Add 'AdditionalProperty' to AzureFirewall cmdlets (Azure#10354)

* Add 'AdditionalProperty' to AzureFirewall cmdlets

* Add ChangeLog

* Fix broken Assert-AreEqual for Hashtables

* Add test recordings

* Address feedback: 1) remove local nuget, 2) move hashtable assert helper to Common.ps1

* Update help for *-AzFirewall cmdlets

Author: andreycpp

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs

@@ -66,5 +66,12 @@ public void TestAzureFirewallVirtualHubCRUD()
             TestRunner.RunTestScript("Test-AzureFirewallVirtualHubCRUD");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallAdditionalPropertyCRUD()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallAdditionalPropertyCRUD");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1

@@ -1028,7 +1028,7 @@ function Test-AzureFirewallAllocateAndDeallocate {
 
 <#
 .SYNOPSIS
-Tests AzureFirewall Set and Remove IpConfiguration
+Tests AzureFirewall VirtualHub integration
 #>
 function Test-AzureFirewallVirtualHubCRUD {
     # Setup
@@ -1078,3 +1078,50 @@ function Test-AzureFirewallVirtualHubCRUD {
         Clean-ResourceGroup $rgname
     }
 }
+
+<#
+.SYNOPSIS
+Tests AzureFirewall AdditionalProperty
+#>
+function Test-AzureFirewallAdditionalPropertyCRUD {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $location = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+
+    $vnetName = Get-ResourceName
+    $subnetName = "AzureFirewallSubnet"
+    $publicIpName = Get-ResourceName
+
+    $threatIntelProp1 = @{"ThreatIntel.Whitelist.FQDNs" = "*.microsoft.com, microsoft.com"; "ThreatIntel.Whitelist.IpAddresses" = "8.8.8.8, 1.1.1.1"}
+    $threatIntelProp2 = @{"ThreatIntel.Whitelist.IpAddresses" = "  2.2.2.2  ,  3.3.3.3  "; "ThreatIntel.Whitelist.FQDNs" = "  bing.com  ,  yammer.com  "}
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+
+        # Create public ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+
+        # Create AzureFirewall
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location -AdditionalProperty $threatIntelProp1
+
+        # Verify
+        $getAzureFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqualHashtables $threatIntelProp1 $getAzureFirewall.AdditionalProperty
+
+        # Modify
+        $azureFirewall.AdditionalProperty = $threatIntelProp2
+        Set-AzFirewall -AzureFirewall $azureFirewall
+        $getAzureFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqualHashtables $threatIntelProp2 $getAzureFirewall.AdditionalProperty
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}

src/Network/Network.Test/ScenarioTests/Common.ps1

@@ -102,3 +102,21 @@ function Start-TestSleep($milliseconds)
         Start-Sleep -Milliseconds $milliseconds
     }
 }
+
+<#
+.SYNOPSIS
+Assert-AreEqual for Hashtables.
+#>
+function Assert-AreEqualHashtables {
+    param (
+        [Parameter(Mandatory = $true)] [Hashtable]$left,
+        [Parameter(Mandatory = $true)] [Hashtable]$right
+	)
+
+    Assert-True { $left.Keys.Count -eq $right.Keys.Count } "Different Key counts: $($left.Keys.Count) vs $($right.Keys.Count)"
+
+    $left.Keys | % {
+        Assert-True { $right.ContainsKey($_) } "Keys mismatch: '$_' vs None"
+        Assert-True { $left[$_] -eq $right[$_] } "Values mismatch for Key '$_': '$($left[$_])' vs '$($right[$_])'"
+    }
+}

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallAdditionalPropertyCRUD.json

@@ -14,6 +14,8 @@
 // ----------------------------------------------------------------------------------
 
 using System.Net;
+using System.Collections;
+using System.Linq;
 using Microsoft.Azure.Commands.Network.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
 using Microsoft.Azure.Management.Network;
@@ -88,20 +90,19 @@ public PSAzureFirewall GetAzureFirewall(string resourceGroupName, string name)
         {
             var azureFirewall = this.AzureFirewallClient.Get(resourceGroupName, name);
 
-            var psAzureFirewall = NetworkResourceManagerProfile.Mapper.Map<PSAzureFirewall>(azureFirewall);
+            var psAzureFirewall = ToPsAzureFirewall(azureFirewall);
             psAzureFirewall.ResourceGroupName = resourceGroupName;
-            psAzureFirewall.Tag = TagsConversionHelper.CreateTagHashtable(azureFirewall.Tags);
 
             return psAzureFirewall;
         }
 
-        public PSAzureFirewall ToPsAzureFirewall(AzureFirewall firewall)
+        public PSAzureFirewall ToPsAzureFirewall(AzureFirewall azureFirewall)
         {
-            var azureFirewall = NetworkResourceManagerProfile.Mapper.Map<PSAzureFirewall>(firewall);
-
-            azureFirewall.Tag = TagsConversionHelper.CreateTagHashtable(firewall.Tags);
+            var psAzureFirewall = NetworkResourceManagerProfile.Mapper.Map<PSAzureFirewall>(azureFirewall);
+            psAzureFirewall.Tag = TagsConversionHelper.CreateTagHashtable(azureFirewall.Tags);
+            psAzureFirewall.AdditionalProperty = TagsConversionHelper.CreateTagHashtable(azureFirewall.AdditionalProperties);
 
-            return azureFirewall;
+            return psAzureFirewall;
         }
     }
 }

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallAllocateAndDeallocate.json

@@ -60,9 +60,9 @@ public override void ExecuteCmdlet()
                     : this.AzureFirewallClient.List(this.ResourceGroupName);
 
                 // Get all resources by polling on next page link
-                var azureFirewallResponseLIst = ListNextLink<AzureFirewall>.GetAllResourcesByPollingNextLink(azureFirewallPage, this.AzureFirewallClient.ListNext);
+                var azureFirewallResponseList = ListNextLink<AzureFirewall>.GetAllResourcesByPollingNextLink(azureFirewallPage, this.AzureFirewallClient.ListNext);
 
-                var psAzureFirewalls = azureFirewallResponseLIst.Select(firewall =>
+                var psAzureFirewalls = azureFirewallResponseList.Select(firewall =>
                 {
                     var psAzureFirewall = this.ToPsAzureFirewall(firewall);
                     psAzureFirewall.ResourceGroupName = NetworkBaseCmdlet.GetResourceGroup(firewall.Id);

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallCRUD.json

@@ -135,6 +135,12 @@ public class NewAzureFirewallCommand : AzureFirewallBaseCmdlet
             IgnoreCase = false)]
         public string ThreatIntelMode { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Additional properties for Azure Firewall.")]
+        public Hashtable AdditionalProperty { get; set; }
+
         [Parameter(
             Mandatory = false,
             ValueFromPipelineByPropertyName = true,
@@ -273,6 +279,7 @@ private PSAzureFirewall CreateAzureFirewall()
             // Map to the sdk object
             var azureFirewallModel = NetworkResourceManagerProfile.Mapper.Map<MNM.AzureFirewall>(firewall);
             azureFirewallModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
+            azureFirewallModel.AdditionalProperties = TagsConversionHelper.CreateTagDictionary(this.AdditionalProperty, validate: true);
 
             // Execute the Create AzureFirewall call
             this.AzureFirewallClient.CreateOrUpdate(this.ResourceGroupName, this.Name, azureFirewallModel);

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallPIPAndVNETObjectTypeParams.json

@@ -43,11 +43,12 @@ public override void Execute()
             }
 
             // Map to the sdk object
-            var secureGwModel = NetworkResourceManagerProfile.Mapper.Map<MNM.AzureFirewall>(this.AzureFirewall);
-            secureGwModel.Tags = TagsConversionHelper.CreateTagDictionary(this.AzureFirewall.Tag, validate: true);
+            var azureFirewallModel = NetworkResourceManagerProfile.Mapper.Map<MNM.AzureFirewall>(this.AzureFirewall);
+            azureFirewallModel.Tags = TagsConversionHelper.CreateTagDictionary(this.AzureFirewall.Tag, validate: true);
+            azureFirewallModel.AdditionalProperties = TagsConversionHelper.CreateTagDictionary(this.AzureFirewall.AdditionalProperty, validate: true);
 
             // Execute the PUT AzureFirewall call
-            this.AzureFirewallClient.CreateOrUpdate(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name, secureGwModel);
+            this.AzureFirewallClient.CreateOrUpdate(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name, azureFirewallModel);
 
             var getAzureFirewall = this.GetAzureFirewall(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name);
             WriteObject(getAzureFirewall);

src/Network/Network/AzureFirewall/AzureFirewallBaseCmdlet.cs

@@ -36,6 +36,7 @@
   - Introduce new Generations for VirtualNetworkGateways.
   - Introduce new high throughput SKUs for VirtualNetworkGateways.
 * New cmdlets to support the azure firewall policy
+* Add 'AdditionalProperty' to AzureFirewall cmdlets
 * Add support for child resource RouteTables of VirtualHub
 	- New cmdlets added:
 		- Add-AzVirtualHubRoute

