Updated Set-AzVirtualNetworkSubnetConfig to allow NSG and Route Table to be removed from subnet (#12351)

* Updated Set-AzVirtualNetworkSubnetConfig to allow NSG and Route Table to be removed from subnet

* Update ChangeLog.md

* Edited to set NSG and route table properties to null if explictly set in parameters

* Removed unneeded using directive and used BoundParameters.ContainsKey

* Added ScenarioTests: Test-subnetNetworkSecurityGroupCRUD and Test-subnetRouteTableCRUD

* Fixed ScenarioTests and added SessionRecords .json files

* Added reference to resolved issue #9718 in ChangeLog.md

Co-authored-by: Yunchi Wang <[email protected]>

Author: CloudPlatformer

src/Network/Network.Test/ScenarioTests/VirtualNetworkTests.cs

@@ -66,6 +66,22 @@ public void TestVirtualNetworkSubnetDelegationCRUD()
             TestRunner.RunTestScript("Test-subnetDelegationCRUD");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.sdnnrp)]
+        public void TestVirtualNetworkSubnetNetworkSecurityGroupCRUD()
+        {
+            TestRunner.RunTestScript("Test-subnetNetworkSecurityGroupCRUD");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.sdnnrp)]
+        public void TestVirtualNetworkSubnetRouteTableCRUD()
+        {
+            TestRunner.RunTestScript("Test-subnetRouteTableCRUD");
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         [Trait(Category.Owner, NrpTeamAlias.sdnnrp)]

src/Network/Network.Test/ScenarioTests/VirtualNetworkTests.ps1

@@ -333,6 +333,206 @@ function Test-subnetDelegationCRUD
     }
 }
 
+<#
+.SYNOPSIS
+Tests creating new virtualNetwork w/ network security group associated and disassociated from subnets.
+.DESCRIPTION
+SmokeTest
+#>
+function Test-subnetNetworkSecurityGroupCRUD {
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $vnetName = Get-ResourceName
+    $subnet1Name = Get-ResourceName
+    $subnet2Name = Get-ResourceName
+    $subnet3Name = Get-ResourceName
+    $networkSecurityGroupName = Get-ResourceName
+    $rglocation = Get-ProviderLocation ResourceManagement
+    $resourceTypeParent = "Microsoft.Network/virtualNetworks"
+    $location = Get-ProviderLocation $resourceTypeParent
+    
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" } 
+        
+        # Create a network security group
+        $networkSecurityGroup = New-AzNetworkSecurityGroup -Name $networkSecurityGroupName -ResourceGroupName $rgname -Location $location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix 10.0.1.0/24 -NetworkSecurityGroup $networkSecurityGroup
+        New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+        $vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+        
+        # Add subnets
+        $vnet | Add-AzVirtualNetworkSubnetConfig -Name $subnet2Name -AddressPrefix 10.0.2.0/24
+        $vnet | Add-AzVirtualNetworkSubnetConfig -Name $subnet3Name -AddressPrefix 10.0.3.0/24
+        
+        # Set VirtualNetwork
+        $vnet | Set-AzVirtualNetwork
+        
+        # Get VirtualNetwork
+        $vnetExpected = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+
+        Assert-AreEqual 3 $vnetExpected.Subnets.Count
+        Assert-AreEqual $subnet1Name $vnetExpected.Subnets[0].Name
+        Assert-AreEqual 1 $vnetExpected.Subnets[0].NetworkSecurityGroup.Count
+        Assert-AreEqual $subnet2Name $vnetExpected.Subnets[1].Name
+        Assert-AreEqual 0 $vnetExpected.Subnets[1].NetworkSecurityGroup.Count
+        Assert-AreEqual $subnet3Name $vnetExpected.Subnets[2].Name
+        Assert-AreEqual 0 $vnetExpected.Subnets[2].NetworkSecurityGroup.Count
+
+        # Associate a network security group to a subnet using the NetworkSecurityGroup parameter
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet2Name -VirtualNetwork $vnet -AddressPrefix 10.0.2.0/24 -NetworkSecurityGroup $networkSecurityGroup
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        # Associate a network security group to a subnet using the NetworkSecurityGroupId parameter
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet3Name -VirtualNetwork $vnet -AddressPrefix 10.0.3.0/24 -NetworkSecurityGroupId $networkSecurityGroup.Id
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        $vnetExpected = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+        Assert-AreEqual 3 $vnetExpected.Subnets.Count
+        Assert-AreEqual 1 $vnetExpected.Subnets[0].NetworkSecurityGroup.Count
+        Assert-AreEqual $networkSecurityGroup.Id $vnetExpected.Subnets[0].NetworkSecurityGroup.Id
+        Assert-AreEqual 1 $vnetExpected.Subnets[1].NetworkSecurityGroup.Count
+        Assert-AreEqual $networkSecurityGroup.Id $vnetExpected.Subnets[1].NetworkSecurityGroup.Id
+        Assert-AreEqual 1 ($vnetExpected.Subnets[2].NetworkSecurityGroup).Count
+        Assert-AreEqual $networkSecurityGroup.Id $vnetExpected.Subnets[2].NetworkSecurityGroup.Id
+
+        # Get subnets
+        $subnet1 = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig -Name $subnet1Name
+        Assert-AreEqual 1 $subnet1.NetworkSecurityGroup.Count
+        $subnet2 = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig -Name $subnet2Name
+        Assert-AreEqual 1 $subnet2.NetworkSecurityGroup.Count
+        $subnet3 = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig -Name $subnet3Name
+        Assert-AreEqual 1 $subnet3.NetworkSecurityGroup.Count
+        $subnetAll = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig
+
+        Assert-AreEqual 3 $subnetAll.Count
+
+        # Disassociate a network security group with the NetworkSecurityGroup parameter as $null
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet1Name -VirtualNetwork $vnet -AddressPrefix 10.0.1.0/24 -NetworkSecurityGroup $null
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        # Disassociate a network security group with the NetworkSecurityGroupId parameter as $null
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet2Name -VirtualNetwork $vnet -AddressPrefix 10.0.2.0/24 -NetworkSecurityGroupId $null
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        # Disassociate a network security group with the NetworkSecurityGroupId parameter as an empty string
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet3Name -VirtualNetwork $vnet -AddressPrefix 10.0.3.0/24 -NetworkSecurityGroupId ""
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+        
+        $vnetExpected = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+        Assert-AreEqual 3 $vnetExpected.Subnets.Count
+        Assert-AreEqual 0 $vnetExpected.Subnets[0].NetworkSecurityGroup.Count
+        Assert-AreEqual 0 $vnetExpected.Subnets[1].NetworkSecurityGroup.Count
