Skip to content

Commit 7bf263d

Browse files
authored
New packet capture Cmdlet for Network Module: VpnConnection and VpnGateway Resource (#12809)
* squash commit * add security
1 parent d747cc0 commit 7bf263d

16 files changed

+18509
-0
lines changed

src/Network/Network.Test/ScenarioTests/CortexTests.cs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,5 +90,21 @@ public void TestVHubRouteTableCRUD()
9090
{
9191
TestRunner.RunTestScript("Test-VHubRouteTableCRUD");
9292
}
93+
94+
[Fact]
95+
[Trait(Category.AcceptanceType, Category.CheckIn)]
96+
[Trait(Category.Owner, NrpTeamAlias.brooklynft)]
97+
public void TestVpnGatewayPacketCapture()
98+
{
99+
TestRunner.RunTestScript("Test-VpnGatewayPacketCapture");
100+
}
101+
102+
[Fact]
103+
[Trait(Category.AcceptanceType, Category.CheckIn)]
104+
[Trait(Category.Owner, NrpTeamAlias.brooklynft)]
105+
public void TestVpnConnectionPacketCapture()
106+
{
107+
TestRunner.RunTestScript("Test-VpnConnectionPacketCapture");
108+
}
93109
}
94110
}

src/Network/Network.Test/ScenarioTests/CortexTests.ps1

Lines changed: 235 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -801,6 +801,241 @@ function Test-CortexExpressRouteCRUD
801801
}
802802
}
803803

804+
<#
805+
.SYNOPSIS
806+
create a vpn gateway and start packet capture
807+
#>
808+
function Test-VpnGatewayPacketCapture
809+
{
810+
# Setup
811+
$rgName = Get-ResourceName
812+
$rglocation = Get-ProviderLocation ResourceManagement "West Central US"
813+
$virtualWanName = Get-ResourceName
814+
$virtualHubName = Get-ResourceName
815+
$vpnGatewayName = Get-ResourceName
816+
817+
try
818+
{
819+
# Create the resource group
820+
$resourceGroup = New-AzResourceGroup -Name $rgName -Location $rglocation
821+
822+
# Create the Virtual Wan
823+
$createdVirtualWan = New-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName -Location $rglocation -AllowVnetToVnetTraffic -AllowBranchToBranchTraffic
824+
$virtualWan = Get-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName
825+
Assert-AreEqual $rgName $virtualWan.ResourceGroupName
826+
Assert-AreEqual $virtualWanName $virtualWan.Name
827+
Assert-AreEqual $true $virtualWan.AllowVnetToVnetTraffic
828+
Assert-AreEqual $true $virtualWan.AllowBranchToBranchTraffic
829+
830+
# Create the Virtual Hub
831+
$createdVirtualHub = New-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName -Location $rglocation -AddressPrefix "10.0.0.0/16" -VirtualWan $virtualWan
832+
$virtualHub = Get-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName
833+
Assert-AreEqual $rgName $virtualHub.ResourceGroupName
834+
Assert-AreEqual $virtualHubName $virtualHub.Name
835+
Assert-AreEqual "10.0.0.0/16" $virtualHub.AddressPrefix
836+
837+
# Create the VpnGateway
838+
$createdVpnGateway = New-AzVpnGateway -ResourceGroupName $rgName -Name $vpnGatewayName -VirtualHub $virtualHub -VpnGatewayScaleUnit 3
839+
Assert-AreEqual $rgName $createdVpnGateway.ResourceGroupName
840+
Assert-AreEqual $vpnGatewayName $createdVpnGateway.Name
841+
Assert-AreEqual 3 $createdVpnGateway.VpnGatewayScaleUnit
842+
843+
#create SAS URL
844+
if ((Get-NetworkTestMode) -ne 'Playback')
845+
{
846+
$storetype = 'Standard_GRS'
847+
$containerName = "testcontainer"
848+
$storeName = 'sto' + $rgname;
849+
New-AzStorageAccount -ResourceGroupName $rgname -Name $storeName -Location $rglocation -Type $storetype
850+
$key = Get-AzStorageAccountKey -ResourceGroupName $rgname -Name $storeName
851+
$context = New-AzStorageContext -StorageAccountName $storeName -StorageAccountKey $key[0].Value
852+
New-AzStorageContainer -Name $containerName -Context $context
853+
$container = Get-AzStorageContainer -Name $containerName -Context $context
854+
$now=get-date
855+
$sasurl = New-AzStorageContainerSASToken -Name $containerName -Context $context -Permission "rwd" -StartTime $now.AddHours(-1) -ExpiryTime $now.AddDays(1) -FullUri
856+
}
857+
else
858+
{
859+
$sasurl = "https://storage/test123?sp=racwdl&stvigopKcy"
860+
}
861+
862+
#StartPacketCapture on gateway with Name parameter
863+
$output = Start-AzVpnGatewayPacketCapture -ResourceGroupName $rgname -Name $vpnGatewayName
864+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
865+
Assert-AreEqual $createdVpnGateway.Name $output.Name
866+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
867+
Assert-AreEqual $createdVpnGateway.Location $output.Location
868+
Assert-AreEqual $output.Code "Succeeded"
869+
870+
#StopPacketCapture on gateway with Name parameter
871+
$output = Stop-AzVpnGatewayPacketCapture -ResourceGroupName $rgname -Name $vpnGatewayName -SasUrl $sasurl
872+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
873+
Assert-AreEqual $createdVpnGateway.Name $output.Name
874+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
875+
Assert-AreEqual $createdVpnGateway.Location $output.Location
876+
Assert-AreEqual $output.Code "Succeeded"
877+
878+
#StartPacketCapture on gateway object
879+
$a="{`"TracingFlags`":11,`"MaxPacketBufferSize`":120,`"MaxFileSize`":500,`"Filters`":[{`"SourceSubnets`":[`"10.19.0.4/32`",`"10.20.0.4/32`"],`"DestinationSubnets`":[`"10.20.0.4/32`",`"10.19.0.4/32`"],`"IpSubnetValueAsAny`":true,`"TcpFlags`":-1,`"PortValueAsAny`":true,`"CaptureSingleDirectionTrafficOnly`":true}]}"
880+
$output = Start-AzVpnGatewayPacketCapture -InputObject $createdVpnGateway -FilterData $a
881+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
882+
Assert-AreEqual $createdVpnGateway.Name $output.Name
