search

Azure / azure-rest-api-specs

The source for REST API specifications for Microsoft Azure.
MIT License
2.61k stars 5.01k forks source link

[BUG] `selector` and `selectorMatchOperator` properties shouldn't be defined required in `ApplicationGatewayFirewallExclusion` #21852

Closed XiaofeiCao closed 1 year ago

XiaofeiCao commented 1 year ago

Hi team,

In portal, we can apply "Equals any" operator in exclusion rule for WAF_V2. In this case, both selector and selectorMatchOperator fields are null.

image

Request payload: image

Response: image

This contradicts the specs specification, where these properties are defined required.

SDK will validate the required restriction for fields during update, hence we can't add or update configuration rules with Equals any operator in them.

ghost commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @appgwsuppgithub.

Issue Details
Hi team, In portal, we can apply "Equals any" operator in exclusion rule for WAF_V2. In this case, both `selector` and `selectorMatchOperator` fields are null. ![image](https://user-images.githubusercontent.com/92354331/206995989-e8e92781-3227-40f2-aa63-417a9a212c5c.png) Request payload: ![image](https://user-images.githubusercontent.com/92354331/206995885-51711d64-c524-4dbc-b1df-c4888c76b2fa.png) Response: ![image](https://user-images.githubusercontent.com/92354331/206995907-727b0ec2-f87e-4347-addd-ffa4eebe0b13.png) This contradicts the [specs specification](https://github.com/Azure/azure-rest-api-specs/blob/main/specification/network/resource-manager/Microsoft.Network/stable/2022-01-01/applicationGateway.json#L3484-L3488), where these properties are defined required. SDK will validate the required restriction for fields during update, hence we can't add or update configuration rules with `Equals any` operator in them.
Author: XiaofeiCao
Assignees: -
Labels: `Network - Application Gateway`, `Service Attention`
Milestone: -
XiaofeiCao commented 1 year ago

WebApplicationFirewall is to be deprecated, so backend won't fix it. Closing this issue.

The issue here is in the webApplicationFirewallConfiguration. This is OLD way of doing WAF config and is on path to deprecation. New way is via WAF Policy. I don't think we need to fix this in swagger.