public static void AssertPolicyUpdate(CdnWebApplicationFirewallPolicy updatedPolicy, CdnWebApplicationFirewallPolicyPatchOptions updateOptions) { Assert.AreEqual(updatedPolicy.Data.Tags.Count, updateOptions.Tags.Count); foreach (var kv in updatedPolicy.Data.Tags) { Assert.True(updateOptions.Tags.ContainsKey(kv.Key)); Assert.AreEqual(kv.Value, updateOptions.Tags[kv.Key]); } }
public static void AssertValidPolicy(CdnWebApplicationFirewallPolicy model, CdnWebApplicationFirewallPolicy getResult) { Assert.AreEqual(model.Data.Name, getResult.Data.Name); Assert.AreEqual(model.Data.Id, getResult.Data.Id); Assert.AreEqual(model.Data.Type, getResult.Data.Type); Assert.AreEqual(model.Data.Etag, getResult.Data.Etag); Assert.AreEqual(model.Data.Sku.Name, getResult.Data.Sku.Name); Assert.AreEqual(model.Data.ProvisioningState, getResult.Data.ProvisioningState); Assert.AreEqual(model.Data.ResourceState, getResult.Data.ResourceState); //Todo: PolicySettings, RateLimitRules, CustomRules, ManagedRules, EndpointLinks }
public async Task CreateOrUpdate() { Subscription subscription = await Client.GetDefaultSubscriptionAsync(); ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-"); string policyName = Recording.GenerateAssetName("Policy"); CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName); Assert.AreEqual(policyName, policy.Data.Name); Assert.ThrowsAsync <ArgumentNullException>(async() => _ = await rg.GetCdnWebApplicationFirewallPolicies().CreateOrUpdateAsync(true, null, policy.Data)); Assert.ThrowsAsync <ArgumentNullException>(async() => _ = await rg.GetCdnWebApplicationFirewallPolicies().CreateOrUpdateAsync(true, policyName, null)); }
public async Task DeleteCdnWebApplicationFirewallPolicies() { #region Snippet:Managing_CdnWebApplicationFirewallPolicies_DeleteAWebApplicationFirewallPolicy // First we need to get the cdn web application firewall policy collection from the specific resource group CdnWebApplicationFirewallPolicyCollection policyCollection = resourceGroup.GetCdnWebApplicationFirewallPolicies(); // Now we can get the policy with GetAsync() CdnWebApplicationFirewallPolicy policy = await policyCollection.GetAsync("myPolicy"); // With DeleteAsync(), we can delete the policy await policy.DeleteAsync(WaitUntil.Completed); #endregion Snippet:Managing_CdnWebApplicationFirewallPolicies_DeleteAWebApplicationFirewallPolicy }
public async Task CreateCdnWebApplicationFirewallPolicies() { #region Snippet:Managing_CdnWebApplicationFirewallPolicies_CreateAWebApplicationFirewallPolicy // Get the cdn web application firewall policy collection from the specific resource group and create a firewall policy string policyName = "myPolicy"; var input = new CdnWebApplicationFirewallPolicyData("Global", new CdnSku { Name = CdnSkuName.StandardMicrosoft }); ArmOperation <CdnWebApplicationFirewallPolicy> lro = await resourceGroup.GetCdnWebApplicationFirewallPolicies().CreateOrUpdateAsync(WaitUntil.Completed, policyName, input); CdnWebApplicationFirewallPolicy policy = lro.Value; #endregion Snippet:Managing_CdnWebApplicationFirewallPolicies_CreateAWebApplicationFirewallPolicy }
public async Task Get() { Subscription subscription = await Client.GetDefaultSubscriptionAsync(); ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-"); string policyName = Recording.GenerateAssetName("Policy"); CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName); CdnWebApplicationFirewallPolicy getPolicy = await rg.GetCdnWebApplicationFirewallPolicies().GetAsync(policyName); ResourceDataHelper.AssertValidPolicy(policy, getPolicy); Assert.ThrowsAsync <ArgumentNullException>(async() => _ = await rg.GetCdnWebApplicationFirewallPolicies().GetAsync(null)); }
