From 060220aa19e6dd43312cd17beb67135034b1bb95 Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Mon, 14 Sep 2020 15:34:41 +0300 Subject: [PATCH 1/8] Add firewall policy premium feature properties --- .../stable/2020-07-01/firewallPolicy.json | 187 ++++++++++++++++++ 1 file changed, 187 insertions(+) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json index a1a700384027..2652b7674fa9 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json @@ -566,6 +566,10 @@ "type": "string", "readOnly": true, "description": "A unique read-only string that changes whenever the resource is updated." + }, + "identity": { + "$ref": "./network.json#/definitions/ManagedServiceIdentity", + "description": "The identity of the firewall policy." } }, "allOf": [ @@ -622,6 +626,14 @@ "dnsSettings": { "description": "DNS Proxy Settings definition.", "$ref": "#/definitions/DnsSettings" + }, + "intrusionDetection": { + "description": "The configuration for Intrusion detection.", + "$ref": "#/definitions/FirewallPolicyIntrusionDetection" + }, + "transportSecurity": { + "description": "TLS Configuration definition.", + "$ref": "#/definitions/FirewallPolicyTransportSecurity" } }, "description": "Firewall Policy definition." @@ -825,6 +837,13 @@ "type": "string" } }, + "targetUrls": { + "type": "array", + "description": "List of Urls for this rule condition.", + "items": { + "type": "string" + } + }, "fqdnTags": { "type": "array", "description": "List of FQDN Tags for this rule.", @@ -838,6 +857,10 @@ "items": { "type": "string" } + }, + "terminateTLS": { + "type": "boolean", + "description": "Terminate TLS connections for this rule." } }, "description": "Rule of type application." @@ -1114,6 +1137,170 @@ "x-nullable": true } } + }, + "FirewallPolicyIntrusionDetection": { + "description": "Configuration for intrusion detection mode and rules.", + "properties": { + "mode": { + "$ref": "#/definitions/FirewallPolicyIntrusionDetectionStateOptions", + "description": "Intrusion detection general state." + }, + "configuration": { + "$ref": "#/definitions/FirewallPolicyIntrusionDetectionConfiguration", + "description": "Intrusion detection configuration properties." + } + } + }, + "FirewallPolicyIntrusionDetectionStateOptions": { + "type": "string", + "description": "Possible state values.", + "enum": [ + "Off", + "Alert", + "Deny" + ], + "x-ms-enum": { + "name": "FirewallPolicyIntrusionDetectionStateType", + "modelAsString": true + } + }, + "FirewallPolicyIntrusionDetectionConfiguration": { + "description": "The operation for configuring intrusion detection.", + "properties": { + "signatureOverrides": { + "type": "array", + "description": "List of specific signatures states.", + "items": { + "$ref": "#/definitions/FirewallPolicyIntrusionDetectionSignatureSpecification" + } + }, + "bypassTrafficSettings": { + "type": "array", + "description": "List of rules for traffic to bypass.", + "items": { + "$ref": "#/definitions/FirewallPolicyIntrusionDetectionBypassTrafficSpecifications" + } + } + } + }, + "FirewallPolicyIntrusionDetectionSignatureSpecification": { + "properties": { + "id": { + "type": "string", + "description": "Signature id" + }, + "mode": { + "$ref": "#/definitions/FirewallPolicyIntrusionDetectionStateOptions", + "description": "The signature state." + } + }, + "description": "Intrusion detection signatures specification states." + }, + "FirewallPolicyIntrusionDetectionBypassTrafficSpecifications": { + "properties": { + "name": { + "type": "string", + "description": "Name of the bypass traffic rule." + }, + "description": { + "type": "string", + "description": "Description of the bypass traffic rule." + }, + "protocol": { + "type": "string", + "$ref": "#/definitions/FirewallPolicyIntrusionSystemBypassTrafficProtocol", + "description": "The rule bypass protocol." + }, + "sourceAddresses": { + "type": "array", + "description": "List of source IP addresses or ranges for this rule.", + "items": { + "type": "string" + } + }, + "destinationAddresses": { + "type": "array", + "description": "List of destination IP addresses or ranges for this rule.", + "items": { + "type": "string" + } + }, + "destinationPorts": { + "type": "array", + "description": "List