Cluster computing

Friday, August 4, 2023

The previous article covered a few errors and resolutions encountered when deploying the Azure Application Gateway. This includes a few more.

First, the redirected path in the redirect configuration is routinely suffixed with a “/” character but this is incorrect when the settings in the same configuration have directives to include the path and the query parameters of the incoming request. With the occurrence of more than one path separators, the url runs the risk of not resolving correctly. Although, this seems trivial, the IaC looks normal with the trailing path separator in the redirect url and often escapes attention until the deployment occurs in the production environment.

Second, the listener must be setup as basic and not multi-site if the backend pool members are not multi-tenant. No matter how many pool members are added this holds true and this is reflected in the hostnames attribute of the listener in the IaC as well. There does not need to be any mention of hostnames because that attribute often marks the listener to be multi-site when the intent might have been to just list the DNS names.

Third, the basic http settings of the application gateway might require the path to be overridden for individual backend targets of the path-based routing. Typically, this value is “/”, the trailing path separator, and it is required to get a non 404 responses from the backend target. But one of the errors cited in the previous article suggests the contrary for its resolution. This calls for creating two http settings with one having the path override and another without so that the application gateway can deploy the default as the one without the path override and individual path-based routing backend targets to utilize the path-based override.

It is important to note that the override works differently depending on the path rule and the override pattern. For example, if the path rule is /fn/* then an override pattern of “/” is required. On the other hand if the path rule is /fn*, then an override pattern of “/” should be avoided unless there is a substitution for “fn” in the path.

Fourth, the rewrite configuration section of the IaC for an application gateway could include a condition-action statement but if care is not taken to exclude unnecessary attributes, it results in an unintended action statement aside from the condition-action statement. This misconfiguration can be caught by reviewing the plan and deploying with just what is needed for the condition-action statement in which case the application gateway will deploy and behave correctly. Common unintended side-effects involve rerouting after the rewrite so that it enters the route evaluation again.

Lastly, the redirects are client facing and rewrites can be backend facing so they must be used appropriately.

Thursday, August 3, 2023

Azure Application Gateway is a sophisticated resource capable of being a firewall, reverse proxy, http listener, router and many more. Among the salient ways in which it is used for directing traffic to backend app services, path-based routing is one of the widely. But practitioners often encounter errors that they might quickly blame it on the gateway and look for documentation to overcome them. There’s quite a few of them and due to the high number of configuration variations involving web traffic, it is not easy to find the right fix for specific error codes.

This article talks about two such error codes that are often considered to be time taking to resolve but the resolutions are explained here.

First, is the error encountered when expanding `url_path_map`. There is a conflict between `backend_address_pool_name` and `redirect_configuration_name` (back-end pool not applicable when redirection specified)

Every url path can be routed in one of two ways, it can be routed to a backend pool member, or it can be redirected to an external location. The directions this traffic takes are exactly the opposite with one going towards the backend and another going towards the client. That is why the same path rule cannot have both specified. In such a case, the resolution is to split the rules to serve the client or the backend. The rules can split the path as well with one targeting say /path/subpath1 and another targeting the remaining as /path/*. There are no exclusions to author the paths so ordering the specific rules before the general rules is helpful. In general, we can have arbitrary path and how we sequence the rules depends on us.

A sample path map would be like this:

url_path_maps = [

{

default_backend_address_pool_name = "default-pool"

default_backend_http_settings_name = "myapps-nonprod-setting"

name = "myapps-nonprod-rule"

path_rules = [

{

backend_address_pool_name = null

backend_http_settings_name = null

name = "fn-demo-7-docs"

paths = [

"/fn-demo-7/docs"

]

rewrite_rule_set_name = null

redirect_configuration_name = "fn-demo-7-appdocs"

{

backend_address_pool_name = "fn-demo-7"

backend_http_settings_name = "myapps-nonprod-setting"

name = "fn-demo-7"

paths = [

"/fn-demo-7/*"

]

rewrite_rule_set_name = "location-header-rewrite"

redirect_configuration_name = null

}

]

}

]

