqual(kv.Value, updateOptions.Tags[kv.Key]);
}
}
public static void AssertValidPolicy(CdnWebApplicationFirewallPolicy model, CdnWebApplicationFirewallPolicy getResult)
{
Assert.AreEqual(model.Data.Name, getResult.Data.Name);
Assert.AreEqual(model.Data.Id, getResult.Data.Id);
Assert.AreEqual(model.Data.Type, getResult.Data.Type);
Assert.AreEqual(model.Data.Etag, getResult.Data.Etag);
Assert.AreEqual(model.Data.Sku.Name, getResult.Data.Sku.Name);
Assert.AreEqual(model.Data.ProvisioningState, getResult.Data.ProvisioningState);
Assert.AreEqual(model.Data.ResourceState, getResult.Data.ResourceState);
//Todo: PolicySettings, RateLimitRules, CustomRules, ManagedRules, EndpointLinks
}
public async Task CreateOrUpdate()
{
Subscription subscription = await Client.GetDefaultSubscriptionAsync();
ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-");
string policyName = Recording.GenerateAssetName("Policy");
CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName);
Assert.AreEqual(policyName, policy.Data.Name);
Assert.ThrowsAsync <ArgumentNullException>(async() => _ = await rg.GetCdnWebApplicationFirewallPolicies().CreateOrUpdateAsync(true, null, policy.Data));
Assert.ThrowsAsync <ArgumentNullException>(async() => _ = await rg.GetCdnWebApplicationFirewallPolicies().CreateOrUpdateAsync(true, policyName, null));
}
public async Task DeleteCdnWebApplicationFirewallPolicies()
{
#region Snippet:Managing_CdnWebApplicationFirewallPolicies_DeleteAWebApplicationFirewallPolicy
// First we need to get the cdn web application firewall policy collection from the specific resource group
CdnWebApplicationFirewallPolicyCollection policyCollection = resourceGroup.GetCdnWebApplicationFirewallPolicies();
// Now we can get the policy with GetAsync()
CdnWebApplicationFirewallPolicy policy = await policyCollection.GetAsync("myPolicy");
// With DeleteAsync(), we can delete the policy
await policy.DeleteAsync(WaitUntil.Completed);
#endregion Snippet:Managing_CdnWebApplicationFirewallPolicies_DeleteAWebApplicationFirewallPolicy
}
public async Task CreateCdnWebApplicationFirewallPolicies()
{
#region Snippet:Managing_CdnWebApplicationFirewallPolicies_CreateAWebApplicationFirewallPolicy
// Get the cdn web application firewall policy collection from the specific resource group and create a firewall policy
string policyName = "myPolicy";
var input = new CdnWebApplicationFirewallPolicyData("Global", new CdnSku
{
Name = CdnSkuName.StandardMicrosoft
});
ArmOperation <CdnWebApplicationFirewallPolicy> lro = await resourceGroup.GetCdnWebApplicationFirewallPolicies().CreateOrUpdateAsync(WaitUntil.Completed, policyName, input);
CdnWebApplicationFirewallPolicy policy = lro.Value;
#endregion Snippet:Managing_CdnWebApplicationFirewallPolicies_CreateAWebApplicationFirewallPolicy
}
public async Task Get()
{
Subscription subscription = await Client.GetDefaultSubscriptionAsync();
ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-");
string policyName = Recording.GenerateAssetName("Policy");
CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName);
CdnWebApplicationFirewallPolicy getPolicy = await rg.GetCdnWebApplicationFirewallPolicies().GetAsync(policyName);
ResourceDataHelper.AssertValidPolicy(policy, getPolicy);
Assert.ThrowsAsync <ArgumentNullException>(async() => _ = await rg.GetCdnWebApplicationFirewallPolicies().GetAsync(null));
}
public async Task Delete()
{
Subscription subscription = await Client.GetDefaultSubscriptionAsync();
ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-");
string policyName = Recording.GenerateAssetName("Policy");
CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName);
await policy.DeleteAsync(true);
var ex = Assert.ThrowsAsync <RequestFailedException>(async() => await policy.GetAsync());
Assert.AreEqual(404, ex.Status);
}
public async Task Update()
{
Subscription subscription = await Client.GetDefaultSubscriptionAsync();
ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-");
string policyName = Recording.GenerateAssetName("Policy");
CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName);
var lro = await policy.AddTagAsync("newTag", "newValue");
CdnWebApplicationFirewallPolicy updatedPolicy = lro.Value;
ResourceDataHelper.AssertPolicyUpdate(updatedPolicy, "newTag", "newValue");
}
public static void AssertPolicyUpdate(CdnWebApplicationFirewallPolicy updatedPolicy, string key, string value)
{
Assert.GreaterOrEqual(updatedPolicy.Data.Tags.Count, 1);
Assert.IsTrue(updatedPolicy.Data.Tags.ContainsKey(key));
Assert.AreEqual(updatedPolicy.Data.Tags[key], value);
}
/// <summary>
/// Create or update policy with specified rule set name within a resource
/// group.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// Name of the Resource group within the Azure subscription.
