From e9d7822e921437ef84b2982b7a205d8c07263bfa Mon Sep 17 00:00:00 2001 From: Hemant Imudianda Date: Thu, 25 Jun 2020 11:10:34 -0700 Subject: [PATCH 1/3] Adding mutual auth api definitions. --- .../stable/2020-06-01/applicationGateway.json | 124 ++++++++++++++++++ .../examples/ApplicationGatewayCreate.json | 33 +++++ 2 files changed, 157 insertions(+) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json index c3bb7d279cac..0c96d0758611 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json @@ -1361,6 +1361,15 @@ }, "description": "Application Gateway Ssl policy." }, + "ApplicationGatewayClientAuthConfiguration": { + "properties": { + "verifyClientCertIssuerDN": { + "type": "boolean", + "description": "Verify client certificate issuer name on the application gateway." + } + }, + "description": "Application Gateway Client Authentication Configuration." + }, "ApplicationGatewayIPConfigurationPropertiesFormat": { "properties": { "subnet": { @@ -1494,6 +1503,49 @@ ], "description": "Trusted Root certificates of an application gateway." }, + "ApplicationGatewayTrustedClientCertificatePropertiesFormat": { + "properties": { + "data": { + "type": "string", + "description": "Certificate public data." + }, + "provisioningState": { + "readOnly": true, + "$ref": "./network.json#/definitions/ProvisioningState", + "description": "The provisioning state of the trusted client certificate resource." + } + }, + "description": "Trusted Client certificates properties of an application gateway." + }, + "ApplicationGatewayTrustedClientCertificate": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/ApplicationGatewayTrustedClientCertificatePropertiesFormat", + "description": "Properties of the application gateway trusted client certificate." + }, + "name": { + "type": "string", + "description": "Name of the trusted client certificate that is unique within an Application Gateway." + }, + "etag": { + "readOnly": true, + "type": "string", + "description": "A unique read-only string that changes whenever the resource is updated." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "Type of the resource." + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/SubResource" + } + ], + "description": "Trusted Client certificates of an application gateway." + }, "ApplicationGatewaySslCertificatePropertiesFormat": { "properties": { "data": { @@ -1827,6 +1879,60 @@ ], "description": "Backend address pool settings of an application gateway." }, + "ApplicationGatewaySslProfilePropertiesFormat": { + "properties": { + "trustedClientCertificates": { + "type": "array", + "items": { + "$ref": "./network.json#/definitions/SubResource" + }, + "description": "Array of references to application gateway trusted client certificates." + }, + "sslPolicy": { + "$ref": "#/definitions/ApplicationGatewaySslPolicy", + "description": "SSL policy of the application gateway resource." + }, + "clientAuthConfiguration": { + "$ref": "#/definitions/ApplicationGatewayClientAuthConfiguration", + "description": "Client authentication configuration of the application gateway resource." + }, + "provisioningState": { + "readOnly": true, + "$ref": "./network.json#/definitions/ProvisioningState", + "description": "The provisioning state of the HTTP listener resource." + } + }, + "description": "Properties of SSL profile of an application gateway." + }, + "ApplicationGatewaySslProfile": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/ApplicationGatewaySslProfilePropertiesFormat", + "description": "Properties of the application gateway SSL profile." + }, + "name": { + "type": "string", + "description": "Name of the SSL profile that is unique within an Application Gateway." + }, + "etag": { + "readOnly": true, + "type": "string", + "description": "A unique read-only string that changes whenever the resource is updated." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "Type of the resource." + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/SubResource" + } + ], + "description": "SSL profile of an application gateway." + }, "ApplicationGatewayHttpListenerPropertiesFormat": { "properties": { "frontendIPConfiguration": { @@ -1849,6 +1955,10 @@ "$ref": "./network.json#/definitions/SubResource", "description": "SSL certificate resource of an application gateway." }, + "sslProfile": { + "$ref": "./network.json#/definitions/SubResource", + "description": "SSL profile resource of the application gateway." + }, "requireServerNameIndication": { "type": "boolean", "description": "Applicable only if protocol is https. Enables SNI for multi-hosting." @@ -2662,6 +2772,13 @@ }, "description": "Trusted Root certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." }, + "trustedClientCertificates": { + "type": "array", + "items": { + "$ref": "#/definitions/ApplicationGatewayTrustedClientCertificate" + }, + "description": "Trusted Client certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." + }, "sslCertificates": { "type": "array", "items": { @@ -2711,6 +2828,13 @@ }, "description": "Http listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." }, + "sslProfiles": { + "type": "array", + "items": { + "$ref": "#/definitions/ApplicationGatewaySslProfile" + }, + "description": "SSL profiles of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." + }, "urlPathMaps": { "type": "array", "items": { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json index be2b1e2b121d..69027f40d9ab 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json @@ -57,6 +57,14 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "properties": { + "data": "****" + } + } + ], "frontendIPConfigurations": [ { "name": "appgwfip", @@ -107,6 +115,28 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "properties": { + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -121,6 +151,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } }, From f972361aa04290c1886173acbaf7c70bb9f513b2 Mon Sep 17 00:00:00 2001 From: Hemant Imudianda Date: Fri, 26 Jun 2020 15:01:38 -0700 Subject: [PATCH 2/3] Adding examples. --- .../examples/ApplicationGatewayCreate.json | 74 +++++++++++++++++++ .../examples/ApplicationGatewayGet.json | 37 ++++++++++ 2 files changed, 111 insertions(+) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json index 69027f40d9ab..7d68f9d67e02 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json @@ -318,6 +318,16 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert", + "properties": { + "provisioningState": "Succeeded", + "data": "****" + } + } + ], "authenticationCertificates": [], "frontendIPConfigurations": [ { @@ -373,6 +383,30 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1", + "properties": { + "provisioningState": "Succeeded", + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -389,6 +423,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } }, @@ -564,6 +601,16 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert", + "properties": { + "provisioningState": "Succeeded", + "data": "****" + } + } + ], "authenticationCertificates": [], "frontendIPConfigurations": [ { @@ -622,6 +669,30 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1", + "properties": { + "provisioningState": "Succeeded", + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -638,6 +709,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } }, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json index 8b064367879f..c0cacc270d09 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json @@ -42,6 +42,16 @@ } } ], + "trustedClientCertificates": [ + { + "name": "clientcert", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert", + "properties": { + "provisioningState": "Succeeded", + "data": "****" + } + } + ], "authenticationCertificates": [], "frontendIPConfigurations": [ { @@ -97,6 +107,30 @@ } } ], + "sslProfiles": [ + { + "name": "sslProfile1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1", + "properties": { + "provisioningState": "Succeeded", + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_1", + "cipherSuites": [ + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + ] + }, + "clientAuthConfiguration": { + "verifyClientCertIssuerDN": true + }, + "trustedClientCertificates": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert" + } + ] + } + } + ], "httpListeners": [ { "name": "appgwhl", @@ -113,6 +147,9 @@ "sslCertificate": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert" }, + "sslProfile": { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1" + }, "requireServerNameIndication": false } }, From 08f526c7011f9d34fbe7e912c9b2994e75179a80 Mon Sep 17 00:00:00 2001 From: Hemant Imudianda Date: Fri, 26 Jun 2020 15:38:28 -0700 Subject: [PATCH 3/3] Fixing case. --- .../stable/2020-06-01/applicationGateway.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json index 0c96d0758611..95e3258db2d0 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json @@ -1368,7 +1368,7 @@ "description": "Verify client certificate issuer name on the application gateway." } }, - "description": "Application Gateway Client Authentication Configuration." + "description": "Application gateway client authentication configuration." }, "ApplicationGatewayIPConfigurationPropertiesFormat": { "properties": { @@ -1515,7 +1515,7 @@ "description": "The provisioning state of the trusted client certificate resource." } }, - "description": "Trusted Client certificates properties of an application gateway." + "description": "Trusted client certificates properties of an application gateway." }, "ApplicationGatewayTrustedClientCertificate": { "properties": { @@ -1544,7 +1544,7 @@ "$ref": "./network.json#/definitions/SubResource" } ], - "description": "Trusted Client certificates of an application gateway." + "description": "Trusted client certificates of an application gateway." }, "ApplicationGatewaySslCertificatePropertiesFormat": { "properties": { @@ -2777,7 +2777,7 @@ "items": { "$ref": "#/definitions/ApplicationGatewayTrustedClientCertificate" }, - "description": "Trusted Client certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." + "description": "Trusted client certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)." }, "sslCertificates": { "type": "array",