diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json index c3bb7d279cac..95e3258db2d0 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json @@ -1361,6 +1361,15 @@ }, "description": "Application Gateway Ssl policy." }, + "ApplicationGatewayClientAuthConfiguration": { + "properties": { + "verifyClientCertIssuerDN": { + "type": "boolean", + "description": "Verify client certificate issuer name on the application gateway." + } + }, + "description": "Application gateway client authentication configuration." + }, "ApplicationGatewayIPConfigurationPropertiesFormat": { "properties": { "subnet": { @@ -1494,6 +1503,49 @@ ], "description": "Trusted Root certificates of an application gateway." }, + "ApplicationGatewayTrustedClientCertificatePropertiesFormat": { + "properties": { + "data": { + "type": "string", + "description": "Certificate public data." + }, + "provisioningState": { + "readOnly": true, + "$ref": "./network.json#/definitions/ProvisioningState", + "description": "The provisioning state of the trusted client certificate resource." + } + }, + "description": "Trusted client certificates properties of an application gateway." + }, + "ApplicationGatewayTrustedClientCertificate": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/ApplicationGatewayTrustedClientCertificatePropertiesFormat", + "description": "Properties of the application gateway trusted client certificate." + }, + "name": { + "type": "string", + "description": "Name of the trusted client certificate that is unique within an Application Gateway." + }, + "etag": { + "readOnly": true, + "type": "string", + "description": "A unique read-only string that changes whenever the resource is updated." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "Type of the resource." + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/SubResource" + } + ], + "description": "Trusted client certificates of an application gateway." + }, "ApplicationGatewaySslCertificatePropertiesFormat": { "properties": { "data": { @@ -1827,6 +1879,60 @@ ], "description": "Backend address pool settings of an application gateway." }, + "ApplicationGatewaySslProfilePropertiesFormat": { + "properties": { + "trustedClientCertificates": { + "type": "array", + "items": { + "$ref": "./network.json#/definitions/SubResource" + }, + "description": "Array of references to application gateway trusted client certificates." + }, + "sslPolicy": { + "$ref": "#/definitions/ApplicationGatewaySslPolicy", + "description": "SSL policy of the application gateway resource." + }, + "clientAuthConfiguration": { + "$ref": "#/definitions/ApplicationGatewayClientAuthConfiguration", + "description": "Client authentication configuration of the application gateway resource." + }, + "provisioningState": { + "readOnly": true, + "$ref": "./network.json#/definitions/ProvisioningState", + "description": "The provisioning state of the HTTP listener resource." + } + }, + "description": "Properties of SSL profile of an application gateway." + }, + "ApplicationGatewaySslProfile": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/ApplicationGatewaySslProfilePropertiesFormat", + "description": "Properties of the application gateway SSL profile." + }, + "name": { + "type": "string", + "description": "Name of the SSL profile that is unique within an Application Gateway." + }, + "etag": { + "readOnly": true, + "type": "string", + "description": "A unique read-only string that changes whenever the resource is updated." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "Type of the resource." + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/SubResource" + } + ], + "description": "SSL profile of an application gateway." + }, "ApplicationGatewayHttpListenerPropertiesFormat": { "properties": { "frontendIPConfiguration": { @@ -1849,6 +1955,10 @@ "$ref": "./network.json#/definitions/SubResource", "description": "SSL certificate resource of an application gateway." }, + "sslProfile": { + "$ref": "./network.json#/definitions/SubResource", + "description": "SSL profile resource of the application gateway." + }, "requireServerNameIndication": { "type": "boolean", "description": "Applicable only if protocol is https. Enables SNI for multi-hosting." @@ -2662,6 +2772,13 @@ }, "description": "Trusted Root certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." }, + "trustedClientCertificates": { + "type": "array", + "items": { + "$ref": "#/definitions/ApplicationGatewayTrustedClientCertificate" + }, + "description": "Trusted client certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." + }, "sslCertificates": { "type": "array", "items": { @@ -2711,6 +2828,13 @@ }, "description": "Http listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." }, + "sslProfiles": { + "type": "array", + "items": { + "$ref": "#/definitions/ApplicationGatewaySslProfile" + }, + "description": "SSL profiles of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." + }, "urlPathMaps": { "type": "array", "items": { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json index be2b1e2b121d..7d68f9d67e02 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json @@ -57,6 +57,14 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "properties": { + "data": "****" + } + } + ], "frontendIPConfigurations": [ { "name": "appgwfip", @@ -107,6 +115,28 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "properties": { + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -121,6 +151,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } }, @@ -285,6 +318,16 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert", + "properties": { + "provisioningState": "Succeeded", + "data": "****" + } + } + ], "authenticationCertificates": [], "frontendIPConfigurations": [ { @@ -340,6 +383,30 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1", + "properties": { + "provisioningState": "Succeeded", + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -356,6 +423,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } }, @@ -531,6 +601,16 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert", + "properties": { + "provisioningState": "Succeeded", + "data": "****" + } + } + ], "authenticationCertificates": [], "frontendIPConfigurations": [ { @@ -589,6 +669,30 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1", + "properties": { + "provisioningState": "Succeeded", + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -605,6 +709,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } }, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json index 8b064367879f..c0cacc270d09 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json @@ -42,6 +42,16 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert", + "properties": { + "provisioningState": "Succeeded", + "data": "****" + } + } + ], "authenticationCertificates": [], "frontendIPConfigurations": [ { @@ -97,6 +107,30 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1", + "properties": { + "provisioningState": "Succeeded", + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -113,6 +147,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } },