def set_waf_rate_limit_rule(client,
resource_group_name,
policy_name,
name,
priority,
action,
request_threshold,
duration,
match_conditions,
disabled=None):
from azure.mgmt.cdn.models import (CustomRuleEnabledState)
rule = RateLimitRule(name=name,
enabled_state=CustomRuleEnabledState.disabled
if disabled else CustomRuleEnabledState.enabled,
rate_limit_threshold=request_threshold,
rate_limit_duration_in_minutes=duration,
action=action,
match_conditions=match_conditions,
priority=priority)
policy = client.get(resource_group_name, policy_name)
upsert_to_collection(policy.rate_limit_rules, 'rules', rule, 'name')
updated = client.create_or_update(resource_group_name, policy_name,
policy).result()
return find_child_item(updated.rate_limit_rules,
name,
path='rules',
key_path='name')
def set_waf_custom_rule(client,
resource_group_name,
policy_name,
name,
priority,
action,
match_conditions,
disabled=None):
from azure.mgmt.cdn.models import (CustomRuleEnabledState)
rule = CustomRule(name=name,
enabled_state=CustomRuleEnabledState.disabled
if disabled else CustomRuleEnabledState.enabled,
action=action,
match_conditions=match_conditions,
priority=priority)
policy = client.get(resource_group_name, policy_name)
upsert_to_collection(policy.custom_rules, 'rules', rule, 'name')
policy = client.create_or_update(resource_group_name, policy_name,
policy).result()
return find_child_item(policy.custom_rules,
name,
path='rules',
key_path='name')
def set_waf_managed_rule_group_override(client,
resource_group_name,
policy_name,
rule_set_type,
rule_set_version,
name,
rule_overrides):
policy = client.get(resource_group_name, policy_name)
ruleset = _find_policy_managed_rule_set(policy, rule_set_type, rule_set_version)
if ruleset is None:
raise CLIError("managed rule set type '{}' version '{}' is not added to WAF policy '{}'"
.format(rule_set_type, rule_set_version, policy_name))
rulegroup = ManagedRuleGroupOverride(rule_group_name=name, rules=rule_overrides)
upsert_to_collection(ruleset, 'rule_group_overrides', rulegroup, 'rule_group_name')
policy = client.create_or_update(resource_group_name, policy_name, policy).result()
ruleset = _find_policy_managed_rule_set(policy, rule_set_type, rule_set_version)
return find_child_item(ruleset, name, path='rule_group_overrides', key_path='rule_group_name')
def upsert_security_alerts_suppression_rule_scope(client, rule_name, field, contains_substring=None, any_of=None):
from azure.cli.core.commands import upsert_to_collection
# get the parent object
parent_object = client.get(alerts_suppression_rule_name=rule_name)
if contains_substring is not None:
current_additional_properties = {'contains': contains_substring}
else:
current_additional_properties = {'in': any_of}
scope = ScopeElement(additional_properties=current_additional_properties, field=field)
if parent_object.suppression_alerts_scope is None:
parent_object.suppression_alerts_scope = SuppressionAlertsScope(all_of=[scope])
else:
# add the new child to the parent collection
upsert_to_collection(parent_object.suppression_alerts_scope, 'all_of', scope, 'field')
# update the parent object
result = client.update(alerts_suppression_rule_name=rule_name, alerts_suppression_rule=parent_object)
# return the child object
return next((x for x in result.suppression_alerts_scope.all_of if x.field.lower() == field.lower()), None)
def test_network_upsert(self):
from azure.cli.core.commands import upsert_to_collection
obj1 = mock.MagicMock()
obj1.key = 'object1'
obj1.value = 'cat'
obj2 = mock.MagicMock()
obj2.key = 'object2'
obj2.value = 'dog'
# 1 - verify upsert to a null collection
parent_with_null_collection = mock.MagicMock()
parent_with_null_collection.collection = None
upsert_to_collection(parent_with_null_collection, 'collection', obj1,
'key')
result = parent_with_null_collection.collection
self.assertEqual(len(result), 1)
self.assertEqual(result[0].value, 'cat')
# 2 - verify upsert to an empty collection
parent_with_empty_collection = mock.MagicMock()
parent_with_empty_collection.collection = []
upsert_to_collection(parent_with_empty_collection, 'collection', obj1,
'key')
result = parent_with_empty_collection.collection
self.assertEqual(len(result), 1)
self.assertEqual(result[0].value, 'cat')
# 3 - verify can add more than one
upsert_to_collection(parent_with_empty_collection, 'collection', obj2,
'key')
result = parent_with_empty_collection.collection
self.assertEqual(len(result), 2)
self.assertEqual(result[1].value, 'dog')
# 4 - verify update to existing collection
obj2.value = 'noodle'
upsert_to_collection(parent_with_empty_collection, 'collection', obj2,
'key')
result = parent_with_empty_collection.collection
self.assertEqual(len(result), 2)
self.assertEqual(result[1].value, 'noodle')
