Skip to content

Commit

Permalink
Revert #9045 + Add TI Whitelist (#9271)
Browse files Browse the repository at this point in the history 
* TI whitelisting for firewall policy

* running prettier

* fixing description

* removing extra property from the response

* adding the new property in examples

* retrigger the pr check

* clean up

* Revert "Rename Firewall Policy child resource RuleGroup to RuleCollectionGroup (#9045)"

This reverts commit b49caab.
  • Loading branch information
@saisujithreddym
saisujithreddym authored Apr 30, 2020
1 parent b49caab commit 0199c74
Show file tree
Hide file tree
Showing 12 changed files with 286 additions and 230 deletions.
12 changes: 10 additions & 2 deletions ...work/resource-manager/Microsoft.Network/stable/2020-04-01/examples/FirewallPolicyGet.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,17 @@
"properties": {
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"ruleCollectionGroups": [
"threatIntelWhitelist": {
"ipAddresses": [
"20.3.4.5"
],
"fqdns": [
"*.microsoft.com"
]
},
"ruleGroups": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1"
}
],
"firewalls": []
Expand Down
4 changes: 2 additions & 2 deletions ...nager/Microsoft.Network/stable/2020-04-01/examples/FirewallPolicyListByResourceGroup.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@
"properties": {
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"ruleCollectionGroups": [
"ruleGroups": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1"
}
],
"firewalls": []
Expand Down
4 changes: 2 additions & 2 deletions ...anager/Microsoft.Network/stable/2020-04-01/examples/FirewallPolicyListBySubscription.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@
"properties": {
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"ruleCollectionGroups": [
"ruleGroups": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1"
}
],
"firewalls": []
Expand Down
38 changes: 31 additions & 7 deletions ...work/resource-manager/Microsoft.Network/stable/2020-04-01/examples/FirewallPolicyPut.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,15 @@
},
"location": "West US",
"properties": {
"threatIntelMode": "Alert"
"threatIntelMode": "Alert",
"threatIntelWhitelist": {
"ipAddresses": [
"20.3.4.5"
],
"fqdns": [
"*.microsoft.com"
]
}
}
}
},
Expand All @@ -28,12 +36,20 @@
"properties": {
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"ruleCollectionGroups": [
"threatIntelWhitelist": {
"ipAddresses": [
"20.3.4.5"
],
"fqdns": [
"*.microsoft.com"
]
},
"ruleGroups": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/rulegroup1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup2"
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/rulegroup2"
}
],
"firewalls": []
Expand All @@ -53,12 +69,20 @@
"properties": {
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"ruleCollectionGroups": [
"threatIntelWhitelist": {
"ipAddresses": [
"20.3.4.5"
],
"fqdns": [
"*.microsoft.com"
]
},
"ruleGroups": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup2"
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/rulegroup2"
}
],
"firewalls": []
Expand Down
2 changes: 1 addition & 1 deletion ...ewallPolicyRuleCollectionGroupDelete.json → ...amples/FirewallPolicyRuleGroupDelete.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"parameters": {
"ruleCollectionGroupName": "ruleCollectionGroup1",
"ruleGroupName": "ruleGroup1",
"firewallPolicyName": "firewallPolicy",
"resourceGroupName": "rg1",
"api-version": "2020-04-01",
Expand Down
18 changes: 9 additions & 9 deletions ...FirewallPolicyRuleCollectionGroupGet.json → .../examples/FirewallPolicyRuleGroupGet.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"parameters": {
"ruleCollectionGroupName": "ruleCollectionGroup1",
"ruleGroupName": "ruleGroup1",
"firewallPolicyName": "firewallPolicy",
"resourceGroupName": "rg1",
"api-version": "2020-04-01",
Expand All @@ -9,24 +9,24 @@
"responses": {
"200": {
"body": {
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"name": "ruleGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1",
"etag": "W/\"72090554-7e3b-43f2-80ad-99a9020dcb11\"",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
"rules": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"ruleType": "FirewallPolicyFilterRule",
"name": "Example-Filter-Rule",
"priority": 200,
"action": {
"type": "Deny"
},
"rules": [
"ruleConditions": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"ruleConditionType": "NetworkRuleCondition",
"name": "network-condition1",
"sourceAddresses": [
"10.1.25.0/24"
],
Expand Down
18 changes: 9 additions & 9 deletions ...irewallPolicyRuleCollectionGroupList.json → ...examples/FirewallPolicyRuleGroupList.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,25 @@
"body": {
"value": [
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"name": "ruleGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1",
"etag": "W/\"72090554-7e3b-43f2-80ad-99a9020dcb11\"",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
"rules": [
{
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule",
"ruleType": "FirewallPolicyFilterRule",
"priority": 120,
"action": {
"type": "Deny"
},
"rules": [
"ruleConditions": [
{
"name": "network-rule-1",
"ruleType": "NetworkRule",
"description": "Network rule",
"name": "network-condition-1",
"ruleConditionType": "NetworkRuleCondition",
"description": "Network rule condition",
"destinationAddresses": [
"*"
],
Expand Down
42 changes: 21 additions & 21 deletions ...FirewallPolicyRuleCollectionGroupPut.json → .../examples/FirewallPolicyRuleGroupPut.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,21 @@
"subscriptionId": "subid",
"resourceGroupName": "rg1",
"firewallPolicyName": "firewallPolicy",
"ruleCollectionGroupName": "ruleCollectionGroup1",
"ruleGroupName": "ruleGroup1",
"parameters": {
"properties": {
"priority": 110,
"ruleCollections": [
"rules": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"ruleType": "FirewallPolicyFilterRule",
"name": "Example-Filter-Rule",
"action": {
"type": "Deny"
},
"rules": [
"ruleConditions": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"ruleConditionType": "NetworkRuleCondition",
"name": "network-condition1",
"sourceAddresses": [
"10.1.25.0/24"
],
Expand All @@ -41,23 +41,23 @@
"responses": {
"200": {
"body": {
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"name": "ruleGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
"rules": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"ruleType": "FirewallPolicyFilterRule",
"name": "Example-Filter-Rule",
"action": {
"type": "Deny"
},
"rules": [
"ruleConditions": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"ruleConditionType": "NetworkRuleCondition",
"name": "network-condition1",
"sourceAddresses": [
"10.1.25.0/24"
],
Expand Down Expand Up @@ -85,17 +85,17 @@
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
"rules": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"ruleType": "FirewallPolicyFilterRule",
"name": "Example-Filter-Rule",
"action": {
"type": "Deny"
},
"rules": [
"ruleConditions": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"ruleConditionType": "NetworkRuleCondition",
"name": "network-condition1",
"sourceAddresses": [
"10.1.25.0/24"
],
Expand Down
14 changes: 7 additions & 7 deletions ...cyRuleCollectionGroupWithIpGroupsGet.json → ...rewallPolicyRuleGroupWithIpGroupsGet.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"parameters": {
"ruleCollectionGroupName": "ruleGroup1",
"ruleGroupName": "ruleGroup1",
"firewallPolicyName": "firewallPolicy",
"resourceGroupName": "rg1",
"api-version": "2020-04-01",
Expand All @@ -15,18 +15,18 @@
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
"rules": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"ruleType": "FirewallPolicyFilterRule",
"name": "Example-Filter-Rule",
"priority": 200,
"action": {
"type": "Deny"
},
"rules": [
"ruleConditions": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"ruleConditionType": "NetworkRuleCondition",
"name": "network-condition1",
"ipProtocols": [
"TCP"
],
Expand Down
18 changes: 9 additions & 9 deletions ...yRuleCollectionGroupWithIpGroupsList.json → ...ewallPolicyRuleGroupWithIpGroupsList.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,25 @@
"body": {
"value": [
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"name": "ruleGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleGroups/ruleGroup1",
"etag": "W/\"72090554-7e3b-43f2-80ad-99a9020dcb11\"",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
"rules": [
{
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule",
"ruleType": "FirewallPolicyFilterRule",
"priority": 120,
"action": {
"type": "Deny"
},
"rules": [
"ruleConditions": [
{
"name": "network-rule-1",
"ruleType": "NetworkRule",
"description": "Network rule",
"name": "network-condition-1",
"ruleConditionType": "NetworkRuleCondition",
"description": "Network rule condition",
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
Expand Down
Loading

0 comments on commit 0199c74

Please sign in to comment.