Security Policies - Patch

Service:

Front Door Service

API Version:

2023-05-01

Updates an existing security policy within a profile.

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}/securityPolicies/{securityPolicyName}?api-version=2023-05-01

URI Parameters

Name	In	Required	Type	Description
profileName	path	True	string	Name of the Azure Front Door Standard or Azure Front Door Premium profile which is unique within the resource group.
resourceGroupName	path	True	string	Name of the Resource group within the Azure subscription. Regex pattern: ^[-\w\._\(\)]+$
securityPolicyName	path	True	string	Name of the security policy under the profile.
subscriptionId	path	True	string	Azure Subscription ID.
api-version	query	True	string	Version of the API to be used with the client request. Current version is 2023-05-01.

Request Body

Name	Type	Description
properties.parameters	SecurityPolicyPropertiesParameters: SecurityPolicyWebApplicationFirewallParameters	object which contains security policy parameters

Responses

Name	Type	Description
200 OK	SecurityPolicy	OK
202 Accepted	SecurityPolicy	Accepted. The request has been accepted for processing and the operation will complete asynchronously. Headers location: string
Other Status Codes	AfdErrorResponse	Azure Front Door error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

SecurityPolicies_Patch

Sample Request

HTTP

PATCH https://management.azure.com/subscriptions/subid/resourceGroups/RG/providers/Microsoft.Cdn/profiles/profile1/securityPolicies/securityPolicy1?api-version=2023-05-01

{
  "properties": {
    "parameters": {
      "type": "WebApplicationFirewall",
      "wafPolicy": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest"
      },
      "associations": [
        {
          "domains": [
            {
              "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1"
            },
            {
              "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2"
            }
          ],
          "patternsToMatch": [
            "/*"
          ]
        }
      ]
    }
  }
}

Java

import com.azure.resourcemanager.cdn.models.ActivatedResourceReference;
import com.azure.resourcemanager.cdn.models.ResourceReference;
import com.azure.resourcemanager.cdn.models.SecurityPolicyUpdateParameters;
import com.azure.resourcemanager.cdn.models.SecurityPolicyWebApplicationFirewallAssociation;
import com.azure.resourcemanager.cdn.models.SecurityPolicyWebApplicationFirewallParameters;
import java.util.Arrays;

/** Samples for SecurityPolicies Patch. */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/SecurityPolicies_Patch.json
     */
    /**
     * Sample code: SecurityPolicies_Patch.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void securityPoliciesPatch(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.cdnProfiles().manager().serviceClient().getSecurityPolicies().patch("RG", "profile1", "securityPolicy1",
            new SecurityPolicyUpdateParameters().withParameters(new SecurityPolicyWebApplicationFirewallParameters()
                .withWafPolicy(new ResourceReference().withId(
                    "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest"))
                .withAssociations(Arrays.asList(new SecurityPolicyWebApplicationFirewallAssociation()
                    .withDomains(Arrays.asList(new ActivatedResourceReference().withId(
                        "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1"),
                        new ActivatedResourceReference().withId(
                            "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2")))
                    .withPatternsToMatch(Arrays.asList("/*"))))),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.cdn import CdnManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-cdn
# USAGE
    python security_policies_patch.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = CdnManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.security_policies.begin_patch(
        resource_group_name="RG",
        profile_name="profile1",
        security_policy_name="securityPolicy1",
        security_policy_update_properties={
            "properties": {
                "parameters": {
                    "associations": [
                        {
                            "domains": [
                                {
                                    "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1"
                                },
                                {
                                    "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2"
                                },
                            ],
                            "patternsToMatch": ["/*"],
                        }
                    ],
                    "type": "WebApplicationFirewall",
                    "wafPolicy": {
                        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest"
                    },
                }
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/SecurityPolicies_Patch.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcdn_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cdn/armcdn/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7b551033155a63739b6d28f79b9c07569f6179b8/specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/SecurityPolicies_Patch.json
func ExampleSecurityPoliciesClient_BeginPatch() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcdn.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewSecurityPoliciesClient().BeginPatch(ctx, "RG", "profile1", "securityPolicy1", armcdn.SecurityPolicyUpdateParameters{
		Properties: &armcdn.SecurityPolicyUpdateProperties{
			Parameters: &armcdn.SecurityPolicyWebApplicationFirewallParameters{
				Type: to.Ptr(armcdn.SecurityPolicyTypeWebApplicationFirewall),
				Associations: []*armcdn.SecurityPolicyWebApplicationFirewallAssociation{
					{
						Domains: []*armcdn.ActivatedResourceReference{
							{
								ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1"),
							},
							{
								ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2"),
							}},
						PatternsToMatch: []*string{
							to.Ptr("/*")},
					}},
				WafPolicy: &armcdn.ResourceReference{
					ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest"),
				},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SecurityPolicy = armcdn.SecurityPolicy{
	// 	Name: to.Ptr("securityPolicy1"),
	// 	Type: to.Ptr("Microsoft.Cdn/profiles/securitypolicies"),
	// 	ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/securitypolicies/securityPolicy1"),
	// 	Properties: &armcdn.SecurityPolicyProperties{
	// 		DeploymentStatus: to.Ptr(armcdn.DeploymentStatusNotStarted),
	// 		ProvisioningState: to.Ptr(armcdn.AfdProvisioningStateSucceeded),
	// 		Parameters: &armcdn.SecurityPolicyWebApplicationFirewallParameters{
	// 			Type: to.Ptr(armcdn.SecurityPolicyTypeWebApplicationFirewall),
	// 			Associations: []*armcdn.SecurityPolicyWebApplicationFirewallAssociation{
	// 				{
	// 					Domains: []*armcdn.ActivatedResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2"),
	// 					}},
	// 					PatternsToMatch: []*string{
	// 						to.Ptr("/*")},
	// 				}},
	// 				WafPolicy: &armcdn.ResourceReference{
	// 					ID: to.Ptr("/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest"),
	// 				},
	// 			},
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { CdnManagementClient } = require("@azure/arm-cdn");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Updates an existing security policy within a profile.
 *
 * @summary Updates an existing security policy within a profile.
 * x-ms-original-file: specification/cdn/resource-manager/Microsoft.Cdn/stable/2023-05-01/examples/SecurityPolicies_Patch.json
 */
async function securityPoliciesPatch() {
  const subscriptionId = process.env["CDN_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["CDN_RESOURCE_GROUP"] || "RG";
  const profileName = "profile1";
  const securityPolicyName = "securityPolicy1";
  const securityPolicyUpdateProperties = {
    parameters: {
      type: "WebApplicationFirewall",
      associations: [
        {
          domains: [
            {
              id: "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1",
            },
            {
              id: "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2",
            },
          ],
          patternsToMatch: ["/*"],
        },
      ],
      wafPolicy: {
        id: "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest",
      },
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new CdnManagementClient(credential, subscriptionId);
  const result = await client.securityPolicies.beginPatchAndWait(
    resourceGroupName,
    profileName,
    securityPolicyName,
    securityPolicyUpdateProperties
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "name": "securityPolicy1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/securitypolicies/securityPolicy1",
  "type": "Microsoft.Cdn/profiles/securitypolicies",
  "properties": {
    "parameters": {
      "type": "WebApplicationFirewall",
      "wafPolicy": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest"
      },
      "associations": [
        {
          "domains": [
            {
              "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1"
            },
            {
              "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2"
            }
          ],
          "patternsToMatch": [
            "/*"
          ]
        }
      ]
    },
    "deploymentStatus": "NotStarted",
    "provisioningState": "Succeeded"
  }
}

Status code:

202

azure-asyncoperation: https://management.azure.com/subscriptions/subid/resourcegroups/resourceGroupName/providers/Microsoft.Cdn/operationresults/operationId?api-version=2023-05-01

Response Body

{
  "name": "securityPolicy1",
  "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/securitypolicies/securityPolicy1",
  "type": "Microsoft.Cdn/profiles/securitypolicies",
  "properties": {
    "parameters": {
      "type": "WebApplicationFirewall",
      "wafPolicy": {
        "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/wafTest"
      },
      "associations": [
        {
          "domains": [
            {
              "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain1"
            },
            {
              "id": "/subscriptions/subid/resourcegroups/RG/providers/Microsoft.Cdn/profiles/profile1/customdomains/testdomain2"
            }
          ],
          "patternsToMatch": [
            "/*"
          ]
        }
      ]
    },
    "deploymentStatus": "NotStarted",
    "provisioningState": "Updating"
  }
}

Definitions

Name	Description
ActivatedResourceReference	Reference to another resource along with its state.
AfdErrorResponse	Error response
AfdProvisioningState	Provisioning status
DeploymentStatus
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
IdentityType	The type of identity that creates/modifies resources
ResourceReference	Reference to another resource.
SecurityPolicy	SecurityPolicy association for AzureFrontDoor profile
SecurityPolicyUpdateParameters	The JSON object containing security policy update parameters.
SecurityPolicyWebApplicationFirewallAssociation	settings for security policy patterns to match
SecurityPolicyWebApplicationFirewallParameters	The json object containing security policy waf parameters
SystemData	Read only system data

ActivatedResourceReference

Reference to another resource along with its state.

Name	Type	Description
id	string	Resource ID.
isActive	boolean	Whether the resource is active or inactive

AfdErrorResponse

Error response

Name	Type	Description
error	ErrorDetail	The error object.

AfdProvisioningState

Provisioning status

Name	Type	Description
Creating	string
Deleting	string
Failed	string
Succeeded	string
Updating	string

DeploymentStatus

Name	Type	Description
Failed	string
InProgress	string
NotStarted	string
Succeeded	string

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

IdentityType

The type of identity that creates/modifies resources

Name	Type	Description
application	string
key	string
managedIdentity	string
user	string

ResourceReference

Reference to another resource.

Name	Type	Description
id	string	Resource ID.

SecurityPolicy

SecurityPolicy association for AzureFrontDoor profile

Name	Type	Description
id	string	Resource ID.
name	string	Resource name.
properties.deploymentStatus	DeploymentStatus
properties.parameters	SecurityPolicyPropertiesParameters: SecurityPolicyWebApplicationFirewallParameters	object which contains security policy parameters
properties.profileName	string	The name of the profile which holds the security policy.
properties.provisioningState	AfdProvisioningState	Provisioning status
systemData	SystemData	Read only system data
type	string	Resource type.

SecurityPolicyUpdateParameters

The JSON object containing security policy update parameters.

Name	Type	Description
properties.parameters	SecurityPolicyPropertiesParameters: SecurityPolicyWebApplicationFirewallParameters	object which contains security policy parameters

SecurityPolicyWebApplicationFirewallAssociation

settings for security policy patterns to match

Name	Type	Description
domains	ActivatedResourceReference[]	List of domains.
patternsToMatch	string[]	List of paths

SecurityPolicyWebApplicationFirewallParameters

The json object containing security policy waf parameters

Name	Type	Description
associations	SecurityPolicyWebApplicationFirewallAssociation[]	Waf associations
type	string: WebApplicationFirewall	The type of the Security policy to create.
wafPolicy	ResourceReference	Resource ID.

SystemData

Read only system data

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC)
createdBy	string	An identifier for the identity that created the resource
createdByType	IdentityType	The type of identity that created the resource
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	An identifier for the identity that last modified the resource
lastModifiedByType	IdentityType	The type of identity that last modified the resource