Adding Private Range (No SNAT) Support to Firewall Policies (#14577)

* Add Azure Route Server CRUD cmdlets to deprecate Virtual Router cmdlets (#14036)

* change name from virtual router to route server

* add test records

* fix warning

* delete unused import

* no snat private ranges

* adding private range in firewall policies

* using AzPSArgumentException instead of PSArgumentException

* using Resources.resx for AzPSArgumentException

* reverting changes in Resources.Designer.cs that is not related to my code

* adding help instruction for set-AzFirewallPolicy

* updated changeLog

Co-authored-by: litchiyangMSFT <[email protected]>

Author: kenchenMicrosoft

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.cs

@@ -132,5 +132,13 @@ public void TestAzureFirewallPolicyPremiumWithTerminateTLSEnabledAndTargetUrls()
         {
             TestRunner.RunTestScript("Test-AzureFirewallPolicyPremiumWithTerminateTLSEnabledAndTargetUrls");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallPolicyPrivateRangeCRUD()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallPolicyPrivateRangeCRUD");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1

@@ -1417,4 +1417,48 @@ function Test-AzureFirewallPolicyPremiumFeatures {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+<#
+.SYNOPSIS
+Tests AzureFirewall Policy PrivateRange
+#>
+function Test-AzureFirewallPolicyPrivateRangeCRUD {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallPolicyName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/FirewallPolicies"
+    $location = "westus2"
+    $vnetName = Get-ResourceName
+    $privateRange2 = @("IANAPrivateRanges", "0.0.0.0/0", "66.92.0.0/16")
+    $privateRange1 = @("3.3.0.0/24", "98.0.0.0/8")
+    $privateRange2Translated = @("0.0.0.0/0", "66.92.0.0/16", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10")
+
+    try {
+
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
+        
+        # Create AzureFirewallPolicy (with no rules, ThreatIntel is in Alert mode by default)
+        $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -PrivateRange $privateRange1
+
+        # Get AzureFirewallPolicy
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+
+        #verification
+        Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
+        Assert-AreEqual $azureFirewallPolicyName $getAzureFirewallPolicy.Name
+        Assert-NotNull $getAzureFirewallPolicy.Location
+        Assert-AreEqual (Normalize-Location $location) $getAzureFirewallPolicy.Location
+        Assert-AreEqualArray $privateRange1 $getAzureFirewallPolicy.PrivateRange
+
+        # Modify
+        $azureFirewallPolicy.PrivateRange = $privateRange2
+        Set-AzFirewallPolicy -InputObject $azureFirewallPolicy
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+        Assert-AreEqualArray $privateRange2Translated $getAzureFirewallPolicy.PrivateRange
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }