Added Dedicated backend connection and certificate validation options in template for application Gateway Backend Settings (#28000)

Co-authored-by: Rajat Gupta <[email protected]>

Author: grajat341

src/Network/Network/ApplicationGateway/BackendHttpSettings/AzureApplicationGatewayBackendHttpSettingsBase.cs

@@ -106,6 +106,27 @@ public class AzureApplicationGatewayBackendHttpSettingsBase : NetworkBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string Path { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Enable or disable dedicated connection per backend server. Default is set to false.")]
+        public bool? DedicatedBackendConnection { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Verify or skip both chain and expiry validations of the certificate on the backend server. Default is set to true.")]
+        public bool? ValidateCertChainAndExpiry { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true.")]
+        public bool? ValidateSNI { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Specify an SNI value to match the common name of the certificate on the backend. By default, the application gateway uses the incoming request's host header as the SNI. Default value is null.")]
+        [ValidateNotNullOrEmpty]
+        public string SniName { get; set; } 
+
         public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
@@ -189,6 +210,40 @@ public PSApplicationGatewayBackendHttpSettings NewObject()
                 backendHttpSettings.Path = this.Path;
             }
 
+            if (this.DedicatedBackendConnection.HasValue)
+            {
+                backendHttpSettings.DedicatedBackendConnection = this.DedicatedBackendConnection.Value;
+            }
+            else
+            {
+                // Default value is false according to the API specification
+                backendHttpSettings.DedicatedBackendConnection = false;
+            }
+            if (this.ValidateCertChainAndExpiry.HasValue)
+            {
+                backendHttpSettings.ValidateCertChainAndExpiry = this.ValidateCertChainAndExpiry.Value;
+            }
+            else
+            {
+                // Default value is true according to the API specification
+                backendHttpSettings.ValidateCertChainAndExpiry = true;
+            }
+            
+            if (this.ValidateSNI.HasValue)
+            {
+                backendHttpSettings.ValidateSNI = this.ValidateSNI.Value;
+            }
+            else
+            {
+                // Default value is true according to the API specification
+                backendHttpSettings.ValidateSNI = true;
+            }
+
+            if (this.SniName != null)
+            {
+                backendHttpSettings.SniName = this.SniName;
+            }
+
             backendHttpSettings.Id = ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
                                     this.NetworkClient.NetworkManagementClient.SubscriptionId,
                                     Microsoft.Azure.Commands.Network.Properties.Resources.ApplicationGatewaybackendHttpSettingsName,

src/Network/Network/ChangeLog.md

@@ -21,6 +21,10 @@
 ## Upcoming Release
 * Onboarded Application Gateway WAF Exceptions cmdlet.
     - `New-AzApplicationGatewayFirewallPolicyException`  
+* Added properties 'DedicatedBackendConnection', 'ValidateCertChainAndExpiry', 'ValidateSNI', and 'SniName' to Application Gateway Backend HTTP Settings, as well as support for them in the following cmdlets:
+    - `New-AzApplicationGatewayBackendHttpSetting`
+    - `Add-AzApplicationGatewayBackendHttpSetting`
+    - `Set-AzApplicationGatewayBackendHttpSetting`
 
 ## Version 7.17.0
 * Added properties 'PublicIpAddressesV6', 'PublicIpPrefixesV6', and 'SourceVirtualNetwork' to NatGateway, as well as support for it for the following cmdlets:

src/Network/Network/Models/PSApplicationGatewayBackendHttpSettings.cs

@@ -45,6 +45,14 @@ public class PSApplicationGatewayBackendHttpSettings : PSChildResource
         [Ps1Xml(Target = ViewControl.Table)]
         public string ProvisioningState { get; set; }
         public string Type { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public bool? DedicatedBackendConnection { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public bool? ValidateCertChainAndExpiry { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public bool? ValidateSNI { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string SniName { get; set; }
 
         [JsonIgnore]
         public string ConnectionDrainingText

src/Network/Network/help/Add-AzApplicationGatewayBackendHttpSetting.md

@@ -20,6 +20,8 @@ Add-AzApplicationGatewayBackendHttpSetting -ApplicationGateway <PSApplicationGat
  [-AuthenticationCertificates <PSApplicationGatewayAuthenticationCertificate[]>]
  [-TrustedRootCertificate <PSApplicationGatewayTrustedRootCertificate[]>] [-PickHostNameFromBackendAddress]
  [-HostName <String>] [-AffinityCookieName <String>] [-Path <String>]
+ [-DedicatedBackendConnection <Boolean>] [-ValidateCertChainAndExpiry <Boolean>] [-ValidateSNI <Boolean>]
+ [-SniName <String>] 
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
@@ -295,6 +297,66 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DedicatedBackendConnection
+Enable or disable dedicated connection per backend server. Default is set to false.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ValidateCertChainAndExpiry
+Verify or skip both chain and expiry validations of the certificate on the backend server. Default is set to true.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ValidateSNI
+When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -SniName
+Specify an SNI value to match the common name of the certificate on the backend. By default, the application gateway uses the incoming request's host header as the SNI. Default value is null.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 

src/Network/Network/help/New-AzApplicationGatewayBackendHttpSetting.md

@@ -20,6 +20,9 @@ New-AzApplicationGatewayBackendHttpSetting -Name <String> -Port <Int32> -Protoco
  [-AuthenticationCertificates <PSApplicationGatewayAuthenticationCertificate[]>]
  [-TrustedRootCertificate <PSApplicationGatewayTrustedRootCertificate[]>] [-PickHostNameFromBackendAddress]
  [-HostName <String>] [-AffinityCookieName <String>] [-Path <String>]
+ [-DedicatedBackendConnection <Boolean>] [-ValidateCertChainAndExpiry <Boolean>] 
+ [-ValidateSNI <Boolean>]
+ [-SniName <String>] 
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
@@ -279,6 +282,66 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DedicatedBackendConnection
+Enable or disable dedicated connection per backend server. Default is set to false.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ValidateCertChainAndExpiry
+Verify or skip both chain and expiry validations of the certificate on the backend server. Default is set to true.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ValidateSNI
+When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -SniName
+Specify an SNI value to match the common name of the certificate on the backend. By default, the application gateway uses the incoming request's host header as the SNI. Default value is null.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 

src/Network/Network/help/Set-AzApplicationGatewayBackendHttpSetting.md

@@ -20,6 +20,9 @@ Set-AzApplicationGatewayBackendHttpSetting -ApplicationGateway <PSApplicationGat
  [-AuthenticationCertificates <PSApplicationGatewayAuthenticationCertificate[]>]
  [-TrustedRootCertificate <PSApplicationGatewayTrustedRootCertificate[]>] [-PickHostNameFromBackendAddress]
  [-HostName <String>] [-AffinityCookieName <String>] [-Path <String>]
+ [-DedicatedBackendConnection <Boolean>] [-ValidateCertChainAndExpiry <Boolean>] 
+ [-ValidateSNI <Boolean>]
+ [-SniName <String>] 
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
@@ -297,6 +300,66 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DedicatedBackendConnection
+Enable or disable dedicated connection per backend server. Default is set to false.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ValidateCertChainAndExpiry
+Verify or skip both chain and expiry validations of the certificate on the backend server. Default is set to true.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ValidateSNI
+When enabled, verifies if the Common Name of the certificate provided by the backend server matches the Server Name Indication (SNI) value. Default value is true.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -SniName
+Specify an SNI value to match the common name of the certificate on the backend. By default, the application gateway uses the incoming request's host header as the SNI. Default value is null.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).