Skip to content

Azfw ipgroups#10647

Closed
ssripadham wants to merge 70 commits intomasterfrom
azfw_ipgroups
Closed

Azfw ipgroups#10647
ssripadham wants to merge 70 commits intomasterfrom
azfw_ipgroups

Conversation

@ssripadham
Copy link
Contributor

@ssripadham ssripadham commented Dec 3, 2019
edited
Loading

Description

- `Azure Firewall will support IpGroups can be used in the network/application/dnat rules as described below.
  • As a source or destination address in AZFW network rules
  • As a source address in AZFW application rules
  • As a source address in DNAT rules. `

1. Azure Firewall Application Rules

     "AzureFirewallApplicationRule": {
         "properties": {
           "name": {
             "type": "string",
             "description": "Name of the application rule."
           },
           "description": {
             "type": "string",
             "description": "Description of the rule."
           },
           ...
           "sourceIpGroups": {
             "type": "array",
             "description": "List of source IP Groups for this rule.",
             "items": {
               "type": "string"
             }
           },
       ...
     }
    }

2. Azure Firewall NAT Rules

   "AzureFirewallNatRule": {
         "properties": {
           "name": {
             "type": "string",
             "description": "Name of the NAT rule."
           },
           "description": {
             "type": "string",
             "description": "Description of the rule."
           },
          ...

    "sourceIpGroups": {
      "type": "array",
      "description": "List of source IP Groups for this rule.",
      "items": {
        "type": "string"
      }
    }
       …
   }
   }

3. Azure Firewall Network Rules

    "AzureFirewallNetworkRule": {
         "properties": {
           "name": {
             "type": "string",
             "description": "Name of the network rule."
           },
           "description": {
             "type": "string",
             "description": "Description of the rule."
           },
          ...
           "sourceIpGroups": {
             "type": "array",
             "description": "List of source IP Groups for this rule.",
             "items": {
               "type": "string"
             }
           },
           "destinationIpGroups": {
             "type": "array",
             "description": "List of destination IP Groups for this rule.",
             "items": {
               "type": "string"
             }
           },
       ...
    }
   }

Checklist

  • I have read the Submitting Changes section of CONTRIBUTING.md
  • The title of the PR is clear and informative
  • The appropriate ChangeLog.md file(s) has been updated:
    • For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header -- no new version header should be added
  • The PR does not introduce breaking changes
  • If applicable, the changes made in the PR have proper test coverage
  • For public API changes to cmdlets:
    • a cmdlet design review was approved for the changes in this repository (Microsoft internal only)
    • the markdown help files have been regenerated using the commands listed here

VeryEarly and others added 30 commits October 5, 2019 11:13
@VeryEarly
using relative path for Az.Sql.psd1 by removing the beginning '.\'
3cae3e6
@VeryEarly
make change to '*.ps1xml' only
74c721c
@VeryEarly
again, use relative path for RequiredAssemblies and NestedModules
f9d40e0
@VeryEarly
apply relative path to all modules' psd1 file, also update tools/Chec…
242a640 
…kAssemblies.ps1 to use the new paths
@VeryEarly
using relative path for Az.Sql.psd1 by removing the beginning '.\'
084449f
@VeryEarly
make change to '*.ps1xml' only
7829581
@VeryEarly
again, use relative path for RequiredAssemblies and NestedModules
41d1010
@VeryEarly
apply relative path to all modules' psd1 file, also update tools/Chec…
d5a3809 
…kAssemblies.ps1 to use the new paths
@VeryEarly
Merge branch 'relative-paths-test#10072' of https://github.com/VeryEa…
3fdaf5e 
…rly/azure-powershell into relative-paths-test#10072
@VeryEarly
update ChangeLog.md for each module
c34e384
@VeryEarly
oops merge conflicts
f93cac4
@VeryEarly
Merge branch 'master' of https://github.com/Azure/azure-powershell in…
89eb070 
…to relative-paths-test#10072
@VeryEarly
use upper case for the first letter in each ChangeLog.md update
2e7481c
@VeryEarly
apply relative path for SqlVirtualMachine.psd1
4a1fbc9
@VeryEarly
ooops merge conflicts
5c51d96
@VeryEarly
merge conflicts
ccc7bd1
@ayfathim
ADE One pass - cmdlet review
b603101
@ssripadham
AzureFirewall with IpGroups
1ecba98
@VeryEarly
sync with upstream master
0234f6a
@ayfathim
Merge remote-tracking branch 'Azure/master' into ADERecoveryService
334dc32
@VeryEarly
update psd1 and change log for new modules
74ec7a7
@ayfathim
updating the version of RecoveryServices
28e16e2
@erich-wang
Fix issue #10330: Client-side telemetry is not getting correct UserAg…
c9b4b5e 
…ent in Az 4.0
Fix mismatch between cmdlets and service in index.json
2eeeb59 
Fix for #10613