Second, error encountered is called ApplicationGatewayPathOverrideAndUrlModificationNotSupported and comes with the error message: The request routing rule /subscriptions/***/resourceGroups/rg-demo-7/providers/Microsoft.Network/applicationGateways/gwy-demo-7/requestRoutingRules/myapps-nonprod-rule associated with this rewrite action properties.rewriteRuleSets[0].properties.rewriteRules[0].actionSet has the override back-end path switch enabled in the HTTP setting /subscriptions/***/resourceGroups/rg-demo-07/providers/Microsoft.Network/applicationGateways/gwy-demo-7/backendHttpSettingsCollection/myapps-nonprod-setting. Either disable this switch or remove url rewrite action set properties.rewriteRuleSets[0].properties.rewriteRules[0].actionSet.urlConfiguration.

While the attempted resolution is often to remove the backend_http_settings from the url path mappings, the fix is actually quite simple in that it talks about a specific override within that configuration block. As shown with the example, the path override is used to provide one when the incoming path needs to be modified but in this case, that is not required because the rewrite only changes the response headers.

backend_http_settings = [

{

authentication_certificate = []

cookie_based_affinity = "Disabled"

host_name = ""

name = "myapps-nonprod-setting"

path = “/” -> null

pick_host_name_from_backend_address = true

port = 443

probe_name = null

protocol = "Https"

request_timeout = 20

trusted_root_certificate_names = [

"DigiCertGlobalRootG2"

]

}

]

The path override is the “/” which must be unset with null to enable the application gateway to be created.

These are the two errors whose resolutions are distilled from the available online documentation and forums.

Some of the common issues faced during the authoring and deployment of Infrastructure-as-Code aka IaC artifacts can be called out as follows:

First, the IaC provider might not support all the attributes of a resource as that of the resource provider or vice versa if the IaC is declaring attributes as independent of resource providers. They have different development cycles and there might be lag between the catch ups that they do. This might be more conspicuous when the resources are “preview-only” features instead of the mainstream “general-acceptance” offerings.

Second, the syntax and semantics might not have parity even when there are one-to-one mappings between the IaC providers’ attributes and the resource providers’ attributes. For example, the key vault secret id might refer to the resource id, the identifier without the version or the base id of the corresponding guarded secret. In these cases, it would have been helpful if the same name was used for attributes in both places, otherwise some head-scratching is inevitable.

Third, the friendly names are often references to actual resources that may have long been dereferenced, orphaned, changed, expired, or even deleted. The friendly names, also called keys, are just references and hold value to the author in a particular context but the same author might not guarantee that the moniker is in fact consistently used unless there are some validations and review involved.

Fourth, there are always three stages between design and deploy of Infrastructure-as-code which are “init”, “plan” and “apply” and they are distinct. Success in one stage does not guarantee success in the other stage especially holding true between plan and apply stages. Another limitation is that the plan can be easily validated on the development machine but the apply stage can be performed only as part of pipeline jobs in commercial deployments. The workaround is to scope it down or target a different environment for applying.

Fifth, the ordering and sequence can only be partially manifested with corresponding attributes to explain dependencies between resources. Even if resources are self-descriptive, combination of resources must be carefully put-together by the system for a deterministic outcome.

Sixth, there is a state drift that occurs when the resources are changed without updating the IaC. The IaC provider might enforce an overwrite of resources with what’s defined in IaC but the iterative capture of IaC requires consolidation of all changes to the development cycle and this suffers from similar limitations that are rampant with those based on communications without acknowledgments.

Seventh, both the state update and its reconciliation are necessary aspects for the deployment process and consequently occur frequently. Behavior for these stages can only be articulated with a limited set of primitives such as create before delete, prevent from delete, ignore changes and others. The simpler the deployment model by virtue of overwrite, the more complex the process to ensure that everything flows into the IaC.

Eighth, access control declarations such as role assignments and permissions can often number quite large and are fraught with errors. Including them in the IaC without discretion to apply as few and as granular as necessary, can only increase maintenance.

These are only some of the articulations for the carefulness required for developing and deploying IaC.

Tuesday, August 1, 2023

Multi-dimensional optimization:

Introduction: This is a continuation of the previous article on the dynamic walk for optimization. Here we try extending the same optimization based on the stochastic optimization of more than two random variables represented by higher dimension form of equations involving a greater number of random variables. Instead of pair-wise treatment of random variables, we now study optimization involving a vector space also called a Hilbert space.

Description:

The equation representing pair of random variables is always in a quadratic form.

Where A is the matrix, x and b are vectors and c is a scalar constant.

The function is minimized by the solution to A x = b

The solution to the optimization involving these two pairs of random variables is represented by Ax = b which is a linear function.

When we have several random variables, then each random variable contributes a dimension and the simple contour map changes to n-dimensional Euclidean space.

Just as the shortest distance between a point to a line is a perpendicular, and the shortest distance from a point to a plane is an orthogonal, the shortest distance between a point and a subspace must also be orthogonal to the subspace. This is the basis for an optimization principle involving an n-dimensional Euclidean space called the projection theorem. This theorem might not be applicable to a normed space but it is applicable to a Hilbert space. A normed linear space is a vector space having a measure of distance or length defined on it. A Hilbert space is a special form of normed space having an inner product defined which is analogous to the dot product of the two vectors in analytical geometry. Those vectors are orthogonal if their dot product is zero. With the help of the orthogonality to determine the minimum, it is now possible to find the optimum as a minimization problem. The least-squares minimization is a technique that describes this minimization in Hilbert space.

The least squares regression involves the estimation of data at each point which gives a set of equations. If the data had no noise, the resulting set of equations would be written in the form of a matrix equation. Solving a matrix equation is well-known. Since the data may not fit a matrix equation perfectly, the least squares regression transforms the data point to an estimation that is as close to a matrix equation as possible. An estimation function can go through all the data points to determine if there will be a solution. The least squares regression is written as Beta = inverse-of(A-Transpose.A).A-Transpose.Y

An example of a least squares sample program in Python would look like this:

import numpy as np

from scipy import optimize

import matplotlib.pyplot as plt

x = np.linspace(0, 1, 101)

y = 1 + x + x * np.random.random(len(x))

A = np.vstack([x, np.ones(len(x))]).T

y = y[:, np.newaxis]

alpha = np.dot((np.dot(np.linalg.inv(np.dot(A.T, A)), A.T)), y)

print(alpha)

plt.figure(figsize = (10, 8))

plt.plot(x, y, ‘b.’)

plt.plot(x, alpha[0] * x + alpha[1], ‘r’)

plt.show()

Layering of neural networks is a technique that applies the same technique at a higher abstraction but it does not transform a problem from one space to another.

Sunday, July 30, 2023

The previous articles discussed how to rewrite location headers. This is a complete sample for the application gateway that achieves the following rewrite:

Demo:

curl -i -k "https://23.99.215.80/fn/api/HttpTrigger1/?name=Ravi"

HTTP/2 202

date: Fri, 28 Jul 2023 13:35:12 GMT

content-type: text/plain; charset=utf-8

location: https://fn-demo-3.azurewebsites.net/

request-context: appId=cid-v1:fafb5add-e9fb-41fc-9155-291d3695ce53

Hello, Ravi Rajamani. This HTTP triggered function executed successfully.%

curl -i -k "https://23.99.215.80/fn/api/HttpTrigger1/?name=Ravi"

HTTP/2 202

date: Fri, 28 Jul 2023 13:37:15 GMT

content-type: text/plain; charset=utf-8

location: https://fn-demo-3.azurewebsites.net

request-context: appId=cid-v1:fafb5add-e9fb-41fc-9155-291d3695ce53

Hello, Ravi Rajamani. This HTTP triggered function executed successfully.%

curl -i -k "https://23.99.215.80/api/HttpTrigger1/?name=Ravi"

HTTP/2 200

date: Fri, 28 Jul 2023 13:37:24 GMT

content-type: text/plain; charset=utf-8

request-context: appId=cid-v1:24f74c4b-1489-467a-8a11-41bb8d141d4f

Hello, Ravi. This HTTP triggered function executed successfully.%

curl -i -k "https://23.99.215.80/fn/api/HttpTrigger1/?name=Ravi"

HTTP/2 202

date: Fri, 28 Jul 2023 13:38:32 GMT

content-type: text/plain; charset=utf-8

location: https://23.99.215.80

request-context: appId=cid-v1:fafb5add-e9fb-41fc-9155-291d3695ce53

Hello, Ravi Rajamani. This HTTP triggered function executed successfully.%

IaC Defintion:

{

"version": 4,

"terraform_version": "1.4.3",

"serial": 1,

"lineage": "cab6c06f-7c91-2893-bcf4-4f421b4ed5c1",

"outputs": {},

"resources": [

{

"mode": "managed",

"type": "azurerm_application_gateway",

"name": "gwy-demo-3",

"provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]",

"instances": [

{

"schema_version": 0,

"attributes": {

"authentication_certificate": [],

"autoscale_configuration": [

{

"max_capacity": 10,

"min_capacity": 0

}

"backend_address_pool": [

{

"fqdns": [

"aks-demo-3-dns-ujqod62b.hcp.centralus.azmk8s.io"

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendAddressPools/aks-demo-3",

"ip_addresses": [],

"name": "aks-demo-3"

{

"fqdns": [

"fn-demo-3.azurewebsites.net"

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendAddressPools/fn-demo-3",

"ip_addresses": [],

"name": "fn-demo-3"

{

"fqdns": [

"fn2-demo-3.azurewebsites.net"

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendAddressPools/fn2-demo-3",

"ip_addresses": [],

"name": "fn2-demo-3"

}

"backend_http_settings": [

{

"affinity_cookie_name": "ApplicationGatewayAffinity",

"authentication_certificate": [],

"connection_draining": [],

"cookie_based_affinity": "Disabled",

"host_name": "",

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendHttpSettingsCollection/bset-demo-3",

"name": "bset-demo-3",

"path": "/",

"pick_host_name_from_backend_address": true,

"port": 443,

"probe_id": "",

"probe_name": "",

"protocol": "Https",

"request_timeout": 20,

"trusted_root_certificate_names": []

}

"custom_error_configuration": [],

"enable_http2": true,

"fips_enabled": false,

"firewall_policy_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/pol-demo-3",

"force_firewall_policy_association": false,

"frontend_ip_configuration": [

{

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/frontendIPConfigurations/appGwPublicFrontendIpIPv4",

"name": "appGwPublicFrontendIpIPv4",

"private_ip_address": "",

"private_ip_address_allocation": "Dynamic",

"private_link_configuration_id": "",

"private_link_configuration_name": "",

"public_ip_address_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/publicIPAddresses/pep-gwy-demo-3",

"subnet_id": ""

}

"frontend_port": [

{

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/frontendPorts/port_443",

"name": "port_443",

"port": 443

}

"gateway_ip_configuration": [

{

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/gatewayIPConfigurations/appGatewayIpConfig",

"name": "appGatewayIpConfig",

"subnet_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/virtualNetworks/vnet-demo-3/subnets/default"

}

"global": [],

"http_listener": [

{

"custom_error_configuration": [],

"firewall_policy_id": "",

"frontend_ip_configuration_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/frontendIPConfigurations/appGwPublicFrontendIpIPv4",

"frontend_ip_configuration_name": "appGwPublicFrontendIpIPv4",

"frontend_port_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/frontendPorts/port_443",

"frontend_port_name": "port_443",

"host_name": "",

"host_names": [],

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/httpListeners/list-demo-3",

"name": "list-demo-3",

"protocol": "Https",

"require_sni": false,

"ssl_certificate_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/sslCertificates/gwy-cert",

"ssl_certificate_name": "gwy-cert",

"ssl_profile_id": "",

"ssl_profile_name": ""

}

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3",

"identity": [

{

"identity_ids": [

"/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.ManagedIdentity/userAssignedIdentities/gwy-demo-3-identity"

"type": "UserAssigned"

}

"location": "centralus",

"name": "gwy-demo-3",

"private_endpoint_connection": [],

"private_link_configuration": [],

"probe": [],

"redirect_configuration": [],

"request_routing_rule": [

{

"backend_address_pool_id": "",

"backend_address_pool_name": "",

"backend_http_settings_id": "",

"backend_http_settings_name": "",

"http_listener_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/httpListeners/list-demo-3",

"http_listener_name": "list-demo-3",

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/requestRoutingRules/rule-demo-3",

"name": "rule-demo-3",

"priority": 1001,

"redirect_configuration_id": "",

"redirect_configuration_name": "",

"rewrite_rule_set_id": "",

"rewrite_rule_set_name": "",

"rule_type": "PathBasedRouting",

"url_path_map_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/urlPathMaps/rule-demo-3",

"url_path_map_name": "rule-demo-3"

}

"resource_group_name": "rg-demo-3",

"rewrite_rule_set": [

{

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/rewriteRuleSets/rewrite-demo-3",

"name": "rewrite-demo-3",

"rewrite_rule": [

{

"condition": [

{

"ignore_case": true,

"negate": false,

"pattern": "(https?):\\/\\/.*azurewebsites\\.net(.*)$",

"variable": "http_resp_Location"

}

"name": "LocationRewrite",

"request_header_configuration": [],

"response_header_configuration": [

{

"header_name": "Location",

"header_value": "{http_resp_Location_1}://23.99.215.80{http_resp_Location_2}"

}

"rule_sequence": 100,

"url": []

}

]

}

"sku": [

{

"capacity": 0,

"name": "WAF_v2",

"tier": "WAF_v2"

}

"ssl_certificate": [

{

"data": "",

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/sslCertificates/gwy-cert",

"key_vault_secret_id": "https://kv-demo-3.vault.azure.net/secrets/gwy-demo-3",

"name": "gwy-cert",

"password": "",

"public_cert_data": ""

}

"ssl_policy": [],

"ssl_profile": [],

"tags": {},

"timeouts": null,

"trusted_client_certificate": [],

"trusted_root_certificate": [],

"url_path_map": [

{

"default_backend_address_pool_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendAddressPools/fn2-demo-3",

"default_backend_address_pool_name": "fn2-demo-3",

"default_backend_http_settings_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendHttpSettingsCollection/bset-demo-3",

"default_backend_http_settings_name": "bset-demo-3",

"default_redirect_configuration_id": "",

"default_redirect_configuration_name": "",

"default_rewrite_rule_set_id": "",

"default_rewrite_rule_set_name": "",

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/urlPathMaps/rule-demo-3",

"name": "rule-demo-3",

"path_rule": [

{

"backend_address_pool_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendAddressPools/fn2-demo-3",

"backend_address_pool_name": "fn2-demo-3",

"backend_http_settings_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendHttpSettingsCollection/bset-demo-3",

"backend_http_settings_name": "bset-demo-3",

"firewall_policy_id": "",

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/urlPathMaps/rule-demo-3/pathRules/fn2",

"name": "fn2",

"paths": [

"/fn2/*"

"redirect_configuration_id": "",

"redirect_configuration_name": "",

"rewrite_rule_set_id": "",

"rewrite_rule_set_name": ""

{

"backend_address_pool_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendAddressPools/aks-demo-3",

"backend_address_pool_name": "aks-demo-3",

"backend_http_settings_name": "bset-demo-3",

"firewall_policy_id": "",

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/urlPathMaps/rule-demo-3/pathRules/aks",

"name": "aks",

"paths": [

"/aks/*"

"redirect_configuration_id": "",

"redirect_configuration_name": "",

"rewrite_rule_set_id": "",

"rewrite_rule_set_name": ""

{

"backend_address_pool_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/backendAddressPools/fn-demo-3",

"backend_address_pool_name": "fn-demo-3",

"backend_http_settings_name": "bset-demo-3",

"firewall_policy_id": "",

"id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/urlPathMaps/rule-demo-3/pathRules/fn",

"name": "fn",

"paths": [

"/fn/*"

"redirect_configuration_id": "",

"redirect_configuration_name": "",

"rewrite_rule_set_id": "/subscriptions/abc12345-495c-475e-9349-dfb252897b9e/resourceGroups/rg-demo-3/providers/Microsoft.Network/applicationGateways/gwy-demo-3/rewriteRuleSets/rewrite-demo-3",

"rewrite_rule_set_name": "rewrite-demo-3"

}

]

}

"waf_configuration": [],

"zones": []

"sensitive_attributes": [],

"private": "<encrypted_string>"

}

]

}

"check_results": null

}