[Network]Add Microsoft.Network/privateLinkServices configuration to support the private endpoint connection (#18000)

* Add Microsoft.Network/privateLinkServices configuration to support PEC and add hasSupportResourceURI parameter.

* [Network] modified privatelinkresourcetype dynamic parameter.

* [Network]throw message when RP not support private endpoint connection or private link resource.

* update example

* update code

* [Network] adjust private endpoint connection and link resource logic.

* [Network] modified help message.

* [Network] delete unnecessary.

* [Network]adjust prinvate link resource logic.

* [Network] add changelog.

* [Network] update changelog.

* Update src/Network/Network/ChangeLog.md

* Update src/Network/Network/ChangeLog.md

* [Network] adjust private link feature logic.

* [Network] add VaildateParentResourceAttribute for resource id field."

* [Network] changed public to internal.

Co-authored-by: dingmeng-xue <[email protected]>
Co-authored-by: Beisi Zhou <[email protected]>

Author: 3 people

documentation/development-docs/examples/private-link-resource-example.md

@@ -1,63 +1,68 @@
 ## Applicability
-Az.Network supports the retrieval of private link resource in `Get-AzPrivateLinkResource` as well as the management of private endpoint connection in `Approve-AzPrivateEndpointConnect`, `Deny-AzPrivateEndpointConnect`, `Remove-AzPrivateEndpointConnect` and `Set-AzPrivateEndpointConnect`. 
+Az.Network supports the retrieval of private link resource in `Get-AzPrivateLinkResource` as well as the management of private endpoint connection by `Get-AzPrivateEndpointConnection`, `Approve-AzPrivateEndpointConnection`, `Deny-AzPrivateEndpointConnection`, `Remove-AzPrivateEndpointConnection` and `Set-AzPrivateEndpointConnection`. 
 
-For providers who 
-- supports the features of private linke resource and private endpoint connection already
-- and want to onboard these features in Azure PowerShell, 
+For provider who 
+- supports the features of private link resource or private endpoint connection already
+- and wants to onboard these features in Azure PowerShell, 
+You need to register provider configuration in [ProviderConfiguration.cs](https://github.com/Azure/azure-powershell/blob/main/src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/ProviderConfiguration.cs#L12).
 
-they need register provider configuration in [ProviderConfiguration.cs](https://github.com/Azure/azure-powershell/blob/main/src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/ProviderConfiguration.cs#L12).
-
-Notes: No additional commands for the features of private linke resource and private endpoint connection need to be added.
+Notes: No additional commands for the features of PrivateLinkResource and PrivateEndpointConnection need to be added.
 
 ## Prerequisite
 We assume the API for `List` private link resource and `Get` private endpoint connection is available in the provider that claims to support private endpoint connection features. That means it supports following APIs:
 
 ```
 # List Private Link Resource API
-"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources"
+"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{topResourceType}/{topResourceName}/privateLinkResources"
 ```
 ```
 # Get Private Endpoint Connection API
-"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateEndpointConnections/{PrivateEndpointConnection-Name}"
+"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{topResourceType}/{topResourceName}/privateEndpointConnections/{privateEndpointConnectionName}"
 ```
 
-if "List Private Endpoint Connection API" is not available, `privateEndpointConnections` must be included in the properties of top resource returned by 
-"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}". So that `Private Endpoint Connections` will be retrieved from the top resource.
+if "List Private Endpoint Connection API" below is not available, `privateEndpointConnections` must be included in the properties of top resource returned by 
+"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{topResourceType}/{topResourceName}". So that `Get-AzPrivateEndpointConnect` will retrieve connections from the top resource.
 
 ```
 # List Private Endpoint Connection API
-"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateEndpointConnections"
+"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{topResourceType}/{topResourceName}/privateEndpointConnections"
 ```
 
 ## Code Changes Needed
-To add corresponding {Provider}, {Top-Level-Resource} and {API-Version} into [ProviderConfiguration.cs](https://github.com/Azure/azure-powershell/blob/main/src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/ProviderConfiguration.cs#L12), we need to follow 
-in following pattern:
+To add corresponding {Provider}, {topResourceType} and {API-Version} into [ProviderConfiguration.cs](https://github.com/Azure/azure-powershell/blob/main/src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/ProviderConfiguration.cs#L12), we need to follow in following pattern:
 ```
-RegisterConfiguration("{Provider}/{Top-Level-Resource}", "{API-Version}", bool hasPrivateEndppointConnectionsURI, bool hasPrivateLinkResourceURI)
+RegisterConfiguration(string type, string apiVersion, bool hasConnectionsURI = false, bool supportGetPrivateLinkResource = false, bool supportPrivateLinkResource = true)
 ```
-- "{Provider}/{Top-Level-Resource}" describes the type of provider. For example, "Microsoft.Sql/servers".
-- "{API-Version}" specifies the API version to be used. For example, "2018-06-01-preview".
-- `hasPrivateEndppointConnectionsURI` marks the provider whether provides "List Private Endpoint Connection API".
+- `type` includes resource provider and resource type which supports PrivateLink feature. For example, "Microsoft.Sql/servers".
+- `apiVersion` specifies the API version to be used. For example, "2018-06-01-preview".
+- `hasConnectionsURI` marks whether the provider exposes "List Private Endpoint Connection API". Default value is false.
 ```
 # Get Private Link Resource API
-"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources/{PrivateLinkResource-Name}"
+"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{topResourceType}/{topResourceName}/privateLinkResources/{privateLinkResourceName}"
 ```
-- `hasPrivateLinkResourceURI` marks the provider whether providers "Get Private Endpoint Connection API".
+- `supportGetPrivateLinkResource` marks whether the provider supports Get API of PrivateLinkResource. Default value is false.
 
-For instance, for provider "Microsoft.Sql/servers" with API version "2018-06-01-preview", it supports "List Private Endpoint Connection API" and "Get Private Endpoint Connection API". So it's registration configuration should be
+For instance, for provider "Microsoft.Sql/servers" with API version "2018-06-01-preview", it supports "List Private Endpoint Connection API" and "Get Private Link Resource API". So its registration configuration should be:
 ```
 RegisterConfiguration("Microsoft.Sql/servers", "2018-06-01-preview", true, true);
 ```
 
+- `supportListPrivateLinkResource` marks whether the provider supports List API of PrivateLinkResource. Default value is true.
+
+For instance, `Microsoft.Network/privateLinkServices` supports PrivateEndpointConnections but doesn't support resource type PrivateLinkResource (We assume List API is mandatory to resource support). Its configuration should be:
+```
+RegisterConfiguration("Microsoft.Network/privateLinkServices", "2020-05-01", true, false, false);
+```
+
 ## End-To-End Test
 
 ### Item Needed
 
 + Top level resource
 ```
-New-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name}
+New-Az{topResourceType} -ResourceGroupName {rgName} -Name {topResourceName}
 
-$TopLevelResource = Get-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name}
+$TopLevelResource = Get-Az{topResourceType} -ResourceGroupName {rgName} -Name {topResourceName}
 ```
 
 + private link resource
@@ -67,24 +72,24 @@ $PrivateLinkResource = Get-AzPrivateLinkResource -PrivateLinkResourceId $TopLeve
 
 + subnet config (object in memory)
 ```
-$SubnetConfig = New-AzVirtualNetworkSubnetConfig -Name {config_name} -AddressPrefix "11.0.1.0/24"      -PrivateEndpointNetworkPolicies "Disabled"
+$SubnetConfig = New-AzVirtualNetworkSubnetConfig -Name {configName} -AddressPrefix "11.0.1.0/24"      -PrivateEndpointNetworkPolicies "Disabled"
 ```
 
 + virtual network
 ```
-New-AzVirtualNetwork -ResourceGroupName {rg_name} -Name {vnet_name} -Location {location} -AddressPrefix "11.0.0.0/16" -Subnet $SubnetConfig
+New-AzVirtualNetwork -ResourceGroupName {rgName} -Name {vnetName} -Location {location} -AddressPrefix "11.0.0.0/16" -Subnet $SubnetConfig
 
-$VNet=Get-AzVirtualNetwork -ResourceGroupName {rg_name} -Name {vnet_name}
+$VNet=Get-AzVirtualNetwork -ResourceGroupName {rgName} -Name {vnetName}
 ```
 
 + private link service connection (object in memory)
 ```
-$PLSConnection = New-AzPrivateLinkServiceConnection -Name {pls_connection_name} -PrivateLinkServiceId $TopLevelResource.Id -GroupId $TopLevelResource.GroupId
+$PLSConnection = New-AzPrivateLinkServiceConnection -Name {plsConnectionName} -PrivateLinkServiceId $TopLevelResource.Id -GroupId $TopLevelResource.GroupId
 ```
 
 + endpoint
 ```
-New-AzPrivateEndpoint -ResourceGroupName {rg_name} -Name {endpoint_name} -Location {location} -Subnet $VNet.subnets[0] -PrivateLinkServiceConnection $PLSConnection -ByManualRequest
+New-AzPrivateEndpoint -ResourceGroupName {rgName} -Name {endpointName} -Location {location} -Subnet $VNet.subnets[0] -PrivateLinkServiceConnection $PLSConnection -ByManualRequest
 ```
 
 ### step-by-step
@@ -99,7 +104,7 @@ $connection = Get-AzPrivateEndpointConnection -PrivateLinkResourceId $TopLevelRe
 
 * To get the connection, if `list` for private endpoint connection was not supported,
 ```
-$TopLevelResource = Get-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name}
+$TopLevelResource = Get-Az{topResourceType} -ResourceGroupName {rgName} -Name {topResourceName}
 
 $ConnectionId = $TopLevelResource.PrivateEndpointConnection[0].Id
 

src/Network/Network/ChangeLog.md

@@ -19,6 +19,8 @@
 --->
 
 ## Upcoming Release
+* Supported `Microsoft.Network/privateLinkServices` in `Get-AzPrivateEndpointConnection` [#16984].
+* Provided friendly message if resource type is not supported for private endpoint connection features [#17091].
 * Added `DisableIPsecProtection` to `Virtual Network Gateway`.
 * Added new cmdlets to create/manage authorization objects for ExpressRoutePort:
     - `Add-AzExpressRoutePortAuthorization`

src/Network/Network/PrivateLinkService/PrivateEndpointConnection/PrivateEndpointConnectionBaseCmdlet.cs

@@ -12,9 +12,12 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.Exceptions;
 using Microsoft.Azure.Commands.Network.PrivateLinkService.PrivateLinkServiceProvider;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using System.Management.Automation;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using System;
 
 namespace Microsoft.Azure.Commands.Network
 {
@@ -25,6 +28,7 @@ public abstract class PrivateEndpointConnectionBaseCmdlet : NetworkBaseCmdlet, I
             ParameterSetName = "ByResourceId",
             ValueFromPipelineByPropertyName = true)]
         [ValidateNotNullOrEmpty]
+        [ValidateParentResourceNotNullOrEmpty]
         public string ResourceId { get; set; }
 
         [Alias("ResourceName")]
@@ -62,7 +66,7 @@ public abstract class PrivateEndpointConnectionBaseCmdlet : NetworkBaseCmdlet, I
         {
             var parameters = new RuntimeDefinedParameterDictionary();
             RuntimeDefinedParameter namedParameter;
-            if (ProviderConfiguration.TryGetProvideServiceParameter(privateEndpointTypeName, NamedContextParameterSet, out namedParameter))
+            if (ProviderConfiguration.TryGetEndpointConnectionServiceParameter(privateEndpointTypeName, NamedContextParameterSet, out namedParameter))
             {
                 parameters.Add(privateEndpointTypeName, namedParameter);
             }
@@ -76,7 +80,26 @@ public abstract class PrivateEndpointConnectionBaseCmdlet : NetworkBaseCmdlet, I
 
         protected IPrivateLinkProvider BuildProvider(string subscription, string privateLinkResourceType)
         {
+            if (!GenericProvider.SupportsPrivateLinkFeature(privateLinkResourceType))
+                throw new AzPSApplicationException(string.Format(Properties.Resources.UnsupportPrivateEndpointConnectionType, privateLinkResourceType));
             return PrivateLinkProviderFactory.CreatePrivateLinkProvder(this, subscription, privateLinkResourceType);
         }
+
+        /// <summary>
+        /// Validate parent resource of the resource id not null or empty.
+        /// </summary>
+        [AttributeUsage(AttributeTargets.Field | AttributeTargets.Property)]
+        internal sealed class ValidateParentResourceNotNullOrEmptyAttribute : ValidateArgumentsAttribute
+        {
+            protected override void Validate(object arguments, EngineIntrinsics engineIntrinsics)
+            {
+                string resourceId = (string)arguments;
+                var resourceIdentifier = new ResourceIdentifier(resourceId);
+                if (string.IsNullOrEmpty(resourceIdentifier.ParentResource))
+                {
+                    throw new AzPSApplicationException(string.Format(Properties.Resources.InvalidResourceId, resourceId));
+                }
+            }
+        }
     }
 }

src/Network/Network/PrivateLinkService/PrivateLinkResource/GetAzurePrivateLinkResourceCommand.cs

@@ -12,6 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.Exceptions;
