Enable Available Zones when creating hub Firewalls (#15339)

kenchenMicrosoft · web-flow · commit 241677193b01 · 2021-06-24T13:22:25.000+08:00
* enable available zones for hub firewall

* recorded test

* added changelog
diff --git a/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs b/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs
@@ -66,6 +66,14 @@ public void TestAzureFirewallVirtualHubCRUD()
             TestRunner.RunTestScript("Test-AzureFirewallVirtualHubCRUD");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallVirtualHubCRUDWithZones()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallVirtualHubCRUDWithZones");
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
diff --git a/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1 b/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1
@@ -1227,6 +1227,65 @@ function Test-AzureFirewallVirtualHubCRUD {
     }
 }
 
+<#
+.SYNOPSIS
+Tests Hub Firewall with Zones CRUD
+#>
+function Test-AzureFirewallVirtualHubCRUDWithZones {
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $policyLocation = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+    $location = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+    $azureFirewallPolicyName = Get-ResourceName
+    $skuName = "AZFW_Hub"
+    $skuTier = "Standard"
+    $firewallPIPCount = "2"
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
+        
+        # Create AzureFirewallPolicy (with no rules, ThreatIntel is in Alert mode by default)
+        $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $policyLocation
+
+        # Get the AzureFirewallPolicy
+        $getazureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+
+        Assert-NotNull $azureFirewallPolicy
+        Assert-NotNull $getazureFirewallPolicy.Id
+
+        $azureFirewallPolicyId = $getazureFirewallPolicy.Id
+
+        $fwpips = New-AzFirewallHubPublicIpAddress -Count $firewallPIPCount
+        $hubIpAddresses = New-AzFirewallHubIpAddress -PublicIP $fwpips
+
+        New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location -SkuName $skuName -SkuTier $skuTier  -HubIPAddress $hubIpAddresses -FirewallPolicyId $azureFirewallPolicyId -Zone 1, 2, 3
+        # Get AzureFirewall
+        $getAzureFirewall = Get-AzFirewall -name $azureFirewallName -ResourceGroupName $rgname
+
+        #verification
+        Assert-AreEqual $rgName $getAzureFirewall.ResourceGroupName
+        Assert-AreEqual $azureFirewallName $getAzureFirewall.Name
+        Assert-NotNull $getAzureFirewall.Location
+        Assert-AreEqual (Normalize-Location $location) $getAzureFirewall.Location
+        Assert-NotNull $getAzureFirewall.Sku
+        Assert-AreEqual $skuName $getAzureFirewall.Sku.Name
+        Assert-AreEqual $skuTier $getAzureFirewall.Sku.Tier
+        Assert-NotNull $getAzureFirewall.FirewallPolicy
+        Assert-AreEqual $azureFirewallPolicyId $getAzureFirewall.FirewallPolicy.Id
+        Assert-AreEqual 3 @($getAzureFirewall.Zones).Count
+        Assert-NotNull $getAzureFirewall.HubIPAddresses
+        Assert-NotNull $getAzureFirewall.HubIPAddresses.PublicIPs
+        Assert-AreEqual $firewallPIPCount $getAzureFirewall.HubIPAddresses.PublicIPs.Count
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}
+
 <#
 .SYNOPSIS
 Tests AzureFirewall ThreatIntelWhitelist
diff --git a/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallVirtualHubCRUDWithZones.json b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallVirtualHubCRUDWithZones.json
diff --git a/src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs b/src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs
@@ -298,7 +298,8 @@ private PSAzureFirewall CreateAzureFirewall()
                     Sku = sku,
                     VirtualHub = VirtualHubId != null ? new MNM.SubResource(VirtualHubId) : null,
                     FirewallPolicy = FirewallPolicyId != null ? new MNM.SubResource(FirewallPolicyId) : null,
-                    HubIPAddresses = this.HubIPAddress
+                    HubIPAddresses = this.HubIPAddress,
+                    Zones = this.Zone == null ? null : this.Zone.ToList()
                 };
             }
             else
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
@@ -19,6 +19,10 @@
 --->
 
 ## Upcoming Release
+* Updated cmdlets to enable processing of available zones on AzureFirewalll
+    - `New-AzFirewall`
+
+## Version 4.9.0
 * Updated cmdlets for route server for a more stable way to add IP configuration.
 * Added support for getting a single private link resource.
 * Added more detailed description about GroupId in `New-AzPrivateLinkServiceConnection`
