From e89d6e22b0eef0bbc93fe0d5b9f006ef24016924 Mon Sep 17 00:00:00 2001 From: SDK Automation Date: Mon, 21 Sep 2020 07:14:38 +0000 Subject: [PATCH] Generated from f3673d817a3917a038521ec2e4ec2e66f83e0d1d --- .../network/_network_management_client.py | 3 + .../v2020_05_01/_network_management_client.py | 5 + .../network/v2020_05_01/models/__init__.py | 54 +++ .../network/v2020_05_01/models/_models.py | 431 ++++++++++++++++++ .../network/v2020_05_01/models/_models_py3.py | 431 ++++++++++++++++++ .../_network_management_client_enums.py | 93 ++++ .../v2020_05_01/models/_paged_models.py | 13 + .../v2020_05_01/operations/__init__.py | 2 + ...pplication_firewall_policies_operations.py | 390 ++++++++++++++++ .../operations/_nat_gateways_operations.py | 2 - sdk/network/azure-mgmt-network/setup.py | 2 +- 11 files changed, 1423 insertions(+), 3 deletions(-) create mode 100644 sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/_web_application_firewall_policies_operations.py diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/_network_management_client.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/_network_management_client.py index 2e285972ebef..bfe06ec8cfeb 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/_network_management_client.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/_network_management_client.py @@ -6723,6 +6723,7 @@ def web_application_firewall_policies(self): * 2019-12-01: :class:`WebApplicationFirewallPoliciesOperations` * 2020-03-01: :class:`WebApplicationFirewallPoliciesOperations` * 2020-04-01: :class:`WebApplicationFirewallPoliciesOperations` + * 2020-05-01: :class:`WebApplicationFirewallPoliciesOperations` * 2020-06-01: :class:`WebApplicationFirewallPoliciesOperations` """ api_version = self._get_api_version('web_application_firewall_policies') @@ -6748,6 +6749,8 @@ def web_application_firewall_policies(self): from .v2020_03_01.operations import WebApplicationFirewallPoliciesOperations as OperationClass elif api_version == '2020-04-01': from .v2020_04_01.operations import WebApplicationFirewallPoliciesOperations as OperationClass + elif api_version == '2020-05-01': + from .v2020_05_01.operations import WebApplicationFirewallPoliciesOperations as OperationClass elif api_version == '2020-06-01': from .v2020_06_01.operations import WebApplicationFirewallPoliciesOperations as OperationClass else: diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/_network_management_client.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/_network_management_client.py index 44957e37f795..66cce4377fbc 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/_network_management_client.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/_network_management_client.py @@ -114,6 +114,7 @@ from .operations import VirtualHubBgpConnectionsOperations from .operations import VirtualHubIpConfigurationOperations from .operations import HubRouteTablesOperations +from .operations import WebApplicationFirewallPoliciesOperations from . import models @@ -323,6 +324,8 @@ class NetworkManagementClient(NetworkManagementClientOperationsMixin, SDKClient) :vartype virtual_hub_ip_configuration: azure.mgmt.network.v2020_05_01.operations.VirtualHubIpConfigurationOperations :ivar hub_route_tables: HubRouteTables operations :vartype hub_route_tables: azure.mgmt.network.v2020_05_01.operations.HubRouteTablesOperations + :ivar web_application_firewall_policies: WebApplicationFirewallPolicies operations + :vartype web_application_firewall_policies: azure.mgmt.network.v2020_05_01.operations.WebApplicationFirewallPoliciesOperations :param credentials: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials @@ -544,3 +547,5 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.hub_route_tables = HubRouteTablesOperations( self._client, self.config, self._serialize, self._deserialize) + self.web_application_firewall_policies = WebApplicationFirewallPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/__init__.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/__init__.py index 098dd98c0626..930868afba96 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/__init__.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/__init__.py @@ -241,9 +241,15 @@ from ._models_py3 import LoadBalancingRule from ._models_py3 import LocalNetworkGateway from ._models_py3 import LogSpecification + from ._models_py3 import ManagedRuleGroupOverride + from ._models_py3 import ManagedRuleOverride + from ._models_py3 import ManagedRulesDefinition + from ._models_py3 import ManagedRuleSet from ._models_py3 import ManagedServiceIdentity from ._models_py3 import ManagedServiceIdentityUserAssignedIdentitiesValue + from ._models_py3 import MatchCondition from ._models_py3 import MatchedRule + from ._models_py3 import MatchVariable from ._models_py3 import MetricSpecification from ._models_py3 import NatGateway from ._models_py3 import NatGatewaySku @@ -276,6 +282,7 @@ from ._models_py3 import OperationDisplay from ._models_py3 import OperationPropertiesFormatServiceSpecification from ._models_py3 import OutboundRule + from ._models_py3 import OwaspCrsExclusionEntry from ._models_py3 import P2SConnectionConfiguration from ._models_py3 import P2SVpnConnectionHealth from ._models_py3 import P2SVpnConnectionHealthRequest @@ -291,6 +298,7 @@ from ._models_py3 import PatchRouteFilter from ._models_py3 import PatchRouteFilterRule from ._models_py3 import PeerExpressRouteCircuitConnection + from ._models_py3 import PolicySettings from ._models_py3 import PrepareNetworkPoliciesRequest from ._models_py3 import PrivateDnsZoneConfig from ._models_py3 import PrivateDnsZoneGroup @@ -420,6 +428,8 @@ from ._models_py3 import VpnSiteId from ._models_py3 import VpnSiteLink from ._models_py3 import VpnSiteLinkConnection + from ._models_py3 import WebApplicationFirewallCustomRule + from ._models_py3 import WebApplicationFirewallPolicy except (SyntaxError, ImportError): from ._models import AadAuthenticationParameters from ._models import AddressSpace @@ -652,9 +662,15 @@ from ._models import LoadBalancingRule from ._models import LocalNetworkGateway from ._models import LogSpecification + from ._models import ManagedRuleGroupOverride + from ._models import ManagedRuleOverride + from ._models import ManagedRulesDefinition + from ._models import ManagedRuleSet from ._models import ManagedServiceIdentity from ._models import ManagedServiceIdentityUserAssignedIdentitiesValue + from ._models import MatchCondition from ._models import MatchedRule + from ._models import MatchVariable from ._models import MetricSpecification from ._models import NatGateway from ._models import NatGatewaySku @@ -687,6 +703,7 @@ from ._models import OperationDisplay from ._models import OperationPropertiesFormatServiceSpecification from ._models import OutboundRule + from ._models import OwaspCrsExclusionEntry from ._models import P2SConnectionConfiguration from ._models import P2SVpnConnectionHealth from ._models import P2SVpnConnectionHealthRequest @@ -702,6 +719,7 @@ from ._models import PatchRouteFilter from ._models import PatchRouteFilterRule from ._models import PeerExpressRouteCircuitConnection + from ._models import PolicySettings from ._models import PrepareNetworkPoliciesRequest from ._models import PrivateDnsZoneConfig from ._models import PrivateDnsZoneGroup @@ -831,6 +849,8 @@ from ._models import VpnSiteId from ._models import VpnSiteLink from ._models import VpnSiteLinkConnection + from ._models import WebApplicationFirewallCustomRule + from ._models import WebApplicationFirewallPolicy from ._paged_models import ApplicationGatewayPaged from ._paged_models import ApplicationGatewayPrivateEndpointConnectionPaged from ._paged_models import ApplicationGatewayPrivateLinkResourcePaged @@ -924,6 +944,7 @@ from ._paged_models import VpnSiteLinkConnectionPaged from ._paged_models import VpnSiteLinkPaged from ._paged_models import VpnSitePaged +from ._paged_models import WebApplicationFirewallPolicyPaged from ._network_management_client_enums import ( ApplicationGatewayProtocol, ProvisioningState, @@ -1044,6 +1065,17 @@ HubVirtualNetworkConnectionStatus, VpnGatewayTunnelingProtocol, VpnAuthenticationType, + WebApplicationFirewallEnabledState, + WebApplicationFirewallMode, + WebApplicationFirewallRuleType, + WebApplicationFirewallMatchVariable, + WebApplicationFirewallOperator, + WebApplicationFirewallTransform, + WebApplicationFirewallAction, + WebApplicationFirewallPolicyResourceState, + OwaspCrsExclusionEntryMatchVariable, + OwaspCrsExclusionEntrySelectorMatchOperator, + ManagedRuleEnabledState, ) __all__ = [ @@ -1278,9 +1310,15 @@ 'LoadBalancingRule', 'LocalNetworkGateway', 'LogSpecification', + 'ManagedRuleGroupOverride', + 'ManagedRuleOverride', + 'ManagedRulesDefinition', + 'ManagedRuleSet', 'ManagedServiceIdentity', 'ManagedServiceIdentityUserAssignedIdentitiesValue', + 'MatchCondition', 'MatchedRule', + 'MatchVariable', 'MetricSpecification', 'NatGateway', 'NatGatewaySku', @@ -1313,6 +1351,7 @@ 'OperationDisplay', 'OperationPropertiesFormatServiceSpecification', 'OutboundRule', + 'OwaspCrsExclusionEntry', 'P2SConnectionConfiguration', 'P2SVpnConnectionHealth', 'P2SVpnConnectionHealthRequest', @@ -1328,6 +1367,7 @@ 'PatchRouteFilter', 'PatchRouteFilterRule', 'PeerExpressRouteCircuitConnection', + 'PolicySettings', 'PrepareNetworkPoliciesRequest', 'PrivateDnsZoneConfig', 'PrivateDnsZoneGroup', @@ -1457,6 +1497,8 @@ 'VpnSiteId', 'VpnSiteLink', 'VpnSiteLinkConnection', + 'WebApplicationFirewallCustomRule', + 'WebApplicationFirewallPolicy', 'ApplicationGatewayPaged', 'ApplicationGatewaySslPredefinedPolicyPaged', 'ApplicationGatewayPrivateLinkResourcePaged', @@ -1550,6 +1592,7 @@ 'BgpConnectionPaged', 'HubIpConfigurationPaged', 'HubRouteTablePaged', + 'WebApplicationFirewallPolicyPaged', 'ApplicationGatewayProtocol', 'ProvisioningState', 'IPAllocationMethod', @@ -1669,4 +1712,15 @@ 'HubVirtualNetworkConnectionStatus', 'VpnGatewayTunnelingProtocol', 'VpnAuthenticationType', + 'WebApplicationFirewallEnabledState', + 'WebApplicationFirewallMode', + 'WebApplicationFirewallRuleType', + 'WebApplicationFirewallMatchVariable', + 'WebApplicationFirewallOperator', + 'WebApplicationFirewallTransform', + 'WebApplicationFirewallAction', + 'WebApplicationFirewallPolicyResourceState', + 'OwaspCrsExclusionEntryMatchVariable', + 'OwaspCrsExclusionEntrySelectorMatchOperator', + 'ManagedRuleEnabledState', ] diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models.py index e010dbc9658a..32489ec42042 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models.py @@ -10275,6 +10275,125 @@ def __init__(self, **kwargs): self.blob_duration = kwargs.get('blob_duration', None) +class ManagedRuleGroupOverride(Model): + """Defines a managed rule group override setting. + + All required parameters must be populated in order to send to Azure. + + :param rule_group_name: Required. The managed rule group to override. + :type rule_group_name: str + :param rules: List of rules that will be disabled. If none specified, all + rules in the group will be disabled. + :type rules: + list[~azure.mgmt.network.v2020_05_01.models.ManagedRuleOverride] + """ + + _validation = { + 'rule_group_name': {'required': True}, + } + + _attribute_map = { + 'rule_group_name': {'key': 'ruleGroupName', 'type': 'str'}, + 'rules': {'key': 'rules', 'type': '[ManagedRuleOverride]'}, + } + + def __init__(self, **kwargs): + super(ManagedRuleGroupOverride, self).__init__(**kwargs) + self.rule_group_name = kwargs.get('rule_group_name', None) + self.rules = kwargs.get('rules', None) + + +class ManagedRuleOverride(Model): + """Defines a managed rule group override setting. + + All required parameters must be populated in order to send to Azure. + + :param rule_id: Required. Identifier for the managed rule. + :type rule_id: str + :param state: The state of the managed rule. Defaults to Disabled if not + specified. Possible values include: 'Disabled' + :type state: str or + ~azure.mgmt.network.v2020_05_01.models.ManagedRuleEnabledState + """ + + _validation = { + 'rule_id': {'required': True}, + } + + _attribute_map = { + 'rule_id': {'key': 'ruleId', 'type': 'str'}, + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ManagedRuleOverride, self).__init__(**kwargs) + self.rule_id = kwargs.get('rule_id', None) + self.state = kwargs.get('state', None) + + +class ManagedRulesDefinition(Model): + """Allow to exclude some variable satisfy the condition for the WAF check. + + All required parameters must be populated in order to send to Azure. + + :param exclusions: The Exclusions that are applied on the policy. + :type exclusions: + list[~azure.mgmt.network.v2020_05_01.models.OwaspCrsExclusionEntry] + :param managed_rule_sets: Required. The managed rule sets that are + associated with the policy. + :type managed_rule_sets: + list[~azure.mgmt.network.v2020_05_01.models.ManagedRuleSet] + """ + + _validation = { + 'managed_rule_sets': {'required': True}, + } + + _attribute_map = { + 'exclusions': {'key': 'exclusions', 'type': '[OwaspCrsExclusionEntry]'}, + 'managed_rule_sets': {'key': 'managedRuleSets', 'type': '[ManagedRuleSet]'}, + } + + def __init__(self, **kwargs): + super(ManagedRulesDefinition, self).__init__(**kwargs) + self.exclusions = kwargs.get('exclusions', None) + self.managed_rule_sets = kwargs.get('managed_rule_sets', None) + + +class ManagedRuleSet(Model): + """Defines a managed rule set. + + All required parameters must be populated in order to send to Azure. + + :param rule_set_type: Required. Defines the rule set type to use. + :type rule_set_type: str + :param rule_set_version: Required. Defines the version of the rule set to + use. + :type rule_set_version: str + :param rule_group_overrides: Defines the rule group overrides to apply to + the rule set. + :type rule_group_overrides: + list[~azure.mgmt.network.v2020_05_01.models.ManagedRuleGroupOverride] + """ + + _validation = { + 'rule_set_type': {'required': True}, + 'rule_set_version': {'required': True}, + } + + _attribute_map = { + 'rule_set_type': {'key': 'ruleSetType', 'type': 'str'}, + 'rule_set_version': {'key': 'ruleSetVersion', 'type': 'str'}, + 'rule_group_overrides': {'key': 'ruleGroupOverrides', 'type': '[ManagedRuleGroupOverride]'}, + } + + def __init__(self, **kwargs): + super(ManagedRuleSet, self).__init__(**kwargs) + self.rule_set_type = kwargs.get('rule_set_type', None) + self.rule_set_version = kwargs.get('rule_set_version', None) + self.rule_group_overrides = kwargs.get('rule_group_overrides', None) + + class ManagedServiceIdentity(Model): """Identity for the resource. @@ -10350,6 +10469,52 @@ def __init__(self, **kwargs): self.client_id = None +class MatchCondition(Model): + """Define match conditions. + + All required parameters must be populated in order to send to Azure. + + :param match_variables: Required. List of match variables. + :type match_variables: + list[~azure.mgmt.network.v2020_05_01.models.MatchVariable] + :param operator: Required. The operator to be matched. Possible values + include: 'IPMatch', 'Equal', 'Contains', 'LessThan', 'GreaterThan', + 'LessThanOrEqual', 'GreaterThanOrEqual', 'BeginsWith', 'EndsWith', + 'Regex', 'GeoMatch' + :type operator: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallOperator + :param negation_conditon: Whether this is negate condition or not. + :type negation_conditon: bool + :param match_values: Required. Match value. + :type match_values: list[str] + :param transforms: List of transforms. + :type transforms: list[str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallTransform] + """ + + _validation = { + 'match_variables': {'required': True}, + 'operator': {'required': True}, + 'match_values': {'required': True}, + } + + _attribute_map = { + 'match_variables': {'key': 'matchVariables', 'type': '[MatchVariable]'}, + 'operator': {'key': 'operator', 'type': 'str'}, + 'negation_conditon': {'key': 'negationConditon', 'type': 'bool'}, + 'match_values': {'key': 'matchValues', 'type': '[str]'}, + 'transforms': {'key': 'transforms', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(MatchCondition, self).__init__(**kwargs) + self.match_variables = kwargs.get('match_variables', None) + self.operator = kwargs.get('operator', None) + self.negation_conditon = kwargs.get('negation_conditon', None) + self.match_values = kwargs.get('match_values', None) + self.transforms = kwargs.get('transforms', None) + + class MatchedRule(Model): """Matched rule. @@ -10371,6 +10536,35 @@ def __init__(self, **kwargs): self.action = kwargs.get('action', None) +class MatchVariable(Model): + """Define match variables. + + All required parameters must be populated in order to send to Azure. + + :param variable_name: Required. Match Variable. Possible values include: + 'RemoteAddr', 'RequestMethod', 'QueryString', 'PostArgs', 'RequestUri', + 'RequestHeaders', 'RequestBody', 'RequestCookies' + :type variable_name: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallMatchVariable + :param selector: The selector of match variable. + :type selector: str + """ + + _validation = { + 'variable_name': {'required': True}, + } + + _attribute_map = { + 'variable_name': {'key': 'variableName', 'type': 'str'}, + 'selector': {'key': 'selector', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(MatchVariable, self).__init__(**kwargs) + self.variable_name = kwargs.get('variable_name', None) + self.selector = kwargs.get('selector', None) + + class MetricSpecification(Model): """Description of metrics specification. @@ -11952,6 +12146,47 @@ def __init__(self, **kwargs): self.type = None +class OwaspCrsExclusionEntry(Model): + """Allow to exclude some variable satisfy the condition for the WAF check. + + All required parameters must be populated in order to send to Azure. + + :param match_variable: Required. The variable to be excluded. Possible + values include: 'RequestHeaderNames', 'RequestCookieNames', + 'RequestArgNames' + :type match_variable: str or + ~azure.mgmt.network.v2020_05_01.models.OwaspCrsExclusionEntryMatchVariable + :param selector_match_operator: Required. When matchVariable is a + collection, operate on the selector to specify which elements in the + collection this exclusion applies to. Possible values include: 'Equals', + 'Contains', 'StartsWith', 'EndsWith', 'EqualsAny' + :type selector_match_operator: str or + ~azure.mgmt.network.v2020_05_01.models.OwaspCrsExclusionEntrySelectorMatchOperator + :param selector: Required. When matchVariable is a collection, operator + used to specify which elements in the collection this exclusion applies + to. + :type selector: str + """ + + _validation = { + 'match_variable': {'required': True}, + 'selector_match_operator': {'required': True}, + 'selector': {'required': True}, + } + + _attribute_map = { + 'match_variable': {'key': 'matchVariable', 'type': 'str'}, + 'selector_match_operator': {'key': 'selectorMatchOperator', 'type': 'str'}, + 'selector': {'key': 'selector', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(OwaspCrsExclusionEntry, self).__init__(**kwargs) + self.match_variable = kwargs.get('match_variable', None) + self.selector_match_operator = kwargs.get('selector_match_operator', None) + self.selector = kwargs.get('selector', None) + + class P2SConnectionConfiguration(SubResource): """P2SConnectionConfiguration Resource. @@ -12664,6 +12899,48 @@ def __init__(self, **kwargs): self.type = None +class PolicySettings(Model): + """Defines contents of a web application firewall global configuration. + + :param state: The state of the policy. Possible values include: + 'Disabled', 'Enabled' + :type state: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallEnabledState + :param mode: The mode of the policy. Possible values include: + 'Prevention', 'Detection' + :type mode: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallMode + :param request_body_check: Whether to allow WAF to check request Body. + :type request_body_check: bool + :param max_request_body_size_in_kb: Maximum request body size in Kb for + WAF. + :type max_request_body_size_in_kb: int + :param file_upload_limit_in_mb: Maximum file upload size in Mb for WAF. + :type file_upload_limit_in_mb: int + """ + + _validation = { + 'max_request_body_size_in_kb': {'maximum': 128, 'minimum': 8}, + 'file_upload_limit_in_mb': {'minimum': 0}, + } + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + 'mode': {'key': 'mode', 'type': 'str'}, + 'request_body_check': {'key': 'requestBodyCheck', 'type': 'bool'}, + 'max_request_body_size_in_kb': {'key': 'maxRequestBodySizeInKb', 'type': 'int'}, + 'file_upload_limit_in_mb': {'key': 'fileUploadLimitInMb', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(PolicySettings, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + self.mode = kwargs.get('mode', None) + self.request_body_check = kwargs.get('request_body_check', None) + self.max_request_body_size_in_kb = kwargs.get('max_request_body_size_in_kb', None) + self.file_upload_limit_in_mb = kwargs.get('file_upload_limit_in_mb', None) + + class PrepareNetworkPoliciesRequest(Model): """Details of PrepareNetworkPolicies for Subnet. @@ -18507,3 +18784,157 @@ def __init__(self, **kwargs): self.name = kwargs.get('name', None) self.etag = None self.type = None + + +class WebApplicationFirewallCustomRule(Model): + """Defines contents of a web application rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param name: The name of the resource that is unique within a policy. This + name can be used to access the resource. + :type name: str + :ivar etag: A unique read-only string that changes whenever the resource + is updated. + :vartype etag: str + :param priority: Required. Priority of the rule. Rules with a lower value + will be evaluated before rules with a higher value. + :type priority: int + :param rule_type: Required. The rule type. Possible values include: + 'MatchRule', 'Invalid' + :type rule_type: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallRuleType + :param match_conditions: Required. List of match conditions. + :type match_conditions: + list[~azure.mgmt.network.v2020_05_01.models.MatchCondition] + :param action: Required. Type of Actions. Possible values include: + 'Allow', 'Block', 'Log' + :type action: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallAction + """ + + _validation = { + 'name': {'max_length': 128}, + 'etag': {'readonly': True}, + 'priority': {'required': True}, + 'rule_type': {'required': True}, + 'match_conditions': {'required': True}, + 'action': {'required': True}, + } + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'priority': {'key': 'priority', 'type': 'int'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'match_conditions': {'key': 'matchConditions', 'type': '[MatchCondition]'}, + 'action': {'key': 'action', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(WebApplicationFirewallCustomRule, self).__init__(**kwargs) + self.name = kwargs.get('name', None) + self.etag = None + self.priority = kwargs.get('priority', None) + self.rule_type = kwargs.get('rule_type', None) + self.match_conditions = kwargs.get('match_conditions', None) + self.action = kwargs.get('action', None) + + +class WebApplicationFirewallPolicy(Resource): + """Defines web application firewall policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param id: Resource ID. + :type id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param location: Resource location. + :type location: str + :param tags: Resource tags. + :type tags: dict[str, str] + :param policy_settings: The PolicySettings for policy. + :type policy_settings: + ~azure.mgmt.network.v2020_05_01.models.PolicySettings + :param custom_rules: The custom rules inside the policy. + :type custom_rules: + list[~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallCustomRule] + :ivar application_gateways: A collection of references to application + gateways. + :vartype application_gateways: + list[~azure.mgmt.network.v2020_05_01.models.ApplicationGateway] + :ivar provisioning_state: The provisioning state of the web application + firewall policy resource. Possible values include: 'Succeeded', + 'Updating', 'Deleting', 'Failed' + :vartype provisioning_state: str or + ~azure.mgmt.network.v2020_05_01.models.ProvisioningState + :ivar resource_state: Resource status of the policy. Resource status of + the policy. Possible values include: 'Creating', 'Enabling', 'Enabled', + 'Disabling', 'Disabled', 'Deleting' + :vartype resource_state: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicyResourceState + :param managed_rules: Required. Describes the managedRules structure. + :type managed_rules: + ~azure.mgmt.network.v2020_05_01.models.ManagedRulesDefinition + :ivar http_listeners: A collection of references to application gateway + http listeners. + :vartype http_listeners: + list[~azure.mgmt.network.v2020_05_01.models.SubResource] + :ivar path_based_rules: A collection of references to application gateway + path rules. + :vartype path_based_rules: + list[~azure.mgmt.network.v2020_05_01.models.SubResource] + :ivar etag: A unique read-only string that changes whenever the resource + is updated. + :vartype etag: str + """ + + _validation = { + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'application_gateways': {'readonly': True}, + 'provisioning_state': {'readonly': True}, + 'resource_state': {'readonly': True}, + 'managed_rules': {'required': True}, + 'http_listeners': {'readonly': True}, + 'path_based_rules': {'readonly': True}, + 'etag': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'policy_settings': {'key': 'properties.policySettings', 'type': 'PolicySettings'}, + 'custom_rules': {'key': 'properties.customRules', 'type': '[WebApplicationFirewallCustomRule]'}, + 'application_gateways': {'key': 'properties.applicationGateways', 'type': '[ApplicationGateway]'}, + 'provisioning_state': {'key': 'properties.provisioningState', 'type': 'str'}, + 'resource_state': {'key': 'properties.resourceState', 'type': 'str'}, + 'managed_rules': {'key': 'properties.managedRules', 'type': 'ManagedRulesDefinition'}, + 'http_listeners': {'key': 'properties.httpListeners', 'type': '[SubResource]'}, + 'path_based_rules': {'key': 'properties.pathBasedRules', 'type': '[SubResource]'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(WebApplicationFirewallPolicy, self).__init__(**kwargs) + self.policy_settings = kwargs.get('policy_settings', None) + self.custom_rules = kwargs.get('custom_rules', None) + self.application_gateways = None + self.provisioning_state = None + self.resource_state = None + self.managed_rules = kwargs.get('managed_rules', None) + self.http_listeners = None + self.path_based_rules = None + self.etag = None diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models_py3.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models_py3.py index 6bbb4ff89f62..17c76dbb8850 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models_py3.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_models_py3.py @@ -10275,6 +10275,125 @@ def __init__(self, *, name: str=None, display_name: str=None, blob_duration: str self.blob_duration = blob_duration +class ManagedRuleGroupOverride(Model): + """Defines a managed rule group override setting. + + All required parameters must be populated in order to send to Azure. + + :param rule_group_name: Required. The managed rule group to override. + :type rule_group_name: str + :param rules: List of rules that will be disabled. If none specified, all + rules in the group will be disabled. + :type rules: + list[~azure.mgmt.network.v2020_05_01.models.ManagedRuleOverride] + """ + + _validation = { + 'rule_group_name': {'required': True}, + } + + _attribute_map = { + 'rule_group_name': {'key': 'ruleGroupName', 'type': 'str'}, + 'rules': {'key': 'rules', 'type': '[ManagedRuleOverride]'}, + } + + def __init__(self, *, rule_group_name: str, rules=None, **kwargs) -> None: + super(ManagedRuleGroupOverride, self).