From 832d0b0425be48d63a7826b84b22dd1d053c3cf1 Mon Sep 17 00:00:00 2001
From: Kaushik Nath <kanath@microsoft.com>
Date: Wed, 25 May 2022 12:15:25 +0530
Subject: [PATCH] powershell changes for new ssl policies in appgw

---
 .../SslPolicy/AzureApplicationGatewaySslPolicyBase.cs      | 7 +++----
 src/Network/Network/ChangeLog.md                           | 4 ++++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/Network/Network/ApplicationGateway/SslPolicy/AzureApplicationGatewaySslPolicyBase.cs b/src/Network/Network/ApplicationGateway/SslPolicy/AzureApplicationGatewaySslPolicyBase.cs
index b56f2f0346b1..b64e75f675f1 100644
--- a/src/Network/Network/ApplicationGateway/SslPolicy/AzureApplicationGatewaySslPolicyBase.cs
+++ b/src/Network/Network/ApplicationGateway/SslPolicy/AzureApplicationGatewaySslPolicyBase.cs
@@ -23,13 +23,13 @@ public class AzureApplicationGatewaySslPolicyBase : NetworkBaseCmdlet
     {
         [Parameter(
                HelpMessage = "List of SSL protocols to be disabled")]
-        [ValidateSet("TLSv1_0", "TLSv1_1", "TLSv1_2", IgnoreCase = true)]
+        [ValidateSet("TLSv1_0", "TLSv1_1", "TLSv1_2", "TLSv1_3", IgnoreCase = true)]
         [ValidateNotNullOrEmpty]
         public string[] DisabledSslProtocols { get; set; }
 
         [Parameter(
                HelpMessage = "Type of Ssl Policy")]
-        [ValidateSet("Predefined", "Custom", IgnoreCase = true)]
+        [ValidateSet("Predefined", "Custom", "CustomV2", IgnoreCase = true)]
         public string PolicyType { get; set; }
 
         [Parameter(
@@ -38,12 +38,11 @@ public class AzureApplicationGatewaySslPolicyBase : NetworkBaseCmdlet
 
         [Parameter(
                HelpMessage = "Ssl cipher suites to be enabled in the specified order to application gateway")]
-        [ValidateNotNullOrEmpty]
         public string[] CipherSuite { get; set; }
 
         [Parameter(
                HelpMessage = "Minimum version of Ssl protocol to be supported on application gateway")]
-        [ValidateSet("TLSv1_0", "TLSv1_1", "TLSv1_2", IgnoreCase = true)]
+        [ValidateSet("TLSv1_0", "TLSv1_1", "TLSv1_2", "TLSv1_3", IgnoreCase = true)]
         public string MinProtocolVersion { get; set; }
 
         public override void ExecuteCmdlet()
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
index 0fa0c33172cd..47cdd6333c83 100644
--- a/src/Network/Network/ChangeLog.md
+++ b/src/Network/Network/ChangeLog.md
@@ -19,6 +19,10 @@
 --->
 
 ## Upcoming Release
+* Added support for CustomV2 ssl policies for Application Gateway.
+    - Added `CustomV2` to the validation set of `PolicyType`
+    - Added `TLSv1_3` to the validation set of `MinProtocolVersion`
+    - Removed validation for null or empty cipher suites list since there can be empty cipher suites list for min protocol version of tls1.3
 
 ## Version 4.17.0
 * Supported `Microsoft.Network/privateLinkServices` in `Get-AzPrivateEndpointConnection` [#16984].