src/Network/Network/AzureFirewall/GetAzureFirewallCommand.cs

@@ -14,6 +14,7 @@
 //
 
 using System;
+using System.Collections;
 using System.Collections.Generic;
 using System.Linq;
 using Newtonsoft.Json;
@@ -42,10 +43,18 @@ public class PSAzureFirewall : PSTopLevelResource
 
         public string ThreatIntelMode { get; set; }
 
+        public Hashtable AdditionalProperty { get; set; }
+
         public string ProvisioningState { get; set; }
 
         public List<string> Zones { get; set; }
 
+        [JsonIgnore]
+        public string AdditionalPropertyText
+        {
+            get { return JsonConvert.SerializeObject(AdditionalProperty, Formatting.Indented); }
+        }
+
         [JsonIgnore]
         public string IpConfigurationsText
         {

src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs

@@ -3294,6 +3294,10 @@
                 <Label>ThreatIntelMode</Label>
                 <PropertyName>ThreatIntelMode</PropertyName>
               </ListItem>
+              <ListItem>
+                <Label>AdditionalProperty</Label>
+                <PropertyName>AdditionalPropertyText</PropertyName>
+              </ListItem>
               <ListItem>
                 <Label>Sku</Label>
                 <PropertyName>Sku</PropertyName>

src/Network/Network/AzureFirewall/SetAzureFirewallCommand.cs

@@ -300,7 +300,7 @@ Required: False
 Position: Named
 Default value: None
 Accept pipeline input: True (ByPropertyName)
-Accept wildcard characters: True
+Accept wildcard characters: False
 ```
 
 ### -ResourceGroupName
@@ -315,7 +315,7 @@ Required: False
 Position: Named
 Default value: None
 Accept pipeline input: True (ByPropertyName)
-Accept wildcard characters: True
+Accept wildcard characters: False
 ```
 
 ### CommonParameters

src/Network/Network/ChangeLog.md

@@ -19,9 +19,9 @@ New-AzFirewall -Name <String> -ResourceGroupName <String> -Location <String>
  [-ApplicationRuleCollection <PSAzureFirewallApplicationRuleCollection[]>]
  [-NatRuleCollection <PSAzureFirewallNatRuleCollection[]>]
  [-NetworkRuleCollection <PSAzureFirewallNetworkRuleCollection[]>] [-ThreatIntelMode <String>]
- [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-Sku <String>] [-VirtualHubId <String>]
- [-FirewallPolicyId <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ [-AdditionalProperty <Hashtable>] [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-Sku <String>]
+ [-VirtualHubId <String>] [-FirewallPolicyId <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### OldIpConfigurationParameterValues
@@ -30,9 +30,9 @@ New-AzFirewall -Name <String> -ResourceGroupName <String> -Location <String> -Vi
  -PublicIpName <String> [-ApplicationRuleCollection <PSAzureFirewallApplicationRuleCollection[]>]
  [-NatRuleCollection <PSAzureFirewallNatRuleCollection[]>]
  [-NetworkRuleCollection <PSAzureFirewallNetworkRuleCollection[]>] [-ThreatIntelMode <String>]
- [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-Sku <String>] [-VirtualHubId <String>]
- [-FirewallPolicyId <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ [-AdditionalProperty <Hashtable>] [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-Sku <String>]
+ [-VirtualHubId <String>] [-FirewallPolicyId <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### IpConfigurationParameterValues
@@ -42,9 +42,9 @@ New-AzFirewall -Name <String> -ResourceGroupName <String> -Location <String> -Vi
  [-ApplicationRuleCollection <PSAzureFirewallApplicationRuleCollection[]>]
  [-NatRuleCollection <PSAzureFirewallNatRuleCollection[]>]
  [-NetworkRuleCollection <PSAzureFirewallNetworkRuleCollection[]>] [-ThreatIntelMode <String>]
- [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-Sku <String>] [-VirtualHubId <String>]
- [-FirewallPolicyId <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ [-AdditionalProperty <Hashtable>] [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-Sku <String>]
+ [-VirtualHubId <String>] [-FirewallPolicyId <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -162,6 +162,21 @@ This example creates a Firewall attached to virtual hub "vHub". A firewall polic
 
 ## PARAMETERS
 
+### -AdditionalProperty
+Additional properties for Azure Firewall.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -ApplicationRuleCollection
 Specifies the collections of application rules for the new Firewall.
 

src/Network/Network/Models/AzureFirewall/PSAzureFirewall.cs

@@ -180,7 +180,7 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS