Skip to content

Commit

Permalink
Add TLS Termination support for FirewallPolicy
Browse files Browse the repository at this point in the history
  • Loading branch information
Oded Lazar committed May 4, 2020
1 parent bd7752c commit 93b00ba
Showing 1 changed file with 89 additions and 0 deletions.
89 changes: 89 additions & 0 deletions ...fication/network/resource-manager/Microsoft.Network/stable/2020-04-01/firewallPolicy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -566,6 +566,10 @@
"type": "string",
"readOnly": true,
"description": "A unique read-only string that changes whenever the resource is updated."
},
"identity": {
"$ref": "./network.json#/definitions/ManagedServiceIdentity",
"description": "The identity of the firewall policy."
}
},
"allOf": [
Expand Down Expand Up @@ -622,10 +626,84 @@
"intrusionSystemMode": {
"description": "The operation mode for Intrusion system.",
"$ref": "#/definitions/FirewallPolicyIntrusionSystemMode"
},
"transportSecurity": {
"description": "TLS Configuration definition.",
"$ref": "#/definitions/FirewallPolicyTransportSecurity"
}
},
"description": "Firewall Policy definition."
},
"FirewallPolicyTransportSecurity": {
"properties": {
"certificatesAuthority": {
"$ref": "#/definitions/FirewallPolicyCertificateAuthority",
"description": "The CA used for intermediate CA generation."
},
"excludedDomains": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of domains which are excluded from TLS termination."
},
"trustedRootCertificates": {
"type": "array",
"items": {
"$ref": "#/definitions/FirewallPolicyTrustedRootCertificate",
"description": "A list of certificates which are to be trusted by the firewall."
},
"description": "Certificates which are to be trusted by the firewall."
}
},
"description": "Configuration needed to perform TLS termination & initiation."
},
"FirewallPolicyTrustedRootCertificate": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/FirewallPolicyTrustedRootCertificatePropertiesFormat",
"description": "Properties of the trusted root authorities."
},
"name": {
"type": "string",
"description": "Name of the trusted root certificate that is unique within a firewall policy."
}
},
"description": "Trusted Root certificates of a firewall policy."
},
"FirewallPolicyTrustedRootCertificatePropertiesFormat": {
"properties": {
"keyVaultSecretId": {
"type": "string",
"description": "Secret Id of (base-64 encoded unencrypted pfx) the public certificate data stored in KeyVault."
}
},
"description": "Trusted Root certificates properties for tls."
},
"FirewallPolicyCertificateAuthority": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/FirewallPolicyCertificateAuthorityPropertiesFormat",
"description": "Properties of the certificate authority."
},
"name": {
"type": "string",
"description": "Name of the CA certificate."
}
},
"description": "Trusted Root certificates properties for tls."
},
"FirewallPolicyCertificateAuthorityPropertiesFormat": {
"properties": {
"keyVaultSecretId": {
"type": "string",
"description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault."
}
},
"description": "Trusted Root certificates properties for tls."
},
"FirewallPolicyRuleGroup": {
"properties": {
"properties": {
Expand Down Expand Up @@ -823,6 +901,13 @@
},
"description": "Array of Application Protocols."
},
"targetUrls": {
"type": "array",
"description": "List of Urls for this rule condition.",
"items": {
"type": "string"
}
},
"targetFqdns": {
"type": "array",
"description": "List of FQDNs for this rule condition.",
Expand Down Expand Up @@ -890,6 +975,10 @@
"items": {
"type": "string"
}
},
"terminateTLS": {
"type": "boolean",
"description": "Terminate TLS connections for this rule."
}
}
},
Expand Down

0 comments on commit 93b00ba

Please sign in to comment.