From 8babb306a85c22d2ba877935795444cda484ed7e Mon Sep 17 00:00:00 2001 From: Hemant Imudianda Date: Tue, 21 Oct 2025 12:31:56 -0700 Subject: [PATCH 1/2] Application Gateway Entra JWT Validation Feature Support --- .../stable/2025-03-01/applicationGateway.json | 76 ++++++++++++++++++- .../examples/ApplicationGatewayCreate.json | 45 ++++++++++- .../examples/ApplicationGatewayGet.json | 17 ++++- .../examples/ApplicationGatewayList.json | 17 ++++- .../examples/ApplicationGatewayListAll.json | 17 ++++- 5 files changed, 167 insertions(+), 5 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json index e7536af89173..2d672d7716ae 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json @@ -2454,6 +2454,10 @@ "$ref": "./network.json#/definitions/SubResource", "description": "Load Distribution Policy resource of the application gateway." }, + "entraJWTValidationConfig": { + "$ref": "./network.json#/definitions/SubResource", + "description": "Entra JWT validation configuration resource of the application gateway." + }, "provisioningState": { "readOnly": true, "$ref": "./network.json#/definitions/ProvisioningState", @@ -3268,6 +3272,13 @@ }, "description": "Load distribution policies of the application gateway resource." }, + "entraJWTValidationConfigs": { + "type": "array", + "items": { + "$ref": "#/definitions/ApplicationGatewayEntraJWTValidationConfig" + }, + "description": "Entra JWT validation configurations for the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." + }, "globalConfiguration": { "$ref": "#/definitions/ApplicationGatewayGlobalConfiguration", "description": "Global Configuration." @@ -4085,6 +4096,69 @@ "modelAsString": true } }, + "ApplicationGatewayEntraJWTValidationConfigPropertiesFormat": { + "type": "object", + "properties": { + "unAuthorizedRequestAction": { + "type": "string", + "description": "Unauthorized request action.", + "enum": [ + "Deny", + "Allow" + ], + "x-ms-enum": { + "name": "ApplicationGatewayUnAuthorizedRequestAction", + "modelAsString": true + } + }, + "tenantId": { + "type": "string", + "description": "The Tenant ID of the Microsoft Entra ID application." + }, + "clientId": { + "type": "string", + "description": "The Client ID of the Microsoft Entra ID application." + }, + "audiences": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of acceptable audience claims that can be present in the token (aud claim). A maximum of 5 audiences are permitted." + }, + "provisioningState": { + "readOnly": true, + "$ref": "./network.json#/definitions/ProvisioningState", + "description": "The provisioning state of the entra jwt validation configuration resource." + } + }, + "description": "Properties of entra jwt validation configuration of the application gateway." + }, + "ApplicationGatewayEntraJWTValidationConfig": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/ApplicationGatewayEntraJWTValidationConfigPropertiesFormat", + "description": "Properties of the application gateway entra jwt validation configuration." + }, + "name": { + "type": "string", + "description": "Name of the entra jwt validation configuration that is unique within an application gateway." + }, + "etag": { + "readOnly": true, + "type": "string", + "description": "A unique read-only string that changes whenever the resource is updated." + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/SubResource" + } + ], + "description": "Entra JWT Validation Configuration of an application gateway." + }, "ApplicationGatewayGlobalConfiguration": { "properties": { "enableRequestBuffering": { @@ -4099,4 +4173,4 @@ "description": "Application Gateway global configuration." } } -} +} \ No newline at end of file diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json index abb38c5c1aa7..8f228960503a 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json @@ -201,6 +201,9 @@ }, "rewriteRuleSet": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1" + }, + "entraJWTValidationConfig": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1" } } } @@ -243,6 +246,16 @@ } } ], + "entraJWTValidationConfigs": [ + { + "name": "entraJWTValidationConfig1", + "properties": { + "unAuthorizedRequestAction": "Deny", + "tenantId": "70a036f6-8e4d-4615-bad6-149c02e7720d", + "clientId": "37293f5a-97b3-451d-b786-f532d711c9ff" + } + } + ], "globalConfiguration": { "enableRequestBuffering": true, "enableResponseBuffering": true @@ -457,6 +470,9 @@ }, "rewriteRuleSet": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1" + }, + "entraJWTValidationConfig": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1" } } } @@ -506,6 +522,18 @@ "probes": [], "redirectConfigurations": [], "privateEndpointConnections": [], + "entraJWTValidationConfigs": [ + { + "name": "entraJWTValidationConfig1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1", + "properties": { + "provisioningState": "Succeeded", + "unAuthorizedRequestAction": "Deny", + "tenantId": "70a036f6-8e4d-4615-bad6-149c02e7720d", + "clientId": "37293f5a-97b3-451d-b786-f532d711c9ff" + } + } + ], "globalConfiguration": { "enableRequestBuffering": true, "enableResponseBuffering": true @@ -718,6 +746,9 @@ }, "rewriteRuleSet": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/rewriteRuleSets/rewriteRuleSet1" + }, + "entraJWTValidationConfig": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1" } } } @@ -767,6 +798,18 @@ "probes": [], "redirectConfigurations": [], "privateEndpointConnections": [], + "entraJWTValidationConfigs": [ + { + "name": "entraJWTValidationConfig1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1", + "properties": { + "provisioningState": "Succeeded", + "unAuthorizedRequestAction": "Deny", + "tenantId": "70a036f6-8e4d-4615-bad6-149c02e7720d", + "clientId": "37293f5a-97b3-451d-b786-f532d711c9ff" + } + } + ], "globalConfiguration": { "enableRequestBuffering": true, "enableResponseBuffering": true @@ -775,4 +818,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json index 7baa14e5b326..131f5cf987e2 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json @@ -265,6 +265,9 @@ }, "urlPathMap": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/urlPathMaps/pathMap1" + }, + "entraJWTValidationConfig": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1" } } } @@ -378,6 +381,18 @@ } } ], + "entraJWTValidationConfigs": [ + { + "name": "entraJWTValidationConfig1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1", + "properties": { + "provisioningState": "Succeeded", + "unAuthorizedRequestAction": "Deny", + "tenantId": "70a036f6-8e4d-4615-bad6-149c02e7720d", + "clientId": "37293f5a-97b3-451d-b786-f532d711c9ff" + } + } + ], "globalConfiguration": { "enableRequestBuffering": true, "enableResponseBuffering": true @@ -386,4 +401,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json index f43dcda65c4a..b17f9e2eeca2 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json @@ -251,6 +251,9 @@ }, "loadDistributionPolicy": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/loadDistributionPolicies/ldp1" + }, + "entraJWTValidationConfig": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1" } } }, @@ -379,6 +382,18 @@ } } ], + "entraJWTValidationConfigs": [ + { + "name": "entraJWTValidationConfig1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1", + "properties": { + "provisioningState": "Succeeded", + "unAuthorizedRequestAction": "Deny", + "tenantId": "70a036f6-8e4d-4615-bad6-149c02e7720d", + "clientId": "37293f5a-97b3-451d-b786-f532d711c9ff" + } + } + ], "globalConfiguration": { "enableRequestBuffering": true, "enableResponseBuffering": true @@ -389,4 +404,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json index 4bf8810344d8..2e1cb9804a6c 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json @@ -250,6 +250,9 @@ }, "loadDistributionPolicy": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/loadDistributionPolicies/ldp1" + }, + "entraJWTValidationConfig": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1" } } }, @@ -378,6 +381,18 @@ } } ], + "entraJWTValidationConfigs": [ + { + "name": "entraJWTValidationConfig1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/entraJWTValidationConfigs/entraJWTValidationConfig1", + "properties": { + "provisioningState": "Succeeded", + "unAuthorizedRequestAction": "Deny", + "tenantId": "70a036f6-8e4d-4615-bad6-149c02e7720d", + "clientId": "37293f5a-97b3-451d-b786-f532d711c9ff" + } + } + ], "globalConfiguration": { "enableRequestBuffering": true, "enableResponseBuffering": true @@ -388,4 +403,4 @@ } } } -} +} \ No newline at end of file From 87ab1b44aaf4737b19ed80d86b27c8d45e18e07f Mon Sep 17 00:00:00 2001 From: Hemant Imudianda Date: Tue, 21 Oct 2025 13:09:58 -0700 Subject: [PATCH 2/2] fixing doe style issues --- .../stable/2025-03-01/applicationGateway.json | 22 +++++++++---------- .../examples/ApplicationGatewayCreate.json | 2 +- .../examples/ApplicationGatewayGet.json | 2 +- .../examples/ApplicationGatewayList.json | 2 +- .../examples/ApplicationGatewayListAll.json | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json index 2d672d7716ae..c094ba388560 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/applicationGateway.json @@ -69,15 +69,15 @@ } ], "responses": { + "200": { + "description": "Delete successful." + }, "202": { "description": "Accepted and the operation will complete asynchronously." }, "204": { "description": "Request successful. Resource with the specified name does not exist." }, - "200": { - "description": "Delete successful." - }, "default": { "description": "Error response describing why the operation failed.", "schema": { @@ -176,14 +176,14 @@ } ], "responses": { - "201": { - "description": "Create successful. The operation returns the resulting ApplicationGateway resource.", + "200": { + "description": "Update successful. The operation returns the resulting ApplicationGateway resource.", "schema": { "$ref": "#/definitions/ApplicationGateway" } }, - "200": { - "description": "Update successful. The operation returns the resulting ApplicationGateway resource.", + "201": { + "description": "Create successful. The operation returns the resulting ApplicationGateway resource.", "schema": { "$ref": "#/definitions/ApplicationGateway" } @@ -688,15 +688,15 @@ } ], "responses": { + "200": { + "description": "Delete successful." + }, "202": { "description": "Accepted and the operation will complete asynchronously." }, "204": { "description": "Request successful. Resource with the specified name does not exist." }, - "200": { - "description": "Delete successful." - }, "default": { "description": "Error response describing why the operation failed.", "schema": { @@ -4173,4 +4173,4 @@ "description": "Application Gateway global configuration." } } -} \ No newline at end of file +} diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json index 8f228960503a..4d50f1d30408 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayCreate.json @@ -818,4 +818,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json index 131f5cf987e2..81dc83adc043 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayGet.json @@ -401,4 +401,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json index b17f9e2eeca2..37265825cc68 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayList.json @@ -404,4 +404,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json index 2e1cb9804a6c..f2763cb472b9 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/ApplicationGatewayListAll.json @@ -403,4 +403,4 @@ } } } -} \ No newline at end of file +}