From 5e4101d88c6d9cb87b7eb15ab5a66fba49f5da24 Mon Sep 17 00:00:00 2001 From: Girish Motwani Date: Thu, 19 Sep 2019 14:41:43 -0700 Subject: [PATCH 1/4] Add Azure Firewall SKU --- .../stable/2019-08-01/azureFirewall.json | 32 +++++++++++++++++++ .../stable/2019-08-01/firewallPolicy.json | 6 ++-- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json index cde4fbf67e4f..b47a83628dd0 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json @@ -444,6 +444,10 @@ "readOnly": true, "description": "IP addresses associated with AzureFirewall.", "$ref": "#/definitions/HubIPAddresses" + }, + "sku": { + "description": "The Azure Firewall Resource SKU.", + "$ref": "#/definitions/AzureFirewallSku" } }, "description": "Properties of the Azure Firewall." @@ -880,6 +884,34 @@ "name": "AzureFirewallApplicationRuleProtocolType", "modelAsString": true } + }, + "AzureFirewallSku": { + "properties": { + "name": { + "type": "string", + "description": "Name of an Azure Firewall SKU.", + "enum": [ + "AZFW_VNet", + "AZFW_Hub" + ], + "x-ms-enum": { + "name": "AzureFirewallSkuName", + "modelAsString": true + } + }, + "tier": { + "type": "string", + "description": "Tier of an Azure Firewall.", + "enum": [ + "Standard" + ], + "x-ms-enum": { + "name": "AzureFirewallTier", + "modelAsString": true + } + } + }, + "description": "SKU of an Azure Firewall." } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/firewallPolicy.json index 2a87cd36e2e0..0d184bf3506b 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/firewallPolicy.json @@ -896,8 +896,7 @@ "type": "string", "description": "The action type of a rule.", "enum": [ - "DNAT", - "SNAT" + "DNAT" ], "x-ms-enum": { "name": "FirewallPolicyNatRuleActionType", @@ -918,8 +917,7 @@ "description": "The action type of a rule.", "enum": [ "Allow", - "Deny", - "Alert " + "Deny" ], "x-ms-enum": { "name": "FirewallPolicyFilterRuleActionType", From 8e290f98b4c9d848bcfcadbe235cf14a0db0c168 Mon Sep 17 00:00:00 2001 From: Girish Motwani Date: Thu, 19 Sep 2019 15:45:21 -0700 Subject: [PATCH 2/4] Move SecurityProvider to the vHub from vWan --- .../stable/2019-08-01/examples/AzureFirewallGet.json | 4 ++++ .../examples/AzureFirewallGetWithZones.json | 4 ++++ .../stable/2019-08-01/examples/AzureFirewallPut.json | 12 ++++++++++++ .../2019-08-01/examples/AzureFirewallPutInHub.json | 12 ++++++++++++ .../examples/AzureFirewallPutWithZones.json | 12 ++++++++++++ .../stable/2019-08-01/virtualWan.json | 12 ++++++++---- 6 files changed, 52 insertions(+), 4 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGet.json index c9abcc06ae9f..6ffc23b41195 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGet.json @@ -19,6 +19,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "threatIntelMode": "Alert", "ipConfigurations": [ { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGetWithZones.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGetWithZones.json index 3920bc73101d..bf24fb8dc20d 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGetWithZones.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallGetWithZones.json @@ -23,6 +23,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "threatIntelMode": "Alert", "ipConfigurations": [ { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPut.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPut.json index 2dad09111170..47e9bd9708f2 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPut.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPut.json @@ -11,6 +11,10 @@ "location": "West US", "zones": [], "properties": { + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "threatIntelMode": "Alert", "ipConfigurations": [ { @@ -134,6 +138,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "threatIntelMode": "Alert", "ipConfigurations": [ { @@ -260,6 +268,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "threatIntelMode": "Alert", "ipConfigurations": [ { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutInHub.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutInHub.json index 499c4365bc75..c655b7db8b6a 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutInHub.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutInHub.json @@ -11,6 +11,10 @@ "location": "West US", "zones": [], "properties": { + "sku": { + "name": "AZFW_Hub", + "tier": "Standard" + }, "threatIntelMode": "Alert", "virtualHub": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1" @@ -35,6 +39,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_Hub", + "tier": "Standard" + }, "threatIntelMode": "Alert", "virtualHub": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1" @@ -66,6 +74,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_Hub", + "tier": "Standard" + }, "threatIntelMode": "Alert", "virtualHub": { "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1" diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutWithZones.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutWithZones.json index 30876cfb7304..a9eee3d3ed9f 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutWithZones.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/examples/AzureFirewallPutWithZones.json @@ -16,6 +16,10 @@ ], "properties": { "threatIntelMode": "Alert", + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "ipConfigurations": [ { "name": "azureFirewallIpConfiguration", @@ -142,6 +146,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "threatIntelMode": "Alert", "ipConfigurations": [ { @@ -272,6 +280,10 @@ }, "properties": { "provisioningState": "Succeeded", + "sku": { + "name": "AZFW_VNet", + "tier": "Standard" + }, "threatIntelMode": "Alert", "ipConfigurations": [ { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/virtualWan.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/virtualWan.json index 3defab9ea570..3704168d325c 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/virtualWan.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/virtualWan.json @@ -2651,10 +2651,6 @@ }, "description": "List of VpnSites in the VirtualWAN." }, - "securityProviderName": { - "type": "string", - "description": "The Security Provider name." - }, "allowBranchToBranchTraffic": { "type": "boolean", "description": "True if branch to branch traffic is allowed." @@ -2906,6 +2902,10 @@ "$ref": "./network.json#/definitions/SubResource", "description": "The expressRouteGateway associated with this VirtualHub." }, + "azureFirewall": { + "$ref": "./network.json#/definitions/SubResource", + "description": "The azureFirewall associated with this VirtualHub." + }, "virtualNetworkConnections": { "type": "array", "description": "List of all vnet connections with this VirtualHub.", @@ -2924,6 +2924,10 @@ "provisioningState": { "$ref": "./network.json#/definitions/ProvisioningState", "description": "The provisioning state of the virtual hub resource." + }, + "securityProviderName": { + "type": "string", + "description": "The Security Provider name." } }, "description": "Parameters for VirtualHub." From beef6f17a13217b9d0ff04aa932e736058e05948 Mon Sep 17 00:00:00 2001 From: Girish Motwani Date: Thu, 19 Sep 2019 16:12:39 -0700 Subject: [PATCH 3/4] Add AZFW to custom words AZFW is commonly used for Azure Firewall --- custom-words.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/custom-words.txt b/custom-words.txt index fad3038ed8e5..4e7b6bd1e2a5 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -129,6 +129,7 @@ autoscalesettings autoscaling Avro avrodeflate +AZFW azns azpkg azureaccounts From 6f413959c50415c92453bd8a12a17d3ddff3bc23 Mon Sep 17 00:00:00 2001 From: Girish Motwani Date: Mon, 23 Sep 2019 12:40:18 -0700 Subject: [PATCH 4/4] Address review comments --- .../Microsoft.Network/stable/2019-08-01/azureFirewall.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json index b47a83628dd0..904f30eb7266 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-08-01/azureFirewall.json @@ -906,7 +906,7 @@ "Standard" ], "x-ms-enum": { - "name": "AzureFirewallTier", + "name": "AzureFirewallSkuTier", "modelAsString": true } }