Merge pull request #2684 from vinatara/dev

Changes for end to end ssl and SSLPolicy in application gateways

Author: markcowl

src/ResourceManager/Compute/Commands.Compute.Test/Commands.Compute.Test.csproj

@@ -67,8 +67,8 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.13.0.4-prerelease\lib\net45\Microsoft.Azure.Management.Compute.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Microsoft.Azure.Management.Network, Version=5.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.5.0.1-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath>
+    <Reference Include="Microsoft.Azure.Management.Network">
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.6.0.2-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Storage, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">

src/ResourceManager/Compute/Commands.Compute.Test/packages.config

@@ -7,7 +7,7 @@
   <package id="Microsoft.Azure.Graph.RBAC" version="3.1.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Compute" version="13.0.4-prerelease" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Network" version="5.0.1-preview" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Network" version="6.0.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Storage" version="4.1.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.Framework" version="1.0.6052.28118-prerelease" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.HttpRecorder" version="1.6.7-preview" targetFramework="net45" />

src/ResourceManager/Compute/Commands.Compute/Commands.Compute.csproj

@@ -80,8 +80,8 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.13.0.4-prerelease\lib\net45\Microsoft.Azure.Management.Compute.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Microsoft.Azure.Management.Network, Version=5.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.5.0.1-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath>
+    <Reference Include="Microsoft.Azure.Management.Network">
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.6.0.2-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Storage">

src/ResourceManager/Compute/Commands.Compute/packages.config

@@ -9,7 +9,7 @@
   <package id="Microsoft.Azure.KeyVault.Core" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Compute" version="13.0.4-prerelease" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Network" version="5.0.1-preview" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Network" version="6.0.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Storage" version="4.1.0-preview" targetFramework="net45" />
   <package id="Microsoft.Bcl" version="1.1.9" targetFramework="net45" />
   <package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net45" />

src/ResourceManager/Network/Commands.Network.Test/Commands.Network.Test.csproj

@@ -63,8 +63,8 @@
     <Reference Include="Microsoft.Azure.Management.Authorization">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.2.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Azure.Management.Network, Version=5.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.5.0.1-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath>
+    <Reference Include="Microsoft.Azure.Management.Network">
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.6.0.2-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.ResourceManager">
@@ -183,6 +183,9 @@
     <None Include="ScenarioTests\ApplicationGatewayTests.ps1">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="ScenarioTests\Data\ApplicationGatewayAuthCert.cer">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="ScenarioTests\Common.ps1">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/ApplicationGatewayTests.cs

@@ -12,6 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using System;
 using Microsoft.Azure.ServiceManagemenet.Common.Models;
 using Microsoft.WindowsAzure.Commands.ScenarioTest;
 using Microsoft.WindowsAzure.Commands.Test.Utilities.Common;
@@ -31,7 +32,7 @@ public ApplicationGatewayTests(ITestOutputHelper output)
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestApplicationGatewayCRUD()
         {
-            NetworkResourcesController.NewInstance.RunPsTest("Test-ApplicationGatewayCRUD");
+            NetworkResourcesController.NewInstance.RunPsTest(string.Format("Test-ApplicationGatewayCRUD -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
         }
     }
 }

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -18,6 +18,11 @@ Application gateway tests
 #>
 function Test-ApplicationGatewayCRUD
 {
+	param 
+	( 
+		$basedir = ".\" 
+	) 
+
 	# Setup	
 
 	$rglocation = Get-ProviderLocation ResourceManagement
@@ -45,7 +50,8 @@ function Test-ApplicationGatewayCRUD
 	$rule02Name = Get-ResourceName
 	$nic01Name = Get-ResourceName
 	$nic02Name = Get-ResourceName
-    
+    $authCertName = Get-ResourceName
+
 	try 
 	{
 		# Create the resource group
@@ -80,8 +86,10 @@ function Test-ApplicationGatewayCRUD
 		$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name $frontendPort01Name  -Port 80
 		$fp02 = New-AzureRmApplicationGatewayFrontendPort -Name $frontendPort02Name  -Port 8080
 
+		$authCertFilePath = $basedir + "\ScenarioTests\Data\ApplicationGatewayAuthCert.cer"
+		$authcert01 = New-AzureRmApplicationGatewayAuthenticationCertificate -Name $authCertName -CertificateFile $authCertFilePath
 		$poolSetting01 = New-AzureRmApplicationGatewayBackendHttpSettings -Name $poolSetting01Name -Port 80 -Protocol Http -CookieBasedAffinity Disabled 
-		$poolSetting02 = New-AzureRmApplicationGatewayBackendHttpSettings -Name $poolSetting02Name -Port 80 -Protocol Http -CookieBasedAffinity Enabled
+		$poolSetting02 = New-AzureRmApplicationGatewayBackendHttpSettings -Name $poolSetting02Name -Port 443 -Protocol Https -CookieBasedAffinity Enabled -AuthenticationCertificates $authcert01
 
