Virtual Wan P2S MultiPool feature changes (#17032)

* MultiPool feature changes Part1

* bug fix

* Command let changes

* Add change log

* Fix command let

* Test update

* Incorporate review comments

* Fixes

* Incorporate review comments

* Incorpotate review comments

* Add missing field in cmd output

* Update help files

* Minor fix

* Update help file & include new test recording with new changes covered.

* Update ChangeLog.md

Co-authored-by: Yeming Liu <[email protected]>

Author: Nilambari

src/Network/Network.Test/ScenarioTests/CortexTests.ps1

@@ -440,10 +440,12 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'Get-AzVpnConnection', 'Update-AzVpnConnection', 
                'Remove-AzVpnConnection', 'New-AzVirtualHubVnetConnection', 
                'Get-AzVirtualHubVnetConnection', 
-               'Remove-AzVirtualHubVnetConnection', 
-               'Update-AzVirtualHubVnetConnection', 'Get-AzVpnServerConfiguration', 
-               'New-AzVpnServerConfiguration', 'Remove-AzVpnServerConfiguration', 
-               'Update-AzVpnServerConfiguration', 'Get-AzP2sVpnGateway', 
+               'Remove-AzVirtualHubVnetConnection', 'Update-AzVirtualHubVnetConnection', 
+               'Get-AzVpnServerConfiguration', 'New-AzVpnServerConfiguration', 
+               'Remove-AzVpnServerConfiguration', 'Update-AzVpnServerConfiguration', 
+               'Get-AzVpnServerConfigurationPolicyGroup',
+               'New-AzVpnServerConfigurationPolicyGroup', 'Remove-AzVpnServerConfigurationPolicyGroup', 
+               'Update-AzVpnServerConfigurationPolicyGroup', 'Get-AzP2sVpnGateway',
                'Disconnect-AzP2sVpnGatewayVpnConnection', 
                'Get-AzP2sVpnGatewayConnectionHealth', 
                'Get-AzP2sVpnGatewayDetailedConnectionHealth', 

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.CortexTests/TestP2SCortexCRUD.json

@@ -29,6 +29,17 @@
     - `New-AzVirtualHub`
     - `Update-AzVirtualHub`
 * Added optional parameter `AuxiliaryMode` to cmdlet `New-AzNetworkInterface` to enable this network interface as Sirius enabled. Allowed values are None(default) and MaxConnections.
+* Multipool feature change: Updated cmdlets to add new optional property: `ConfigurationPolicyGroups` object for associating policy groups.
+    - `Update-AzVpnServerConfiguration`
+    - `New-AzVpnServerConfiguration`
+* Multipool feature change: Updated cmdlets to add new optional property: `P2SConnectionConfiguration` object for specifying multiple Connection configurations.
+    - `Update-AzP2sVpnGateway`
+    - `New-AzP2sVpnGateway`
+* Multipool feature change: Added new cmdlets to suppport CRUD of Configuration policy groups for VpnServerConfiguration.
+    - `Get-AzVpnServerConfigurationPolicyGroup`
+    - `New-AzVpnServerConfigurationPolicyGroup`
+    - `Update-AzVpnServerConfigurationPolicyGroup`
+    - `Remove-AzVpnServerConfigurationPolicyGroup`
 
 ## Version 4.16.1
 * Fixed `ArgumentNullException` in `Add-AzureRmRouteConfig` when `RouteTable.Routes` is null.

src/Network/Network/Az.Network.psd1

@@ -1235,6 +1235,8 @@ private static void Initialize()
                 // MNM to CNM
                 cfg.CreateMap<MNM.P2SVpnGateway, CNM.PSP2SVpnGateway>();
                 cfg.CreateMap<MNM.P2SConnectionConfiguration, CNM.PSP2SConnectionConfiguration>();
+                cfg.CreateMap<MNM.VpnServerConfigurationPolicyGroup, CNM.PSVpnServerConfigurationPolicyGroup>();
+                cfg.CreateMap<MNM.VpnServerConfigurationPolicyGroupMember, CNM.PSVpnServerConfigurationPolicyGroupMember>();
                 cfg.CreateMap<MNM.VpnClientConnectionHealth, CNM.PSVpnClientConnectionHealth>();
                 cfg.CreateMap<MNM.P2SVpnConnectionHealth, CNM.PSP2SVpnConnectionHealth>();
                 cfg.CreateMap<MNM.VpnProfileResponse, CNM.PSVpnProfileResponse>();
@@ -1251,6 +1253,8 @@ private static void Initialize()
                 // CNM to MNM
                 cfg.CreateMap<CNM.PSP2SVpnGateway, MNM.P2SVpnGateway>();
                 cfg.CreateMap<CNM.PSP2SConnectionConfiguration, MNM.P2SConnectionConfiguration>();
+                cfg.CreateMap<CNM.PSVpnServerConfigurationPolicyGroup, MNM.VpnServerConfigurationPolicyGroup>();
+                cfg.CreateMap<CNM.PSVpnServerConfigurationPolicyGroupMember, MNM.VpnServerConfigurationPolicyGroupMember>();
                 cfg.CreateMap<CNM.PSVpnClientConnectionHealth, MNM.VpnClientConnectionHealth>();
                 cfg.CreateMap<CNM.PSP2SVpnConnectionHealth, MNM.P2SVpnConnectionHealth>();
                 cfg.CreateMap<CNM.PSVpnProfileResponse, MNM.VpnProfileResponse>();

