Application Gateway Private Link Cmdlets (#12133)

* Application Gateway Private Link Cmdlets

* add change log

Author: jaishals

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs

@@ -137,5 +137,13 @@ public void TestApplicationGatewayWithListenerHostNames()
         {
             TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayWithListenerHostNames -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)]
+        public void TestApplicationGatewayWithPrivateLinkConfiguration()
+        {
+            TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayWithPrivateLinkConfiguration -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -2800,3 +2800,149 @@ function Test-ApplicationGatewayWithListenerHostNames
 		Clean-ResourceGroup $rgname
 	}
 }
+
+function Test-ApplicationGatewayWithPrivateLinkConfiguration
+{
+	param
+	(
+		$basedir = "./"
+	)
+
+	# Setup
+	$location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "westus2"
+
+	$rgname = Get-ResourceGroupName
+	$appgwName = Get-ResourceName
+	$vnetName = Get-ResourceName
+	$gwSubnetName = Get-ResourceName
+	$plsSubnetName = Get-ResourceName
+	$publicIpName = Get-ResourceName
+	$gipconfigname = Get-ResourceName
+
+	$frontendPort01Name = Get-ResourceName
+	$fipconfigName = Get-ResourceName
+	$listener01Name = Get-ResourceName
+
+	$poolName = Get-ResourceName
+	$trustedRootCertName = Get-ResourceName
+	$poolSetting01Name = Get-ResourceName
+
+	$rule01Name = Get-ResourceName
+
+	$probeHttpName = Get-ResourceName
+
+	$privateLinkIpConfigName1 = Get-ResourceName
+	$privateLinkIpConfigName2 = Get-ResourceName
+	$privateLinkIpConfigName3 = Get-ResourceName
+
+	$privateLinkConfigName = Get-ResourceName
+	$privateLinkConfigName2 = Get-ResourceName
+
+	try
+	{
+		# Create the resource group
+		$resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"}
+		# Create the Virtual Network
+		$gwSubnet = New-AzVirtualNetworkSubnetConfig -Name $gwSubnetName -AddressPrefix 10.0.0.0/24  -PrivateLinkServiceNetworkPoliciesFlag "Disabled"
+		$plsSubnet = New-AzVirtualNetworkSubnetConfig -Name $plsSubnetName -AddressPrefix 10.0.1.0/24  -PrivateLinkServiceNetworkPoliciesFlag "Disabled"
+		$vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $gwSubnet, $plsSubnet
+		$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+		$gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name $gwSubnetName -VirtualNetwork $vnet
+		$plsSubnet = Get-AzVirtualNetworkSubnetConfig -Name $plsSubnetName -VirtualNetwork $vnet
+
+		# Create public ip
+		$publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -sku Standard
+
+		# Create ip configuration
+		$gipconfig = New-AzApplicationGatewayIPConfiguration -Name $gipconfigname -Subnet $gwSubnet
+
+		# private link configuration
+		$privateLinkIpConfiguration1 =  New-AzApplicationGatewayPrivateLinkIpConfiguration -Name $privateLinkIpConfigName1 -Subnet $plsSubnet -Primary
+		$privateLinkIpConfiguration2 =  New-AzApplicationGatewayPrivateLinkIpConfiguration -Name $privateLinkIpConfigName2 -Subnet $plsSubnet
+		$privateLinkConfiguration = New-AzApplicationGatewayPrivateLinkConfiguration -Name $privateLinkConfigName -IpConfiguration $privateLinkIpConfiguration1, $privateLinkIpConfiguration2
+
+		$fipconfig = New-AzApplicationGatewayFrontendIPConfig -Name $fipconfigName -PublicIPAddress $publicip -PrivateLinkConfiguration $privateLinkConfiguration
+		$fp01 = New-AzApplicationGatewayFrontendPort -Name $frontendPort01Name  -Port 80
+		$listener01 = New-AzApplicationGatewayHttpListener -Name $listener01Name -Protocol Http -FrontendIPConfiguration $fipconfig -FrontendPort $fp01
+
+		# backend part
+		# trusted root cert part
+		$certFilePath = $basedir + "/ScenarioTests/Data/ApplicationGatewayAuthCert.cer"
+		$trustedRoot01 = New-AzApplicationGatewayTrustedRootCertificate -Name $trustedRootCertName -CertificateFile $certFilePath
+		$pool = New-AzApplicationGatewayBackendAddressPool -Name $poolName -BackendIPAddresses www.microsoft.com, www.bing.com
+		$probeHttp = New-AzApplicationGatewayProbeConfig -Name $probeHttpName -Protocol Https -HostName "probe.com" -Path "/path/path.htm" -Interval 89 -Timeout 88 -UnhealthyThreshold 8 -port 1234
+		$poolSetting01 = New-AzApplicationGatewayBackendHttpSetting -Name $poolSetting01Name -Port 443 -Protocol Https -Probe $probeHttp -CookieBasedAffinity Enabled -PickHostNameFromBackendAddress -TrustedRootCertificate $trustedRoot01
+		
+		#rule
+		$rule01 = New-AzApplicationGatewayRequestRoutingRule -Name $rule01Name -RuleType basic -BackendHttpSettings $poolSetting01 -HttpListener $listener01 -BackendAddressPool $pool
+
+		# sku
+		$sku = New-AzApplicationGatewaySku -Name Standard_v2 -Tier Standard_v2
+
+		# autoscale configuration
+		$autoscaleConfig = New-AzApplicationGatewayAutoscaleConfiguration -MinCapacity 3
+
+		# Create Application Gateway
+		$appgw = New-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Zone 1,2 -Location $location -Probes $probeHttp -BackendAddressPools $pool -BackendHttpSettingsCollection $poolSetting01 -FrontendIpConfigurations $fipconfig -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $listener01 -RequestRoutingRules $rule01 -Sku $sku -TrustedRootCertificate $trustedRoot01 -AutoscaleConfiguration $autoscaleConfig -PrivateLinkConfiguration $privateLinkConfiguration
+
+		# Get Application Gateway
+		$getgw = Get-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname
+
+		# Operational State
+		Assert-AreEqual "Running" $getgw.OperationalState
+
+		# Verify PrivateLink Configuration
+		Assert-NotNull $getgw.PrivateLinkConfigurations
+		Assert-AreEqual 1 $getgw.PrivateLinkConfigurations.Count
+		$getPrivateLinkConfig = Get-AzApplicationGatewayPrivateLinkConfiguration -Name $privateLinkConfigName -ApplicationGateway $getgw
+        Assert-NotNull $getPrivateLinkConfig
+		Assert-AreEqual $getPrivateLinkConfig.IpConfigurations.Count 2
+		
+		# Verify Frontend Ip has PrivateLink Configuration
+		$getFipConfig = Get-AzApplicationGatewayFrontendIPConfig -ApplicationGateway $getgw -Name $fipconfigName
+		Assert-NotNull $getFipconfig
+		Assert-NotNull $getFipconfig.PrivateLinkConfiguration
+		Assert-AreEqual $getPrivateLinkConfig.Id $getFipconfig.PrivateLinkConfiguration.Id
+
+		# check autoscale configuration
+		$autoscaleConfig01 = Get-AzApplicationGatewayAutoscaleConfiguration -ApplicationGateway $getgw
+		Assert-NotNull $autoscaleConfig01
+		Assert-AreEqual $autoscaleConfig01.MinCapacity 3
+
+		# Set AppGw
+		$getgw01 = Set-AzApplicationGateway -ApplicationGateway $getgw
+
+		# Cannot add same PrivateLinkConfiguration
+		Assert-ThrowsLike { Add-AzApplicationGatewayPrivateLinkConfiguration -ApplicationGateway $getgw01 -Name $privateLinkConfigName -IpConfiguration $privateLinkIpConfiguration1 } "*already exists*"
+
+		# add another private link configuration and change the ip configuration
+		$getgw01 = Add-AzApplicationGatewayPrivateLinkConfiguration -ApplicationGateway $getgw01 -Name $privateLinkConfigName2 -IpConfiguration $privateLinkIpConfiguration1
+		$privateLinkIpConfiguration3 =  New-AzApplicationGatewayPrivateLinkIpConfiguration -Name $privateLinkIpConfigName3 -Subnet $plsSubnet -Primary
+		$getgw01 = Set-AzApplicationGatewayPrivateLinkConfiguration -ApplicationGateway $getgw01 -Name $privateLinkConfigName2 -IpConfiguration $privateLinkIpConfiguration3
+		$getPrivateLinkConfig = Get-AzApplicationGatewayPrivateLinkConfiguration -Name $privateLinkConfigName2 -ApplicationGateway $getgw01
+        Assert-NotNull $getPrivateLinkConfig
+		Assert-AreEqual $getPrivateLinkConfig.IpConfigurations.Count 1
+		Assert-AreEqual $getPrivateLinkConfig.IpConfigurations.Name $privateLinkIpConfigName3
+
+		# add / remove privateLinkConfiguration
+        $getgw = Set-AzApplicationGateway -ApplicationGateway $getgw01
+        $privateLinkConfigurations = Get-AzApplicationGatewayPrivateLinkConfiguration -ApplicationGateway $getgw
+        Assert-NotNull $privateLinkConfigurations
+        Assert-AreEqual $privateLinkConfigurations.Count 2
+
+        $getgw01 = Remove-AzApplicationGatewayPrivateLinkConfiguration -ApplicationGateway $getgw01 -Name $privateLinkConfigName2
+        $getgw = Set-AzApplicationGateway -ApplicationGateway $getgw01
+
+        $privateLinkConfigurations = Get-AzApplicationGatewayPrivateLinkConfiguration -ApplicationGateway $getgw
+        Assert-NotNull $privateLinkConfigurations
+        Assert-AreEqual $privateLinkConfigurations.Count 1
+
+		# Delete Application Gateway
+		Remove-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Force
+	}
+	finally
+	{
+		# Cleanup
+		Clean-ResourceGroup $rgname
+	}
+}