__init__(**kwargs) + self.rule_group_name = rule_group_name + self.rules = rules + + +class ManagedRuleOverride(Model): + """Defines a managed rule group override setting. + + All required parameters must be populated in order to send to Azure. + + :param rule_id: Required. Identifier for the managed rule. + :type rule_id: str + :param state: The state of the managed rule. Defaults to Disabled if not + specified. Possible values include: 'Disabled' + :type state: str or + ~azure.mgmt.network.v2020_05_01.models.ManagedRuleEnabledState + """ + + _validation = { + 'rule_id': {'required': True}, + } + + _attribute_map = { + 'rule_id': {'key': 'ruleId', 'type': 'str'}, + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, *, rule_id: str, state=None, **kwargs) -> None: + super(ManagedRuleOverride, self).__init__(**kwargs) + self.rule_id = rule_id + self.state = state + + +class ManagedRulesDefinition(Model): + """Allow to exclude some variable satisfy the condition for the WAF check. + + All required parameters must be populated in order to send to Azure. + + :param exclusions: The Exclusions that are applied on the policy. + :type exclusions: + list[~azure.mgmt.network.v2020_05_01.models.OwaspCrsExclusionEntry] + :param managed_rule_sets: Required. The managed rule sets that are + associated with the policy. + :type managed_rule_sets: + list[~azure.mgmt.network.v2020_05_01.models.ManagedRuleSet] + """ + + _validation = { + 'managed_rule_sets': {'required': True}, + } + + _attribute_map = { + 'exclusions': {'key': 'exclusions', 'type': '[OwaspCrsExclusionEntry]'}, + 'managed_rule_sets': {'key': 'managedRuleSets', 'type': '[ManagedRuleSet]'}, + } + + def __init__(self, *, managed_rule_sets, exclusions=None, **kwargs) -> None: + super(ManagedRulesDefinition, self).__init__(**kwargs) + self.exclusions = exclusions + self.managed_rule_sets = managed_rule_sets + + +class ManagedRuleSet(Model): + """Defines a managed rule set. + + All required parameters must be populated in order to send to Azure. + + :param rule_set_type: Required. Defines the rule set type to use. + :type rule_set_type: str + :param rule_set_version: Required. Defines the version of the rule set to + use. + :type rule_set_version: str + :param rule_group_overrides: Defines the rule group overrides to apply to + the rule set. + :type rule_group_overrides: + list[~azure.mgmt.network.v2020_05_01.models.ManagedRuleGroupOverride] + """ + + _validation = { + 'rule_set_type': {'required': True}, + 'rule_set_version': {'required': True}, + } + + _attribute_map = { + 'rule_set_type': {'key': 'ruleSetType', 'type': 'str'}, + 'rule_set_version': {'key': 'ruleSetVersion', 'type': 'str'}, + 'rule_group_overrides': {'key': 'ruleGroupOverrides', 'type': '[ManagedRuleGroupOverride]'}, + } + + def __init__(self, *, rule_set_type: str, rule_set_version: str, rule_group_overrides=None, **kwargs) -> None: + super(ManagedRuleSet, self).__init__(**kwargs) + self.rule_set_type = rule_set_type + self.rule_set_version = rule_set_version + self.rule_group_overrides = rule_group_overrides + + class ManagedServiceIdentity(Model): """Identity for the resource. @@ -10350,6 +10469,52 @@ def __init__(self, **kwargs) -> None: self.client_id = None +class MatchCondition(Model): + """Define match conditions. + + All required parameters must be populated in order to send to Azure. + + :param match_variables: Required. List of match variables. + :type match_variables: + list[~azure.mgmt.network.v2020_05_01.models.MatchVariable] + :param operator: Required. The operator to be matched. Possible values + include: 'IPMatch', 'Equal', 'Contains', 'LessThan', 'GreaterThan', + 'LessThanOrEqual', 'GreaterThanOrEqual', 'BeginsWith', 'EndsWith', + 'Regex', 'GeoMatch' + :type operator: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallOperator + :param negation_conditon: Whether this is negate condition or not. + :type negation_conditon: bool + :param match_values: Required. Match value. + :type match_values: list[str] + :param transforms: List of transforms. + :type transforms: list[str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallTransform] + """ + + _validation = { + 'match_variables': {'required': True}, + 'operator': {'required': True}, + 'match_values': {'required': True}, + } + + _attribute_map = { + 'match_variables': {'key': 'matchVariables', 'type': '[MatchVariable]'}, + 'operator': {'key': 'operator', 'type': 'str'}, + 'negation_conditon': {'key': 'negationConditon', 'type': 'bool'}, + 'match_values': {'key': 'matchValues', 'type': '[str]'}, + 'transforms': {'key': 'transforms', 'type': '[str]'}, + } + + def __init__(self, *, match_variables, operator, match_values, negation_conditon: bool=None, transforms=None, **kwargs) -> None: + super(MatchCondition, self).__init__(**kwargs) + self.match_variables = match_variables + self.operator = operator + self.negation_conditon = negation_conditon + self.match_values = match_values + self.transforms = transforms + + class MatchedRule(Model): """Matched rule. @@ -10371,6 +10536,35 @@ def __init__(self, *, rule_name: str=None, action: str=None, **kwargs) -> None: self.action = action +class MatchVariable(Model): + """Define match variables. + + All required parameters must be populated in order to send to Azure. + + :param variable_name: Required. Match Variable. Possible values include: + 'RemoteAddr', 'RequestMethod', 'QueryString', 'PostArgs', 'RequestUri', + 'RequestHeaders', 'RequestBody', 'RequestCookies' + :type variable_name: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallMatchVariable + :param selector: The selector of match variable. + :type selector: str + """ + + _validation = { + 'variable_name': {'required': True}, + } + + _attribute_map = { + 'variable_name': {'key': 'variableName', 'type': 'str'}, + 'selector': {'key': 'selector', 'type': 'str'}, + } + + def __init__(self, *, variable_name, selector: str=None, **kwargs) -> None: + super(MatchVariable, self).