Skip to content

Add TLS Termination support for FirewallPolicy #9314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
akning-ms merged 2 commits into from
May 5, 2020
Merged

Add TLS Termination support for FirewallPolicy #9314

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
93b00ba
Add TLS Termination support for FirewallPolicy
May 3, 2020
e9551e2
firewallPolicy: certificatesAuthority -> certificateAuthority
odedlaz May 5, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 89 additions & 0 deletions ...fication/network/resource-manager/Microsoft.Network/stable/2020-04-01/firewallPolicy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -566,6 +566,10 @@
"type": "string",
"readOnly": true,
"description": "A unique read-only string that changes whenever the resource is updated."
},
"identity": {
"$ref": "./network.json#/definitions/ManagedServiceIdentity",
"description": "The identity of the firewall policy."
}
},
"allOf": [
Expand Down Expand Up @@ -622,10 +626,84 @@
"intrusionSystemMode": {
"description": "The operation mode for Intrusion system.",
"$ref": "#/definitions/FirewallPolicyIntrusionSystemMode"
},
"transportSecurity": {
"description": "TLS Configuration definition.",
"$ref": "#/definitions/FirewallPolicyTransportSecurity"
}
},
"description": "Firewall Policy definition."
},
"FirewallPolicyTransportSecurity": {
"properties": {
"certificateAuthority": {
"$ref": "#/definitions/FirewallPolicyCertificateAuthority",
"description": "The CA used for intermediate CA generation."
},
"excludedDomains": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of domains which are excluded from TLS termination."
},
"trustedRootCertificates": {
"type": "array",
"items": {
"$ref": "#/definitions/FirewallPolicyTrustedRootCertificate",
"description": "A list of certificates which are to be trusted by the firewall."
},
"description": "Certificates which are to be trusted by the firewall."
}
},
"description": "Configuration needed to perform TLS termination & initiation."
},
"FirewallPolicyTrustedRootCertificate": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/FirewallPolicyTrustedRootCertificatePropertiesFormat",
"description": "Properties of the trusted root authorities."
},
"name": {
"type": "string",
"description": "Name of the trusted root certificate that is unique within a firewall policy."
}
},
"description": "Trusted Root certificates of a firewall policy."
},
"FirewallPolicyTrustedRootCertificatePropertiesFormat": {
"properties": {
"keyVaultSecretId": {
"type": "string",
"description": "Secret Id of (base-64 encoded unencrypted pfx) the public certificate data stored in KeyVault."
}
},
"description": "Trusted Root certificates properties for tls."
},
"FirewallPolicyCertificateAuthority": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/FirewallPolicyCertificateAuthorityPropertiesFormat",
"description": "Properties of the certificate authority."
},
"name": {
"type": "string",
"description": "Name of the CA certificate."
}
},
"description": "Trusted Root certificates properties for tls."
},
"FirewallPolicyCertificateAuthorityPropertiesFormat": {
"properties": {
"keyVaultSecretId": {
"type": "string",
"description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault."
}
},
"description": "Trusted Root certificates properties for tls."
},
"FirewallPolicyRuleGroup": {
"properties": {
"properties": {
Expand Down Expand Up @@ -823,6 +901,13 @@
},
"description": "Array of Application Protocols."
},
"targetUrls": {
"type": "array",
"description": "List of Urls for this rule condition.",
"items": {
"type": "string"
}
},
"targetFqdns": {
"type": "array",
"description": "List of FQDNs for this rule condition.",
Expand Down Expand Up @@ -890,6 +975,10 @@
"items": {
"type": "string"
}
},
"terminateTLS": {
"type": "boolean",
"description": "Terminate TLS connections for this rule."
}
}
},
Expand Down