search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.97k stars 2.94k forks source link

Application Gateway CLI for WAF custom rules #8369

Closed amitsriva closed 5 years ago

amitsriva commented 5 years ago

Swagger for the feature of WAF custom rules is out. Could we start the CLI for custom rules process?

tjprescott commented 5 years ago

@amitsriva please provide the following information for us to begin work on this:

Description of Feature Provide a brief description of the feature. A link to conceptual documentation may be helpful too.

Minimum API Version Required What is the minimum API version of your service required to implement your feature?

Swagger Link Provide a link to the resource in the rest API specs repo. Note that this PR should be to the master branch of the rest API specs repo.

Target Date (Optional) If you have a target date for release of this feature, please provide it. That will help us schedule the work.

tjprescott commented 5 years ago

Moving to the backlog until I get details from the service team.

asridharan commented 5 years ago

Resource Provider: NRP

Description of Feature Provide a brief description of the feature. A link to conceptual documentation may be helpful too. WAF custom rules allow users to author their own web application firewall rules. In order to use custom rules, we have introduced a new top level WAF resource that users will need to author in order to use custom rules. Once the user creates the Azure networking WAF resource he will associate this resource with a specific application gateway to enable WAF policy (in this case custom rules)

Minimum API Version Required What is the minimum API version of your service required to implement your feature? 2018-12-01

Swagger Link Provide a link to the resource in the rest API specs repo. Note that this PR should be to the master branch of the rest API specs repo. https://github.com/Azure/azure-rest-api-specs/blob/master/specification/network/resource-manager/Microsoft.Network/stable/2018-12-01/applicationGateway.json https://github.com/Azure/azure-rest-api-specs/blob/master/specification/network/resource-manager/Microsoft.Network/stable/2018-12-01/webapplicationfirewall.json

Target Date (Optional) If you have a target date for release of this feature, please provide it. That will help us schedule the work. 03/29/2019

asridharan commented 5 years ago

@tjprescott are the details given my earlier comment enough?

Thanks, Avinash

asridharan commented 5 years ago

@tjprescott just wanted to highlight that the above swagger definitions define a new top level WAF resource in NRP. So the CLI would need to be something like:

az network application-gateway-waf

The custom rule feature is property for the top level application-gateway-waf resource.

The top level WAF resource can than be attached to any application gateway resource in its firewallpolicy property.

tjprescott commented 5 years ago

@asridharan is this a generic WAF policy object that is intended for use with several resources, or is it only for use by app gateways? Currently the FrontDoor WAF policy already occupies a top-level spot (az network front-door and az network waf-policy) via its extension. Can a WAF policy be applied to multiple app-gateways?