From 659ea73f0097aa35fc3c4e901c59e2dc29247cb5 Mon Sep 17 00:00:00 2001 From: Eric Schwabe Date: Wed, 20 Mar 2019 09:44:58 -0700 Subject: [PATCH 1/3] Initialize FrontDoor WAF 2019-03-01-preview directory --- .../preview/2019-03-01-preview/README.md | 20 + .../2019-03-01-preview/assets/frontdoor.svg | 668 ++++++++++++++++++ .../examples/WafListPolicies.json | 106 +++ .../examples/WafPolicyCreateOrUpdate.json | 262 +++++++ .../examples/WafPolicyDelete.json | 13 + .../examples/WafPolicyGet.json | 103 +++ .../preview/2019-03-01-preview/network.json | 168 +++++ .../webapplicationfirewall.json | 636 +++++++++++++++++ 8 files changed, 1976 insertions(+) create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/README.md create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/assets/frontdoor.svg create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/network.json create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/README.md b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/README.md new file mode 100644 index 000000000000..ec2a85eedc8e --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/README.md @@ -0,0 +1,20 @@ +# Public Preview API specification for FrontDoor Azure Resource + +This directory contains preview schema specifications for the new Front Door Azure Resource. The API will be added to support Front Door on Azure Resource Manager. + +The base swagger document for new features in this preview: [FrontDoor.json](./FrontDoor.json) + +## Overview +The Front Door ARM API supports CRUD functionality on four objects in the resource schema: +`FrontDoor`, a collection of child objects `BackendPool`, a collection of child objects `FrontendEndpoints` and the primary child object `RoutingRule`, which each reference one `BackendPool` and `FrontendEndpoints` . Each routing rule encapsulates +all of the settings needed to configure the AzureFD backend infrastructure to set up a +reverse-proxy route to accelerate traffic, detect backend availability, +and balance between healthy members of the pool. + +## Generated object-model UML diagram +This diagram is generated from the swagger spec by "[`oav`](https://github.com/Azure/oav) `generate-uml`" +![Generated UML snapshot](./assets/frontdoor.svg) + +## Swagger and JSON specification reference and tools + * [OpenAPI specification v2.0 (aka Swagger 2.0)](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md) + * [Swagger.io online editor](https://editor.swagger.io/) diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/assets/frontdoor.svg b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/assets/frontdoor.svg new file mode 100644 index 000000000000..2806bba823df --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/assets/frontdoor.svg @@ -0,0 +1,668 @@ + + + + + + +G + + + +A0 + +Frontdoor + +-properties:FrontdoorProperties + + + +A2 + +FrontdoorProperties + +-resourceState:ResourceState +-provisioningState:string +-cname:string + + + +A0->A2 + + + + + +A1 + +FrontdoorUpdateParameters + +-friendlyName:string +-routingRules:Array<RoutingRule> +-loadBalancingSettings:Array<LoadBalancingSettingsModel> +-healthProbeSettings:Array<HealthProbeSettingsModel> +-backendPools:Array<BackendPool> +-frontendEndpoints:Array<FrontendEndpoint> +-enabledState:string + + + +A1->A2 + + +allOf + + + +A5 + +RoutingRule + +-properties:RoutingRuleProperties +-name:string +-type:string + + + +A1->A5 + + + + + +A10 + +LoadBalancingSettingsModel + +-properties:LoadBalancingSettingsProperties +-name:string +-type:string + + + +A1->A10 + + + + + +A14 + +HealthProbeSettingsModel + +-properties:HealthProbeSettingsProperties +-name:string +-type:string + + + +A1->A14 + + + + + +A18 + +BackendPool + +-properties:BackendPoolProperties +-name:string +-type:string + + + +A1->A18 + + + + + +A26 + +FrontendEndpoint + +-properties:FrontendEndpointProperties +-name:string +-type:string + + + +A1->A26 + + + + + +A30 + +ResourceState + + + +A2->A30 + + + + + +A3 + +FrontdoorListResult + +-value:Array<Frontdoor> +-nextLink:string + + + +A3->A0 + + + + + +A4 + +PurgeParameters + +-contentPaths:Array<string> + + + +A6 + +RoutingRuleProperties + +-resourceState:ResourceState + + + +A5->A6 + + + + + +A6->A30 + + + + + +A7 + +RoutingRuleListResult + +-value:Array<RoutingRule> +-nextLink:string + + + +A7->A5 + + + + + +A8 + +RoutingRuleUpdateParameters + +-frontendEndpoints:Array<SubResource> +-acceptedProtocols:Array<string> +-patternsToMatch:Array<string> +-customForwardingPath:string +-forwardingProtocol:string +-cacheConfiguration:CacheConfiguration +-backendPool:SubResource +-enabledState:string + + + +A8->A6 + + +allOf + + + +A22 + +CacheConfiguration + +-queryParameterStripDirective:string +-dynamicCompression:string + + + +A8->A22 + + + + + +A38 + +SubResource + +-id:string + + + +A8->A38 + + + + + +A8->A38 + + + + + +A9 + +Backend + +-address:string +-httpPort: +-httpsPort: +-enabledState:string +-priority: +-weight: +-backendHostHeader:string + + + +A11 + +LoadBalancingSettingsProperties + +-resourceState:ResourceState + + + +A10->A11 + + + + + +A11->A30 + + + + + +A12 + +LoadBalancingSettingsListResult + +-value:Array<LoadBalancingSettingsModel> +-nextLink:string + + + +A12->A10 + + + + + +A13 + +LoadBalancingSettingsUpdateParameters + +-sampleSize: +-successfulSamplesRequired: +-additionalLatencyMilliseconds: + + + +A13->A11 + + +allOf + + + +A15 + +HealthProbeSettingsProperties + +-resourceState:ResourceState + + + +A14->A15 + + + + + +A15->A30 + + + + + +A16 + +HealthProbeSettingsListResult + +-value:Array<HealthProbeSettingsModel> +-nextLink:string + + + +A16->A14 + + + + + +A17 + +HealthProbeSettingsUpdateParameters + +-path:string +-protocol:string +-intervalInSeconds: + + + +A17->A15 + + +allOf + + + +A20 + +BackendPoolProperties + +-resourceState:ResourceState + + + +A18->A20 + + + + + +A19 + +BackendPoolUpdateParameters + +-backends:Array<Backend> +-loadBalancingSettings:SubResource +-healthProbeSettings:SubResource + + + +A19->A9 + + + + + +A19->A20 + + +allOf + + + +A19->A38 + + + + + +A19->A38 + + + + + +A20->A30 + + + + + +A21 + +BackendPoolListResult + +-value:Array<BackendPool> +-nextLink:string + + + +A21->A18 + + + + + +A23 + +KeyVaultCertificateSourceParameters + +-vault:Object +-secretName:string +-secretVersion:string + + + +A24 + +FrontdoorCertificateSourceParameters + +-certificateType:string + + + +A25 + +CustomHttpsConfiguration + +-certificateSource:string +-protocolType:string +-keyVaultCertificateSourceParameters:KeyVaultCertificateSourceParameters +-frontdoorCertificateSourceParameters:FrontdoorCertificateSourceParameters + + + +A25->A23 + + + + + +A25->A24 + + + + + +A27 + +FrontendEndpointProperties + +-resourceState:ResourceState +-customHttpsProvisioningState:string +-customHttpsProvisioningSubstate:string +-customHttpsConfiguration:CustomHttpsConfiguration + + + +A26->A27 + + + + + +A27->A25 + + + + + +A27->A30 + + + + + +A28 + +FrontendEndpointUpdateParameters + +-hostName:string +-sessionAffinityEnabledState:string +-sessionAffinityTtlSeconds: +-webApplicationFirewallPolicyLink:Object + + + +A28->A27 + + +allOf + + + +A29 + +FrontendEndpointsListResult + +-value:Array<FrontendEndpoint> +-nextLink:string + + + +A29->A26 + + + + + +A31 + +ValidateCustomDomainInput + +-hostName:string + + + +A32 + +ValidateCustomDomainOutput + +-customDomainValidated:boolean +-reason:string +-message:string + + + +A33 + +ErrorResponse + +-code:string +-message:string + + + +A34 + +CheckNameAvailabilityInput + +-name:string +-type:ResourceType + + + +A36 + +ResourceType + + + +A34->A36 + + + + + +A35 + +CheckNameAvailabilityOutput + +-nameAvailability:string +-reason:string +-message:string + + + +A37 + +Resource + +-id:string +-name:string +-type:string +-location:string +-tags:Dictionary<string> + + + +A37->A0 + + +allOf + + + +A38->A5 + + +allOf + + + +A38->A10 + + +allOf + + + +A38->A14 + + +allOf + + + +A38->A18 + + +allOf + + + +A38->A26 + + +allOf + + + diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json new file mode 100644 index 000000000000..7574369b813a --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "api-version": "2018-08-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ] + } + ], + "action": "Block", + "transforms": [] + }, + { + "name": "Rule2", + "priority": 2, + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "Windows" + ] + } + ], + "action": "Block", + "transforms": [] + } + ] + }, + "managedRules": { + "ruleSets": [ + { + "priority": 1, + "version": 0, + "ruleSetType": "AzureManagedRuleSet", + "ruleGroupOverrides": [ + { + "ruleGroupOverride": "SqlInjection", + "action": "Block" + }, + { + "ruleGroupOverride": "XSS", + "action": "Log" + } + ] + } + ] + } + } + } + ] + } + } + } +} \ No newline at end of file diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json new file mode 100644 index 000000000000..6c237ced8cef --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json @@ -0,0 +1,262 @@ +{ + "parameters": { + "api-version": "2018-08-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1", + "parameters": { + "properties": { + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "ruleType": "RateLimitRule", + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "operator": "IPMatch", + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "ruleType": "MatchRule", + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "operator": "GeoMatch", + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "operator": "Contains", + "selector": "UserAgent", + "matchValue": [ + "Windows" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "ruleSets": [ + { + "ruleSetType": "AzureManagedRuleSet", + "priority": 1, + "ruleGroupOverrides": [ + { + "ruleGroupOverride": "SqlInjection", + "action": "Block" + }, + { + "ruleGroupOverride": "XSS", + "action": "Log" + } + ] + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ] + } + ], + "action": "Block", + "transforms": [] + }, + { + "name": "Rule2", + "priority": 2, + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "Windows" + ] + } + ], + "action": "Block", + "transforms": [] + } + ] + }, + "managedRules": { + "ruleSets": [ + { + "priority": 1, + "version": 0, + "ruleSetType": "AzureManagedRuleSet", + "ruleGroupOverrides": [ + { + "ruleGroupOverride": "SqlInjection", + "action": "Block" + }, + { + "ruleGroupOverride": "XSS", + "action": "Log" + } + ] + } + ] + } + } + } + }, + "201": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ] + } + ], + "action": "Block", + "transforms": [] + }, + { + "name": "Rule2", + "priority": 2, + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "Windows" + ] + } + ], + "action": "Block", + "transforms": [] + } + ] + }, + "managedRules": { + "ruleSets": [ + { + "priority": 1, + "version": 0, + "ruleSetType": "AzureManagedRuleSet", + "ruleGroupOverrides": [ + { + "ruleGroupOverride": "SqlInjection", + "action": "Block" + }, + { + "ruleGroupOverride": "XSS", + "action": "Log" + } + ] + } + ] + } + } + } + } + } +} \ No newline at end of file diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json new file mode 100644 index 000000000000..c008a5ee70ec --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2018-08-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1" + }, + "responses": { + "200": {}, + "202": {}, + "204": {} + } +} \ No newline at end of file diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json new file mode 100644 index 000000000000..bc8c0bd0ccbd --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json @@ -0,0 +1,103 @@ +{ + "parameters": { + "api-version": "2018-08-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1" + }, + "responses": { + "200": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ] + } + ], + "action": "Block", + "transforms": [] + }, + { + "name": "Rule2", + "priority": 2, + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "Windows" + ] + } + ], + "action": "Block", + "transforms": [] + } + ] + }, + "managedRules": { + "ruleSets": [ + { + "priority": 1, + "version": 0, + "ruleSetType": "AzureManagedRuleSet", + "ruleGroupOverrides": [ + { + "ruleGroupOverride": "SqlInjection", + "action": "Block" + }, + { + "ruleGroupOverride": "XSS", + "action": "Log" + } + ] + } + ] + } + } + } + } + } +} \ No newline at end of file diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/network.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/network.json new file mode 100644 index 000000000000..5a1f99c4b769 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/network.json @@ -0,0 +1,168 @@ +{ + "swagger": "2.0", + "info": { + "title": "NetworkManagementClient", + "description": "The Microsoft Azure Network management API provides a RESTful set of web services that interact with Microsoft Azure Networks service to manage your network resources. The API has entities that capture the relationship between an end user and the Microsoft Azure Networks service.", + "version": "2018-02-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json", + "text/json" + ], + "produces": [ + "application/json", + "text/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + }, + "definitions": { + "ErrorDetails": { + "properties": { + "code": { + "type": "string" + }, + "target": { + "type": "string" + }, + "message": { + "type": "string" + } + } + }, + "Error": { + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + }, + "details": { + "type": "array", + "items": { + "$ref": "#/definitions/ErrorDetails" + } + }, + "innerError": { + "type": "string" + } + } + }, + "AzureAsyncOperationResult": { + "properties": { + "status": { + "type": "string", + "description": "Status of the Azure async operation. Possible values are: 'InProgress', 'Succeeded', and 'Failed'.", + "enum": [ + "InProgress", + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "NetworkOperationStatus", + "modelAsString": true + } + }, + "error": { + "$ref": "#/definitions/Error" + } + }, + "description": "The response body contains the status of the specified asynchronous operation, indicating whether it has succeeded, is in progress, or has failed. Note that this status is distinct from the HTTP status code returned for the Get Operation Status operation itself. If the asynchronous operation succeeded, the response body includes the HTTP status code for the successful request. If the asynchronous operation failed, the response body includes the HTTP status code for the failed request and error information regarding the failure." + }, + "Resource": { + "properties": { + "id": { + "readOnly": true, + "type": "string", + "description": "Resource ID." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "Resource name." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "Resource type." + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags." + } + }, + "description": "Common resource representation.", + "x-ms-azure-resource": true + }, + "SubResource": { + "properties": { + "id": { + "type": "string", + "description": "Resource ID." + } + }, + "description": "Reference to another subresource.", + "x-ms-azure-resource": true + }, + "TagsObject": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags." + } + }, + "description": "Tags object for patch operations." + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call." + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "Client API version." + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json new file mode 100644 index 000000000000..2dd4ac5b2220 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json @@ -0,0 +1,636 @@ +{ + "swagger": "2.0", + "info": { + "version": "2018-08-01", + "title": "WebApplicationFirewallManagement", + "description": "APIs to manage web application firewall rules" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies": { + "get": { + "tags": [ + "ListWebApplicationFirewalPolicies" + ], + "description": "Lists all of the protection policies within a resource group.", + "operationId": "Policies_List", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicyListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List Policies in a Resource Group": { + "$ref": "./examples/WafListPolicies.