public override void ExecuteCmdlet() { if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName)) { var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); SiteConfig siteConfig = webApp.SiteConfig; var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions; IpSecurityRestriction ipSecurityRestriction = null; IDictionary <string, IList <string> > httpHeader = null; if (HttpHeader != null) { httpHeader = ConvertHeaderHashtable(HttpHeader); } int intPriority = checked ((int)Priority); switch (ParameterSetName) { case IpAddressParameterSet: ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description, httpHeader); accessRestrictionList.Add(ipSecurityRestriction); break; case ServiceTagParameterSet: ipSecurityRestriction = new IpSecurityRestriction(ServiceTag, null, null, null, null, Action, "ServiceTag", intPriority, Name, Description, httpHeader); accessRestrictionList.Add(ipSecurityRestriction); break; case SubnetNameParameterSet: case SubnetIdParameterSet: var Subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId; //Fetch RG of given SubNet var subNetResourceGroupName = CmdletHelpers.GetSubnetResourceGroupName(DefaultContext, Subnet, VirtualNetworkName); //If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call. subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName; var subnetResourceId = CmdletHelpers.ValidateSubnet(Subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id); if (!IgnoreMissingServiceEndpoint) { CmdletHelpers.VerifySubnetDelegation(subnetResourceId); } ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description, httpHeader); accessRestrictionList.Add(ipSecurityRestriction); break; } if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'")) { // Update web app configuration WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig); if (PassThru) { // Refresh object to get the final state webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName); WriteObject(accessRestrictionSettings); } } } }
public override void ExecuteCmdlet() { if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(Name)) { var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, Name, SlotName)); var accessRestrictionConfig = new PSAccessRestrictionConfig(ResourceGroupName, Name, webApp.SiteConfig, SlotName); WriteObject(accessRestrictionConfig); } }
public override void ExecuteCmdlet() { base.ExecuteCmdlet(); bool inheritConfig = false; switch (ParameterSetName) { case InputValuesParameterSet: inheritConfig = ScmSiteUseMainSiteRestrictionConfig; break; case InputObjectParameterSet: inheritConfig = InputObject.ScmSiteUseMainSiteRestrictionConfig; ResourceGroupName = InputObject.ResourceGroupName; Name = InputObject.WebAppName; SlotName = InputObject.SlotName; break; } string updateActionText = inheritConfig ? "" : "not "; if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(Name)) { if (ShouldProcess(Name, $"Update Scm Site of WebApp '{Name}' to {updateActionText}use Main Site Access Restriction Config")) { var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, Name, SlotName)); SiteConfig siteConfig = webApp.SiteConfig; if (siteConfig.ScmIpSecurityRestrictionsUseMain != inheritConfig) { siteConfig.ScmIpSecurityRestrictionsUseMain = inheritConfig; // Update web app configuration WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, Name, SlotName, siteConfig); } if (PassThru) { var accessRestrictionConfig = new PSAccessRestrictionConfig(ResourceGroupName, Name, webApp.SiteConfig, SlotName); WriteObject(accessRestrictionConfig); } } } }
public override void ExecuteCmdlet() { if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName)) { if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule '{Name}' from Web App '{WebAppName}'")) { var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); SiteConfig siteConfig = webApp.SiteConfig; var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions; IpSecurityRestriction ipSecurityRestriction = null; bool accessRestrictionExists = false; foreach (var accessRestriction in accessRestrictionList) { if (accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant()) { ipSecurityRestriction = accessRestriction; accessRestrictionExists = true; break; } } if (accessRestrictionExists) { accessRestrictionList.Remove(ipSecurityRestriction); } // Update web app configuration WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig); if (PassThru) { // Refresh object to get the final state webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); var accessRestrictionConfig = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName); WriteObject(accessRestrictionConfig); } } } }
public override void ExecuteCmdlet() { if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName)) { var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); SiteConfig siteConfig = webApp.SiteConfig; var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions; IpSecurityRestriction ipSecurityRestriction = null; bool accessRestrictionExists = false; int intPriority = checked ((int)Priority); switch (ParameterSetName) { case IpAddressParameterSet: foreach (var accessRestriction in accessRestrictionList) { if (accessRestriction.IpAddress != null && accessRestriction.IpAddress == IpAddress && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant()) { accessRestrictionExists = true; accessRestriction.Name = Name; accessRestriction.Priority = intPriority; accessRestriction.Description = Description; break; } } if (!accessRestrictionExists) { ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description); accessRestrictionList.Add(ipSecurityRestriction); } break; case SubnetNameParameterSet: case SubnetIdParameterSet: var Subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId; //Fetch RG of given SubNet var subNetResourceGroupName = CmdletHelpers.GetSubnetResourceGroupName(DefaultContext, Subnet, VirtualNetworkName); //If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call. subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName; var subnetResourceId = CmdletHelpers.ValidateSubnet(Subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id); if (!IgnoreMissingServiceEndpoint) { CmdletHelpers.VerifySubnetDelegation(subnetResourceId); } foreach (var accessRestriction in accessRestrictionList) { if (accessRestriction.VnetSubnetResourceId != null && accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant()) { accessRestrictionExists = true; accessRestriction.Name = Name; accessRestriction.Priority = intPriority; accessRestriction.Description = Description; break; } } if (!accessRestrictionExists) { ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description); accessRestrictionList.Add(ipSecurityRestriction); } break; } string updateAction = accessRestrictionExists ? "Updating" : "Adding"; if (ShouldProcess(WebAppName, $"{updateAction} Access Restriction Rule '{Name}' for Web App '{WebAppName}'")) { // Update web app configuration WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig); if (PassThru) { // Refresh object to get the final state webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName); WriteObject(accessRestrictionSettings); } } } }
public override void ExecuteCmdlet() { if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName)) { var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); SiteConfig siteConfig = webApp.SiteConfig; var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions; IpSecurityRestriction ipSecurityRestriction = null; IDictionary <string, IList <string> > httpHeader = null; if (HttpHeader != null) { httpHeader = ConvertHeaderHashtable(HttpHeader); } int intPriority = checked ((int)Priority); switch (ParameterSetName) { case IpAddressParameterSet: CheckDuplicateIPRestriction(IpAddress, accessRestrictionList); ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description, httpHeader); accessRestrictionList.Add(ipSecurityRestriction); break; case ServiceTagParameterSet: CheckDuplicateIPRestriction(ServiceTag, accessRestrictionList); ipSecurityRestriction = new IpSecurityRestriction(ServiceTag, null, null, null, null, Action, "ServiceTag", intPriority, Name, Description, httpHeader); accessRestrictionList.Add(ipSecurityRestriction); break; case SubnetNameParameterSet: case SubnetIdParameterSet: var subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId; //Fetch RG of given SubNet var subNetResourceGroupName = NetworkClient.GetSubnetResourceGroupName(subnet, VirtualNetworkName); //If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call. subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName; var subnetResourceId = NetworkClient.ValidateSubnet(subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id); CheckDuplicateServiceEndpointRestriction(subnetResourceId, accessRestrictionList); if (!IgnoreMissingServiceEndpoint) { var subnetSubcriptionId = CmdletHelpers.GetSubscriptionIdFromResourceId(subnetResourceId); if (subnetSubcriptionId != DefaultContext.Subscription.Id) { throw new Exception("Service endpoint cannot be validated. Subnet is in another subscription. Use -IgnoreMissingServiceEndpoint and manually verify that 'Microsoft.Web' service endpoint is enabled on the subnet."); } var serviceEndpointServiceName = "Microsoft.Web"; var serviceEndpointLocations = new List <string>() { "*" }; NetworkClient.EnsureSubnetServiceEndpoint(subnetResourceId, serviceEndpointServiceName, serviceEndpointLocations); } ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description, httpHeader); accessRestrictionList.Add(ipSecurityRestriction); break; } if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'")) { // Update web app configuration WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig); if (PassThru) { // Refresh object to get the final state webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName); WriteObject(accessRestrictionSettings); } } } }
public override void ExecuteCmdlet() { if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName)) { if (ShouldProcess(WebAppName, $"Removing Access Restriction Rule from Web App '{WebAppName}'")) { var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); SiteConfig siteConfig = webApp.SiteConfig; var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions; IpSecurityRestriction ipSecurityRestriction = null; bool accessRestrictionExists = false; foreach (var accessRestriction in accessRestrictionList) { if (!string.IsNullOrWhiteSpace(Name)) { if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant()) { ipSecurityRestriction = accessRestriction; accessRestrictionExists = true; break; } } else if (!string.IsNullOrWhiteSpace(IpAddress)) { if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == IpAddress.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant()) { if (!string.IsNullOrWhiteSpace(Name)) { if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant()) { continue; } } ipSecurityRestriction = accessRestriction; accessRestrictionExists = true; break; } } else if (!string.IsNullOrWhiteSpace(SubnetId) || (!string.IsNullOrWhiteSpace(SubnetName) && !string.IsNullOrWhiteSpace(VirtualNetworkName))) { var subnet = !string.IsNullOrWhiteSpace(SubnetId) ? SubnetId : SubnetName; var subnetResourceId = CmdletHelpers.ValidateSubnet(subnet, VirtualNetworkName, ResourceGroupName, DefaultContext.Subscription.Id); if (!string.IsNullOrWhiteSpace(accessRestriction.VnetSubnetResourceId) && accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant()) { if (!string.IsNullOrWhiteSpace(Name)) { if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant()) { continue; } } ipSecurityRestriction = accessRestriction; accessRestrictionExists = true; break; } } } if (accessRestrictionExists) { accessRestrictionList.Remove(ipSecurityRestriction); } // Update web app configuration WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig); if (PassThru) { // Refresh object to get the final state webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName)); var accessRestrictionConfig = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName); WriteObject(accessRestrictionConfig); } } } }