Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DO NOT MERGE] Introducing Per-Site Waf Policy Support #6907

Closed
wants to merge 22 commits into from
Closed

[DO NOT MERGE] Introducing Per-Site Waf Policy Support #6907

wants to merge 22 commits into from

Conversation

venkatsvpr
Copy link
Contributor

Latest improvements:

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.

Contribution checklist:

  • I have reviewed the documentation for the workflow.
  • Validation tools were run on swagger spec(s) and have all been fixed in this PR.
  • The OpenAPI Hub was used for checking validation status and next steps.

ARM API Review Checklist

  • Service team MUST add the "WaitForARMFeedback" label if the management plane API changes fall into one of the below categories.
  • adding/removing APIs.
  • adding/removing properties.
  • adding/removing API-version.
  • adding a new service in Azure.

Failure to comply may result in delays for manifest application. Note this does not apply to data plane APIs.

  • If you are blocked on ARM review and want to get the PR merged urgently, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.
    Please follow the link to find more details on API review process.

venkatsvpr and others added 17 commits April 1, 2019 14:20
@venkatsvpr
Swagger was enforcing the limit as 0 to 500, It should enforce lower …
fd3e027 
…limit as 1, upper limit is based on the Skw and AppGw Version so we shouldnt enforce the upper limit
@venkatsvpr
Currently 0 doesnt make sense.. but this check will be enforced by NR…
c99990b 
…P. Swagger only have to protect against potential negative values
@venkatsvpr
Merge pull request #1 from Azure/master
45faff4 
Pulling latest Master to my repo
@gimotwanMSFT @sergey-shandar
Add swagger specification for firewall policy resource (Azure#6708)
3f9699a 
* Add swagger specification for firewall policy resource

* Add the firewall policy spec to the list of files in readme.md

* Add priority to the Filter Rule in example for Rule Group Get

* Encapsulate the response body in a body property

* Suppress errors due to missing properties inhertied from base resource:

* Fix typo

* Fix Build errors

* Address review comments

* Revert capitalization of Tags and OperationId as Semantic valiation expects lower case

* Drop 201 response from examples

* Capitalize first letter of the operationId and tags values

* Add swagger changes for azure firewall in vHub

* Add a ref to the example file for Azure Firewall in vHub

* Fix validation check

* Address review comments
@anton-evseev @yungezz
Fix typos in Network's examples (Azure#6740)
343d133
@anton-evseev
Add missing read-only property "loadBalancerFrontendIpConfiguration" …
748e335 
…to publicIpPrefix (Azure#6693)
@ritwikbasu @yungezz
Make patch operations async for VNGs and VNG Connections (Azure#6695)
3e87f8a
@venkatsvpr
Merge pull request #6 from Azure/network-july-release
b0b855e 
Pulling latest code changes
@venkatsvpr
Toplevel waf work checkin
9be4036
@venkatsvpr
reverting the change made
12d8993
@venkatsvpr
minor fixes
7310a97
@venkatsvpr
Using the network.json/parameters/ApiVersionParameter
674c390
@venkatsvpr
more changes
0a095c1
@venkatsvpr
Changes in swagger
68ff603
@venkatsvpr
Minor changes;
22d04a8
@venkatsvpr
Adding firewall Policy to appGateway
5ae2295
@venkatsvpr
taking the waf firewall out. .since this is taken by seperate PR
081723f
@AutorestCI
Copy link

AutorestCI commented Aug 8, 2019
edited
Loading

Automation for azure-sdk-for-python

Encountered an unknown error: (azure-sdk-for-python)

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/azure_devtools/ci_tools/github_tools.py", line 33, in exception_to_github
    yield context
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/restapi/github.py", line 170, in rest_handle_action
    return rest_pull_close(body, restapi_repo, sdk_pr_target_repo, sdkbase, sdk_tag)
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/restapi/github.py", line 185, in rest_pull_close
    rest_pr_management(rest_pr, sdk_pr_target_repo, sdk_tag, sdk_default_base)
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/restapi/github_handler.py", line 151, in rest_pr_management
    sdk_tag=sdk_tag
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/SwaggerToSdkNewCLI.py", line 254, in generate_sdk_from_git_object
    with manage_git_folder(gh_token, Path(temp_dir) / Path("rest"), branched_rest_api_id, pr_number=pr_number) as restapi_git_folder, \
  File "/usr/lib/python3.6/contextlib.py", line 81, in __enter__
    return next(self.gen)
  File "/usr/local/lib/python3.6/dist-packages/azure_devtools/ci_tools/github_tools.py", line 272, in manage_git_folder
    clone_to_path(gh_token, temp_dir, split_git_id[0], branch_or_commit=branch, pr_number=pr_number)
  File "/usr/local/lib/python3.6/dist-packages/azure_devtools/ci_tools/github_tools.py", line 212, in clone_to_path
    repo.git.checkout(branch_or_commit)
  File "/usr/local/lib/python3.6/dist-packages/git/cmd.py", line 548, in <lambda>
    return lambda *args, **kwargs: self._call_process(name, *args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/git/cmd.py", line 1014, in _call_process
    return self.execute(call, **exec_kwargs)
  File "/usr/local/lib/python3.6/dist-packages/git/cmd.py", line 825, in execute
    raise GitCommandError(command, status, stderr_value, stdout_value)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
  cmdline: git checkout 862838d5dbe0b003ebbae3820a2a2a5eb8377476
  stderr: 'fatal: reference is not a tree: 862838d5dbe0b003ebbae3820a2a2a5eb8377476'

@AutorestCI
Copy link

AutorestCI commented Aug 8, 2019
edited
Loading

Automation for azure-sdk-for-go

Encountered an unknown error: (azure-sdk-for-go)

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/azure_devtools/ci_tools/github_tools.py", line 33, in exception_to_github
    yield context
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/restapi/github.py", line 170, in rest_handle_action
    return rest_pull_close(body, restapi_repo, sdk_pr_target_repo, sdkbase, sdk_tag)
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/restapi/github.py", line 185, in rest_pull_close
    rest_pr_management(rest_pr, sdk_pr_target_repo, sdk_tag, sdk_default_base)
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/restapi/github_handler.py", line 151, in rest_pr_management
    sdk_tag=sdk_tag
  File "/usr/local/lib/python3.6/dist-packages/swaggertosdk/SwaggerToSdkNewCLI.py", line 254, in generate_sdk_from_git_object
    with manage_git_folder(gh_token, Path(temp_dir) / Path("rest"), branched_rest_api_id, pr_number=pr_number) as restapi_git_folder, \
  File "/usr/lib/python3.6/contextlib.py", line 81, in __enter__
    return next(self.gen)
  File "/usr/local/lib/python3.6/dist-packages/azure_devtools/ci_tools/github_tools.py", line 272, in manage_git_folder
    clone_to_path(gh_token, temp_dir, split_git_id[0], branch_or_commit=branch, pr_number=pr_number)
  File "/usr/local/lib/python3.6/dist-packages/azure_devtools/ci_tools/github_tools.py", line 212, in clone_to_path
    repo.git.checkout(branch_or_commit)
  File "/usr/local/lib/python3.6/dist-packages/git/cmd.py", line 548, in <lambda>
    return lambda *args, **kwargs: self._call_process(name, *args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/git/cmd.py", line 1014, in _call_process
    return self.execute(call, **exec_kwargs)
  File "/usr/local/lib/python3.6/dist-packages/git/cmd.py", line 825, in execute
    raise GitCommandError(command, status, stderr_value, stdout_value)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
  cmdline: git checkout 862838d5dbe0b003ebbae3820a2a2a5eb8377476
  stderr: 'fatal: reference is not a tree: 862838d5dbe0b003ebbae3820a2a2a5eb8377476'

@azuresdkci
Copy link
Contributor

Can one of the admins verify this patch?

@anton-evseev
Copy link
Contributor

network-july-release has been merged, please rebase and retarget to master

@venkatsvpr venkatsvpr changed the base branch from network-july-release to master August 14, 2019 18:49
@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 14, 2019
edited
Loading

In Testing, Please Ignore

[Logs] (Generated from af749ae, Iteration 6)

Succeeded .NET: test-repo-billy/azure-sdk-for-net [Logs] [Diff]
In-Progress Python: test-repo-billy/azure-sdk-for-python [Logs]
  • Package generation in progress.
In-Progress Java: test-repo-billy/azure-sdk-for-java [Logs]
  • Package generation in progress.
In-Progress Go: test-repo-billy/azure-sdk-for-go [Logs]
  • Package generation in progress.
In-Progress JavaScript: test-repo-billy/azure-sdk-for-js [Logs]
  • Package generation in progress.
Warning Ruby: test-repo-billy/azure-sdk-for-ruby [Logs] [Diff]
  • No packages generated.

@AutorestCI AutorestCI mentioned this pull request Aug 14, 2019
Closed
@PhoenixHe-NV PhoenixHe-NV mentioned this pull request Aug 16, 2019
Closed
vkrivopalov
vkrivopalov suggested changes Aug 21, 2019
View reviewed changes
Copy link

@vkrivopalov vkrivopalov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also need to add firewallPolicy to ApplicationGatewayHttpListenerPropertiesFormat for the per-site case. The current cases cover per-URI scenario (routing rules) only.

...ication/network/resource-manager/Microsoft.Network/stable/2019-06-01/applicationGateway.json Outdated
},
"firewallPolicy": {
"$ref": "./network.json#/definitions/SubResource",
"description": "Reference of the FirewallPolicy resource."
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(minor) "Reference TO..."?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

...ication/network/resource-manager/Microsoft.Network/stable/2019-06-01/applicationGateway.json Outdated
@@ -1681,6 +1685,10 @@
"$ref": "./network.json#/definitions/SubResource",
"description": "Redirect configuration resource of the application gateway."
},
"firewallPolicy": {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For routing rules of 'Basic' type we should add a map of new objects.
That new object should be similar to ApplicationGatewayPathRulePropertiesFormat but only have
"paths" and "firewallPolicy". We can have multiple path prefixes with different WAF policies per a single Basic rule.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed!

@openapi-sdkautomation openapi-sdkautomation bot mentioned this pull request Aug 24, 2019
Closed
@yungezz yungezz added the DoNotMerge <valid label in PR review process> use to hold merge after approval label Aug 28, 2019
@yungezz
Copy link
Member

yungezz commented Aug 28, 2019

hi @venkatsvpr @zikalino what's the status on the PR?

@venkatsvpr venkatsvpr closed this Aug 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vkrivopalov vkrivopalov vkrivopalov requested changes

@MikhailTryakhov MikhailTryakhov Awaiting requested review from MikhailTryakhov

@zikalino zikalino Awaiting requested review from zikalino

Assignees

@zikalino zikalino

Labels
DoNotMerge <valid label in PR review process> use to hold merge after approval
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@venkatsvpr @AutorestCI @azuresdkci @anton-evseev @yungezz @vkrivopalov @zikalino @gimotwanMSFT @ritwikbasu