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}": { + "get": { + "tags": [ + "GetWebapplicationfirewallPolicy" + ], + "description": "Retrieve protection policy with specified name within a resource group.", + "operationId": "Policies_Get", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "name": "policyName", + "in": "path", + "required": true, + "type": "string", + "maxLength": 128, + "description": "The name of the resource group." + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "policy get": { + "$ref": "./examples/WafPolicyGet.json" + } + } + }, + "put": { + "tags": [ + "CreateOrUpdateWebApplicationFirewallPolicy" + ], + "description": "Creates or update policy with specified rule set name within a resource group.", + "operationId": "Policies_CreateOrUpdate", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "name": "policyName", + "in": "path", + "required": true, + "type": "string", + "maxLength": 128, + "description": "The name of the resource group." + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "description": "Policy to be created.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "201": { + "description": "Created. The request has been fulfilled and a new protection policy has been created.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Creates specific policy": { + "$ref": "./examples/WafPolicyCreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "DeleteWebApplicationFirewallPolicy" + ], + "description": "Deletes Policy", + "operationId": "Policies_Delete", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "name": "policyName", + "in": "path", + "required": true, + "type": "string", + "maxLength": 128, + "description": "The name of the resource group." + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "202": { + "description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously." + }, + "204": { + "description": "No Content. The request has been accepted but the policy was not found." + }, + "200": { + "description": "Delete successful." + } + }, + "x-ms-examples": { + "Delete protection policy": { + "$ref": "./examples/WafPolicyDelete.json" + } + }, + "x-ms-long-running-operation": true + } + } + }, + "definitions": { + "WebApplicationFirewallPolicy": { + "description": "Defines web application firewall policy.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/WebApplicationFirewallPolicyPropertiesFormat", + "description": "Properties of the web application firewall policy." + }, + "etag": { + "type": "string", + "description": "Gets a unique read-only string that changes whenever the resource is updated." + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/Resource" + } + ] + }, + "WebApplicationFirewallPolicyPropertiesFormat": { + "description": "Defines web application firewall policy properties", + "properties": { + "policySettings": { + "description": "Describes policySettings for policy", + "$ref": "#/definitions/policySettings" + }, + "customRules": { + "description": "Describes custom rules inside the policy", + "$ref": "#/definitions/CustomRules" + }, + "managedRules": { + "description": "Describes managed rules inside the policy", + "$ref": "#/definitions/ManagedRuleSets" + }, + "provisioningState": { + "readOnly": true, + "type": "string", + "description": "Provisioning state of the WebApplicationFirewallPolicy." + }, + "resourceState": { + "title": "Resource status of the policy.", + "readOnly": true, + "enum": [ + "Creating", + "Enabling", + "Enabled", + "Disabling", + "Disabled", + "Deleting" + ], + "type": "string", + "x-ms-enum": { + "name": "WebApplicationFirewallPolicy", + "modelAsString": true + } + } + } + }, + "WebApplicationFirewallPolicyListResult": { + "description": "Result of the request to list WebApplicationFirewallPolicies. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the next set of results.", + "properties": { + "value": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + }, + "description": "List of WebApplicationFirewallPolicies within a resource group." + }, + "nextLink": { + "type": "string", + "description": "URL to get the next set of WebApplicationFirewallPolicy objects if there are any." + } + } + }, + "policySettings": { + "description": "Defines contents of a web application firewall global configuration", + "properties": { + "enabledState": { + "description": "describes if the policy is in enabled state or disabled state", + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "x-ms-enum": { + "name": "enabledState", + "modelAsString": true + } + }, + "mode": { + "description": "Describes if it is in detection mode or prevention mode at policy level", + "type": "string", + "enum": [ + "Prevention", + "Detection" + ], + "x-ms-enum": { + "name": "mode", + "modelAsString": true + } + } + } + }, + "CustomRules": { + "description": "Defines contents of custom rules", + "properties": { + "rules": { + "description": "List of rules", + "type": "array", + "items": { + "$ref": "#/definitions/CustomRule" + } + } + } + }, + "CustomRule": { + "description": "Defines contents of a web application rule", + "required": [ + "priority", + "ruleType", + "matchConditions", + "action" + ], + "properties": { + "name": { + "type": "string", + "description": "Gets name of the resource that is unique within a policy. This name can be used to access the resource.", + "maxLength": 128 + }, + "etag": { + "type": "string", + "readOnly": true, + "description": "Gets a unique read-only string that changes whenever the resource is updated." + }, + "priority": { + "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value", + "type": "integer" + }, + "ruleType": { + "description": "Describes type of rule", + "type": "string", + "enum": [ + "MatchRule", + "RateLimitRule" + ], + "x-ms-enum": { + "name": "ruleType", + "modelAsString": true + } + }, + "rateLimitDurationInMinutes": { + "description": "Defines rate limit duration. Default - 1 minute", + "type": "integer" + }, + "rateLimitThreshold": { + "description": "Defines rate limit threshold", + "type": "integer" + }, + "matchConditions": { + "description": "List of match conditions", + "type": "array", + "items": { + "$ref": "#/definitions/MatchCondition" + } + }, + "action": { + "description": "Type of Actions", + "type": "string", + "enum": [ + "Allow", + "Block", + "Log" + ], + "x-ms-enum": { + "name": "action", + "modelAsString": true + } + }, + "transforms": { + "description": "List of transforms", + "type": "array", + "items": { + "$ref": "#/definitions/transform" + } + } + } + }, + "transform": { + "description": "Describes what transforms applied before matching", + "type": "string", + "enum": [ + "Lowercase", + "Uppercase", + "Trim", + "UrlDecode", + "UrlEncode", + "RemoveNulls", + "HtmlEntityDecode" + ], + "x-ms-enum": { + "name": "transform", + "modelAsString": true + } + }, + "MatchCondition": { + "description": "Define match conditions", + "required": [ + "matchVariable", + "operator", + "matchValue" + ], + "properties": { + "matchVariable": { + "description": "Match Variable", + "type": "string", + "enum": [ + "RemoteAddr", + "RequestMethod", + "QueryString", + "PostArgs", + "RequestUri", + "RequestHeader", + "RequestBody" + ], + "x-ms-enum": { + "name": "MatchCondition", + "modelAsString": true + } + }, + "selector": { + "description": "Name of selector in RequestHeader or RequestBody to be matched", + "type": "string" + }, + "operator": { + "description": "Describes operator to be matched", + "type": "string", + "enum": [ + "Any", + "IPMatch", + "GeoMatch", + "Equal", + "Contains", + "LessThan", + "GreaterThan", + "LessThanOrEqual", + "GreaterThanOrEqual", + "BeginsWith", + "EndsWith" + ], + "x-ms-enum": { + "name": "operator", + "modelAsString": true + } + }, + "negateCondition": { + "description": "Describes if this is negate condition or not", + "type": "boolean" + }, + "matchValue": { + "description": "Match value", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "ManagedRuleSets": { + "description": "Defines ManagedRuleSets - array of managedRuleSet", + "properties": { + "ruleSets": { + "description": "List of rules", + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleSet" + } + } + } + }, + "ManagedRuleSet": { + "type": "object", + "description": "Base class for all types of ManagedRuleSet.", + "x-ms-discriminator-value": "Unknown", + "properties": { + "priority": { + "description": "Describes priority of the rule", + "type": "integer" + }, + "version": { + "description": "defines version of the rule set", + "type": "integer" + }, + "ruleSetType": { + "description": "RuleSetType - AzureManagedRuleSet or OWASP RuleSets.", + "type": "string" + } + }, + "required": [ + "ruleSetType" + ], + "discriminator": "ruleSetType" + }, + "AzureManagedRuleSet": { + "type": "object", + "description": "Describes azure managed provider.", + "x-ms-discriminator-value": "AzureManagedRuleSet", + "properties": { + "ruleGroupOverrides": { + "description": "List of azure managed provider override configuration (optional)", + "type": "array", + "items": { + "$ref": "#/definitions/AzureManagedOverrideRuleGroup" + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/ManagedRuleSet" + } + ] + }, + "AzureManagedOverrideRuleGroup": { + "description": "Defines contents of a web application rule", + "required": [ + "ruleGroupOverride", + "action" + ], + "properties": { + "ruleGroupOverride": { + "description": "Describes override rule group", + "type": "string", + "enum": [ + "SqlInjection", + "XSS" + ], + "x-ms-enum": { + "name": "ruleGroupOverride", + "modelAsString": true + } + }, + "action": { + "description": "Type of Actions", + "type": "string", + "enum": [ + "Allow", + "Block", + "Log" + ], + "x-ms-enum": { + "name": "action", + "modelAsString": true + } + } + } + }, + "ErrorResponse": { + "description": "Error response indicates Front Door service is not able to process the incoming request. The reason is provided in the error message.", + "type": "object", + "properties": { + "code": { + "description": "Error code.", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "Error message indicating why the operation failed.", + "readOnly": true, + "type": "string" + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call." + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "Client API version." + } + } +} From 1a3aa3cf53ff44ebd904b68d314a115eedb4a2c6 Mon Sep 17 00:00:00 2001 From: Eric Schwabe Date: Wed, 20 Mar 2019 09:58:22 -0700 Subject: [PATCH 2/3] Update FrontDoor WAF API definitions and examples --- .../examples/WafListManagedRuleSets.json | 50 ++ .../examples/WafListPolicies.json | 55 +- .../examples/WafPolicyCreateOrUpdate.json | 641 +++++++++++------- .../examples/WafPolicyDelete.json | 2 +- .../examples/WafPolicyGet.json | 55 +- .../webapplicationfirewall.json | 551 +++++++++------ .../frontdoor/resource-manager/readme.md | 18 +- 7 files changed, 888 insertions(+), 484 deletions(-) create mode 100644 specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListManagedRuleSets.json diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListManagedRuleSets.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListManagedRuleSets.json new file mode 100644 index 000000000000..3bb9163ba338 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListManagedRuleSets.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2019-03-01", + "subscriptionId": "subid" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "DefaultRuleSet_1.0", + "id": "/subscriptions/subid/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets", + "properties": { + "provisioningState": "Succeeded", + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "preview-1.0", + "ruleGroups": [ + { + "ruleGroupName": "Group1", + "description": "Description for rule group 1.", + "rules": [ + { + "ruleId": "GROUP1-0001", + "description": "Generic managed web application firewall rule." + }, + { + "ruleId": "GROUP1-0002", + "description": "Generic managed web application firewall rule." + } + ] + }, + { + "ruleGroupName": "Group2", + "description": "Description for rule group 2.", + "rules": [ + { + "ruleId": "GROUP2-0001", + "description": "Generic managed web application firewall rule." + } + ] + } + ] + } + } + ] + } + } + } +} \ No newline at end of file diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json index 7574369b813a..38069740de9b 100644 --- a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafListPolicies.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2018-08-01", + "api-version": "2019-03-01", "subscriptionId": "subid", "resourceGroupName": "rg1" }, @@ -22,13 +22,17 @@ "provisioningState": "Succeeded", "policySettings": { "enabledState": "Enabled", - "mode": "Prevention" + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" }, "customRules": { "rules": [ { "name": "Rule1", "priority": 1, + "enabledState": "Enabled", "ruleType": "RateLimitRule", "rateLimitDurationInMinutes": 0, "rateLimitThreshold": 1000, @@ -41,15 +45,16 @@ "matchValue": [ "192.168.1.0/24", "10.0.0.0/24" - ] + ], + "transforms": [] } ], - "action": "Block", - "transforms": [] + "action": "Block" }, { "name": "Rule2", "priority": 2, + "enabledState": "Enabled", "ruleType": "MatchRule", "rateLimitDurationInMinutes": 0, "rateLimitThreshold": 0, @@ -69,34 +74,46 @@ "operator": "Contains", "negateCondition": false, "matchValue": [ - "Windows" + "windows" + ], + "transforms": [ + "Lowercase" ] } ], - "action": "Block", - "transforms": [] + "action": "Block" } ] }, "managedRules": { - "ruleSets": [ + "managedRuleSets": [ { - "priority": 1, - "version": 0, - "ruleSetType": "AzureManagedRuleSet", + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "preview-1.0", "ruleGroupOverrides": [ { - "ruleGroupOverride": "SqlInjection", - "action": "Block" - }, - { - "ruleGroupOverride": "XSS", - "action": "Log" + "ruleGroupName": "Group1", + "rules": [ + { + "ruleId": "GROUP1-0001", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "GROUP1-0002", + "enabledState": "Disabled" + } + ] } ] } ] - } + }, + "frontendEndpointLinks": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net" + } + ] } } ] diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json index 6c237ced8cef..6098c68b058f 100644 --- a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyCreateOrUpdate.json @@ -1,262 +1,407 @@ { - "parameters": { - "api-version": "2018-08-01", - "subscriptionId": "subid", - "resourceGroupName": "rg1", - "policyName": "Policy1", "parameters": { - "properties": { - "customRules": { - "rules": [ - { - "name": "Rule1", - "priority": 1, - "ruleType": "RateLimitRule", - "rateLimitThreshold": 1000, - "matchConditions": [ - { - "matchVariable": "RemoteAddr", - "operator": "IPMatch", - "matchValue": [ - "192.168.1.0/24", - "10.0.0.0/24" - ] + "api-version": "2019-03-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1", + "parameters": { + "properties": { + "policySettings": { + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "ruleType": "RateLimitRule", + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "operator": "IPMatch", + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "ruleType": "MatchRule", + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "operator": "GeoMatch", + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "operator": "Contains", + "selector": "UserAgent", + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "preview-1.0", + "ruleGroupOverrides": [ + { + "ruleGroupName": "Group1", + "rules": [ + { + "ruleId": "GROUP1-0001", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "GROUP1-0002" + } + ] + } + ] + } + ] } - ], - "action": "Block" - }, - { - "name": "Rule2", - "priority": 2, - "ruleType": "MatchRule", - "matchConditions": [ - { - "matchVariable": "RemoteAddr", - "operator": "GeoMatch", - "matchValue": [ - "CH" - ] + } + } + }, + "responses": { + "200": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" }, - { - "matchVariable": "RequestHeader", - "operator": "Contains", - "selector": "UserAgent", - "matchValue": [ - "Windows" - ] + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "preview-1.0", + "ruleGroupOverrides": [ + { + "ruleGroupName": "Group1", + "rules": [ + { + "ruleId": "GROUP1-0001", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "GROUP1-0002", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [] } - ], - "action": "Block" } - ] }, - "managedRules": { - "ruleSets": [ - { - "ruleSetType": "AzureManagedRuleSet", - "priority": 1, - "ruleGroupOverrides": [ - { - "ruleGroupOverride": "SqlInjection", - "action": "Block" + "201": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" }, - { - "ruleGroupOverride": "XSS", - "action": "Log" + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "preview-1.0", + "ruleGroupOverrides": [ + { + "ruleGroupName": "Group1", + "rules": [ + { + "ruleId": "GROUP1-0001", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "GROUP1-0002", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [] } - ] } - ] - } - } - } - }, - "responses": { - "200": { - "body": { - "name": "Policy1", - "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", - "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", - "tags": { - "key1": "value1", - "key2": "value2" }, - "location": "WestUs", - "properties": { - "resourceState": "Enabled", - "provisioningState": "Succeeded", - "policySettings": { - "enabledState": "Enabled", - "mode": "Prevention" - }, - "customRules": { - "rules": [ - { - "name": "Rule1", - "priority": 1, - "ruleType": "RateLimitRule", - "rateLimitDurationInMinutes": 0, - "rateLimitThreshold": 1000, - "matchConditions": [ - { - "matchVariable": "RemoteAddr", - "selector": null, - "operator": "IPMatch", - "negateCondition": false, - "matchValue": [ - "192.168.1.0/24", - "10.0.0.0/24" - ] - } - ], - "action": "Block", - "transforms": [] - }, - { - "name": "Rule2", - "priority": 2, - "ruleType": "MatchRule", - "rateLimitDurationInMinutes": 0, - "rateLimitThreshold": 0, - "matchConditions": [ - { - "matchVariable": "RemoteAddr", - "selector": null, - "operator": "GeoMatch", - "negateCondition": false, - "matchValue": [ - "CH" - ] - }, - { - "matchVariable": "RequestHeader", - "selector": "UserAgent", - "operator": "Contains", - "negateCondition": false, - "matchValue": [ - "Windows" - ] - } - ], - "action": "Block", - "transforms": [] - } - ] - }, - "managedRules": { - "ruleSets": [ - { - "priority": 1, - "version": 0, - "ruleSetType": "AzureManagedRuleSet", - "ruleGroupOverrides": [ - { - "ruleGroupOverride": "SqlInjection", - "action": "Block" - }, - { - "ruleGroupOverride": "XSS", - "action": "Log" - } - ] - } - ] - } - } - } - }, - "201": { - "body": { - "name": "Policy1", - "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", - "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", - "tags": { - "key1": "value1", - "key2": "value2" - }, - "location": "WestUs", - "properties": { - "resourceState": "Enabled", - "provisioningState": "Succeeded", - "policySettings": { - "enabledState": "Enabled", - "mode": "Prevention" - }, - "customRules": { - "rules": [ - { - "name": "Rule1", - "priority": 1, - "ruleType": "RateLimitRule", - "rateLimitDurationInMinutes": 0, - "rateLimitThreshold": 1000, - "matchConditions": [ - { - "matchVariable": "RemoteAddr", - "selector": null, - "operator": "IPMatch", - "negateCondition": false, - "matchValue": [ - "192.168.1.0/24", - "10.0.0.0/24" - ] - } - ], - "action": "Block", - "transforms": [] - }, - { - "name": "Rule2", - "priority": 2, - "ruleType": "MatchRule", - "rateLimitDurationInMinutes": 0, - "rateLimitThreshold": 0, - "matchConditions": [ - { - "matchVariable": "RemoteAddr", - "selector": null, - "operator": "GeoMatch", - "negateCondition": false, - "matchValue": [ - "CH" - ] - }, - { - "matchVariable": "RequestHeader", - "selector": "UserAgent", - "operator": "Contains", - "negateCondition": false, - "matchValue": [ - "Windows" - ] - } - ], - "action": "Block", - "transforms": [] - } - ] - }, - "managedRules": { - "ruleSets": [ - { - "priority": 1, - "version": 0, - "ruleSetType": "AzureManagedRuleSet", - "ruleGroupOverrides": [ - { - "ruleGroupOverride": "SqlInjection", - "action": "Block" - }, - { - "ruleGroupOverride": "XSS", - "action": "Log" - } - ] - } - ] - } + "202": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "preview-1.0", + "ruleGroupOverrides": [ + { + "ruleGroupName": "Group1", + "rules": [ + { + "ruleId": "GROUP1-0001", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "GROUP1-0002", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [] + } + } } - } } - } } \ No newline at end of file diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json index c008a5ee70ec..b368ca069348 100644 --- a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyDelete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2018-08-01", + "api-version": "2019-03-01", "subscriptionId": "subid", "resourceGroupName": "rg1", "policyName": "Policy1" diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json index bc8c0bd0ccbd..9f6dfb331127 100644 --- a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/examples/WafPolicyGet.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2018-08-01", + "api-version": "2019-03-01", "subscriptionId": "subid", "resourceGroupName": "rg1", "policyName": "Policy1" @@ -21,13 +21,17 @@ "provisioningState": "Succeeded", "policySettings": { "enabledState": "Enabled", - "mode": "Prevention" + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" }, "customRules": { "rules": [ { "name": "Rule1", "priority": 1, + "enabledState": "Enabled", "ruleType": "RateLimitRule", "rateLimitDurationInMinutes": 0, "rateLimitThreshold": 1000, @@ -40,15 +44,16 @@ "matchValue": [ "192.168.1.0/24", "10.0.0.0/24" - ] + ], + "transforms": [] } ], - "action": "Block", - "transforms": [] + "action": "Block" }, { "name": "Rule2", "priority": 2, + "enabledState": "Enabled", "ruleType": "MatchRule", "rateLimitDurationInMinutes": 0, "rateLimitThreshold": 0, @@ -68,34 +73,46 @@ "operator": "Contains", "negateCondition": false, "matchValue": [ - "Windows" + "windows" + ], + "transforms": [ + "Lowercase" ] } ], - "action": "Block", - "transforms": [] + "action": "Block" } ] }, "managedRules": { - "ruleSets": [ + "managedRuleSets": [ { - "priority": 1, - "version": 0, - "ruleSetType": "AzureManagedRuleSet", + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "preview-1.0", "ruleGroupOverrides": [ { - "ruleGroupOverride": "SqlInjection", - "action": "Block" - }, - { - "ruleGroupOverride": "XSS", - "action": "Log" + "ruleGroupName": "Group1", + "rules": [ + { + "ruleId": "GROUP1-0001", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "GROUP1-0002", + "enabledState": "Disabled" + } + ] } ] } ] - } + }, + "frontendEndpointLinks": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net" + } + ] } } } diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json index 2dd4ac5b2220..e7c8dc4106e9 100644 --- a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2018-08-01", + "version": "2019-03-01", "title": "WebApplicationFirewallManagement", "description": "APIs to manage web application firewall rules" }, @@ -37,30 +37,26 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies": { "get": { "tags": [ - "ListWebApplicationFirewalPolicies" + "WebApplicationFirewallPolicies" ], "description": "Lists all of the protection policies within a resource group.", "operationId": "Policies_List", "parameters": [ { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group." + "$ref": "#/parameters/ResourceGroupNameParameter" }, { - "$ref": "#/parameters/SubscriptionIdParameter" + "$ref": "./network.json#/parameters/SubscriptionIdParameter" }, { - "$ref": "#/parameters/ApiVersionParameter" + "$ref": "./network.json#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK. The request has succeeded.", "schema": { - "$ref": "#/definitions/WebApplicationFirewallPolicyListResult" + "$ref": "#/definitions/WebApplicationFirewallPolicyList" } }, "default": { @@ -83,31 +79,22 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}": { "get": { "tags": [ - "GetWebapplicationfirewallPolicy" + "WebApplicationFirewallPolicies" ], "description": "Retrieve protection policy with specified name within a resource group.", "operationId": "Policies_Get", "parameters": [ { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group." + "$ref": "#/parameters/PolicyNameParameter" }, { - "name": "policyName", - "in": "path", - "required": true, - "type": "string", - "maxLength": 128, - "description": "The name of the resource group." + "$ref": "#/parameters/ResourceGroupNameParameter" }, { - "$ref": "#/parameters/SubscriptionIdParameter" + "$ref": "./network.json#/parameters/SubscriptionIdParameter" }, { - "$ref": "#/parameters/ApiVersionParameter" + "$ref": "./network.json#/parameters/ApiVersionParameter" } ], "responses": { @@ -125,35 +112,29 @@ } }, "x-ms-examples": { - "policy get": { + "Get Policy": { "$ref": "./examples/WafPolicyGet.json" } } }, "put": { "tags": [ - "CreateOrUpdateWebApplicationFirewallPolicy" + "WebApplicationFirewallPolicies" ], - "description": "Creates or update policy with specified rule set name within a resource group.", + "description": "Create or update policy with specified ruleset name within a resource group.", "operationId": "Policies_CreateOrUpdate", "parameters": [ { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group." + "$ref": "#/parameters/PolicyNameParameter" }, { - "name": "policyName", - "in": "path", - "required": true, - "type": "string", - "maxLength": 128, - "description": "The name of the resource group." + "$ref": "#/parameters/ResourceGroupNameParameter" }, { - "$ref": "#/parameters/SubscriptionIdParameter" + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" }, { "description": "Policy to be created.", @@ -163,9 +144,6 @@ "schema": { "$ref": "#/definitions/WebApplicationFirewallPolicy" } - }, - { - "$ref": "./network.json#/parameters/ApiVersionParameter" } ], "responses": { @@ -181,6 +159,12 @@ "$ref": "#/definitions/WebApplicationFirewallPolicy" } }, + "202": { + "description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, "default": { "description": "Error response describing why the operation failed.", "schema": { @@ -192,55 +176,86 @@ "Creates specific policy": { "$ref": "./examples/WafPolicyCreateOrUpdate.json" } - } + }, + "x-ms-long-running-operation": true }, "delete": { "tags": [ - "DeleteWebApplicationFirewallPolicy" + "WebApplicationFirewallPolicies" ], "description": "Deletes Policy", "operationId": "Policies_Delete", "parameters": [ { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group." + "$ref": "#/parameters/PolicyNameParameter" }, { - "name": "policyName", - "in": "path", - "required": true, - "type": "string", - "maxLength": 128, - "description": "The name of the resource group." + "$ref": "#/parameters/ResourceGroupNameParameter" }, { - "$ref": "#/parameters/SubscriptionIdParameter" + "$ref": "./network.json#/parameters/SubscriptionIdParameter" }, { - "$ref": "#/parameters/ApiVersionParameter" + "$ref": "./network.json#/parameters/ApiVersionParameter" } ], "responses": { + "200": { + "description": "Delete successful." + }, "202": { "description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously." }, "204": { "description": "No Content. The request has been accepted but the policy was not found." - }, - "200": { - "description": "Delete successful." } }, "x-ms-examples": { "Delete protection policy": { "$ref": "./examples/WafPolicyDelete.json" } - }, + }, "x-ms-long-running-operation": true } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets": { + "get": { + "tags": [ + "WebApplicationFirewallManagedRuleSets" + ], + "description": "Lists all available managed rule sets.", + "operationId": "ManagedRuleSets_List", + "parameters": [ + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success. The operation returns a list of all available web application firewall managed rule sets.", + "schema": { + "$ref": "#/definitions/ManagedRuleSetDefinitionList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List Policies in a Resource Group": { + "$ref": "./examples/WafListManagedRuleSets.json" + } + } + } } }, "definitions": { @@ -249,8 +264,8 @@ "properties": { "properties": { "x-ms-client-flatten": true, - "$ref": "#/definitions/WebApplicationFirewallPolicyPropertiesFormat", - "description": "Properties of the web application firewall policy." + "description": "Properties of the web application firewall policy.", + "$ref": "#/definitions/WebApplicationFirewallPolicyProperties" }, "etag": { "type": "string", @@ -263,25 +278,33 @@ } ] }, - "WebApplicationFirewallPolicyPropertiesFormat": { - "description": "Defines web application firewall policy properties", + "WebApplicationFirewallPolicyProperties": { + "description": "Defines web application firewall policy properties.", "properties": { "policySettings": { - "description": "Describes policySettings for policy", - "$ref": "#/definitions/policySettings" + "description": "Describes settings for the policy.", + "$ref": "#/definitions/PolicySettings" }, "customRules": { - "description": "Describes custom rules inside the policy", - "$ref": "#/definitions/CustomRules" + "description": "Describes custom rules inside the policy.", + "$ref": "#/definitions/CustomRuleList" }, "managedRules": { - "description": "Describes managed rules inside the policy", - "$ref": "#/definitions/ManagedRuleSets" + "description": "Describes managed rules inside the policy.", + "$ref": "#/definitions/ManagedRuleSetList" + }, + "frontendEndpointLinks": { + "description": "Describes Frontend Endpoints associated with this Web Application Firewall policy.", + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/FrontendEndpointLink" + } }, "provisioningState": { "readOnly": true, "type": "string", - "description": "Provisioning state of the WebApplicationFirewallPolicy." + "description": "Provisioning state of the policy." }, "resourceState": { "title": "Resource status of the policy.", @@ -302,8 +325,8 @@ } } }, - "WebApplicationFirewallPolicyListResult": { - "description": "Result of the request to list WebApplicationFirewallPolicies. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the next set of results.", + "WebApplicationFirewallPolicyList": { + "description": "Defines a list of WebApplicationFirewallPolicies. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the the next set of results.", "properties": { "value": { "type": "array", @@ -319,36 +342,49 @@ } } }, - "policySettings": { - "description": "Defines contents of a web application firewall global configuration", + "PolicySettings": { + "description": "Defines top-level WebApplicationFirewallPolicy configuration settings.", "properties": { "enabledState": { - "description": "describes if the policy is in enabled state or disabled state", + "description": "Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.", "type": "string", "enum": [ "Disabled", "Enabled" ], "x-ms-enum": { - "name": "enabledState", + "name": "PolicyEnabledState", "modelAsString": true - } + } }, "mode": { - "description": "Describes if it is in detection mode or prevention mode at policy level", + "description": "Describes if it is in detection mode or prevention mode at policy level.", "type": "string", "enum": [ "Prevention", "Detection" ], "x-ms-enum": { - "name": "mode", + "name": "PolicyMode", "modelAsString": true } + }, + "redirectUrl": { + "description": "If action type is redirect, this field represents redirect URL for the client.", + "type": "string" + }, + "customBlockResponseStatusCode": { + "description": "If the action type is block, customer can override the response status code.", + "type": "integer" + }, + "customBlockResponseBody": { + "description": "If the action type is block, customer can override the response body. The body must be specified in base64 encoding.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$" } } }, - "CustomRules": { + "CustomRuleList": { "description": "Defines contents of custom rules", "properties": { "rules": { @@ -362,78 +398,69 @@ }, "CustomRule": { "description": "Defines contents of a web application rule", - "required": [ - "priority", - "ruleType", - "matchConditions", - "action" - ], + "required": [ + "priority", + "ruleType", + "matchConditions", + "action" + ], "properties": { "name": { "type": "string", - "description": "Gets name of the resource that is unique within a policy. This name can be used to access the resource.", + "description": "Describes the name of the rule.", "maxLength": 128 }, - "etag": { - "type": "string", - "readOnly": true, - "description": "Gets a unique read-only string that changes whenever the resource is updated." - }, "priority": { - "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value", + "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.", "type": "integer" - }, + }, + "enabledState": { + "description": "Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.", + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "x-ms-enum": { + "name": "CustomRuleEnabledState", + "modelAsString": true + } + }, "ruleType": { - "description": "Describes type of rule", + "description": "Describes type of rule.", "type": "string", "enum": [ "MatchRule", "RateLimitRule" ], "x-ms-enum": { - "name": "ruleType", + "name": "RuleType", "modelAsString": true } }, "rateLimitDurationInMinutes": { - "description": "Defines rate limit duration. Default - 1 minute", + "description": "Defines rate limit duration. Default is 1 minute.", "type": "integer" }, "rateLimitThreshold": { - "description": "Defines rate limit threshold", + "description": "Defines rate limit threshold.", "type": "integer" }, "matchConditions": { - "description": "List of match conditions", + "description": "List of match conditions.", "type": "array", "items": { "$ref": "#/definitions/MatchCondition" } }, "action": { - "description": "Type of Actions", - "type": "string", - "enum": [ - "Allow", - "Block", - "Log" - ], - "x-ms-enum": { - "name": "action", - "modelAsString": true - } - }, - "transforms": { - "description": "List of transforms", - "type": "array", - "items": { - "$ref": "#/definitions/transform" - } + "description": "Describes what action to be applied when rule matches.", + "$ref": "#/definitions/ActionType" } } }, - "transform": { - "description": "Describes what transforms applied before matching", + "TransformType": { + "description": "Describes what transforms applied before matching.", "type": "string", "enum": [ "Lowercase", @@ -441,24 +468,23 @@ "Trim", "UrlDecode", "UrlEncode", - "RemoveNulls", - "HtmlEntityDecode" + "RemoveNulls" ], "x-ms-enum": { - "name": "transform", + "name": "TransformType", "modelAsString": true } }, "MatchCondition": { - "description": "Define match conditions", - "required": [ - "matchVariable", - "operator", + "description": "Define a match condition.", + "required": [ + "matchVariable", + "operator", "matchValue" ], "properties": { "matchVariable": { - "description": "Match Variable", + "description": "Match variable to compare against.", "type": "string", "enum": [ "RemoteAddr", @@ -467,15 +493,16 @@ "PostArgs", "RequestUri", "RequestHeader", - "RequestBody" + "RequestBody", + "Cookies" ], "x-ms-enum": { - "name": "MatchCondition", + "name": "MatchVariable", "modelAsString": true } }, "selector": { - "description": "Name of selector in RequestHeader or RequestBody to be matched", + "description": "Selector can used to match against a specific key from QueryString, PostArgs, RequestHeader or Cookies.", "type": "string" }, "operator": { @@ -492,31 +519,39 @@ "LessThanOrEqual", "GreaterThanOrEqual", "BeginsWith", - "EndsWith" + "EndsWith", + "RegEx" ], "x-ms-enum": { - "name": "operator", + "name": "Operator", "modelAsString": true } }, "negateCondition": { - "description": "Describes if this is negate condition or not", + "description": "Describes if the result of this condition should be negated.", "type": "boolean" }, "matchValue": { - "description": "Match value", + "description": "List of possible match values.", "type": "array", "items": { "type": "string" } + }, + "transforms": { + "description": "List of transforms.", + "type": "array", + "items": { + "$ref": "#/definitions/TransformType" + } } } }, - "ManagedRuleSets": { - "description": "Defines ManagedRuleSets - array of managedRuleSet", + "ManagedRuleSetList": { + "description": "Defines the list of managed rule sets for the policy.", "properties": { - "ruleSets": { - "description": "List of rules", + "managedRuleSets": { + "description": "List of rule sets.", "type": "array", "items": { "$ref": "#/definitions/ManagedRuleSet" @@ -526,80 +561,187 @@ }, "ManagedRuleSet": { "type": "object", - "description": "Base class for all types of ManagedRuleSet.", - "x-ms-discriminator-value": "Unknown", + "description": "Defines a managed rule set.", + "required": [ + "ruleSetType", + "ruleSetVersion" + ], "properties": { - "priority": { - "description": "Describes priority of the rule", - "type": "integer" - }, - "version": { - "description": "defines version of the rule set", - "type": "integer" - }, "ruleSetType": { - "description": "RuleSetType - AzureManagedRuleSet or OWASP RuleSets.", + "description": "Defines the rule set type to use.", + "type": "string" + }, + "ruleSetVersion": { + "description": "Defines the version of the rule set to use.", "type": "string" + }, + "ruleGroupOverrides": { + "description": "Defines the rule group overrides to apply to the rule set.", + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleGroupOverride" + } } - }, + } + }, + "ManagedRuleGroupOverride": { + "description": "Defines a managed rule group override setting.", "required": [ - "ruleSetType" + "ruleGroupName" ], - "discriminator": "ruleSetType" - }, - "AzureManagedRuleSet": { - "type": "object", - "description": "Describes azure managed provider.", - "x-ms-discriminator-value": "AzureManagedRuleSet", "properties": { - "ruleGroupOverrides": { - "description": "List of azure managed provider override configuration (optional)", + "ruleGroupName": { + "description": "Describes the managed rule group to override.", + "type": "string" + }, + "rules": { + "description": "List of rules that will be disabled. If none specified, all rules in the group will be disabled.", "type": "array", "items": { - "$ref": "#/definitions/AzureManagedOverrideRuleGroup" + "$ref": "#/definitions/ManagedRuleOverride" } } - }, - "allOf": [ - { - "$ref": "#/definitions/ManagedRuleSet" - } - ] + } }, - "AzureManagedOverrideRuleGroup": { - "description": "Defines contents of a web application rule", + "ManagedRuleOverride": { + "description": "Defines a managed rule group override setting.", "required": [ - "ruleGroupOverride", - "action" - ], + "ruleId" + ], "properties": { - "ruleGroupOverride": { - "description": "Describes override rule group", + "ruleId": { + "description": "Identifier for the managed rule.", + "type": "string" + }, + "enabledState": { + "description": "Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.", "type": "string", "enum": [ - "SqlInjection", - "XSS" + "Disabled", + "Enabled" ], "x-ms-enum": { - "name": "ruleGroupOverride", + "name": "ManagedRuleEnabledState", "modelAsString": true } }, "action": { - "description": "Type of Actions", - "type": "string", - "enum": [ - "Allow", - "Block", - "Log" - ], - "x-ms-enum": { - "name": "action", - "modelAsString": true + "description": "Describes the override action to be applied when rule matches.", + "$ref": "#/definitions/ActionType" + } + } + }, + "ManagedRuleSetDefinitionList": { + "description": "List of managed rule set definitions available for use in a policy.", + "properties": { + "value": { + "description": "List of managed rule set definitions.", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleSetDefinition" } + }, + "nextLink": { + "type": "string", + "description": "URL to retrieve next set of managed rule set definitions." } } }, + "ManagedRuleSetDefinition": { + "description": "Describes the a managed rule set definition.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/ManagedRuleSetDefinitionProperties" + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/Resource" + } + ] + }, + "ManagedRuleSetDefinitionProperties": { + "description": "Properties for a managed rule set definition.", + "properties": { + "provisioningState": { + "type": "string", + "readOnly": true, + "description": "Provisioning state of the managed rule set." + }, + "ruleSetType": { + "type": "string", + "readOnly": true, + "description": "Type of the managed rule set." + }, + "ruleSetVersion": { + "type": "string", + "readOnly": true, + "description": "Version of the managed rule set type." + }, + "ruleGroups": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/ManagedRuleGroupDefinition" + }, + "description": "Rule groups of the managed rule set." + } + } + }, + "ManagedRuleGroupDefinition": { + "description": "Describes a managed rule group.", + "properties": { + "ruleGroupName": { + "type": "string", + "readOnly": true, + "description": "Name of the managed rule group." + }, + "description": { + "type": "string", + "readOnly": true, + "description": "Description of the managed rule group." + }, + "rules": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/ManagedRuleDefinition" + }, + "description": "List of rules within the managed rule group." + } + } + }, + "ManagedRuleDefinition": { + "description": "Describes a managed rule definition.", + "properties": { + "ruleId": { + "description": "Identifier for the managed rule.", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "Describes the functionality of the managed rule.", + "readOnly": true, + "type": "string" + } + } + }, + "ActionType": { + "description": "Defines the action to take on rule match.", + "type": "string", + "enum": [ + "Allow", + "Block", + "Log", + "Redirect" + ], + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true + } + }, "ErrorResponse": { "description": "Error response indicates Front Door service is not able to process the incoming request. The reason is provided in the error message.", "type": "object", @@ -615,22 +757,39 @@ "type": "string" } } + }, + "FrontendEndpointLink": { + "description": "Defines the Resource ID for a Frontend Endpoint.", + "type": "object", + "readOnly": true, + "properties": { + "id": { + "type": "string", + "description": "Resource ID." + } + } } }, "parameters": { - "SubscriptionIdParameter": { - "name": "subscriptionId", + "PolicyNameParameter": { + "name": "policyName", "in": "path", "required": true, "type": "string", - "description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call." + "maxLength": 128, + "x-ms-parameter-location": "method", + "description": "The name of the Web Application Firewall Policy." }, - "ApiVersionParameter": { - "name": "api-version", - "in": "query", + "ResourceGroupNameParameter": { + "name": "resourceGroupName", + "in": "path", "required": true, "type": "string", - "description": "Client API version." + "pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", + "minLength": 1, + "maxLength": 80, + "x-ms-parameter-location": "method", + "description": "Name of the Resource group within the Azure subscription." } } -} +} \ No newline at end of file diff --git a/specification/frontdoor/resource-manager/readme.md b/specification/frontdoor/resource-manager/readme.md index 1df43c336033..c744aaf42a4d 100644 --- a/specification/frontdoor/resource-manager/readme.md +++ b/specification/frontdoor/resource-manager/readme.md @@ -28,7 +28,23 @@ These are the global settings for the FrontDoor API. title: FrontDoorManagementClient description: FrontDoor Client openapi-type: arm -tag: package-2018-08-preview +tag: package-2019-03-preview +``` + +### Tag: package-2019-03-preview + +These settings apply only when `--tag=package-2019-03-preview` is specified on the command line. + +``` yaml $(tag) == 'package-2019-03-preview' +input-file: +- Microsoft.Network/preview/2018-08-01-preview/frontdoor.json +- Microsoft.Network/preview/2018-08-01-preview/network.json +- Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json +directive: + - where: + - $.paths + suppress: + - OperationsAPIImplementation ``` ### Tag: package-2018-08-preview From 9fd71475d1ca8b5b81272ae299559e9028efa531 Mon Sep 17 00:00:00 2001 From: Eric Schwabe Date: Wed, 20 Mar 2019 14:22:01 -0700 Subject: [PATCH 3/3] Fix parameter order and enum names for SDK generation --- .../2019-03-01-preview/webapplicationfirewall.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json index e7c8dc4106e9..1bdf9739cd02 100644 --- a/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json +++ b/specification/frontdoor/resource-manager/Microsoft.Network/preview/2019-03-01-preview/webapplicationfirewall.json @@ -85,10 +85,10 @@ "operationId": "Policies_Get", "parameters": [ { - "$ref": "#/parameters/PolicyNameParameter" + "$ref": "#/parameters/ResourceGroupNameParameter" }, { - "$ref": "#/parameters/ResourceGroupNameParameter" + "$ref": "#/parameters/PolicyNameParameter" }, { "$ref": "./network.json#/parameters/SubscriptionIdParameter" @@ -125,10 +125,10 @@ "operationId": "Policies_CreateOrUpdate", "parameters": [ { - "$ref": "#/parameters/PolicyNameParameter" + "$ref": "#/parameters/ResourceGroupNameParameter" }, { - "$ref": "#/parameters/ResourceGroupNameParameter" + "$ref": "#/parameters/PolicyNameParameter" }, { "$ref": "./network.json#/parameters/SubscriptionIdParameter" @@ -187,10 +187,10 @@ "operationId": "Policies_Delete", "parameters": [ { - "$ref": "#/parameters/PolicyNameParameter" + "$ref": "#/parameters/ResourceGroupNameParameter" }, { - "$ref": "#/parameters/ResourceGroupNameParameter" + "$ref": "#/parameters/PolicyNameParameter" }, { "$ref": "./network.json#/parameters/SubscriptionIdParameter" @@ -319,7 +319,7 @@ ], "type": "string", "x-ms-enum": { - "name": "WebApplicationFirewallPolicy", + "name": "PolicyResourceState", "modelAsString": true } }