From 1e35e94414b7ed7fd372f7047ca536351a466e71 Mon Sep 17 00:00:00 2001
From: Sune Keller <absukl@almbrand.dk>
Date: Fri, 13 Mar 2020 16:07:18 +0100
Subject: [PATCH] Allow associating WAF Policy to Application Gateway

Fixes #4667.

Signed-off-by: Sune Keller <absukl@almbrand.dk>
---
 .../resource_arm_application_gateway.go       | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/azurerm/internal/services/network/resource_arm_application_gateway.go b/azurerm/internal/services/network/resource_arm_application_gateway.go
index 90fa875465e24..59389f71cb242 100644
--- a/azurerm/internal/services/network/resource_arm_application_gateway.go
+++ b/azurerm/internal/services/network/resource_arm_application_gateway.go
@@ -1276,6 +1276,21 @@ func resourceArmApplicationGateway() *schema.Resource {
 				},
 			},
 
+			"firewall_policy": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.NoZeroValues,
+						},
+					},
+				},
+			},
+
 			"custom_error_configuration": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -1430,6 +1445,15 @@ func resourceArmApplicationGatewayCreateUpdate(d *schema.ResourceData, meta inte
 		gateway.ApplicationGatewayPropertiesFormat.WebApplicationFirewallConfiguration = expandApplicationGatewayWafConfig(d)
 	}
 
+	if res, ok := d.GetOk("firewall_policy"); ok {
+		vs := res.([]interface{})
+		v := vs[0].(map[string]interface{})
+		id := v["id"].(string)
+		gateway.ApplicationGatewayPropertiesFormat.FirewallPolicy = &network.SubResource{
+			ID: &id,
+		}
+	}
+
 	if stopApplicationGateway {
 		future, err := client.Stop(ctx, resGroup, name)
 		if err != nil {
@@ -1608,6 +1632,10 @@ func resourceArmApplicationGatewayRead(d *schema.ResourceData, meta interface{})
 		if setErr := d.Set("waf_configuration", flattenApplicationGatewayWafConfig(props.WebApplicationFirewallConfiguration)); setErr != nil {
 			return fmt.Errorf("Error setting `waf_configuration`: %+v", setErr)
 		}
+
+		if setErr := d.Set("firewall_policy", flattenApplicationGatewayFirewallPolicy(props.FirewallPolicy)); setErr != nil {
+			return fmt.Errorf("Error setting `firewall_policy`: %+v", setErr)
+		}
 	}
 
 	return tags.FlattenAndSet(d, applicationGateway.Tags)
@@ -3591,6 +3619,20 @@ func flattenApplicationGatewayWafConfig(input *network.ApplicationGatewayWebAppl
 	return results
 }
 
+func flattenApplicationGatewayFirewallPolicy(input *network.SubResource) []interface{} {
+	results := make([]interface{}, 0)
+	if input == nil {
+		return results
+	}
+
+	output := make(map[string]interface{})
+
+	output["id"] = input.ID
+	results = append(results, output)
+
+	return results
+}
+
 func expandApplicationGatewayFirewallDisabledRuleGroup(d []interface{}) *[]network.ApplicationGatewayFirewallDisabledRuleGroup {
 	if len(d) == 0 {
 		return nil