src/Network/Network/ChangeLog.md

@@ -126,7 +126,7 @@ public class NewAzureRmP2SVpnGatewayCommand : P2SVpnGatewayBaseCmdlet
         public string VpnServerConfigurationId { get; set; }
 
         [Parameter(
-            Mandatory = true,
+            Mandatory = false,
             HelpMessage = "P2S VpnClient AddressPool for this P2SVpnGateway P2SConnectionConfiguration.")]
         [ValidateNotNullOrEmpty]
         public string[] VpnClientAddressPool { get; set; }
@@ -157,6 +157,11 @@ public class NewAzureRmP2SVpnGatewayCommand : P2SVpnGatewayBaseCmdlet
             HelpMessage = "Flag to enable Routing Preference Internet on this P2SVpnGateway.")]
         public SwitchParameter EnableRoutingPreferenceInternetFlag { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of P2SConnectionConfigurations that this P2SVpnGateway needs to have.")]
+        public PSP2SConnectionConfiguration[] P2SConnectionConfiguration { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "A hashtable which represents resource tags.")]
@@ -211,43 +216,53 @@ public override void Execute()
             p2sVpnGateway.Location = resolvedVirtualHub.Location;
             p2sVpnGateway.VirtualHub = new PSResourceId() { Id = resolvedVirtualHub.Id };
 
-            //// Set P2SConnectionConfigurations. Currently, only one P2SConnectionConfiguration is allowed.
-            PSP2SConnectionConfiguration p2sConnectionConfig = new PSP2SConnectionConfiguration()
+            // Set P2SConnectionConfigurations.
+            p2sVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>();
+            if (this.P2SConnectionConfiguration != null && this.P2SConnectionConfiguration.Any())
+            {
+                p2sVpnGateway.P2SConnectionConfigurations.AddRange(this.P2SConnectionConfiguration);
+            }
+            else
             {
-                Name = P2SConnectionConfigurationName,
-                VpnClientAddressPool = new PSAddressSpace()
+                PSP2SConnectionConfiguration p2sConnectionConfig = new PSP2SConnectionConfiguration()
                 {
-                    AddressPrefixes = new List<string>(this.VpnClientAddressPool)
-                },                
-            };
+                    Name = P2SConnectionConfigurationName,
+                    VpnClientAddressPool = new PSAddressSpace()
+                    {
+                        AddressPrefixes = new List<string>(this.VpnClientAddressPool)
+                    },
+                };
+                p2sVpnGateway.P2SConnectionConfigurations.Add(p2sConnectionConfig);
+            }
 
             // By default EnableInternetSecurity will be true if not specified explicitly by customer.
-            p2sConnectionConfig.EnableInternetSecurity = true;
+            p2sVpnGateway.P2SConnectionConfigurations.ForEach(config => config.EnableInternetSecurity = true);
+
+            if (this.EnableInternetSecurityFlag.IsPresent && this.DisableInternetSecurityFlag.IsPresent)
+            {
+                throw new ArgumentException("Both EnableInternetSecurityFlag and DisableInternetSecurityFlag Parameters can not be passed.");
+            }
 
             if (this.EnableInternetSecurityFlag.IsPresent)
             {
-                p2sConnectionConfig.EnableInternetSecurity = true;
+                p2sVpnGateway.P2SConnectionConfigurations.ForEach(config => config.EnableInternetSecurity = true);
             }
             if (this.DisableInternetSecurityFlag.IsPresent)
             {
-                p2sConnectionConfig.EnableInternetSecurity = false;
+                p2sVpnGateway.P2SConnectionConfigurations.ForEach(config => config.EnableInternetSecurity = false);
             }
 
+            // Set Routing configuration
             if (this.RoutingConfiguration != null)
             {
                 if (this.RoutingConfiguration.VnetRoutes != null && this.RoutingConfiguration.VnetRoutes.StaticRoutes != null && this.RoutingConfiguration.VnetRoutes.StaticRoutes.Any())
                 {
                     throw new PSArgumentException(Properties.Resources.StaticRoutesNotSupportedForThisRoutingConfiguration);
                 }
-
-                p2sConnectionConfig.RoutingConfiguration = RoutingConfiguration;
+                
+                p2sVpnGateway.P2SConnectionConfigurations.ForEach(config => config.RoutingConfiguration = RoutingConfiguration);
             }
 
-            p2sVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>()
-            {
-                p2sConnectionConfig
-            };
-
             //// Scale unit, if specified
             p2sVpnGateway.VpnGatewayScaleUnit = 0;
             if (this.VpnGatewayScaleUnit > 0)

src/Network/Network/Common/NetworkResourceManagerProfile.cs

@@ -112,6 +112,11 @@ public class UpdateAzureRmP2SVpnGatewayCommand : P2SVpnGatewayBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string[] VpnClientAddressPool { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of P2SConnectionConfigurations that this P2SVpnGateway needs to have.")]
+        public PSP2SConnectionConfiguration[] P2SConnectionConfiguration { get; set; }
+
         [Parameter(
             Mandatory = false,
             ValueFromPipeline = true,
@@ -215,28 +220,36 @@ public override void Execute()
                 existingP2SVpnGateway.VpnGatewayScaleUnit = Convert.ToInt32(this.VpnGatewayScaleUnit);
             }
 
-            //// Modify the P2SConnectionConfigurations
-            if (existingP2SVpnGateway.P2SConnectionConfigurations == null || !existingP2SVpnGateway.P2SConnectionConfigurations.Any())
+            // Modify the P2SConnectionConfigurations
+            if (this.P2SConnectionConfiguration != null)
             {
-                PSP2SConnectionConfiguration p2sConnectionConfig = new PSP2SConnectionConfiguration()
+                existingP2SVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>();
+                existingP2SVpnGateway.P2SConnectionConfigurations.AddRange(this.P2SConnectionConfiguration);
+            }
+            else
+            {
+                if (existingP2SVpnGateway.P2SConnectionConfigurations == null || !existingP2SVpnGateway.P2SConnectionConfigurations.Any())
                 {
-                    Name = P2SConnectionConfigurationName,
-                    VpnClientAddressPool = new PSAddressSpace()
+                    PSP2SConnectionConfiguration p2sConnectionConfig = new PSP2SConnectionConfiguration()
                     {
-                        AddressPrefixes = new List<string>()
-                    }
-                };
+                        Name = P2SConnectionConfigurationName,
+                        VpnClientAddressPool = new PSAddressSpace()
+                        {
+                            AddressPrefixes = new List<string>()
+                        }
+                    };
 
-                existingP2SVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>()
+                    existingP2SVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>()
                     {
                         p2sConnectionConfig
                     };
-            }
+                }
 
-            if (this.VpnClientAddressPool != null)
-            {
-                existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes.Clear();
-                existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes = new List<string>(this.VpnClientAddressPool);
+                if (this.VpnClientAddressPool != null)
+                {
+                    existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes.Clear();
+                    existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes = new List<string>(this.VpnClientAddressPool);
+                }
             }
 
             if (this.EnableInternetSecurityFlag.IsPresent && this.DisableInternetSecurityFlag.IsPresent)
@@ -246,12 +259,12 @@ public override void Execute()
 
             if (this.EnableInternetSecurityFlag.IsPresent)
             {
-                existingP2SVpnGateway.P2SConnectionConfigurations[0].EnableInternetSecurity = true;
+                existingP2SVpnGateway.P2SConnectionConfigurations.ForEach(config => config.EnableInternetSecurity = true);
             }
 
             if (this.DisableInternetSecurityFlag.IsPresent)
             {
-                existingP2SVpnGateway.P2SConnectionConfigurations[0].EnableInternetSecurity = false;
+                existingP2SVpnGateway.P2SConnectionConfigurations.ForEach(config => config.EnableInternetSecurity = false);
             }
 
             if (this.RoutingConfiguration != null)
@@ -261,7 +274,7 @@ public override void Execute()
                     throw new PSArgumentException(Properties.Resources.StaticRoutesNotSupportedForThisRoutingConfiguration);
                 }
 
-                existingP2SVpnGateway.P2SConnectionConfigurations[0].RoutingConfiguration = RoutingConfiguration;
+                existingP2SVpnGateway.P2SConnectionConfigurations.ForEach(config => config.RoutingConfiguration = RoutingConfiguration);
             }
 
             // Set the custom dns servers, if it is specified by customer.

src/Network/Network/Cortex/P2SVpnGateway/NewAzureRmP2sVpnGatewayCommand.cs

@@ -133,6 +133,11 @@ public class NewAzureRmVpnServerConfigurationCommand : VpnServerConfigurationBas
             HelpMessage = "A list of IPSec policies for VpnServerConfiguration.")]
         public PSIpsecPolicy[] VpnClientIpsecPolicy { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of VpnServerConfigurationPolicyGroups that this P2SVpnGateway needs to have.")]
+        public PSVpnServerConfigurationPolicyGroup[] ConfigurationPolicyGroup { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "A hashtable which represents resource tags.")]
@@ -171,7 +176,8 @@ public override void Execute()
                 this.AadTenant,
                 this.AadAudience,
                 this.AadIssuer,
-                this.VpnClientIpsecPolicy);
+                this.VpnClientIpsecPolicy,
+                this.ConfigurationPolicyGroup);
 
             ConfirmAction(
                 Properties.Resources.CreatingResourceMessage,

src/Network/Network/Cortex/P2SVpnGateway/UpdateAzureRmP2SVpnGatewayCommand.cs

@@ -242,6 +242,11 @@ public class UpdateAzureRmVpnServerConfigurationCommand : VpnServerConfiguration
              HelpMessage = "A list of IPSec policies for VpnServerConfiguration.")]
         public PSIpsecPolicy[] VpnClientIpsecPolicy { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of VpnServerConfigurationPolicyGroups that this P2SVpnGateway needs to have.")]
+        public PSVpnServerConfigurationPolicyGroup[] ConfigurationPolicyGroup { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "A hashtable which represents resource tags.")]
@@ -296,6 +301,13 @@ public override void Execute()
                 vpnServerConfigurationToUpdate.VpnClientIpsecPolicies = new List<PSIpsecPolicy>(this.VpnClientIpsecPolicy);
             }
 
+            // Modify the vpnServerConfigurationPolicyGroups
+            if (this.ConfigurationPolicyGroup != null)
+            {
+                vpnServerConfigurationToUpdate.ConfigurationPolicyGroups = new List<PSVpnServerConfigurationPolicyGroup>();
+                vpnServerConfigurationToUpdate.ConfigurationPolicyGroups.AddRange(this.ConfigurationPolicyGroup);
+            }
+
             // VpnAuthenticationType = Certificate related validations.
             if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes == null ||
                 (vpnServerConfigurationToUpdate.VpnAuthenticationTypes != null && vpnServerConfigurationToUpdate.VpnAuthenticationTypes.Contains(MNM.VpnAuthenticationType.Certificate)))

src/Network/Network/Cortex/VpnServerConfiguration/NewAzureRmVpnServerConfigurationCommand.cs

@@ -110,7 +110,8 @@ public PSVpnServerConfiguration CreateVpnServerConfigurationObject(
             string aadTenant,
             string aadAudience,
             string aadIssuer,
-            PSIpsecPolicy[] vpnClientIpsecPolicy)
+            PSIpsecPolicy[] vpnClientIpsecPolicy,
+            PSVpnServerConfigurationPolicyGroup[] configurationPolicyGroups)
         {
             if (vpnProtocol != null)
             {
@@ -127,6 +128,13 @@ public PSVpnServerConfiguration CreateVpnServerConfigurationObject(
                 vpnServerConfiguration.VpnClientIpsecPolicies = new List<PSIpsecPolicy>(vpnClientIpsecPolicy);
             }
 
+            // VpnServerConfigurationPolicyGroups, if specified
+            vpnServerConfiguration.ConfigurationPolicyGroups = new List<PSVpnServerConfigurationPolicyGroup>();
+            if (configurationPolicyGroups != null && configurationPolicyGroups.Any())
+            {
+                vpnServerConfiguration.ConfigurationPolicyGroups.AddRange(configurationPolicyGroups);
+            }
+
             // VpnAuthenticationType = Certificate related validations.
             if (vpnAuthenticationType == null ||
                 (vpnAuthenticationType != null && vpnAuthenticationType.Contains(MNM.VpnAuthenticationType.Certificate)))