 		$listener01 = New-AzureRmApplicationGatewayHttpListener -Name $listener01Name -Protocol Http -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01
 		$listener02 = New-AzureRmApplicationGatewayHttpListener -Name $listener02Name -Protocol Http -FrontendIPConfiguration $fipconfig02 -FrontendPort $fp02
@@ -90,9 +98,11 @@ function Test-ApplicationGatewayCRUD
 		$rule02 = New-AzureRmApplicationGatewayRequestRoutingRule -Name $rule02Name -RuleType basic -BackendHttpSettings $poolSetting02 -HttpListener $listener02 -BackendAddressPool $pool
 
 		$sku = New-AzureRmApplicationGatewaySku -Name Standard_Small -Tier Standard -Capacity 2
+		
+		$sslPolicy = New-AzureRmApplicationGatewaySslPolicy -DisabledSslProtocols TLSv1_0, TLSv1_1
 
 		# Create Application Gateway
-		$appgw = New-AzureRmApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Location $location -BackendAddressPools $pool, $nicPool -BackendHttpSettingsCollection $poolSetting01, $poolSetting02 -FrontendIpConfigurations $fipconfig01, $fipconfig02  -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01, $fp02 -HttpListeners $listener01, $listener02 -RequestRoutingRules $rule01, $rule02 -Sku $sku
+		$appgw = New-AzureRmApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Location $location -BackendAddressPools $pool, $nicPool -BackendHttpSettingsCollection $poolSetting01, $poolSetting02 -FrontendIpConfigurations $fipconfig01, $fipconfig02  -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01, $fp02 -HttpListeners $listener01, $listener02 -RequestRoutingRules $rule01, $rule02 -Sku $sku -SslPolicy $sslPolicy -AuthenticationCertificates $authcert01
 
 		# Get Application Gateway
 		$getgw =  Get-AzureRmApplicationGateway -Name $appgwName -ResourceGroupName $rgname

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/Data/ApplicationGatewayAuthCert.cer

@@ -6,7 +6,7 @@
   <package id="Microsoft.Azure.Gallery" version="2.6.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Graph.RBAC" version="3.1.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Network" version="5.0.1-preview" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Network" version="6.0.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.20.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.Framework" version="1.0.6052.28118-prerelease" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.HttpRecorder" version="1.6.7-preview"  targetFramework="net45" />

src/ResourceManager/Network/Commands.Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayCRUD.json

@@ -86,6 +86,15 @@ public static void NormalizeChildResourcesId(PSApplicationGateway applicationGat
                 }
             }
 
+            // Normalize AuthenticationCertificates
+            if (applicationGateway.AuthenticationCertificates != null)
+            {
+                foreach (var authCertificate in applicationGateway.AuthenticationCertificates)
+                {
+                    authCertificate.Id = string.Empty;
+                }
+            }
+
             // Normalize FrontendIpConfiguration
             if (applicationGateway.FrontendIPConfigurations != null)
             {
@@ -136,6 +145,16 @@ public static void NormalizeChildResourcesId(PSApplicationGateway applicationGat
                                                     applicationGateway.ResourceGroupName,
                                                     applicationGateway.Name);
                     }
+                    if (null != backendHttpSettings.AuthenticationCertificates)
+                    {
+                        foreach (var authCert in backendHttpSettings.AuthenticationCertificates)
+                        {
+                            authCert.Id = NormalizeApplicationGatewayNameChildResourceIds(
+                                                    authCert.Id,
+                                                    applicationGateway.ResourceGroupName,
+                                                    applicationGateway.Name);
+                        }
+                    }
                 }
             }
 

src/ResourceManager/Network/Commands.Network.Test/packages.config

@@ -0,0 +1,52 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Models;
+using System;
+using System.Linq;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet(VerbsCommon.Add, "AzureRmApplicationGatewayAuthenticationCertificate", SupportsShouldProcess = true), 
+        OutputType(typeof(PSApplicationGateway))]
+    public class AddAzureApplicationGatewayAuthenticationCertificateCommand : AzureApplicationGatewayAuthenticationCertificateBase
+    {
+        [Parameter(
+             Mandatory = true,
+             ValueFromPipeline = true,
+             HelpMessage = "The applicationGateway")]
+        public PSApplicationGateway ApplicationGateway { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+
+            if (ShouldProcess(Name, Microsoft.Azure.Commands.Network.Properties.Resources.CreatingResourceMessage))
+            {
+                var authCertificate = this.ApplicationGateway.AuthenticationCertificates.SingleOrDefault(resource => string.Equals(resource.Name, this.Name, System.StringComparison.CurrentCultureIgnoreCase));
+
+                if (authCertificate != null)
+                {
+                    throw new ArgumentException("Authentication certificate with the specified name already exists");
+                }
+
+                authCertificate = base.NewObject();
+                this.ApplicationGateway.AuthenticationCertificates.Add(authCertificate);
+
+                WriteObject(this.ApplicationGateway);
+            }
+        }
+    }
+}

src/ResourceManager/Network/Commands.Network/ApplicationGateway/ApplicationGatewayChildResourceHelper.cs

@@ -0,0 +1,53 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Models;
+using System;
+using System.Management.Automation;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    public class AzureApplicationGatewayAuthenticationCertificateBase : NetworkBaseCmdlet
+    {
+        [Parameter(
+               Mandatory = true,
+               HelpMessage = "The name of the authentication certificate")]
+        [ValidateNotNullOrEmpty]
+        public string Name { get; set; }
+
+        [Parameter(
+               Mandatory = true,
+               HelpMessage = "Path of certificate CER file")]
+        [ValidateNotNullOrEmpty]
+        public string CertificateFile { get; set; }
+
+        public PSApplicationGatewayAuthenticationCertificate NewObject()
+        {
+            X509Certificate2 cert = new X509Certificate2(CertificateFile);
+
+            var authCertificate = new PSApplicationGatewayAuthenticationCertificate();
+
+            authCertificate.Name = this.Name;
+            authCertificate.Data = Convert.ToBase64String(cert.Export(X509ContentType.Cert));
+            authCertificate.Id =
+                ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
+                    this.NetworkClient.NetworkManagementClient.SubscriptionId,
+                    Microsoft.Azure.Commands.Network.Properties.Resources.ApplicationGatewayAuthenticationCertificateName,
+                    this.Name);
+
+            return authCertificate;
+        }
+    }
+}

src/ResourceManager/Network/Commands.Network/ApplicationGateway/AuthenticationCertificate/AddAzureApplicationGatewayAuthenticationCertificateCommand.cs

@@ -0,0 +1,59 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Models;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet(VerbsCommon.Get, "AzureRmApplicationGatewayAuthenticationCertificate"),
+        OutputType(typeof(PSApplicationGatewayAuthenticationCertificate), typeof(IEnumerable<PSApplicationGatewayAuthenticationCertificate>))]
+    public class GetAzureApplicationGatewayAuthenticationCertificateCommand : NetworkBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The name of the authentication certificate")]
+        [ValidateNotNullOrEmpty]
+        public string Name { get; set; }
+
+        [Parameter(
+             Mandatory = true,
+             ValueFromPipeline = true,
+             HelpMessage = "The applicationGateway")]
+        public PSApplicationGateway ApplicationGateway { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+
+            if (!string.IsNullOrEmpty(this.Name))
+            {
+                var authCertificate =
+                    this.ApplicationGateway.AuthenticationCertificates.First(
+                        resource =>
+                            string.Equals(resource.Name, this.Name, System.StringComparison.CurrentCultureIgnoreCase));
+
+                WriteObject(authCertificate);
+            }
+            else
+            {
+                var authCertificates = this.ApplicationGateway.AuthenticationCertificates;
+                WriteObject(authCertificates, true);
+            }
+
+        }
+    }
+}

src/ResourceManager/Network/Commands.Network/ApplicationGateway/AuthenticationCertificate/AzureApplicationGatewayAuthenticationCertificateBase.cs

@@ -0,0 +1,33 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Models;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet(VerbsCommon.New, "AzureRmApplicationGatewayAuthenticationCertificate", SupportsShouldProcess = true), 
+        OutputType(typeof(PSApplicationGatewayAuthenticationCertificate))]
+    public class NewAzureApplicationGatewayAuthenticationCertificateCommand : AzureApplicationGatewayAuthenticationCertificateBase
+    {
+        public override void ExecuteCmdlet()
+        {
+            if (ShouldProcess(Name, Microsoft.Azure.Commands.Network.Properties.Resources.CreatingResourceMessage))
+            {
+                base.ExecuteCmdlet();
+                WriteObject(base.NewObject());
+            }
+        }
+    }
+}