/// </param>
/// <param name='policyName'>
/// The name of the CdnWebApplicationFirewallPolicy.
/// </param>
/// <param name='cdnWebApplicationFirewallPolicy'>
/// Policy to be created.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <CdnWebApplicationFirewallPolicy> BeginCreateOrUpdateAsync(this IPoliciesOperations operations, string resourceGroupName, string policyName, CdnWebApplicationFirewallPolicy cdnWebApplicationFirewallPolicy, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, policyName, cdnWebApplicationFirewallPolicy, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Create or update policy with specified rule set name within a resource
/// group.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// Name of the Resource group within the Azure subscription.
/// </param>
/// <param name='policyName'>
/// The name of the CdnWebApplicationFirewallPolicy.
/// </param>
/// <param name='cdnWebApplicationFirewallPolicy'>
/// Policy to be created.
/// </param>
public static CdnWebApplicationFirewallPolicy BeginCreateOrUpdate(this IPoliciesOperations operations, string resourceGroupName, string policyName, CdnWebApplicationFirewallPolicy cdnWebApplicationFirewallPolicy)
{
return(operations.BeginCreateOrUpdateAsync(resourceGroupName, policyName, cdnWebApplicationFirewallPolicy).GetAwaiter().GetResult());
}
private static void AssertPoliciesEqual(string expectSubscriptionId, string expectResourceGroupName, string expectName, IList <CdnEndpoint> expectEndpointLinks, CdnWebApplicationFirewallPolicy expect, CdnWebApplicationFirewallPolicy actual)
{
Assert.Equal(expectName, actual.Name);
Assert.Equal($"/subscriptions/{expectSubscriptionId}/resourcegroups/{expectResourceGroupName}/providers/Microsoft.Cdn/cdnwebapplicationfirewallpolicies/{expectName}", actual.Id);
Assert.Equal(expect.Location, actual.Location);
Assert.Equal(expect.Sku.Name, actual.Sku.Name);
Assert.Equal(ProvisioningState.Succeeded, actual.ProvisioningState);
Assert.Equal(PolicyResourceState.Enabled, actual.ResourceState);
Assert.Equal(expect.Etag, actual.Etag);
if (expect.RateLimitRules == null)
{
Assert.Null(actual.RateLimitRules);
}
else
{
Assert.Equal(expect.RateLimitRules.Rules.Count(), actual.RateLimitRules.Rules.Count());
foreach (var pair in expect.RateLimitRules.Rules.Zip(actual.RateLimitRules.Rules, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(pair.Expect.Action, pair.Actual.Action);
Assert.Equal(pair.Expect.EnabledState, pair.Actual.EnabledState);
Assert.Equal(pair.Expect.Name, pair.Actual.Name);
Assert.Equal(pair.Expect.Priority, pair.Actual.Priority);
Assert.Equal(pair.Expect.RateLimitDurationInMinutes, pair.Actual.RateLimitDurationInMinutes);
Assert.Equal(pair.Expect.RateLimitThreshold, pair.Actual.RateLimitThreshold);
if (pair.Expect.MatchConditions == null)
{
Assert.Null(pair.Actual.MatchConditions);
}
else
{
Assert.Equal(pair.Expect.MatchConditions.Count(), pair.Actual.MatchConditions.Count());
foreach (var mc in pair.Expect.MatchConditions.Zip(pair.Actual.MatchConditions, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(mc.Expect.MatchValue, mc.Actual.MatchValue);
Assert.Equal(mc.Expect.MatchVariable, mc.Actual.MatchVariable);
Assert.Equal(mc.Expect.NegateCondition, mc.Actual.NegateCondition);
Assert.Equal(mc.Expect.OperatorProperty, mc.Actual.OperatorProperty);