public async Task Delete() { Subscription subscription = await Client.GetDefaultSubscriptionAsync(); ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-"); string policyName = Recording.GenerateAssetName("Policy"); CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName); await policy.DeleteAsync(true); var ex = Assert.ThrowsAsync <RequestFailedException>(async() => await policy.GetAsync()); Assert.AreEqual(404, ex.Status); }
public async Task Update() { Subscription subscription = await Client.GetDefaultSubscriptionAsync(); ResourceGroup rg = await CreateResourceGroup(subscription, "testRg-"); string policyName = Recording.GenerateAssetName("Policy"); CdnWebApplicationFirewallPolicy policy = await CreatePolicy(rg, policyName); var lro = await policy.AddTagAsync("newTag", "newValue"); CdnWebApplicationFirewallPolicy updatedPolicy = lro.Value; ResourceDataHelper.AssertPolicyUpdate(updatedPolicy, "newTag", "newValue"); }
public static void AssertPolicyUpdate(CdnWebApplicationFirewallPolicy updatedPolicy, string key, string value) { Assert.GreaterOrEqual(updatedPolicy.Data.Tags.Count, 1); Assert.IsTrue(updatedPolicy.Data.Tags.ContainsKey(key)); Assert.AreEqual(updatedPolicy.Data.Tags[key], value); }
/// <summary> /// Create or update policy with specified rule set name within a resource /// group. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// Name of the Resource group within the Azure subscription. /// </param> /// <param name='policyName'> /// The name of the CdnWebApplicationFirewallPolicy. /// </param> /// <param name='cdnWebApplicationFirewallPolicy'> /// Policy to be created. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <CdnWebApplicationFirewallPolicy> BeginCreateOrUpdateAsync(this IPoliciesOperations operations, string resourceGroupName, string policyName, CdnWebApplicationFirewallPolicy cdnWebApplicationFirewallPolicy, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, policyName, cdnWebApplicationFirewallPolicy, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Create or update policy with specified rule set name within a resource /// group. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// Name of the Resource group within the Azure subscription. /// </param> /// <param name='policyName'> /// The name of the CdnWebApplicationFirewallPolicy. /// </param> /// <param name='cdnWebApplicationFirewallPolicy'> /// Policy to be created. /// </param> public static CdnWebApplicationFirewallPolicy BeginCreateOrUpdate(this IPoliciesOperations operations, string resourceGroupName, string policyName, CdnWebApplicationFirewallPolicy cdnWebApplicationFirewallPolicy) { return(operations.BeginCreateOrUpdateAsync(resourceGroupName, policyName, cdnWebApplicationFirewallPolicy).GetAwaiter().GetResult()); }
private static void AssertPoliciesEqual(string expectSubscriptionId, string expectResourceGroupName, string expectName, IList <CdnEndpoint> expectEndpointLinks, CdnWebApplicationFirewallPolicy expect, CdnWebApplicationFirewallPolicy actual) { Assert.Equal(expectName, actual.Name); Assert.Equal($"/subscriptions/{expectSubscriptionId}/resourcegroups/{expectResourceGroupName}/providers/Microsoft.Cdn/cdnwebapplicationfirewallpolicies/{expectName}", actual.Id); Assert.Equal(expect.Location, actual.Location); Assert.Equal(expect.Sku.Name, actual.Sku.Name); Assert.Equal(ProvisioningState.Succeeded, actual.ProvisioningState); Assert.Equal(PolicyResourceState.Enabled, actual.ResourceState); Assert.Equal(expect.Etag, actual.Etag); if (expect.RateLimitRules == null) { Assert.Null(actual.RateLimitRules); } else { Assert.Equal(expect.RateLimitRules.Rules.Count(), actual.RateLimitRules.Rules.Count()); foreach (var pair in expect.RateLimitRules.Rules.Zip(actual.RateLimitRules.Rules, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(pair.Expect.Action, pair.Actual.Action); Assert.Equal(pair.Expect.EnabledState, pair.Actual.EnabledState); Assert.Equal(pair.Expect.Name, pair.Actual.Name); Assert.Equal(pair.Expect.Priority, pair.Actual.Priority); Assert.Equal(pair.Expect.RateLimitDurationInMinutes, pair.Actual.RateLimitDurationInMinutes); Assert.Equal(pair.Expect.RateLimitThreshold, pair.Actual.RateLimitThreshold); if (pair.Expect.MatchConditions == null) { Assert.Null(pair.Actual.MatchConditions); } else { Assert.Equal(pair.Expect.MatchConditions.Count(), pair.Actual.MatchConditions.Count()); foreach (var mc in pair.Expect.MatchConditions.Zip(pair.Actual.MatchConditions, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(mc.Expect.MatchValue, mc.Actual.MatchValue); Assert.Equal(mc.Expect.MatchVariable, mc.Actual.MatchVariable); Assert.Equal(mc.Expect.NegateCondition, mc.Actual.NegateCondition); Assert.Equal(mc.Expect.OperatorProperty, mc.Actual.OperatorProperty); Assert.Equal(mc.Expect.Selector, mc.Actual.Selector); Assert.Equal(mc.Expect.Transforms, mc.Actual.Transforms); } } } } if (expect.CustomRules == null) { Assert.Null(actual.CustomRules); } else { Assert.Equal(expect.CustomRules.Rules.Count(), actual.CustomRules.Rules.Count()); foreach (var pair in expect.CustomRules.Rules.Zip(actual.CustomRules.Rules, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(pair.Expect.Action, pair.Actual.Action); Assert.Equal(pair.Expect.EnabledState, pair.Actual.EnabledState); Assert.Equal(pair.Expect.Name, pair.Actual.Name); Assert.Equal(pair.Expect.Priority, pair.Actual.Priority); if (pair.Expect.MatchConditions == null) { Assert.Null(pair.Actual.MatchConditions); } else { Assert.Equal(pair.Expect.MatchConditions.Count(), pair.Actual.MatchConditions.Count()); foreach (var mc in pair.Expect.MatchConditions.Zip(pair.Actual.MatchConditions, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(mc.Expect.MatchValue, mc.Actual.MatchValue); Assert.Equal(mc.Expect.MatchVariable, mc.Actual.MatchVariable); Assert.Equal(mc.Expect.NegateCondition, mc.Actual.NegateCondition); Assert.Equal(mc.Expect.OperatorProperty, mc.Actual.OperatorProperty); Assert.Equal(mc.Expect.Selector, mc.Actual.Selector); Assert.Equal(mc.Expect.Transforms, mc.Actual.Transforms); } } } } if (expect.ManagedRules == null) { Assert.Null(actual.ManagedRules); } else { Assert.Equal(expect.ManagedRules.ManagedRuleSets.Count(), actual.ManagedRules.ManagedRuleSets.Count()); foreach (var pair in expect.ManagedRules.ManagedRuleSets.Zip(actual.ManagedRules.ManagedRuleSets, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(pair.Expect.RuleSetType, pair.Actual.RuleSetType); Assert.Equal(pair.Expect.RuleSetVersion, pair.Actual.RuleSetVersion); if (pair.Expect.RuleGroupOverrides == null) { Assert.Null(pair.Actual.RuleGroupOverrides); } else { Assert.Equal(pair.Expect.RuleGroupOverrides.Count(), pair.Actual.RuleGroupOverrides.Count()); foreach (var rg in pair.Expect.RuleGroupOverrides.Zip(pair.Actual.RuleGroupOverrides, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(rg.Expect.RuleGroupName, rg.Actual.RuleGroupName); if (rg.Expect.Rules == null) { Assert.Null(rg.Actual.Rules); } else { Assert.Equal(rg.Expect.Rules.Count(), rg.Actual.Rules.Count()); foreach (var r in rg.Expect.Rules.Zip(rg.Actual.Rules, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(r.Expect.Action, r.Actual.Action); Assert.Equal(r.Expect.EnabledState, r.Actual.EnabledState); Assert.Equal(r.Expect.RuleId, r.Actual.RuleId); } } } } } } Assert.Equal(expect.PolicySettings.DefaultCustomBlockResponseBody, actual.PolicySettings.DefaultCustomBlockResponseBody); Assert.Equal(expect.PolicySettings.DefaultCustomBlockResponseStatusCode, actual.PolicySettings.DefaultCustomBlockResponseStatusCode); Assert.Equal(expect.PolicySettings.DefaultRedirectUrl, actual.PolicySettings.DefaultRedirectUrl); Assert.Equal(expect.PolicySettings.EnabledState, actual.PolicySettings.EnabledState); Assert.Equal(expect.PolicySettings.Mode, actual.PolicySettings.Mode); if (expectEndpointLinks == null) { Assert.Null(actual.EndpointLinks); } else { Assert.Equal(expectEndpointLinks.Count(), actual.EndpointLinks.Count()); foreach (var pair in expectEndpointLinks.Zip(actual.EndpointLinks, (e, a) => new { Expect = e, Actual = a })) { Assert.Equal(pair.Expect.Id, pair.Actual.Id); } } }
public void WafPolicyCreateOrUpdateTest() { var handler1 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler2 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; using (MockContext context = MockContext.Start(this.GetType())) { // Create clients var cdnMgmtClient = CdnTestUtilities.GetCdnManagementClient(context, handler1); var resourcesClient = CdnTestUtilities.GetResourceManagementClient(context, handler2); // Create resource group var resourceGroupName = CdnTestUtilities.CreateResourceGroup(resourcesClient); // Create a minimal cdn waf policy should succeed var policyName = TestUtilities.GenerateName("policy"); var policy = cdnMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, new CdnWebApplicationFirewallPolicy { Sku = new Sku(SkuName.StandardMicrosoft), Location = "Global", }); //Assert.NotNull(policy.Etag); Assert.Equal(policyName, policy.Name); Assert.Equal($"/subscriptions/{resourcesClient.SubscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Cdn/cdnwebapplicationfirewallpolicies/{policy.Name}", policy.Id); Assert.Equal("Global", policy.Location); Assert.Equal(SkuName.StandardMicrosoft, policy.Sku.Name); Assert.Equal(ProvisioningState.Succeeded, policy.ProvisioningState); Assert.Equal(PolicyResourceState.Enabled, policy.ResourceState); Assert.Empty(policy.EndpointLinks); Assert.Empty(policy.ManagedRules.ManagedRuleSets); Assert.Empty(policy.RateLimitRules.Rules); Assert.Empty(policy.CustomRules.Rules); Assert.Null(policy.PolicySettings.DefaultCustomBlockResponseBody); Assert.Null(policy.PolicySettings.DefaultCustomBlockResponseStatusCode); Assert.Null(policy.PolicySettings.DefaultRedirectUrl); Assert.Equal(PolicyEnabledState.Enabled, policy.PolicySettings.EnabledState); Assert.Equal(PolicyMode.Prevention, policy.PolicySettings.Mode); // Update policy with all parameters should succeed var expect = new CdnWebApplicationFirewallPolicy { Location = "Global", Sku = new Sku(SkuName.StandardMicrosoft), PolicySettings = new PolicySettings { EnabledState = "Enabled", Mode = "Detection", DefaultCustomBlockResponseBody = "PGh0bWw+PGJvZHk+PGgzPkludmFsaWQgcmVxdWVzdDwvaDM+PC9ib2R5PjwvaHRtbD4=", DefaultRedirectUrl = "https://example.com/redirected", DefaultCustomBlockResponseStatusCode = 406 }, CustomRules = new CustomRuleList(new List <CustomRule> { new CustomRule { Name = "CustomRule1", Priority = 2, EnabledState = "Enabled", Action = "Block", MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "QueryString", OperatorProperty = "Contains", NegateCondition = false, MatchValue = new List <string> { "TestTrigger123" }, //Transforms = new List<String> { "Uppercase" } } } } }), RateLimitRules = new RateLimitRuleList(new List <RateLimitRule> { new RateLimitRule { Name = "RateLimitRule1", Priority = 1, EnabledState = "Disabled", RateLimitDurationInMinutes = 1, RateLimitThreshold = 3, MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "RemoteAddr", Selector = null, OperatorProperty = "IPMatch", NegateCondition = false, MatchValue = new List <string> { "131.107.0.0/16", "167.220.0.0/16" } } }, Action = "Block" }, new RateLimitRule { Name = "RateLimitRule2", Priority = 10, EnabledState = "Enabled", RateLimitDurationInMinutes = 1, RateLimitThreshold = 1, MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "RequestUri", Selector = null, OperatorProperty = "Contains", NegateCondition = false, MatchValue = new List <string> { "yes" } } }, Action = "Block" } }), ManagedRules = new ManagedRuleSetList(new List <ManagedRuleSet> { new ManagedRuleSet { RuleSetType = "DefaultRuleSet", RuleSetVersion = "1.0", RuleGroupOverrides = new List <ManagedRuleGroupOverride> { new ManagedRuleGroupOverride { RuleGroupName = "JAVA", Rules = new List <ManagedRuleOverride> { new ManagedRuleOverride { RuleId = "944100", EnabledState = "Disabled", Action = "Redirect" } } } } } }), Tags = new Dictionary <string, string> { { "abc", "123" } } }; policy = cdnMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, expect); AssertPoliciesEqual(resourcesClient.SubscriptionId, resourceGroupName, policyName, new List <CdnEndpoint>(), expect, policy); // Create a complete cdn waf policy should succeed var policy2Name = TestUtilities.GenerateName("policy"); var expect2 = new CdnWebApplicationFirewallPolicy { Location = "Global", Sku = new Sku(SkuName.StandardMicrosoft), PolicySettings = new PolicySettings { EnabledState = "Enabled", Mode = "Detection", DefaultCustomBlockResponseBody = "PGh0bWw+PGJvZHk+PGgzPkludmFsaWQgcmVxdWVzdDwvaDM+PC9ib2R5PjwvaHRtbD4=", DefaultRedirectUrl = "https://example.com/redirected", DefaultCustomBlockResponseStatusCode = 406 }, CustomRules = new CustomRuleList(new List <CustomRule> { new CustomRule { Name = "CustomRule1", Priority = 2, EnabledState = "Enabled", Action = "Block", MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "QueryString", OperatorProperty = "Contains", NegateCondition = false, MatchValue = new List <string> { "TestTrigger123" }, //Transforms = new List<String> { "Uppercase" } } } } }), RateLimitRules = new RateLimitRuleList(new List <RateLimitRule> { new RateLimitRule { Name = "RateLimitRule1", Priority = 1, EnabledState = "Disabled", RateLimitDurationInMinutes = 1, RateLimitThreshold = 3, MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "RemoteAddr", Selector = null, OperatorProperty = "IPMatch", NegateCondition = false, MatchValue = new List <string> { "131.107.0.0/16", "167.220.0.0/16" } } }, Action = "Block" }, new RateLimitRule { Name = "RateLimitRule2", Priority = 10, EnabledState = "Enabled", RateLimitDurationInMinutes = 1, RateLimitThreshold = 1, MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "RequestUri", Selector = null, OperatorProperty = "Contains", NegateCondition = false, MatchValue = new List <string> { "yes" } } }, Action = "Block" } }), ManagedRules = new ManagedRuleSetList(new List <ManagedRuleSet> { new ManagedRuleSet { RuleSetType = "DefaultRuleSet", RuleSetVersion = "1.0", RuleGroupOverrides = new List <ManagedRuleGroupOverride> { new ManagedRuleGroupOverride { RuleGroupName = "JAVA", Rules = new List <ManagedRuleOverride> { new ManagedRuleOverride { RuleId = "944100", EnabledState = "Disabled", Action = "Redirect" } } } } } }), Tags = new Dictionary <string, string> { { "abc", "123" } } }; var policy2 = cdnMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policy2Name, expect2); AssertPoliciesEqual(resourcesClient.SubscriptionId, resourceGroupName, policy2Name, new List <CdnEndpoint>(), expect2, policy2); } }