Adding mutual auth api definitions.

Hemant Imudianda · Hemant Imudianda · commit e9d7822e9214 · 2020-06-26T11:53:40.000-07:00
diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json
@@ -1361,6 +1361,15 @@
       },
       "description": "Application Gateway Ssl policy."
     },
+    "ApplicationGatewayClientAuthConfiguration": {
+      "properties": {
+        "verifyClientCertIssuerDN": {
+          "type": "boolean",
+          "description": "Verify client certificate issuer name on the application gateway."
+        }
+      },
+      "description": "Application Gateway Client Authentication Configuration."
+    },
     "ApplicationGatewayIPConfigurationPropertiesFormat": {
       "properties": {
         "subnet": {
@@ -1494,6 +1503,49 @@
       ],
       "description": "Trusted Root certificates of an application gateway."
     },
+    "ApplicationGatewayTrustedClientCertificatePropertiesFormat": {
+      "properties": {
+        "data": {
+          "type": "string",
+          "description": "Certificate public data."
+        },
+        "provisioningState": {
+          "readOnly": true,
+          "$ref": "./network.json#/definitions/ProvisioningState",
+          "description": "The provisioning state of the trusted client certificate resource."
+        }
+      },
+      "description": "Trusted Client certificates properties of an application gateway."
+    },
+    "ApplicationGatewayTrustedClientCertificate": {
+      "properties": {
+        "properties": {
+          "x-ms-client-flatten": true,
+          "$ref": "#/definitions/ApplicationGatewayTrustedClientCertificatePropertiesFormat",
+          "description": "Properties of the application gateway trusted client certificate."
+        },
+        "name": {
+          "type": "string",
+          "description": "Name of the trusted client certificate that is unique within an Application Gateway."
+        },
+        "etag": {
+          "readOnly": true,
+          "type": "string",
+          "description": "A unique read-only string that changes whenever the resource is updated."
+        },
+        "type": {
+          "readOnly": true,
+          "type": "string",
+          "description": "Type of the resource."
+        }
+      },
+      "allOf": [
+        {
+          "$ref": "./network.json#/definitions/SubResource"
+        }
+      ],
+      "description": "Trusted Client certificates of an application gateway."
+    },
     "ApplicationGatewaySslCertificatePropertiesFormat": {
       "properties": {
         "data": {
@@ -1827,6 +1879,60 @@
       ],
       "description": "Backend address pool settings of an application gateway."
     },
+    "ApplicationGatewaySslProfilePropertiesFormat": {
+      "properties": {
+        "trustedClientCertificates": {
+          "type": "array",
+          "items": {
+            "$ref": "./network.json#/definitions/SubResource"
+          },
+          "description": "Array of references to application gateway trusted client certificates."
+        },
+        "sslPolicy": {
+          "$ref": "#/definitions/ApplicationGatewaySslPolicy",
+          "description": "SSL policy of the application gateway resource."
+        },
+        "clientAuthConfiguration": {
+          "$ref": "#/definitions/ApplicationGatewayClientAuthConfiguration",
+          "description": "Client authentication configuration of the application gateway resource."
+        },
+        "provisioningState": {
+          "readOnly": true,
+          "$ref": "./network.json#/definitions/ProvisioningState",
+          "description": "The provisioning state of the HTTP listener resource."
+        }
+      },
+      "description": "Properties of SSL profile of an application gateway."
+    },
+    "ApplicationGatewaySslProfile": {
+      "properties": {
+        "properties": {
+          "x-ms-client-flatten": true,
+          "$ref": "#/definitions/ApplicationGatewaySslProfilePropertiesFormat",
+          "description": "Properties of the application gateway SSL profile."
+        },
+        "name": {
+          "type": "string",
+          "description": "Name of the SSL profile that is unique within an Application Gateway."
+        },
+        "etag": {
+          "readOnly": true,
+          "type": "string",
+          "description": "A unique read-only string that changes whenever the resource is updated."
+        },
+        "type": {
+          "readOnly": true,
+          "type": "string",
+          "description": "Type of the resource."
+        }
+      },
+      "allOf": [
+        {
+          "$ref": "./network.json#/definitions/SubResource"
+        }
+      ],
+      "description": "SSL profile of an application gateway."
+    },
     "ApplicationGatewayHttpListenerPropertiesFormat": {
       "properties": {
         "frontendIPConfiguration": {
@@ -1849,6 +1955,10 @@
           "$ref": "./network.json#/definitions/SubResource",
           "description": "SSL certificate resource of an application gateway."
         },
+        "sslProfile": {
+          "$ref": "./network.json#/definitions/SubResource",
+          "description": "SSL profile resource of the application gateway."
+        },
         "requireServerNameIndication": {
           "type": "boolean",
           "description": "Applicable only if protocol is https. Enables SNI for multi-hosting."
@@ -2662,6 +2772,13 @@
           },
           "description": "Trusted Root certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
         },
+        "trustedClientCertificates": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/ApplicationGatewayTrustedClientCertificate"
+          },
+          "description": "Trusted Client certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
+        },
         "sslCertificates": {
           "type": "array",
           "items": {
@@ -2711,6 +2828,13 @@
           },
           "description": "Http listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
         },
+        "sslProfiles": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/ApplicationGatewaySslProfile"
+          },
+          "description": "SSL profiles of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
+        },
         "urlPathMaps": {
           "type": "array",
           "items": {
diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json
@@ -57,6 +57,14 @@
             }
           }
         ],
+        "trustedClientCertificates": [
+          {
+            "name": "clientcert",
+            "properties": {
+              "data": "****"
+            }
+          }
+        ],
         "frontendIPConfigurations": [
           {
             "name": "appgwfip",
@@ -107,6 +115,28 @@
             }
           }
         ],
+        "sslProfiles": [
+          {
+            "name": "sslProfile1",
+            "properties": {
+              "sslPolicy": {
+                "policyType": "Custom",
+                "minProtocolVersion": "TLSv1_1",
+                "cipherSuites": [
+                  "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
+                ]
+              },
+              "clientAuthConfiguration": {
+                "verifyClientCertIssuerDN": true
+              },
+              "trustedClientCertificates": [
+                {
+                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
+                }
+              ]
+            }
+          }
+        ],
         "httpListeners": [
           {
             "name": "appgwhl",
@@ -121,6 +151,9 @@
               "sslCertificate": {
                 "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
               },
+              "sslProfile": {
+                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
+              },
               "requireServerNameIndication": false
             }
           },
