def set_waf_rate_limit_rule(client, resource_group_name, policy_name, name, priority, action, request_threshold, duration, match_conditions, disabled=None): from azure.mgmt.cdn.models import (CustomRuleEnabledState) rule = RateLimitRule(name=name, enabled_state=CustomRuleEnabledState.disabled if disabled else CustomRuleEnabledState.enabled, rate_limit_threshold=request_threshold, rate_limit_duration_in_minutes=duration, action=action, match_conditions=match_conditions, priority=priority) policy = client.get(resource_group_name, policy_name) upsert_to_collection(policy.rate_limit_rules, 'rules', rule, 'name') updated = client.create_or_update(resource_group_name, policy_name, policy).result() return find_child_item(updated.rate_limit_rules, name, path='rules', key_path='name')
def set_waf_custom_rule(client, resource_group_name, policy_name, name, priority, action, match_conditions, disabled=None): from azure.mgmt.cdn.models import (CustomRuleEnabledState) rule = CustomRule(name=name, enabled_state=CustomRuleEnabledState.disabled if disabled else CustomRuleEnabledState.enabled, action=action, match_conditions=match_conditions, priority=priority) policy = client.get(resource_group_name, policy_name) upsert_to_collection(policy.custom_rules, 'rules', rule, 'name') policy = client.create_or_update(resource_group_name, policy_name, policy).result() return find_child_item(policy.custom_rules, name, path='rules', key_path='name')
def set_waf_managed_rule_group_override(client, resource_group_name, policy_name, rule_set_type, rule_set_version, name, rule_overrides): policy = client.get(resource_group_name, policy_name) ruleset = _find_policy_managed_rule_set(policy, rule_set_type, rule_set_version) if ruleset is None: raise CLIError("managed rule set type '{}' version '{}' is not added to WAF policy '{}'" .format(rule_set_type, rule_set_version, policy_name)) rulegroup = ManagedRuleGroupOverride(rule_group_name=name, rules=rule_overrides) upsert_to_collection(ruleset, 'rule_group_overrides', rulegroup, 'rule_group_name') policy = client.create_or_update(resource_group_name, policy_name, policy).result() ruleset = _find_policy_managed_rule_set(policy, rule_set_type, rule_set_version) return find_child_item(ruleset, name, path='rule_group_overrides', key_path='rule_group_name')
def upsert_security_alerts_suppression_rule_scope(client, rule_name, field, contains_substring=None, any_of=None): from azure.cli.core.commands import upsert_to_collection # get the parent object parent_object = client.get(alerts_suppression_rule_name=rule_name) if contains_substring is not None: current_additional_properties = {'contains': contains_substring} else: current_additional_properties = {'in': any_of} scope = ScopeElement(additional_properties=current_additional_properties, field=field) if parent_object.suppression_alerts_scope is None: parent_object.suppression_alerts_scope = SuppressionAlertsScope(all_of=[scope]) else: # add the new child to the parent collection upsert_to_collection(parent_object.suppression_alerts_scope, 'all_of', scope, 'field') # update the parent object result = client.update(alerts_suppression_rule_name=rule_name, alerts_suppression_rule=parent_object) # return the child object return next((x for x in result.suppression_alerts_scope.all_of if x.field.lower() == field.lower()), None)
def test_network_upsert(self): from azure.cli.core.commands import upsert_to_collection obj1 = mock.MagicMock() obj1.key = 'object1' obj1.value = 'cat' obj2 = mock.MagicMock() obj2.key = 'object2' obj2.value = 'dog' # 1 - verify upsert to a null collection parent_with_null_collection = mock.MagicMock() parent_with_null_collection.collection = None upsert_to_collection(parent_with_null_collection, 'collection', obj1, 'key') result = parent_with_null_collection.collection self.assertEqual(len(result), 1) self.assertEqual(result[0].value, 'cat') # 2 - verify upsert to an empty collection parent_with_empty_collection = mock.MagicMock() parent_with_empty_collection.collection = [] upsert_to_collection(parent_with_empty_collection, 'collection', obj1, 'key') result = parent_with_empty_collection.collection self.assertEqual(len(result), 1) self.assertEqual(result[0].value, 'cat') # 3 - verify can add more than one upsert_to_collection(parent_with_empty_collection, 'collection', obj2, 'key') result = parent_with_empty_collection.collection self.assertEqual(len(result), 2) self.assertEqual(result[1].value, 'dog') # 4 - verify update to existing collection obj2.value = 'noodle' upsert_to_collection(parent_with_empty_collection, 'collection', obj2, 'key') result = parent_with_empty_collection.collection self.assertEqual(len(result), 2) self.assertEqual(result[1].value, 'noodle')