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayWithPrivateLinkConfiguration.json

@@ -54,6 +54,18 @@ public class AzureApplicationGatewayFrontendIPConfigBase : NetworkBaseCmdlet
             HelpMessage = "PublicIPAddress")]
         public PSPublicIpAddress PublicIPAddress { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ParameterSetName = "SetByResource",
+            HelpMessage = "PrivateLinkConfiguration")]
+        public PSApplicationGatewayPrivateLinkConfiguration PrivateLinkConfiguration { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            ParameterSetName = "SetByResourceId",
+            HelpMessage = "PrivateLinkConfigurationId")]
+        public string PrivateLinkConfigurationId { get; set; }
+
         public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
@@ -69,6 +81,11 @@ public override void ExecuteCmdlet()
                 {
                     this.PublicIPAddressId = this.PublicIPAddress.Id;
                 }
+
+                if (this.PrivateLinkConfiguration != null)
+                {
+                    this.PrivateLinkConfigurationId = this.PrivateLinkConfiguration.Id;
+                }
             }
         }
 
@@ -99,6 +116,12 @@ public PSApplicationGatewayFrontendIPConfiguration NewObject()
                 frontendIPConfig.PublicIPAddress.Id = this.PublicIPAddressId;
             }
 
+            if (!string.IsNullOrEmpty(this.PrivateLinkConfigurationId))
+            {
+                frontendIPConfig.PrivateLinkConfiguration = new PSResourceId();
+                frontendIPConfig.PrivateLinkConfiguration.Id = this.PrivateLinkConfigurationId;
+            }
+
             frontendIPConfig.Id = ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
                                     this.NetworkClient.NetworkManagementClient.SubscriptionId,
                                     Microsoft.Azure.Commands.Network.Properties.Resources.ApplicationGatewayFrontendIPConfigName,

src/Network/Network/ApplicationGateway/FrontendIPConfiguration/AzureApplicationGatewayFrontendIPConfigBase.cs

@@ -229,6 +229,9 @@ public class NewAzureApplicationGatewayCommand : ApplicationGatewayBaseCmdlet
         [ValidateNotNullOrEmpty]
         public PSApplicationGatewayCustomError[] CustomErrorConfiguration { get; set; }
 
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = "The list of privateLink Configuration")]
+        public PSApplicationGatewayPrivateLinkConfiguration[] PrivateLinkConfiguration { get; set; }
+
         public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
@@ -355,6 +358,11 @@ private PSApplicationGateway CreateApplicationGateway()
                 applicationGateway.AutoscaleConfiguration = this.AutoscaleConfiguration;
             }
 
+            if (this.PrivateLinkConfiguration != null)
+            {
+                applicationGateway.PrivateLinkConfigurations = this.PrivateLinkConfiguration?.ToList();
+            }
+
             if (this.EnableHttp2.IsPresent)
             {
                 applicationGateway.EnableHttp2 = true;

src/Network/Network/ApplicationGateway/NewAzureApplicationGatewayCommand.cs

@@ -0,0 +1,50 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System.Collections.Generic;
+using Microsoft.Azure.Commands.Network.Models;
+using System.Management.Automation;
+using System.Linq;
+using System;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet(VerbsCommon.Add, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ApplicationGatewayPrivateLinkConfiguration"), OutputType(typeof(PSApplicationGateway))]
+    public class AddAzureApplicationGatewayPrivateLinkConfigurationCommand : AzureApplicationGatewayPrivateLinkConfigurationBase
+    {
+        [Parameter(
+             Mandatory = true,
+             ValueFromPipeline = true,
+             HelpMessage = "The applicationGateway")]
+        public PSApplicationGateway ApplicationGateway { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+
+            var privateLinkConfiguration = this.ApplicationGateway.PrivateLinkConfigurations.SingleOrDefault
+                (resource => string.Equals(resource.Name, this.Name, System.StringComparison.CurrentCultureIgnoreCase));
+
+            if (privateLinkConfiguration != null)
+            {
+                throw new ArgumentException("PrivateLinkConfiguration with the specified name already exists");
+            }
+
+            privateLinkConfiguration = base.NewObject();
+            this.ApplicationGateway.PrivateLinkConfigurations.Add(privateLinkConfiguration);
+
+            WriteObject(this.ApplicationGateway);
+        }
+    }
+}

src/Network/Network/ApplicationGateway/PrivateLinkConfiguration/AddApplicationGatewayPrivateLinkConfigurationCommand.cs

@@ -0,0 +1,56 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System.Linq;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Network.Models;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    public class AzureApplicationGatewayPrivateLinkConfigurationBase : NetworkBaseCmdlet
+    {
+        [Parameter(
+                Mandatory = true,
+                HelpMessage = "The name of the privateLink configuration")]
+        [ValidateNotNullOrEmpty]
+        public string Name { get; set; }
+
+        [Parameter(
+             Mandatory = true,
+             ValueFromPipelineByPropertyName = true,
+             HelpMessage = "The list of ipConfiguration")]
+        [ValidateNotNullOrEmpty]
+        public PSApplicationGatewayPrivateLinkIpConfiguration[] IpConfiguration { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+        }
+
+        public PSApplicationGatewayPrivateLinkConfiguration NewObject()
+        {
+            var privateLinkConfiguration = new PSApplicationGatewayPrivateLinkConfiguration();
+
+            privateLinkConfiguration.Name = this.Name;
+            privateLinkConfiguration.IpConfigurations = this.IpConfiguration?.ToList();
+
+            privateLinkConfiguration.Id = ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
+                        this.NetworkClient.NetworkManagementClient.SubscriptionId,
+                        Microsoft.Azure.Commands.Network.Properties.Resources.ApplicationGatewayPrivateLinkConfigurationName,
+                        this.Name);
+
+            return privateLinkConfiguration;
+        }
+    }
+}

src/Network/Network/ApplicationGateway/PrivateLinkConfiguration/AzureApplicationGatewayPrivateLinkConfigurationBase.cs

@@ -0,0 +1,51 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Models;
+using System.Linq;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ApplicationGatewayPrivateLinkConfiguration"), OutputType(typeof(PSApplicationGatewayPrivateLinkConfiguration))]
+    public class GetAzureApplicationGatewayPrivateLinkConfigurationCommand : NetworkBaseCmdlet
+    {
+        [Parameter(
+             Mandatory = true,
+             ValueFromPipeline = true,
+             HelpMessage = "The applicationGateway")]
+        public PSApplicationGateway ApplicationGateway { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The name of the application gateway privateLink configuration")]
+        [ValidateNotNullOrEmpty]
+        public string Name { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            if (!string.IsNullOrEmpty(this.Name))
+            {
+                var privateLinkConfiguration =
+                    this.ApplicationGateway.PrivateLinkConfigurations.First(resource => string.Equals(resource.Name, this.Name, System.StringComparison.CurrentCultureIgnoreCase));
+                WriteObject(privateLinkConfiguration);
+            }
+            else
+            {
+                var privateLinkConfigurations = this.ApplicationGateway.PrivateLinkConfigurations;
+                WriteObject(privateLinkConfigurations, true);
+            }
+        }
+    }
+}