 using Microsoft.Azure.Commands.Network.Models;
 using Microsoft.Azure.Commands.Network.PrivateLinkService.PrivateLinkServiceProvider;
 using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
@@ -63,9 +64,10 @@ public class GetAzurePrivateLinkResourceCommand : NetworkBaseCmdlet, IDynamicPar
 
         public new object GetDynamicParameters()
         {
+            InvocationInfo invocationInfo = MyInvocation;
             var parameters = new RuntimeDefinedParameterDictionary();
             RuntimeDefinedParameter namedParameter;
-            if (ProviderConfiguration.TryGetProvideServiceParameter(privateEndpointTypeName, NamedContextParameterSet, out namedParameter))
+            if (ProviderConfiguration.TryGetLinkResourceServiceParameter(privateEndpointTypeName, NamedContextParameterSet, out namedParameter))
             {
                 parameters.Add(privateEndpointTypeName, namedParameter);
             }
@@ -89,6 +91,12 @@ public override void Execute()
                 this.Subscription = DefaultProfile.DefaultContext.Subscription.Id;
                 this.PrivateLinkResourceType = DynamicParameters[privateEndpointTypeName].Value as string;
             }
+            // First check resource type whether support private link feature, if support then check whether support private link resource feature.
+            if (!GenericProvider.SupportsPrivateLinkFeature(this.PrivateLinkResourceType) || !ProviderConfiguration.GetProviderConfiguration(this.PrivateLinkResourceType).SupportListPrivateLinkResource)
+            {
+                throw new AzPSApplicationException(string.Format(Properties.Resources.UnsupportPrivateLinkResourceType, this.PrivateLinkResourceType));
+            }
+
             IPrivateLinkProvider provider = PrivateLinkProviderFactory.CreatePrivateLinkProvder(this, Subscription, PrivateLinkResourceType);
             if (provider == null)
             {

src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/GenericProvider.cs

@@ -20,6 +20,7 @@
 using Microsoft.Azure.Internal.Common;
 using System.Collections.Generic;
 using System.Linq;
+using Microsoft.Azure.Commands.Common.Exceptions;
 
 namespace Microsoft.Azure.Commands.Network.PrivateLinkService.PrivateLinkServiceProvider
 {
@@ -36,7 +37,7 @@ public GenericProvider(NetworkBaseCmdlet baseCmdlet, string subscription, string
 
         #region Interface Implementation
 
-        public static bool SupportsPrivateLinkResourceType(string privateLinkResourceType)
+        public static bool SupportsPrivateLinkFeature(string privateLinkResourceType)
         {
             ProviderConfiguration configuration = ProviderConfiguration.GetProviderConfiguration(privateLinkResourceType);
             return (configuration != null);
@@ -133,16 +134,14 @@ public void DeletePrivateEndpointConnection(string resourceGroupName, string ser
 
         public PSPrivateLinkResource GetPrivateLinkResource(string resourceGroupName, string serviceName, string name)
         {
-            if (_configuration.HasResourceURI)
+            if (_configuration.SupportGetPrivateLinkResource)
             {
                 string url = BuildPrivateLinkResourceURL(resourceGroupName, serviceName, name);
                 PrivateLinkResource resource = ServiceClient.Operations.GetResource<PrivateLinkResource>(url, _configuration.ApiVersion);
                 return ToPsPrivateLinkResource(resource);
             }
-            else 
-            {
-                return ListPrivateLinkResource(resourceGroupName, serviceName).Single(plr => plr.Name.Equals(name));
-            }
+
+            return ListPrivateLinkResource(resourceGroupName, serviceName).Single(plr => plr.Name.Equals(name));
         }
 
         public List<PSPrivateLinkResource> ListPrivateLinkResource(string resourceGroupName, string serviceName)

src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/PrivateLinkProviderFactory.cs

@@ -27,7 +27,7 @@ public static IPrivateLinkProvider CreatePrivateLinkProvder(NetworkBaseCmdlet cm
                 return new NetworkingProvider(cmdlet);
             }
 
-            if(GenericProvider.SupportsPrivateLinkResourceType(privateLinkResourceType))
+            if(GenericProvider.SupportsPrivateLinkFeature(privateLinkResourceType))
             {
                 return new GenericProvider(cmdlet, subscription, privateLinkResourceType);
             }