Assert.Equal(mc.Expect.Selector, mc.Actual.Selector);
Assert.Equal(mc.Expect.Transforms, mc.Actual.Transforms);
}
}
}
}
if (expect.CustomRules == null)
{
Assert.Null(actual.CustomRules);
}
else
{
Assert.Equal(expect.CustomRules.Rules.Count(), actual.CustomRules.Rules.Count());
foreach (var pair in expect.CustomRules.Rules.Zip(actual.CustomRules.Rules, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(pair.Expect.Action, pair.Actual.Action);
Assert.Equal(pair.Expect.EnabledState, pair.Actual.EnabledState);
Assert.Equal(pair.Expect.Name, pair.Actual.Name);
Assert.Equal(pair.Expect.Priority, pair.Actual.Priority);
if (pair.Expect.MatchConditions == null)
{
Assert.Null(pair.Actual.MatchConditions);
}
else
{
Assert.Equal(pair.Expect.MatchConditions.Count(), pair.Actual.MatchConditions.Count());
foreach (var mc in pair.Expect.MatchConditions.Zip(pair.Actual.MatchConditions, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(mc.Expect.MatchValue, mc.Actual.MatchValue);
Assert.Equal(mc.Expect.MatchVariable, mc.Actual.MatchVariable);
Assert.Equal(mc.Expect.NegateCondition, mc.Actual.NegateCondition);
Assert.Equal(mc.Expect.OperatorProperty, mc.Actual.OperatorProperty);
Assert.Equal(mc.Expect.Selector, mc.Actual.Selector);
Assert.Equal(mc.Expect.Transforms, mc.Actual.Transforms);
}
}
}
}
if (expect.ManagedRules == null)
{
Assert.Null(actual.ManagedRules);
}
else
{
Assert.Equal(expect.ManagedRules.ManagedRuleSets.Count(), actual.ManagedRules.ManagedRuleSets.Count());
foreach (var pair in expect.ManagedRules.ManagedRuleSets.Zip(actual.ManagedRules.ManagedRuleSets, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(pair.Expect.RuleSetType, pair.Actual.RuleSetType);
Assert.Equal(pair.Expect.RuleSetVersion, pair.Actual.RuleSetVersion);
if (pair.Expect.RuleGroupOverrides == null)
{
Assert.Null(pair.Actual.RuleGroupOverrides);
}
else
{
Assert.Equal(pair.Expect.RuleGroupOverrides.Count(), pair.Actual.RuleGroupOverrides.Count());
foreach (var rg in pair.Expect.RuleGroupOverrides.Zip(pair.Actual.RuleGroupOverrides, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(rg.Expect.RuleGroupName, rg.Actual.RuleGroupName);
if (rg.Expect.Rules == null)
{
Assert.Null(rg.Actual.Rules);
}
else
{
Assert.Equal(rg.Expect.Rules.Count(), rg.Actual.Rules.Count());
foreach (var r in rg.Expect.Rules.Zip(rg.Actual.Rules, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(r.Expect.Action, r.Actual.Action);
Assert.Equal(r.Expect.EnabledState, r.Actual.EnabledState);
Assert.Equal(r.Expect.RuleId, r.Actual.RuleId);
}
}
}
}
}
}
Assert.Equal(expect.PolicySettings.DefaultCustomBlockResponseBody, actual.PolicySettings.DefaultCustomBlockResponseBody);
Assert.Equal(expect.PolicySettings.DefaultCustomBlockResponseStatusCode, actual.PolicySettings.DefaultCustomBlockResponseStatusCode);
Assert.Equal(expect.PolicySettings.DefaultRedirectUrl, actual.PolicySettings.DefaultRedirectUrl);
Assert.Equal(expect.PolicySettings.EnabledState, actual.PolicySettings.EnabledState);
Assert.Equal(expect.PolicySettings.Mode, actual.PolicySettings.Mode);
if (expectEndpointLinks == null)
{
Assert.Null(actual.EndpointLinks);
}
else
{
Assert.Equal(expectEndpointLinks.Count(), actual.EndpointLinks.Count());
foreach (var pair in expectEndpointLinks.Zip(actual.EndpointLinks, (e, a) => new { Expect = e, Actual = a }))