__init__(**kwargs) + self.variable_name = variable_name + self.selector = selector + + class MetricSpecification(Model): """Description of metrics specification. @@ -11952,6 +12146,47 @@ def __init__(self, *, frontend_ip_configurations, backend_address_pool, protocol self.type = None +class OwaspCrsExclusionEntry(Model): + """Allow to exclude some variable satisfy the condition for the WAF check. + + All required parameters must be populated in order to send to Azure. + + :param match_variable: Required. The variable to be excluded. Possible + values include: 'RequestHeaderNames', 'RequestCookieNames', + 'RequestArgNames' + :type match_variable: str or + ~azure.mgmt.network.v2020_05_01.models.OwaspCrsExclusionEntryMatchVariable + :param selector_match_operator: Required. When matchVariable is a + collection, operate on the selector to specify which elements in the + collection this exclusion applies to. Possible values include: 'Equals', + 'Contains', 'StartsWith', 'EndsWith', 'EqualsAny' + :type selector_match_operator: str or + ~azure.mgmt.network.v2020_05_01.models.OwaspCrsExclusionEntrySelectorMatchOperator + :param selector: Required. When matchVariable is a collection, operator + used to specify which elements in the collection this exclusion applies + to. + :type selector: str + """ + + _validation = { + 'match_variable': {'required': True}, + 'selector_match_operator': {'required': True}, + 'selector': {'required': True}, + } + + _attribute_map = { + 'match_variable': {'key': 'matchVariable', 'type': 'str'}, + 'selector_match_operator': {'key': 'selectorMatchOperator', 'type': 'str'}, + 'selector': {'key': 'selector', 'type': 'str'}, + } + + def __init__(self, *, match_variable, selector_match_operator, selector: str, **kwargs) -> None: + super(OwaspCrsExclusionEntry, self).__init__(**kwargs) + self.match_variable = match_variable + self.selector_match_operator = selector_match_operator + self.selector = selector + + class P2SConnectionConfiguration(SubResource): """P2SConnectionConfiguration Resource. @@ -12664,6 +12899,48 @@ def __init__(self, *, id: str=None, express_route_circuit_peering=None, peer_exp self.type = None +class PolicySettings(Model): + """Defines contents of a web application firewall global configuration. + + :param state: The state of the policy. Possible values include: + 'Disabled', 'Enabled' + :type state: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallEnabledState + :param mode: The mode of the policy. Possible values include: + 'Prevention', 'Detection' + :type mode: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallMode + :param request_body_check: Whether to allow WAF to check request Body. + :type request_body_check: bool + :param max_request_body_size_in_kb: Maximum request body size in Kb for + WAF. + :type max_request_body_size_in_kb: int + :param file_upload_limit_in_mb: Maximum file upload size in Mb for WAF. + :type file_upload_limit_in_mb: int + """ + + _validation = { + 'max_request_body_size_in_kb': {'maximum': 128, 'minimum': 8}, + 'file_upload_limit_in_mb': {'minimum': 0}, + } + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + 'mode': {'key': 'mode', 'type': 'str'}, + 'request_body_check': {'key': 'requestBodyCheck', 'type': 'bool'}, + 'max_request_body_size_in_kb': {'key': 'maxRequestBodySizeInKb', 'type': 'int'}, + 'file_upload_limit_in_mb': {'key': 'fileUploadLimitInMb', 'type': 'int'}, + } + + def __init__(self, *, state=None, mode=None, request_body_check: bool=None, max_request_body_size_in_kb: int=None, file_upload_limit_in_mb: int=None, **kwargs) -> None: + super(PolicySettings, self).__init__(**kwargs) + self.state = state + self.mode = mode + self.request_body_check = request_body_check + self.max_request_body_size_in_kb = max_request_body_size_in_kb + self.file_upload_limit_in_mb = file_upload_limit_in_mb + + class PrepareNetworkPoliciesRequest(Model): """Details of PrepareNetworkPolicies for Subnet. @@ -18507,3 +18784,157 @@ def __init__(self, *, id: str=None, vpn_site_link=None, routing_weight: int=None self.name = name self.etag = None self.type = None + + +class WebApplicationFirewallCustomRule(Model): + """Defines contents of a web application rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param name: The name of the resource that is unique within a policy. This + name can be used to access the resource. + :type name: str + :ivar etag: A unique read-only string that changes whenever the resource + is updated. + :vartype etag: str + :param priority: Required. Priority of the rule. Rules with a lower value + will be evaluated before rules with a higher value. + :type priority: int + :param rule_type: Required. The rule type. Possible values include: + 'MatchRule', 'Invalid' + :type rule_type: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallRuleType + :param match_conditions: Required. List of match conditions. + :type match_conditions: + list[~azure.mgmt.network.v2020_05_01.models.MatchCondition] + :param action: Required. Type of Actions. Possible values include: + 'Allow', 'Block', 'Log' + :type action: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallAction + """ + + _validation = { + 'name': {'max_length': 128}, + 'etag': {'readonly': True}, + 'priority': {'required': True}, + 'rule_type': {'required': True}, + 'match_conditions': {'required': True}, + 'action': {'required': True}, + } + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'priority': {'key': 'priority', 'type': 'int'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'match_conditions': {'key': 'matchConditions', 'type': '[MatchCondition]'}, + 'action': {'key': 'action', 'type': 'str'}, + } + + def __init__(self, *, priority: int, rule_type, match_conditions, action, name: str=None, **kwargs) -> None: + super(WebApplicationFirewallCustomRule, self).__init__(**kwargs) + self.name = name + self.etag = None + self.priority = priority + self.rule_type = rule_type + self.match_conditions = match_conditions + self.action = action + + +class WebApplicationFirewallPolicy(Resource): + """Defines web application firewall policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param id: Resource ID. + :type id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param location: Resource location. + :type location: str + :param tags: Resource tags. + :type tags: dict[str, str] + :param policy_settings: The PolicySettings for policy. + :type policy_settings: + ~azure.mgmt.network.v2020_05_01.models.PolicySettings + :param custom_rules: The custom rules inside the policy. + :type custom_rules: + list[~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallCustomRule] + :ivar application_gateways: A collection of references to application + gateways. + :vartype application_gateways: + list[~azure.mgmt.network.v2020_05_01.models.ApplicationGateway] + :ivar provisioning_state: The provisioning state of the web application + firewall policy resource. Possible values include: 'Succeeded', + 'Updating', 'Deleting', 'Failed' + :vartype provisioning_state: str or + ~azure.mgmt.network.v2020_05_01.models.ProvisioningState + :ivar resource_state: Resource status of the policy. Resource status of + the policy. Possible values include: 'Creating', 'Enabling', 'Enabled', + 'Disabling', 'Disabled', 'Deleting' + :vartype resource_state: str or + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicyResourceState + :param managed_rules: Required. Describes the managedRules structure. + :type managed_rules: + ~azure.mgmt.network.v2020_05_01.models.ManagedRulesDefinition + :ivar http_listeners: A collection of references to application gateway + http listeners. + :vartype http_listeners: + list[~azure.mgmt.network.v2020_05_01.models.SubResource] + :ivar path_based_rules: A collection of references to application gateway + path rules. + :vartype path_based_rules: + list[~azure.mgmt.network.v2020_05_01.models.SubResource] + :ivar etag: A unique read-only string that changes whenever the resource + is updated. + :vartype etag: str + """ + + _validation = { + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'application_gateways': {'readonly': True}, + 'provisioning_state': {'readonly': True}, + 'resource_state': {'readonly': True}, + 'managed_rules': {'required': True}, + 'http_listeners': {'readonly': True}, + 'path_based_rules': {'readonly': True}, + 'etag': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'policy_settings': {'key': 'properties.policySettings', 'type': 'PolicySettings'}, + 'custom_rules': {'key': 'properties.customRules', 'type': '[WebApplicationFirewallCustomRule]'}, + 'application_gateways': {'key': 'properties.applicationGateways', 'type': '[ApplicationGateway]'}, + 'provisioning_state': {'key': 'properties.provisioningState', 'type': 'str'}, + 'resource_state': {'key': 'properties.resourceState', 'type': 'str'}, + 'managed_rules': {'key': 'properties.managedRules', 'type': 'ManagedRulesDefinition'}, + 'http_listeners': {'key': 'properties.httpListeners', 'type': '[SubResource]'}, + 'path_based_rules': {'key': 'properties.pathBasedRules', 'type': '[SubResource]'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__(self, *, managed_rules, id: str=None, location: str=None, tags=None, policy_settings=None, custom_rules=None, **kwargs) -> None: + super(WebApplicationFirewallPolicy, self).__init__(id=id, location=location, tags=tags, **kwargs) + self.policy_settings = policy_settings + self.custom_rules = custom_rules + self.application_gateways = None + self.provisioning_state = None + self.resource_state = None + self.managed_rules = managed_rules + self.http_listeners = None + self.path_based_rules = None + self.etag = None diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_network_management_client_enums.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_network_management_client_enums.py index 06d320891c96..fcf23d0e091a 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_network_management_client_enums.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_network_management_client_enums.py @@ -911,3 +911,96 @@ class VpnAuthenticationType(str, Enum): certificate = "Certificate" radius = "Radius" aad = "AAD" + + +class WebApplicationFirewallEnabledState(str, Enum): + + disabled = "Disabled" + enabled = "Enabled" + + +class WebApplicationFirewallMode(str, Enum): + + prevention = "Prevention" + detection = "Detection" + + +class WebApplicationFirewallRuleType(str, Enum): + + match_rule = "MatchRule" + invalid = "Invalid" + + +class WebApplicationFirewallMatchVariable(str, Enum): + + remote_addr = "RemoteAddr" + request_method = "RequestMethod" + query_string = "QueryString" + post_args = "PostArgs" + request_uri = "RequestUri" + request_headers = "RequestHeaders" + request_body = "RequestBody" + request_cookies = "RequestCookies" + + +class WebApplicationFirewallOperator(str, Enum): + + ip_match = "IPMatch" + equal = "Equal" + contains = "Contains" + less_than = "LessThan" + greater_than = "GreaterThan" + less_than_or_equal = "LessThanOrEqual" + greater_than_or_equal = "GreaterThanOrEqual" + begins_with = "BeginsWith" + ends_with = "EndsWith" + regex = "Regex" + geo_match = "GeoMatch" + + +class WebApplicationFirewallTransform(str, Enum): + + lowercase = "Lowercase" + trim = "Trim" + url_decode = "UrlDecode" + url_encode = "UrlEncode" + remove_nulls = "RemoveNulls" + html_entity_decode = "HtmlEntityDecode" + + +class WebApplicationFirewallAction(str, Enum): + + allow = "Allow" + block = "Block" + log = "Log" + + +class WebApplicationFirewallPolicyResourceState(str, Enum): + + creating = "Creating" + enabling = "Enabling" + enabled = "Enabled" + disabling = "Disabling" + disabled = "Disabled" + deleting = "Deleting" + + +class OwaspCrsExclusionEntryMatchVariable(str, Enum): + + request_header_names = "RequestHeaderNames" + request_cookie_names = "RequestCookieNames" + request_arg_names = "RequestArgNames" + + +class OwaspCrsExclusionEntrySelectorMatchOperator(str, Enum): + + equals = "Equals" + contains = "Contains" + starts_with = "StartsWith" + ends_with = "EndsWith" + equals_any = "EqualsAny" + + +class ManagedRuleEnabledState(str, Enum): + + disabled = "Disabled" diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_paged_models.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_paged_models.py index f4083ccd5fd0..24a2bb5817fd 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_paged_models.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/models/_paged_models.py @@ -1221,3 +1221,16 @@ class HubRouteTablePaged(Paged): def __init__(self, *args, **kwargs): super(HubRouteTablePaged, self).__init__(*args, **kwargs) +class WebApplicationFirewallPolicyPaged(Paged): + """ + A paging container for iterating over a list of :class:`WebApplicationFirewallPolicy ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[WebApplicationFirewallPolicy]'} + } + + def __init__(self, *args, **kwargs): + + super(WebApplicationFirewallPolicyPaged, self).__init__(*args, **kwargs) diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/__init__.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/__init__.py index 2ef4ef8ff9e5..93a017328686 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/__init__.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/__init__.py @@ -109,6 +109,7 @@ from ._virtual_hub_bgp_connections_operations import VirtualHubBgpConnectionsOperations from ._virtual_hub_ip_configuration_operations import VirtualHubIpConfigurationOperations from ._hub_route_tables_operations import HubRouteTablesOperations +from ._web_application_firewall_policies_operations import WebApplicationFirewallPoliciesOperations from ._network_management_client_operations import NetworkManagementClientOperationsMixin __all__ = [ @@ -212,5 +213,6 @@ 'VirtualHubBgpConnectionsOperations', 'VirtualHubIpConfigurationOperations', 'HubRouteTablesOperations', + 'WebApplicationFirewallPoliciesOperations', 'NetworkManagementClientOperationsMixin', ] diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/_web_application_firewall_policies_operations.