[App Service] Access restriction deterministic remove (#15037)

* Fix #14869 * Update ChangeLog.md polish change log Co-authored-by: Jin Lei <[email protected]>
Azure · May 19, 2021 · a4cdc7d · a4cdc7d
1 parent 8e11533
commit a4cdc7d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/src/Websites/Websites/ChangeLog.md b/src/Websites/Websites/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed issue that prevented removing rules by name and unique identifier in `Remove-AzWebAppAccessRestrictionRule`
 * updated `Set-AzAppServicePlan` to keep existing Tags when adding new Tags
 * Fixed `Set-AzWebApp` to set the AppSettings
 * updated `Set-AzWebAppSlot` to set FtpsState

diff --git a/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs b/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs
@@ -13,6 +13,7 @@
 // ----------------------------------------------------------------------------------
 
 
+using System;
 using Microsoft.Azure.Commands.WebApps.Models;
 using System.Management.Automation;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
@@ -100,6 +101,11 @@ public override void ExecuteCmdlet()
                     var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
                     IpSecurityRestriction ipSecurityRestriction = null;
                     bool accessRestrictionExists = false;
+                    int ruleTypes = Convert.ToInt32(!string.IsNullOrWhiteSpace(IpAddress)) + Convert.ToInt32(!string.IsNullOrWhiteSpace(ServiceTag)) +
+                        Convert.ToInt32(!string.IsNullOrWhiteSpace(SubnetId) || (!string.IsNullOrWhiteSpace(SubnetName) && !string.IsNullOrWhiteSpace(VirtualNetworkName)));
+
+                    if (ruleTypes > 1)
+                        throw new Exception("Please specify only one of: IpAddress or ServiceTag or Subnet");
 
                     foreach (var accessRestriction in accessRestrictionList)
                     {
@@ -117,7 +123,7 @@ public override void ExecuteCmdlet()
                             if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == IpAddress.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
                             {
                                 if (!string.IsNullOrWhiteSpace(Name))
-                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() != Name.ToLowerInvariant())
                                         continue;
 
                                 ipSecurityRestriction = accessRestriction;
@@ -130,7 +136,7 @@ public override void ExecuteCmdlet()
                             if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == ServiceTag.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
                             {
                                 if (!string.IsNullOrWhiteSpace(Name))
-                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() != Name.ToLowerInvariant())
                                         continue;
 
                                 ipSecurityRestriction = accessRestriction;
@@ -145,7 +151,7 @@ public override void ExecuteCmdlet()
                             if (!string.IsNullOrWhiteSpace(accessRestriction.VnetSubnetResourceId) && accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
                             {
                                 if (!string.IsNullOrWhiteSpace(Name))
-                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() != Name.ToLowerInvariant())
                                         continue;
 
                                 ipSecurityRestriction = accessRestriction;