Merge pull request #1390 from EdmondShtogu/patch-2

Sumit Ghosh · web-flow · commit c8e80739c039 · 2020-08-20T13:50:24.000+05:30
Fixed firewall rules check and improved the script
diff --git a/deploy/windows/add-firewall-rules-for-sts-auth-thru-docker.ps1 b/deploy/windows/add-firewall-rules-for-sts-auth-thru-docker.ps1
@@ -1,26 +1,53 @@
-﻿param([switch]$Elevated)
+param(
+  [string]$Name = "eShopOnContainers",
+  [string]$InboundDisplayName = "eShopOnContainers-Inbound",
+  [string]$OutboundDisplayName = "eShopOnContainers-Outbound",
+  [switch]$Elevated
+  )
+
 function Check-Admin {
-$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
-$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
+  $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
+  $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
 }
-if ((Check-Admin) -eq $false)  {
-if ($elevated)
-{
-# could not elevate, quit
+function Add-InboundRule {
+  New-NetFirewallRule -DisplayName $InboundDisplayName -Confirm -Description "$Name Inbound Rule for port range 5100-5150" -LocalAddress Any -LocalPort 5100-5150 -Protocol tcp -RemoteAddress Any -RemotePort Any -Direction Inbound
 }
- 
-else {
- 
-Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
+function Add-OutboundRule {
+  New-NetFirewallRule -DisplayName $OutboundDisplayName -Confirm -Description "$Name Outbound Rule for port range 5100-5150" -LocalAddress Any -LocalPort 5100-5150 -Protocol tcp -RemoteAddress Any -RemotePort Any -Direction Outbound
 }
-exit
+
+if ((Check-Admin) -eq $false) {
+  if ($elevated)
+  {
+  # could not elevate, quit
+  } 
+  else {  
+    Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
+  }
+  exit
 }
 
+
 try {
-  Get-NetFirewallRule -DisplayName EshopDocker -ErrorAction Stop
-  Write-Host "Rule found"
+  $rules = $(Get-NetFirewallRule -DisplayName $Name-* -ErrorAction Stop | Out-String)
+  if (!$rules.Contains($InboundDisplayName) -and !$rules.Contains($OutboundDisplayName))
+  {
+    Add-InboundRule
+    Add-OutboundRule
+  } 
+  elseif (!$rules.Contains($InboundDisplayName))
+  {
+    Add-InboundRule
+  }  
+  elseif (!$rules.Contains($OutboundDisplayName))
+  {
+    Add-OutboundRule
+  }
+  else{
+    Write-Host "Rules found!"
+  }
+}
+catch [Exception] {
+  Add-InboundRule
+  Add-OutboundRule
 }
-  catch [Exception] {
-  New-NetFirewallRule -DisplayName eShopOnContainers-Inbound -Confirm -Description "eShopOnContainers Inbound Rule for port range 5100-5150" -LocalAddress Any -LocalPort 5100-5150 -Protocol tcp -RemoteAddress Any -RemotePort Any -Direction Inbound
-  New-NetFirewallRule -DisplayName eShopOnContainers-Outbound -Confirm -Description "eShopOnContainers Outbound Rule for port range 5100-5150" -LocalAddress Any -LocalPort 5100-5150 -Protocol tcp -RemoteAddress Any -RemotePort Any -Direction Outbound
-}