of destination ports or ranges.", + "items": { + "type": "string" + } + }, + "sourceIpGroups": { + "type": "array", + "description": "List of source IpGroups for this rule.", + "items": { + "type": "string" + } + }, + "destinationIpGroups": { + "type": "array", + "description": "List of destination IpGroups for this rule.", + "items": { + "type": "string" + } + } + }, + "description": "Intrusion detection bypass traffic specification." + }, + "FirewallPolicyIntrusionSystemBypassTrafficProtocol": { + "type": "string", + "description": "Possible intrusion detection bypass traffic protocols.", + "enum": [ + "TCP", + "UDP", + "ICMP", + "ANY" + ], + "x-ms-enum": { + "name": "FirewallPolicyIntrusionDetectionProtocol", + "modelAsString": true + } + }, + "FirewallPolicyTransportSecurity": { + "properties": { + "certificateAuthority": { + "$ref": "#/definitions/FirewallPolicyCertificateAuthority", + "description": "The CA used for intermediate CA generation." + }, + "excludedDomains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of domains which are excluded from TLS termination." + } + }, + "description": "Configuration needed to perform TLS termination & initiation." + }, + "FirewallPolicyCertificateAuthority": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/FirewallPolicyCertificateAuthorityPropertiesFormat", + "description": "Properties of the certificate authority." + }, + "name": { + "type": "string", + "description": "Name of the CA certificate." + } + }, + "description": "Trusted Root certificates properties for tls." + }, + "FirewallPolicyCertificateAuthorityPropertiesFormat": { + "properties": { + "keyVaultSecretId": { + "type": "string", + "description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault." + } + }, + "description": "Trusted Root certificates properties for tls." } } } From 05f6d424d78a1c26055f14207bf8d03befba6214 Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Tue, 15 Sep 2020 12:07:50 +0300 Subject: [PATCH 2/8] CR --- .../stable/2020-07-01/firewallPolicy.json | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json index 2652b7674fa9..82bb4e6e1eb2 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json @@ -1208,7 +1208,7 @@ }, "protocol": { "type": "string", - "$ref": "#/definitions/FirewallPolicyIntrusionSystemBypassTrafficProtocol", + "$ref": "#/definitions/FirewallPolicyIntrusionDetectionBypassTrafficProtocol", "description": "The rule bypass protocol." }, "sourceAddresses": { @@ -1249,7 +1249,7 @@ }, "description": "Intrusion detection bypass traffic specification." }, - "FirewallPolicyIntrusionSystemBypassTrafficProtocol": { + "FirewallPolicyIntrusionDetectionBypassTrafficProtocol": { "type": "string", "description": "Possible intrusion detection bypass traffic protocols.", "enum": [ @@ -1268,13 +1268,6 @@ "certificateAuthority": { "$ref": "#/definitions/FirewallPolicyCertificateAuthority", "description": "The CA used for intermediate CA generation." - }, - "excludedDomains": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of domains which are excluded from TLS termination." } }, "description": "Configuration needed to perform TLS termination & initiation." From a6086c2d010ff267cda61668233cff34c6bf0852 Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Wed, 16 Sep 2020 17:14:59 +0300 Subject: [PATCH 3/8] add examples --- .../FirewallPolicyListByResourceGroup.json | 27 +++++++ .../FirewallPolicyListBySubscription.json | 27 +++++++ .../examples/FirewallPolicyPut.json | 81 +++++++++++++++++++ 3 files changed, 135 insertions(+) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json index 4673c341e84c..a87809f4b474 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json @@ -32,6 +32,33 @@ ], "enableProxy": true, "requireProxyForNetworkRules": false + }, + "intrusionDetection": { + "mode": "Alert", + "configuration": { + "signatureOverrides": [ + { + "id": "2525004", + "mode": "Deny" + } + ], + "bypassTrafficSettings": [ + { + "name": "bypassRule1", + "description": "Rule 1", + "protocol": "TCP", + "sourceAddresses": [ + "1.2.3.4" + ], + "destinationAddresses": [ + "5.6.7.8" + ], + "DestinationPorts": [ + "*" + ] + } + ] + } } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json index 917495d74ab5..dac05e94a432 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json @@ -31,6 +31,33 @@ ], "enableProxy": true, "requireProxyForNetworkRules": false + }, + "intrusionDetection": { + "mode": "Alert", + "configuration": { + "signatureOverrides": [ + { + "id": "2525004", + "mode": "Deny" + } + ], + "bypassTrafficSettings": [ + { + "name": "bypassRule1", + "description": "Rule 1", + "protocol": "TCP", + "sourceAddresses": [ + "1.2.3.4" + ], + "destinationAddresses": [ + "5.6.7.8" + ], + "DestinationPorts": [ + "*" + ] + } + ] + } } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json index 509bd27a6fd2..e1c4dd38f6e8 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json @@ -25,6 +25,33 @@ ], "enableProxy": true, "requireProxyForNetworkRules": false + }, + "intrusionDetection": { + "mode": "Alert", + "configuration": { + "signatureOverrides": [ + { + "id": "2525004", + "mode": "Deny" + } + ], + "bypassTrafficSettings": [ + { + "name": "bypassRule1", + "description": "Rule 1", + "protocol": "TCP", + "sourceAddresses": [ + "1.2.3.4" + ], + "destinationAddresses": [ + "5.6.7.8" + ], + "DestinationPorts": [ + "*" + ] + } + ] + } } } } @@ -66,6 +93,33 @@ ], "enableProxy": true, "requireProxyForNetworkRules": false + }, + "intrusionDetection": { + "mode": "Alert", + "configuration": { + "signatureOverrides": [ + { + "id": "2525004", + "mode": "Deny" + } + ], + "bypassTrafficSettings": [ + { + "name": "bypassRule1", + "description": "Rule 1", + "protocol": "TCP", + "sourceAddresses": [ + "1.2.3.4" + ], + "destinationAddresses": [ + "5.6.7.8" + ], + "DestinationPorts": [ + "*" + ] + } + ] + } } } } @@ -106,6 +160,33 @@ ], "enableProxy": true, "requireProxyForNetworkRules": false + }, + "intrusionDetection": { + "mode": "Alert", + "configuration": { + "signatureOverrides": [ + { + "id": "2525004", + "mode": "Deny" + } + ], + "bypassTrafficSettings": [ + { + "name": "bypassRule1", + "description": "Rule 1", + "protocol": "TCP", + "sourceAddresses": [ + "1.2.3.4" + ], + "destinationAddresses": [ + "5.6.7.8" + ], + "DestinationPorts": [ + "*" + ] + } + ] + } } } } From 9b3c553b0cfd68670c4f6ce7f8787788660c7e1e Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Wed, 16 Sep 2020 18:54:39 +0300 Subject: [PATCH 4/8] Add transportSecurity examples --- .../examples/FirewallPolicyGet.json | 33 +++++++++++++++++++ .../FirewallPolicyListByResourceGroup.json | 6 ++++ .../FirewallPolicyListBySubscription.json | 6 ++++ .../examples/FirewallPolicyPut.json | 18 ++++++++++ 4 files changed, 63 insertions(+) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json index 8faff4daba32..73aca306848e 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json @@ -39,6 +39,39 @@ ], "enableProxy": true, "requireProxyForNetworkRules": false + }, + "intrusionDetection": { + "mode": "Alert", + "configuration": { + "signatureOverrides": [ + { + "id": "2525004", + "mode": "Deny" + } + ], + "bypassTrafficSettings": [ + { + "name": "bypassRule1", + "description": "Rule 1", + "protocol": "TCP", + "sourceAddresses": [ + "1.2.3.4" + ], + "destinationAddresses": [ + "5.6.7.8" + ], + "DestinationPorts": [ + "*" + ] + } + ] + } + }, + "transportSecurity": { + "certificateAuthority": { + "name": "clientcert", + "keyVaultSecretId": "https://kv/secret" + } } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json index a87809f4b474..e06aead82b69 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json @@ -59,6 +59,12 @@ } ] } + }, + "transportSecurity": { + "certificateAuthority": { + "name": "clientcert", + "keyVaultSecretId": "https://kv/secret" + } } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json index dac05e94a432..e68e9031c544 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json @@ -58,6 +58,12 @@ } ] } + }, + "transportSecurity": { + "certificateAuthority": { + "name": "clientcert", + "keyVaultSecretId": "https://kv/secret" + } } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json index e1c4dd38f6e8..acdc32f24b67 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json @@ -52,6 +52,12 @@ } ] } + }, + "transportSecurity": { + "certificateAuthority": { + "name": "clientcert", + "keyVaultSecretId": "https://kv/secret" + } } } } @@ -120,6 +126,12 @@ } ] } + }, + "transportSecurity": { + "certificateAuthority": { + "name": "clientcert", + "keyVaultSecretId": "https://kv/secret" + } } } } @@ -187,6 +199,12 @@ } ] } + }, + "transportSecurity": { + "certificateAuthority": { + "name": "clientcert", + "keyVaultSecretId": "https://kv/secret" + } } } } From 5b870ca04c408d5cc83903e6ba942d94fbd3dcf4 Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Thu, 17 Sep 2020 15:04:00 +0300 Subject: [PATCH 5/8] remove redundant class --- .../stable/2020-07-01/firewallPolicy.json | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json index 82bb4e6e1eb2..a8a9d62dcef5 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json @@ -1274,10 +1274,9 @@ }, "FirewallPolicyCertificateAuthority": { "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/FirewallPolicyCertificateAuthorityPropertiesFormat", - "description": "Properties of the certificate authority." + "keyVaultSecretId": { + "type": "string", + "description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault." }, "name": { "type": "string", @@ -1285,15 +1284,6 @@ } }, "description": "Trusted Root certificates properties for tls." - }, - "FirewallPolicyCertificateAuthorityPropertiesFormat": { - "properties": { - "keyVaultSecretId": { - "type": "string", - "description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault." - } - }, - "description": "Trusted Root certificates properties for tls." } } } From 3bda97cf31c8450a9ec426255341e6ff62084146 Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Thu, 17 Sep 2020 15:30:06 +0300 Subject: [PATCH 6/8] fix examples --- .../stable/2020-07-01/examples/FirewallPolicyGet.json | 2 +- .../examples/FirewallPolicyListByResourceGroup.json | 2 +- .../examples/FirewallPolicyListBySubscription.json | 2 +- .../stable/2020-07-01/examples/FirewallPolicyPut.json | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json index 73aca306848e..45531eac7aaf 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json @@ -60,7 +60,7 @@ "destinationAddresses": [ "5.6.7.8" ], - "DestinationPorts": [ + "destinationPorts": [ "*" ] } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json index e06aead82b69..cf74912ea935 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json @@ -53,7 +53,7 @@ "destinationAddresses": [ "5.6.7.8" ], - "DestinationPorts": [ + "destinationPorts": [ "*" ] } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json index e68e9031c544..80f80ffa7caa 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json @@ -52,7 +52,7 @@ "destinationAddresses": [ "5.6.7.8" ], - "DestinationPorts": [ + "destinationPorts": [ "*" ] } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json index acdc32f24b67..537ed3c33671 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json @@ -46,7 +46,7 @@ "destinationAddresses": [ "5.6.7.8" ], - "DestinationPorts": [ + "destinationPorts": [ "*" ] } @@ -120,7 +120,7 @@ "destinationAddresses": [ "5.6.7.8" ], - "DestinationPorts": [ + "destinationPorts": [ "*" ] } @@ -193,7 +193,7 @@ "destinationAddresses": [ "5.6.7.8" ], - "DestinationPorts": [ + "destinationPorts": [ "*" ] } From 53013b34d85e6fd5634be9530d69885114a56b09 Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Thu, 24 Sep 2020 11:27:27 +0300 Subject: [PATCH 7/8] Add firewall policy sku tier --- .../examples/FirewallPolicyGet.json | 3 ++ .../FirewallPolicyListByResourceGroup.json | 34 ++----------------- .../FirewallPolicyListBySubscription.json | 34 ++----------------- .../examples/FirewallPolicyPut.json | 9 +++++ .../stable/2020-07-01/firewallPolicy.json | 21 ++++++++++++ 5 files changed, 37 insertions(+), 64 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json index 45531eac7aaf..5c9bf22d176b 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyGet.json @@ -40,6 +40,9 @@ "enableProxy": true, "requireProxyForNetworkRules": false }, + "sku": { + "tier": "Premium" + }, "intrusionDetection": { "mode": "Alert", "configuration": { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json index cf74912ea935..b692c8709a4b 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListByResourceGroup.json @@ -33,38 +33,8 @@ "enableProxy": true, "requireProxyForNetworkRules": false }, - "intrusionDetection": { - "mode": "Alert", - "configuration": { - "signatureOverrides": [ - { - "id": "2525004", - "mode": "Deny" - } - ], - "bypassTrafficSettings": [ - { - "name": "bypassRule1", - "description": "Rule 1", - "protocol": "TCP", - "sourceAddresses": [ - "1.2.3.4" - ], - "destinationAddresses": [ - "5.6.7.8" - ], - "destinationPorts": [ - "*" - ] - } - ] - } - }, - "transportSecurity": { - "certificateAuthority": { - "name": "clientcert", - "keyVaultSecretId": "https://kv/secret" - } + "sku": { + "tier": "Standard" } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json index 80f80ffa7caa..50fe370c18c1 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyListBySubscription.json @@ -32,38 +32,8 @@ "enableProxy": true, "requireProxyForNetworkRules": false }, - "intrusionDetection": { - "mode": "Alert", - "configuration": { - "signatureOverrides": [ - { - "id": "2525004", - "mode": "Deny" - } - ], - "bypassTrafficSettings": [ - { - "name": "bypassRule1", - "description": "Rule 1", - "protocol": "TCP", - "sourceAddresses": [ - "1.2.3.4" - ], - "destinationAddresses": [ - "5.6.7.8" - ], - "destinationPorts": [ - "*" - ] - } - ] - } - }, - "transportSecurity": { - "certificateAuthority": { - "name": "clientcert", - "keyVaultSecretId": "https://kv/secret" - } + "sku": { + "tier": "Standard" } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json index 537ed3c33671..ce54af24bb58 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/examples/FirewallPolicyPut.json @@ -26,6 +26,9 @@ "enableProxy": true, "requireProxyForNetworkRules": false }, + "sku": { + "tier": "Premium" + }, "intrusionDetection": { "mode": "Alert", "configuration": { @@ -100,6 +103,9 @@ "enableProxy": true, "requireProxyForNetworkRules": false }, + "sku": { + "tier": "Premium" + }, "intrusionDetection": { "mode": "Alert", "configuration": { @@ -173,6 +179,9 @@ "enableProxy": true, "requireProxyForNetworkRules": false }, + "sku": { + "tier": "Premium" + }, "intrusionDetection": { "mode": "Alert", "configuration": { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json index a8a9d62dcef5..c498a31cfd6e 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json @@ -634,6 +634,10 @@ "transportSecurity": { "description": "TLS Configuration definition.", "$ref": "#/definitions/FirewallPolicyTransportSecurity" + }, + "sku": { + "description": "The Firewall Policy SKU.", + "$ref": "#/definitions/FirewallPolicySku" } }, "description": "Firewall Policy definition." @@ -1285,5 +1289,22 @@ }, "description": "Trusted Root certificates properties for tls." } + }, + "FirewallPolicySku": { + "properties": { + "tier": { + "type": "string", + "description": "Tier of Firewall Policy.", + "enum": [ + "Standard", + "Premium" + ], + "x-ms-enum": { + "name": "FirewallPolicySkuTier", + "modelAsString": true + } + } + }, + "description": "SKU of Firewall policy." } } From 74b8de8baa826159aff4de582150c5c6cdc9b918 Mon Sep 17 00:00:00 2001 From: Adi Griever Date: Thu, 24 Sep 2020 12:49:52 +0300 Subject: [PATCH 8/8] fix validation --- .../stable/2020-07-01/firewallPolicy.json | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json index c498a31cfd6e..cb82bc83ef63 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-07-01/firewallPolicy.json @@ -1288,23 +1288,23 @@ } }, "description": "Trusted Root certificates properties for tls." - } - }, - "FirewallPolicySku": { - "properties": { - "tier": { - "type": "string", - "description": "Tier of Firewall Policy.", - "enum": [ - "Standard", - "Premium" - ], - "x-ms-enum": { - "name": "FirewallPolicySkuTier", - "modelAsString": true - } - } }, - "description": "SKU of Firewall policy." + "FirewallPolicySku": { + "properties": { + "tier": { + "type": "string", + "description": "Tier of Firewall Policy.", + "enum": [ + "Standard", + "Premium" + ], + "x-ms-enum": { + "name": "FirewallPolicySkuTier", + "modelAsString": true + } + } + }, + "description": "SKU of Firewall policy." + } } }