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/_web_application_firewall_policies_operations.py new file mode 100644 index 000000000000..84499987293a --- /dev/null +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_05_01/operations/_web_application_firewall_policies_operations.py @@ -0,0 +1,390 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError +from msrest.polling import LROPoller, NoPolling +from msrestazure.polling.arm_polling import ARMPolling + +from .. import models + + +class WebApplicationFirewallPoliciesOperations(object): + """WebApplicationFirewallPoliciesOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: Client API version. Constant value: "2020-05-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-05-01" + + self.config = config + + def list( + self, resource_group_name, custom_headers=None, raw=False, **operation_config): + """Lists all of the protection policies within a resource group. + + :param resource_group_name: The name of the resource group. + :type resource_group_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of WebApplicationFirewallPolicy + :rtype: + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicyPaged[~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicy] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.WebApplicationFirewallPolicyPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies'} + + def list_all( + self, custom_headers=None, raw=False, **operation_config): + """Gets all the WAF policies in a subscription. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of WebApplicationFirewallPolicy + :rtype: + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicyPaged[~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicy] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_all.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.WebApplicationFirewallPolicyPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_all.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies'} + + def get( + self, resource_group_name, policy_name, custom_headers=None, raw=False, **operation_config): + """Retrieve protection policy with specified name within a resource group. + + :param resource_group_name: The name of the resource group. + :type resource_group_name: str + :param policy_name: The name of the policy. + :type policy_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: WebApplicationFirewallPolicy or ClientRawResponse if raw=true + :rtype: + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'policyName': self._serialize.url("policy_name", policy_name, 'str', max_length=128), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('WebApplicationFirewallPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}'} + + def create_or_update( + self, resource_group_name, policy_name, parameters, custom_headers=None, raw=False, **operation_config): + """Creates or update policy with specified rule set name within a resource + group. + + :param resource_group_name: The name of the resource group. + :type resource_group_name: str + :param policy_name: The name of the policy. + :type policy_name: str + :param parameters: Policy to be created. + :type parameters: + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: WebApplicationFirewallPolicy or ClientRawResponse if raw=true + :rtype: + ~azure.mgmt.network.v2020_05_01.models.WebApplicationFirewallPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'policyName': self._serialize.url("policy_name", policy_name, 'str', max_length=128), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'WebApplicationFirewallPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('WebApplicationFirewallPolicy', response) + if response.status_code == 201: + deserialized = self._deserialize('WebApplicationFirewallPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}'} + + + def _delete_initial( + self, resource_group_name, policy_name, custom_headers=None, raw=False, **operation_config): + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'policyName': self._serialize.url("policy_name", policy_name, 'str', max_length=128), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 202, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + + def delete( + self, resource_group_name, policy_name, custom_headers=None, raw=False, polling=True, **operation_config): + """Deletes Policy. + + :param resource_group_name: The name of the resource group. + :type resource_group_name: str + :param policy_name: The name of the policy. + :type policy_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: The poller return type is ClientRawResponse, the + direct response alongside the deserialized response + :param polling: True for ARMPolling, False for no polling, or a + polling object for personal polling strategy + :return: An instance of LROPoller that returns None or + ClientRawResponse if raw==True + :rtype: ~msrestazure.azure_operation.AzureOperationPoller[None] or + ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[None]] + :raises: :class:`CloudError` + """ + raw_result = self._delete_initial( + resource_group_name=resource_group_name, + policy_name=policy_name, + custom_headers=custom_headers, + raw=True, + **operation_config + ) + + def get_long_running_output(response): + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + + lro_delay = operation_config.get( + 'long_running_operation_timeout', + self.config.long_running_operation_timeout) + if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) + elif polling is False: polling_method = NoPolling() + else: polling_method = polling + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}'} diff --git a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_06_01/operations/_nat_gateways_operations.py b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_06_01/operations/_nat_gateways_operations.py index be240280da8f..194c343b22a0 100644 --- a/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_06_01/operations/_nat_gateways_operations.py +++ b/sdk/network/azure-mgmt-network/azure/mgmt/network/v2020_06_01/operations/_nat_gateways_operations.py @@ -230,8 +230,6 @@ def _create_or_update_initial( deserialized = self._deserialize('NatGateway', response) if response.status_code == 201: deserialized = self._deserialize('NatGateway', response) - if response.status_code == 202: - deserialized = self._deserialize('NatGateway', response) if raw: client_raw_response = ClientRawResponse(deserialized, response) diff --git a/sdk/network/azure-mgmt-network/setup.py b/sdk/network/azure-mgmt-network/setup.py index 28c2ccab6283..8c02ea03ce56 100644 --- a/sdk/network/azure-mgmt-network/setup.py +++ b/sdk/network/azure-mgmt-network/setup.py @@ -36,7 +36,7 @@ pass # Version extraction inspired from 'requests' -with open(os.path.join(package_folder_path, 'version.py') +with open(os.path.join(package_folder_path, 'version.py') if os.path.exists(os.path.join(package_folder_path, 'version.py')) else os.path.join(package_folder_path, '_version.py'), 'r') as fd: version = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]',