From a4cdc7de9e7ae049fc4c0e63a857c7b88f996397 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mads=20Damg=C3=A5rd?= <madsd@microsoft.com>
Date: Wed, 19 May 2021 07:02:03 +0200
Subject: [PATCH] [App Service] Access restriction deterministic remove
 (#15037)

* Fix #14869

* Update ChangeLog.md

polish change log

Co-authored-by: Jin Lei <54836179+msJinLei@users.noreply.github.com>
---
 src/Websites/Websites/ChangeLog.md                   |  1 +
 .../RemoveAzureWebAppAccessRestrictionRule.cs        | 12 +++++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/Websites/Websites/ChangeLog.md b/src/Websites/Websites/ChangeLog.md
index 70cd5e2707a0..dff2d5a768b0 100644
--- a/src/Websites/Websites/ChangeLog.md
+++ b/src/Websites/Websites/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed issue that prevented removing rules by name and unique identifier in `Remove-AzWebAppAccessRestrictionRule`
 * updated `Set-AzAppServicePlan` to keep existing Tags when adding new Tags
 * Fixed `Set-AzWebApp` to set the AppSettings
 * updated `Set-AzWebAppSlot` to set FtpsState
diff --git a/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs b/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs
index 8f0db5fa92bb..cfa294010108 100644
--- a/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs
+++ b/src/Websites/Websites/Cmdlets/AccessRestriction/RemoveAzureWebAppAccessRestrictionRule.cs
@@ -13,6 +13,7 @@
 // ----------------------------------------------------------------------------------
 
 
+using System;
 using Microsoft.Azure.Commands.WebApps.Models;
 using System.Management.Automation;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
@@ -100,6 +101,11 @@ public override void ExecuteCmdlet()
                     var accessRestrictionList = TargetScmSite ? siteConfig.ScmIpSecurityRestrictions : siteConfig.IpSecurityRestrictions;
                     IpSecurityRestriction ipSecurityRestriction = null;
                     bool accessRestrictionExists = false;
+                    int ruleTypes = Convert.ToInt32(!string.IsNullOrWhiteSpace(IpAddress)) + Convert.ToInt32(!string.IsNullOrWhiteSpace(ServiceTag)) +
+                        Convert.ToInt32(!string.IsNullOrWhiteSpace(SubnetId) || (!string.IsNullOrWhiteSpace(SubnetName) && !string.IsNullOrWhiteSpace(VirtualNetworkName)));
+
+                    if (ruleTypes > 1)
+                        throw new Exception("Please specify only one of: IpAddress or ServiceTag or Subnet");
 
                     foreach (var accessRestriction in accessRestrictionList)
                     {
@@ -117,7 +123,7 @@ public override void ExecuteCmdlet()
                             if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == IpAddress.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
                             {
                                 if (!string.IsNullOrWhiteSpace(Name))
-                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() != Name.ToLowerInvariant())
                                         continue;
 
                                 ipSecurityRestriction = accessRestriction;
@@ -130,7 +136,7 @@ public override void ExecuteCmdlet()
                             if (!string.IsNullOrWhiteSpace(accessRestriction.IpAddress) && accessRestriction.IpAddress.ToLowerInvariant() == ServiceTag.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
                             {
                                 if (!string.IsNullOrWhiteSpace(Name))
-                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() != Name.ToLowerInvariant())
                                         continue;
 
                                 ipSecurityRestriction = accessRestriction;
@@ -145,7 +151,7 @@ public override void ExecuteCmdlet()
                             if (!string.IsNullOrWhiteSpace(accessRestriction.VnetSubnetResourceId) && accessRestriction.VnetSubnetResourceId.ToLowerInvariant() == subnetResourceId.ToLowerInvariant() && accessRestriction.Action.ToLowerInvariant() == Action.ToLowerInvariant())
                             {
                                 if (!string.IsNullOrWhiteSpace(Name))
-                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() == Name.ToLowerInvariant())
+                                    if (!string.IsNullOrWhiteSpace(accessRestriction.Name) && accessRestriction.Name.ToLowerInvariant() != Name.ToLowerInvariant())
                                         continue;
 
                                 ipSecurityRestriction = accessRestriction;