1.Add DataBoxEdge to CreateMappings_rules.json.
2.Take the longest matched pattern when there are multiple ones.
Fix for #10613
4815dac 
Revert script change.
@stegag
Update Stop-AzVirtualNetworkGatewayPacketCapture.md
8971d1c 
The term 'New-AzureStorageContainerSASToken' is not recognized as the name of a cmdlet.
need to use 'New-AzStorageContainerSASToken' instead
@matthchr
Fix 10602: Fix bug with New-AzBatchPool collections
3f8d9fc 
  - New-AzBatchPool was not correctly propagating some
    collections to the server.
@ayfathim
updated as per comments- removed version upgrade, and added examples
e3167ed
@ssripadham
Powershell changes for IpGroup support
4b3c7a3
@ayfathim
added examples
865d3dc
anton-evseev
anton-evseev previously approved these changes Dec 4, 2019
View reviewed changes
VeryEarly
VeryEarly reviewed Dec 5, 2019
View reviewed changes
src/Network/Network/help/New-AzFirewallApplicationRule.md
New-AzFirewallNetworkRule -Name <String> [-Description <String>] [-SourceAddress <String[]>]
[-SourceIpGroup <String[]>] [-DestinationAddress <String[]>] [-DestinationIpGroup <String[]>]
[-DestinationFqdn <String[]>] -DestinationPort <String[]> -Protocol <String[]>
[-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
Copy link
Collaborator

@VeryEarly VeryEarly Dec 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like your targetFqdn parameter is still in the code but was removed from here, please confirm if it was still valid parameter

Copy link
Contributor Author

@ssripadham ssripadham Dec 5, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I have fixed this.

VeryEarly and others added 4 commits December 5, 2019 16:15
@VeryEarly
Merge pull request #10649 from erich-wang/fix-null-context
27e9bf8 
Fix null ref in generated cmdlets when context is not set
@ssripadham
Fixed NatRuleCollection md
eb20744
@ssripadham
Resolve conflict
236c292
@VeryEarly
Merge pull request #10655 from wastoresh/sharequota
1ec6244 
[Storage] Update to SRP SDK 14.2.0, and add Quota parameter alias
@VeryEarly
Copy link
Collaborator

VeryEarly commented Dec 5, 2019
edited
Loading

Hi @ssripadham ,

Some test cases need to be updated after your changes. And "ChangeLog.md" as well.

@ssripadham
Fixed test
1884bb6
@ssripadham
Fix Static Analysis
9daac01
@ssripadham
AzureFirewall with IpGroups
970ce11 
Fixed Parameterset

Fixed Parametersets and help md

Powershell changes for IpGroup support

Update md files

Add scenario tests

Fixed NatRuleCollection md

Resolve conflict

Fixed test

Fix Static Analysis
@ssripadham
md file merge
a2b4cbf
@ssripadham ssripadham mentioned this pull request Dec 6, 2019
Closed
8 tasks
@wyunchi-ms
Copy link
Contributor

wyunchi-ms commented Dec 6, 2019

Closing this since there is a new pr #10668.

@wyunchi-ms wyunchi-ms closed this Dec 6, 2019
@dingmeng-xue dingmeng-xue deleted the azfw_ipgroups branch May 13, 2022 05:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VeryEarly VeryEarly VeryEarly left review comments

+1 more reviewer

@anton-evseev anton-evseev anton-evseev left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ssripadham ssripadham

@VeryEarly VeryEarly

Labels

needs-revision

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.