883+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
884+
Assert-AreEqual $createdVpnGateway.Location $output.Location
885+
Assert-AreEqual $output.Code "Succeeded"
886+
887+
#StopPacketCapture on gateway object
888+
$output = Stop-AzVpnGatewayPacketCapture -InputObject $createdVpnGateway -SasUrl $sasurl
889+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
890+
Assert-AreEqual $createdVpnGateway.Name $output.Name
891+
Assert-AreEqual $createdVpnGateway.ResourceGroupName $output.ResourceGroupName
892+
Assert-AreEqual $createdVpnGateway.Location $output.Location
893+
Assert-AreEqual $output.Code "Succeeded"
894+
895+
# Delete the resources
896+
$delete = Remove-AzVpnGateway -ResourceGroupName $rgName -Name $vpnGatewayName -Force -PassThru
897+
Assert-AreEqual $True $delete
898+
899+
$delete = Remove-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName -Force -PassThru
900+
Assert-AreEqual $True $delete
901+
902+
$delete = Remove-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName -Force -PassThru
903+
Assert-AreEqual $True $delete
904+
}
905+
finally
906+
{
907+
Clean-ResourceGroup $rgname
908+
}
909+
}
910+
911+
<#
912+
.SYNOPSIS
913+
CortexCRUD
914+
#>
915+
function Test-VpnConnectionPacketCapture
916+
{
917+
# Setup
918+
$rgName = Get-ResourceName
919+
$rglocation = Get-ProviderLocation ResourceManagement "East US"
920+
921+
$virtualWanName = Get-ResourceName
922+
$virtualHubName = Get-ResourceName
923+
$vpnSiteName = Get-ResourceName
924+
$vpnGatewayName = Get-ResourceName
925+
$remoteVirtualNetworkName = Get-ResourceName
926+
$vpnConnectionName = Get-ResourceName
927+
$hubVnetConnectionName = Get-ResourceName
928+
$vpnSiteLink1Name = Get-ResourceName
929+
$vpnSiteLink2Name = Get-ResourceName
930+
$vpnLink1ConnectionName = Get-ResourceName
931+
$vpnLink2ConnectionName = Get-ResourceName
932+
$storeName = 'blob' + $rgName
933+
934+
try
935+
{
936+
# Create the resource group
937+
$resourceGroup = New-AzResourceGroup -Name $rgName -Location $rglocation
938+
939+
# Create the Virtual Wan
940+
$createdVirtualWan = New-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName -Location $rglocation -AllowVnetToVnetTraffic -AllowBranchToBranchTraffic
941+
$virtualWan = Get-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName
942+
Assert-AreEqual $rgName $virtualWan.ResourceGroupName
943+
Assert-AreEqual $virtualWanName $virtualWan.Name
944+
945+
# Create the Virtual Hub
946+
$createdVirtualHub = New-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName -Location $rglocation -AddressPrefix "192.168.1.0/24" -VirtualWan $virtualWan
947+
$virtualHub = Get-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName
948+
Assert-AreEqual $rgName $virtualHub.ResourceGroupName
949+
Assert-AreEqual $virtualHubName $virtualHub.Name
950+
Assert-AreEqual "192.168.1.0/24" $virtualHub.AddressPrefix
951+
952+
# Create the VpnSite with Links
953+
$vpnSiteAddressSpaces = New-Object string[] 2
954+
$vpnSiteAddressSpaces[0] = "192.169.2.0/24"
955+
$vpnSiteAddressSpaces[1] = "192.169.3.0/24"
956+
$vpnSiteLink1 = New-AzVpnSiteLink -Name $vpnSiteLink1Name -IpAddress "5.5.5.5" -LinkProviderName "SomeTelecomProvider1" -LinkSpeedInMbps "10"
957+
$vpnSiteLink2 = New-AzVpnSiteLink -Name $vpnSiteLink2Name -IpAddress "5.5.5.6" -LinkProviderName "SomeTelecomProvider2" -LinkSpeedInMbps "10"
958+
959+
$createdVpnSite = New-AzVpnSite -ResourceGroupName $rgName -Name $vpnSiteName -Location $rglocation -VirtualWan $virtualWan -AddressSpace $vpnSiteAddressSpaces -DeviceModel "SomeDevice" -DeviceVendor "SomeDeviceVendor" -VpnSiteLink @($vpnSiteLink1, $vpnSiteLink2)
960+
Assert-AreEqual $rgName $createdVpnSite.ResourceGroupName
961+
Assert-AreEqual $vpnSiteName $createdVpnSite.Name
962+
Assert-AreEqual 2 $createdVpnSite.VpnSiteLinks.Count
963+
964+
# Create the VpnGateway
965+
$createdVpnGateway = New-AzVpnGateway -ResourceGroupName $rgName -Name $vpnGatewayName -VirtualHub $virtualHub -VpnGatewayScaleUnit 3
966+
Assert-AreEqual $rgName $createdVpnGateway.ResourceGroupName
967+
Assert-AreEqual $vpnGatewayName $createdVpnGateway.Name
968+
Assert-AreEqual 3 $createdVpnGateway.VpnGatewayScaleUnit
969+
970+
971+
