VPN NAT for Virtual WAN feature changes (#13943)

* VPN NAT for Virtual WAN feature changes

* Fix help files & network nuget package version update in related test projects

* Fix help files

* Update existing test with Gateway NAT feature changes validations

* Test fix

* Incorporate code review comments

* Test changes

* Latest test recording

* Remove local package

Co-authored-by: Yeming Liu <[email protected]>

Author: Nilambari

src/Network/Network.Test/ScenarioTests/CortexTests.cs

@@ -27,7 +27,7 @@ public CortexTests(ITestOutputHelper output)
         {
         }
 
-        [Fact(Skip = "Authentication failed for auxiliary token: The '1' auxiliary tokens contains duplicates which are from the same tenant.")]
+        [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         [Trait(Category.Owner, NrpTeamAlias.brooklynft)]
         public void TestCortexCRUD()

src/Network/Network.Test/ScenarioTests/CortexTests.ps1

@@ -421,6 +421,8 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'Reset-AzVpnGateway', 'Get-AzVpnGateway', 'Update-AzVpnGateway', 
                'Remove-AzVpnGateway', 'Start-AzVpnGatewayPacketCapture', 
                'Stop-AzVpnGatewayPacketCapture', 
+               'New-AzVpnGatewayNatRule', 'Update-AzVpnGatewayNatRule', 
+               'Remove-AzVpnGatewayNatRule', 'Get-AzVpnGatewayNatRule',
                'Start-AzVpnConnectionPacketCapture', 
                'Stop-AzVpnConnectionPacketCapture', 'New-AzVpnSite', 
                'New-AzVpnSiteLink', 'New-AzVpnSiteLinkConnection', 'Get-AzVpnSite', 

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.CortexTests/TestCortexCRUD.json

@@ -19,6 +19,15 @@
 --->
 
 ## Upcoming Release
+* Added new cmdlets for CRUD of VpnGatewayNATRule.
+    - `New-AzAzVpnGatewayNatRule`
+    - `Update-AzAzVpnGatewayNatRule`
+    - `Get-AzAzVpnGatewayNatRule`
+    - `Remove-AzAzVpnGatewayNatRule`	
+* Updated cmdlets to set NATRule on VpnGateway resource and associate it with VpnSiteLinkConnection resource.
+    - `New-AzVpnGateway`
+    - `Update-AzVpnGateway`	
+    - `New-AzVpnSiteLinkConnection`
 * Updated cmdlets to enable setting of ConnectionMode on Virtual Network Gateway Connections.
     - `New-AzVirtualNetworkGatewayConnection`
     - `Set-AzVirtualNetworkGatewayConnection`

src/Network/Network/Az.Network.psd1

@@ -1094,6 +1094,8 @@ private static void Initialize()
                 cfg.CreateMap<CNM.PSVirtualHubRouteTable, MNM.VirtualHubRouteTableV2>();
                 cfg.CreateMap<CNM.PSVirtualHubRoute, MNM.VirtualHubRouteV2>();
                 cfg.CreateMap<CNM.PSVpnGateway, MNM.VpnGateway>();
+                cfg.CreateMap<CNM.PSVpnGatewayNatRule, MNM.VpnGatewayNatRule>();
+                cfg.CreateMap<CNM.PSVpnNatRuleMapping, MNM.VpnNatRuleMapping>();
                 cfg.CreateMap<CNM.PSVpnGatewayIpConfiguration, MNM.VpnGatewayIpConfiguration>();
                 cfg.CreateMap<CNM.PSVpnSiteLinkConnection, MNM.VpnSiteLinkConnection>();
                 cfg.CreateMap<CNM.PSVpnSiteLink, MNM.VpnSiteLink>();
@@ -1128,6 +1130,8 @@ private static void Initialize()
                 cfg.CreateMap<MNM.VirtualHubRouteTableV2, CNM.PSVirtualHubRouteTable>();
                 cfg.CreateMap<MNM.VirtualHubRouteV2, CNM.PSVirtualHubRoute>();
                 cfg.CreateMap<MNM.VpnGateway, CNM.PSVpnGateway>();
+                cfg.CreateMap<MNM.VpnGatewayNatRule, CNM.PSVpnGatewayNatRule>();
+                cfg.CreateMap<MNM.VpnNatRuleMapping, CNM.PSVpnNatRuleMapping>();
                 cfg.CreateMap<MNM.VpnGatewayIpConfiguration, CNM.PSVpnGatewayIpConfiguration>();
                 cfg.CreateMap<MNM.VpnConnection, CNM.PSVpnConnection>();
                 cfg.CreateMap<MNM.VpnSite, CNM.PSVpnSite>().AfterMap((src, dest) =>

src/Network/Network/ChangeLog.md

@@ -76,5 +76,9 @@ internal static class CortexParameterSetNames
         internal const string ByVHubRouteTableObject = "ByVHubRouteTableObject";
         internal const string ByVHubRouteTableResourceId = "ByVHubRouteTableResourceId";
         internal const string ByVHubRouteTableName = "ByVHubRouteTableName";
+
+        internal const string ByVpnGatewayNatRuleObject = "ByVpnGatewayNatRuleObject";
+        internal const string ByVpnGatewayNatRuleResourceId = "ByVpnGatewayNatRuleResourceId";
+        internal const string ByVpnGatewayNatRuleName = "ByVpnGatewayNatRuleName";
     }
 }

src/Network/Network/Common/NetworkResourceManagerProfile.cs

@@ -6,6 +6,7 @@
     using MNM = Microsoft.Azure.Management.Network.Models;
     using System.Security;
     using Microsoft.WindowsAzure.Commands.Common;
+    using System.Linq;
 
     [Cmdlet(
         VerbsCommon.New,
@@ -73,6 +74,16 @@ public class NewAzVpnSiteLinkConnectionCommand : NetworkBaseCmdlet
             HelpMessage = "Use policy based traffic selectors for this link connection.")]
         public SwitchParameter UsePolicyBasedTrafficSelectors { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of ingress NAT rules that are associated with this link Connection.")]
+        public PSResourceId[] IngressNatRule { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of egress  NAT rules that are associated with this link Connection.")]
+        public PSResourceId[] EgressNatRule { get; set; }
+
         public override void Execute()
         {
             base.Execute();
@@ -83,7 +94,9 @@ public override void Execute()
                 EnableBgp = this.EnableBgp.IsPresent,
                 UseLocalAzureIpAddress = this.UseLocalAzureIpAddress.IsPresent,
                 UsePolicyBasedTrafficSelectors = this.UsePolicyBasedTrafficSelectors.IsPresent,
-                RoutingWeight = Convert.ToInt32(this.RoutingWeight)
+                RoutingWeight = Convert.ToInt32(this.RoutingWeight),
+                IngressNatRules = IngressNatRule?.ToList(),
+                EgressNatRules = EgressNatRule?.ToList()
             };
 
             if (this.VpnSiteLink == null)

src/Network/Network/Cortex/CortexParameterSetNames.cs

@@ -86,6 +86,11 @@ public class NewAzureRmVpnGatewayCommand : VpnGatewayBaseCmdlet
            HelpMessage = "Flag to enable Routing Preference Internet on this VpnGateway.")]
         public SwitchParameter EnableRoutingPreferenceInternetFlag { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of VpnGatewayNatRules that are associated with this VpnGateway.")]
+        public PSVpnGatewayNatRule[] VpnGatewayNatRule { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "A hashtable which represents resource tags.")]
@@ -146,6 +151,13 @@ public override void Execute()
                 vpnGateway.Connections.AddRange(this.VpnConnection);
             }
 
+            //// VpnGatewayNatRules, if specified
+            vpnGateway.NatRules = new List<PSVpnGatewayNatRule>();
+            if (this.VpnGatewayNatRule != null && this.VpnGatewayNatRule.Any())
+            {
+                vpnGateway.NatRules.AddRange(this.VpnGatewayNatRule);
+            }
+
             //// Scale unit, if specified
             vpnGateway.VpnGatewayScaleUnit = 0;
             if (this.VpnGatewayScaleUnit > 0)

src/Network/Network/Cortex/VpnConnection/NewAzVpnSiteLinkConnectionCommand.cs

@@ -76,6 +76,11 @@ public class UpdateAzureRmVpnGatewayCommand : VpnGatewayBaseCmdlet
             HelpMessage = "The list of VpnConnections that this VpnGateway needs to have.")]
         public PSVpnConnection[] VpnConnection { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of VpnGatewayNatRules that are associated with this VpnGateway.")]
+        public PSVpnGatewayNatRule[] VpnGatewayNatRule { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "The scale unit for this VpnGateway.")]
@@ -135,6 +140,13 @@ public override void Execute()
                 existingVpnGateway.Connections.AddRange(this.VpnConnection);
             }
 
+            //// Modify the natRules
+            existingVpnGateway.NatRules = new List<PSVpnGatewayNatRule>();
+            if (this.VpnGatewayNatRule != null && this.VpnGatewayNatRule.Any())
+            {
+                existingVpnGateway.NatRules.AddRange(this.VpnGatewayNatRule);
+            }
+
             //// Modify BgpPeeringAddress
             if (this.BgpPeeringAddress != null)
             {

src/Network/Network/Cortex/VpnGateway/NewAzureRmVpnGatewayCommand.cs

@@ -0,0 +1,109 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+namespace Microsoft.Azure.Commands.Network.Cortex.VpnGateway
+{
+    using AutoMapper;
+    using System;
+    using System.Collections;
+    using System.Collections.Generic;
+    using System.Management.Automation;
+    using System.Security;
+    using Microsoft.Azure.Commands.Network.Models;
+    using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
+    using Microsoft.Azure.Management.Network;
+    using Microsoft.WindowsAzure.Commands.Common;
+    using MNM = Microsoft.Azure.Management.Network.Models;
+    using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+    using System.Linq;
+    using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+
+    [Cmdlet(VerbsCommon.Get,
+        ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VpnGatewayNatRule",
+        DefaultParameterSetName = CortexParameterSetNames.ByVpnGatewayName),
+        OutputType(typeof(PSVpnGatewayNatRule))]
+    public class GetAzureRmVpnGatewayNatRuleCommand : VpnGatewayNatRuleBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = true,
+            ParameterSetName = CortexParameterSetNames.ByVpnGatewayName,
+            HelpMessage = "The resource group name.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty]
+        public string ResourceGroupName { get; set; }
+
+        [Alias("ParentVpnGatewayName", "VpnGatewayName")]
+        [Parameter(
+            Mandatory = true,
+            ParameterSetName = CortexParameterSetNames.ByVpnGatewayName,
+            HelpMessage = "The parent resource name.")]
+        [ResourceNameCompleter("Microsoft.Network/vpnGateways", "ResourceGroupName")]
+        [ValidateNotNullOrEmpty]
+        public string ParentResourceName { get; set; }
+
+        [Alias("ParentVpnGateway", "VpnGateway")]
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipeline = true,
+            ParameterSetName = CortexParameterSetNames.ByVpnGatewayObject,
+            HelpMessage = "The parent VpnGateway for this VpnGatewayNatRule.")]
+        [ValidateNotNullOrEmpty]
+        public PSVpnGateway ParentObject { get; set; }
+
+        [Alias("ParentVpnGatewayId", "VpnGatewayId")]
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipelineByPropertyName = true,
+            ParameterSetName = CortexParameterSetNames.ByVpnGatewayResourceId,
+            HelpMessage = "The resource id of the parent VpnGateway for this VpnGatewayNatRule.")]
+        [ValidateNotNullOrEmpty]
+        [ResourceIdCompleter("Microsoft.Network/vpnGateways")]
+        public string ParentResourceId { get; set; }
+
+        [Alias("ResourceName", "VpnGatewayNatRuleName")]
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The resource name.")]
+        [ResourceNameCompleter("Microsoft.Network/vpnGateways/natRules", "ResourceGroupName", "ParentResourceName")]
+        [ValidateNotNullOrEmpty]
+        [SupportsWildcards]
+        public string Name { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+
+            if (ParameterSetName.Equals(CortexParameterSetNames.ByVpnGatewayObject, StringComparison.OrdinalIgnoreCase))
+            {
+                this.ResourceGroupName = this.ParentObject.ResourceGroupName;
+                this.ParentResourceName = this.ParentObject.Name;
+            }
+            else if (ParameterSetName.Equals(CortexParameterSetNames.ByVpnGatewayResourceId, StringComparison.OrdinalIgnoreCase))
+            {
+                var parsedResourceId = new ResourceIdentifier(this.ParentResourceId);
+                this.ResourceGroupName = parsedResourceId.ResourceGroupName;
+                this.ParentResourceName = parsedResourceId.ResourceName;
+            }
+
+            if (ShouldGetByName(ResourceGroupName, Name))
+            {
+                WriteObject(this.GetVpnGatewayNatRule(this.ResourceGroupName, this.ParentResourceName, this.Name));
+            }
+            else
+            {
+                WriteObject(SubResourceWildcardFilter(Name, this.ListVpnGatewayNatRules(this.ResourceGroupName, this.ParentResourceName)), true);
+            }
+        }
+    }
+}