{
Assert.Equal(pair.Expect.Id, pair.Actual.Id);
}
}
}
public void WafPolicyCreateOrUpdateTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType()))
{
// Create clients
var cdnMgmtClient = CdnTestUtilities.GetCdnManagementClient(context, handler1);
var resourcesClient = CdnTestUtilities.GetResourceManagementClient(context, handler2);
// Create resource group
var resourceGroupName = CdnTestUtilities.CreateResourceGroup(resourcesClient);
// Create a minimal cdn waf policy should succeed
var policyName = TestUtilities.GenerateName("policy");
var policy = cdnMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, new CdnWebApplicationFirewallPolicy
{
Sku = new Sku(SkuName.StandardMicrosoft),
Location = "Global",
});
//Assert.NotNull(policy.Etag);
Assert.Equal(policyName, policy.Name);
Assert.Equal($"/subscriptions/{resourcesClient.SubscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Cdn/cdnwebapplicationfirewallpolicies/{policy.Name}", policy.Id);
Assert.Equal("Global", policy.Location);
Assert.Equal(SkuName.StandardMicrosoft, policy.Sku.Name);
Assert.Equal(ProvisioningState.Succeeded, policy.ProvisioningState);
Assert.Equal(PolicyResourceState.Enabled, policy.ResourceState);
Assert.Empty(policy.EndpointLinks);
Assert.Empty(policy.ManagedRules.ManagedRuleSets);
Assert.Empty(policy.RateLimitRules.Rules);
Assert.Empty(policy.CustomRules.Rules);
Assert.Null(policy.PolicySettings.DefaultCustomBlockResponseBody);
Assert.Null(policy.PolicySettings.DefaultCustomBlockResponseStatusCode);
Assert.Null(policy.PolicySettings.DefaultRedirectUrl);
Assert.Equal(PolicyEnabledState.Enabled, policy.PolicySettings.EnabledState);
Assert.Equal(PolicyMode.Prevention, policy.PolicySettings.Mode);
// Update policy with all parameters should succeed
var expect = new CdnWebApplicationFirewallPolicy
{
Location = "Global",
Sku = new Sku(SkuName.StandardMicrosoft),
PolicySettings = new PolicySettings
{
EnabledState = "Enabled",
Mode = "Detection",
DefaultCustomBlockResponseBody = "PGh0bWw+PGJvZHk+PGgzPkludmFsaWQgcmVxdWVzdDwvaDM+PC9ib2R5PjwvaHRtbD4=",
DefaultRedirectUrl = "https://example.com/redirected",
DefaultCustomBlockResponseStatusCode = 406
},
CustomRules = new CustomRuleList(new List <CustomRule>
{
new CustomRule {
Name = "CustomRule1",
Priority = 2,
EnabledState = "Enabled",
Action = "Block",
MatchConditions = new List <MatchCondition>
{
new MatchCondition {
MatchVariable = "QueryString",
OperatorProperty = "Contains",
NegateCondition = false,
MatchValue = new List <string> {
"TestTrigger123"
},
//Transforms = new List<String> { "Uppercase" }
}
}
}
}),
RateLimitRules = new RateLimitRuleList(new List <RateLimitRule>
{
new RateLimitRule {
Name = "RateLimitRule1",
Priority = 1,
EnabledState = "Disabled",
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 3,
MatchConditions = new List <MatchCondition> {
new MatchCondition {
MatchVariable = "RemoteAddr",
Selector = null,
OperatorProperty = "IPMatch",
NegateCondition = false,
MatchValue = new List <string> {
"131.107.0.0/16",
"167.220.0.0/16"
}
}
},
Action = "Block"
},
new RateLimitRule {
Name = "RateLimitRule2",
Priority = 10,
EnabledState = "Enabled",
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 1,
MatchConditions = new List <MatchCondition> {
new MatchCondition {
MatchVariable = "RequestUri",
Selector = null,
OperatorProperty = "Contains",
NegateCondition = false,
MatchValue = new List <string> {
"yes"
}
}
},
Action = "Block"
}
}),
ManagedRules = new ManagedRuleSetList(new List <ManagedRuleSet>
{
new ManagedRuleSet {
RuleSetType = "DefaultRuleSet",
RuleSetVersion = "1.0",
RuleGroupOverrides = new List <ManagedRuleGroupOverride> {
new ManagedRuleGroupOverride {
RuleGroupName = "JAVA",
Rules = new List <ManagedRuleOverride> {
new ManagedRuleOverride {
RuleId = "944100",
EnabledState = "Disabled",
Action = "Redirect"
}
}
}
}
}
}),
Tags = new Dictionary <string, string>
{
{ "abc", "123" }
}
};
policy = cdnMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, expect);
AssertPoliciesEqual(resourcesClient.SubscriptionId, resourceGroupName, policyName, new List <CdnEndpoint>(), expect, policy);
// Create a complete cdn waf policy should succeed
var policy2Name = TestUtilities.GenerateName("policy");
var expect2 = new CdnWebApplicationFirewallPolicy
{
Location = "Global",
Sku = new Sku(SkuName.StandardMicrosoft),
PolicySettings = new PolicySettings
{
EnabledState = "Enabled",
Mode = "Detection",
DefaultCustomBlockResponseBody = "PGh0bWw+PGJvZHk+PGgzPkludmFsaWQgcmVxdWVzdDwvaDM+PC9ib2R5PjwvaHRtbD4=",
DefaultRedirectUrl = "https://example.com/redirected",
DefaultCustomBlockResponseStatusCode = 406
},
CustomRules = new CustomRuleList(new List <CustomRule>
{
new CustomRule {
Name = "CustomRule1",
Priority = 2,
EnabledState = "Enabled",
Action = "Block",
MatchConditions = new List <MatchCondition>
{
new MatchCondition {
MatchVariable = "QueryString",
OperatorProperty = "Contains",
NegateCondition = false,
MatchValue = new List <string> {
"TestTrigger123"
},
//Transforms = new List<String> { "Uppercase" }
}
}
}
}),
RateLimitRules = new RateLimitRuleList(new List <RateLimitRule>
{
new RateLimitRule {
Name = "RateLimitRule1",
Priority = 1,
EnabledState = "Disabled",
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 3,
MatchConditions = new List <MatchCondition> {
new MatchCondition {
MatchVariable = "RemoteAddr",
Selector = null,
OperatorProperty = "IPMatch",
NegateCondition = false,
MatchValue = new List <string> {
"131.107.0.0/16",
"167.220.0.0/16"
}
}
},
Action = "Block"
},
new RateLimitRule {
Name = "RateLimitRule2",
Priority = 10,
EnabledState = "Enabled",
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 1,
MatchConditions = new List <MatchCondition> {
new MatchCondition {
MatchVariable = "RequestUri",
Selector = null,
OperatorProperty = "Contains",
NegateCondition = false,
MatchValue = new List <string> {
"yes"
}
}
},
Action = "Block"
}
}),
ManagedRules = new ManagedRuleSetList(new List <ManagedRuleSet>
{
new ManagedRuleSet {
RuleSetType = "DefaultRuleSet",
RuleSetVersion = "1.0",
RuleGroupOverrides = new List <ManagedRuleGroupOverride> {
new ManagedRuleGroupOverride {
RuleGroupName = "JAVA",
Rules = new List <ManagedRuleOverride> {
new ManagedRuleOverride {
RuleId = "944100",
EnabledState = "Disabled",
Action = "Redirect"
}
}
}
}
}
}),
Tags = new Dictionary <string, string>
{
{ "abc", "123" }
}
};
var policy2 = cdnMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policy2Name, expect2);
AssertPoliciesEqual(resourcesClient.SubscriptionId, resourceGroupName, policy2Name, new List <CdnEndpoint>(), expect2, policy2);
}
}