# Create the VpnConnection with site with links
972+
$vpnSiteLinkConnection1 = New-AzVpnSiteLinkConnection -Name $vpnLink1ConnectionName -VpnSiteLink $createdVpnSite.VpnSiteLinks[0] -ConnectionBandwidth 100
973+
$vpnSiteLinkConnection2 = New-AzVpnSiteLinkConnection -Name $vpnLink2ConnectionName -VpnSiteLink $createdVpnSite.VpnSiteLinks[1] -ConnectionBandwidth 10
974+
975+
$createdVpnConnection = New-AzVpnConnection -ResourceGroupName $rgName -ParentResourceName $vpnGatewayName -Name $vpnConnectionName -VpnSite $createdVpnSite -VpnSiteLinkConnection @($vpnSiteLinkConnection1, $vpnSiteLinkConnection2)
976+
977+
#create SAS URL
978+
if ((Get-NetworkTestMode) -ne 'Playback')
979+
{
980+
$storetype = 'Standard_GRS'
981+
$containerName = "testcontainer"
982+
$storeName = 'sto2' + $rgname;
983+
New-AzStorageAccount -ResourceGroupName $rgname -Name $storeName -Location $rglocation -Type $storetype
984+
$key = Get-AzStorageAccountKey -ResourceGroupName $rgname -Name $storeName
985+
$context = New-AzStorageContext -StorageAccountName $storeName -StorageAccountKey $key[0].Value
986+
New-AzStorageContainer -Name $containerName -Context $context
987+
$container = Get-AzStorageContainer -Name $containerName -Context $context
988+
$now=get-date
989+
$sasurl = New-AzStorageContainerSASToken -Name $containerName -Context $context -Permission "rwd" -StartTime $now.AddHours(-1) -ExpiryTime $now.AddDays(1) -FullUri
990+
}
991+
else
992+
{
993+
$sasurl = "https://storage/test123?sp=racwdl&stvigopKcy"
994+
}
995+
996+
$SiteLinkConnections = $vpnSiteLinkConnection1.Name + "," + $vpnSiteLinkConnection2.Name
997+
# StartPacketCapture on VpnConnection with Name parameter
998+
$output = Start-AzVpnConnectionPacketCapture -ResourceGroupName $rgname -Name $vpnConnectionName -ParentResourceName $vpnGatewayName -LinkConnectionName $SiteLinkConnections
999+
Assert-AreEqual $createdVpnConnection.Name $output.Name
1000+
Assert-AreEqual $output.Code "Succeeded"
1001+
1002+
#StopPacketCapture on VpnConnection with Name parameter
1003+
$output = Stop-AzVpnConnectionPacketCapture -ResourceGroupName $rgname -Name $vpnConnectionName -ParentResourceName $vpnGatewayName -SasUrl $sasurl -LinkConnectionName $SiteLinkConnections
1004+
Assert-AreEqual $createdVpnConnection.Name $output.Name
1005+
Assert-AreEqual $output.Code "Succeeded"
1006+
1007+
#StartPacketCapture on gateway object with filterData
1008+
$a="{`"TracingFlags`":11,`"MaxPacketBufferSize`":120,`"MaxFileSize`":500,`"Filters`":[{`"SourceSubnets`":[`"10.19.0.4/32`",`"10.20.0.4/32`"],`"DestinationSubnets`":[`"10.20.0.4/32`",`"10.19.0.4/32`"],`"IpSubnetValueAsAny`":true,`"TcpFlags`":-1,`"PortValueAsAny`":true,`"CaptureSingleDirectionTrafficOnly`":true}]}"
1009+
$output = Start-AzVpnConnectionPacketCapture -InputObject $createdVpnConnection -FilterData $a -LinkConnectionName $SiteLinkConnections
1010+
Assert-AreEqual $createdVpnConnection.Name $output.Name
1011+
Assert-AreEqual $output.Code "Succeeded"
1012+
1013+
#StopPacketCapture on gateway object
1014+
$output = Stop-AzVpnConnectionPacketCapture -InputObject $createdVpnConnection -SasUrl $sasurl -LinkConnectionName $SiteLinkConnections
1015+
Assert-AreEqual $createdVpnConnection.Name $output.Name
1016+
Assert-AreEqual $output.Code "Succeeded"
1017+
1018+
$delete = Remove-AzVpnConnection -ResourceGroupName $rgName -ParentResourceName $vpnGatewayName -Name $vpnConnectionName -Force -PassThru
1019+
Assert-AreEqual $True $delete
1020+
1021+
$delete = Remove-AzVpnGateway -ResourceGroupName $rgName -Name $vpnGatewayName -Force -PassThru
1022+
Assert-AreEqual $True $delete
1023+
1024+
$delete = Remove-AzVpnSite -ResourceGroupName $rgName -Name $vpnSiteName -Force -PassThru
1025+
Assert-AreEqual $True $delete
1026+
1027+
$delete = Remove-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName -Force -PassThru
1028+
Assert-AreEqual $True $delete
1029+
1030+
$delete = Remove-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName -Force -PassThru
1031+
Assert-AreEqual $True $delete
1032+
}
1033+
finally
1034+
{
1035+
Clean-ResourceGroup $rgname
1036+
}
1037+
}
1038+
8041039
<#
8051040
.SYNOPSIS
8061041
Disconnect site to site vpn gateway BgpSettings

0 commit comments

Comments
 (0)