I am trying to deploy the Azure Firewall Premium with Policies enabled and need to add a load of network rule collections.
I have the rule collections in the parameters file and need to cycle through each and add to the policy.
"FirewallSettings": {
"value": {
"firewallPrefix": "efw",
"numberOfPublicIPAddresses": 2,
"threatIntelMode": "Deny",
"networkRuleCollections": [
{
"name": "allowPing",
"priority": 200,
"type": "Allow",
"rules": [
{
"name": "Ping",
"protocols": [
"ICMP"
],
"sourceAddresses": [
"*"
],
"destinationAddresses": [
"*"
],
"sourceIpGroups": [],
"destinationIpGroups": [],
"destinationFqdns": [],
"destinationPorts": [
"*"
]
}
]
},
{
"name": "allowEventHub",
"priority": 301,
"type": "Allow",
"rules": [
{
"name": "eventHubOut",
"protocols": [
"TCP"
],
"sourceAddresses": [
"10.4.1.4"
],
"destinationAddresses": [
"*"
],
"sourceIpGroups": [],
"destinationIpGroups": [],
"destinationFqdns": [],
"destinationPorts": [
"*"
]
}
]
},
...
and within my template i am trying:
resource networkRules 'Microsoft.Network/firewallPolicies/ruleCollectionGroups#2021-08-01' = {
name: 'firewallNetworkPolicies'
parent: azureFirewallPolicy
properties: {
priority: 100
ruleCollections: [for i in range(0, length(firewallSettings.networkRuleCollections)): {
name: '${firewallSettings.networkRuleCollections[i].name}'
priority: '${firewallSettings.networkRuleCollections[i].priority}'
ruleCollectionType: 'NetworkRule'
destinationAddresses: [
'${firewallSettings.networkRuleCollections[i].rules.destinationAddresses}'
]
destinationFqdns: [
'${firewallSettings.networkRuleCollections[i].rules.destinationFqdns}'
]
destinationIpGroups: [
'${firewallSettings.networkRuleCollections[i].rules.destinationIpGroups}'
]
destinationPorts: [
'${firewallSettings.networkRuleCollections[i].rules.destinationPorts}'
]
ipProtocols: [
'${firewallSettings.networkRuleCollections[i].rules.protocols}'
]
sourceAddresses: [
'${firewallSettings.networkRuleCollections[i].rules.sourceAddresses}'
]
sourceIpGroups: [
'${firewallSettings.networkRuleCollections[i].rules.sourceIpGroups}'
]
}]
}
}
But it throws an error
The language expression property 'destinationAddresses' has an invalid array index which I think is because it's expected an array of destinationAddresses but i don't cant work out the syntax to specify the array?
Any ideas?
Few things here:
The rules property inside networkRuleCollections is defined as an array. So you would need to query it like that: ${firewallSettings.networkRuleCollections[i].rules[0] (assuming there is only one rule).
The rule properties defined in the parameters file are already arrays (i.e.: protocols, sourceAddresses ...) so you could just assign the property directly:
destinationAddresses: firewallSettings.networkRuleCollections[i].rules[0].destinationAddresses.
Full sample based on your parameters files:
resource networkRules 'Microsoft.Network/firewallPolicies/ruleCollectionGroups#2021-08-01' = {
name: 'firewallNetworkPolicies'
parent: azureFirewallPolicy
properties: {
priority: 100
ruleCollections: [for i in range(0, length(firewallSettings.networkRuleCollections)): {
name: '${firewallSettings.networkRuleCollections[i].name}'
priority: '${firewallSettings.networkRuleCollections[i].priority}'
ruleCollectionType: 'NetworkRule'
destinationAddresses: firewallSettings.networkRuleCollections[i].rules[0].destinationAddresses
destinationFqdns: firewallSettings.networkRuleCollections[i].rules[0].destinationFqdns
destinationIpGroups: firewallSettings.networkRuleCollections[i].rules[0].destinationIpGroups
destinationPorts: firewallSettings.networkRuleCollections[i].rules[0].destinationPorts
ipProtocols: firewallSettings.networkRuleCollections[i].rules[0].protocols
sourceAddresses: firewallSettings.networkRuleCollections[i].rules[0].sourceAddresses
sourceIpGroups: firewallSettings.networkRuleCollections[i].rules[0].sourceIpGroups
}]
}
}
Related
I'm trying to iterate over these values to retrieve the tags to see if any of the tag values matches AWSNetworkFirewallManaged.
I'm having problems figuring out a solution to achieve this.
response = {
"VpcEndpoints": [
{
"VpcEndpointId": "vpce-123",
"VpcEndpointType": "GatewayLoadBalancer",
"VpcId": "vpc-test",
"ServiceName": "com.amazonaws.com",
"State": "available",
"SubnetIds": [
"subnet-random"
],
"IpAddressType": "ipv4",
"RequesterManaged": True,
"NetworkInterfaceIds": [
"eni-123"
],
"CreationTimestamp": "2022-10-28T01:23:23.924Z",
"Tags": [
{
"Key": "AWSNetworkFirewallManaged",
"Value": "true"
},
{
"Key": "Firewall",
"Value": "arn:aws:network-firewall:us-west-2"
}
],
"OwnerId": "123"
},
{
"VpcEndpointId": "vpce-123",
"VpcEndpointType": "GatewayLoadBalancer",
"VpcId": "vpc-<value>",
"ServiceName": "com.amazonaws.vpce.us-west-2",
"State": "available",
"SubnetIds": [
"subnet-<number>"
],
"IpAddressType": "ipv4",
"RequesterManaged": True,
"NetworkInterfaceIds": [
"eni-<value>"
],
"CreationTimestamp": "2022-10-28T01:23:42.113Z",
"Tags": [
{
"Key": "AWSNetworkFirewallManaged",
"Value": "True"
},
{
"Key": "Firewall",
"Value": "arn:aws:network-firewall:%l"
}
],
"OwnerId": "random"
}
]
}
So far I have
for endpoint in DESCRIBE_VPC_ENDPOINTS['VpcEndpoints']:
print(endpoint['VpcEndpointId']['Tags']
However this needs to be indice, but if it is I do not know if it will still iterate over the rest of the VPC endpoint ids.
Any suggestions or guidance on this?
You can use double for loop:
for endpoint in response['VpcEndpoints']:
for tags in endpoint['Tags']:
if 'AWSNetworkFirewallManaged' in tags.values():
print(endpoint['VpcEndpointId'], tags)
I'm starting to test ArangoSearch to use in an upcoming feature. I have a nested JSON field that I want to do a token search on a nested field.
{ip:{dpdm:{description:<text>}}}
The view is:
{
"writebufferIdle": 64,
"type": "arangosearch",
"writebufferSizeMax": 33554432,
"consolidationPolicy": {
"type": "tier",
"segmentsBytesFloor": 2097152,
"segmentsBytesMax": 5368709120,
"segmentsMax": 10,
"segmentsMin": 1,
"minScore": 0
},
"primarySort": [],
"globallyUniqueId": "h7437427BB0F0/26371461",
"id": "26371461",
"storedValues": [],
"writebufferActive": 0,
"consolidationIntervalMsec": 1000,
"cleanupIntervalStep": 2,
"commitIntervalMsec": 1000,
"links": {
"pmconfig": {
"analyzers": [
"identity"
],
"fields": {
"ip.dpdm.version_notes": {
"analyzers": [
"text_en"
]
},
"ip.digital.feature_list": {
"analyzers": [
"text_en"
]
},
"ip.common.Available-Views": {
"analyzers": [
"text_en"
]
},
"ip.pipeline.comment": {
"analyzers": [
"text_en"
]
},
"ip.dpdm.eccn": {
"analyzers": [
"text_en"
]
},
"ip.dpdm.description": {
"analyzers": [
"text_en"
]
},
"ip.dpdm.maturity_comments": {
"analyzers": [
"text_en"
]
}
},
"includeAllFields": true,
"storeValues": "none",
"trackListPositions": false
}
},
"primarySortCompression": "lz4"
}
The following query return 58 objects:
for d in pmconfig filter d.ip.dpdm.description like('% synchronous %') return d
But the following doesn't return any items:
for d in v_myView search analyzer(d.ip.dpdm.description in tokens('synchronous', 'text_en'), 'text_en') return d
I'm sure I did something wrong but it looks right to me. A pointer to get me going would be appreciated.
I knew I was missing something. Looks like I shouldn't use nested field paths when specifying the view. All I needed to do was to set the top level field "ip" to the "text_en" analyzer in the view. All is good now.
When we are trying to create Conditional Access policy in AzureAD with "Block Download"/"Use Custom Policy" in session under "Use Conditional Access App Control", we are getting the "Uncaught TypeError: f is not a function" error in browser console. Attached is the screenshot of the same.
screenshot of error
Unfortunately, I can't reproduce the "Validating policy" error in my Azure Portal. I guess it is a problem of Azure itself, you could contact with MS supporter.
There is a workaround with Microsoft Graph API.
1.Sign in with your Global Administrator account on Graph Explorer.
2.Create conditionalAccessPolicy and there are the properties of conditionalAccessPolicy.
Note: consent some permissions under Modify Permissions.
POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies
Content-type: application/json
{
"displayName": "Demo app for documentation",
"state": "disabled",
"conditions": {
"signInRiskLevels": [
"high",
"medium"
],
"clientAppTypes": [
"mobileAppsAndDesktopClients",
"exchangeActiveSync",
"other"
],
"applications": {
"includeApplications": [
"All"
],
"excludeApplications": [
"00000007-0000-0000-c000-000000000000"
],
"includeUserActions": []
},
"users": {
"includeUsers": [
"00000000-0000-0000-0000-000000000000"
],
"excludeUsers": [
"00000000-0000-0000-0000-000000000000",
"GuestsOrExternalUsers"
],
"includeGroups": [],
"excludeGroups": [],
"includeRoles": [
"00000000-0000-0000-0000-000000000000"
],
"excludeRoles": [
"00000000-0000-0000-0000-000000000000"
]
},
"platforms": {
"includePlatforms": [
"all"
],
"excludePlatforms": [
"iOS",
"windowsPhone"
]
},
"locations": {
"includeLocations": [
"AllTrusted"
],
"excludeLocations": [
"00000000-0000-0000-0000-000000000000"
]
}
},
"grantControls": null,
"sessionControls": {
"applicationEnforcedRestrictions": null,
"persistentBrowser": null,
"cloudAppSecurity": {
"cloudAppSecurityType": "blockDownloads",
"isEnabled": true
},
"signInFrequency": {
"value": 4,
"type": "hours",
"isEnabled": true
}
}
}
There is a similar issue here.
I'm trying to apply Conditional Access Policies using the API, but bumping into some problems.
The policy below works without issues.
{
"displayName": "TEST - Block Policy: Block All Application access from a non-trusted location",
"state": "disabled",
"conditions": {
"users": {
"includeUsers": [
"All"
]
},
"applications": {
"includeApplications": [
"All"
]
},
"locations": {
"includeLocations": [
"All"
],
"excludeLocations": [
"AllTrusted"
]
},
},
"grantControls": {
"operator": "OR",
"builtInControls": [
"block"
]
}
}
But if i add a specific application in "inculdeApplications" i get access denied.
{
"displayName": "TEST - Block Policy: Block Azure Management access from a non-trusted location",
"state": "disabled",
"conditions": {
"users": {
"includeUsers": [
"All"
]
},
"applications": {
"includeApplications": [
"797f4846-ba00-4fd7-ba43-dac1f8f63013"
]
},
"locations": {
"includeLocations": [
"All"
],
"excludeLocations": [
"AllTrusted"
]
},
},
"grantControls": {
"operator": "OR",
"builtInControls": [
"block"
]
}
}
: System.Net.WebException: The remote server returned an error: (403) Forbidden.
I can manually add the application in the GUI but I want to do this programmatically.
The SPN has the following API permissions in Graph:
Directory.ReadAll
Policy.ReadAll
Policy.ReadWrite.ConditionalAccess
User.Read
Are there any limitations in the API or is there something that I'm missing?
Think I found an answer.. Looks like the API for the time being only supports Delegated permissions for Conditional Access so using an SPN will not work..
Ref: https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/api/conditionalaccessroot-post-policies.md
Cloudant is returning error message:
{"error":"invalid_key","reason":"Invalid key use-index for this request."}
whenever I try to query against an index with the combination operator, "$or".
A sample of what my documents look like is:
{
"_id": "28f240f1bcc2fbd9e1e5174af6905349",
"_rev": "1-fb9a9150acbecd105f1616aff88c26a8",
"type": "Feature",
"properties": {
"PageName": "A8",
"PageNumber": 1,
"Lat": 43.051523,
"Long": -71.498852
},
"geometry": {
"type": "Polygon",
"coordinates": [
[
[
-71.49978935969642,
43.0508382914137
],
[
-71.49978564033566,
43.052210148524
],
[
-71.49791499857444,
43.05220740550381
],
[
-71.49791875962663,
43.05083554852429
],
[
-71.49978935969642,
43.0508382914137
]
]
]
}
}
The index that I created is for field "properties.PageName", which works fine when I'm just querying for one document, but as soon as I try for multiple ones, I would receive the error response as quoted in the beginning.
If it helps any, here is the call:
POST https://xyz.cloudant.com/db/_find
request body:
{
"selector": {
"$or": [
{ "properties.PageName": "A8" },
{ "properties.PageName": "M30" },
{ "properties.PageName": "AH30" }
]
},
"use-index": "pagename-index"
}
In order to perform an $or query you need to create a text (full text) index, rather than a json index. For example, I just created the following index:
{
"index": {
"fields": [
{"name": "properties.PageName", "type": "string"}
]
},
"type": "text"
}
I was then be able to perform the following query:
{
"selector": {
"$or": [
{ "properties.PageName": "A8" },
{ "properties.PageName": "M30" },
{ "properties.PageName": "AH30" }
]
}
}