Azfw - add property "httpHeadersToInsert" to Application Rule (#21580)

* initial http headers method and command

* validations

* rename

* HttpHeaderToInsert property and tests

* change log conflict

* added help info

Author: NiviShenker

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.cs

@@ -180,5 +180,13 @@ public void TestAzureFirewallSnat()
         {
             TestRunner.RunTestScript("Test-AzureFirewallSnat");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallPolicyApplicationRuleCustomHttpHeader()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallPolicyApplicationRuleCustomHttpHeader");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1

@@ -1780,18 +1780,17 @@ function Test-AzureFirewallSnat {
     $privateRange2 = @("0.0.0.0/0", "66.92.0.0/16")
 
     try {
-
+        
         # Create the resource group
         $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
 
         $snat = New-AzFirewallPolicySnat -PrivateRange $privateRange -AutoLearnPrivateRange
-
+        
         # Create AzureFirewallPolicy (with SNAT)
         $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -Snat $snat
-
+        
         # Get AzureFirewallPolicy
         $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
-       
 
         #verification
         Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
@@ -1817,4 +1816,120 @@ function Test-AzureFirewallSnat {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+<#
+.SYNOPSIS
+Tests Azure Firewall Policy Application Rule creation and custom http header addition
+#>
+function Test-AzureFirewallPolicyApplicationRuleCustomHttpHeader {
+# Setup
+    $rgname = Get-ResourceGroupName
+    $azureFirewallPolicyName = Get-ResourceName
+    $azureFirewallPolicyAsJobName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/FirewallPolicies"
+    $location = "centralindia"
+    $ruleGroupName = Get-ResourceName
+
+    # RuleCollection parameters
+    $rcName = "RC"
+    $rcPriority = 200
+    $actionType = "Deny"
+
+    # Rules parameters
+    $ruleName1 = "appRule1"
+    $ruleName2 = "appRule2"
+    $ruleName3 = "appRule3"
+    $sourceAddress = "10.0.0.0"
+    $targetFqdn = "www.bing.com"
+    $httpProtocol = "HTTP"
+    $httpsProtocol = "HTTPS"
+    $headerName1 = "header1"
+    $headerValue1 = "value1"
+    $headerName2 = "header2"
+    $headerValue2 = "value2"
+    $headerName3 = "header3"
+    $headerValue3 = "value3"
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+
+        # Create AzureFirewallPolicy
+        $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -SkuTier "Premium" 
+
+        # Get AzureFirewallPolicy
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+
+        # Verification
+        Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
+        Assert-AreEqual $azureFirewallPolicyName $getAzureFirewallPolicy.Name
+        Assert-NotNull $getAzureFirewallPolicy.Location
+        Assert-AreEqual (Normalize-Location $location) $getAzureFirewallPolicy.Location
+        
+        # Create Application Rules with custom http headers
+        $appRule1 = New-AzFirewallPolicyApplicationRule -Name $ruleName1 -Protocol $httpProtocol -SourceAddress $sourceAddress -TargetFqdn $targetFqdn
+        Assert-NotNull $appRule1
+        $customHeader1 = New-AzFirewallPolicyApplicationRuleCustomHttpHeader -HeaderName $headerName1 -HeaderValue $headerValue1
+        Assert-NotNull $customHeader1
+        $appRule1.AddCustomHttpHeaderToInsert($customHeader1)
+
+        $appRule2 = New-AzFirewallPolicyApplicationRule -Name $ruleName2 -Protocol $httpsProtocol -SourceAddress $sourceAddress -TargetFqdn $targetFqdn -TerminateTLS
+        Assert-NotNull $appRule2
+        $customHeader2 = New-AzFirewallPolicyApplicationRuleCustomHttpHeader -HeaderName $headerName2 -HeaderValue $headerValue2
+        Assert-NotNull $customHeader2
+        $appRule2.AddCustomHttpHeaderToInsert($customHeader2)
+        
+        $appRule3 = New-AzFirewallPolicyApplicationRule -Name $ruleName3 -Protocol $httpProtocol, $httpsProtocol -SourceAddress $sourceAddress -TargetFqdn $targetFqdn -TerminateTLS
+        Assert-NotNull $appRule3
+        $customHeader3 = New-AzFirewallPolicyApplicationRuleCustomHttpHeader -HeaderName $headerName3 -HeaderValue $headerValue3
+        Assert-NotNull $customHeader3
+        $appRule3.AddCustomHttpHeaderToInsert($customHeader3)
+
+        # Create Rule Collection
+        $ruleCollection = New-AzFirewallPolicyFilterRuleCollection -Name $rcName -Priority $rcPriority -Rule $appRule1, $appRule2, $appRule3 -ActionType $actionType
+
+        # Create Rule Collection Group
+        New-AzFirewallPolicyRuleCollectionGroup -Name $ruleGroupName -Priority 100 -RuleCollection $ruleCollection -FirewallPolicyObject $azureFirewallPolicy
+
+        # Set AzureFirewallPolicy
+        Set-AzFirewallPolicy -InputObject $azureFirewallPolicy
+
+        # Get AzureFirewallPolicy
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgName
+
+        # verification
+        Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
+        Assert-AreEqual $azureFirewallPolicyName $getAzureFirewallPolicy.Name
+        Assert-NotNull $getAzureFirewallPolicy.Location
+        Assert-AreEqual $location $getAzureFirewallPolicy.Location
+        Assert-AreEqual 1 @($getAzureFirewallPolicy.RuleCollectionGroups).Count
+        
+        $getRcg = Get-AzFirewallPolicyRuleCollectionGroup -Name $ruleGroupName -AzureFirewallPolicy $getAzureFirewallPolicy
+        Assert-AreEqual 1 @($getRcg.properties.ruleCollection).Count        
+        $filterRuleCollection = $getRcg.Properties.GetRuleCollectionByName($rcName)
+        Assert-AreEqual 3 $filterRuleCollection.Rules.Count
+
+        # Verify application rule 1
+        $getAppRule1 = $filterRuleCollection.GetRuleByName($ruleName1)
+        Assert-AreEqual 1 $getAppRule1.HttpHeadersToInsert.Count
+        Assert-AreEqual $headerName1 $getAppRule1.HttpHeadersToInsert[0].HeaderName
+        Assert-AreEqual $headerValue1 $getAppRule1.HttpHeadersToInsert[0].HeaderValue
+
+        # Verify application rule 2
+        $getAppRule2 = $filterRuleCollection.GetRuleByName($ruleName2)
+        Assert-AreEqual 1 $getAppRule2.HttpHeadersToInsert.Count
+        Assert-AreEqual $headerName2 $getAppRule2.HttpHeadersToInsert[0].HeaderName
+        Assert-AreEqual $headerValue2 $getAppRule2.HttpHeadersToInsert[0].HeaderValue
+
+        # Verify application rule 2
+        $getAppRule3 = $filterRuleCollection.GetRuleByName($ruleName3)
+        Assert-AreEqual 1 $getAppRule3.HttpHeadersToInsert.Count
+        Assert-AreEqual $headerName3 $getAppRule3.HttpHeadersToInsert[0].HeaderName
+        Assert-AreEqual $headerValue3 $getAppRule3.HttpHeadersToInsert[0].HeaderValue
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }