public override void ExecuteCmdlet()
{
if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
{
var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
SiteConfig siteConfig = webApp.SiteConfig;
var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
IpSecurityRestriction ipSecurityRestriction = null;
IDictionary <string, IList <string> > httpHeader = null;
if (HttpHeader != null)
{
httpHeader = ConvertHeaderHashtable(HttpHeader);
}
int intPriority = checked ((int)Priority);
switch (ParameterSetName)
{
case IpAddressParameterSet:
CheckDuplicateIPRestriction(IpAddress, accessRestrictionList);
ipSecurityRestriction = new IpSecurityRestriction(IpAddress, null, null, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case ServiceTagParameterSet:
CheckDuplicateIPRestriction(ServiceTag, accessRestrictionList);
ipSecurityRestriction = new IpSecurityRestriction(ServiceTag, null, null, null, null, Action, "ServiceTag", intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
case SubnetNameParameterSet:
case SubnetIdParameterSet:
var subnet = ParameterSetName == SubnetNameParameterSet ? SubnetName : SubnetId;
//Fetch RG of given SubNet
var subNetResourceGroupName = NetworkClient.GetSubnetResourceGroupName(subnet, VirtualNetworkName);
//If unble to fetch SubNet rg from above step, use the input RG to get validation error from api call.
subNetResourceGroupName = !String.IsNullOrEmpty(subNetResourceGroupName) ? subNetResourceGroupName : ResourceGroupName;
var subnetResourceId = NetworkClient.ValidateSubnet(subnet, VirtualNetworkName, subNetResourceGroupName, DefaultContext.Subscription.Id);
CheckDuplicateServiceEndpointRestriction(subnetResourceId, accessRestrictionList);
if (!IgnoreMissingServiceEndpoint)
{
var subnetSubcriptionId = CmdletHelpers.GetSubscriptionIdFromResourceId(subnetResourceId);
if (subnetSubcriptionId != DefaultContext.Subscription.Id)
{
throw new Exception("Service endpoint cannot be validated. Subnet is in another subscription. Use -IgnoreMissingServiceEndpoint and manually verify that 'Microsoft.Web' service endpoint is enabled on the subnet.");
}
var serviceEndpointServiceName = "Microsoft.Web";
var serviceEndpointLocations = new List <string>()
{
"*"
};
NetworkClient.EnsureSubnetServiceEndpoint(subnetResourceId, serviceEndpointServiceName, serviceEndpointLocations);
}
ipSecurityRestriction = new IpSecurityRestriction(null, null, subnetResourceId, null, null, Action, null, intPriority, Name, Description, httpHeader);
accessRestrictionList.Add(ipSecurityRestriction);
break;
}
if (ShouldProcess(WebAppName, $"Adding Access Restriction Rule for Web App '{WebAppName}'"))
{
// Update web app configuration
WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, webApp.Location, WebAppName, SlotName, siteConfig);
if (PassThru)
{
// Refresh object to get the final state
webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, SlotName));
var accessRestrictionSettings = new PSAccessRestrictionConfig(ResourceGroupName, WebAppName, webApp.SiteConfig, SlotName);
WriteObject(accessRestrictionSettings);
}
}
}
}