diff --git a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 index 9c43a4431858..947f33a5b182 100644 --- a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 +++ b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 @@ -176,10 +176,14 @@ function Test-ApplicationGatewayCRUD $probe02 = New-AzApplicationGatewayProbeConfig -Name $probe02Name -Match $match2 -Protocol Https -HostName "probe.com" -Path "/path/path.htm" -Interval 89 -Timeout 88 -UnhealthyThreshold 8 - $poolSetting02 = New-AzApplicationGatewayBackendHttpSettings -Name $poolSetting02Name -Probe $probe02 -Port 443 -Protocol Https -CookieBasedAffinity Enabled -AuthenticationCertificates $authcert01 + $poolSetting02 = New-AzApplicationGatewayBackendHttpSettings -Name $poolSetting02Name -Probe $probe02 -Port 443 -Protocol Https -CookieBasedAffinity Enabled -AuthenticationCertificates $authcert01 -ValidateCertChainAndExpiry $true -ValidateSni $false Assert-Null $poolSetting02.connectionDraining Assert-NotNull $poolSetting02.Probe + # Verify new certificate validation properties - test both true and false scenarios + Assert-AreEqual $true $poolSetting02.ValidateCertChainAndExpiry + Assert-AreEqual $false $poolSetting02.ValidateSni + # Test setting and removing connectiondraining Set-AzApplicationGatewayConnectionDraining -BackendHttpSettings $poolSetting02 -Enabled $False -DrainTimeoutInSec 3600 $connectionDraining02 = Get-AzApplicationGatewayConnectionDraining -BackendHttpSettings $poolSetting02 @@ -223,7 +227,11 @@ function Test-ApplicationGatewayCRUD Compare-ConnectionDraining $poolSetting01 $getgw.BackendHttpSettingsCollection[0] Compare-ConnectionDraining $poolSetting02 $getgw.BackendHttpSettingsCollection[1] Compare-WebApplicationFirewallConfiguration $firewallConfig $getgw.WebApplicationFirewallConfiguration - + + # Verify new certificate validation properties are preserved after creation + Assert-AreEqual $true $getgw.BackendHttpSettingsCollection[1].ValidateCertChainAndExpiry + Assert-AreEqual $false $getgw.BackendHttpSettingsCollection[1].ValidateSni + <# Tested on Azure Portal CloudShell against a V2 gateway and got the same error that this test gets when listing gateways... Get-AzApplicationGateway: Resource provider 'Microsoft.Network' failed to return collection response for type 'applicationGateways'. diff --git a/src/Network/Network/ApplicationGateway/BackendHttpSettings/AzureApplicationGatewayBackendHttpSettingsBase.cs b/src/Network/Network/ApplicationGateway/BackendHttpSettings/AzureApplicationGatewayBackendHttpSettingsBase.cs index 7242c92f5060..653a1dca4457 100644 --- a/src/Network/Network/ApplicationGateway/BackendHttpSettings/AzureApplicationGatewayBackendHttpSettingsBase.cs +++ b/src/Network/Network/ApplicationGateway/BackendHttpSettings/AzureApplicationGatewayBackendHttpSettingsBase.cs @@ -119,7 +119,7 @@ public class AzureApplicationGatewayBackendHttpSettingsBase : NetworkBaseCmdlet [Parameter( Mandatory = false, HelpMessage = "When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true.")] - public bool? ValidateSNI { get; set; } + public bool? ValidateSni { get; set; } [Parameter( Mandatory = false, @@ -229,14 +229,14 @@ public PSApplicationGatewayBackendHttpSettings NewObject() backendHttpSettings.ValidateCertChainAndExpiry = true; } - if (this.ValidateSNI.HasValue) + if (this.ValidateSni.HasValue) { - backendHttpSettings.ValidateSNI = this.ValidateSNI.Value; + backendHttpSettings.ValidateSni = this.ValidateSni.Value; } else { // Default value is true according to the API specification - backendHttpSettings.ValidateSNI = true; + backendHttpSettings.ValidateSni = true; } if (this.SniName != null) diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md index 4ea49c4a627b..e36a71152442 100644 --- a/src/Network/Network/ChangeLog.md +++ b/src/Network/Network/ChangeLog.md @@ -21,7 +21,7 @@ ## Upcoming Release * Added new cmdlet for List NetworkSecurityPerimeter ServiceTags - `Get-AzNetworkSecurityPerimeterServiceTag` -* Added properties 'DedicatedBackendConnection', 'ValidateCertChainAndExpiry', 'ValidateSNI', and 'SniName' to Application Gateway Backend HTTP Settings, as well as support for them in the following cmdlets: +* Added properties 'DedicatedBackendConnection', 'ValidateCertChainAndExpiry', 'ValidateSni', and 'SniName' to Application Gateway Backend HTTP Settings, as well as support for them in the following cmdlets: - `New-AzApplicationGatewayBackendHttpSetting` - `Add-AzApplicationGatewayBackendHttpSetting` - `Set-AzApplicationGatewayBackendHttpSetting` diff --git a/src/Network/Network/Models/PSApplicationGatewayBackendHttpSettings.cs b/src/Network/Network/Models/PSApplicationGatewayBackendHttpSettings.cs index f9aeb6ef8bec..e742c3e22132 100644 --- a/src/Network/Network/Models/PSApplicationGatewayBackendHttpSettings.cs +++ b/src/Network/Network/Models/PSApplicationGatewayBackendHttpSettings.cs @@ -50,7 +50,7 @@ public class PSApplicationGatewayBackendHttpSettings : PSChildResource [Ps1Xml(Target = ViewControl.Table)] public bool? ValidateCertChainAndExpiry { get; set; } [Ps1Xml(Target = ViewControl.Table)] - public bool? ValidateSNI { get; set; } + public bool? ValidateSni { get; set; } [Ps1Xml(Target = ViewControl.Table)] public string SniName { get; set; } diff --git a/src/Network/Network/help/Add-AzApplicationGatewayBackendHttpSetting.md b/src/Network/Network/help/Add-AzApplicationGatewayBackendHttpSetting.md index 88df7a1c52c8..fb529e690290 100644 --- a/src/Network/Network/help/Add-AzApplicationGatewayBackendHttpSetting.md +++ b/src/Network/Network/help/Add-AzApplicationGatewayBackendHttpSetting.md @@ -20,7 +20,7 @@ Add-AzApplicationGatewayBackendHttpSetting -ApplicationGateway ] [-TrustedRootCertificate ] [-PickHostNameFromBackendAddress] [-HostName ] [-AffinityCookieName ] [-Path ] - [-DedicatedBackendConnection ] [-ValidateCertChainAndExpiry ] [-ValidateSNI ] + [-DedicatedBackendConnection ] [-ValidateCertChainAndExpiry ] [-ValidateSni ] [-SniName ] [-DefaultProfile ] [] ``` @@ -327,7 +327,7 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ValidateSNI +### -ValidateSni When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true. ```yaml diff --git a/src/Network/Network/help/New-AzApplicationGatewayBackendHttpSetting.md b/src/Network/Network/help/New-AzApplicationGatewayBackendHttpSetting.md index 5d58e8dba926..71150cf43c6b 100644 --- a/src/Network/Network/help/New-AzApplicationGatewayBackendHttpSetting.md +++ b/src/Network/Network/help/New-AzApplicationGatewayBackendHttpSetting.md @@ -21,7 +21,7 @@ New-AzApplicationGatewayBackendHttpSetting -Name -Port -Protoco [-TrustedRootCertificate ] [-PickHostNameFromBackendAddress] [-HostName ] [-AffinityCookieName ] [-Path ] [-DedicatedBackendConnection ] [-ValidateCertChainAndExpiry ] - [-ValidateSNI ] + [-ValidateSni ] [-SniName ] [-DefaultProfile ] [] ``` @@ -312,7 +312,7 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ValidateSNI +### -ValidateSni When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true. ```yaml diff --git a/src/Network/Network/help/Set-AzApplicationGatewayBackendHttpSetting.md b/src/Network/Network/help/Set-AzApplicationGatewayBackendHttpSetting.md index a1b07de078e9..982841f9e873 100644 --- a/src/Network/Network/help/Set-AzApplicationGatewayBackendHttpSetting.md +++ b/src/Network/Network/help/Set-AzApplicationGatewayBackendHttpSetting.md @@ -21,7 +21,7 @@ Set-AzApplicationGatewayBackendHttpSetting -ApplicationGateway ] [-PickHostNameFromBackendAddress] [-HostName ] [-AffinityCookieName ] [-Path ] [-DedicatedBackendConnection ] [-ValidateCertChainAndExpiry ] - [-ValidateSNI ] + [-ValidateSni ] [-SniName ] [-DefaultProfile ] [] ``` @@ -330,7 +330,7 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ValidateSNI +### -ValidateSni When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true. ```yaml