+        Assert-AreEqual 0 $vnetExpected.Subnets[2].NetworkSecurityGroup.Count
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}
+
+<#
+.SYNOPSIS
+Tests creating new virtualNetwork w/ route table associated and disassoicated from subnets.
+.DESCRIPTION
+SmokeTest
+#>
+function Test-subnetRouteTableCRUD {
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $vnetName = Get-ResourceName
+    $subnet1Name = Get-ResourceName
+    $subnet2Name = Get-ResourceName
+    $subnet3Name = Get-ResourceName
+    $routeTableName = Get-ResourceName
+    $rglocation = Get-ProviderLocation ResourceManagement
+    $resourceTypeParent = "Microsoft.Network/virtualNetworks"
+    $location = Get-ProviderLocation $resourceTypeParent
+    
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" } 
+        
+        # Create a route table
+        $routeTable = New-AzRouteTable -Name $routeTableName -ResourceGroupName $rgname -Location $location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix 10.0.1.0/24 -RouteTable $routeTable
+        New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+        $vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+        
+        # Add subnets
+        $vnet | Add-AzVirtualNetworkSubnetConfig -Name $subnet2Name -AddressPrefix 10.0.2.0/24
+        $vnet | Add-AzVirtualNetworkSubnetConfig -Name $subnet3Name -AddressPrefix 10.0.3.0/24
+        
+        # Set VirtualNetwork
+        $vnet | Set-AzVirtualNetwork
+        
+        # Get VirtualNetwork
+        $vnetExpected = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+
+        Assert-AreEqual 3 $vnetExpected.Subnets.Count
+        Assert-AreEqual $subnet1Name $vnetExpected.Subnets[0].Name
+        Assert-AreEqual 1 $vnetExpected.Subnets[0].RouteTable.Count
+        Assert-AreEqual $subnet2Name $vnetExpected.Subnets[1].Name
+        Assert-AreEqual 0 $vnetExpected.Subnets[1].RouteTable.Count
+        Assert-AreEqual $subnet3Name $vnetExpected.Subnets[2].Name
+        Assert-AreEqual 0 $vnetExpected.Subnets[2].RouteTable.Count
+
+        # Associate a route table to a subnet using the RouteTable parameter
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet2Name -VirtualNetwork $vnet -AddressPrefix 10.0.2.0/24 -RouteTable $routeTable
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        # Associate a route table to a subnet using the RouteTableId parameter
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet3Name -VirtualNetwork $vnet -AddressPrefix 10.0.3.0/24 -RouteTableId $routeTable.Id
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        $vnetExpected = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+        Assert-AreEqual 3 $vnetExpected.Subnets.Count
+        Assert-AreEqual 1 $vnetExpected.Subnets[0].RouteTable.Count
+        Assert-AreEqual $routeTable.Id $vnetExpected.Subnets[0].RouteTable.Id
+        Assert-AreEqual 1 $vnetExpected.Subnets[1].RouteTable.Count
+        Assert-AreEqual $routeTable.Id $vnetExpected.Subnets[1].RouteTable.Id
+        Assert-AreEqual 1 $vnetExpected.Subnets[2].RouteTable.Count
+        Assert-AreEqual $routeTable.Id $vnetExpected.Subnets[2].RouteTable.Id
+
+        # Get subnets
+        $subnet1 = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig -Name $subnet1Name
+        Assert-AreEqual 1 $subnet1.RouteTable.Count
+        $subnet2 = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig -Name $subnet2Name
+        Assert-AreEqual 1 $subnet2.RouteTable.Count
+        $subnet3 = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig -Name $subnet3Name
+        Assert-AreEqual 1 $subnet3.RouteTable.Count
+        $subnetAll = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname | Get-AzVirtualNetworkSubnetConfig
+
+        Assert-AreEqual 3 $subnetAll.Count
+
+        # Disassociate a route table with the RouteTable parameter as $null
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet1Name -VirtualNetwork $vnet -AddressPrefix 10.0.1.0/24 -RouteTable $null
+        $vnet = Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        # Disassociate a route table with the RouteTableId parameter as $null
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet2Name -VirtualNetwork $vnet -AddressPrefix 10.0.2.0/24 -RouteTableId $null
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+
+        # Disassociate a route table with the RouteTableId parameter as an empty string
+        Set-AzVirtualNetworkSubnetConfig -Name $subnet3Name -VirtualNetwork $vnet -AddressPrefix 10.0.3.0/24 -RouteTableId ""
+        Set-AzVirtualNetwork -VirtualNetwork $vnet
+        
+        $vnetExpected = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+        Assert-AreEqual 3 $vnetExpected.Subnets.Count
+        Assert-AreEqual 0 $vnetExpected.Subnets[0].RouteTable.Count
+        Assert-AreEqual 0 $vnetExpected.Subnets[1].RouteTable.Count
+        Assert-AreEqual 0 $vnetExpected.Subnets[2].RouteTable.Count
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}
+
 <#
 .SYNOPSIS
 Tests creating new simple virtualNetwork and subnets.

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkTests/TestVirtualNetworkSubnetNetworkSecurityGroupCRUD.json

@@ -45,6 +45,8 @@
 * Onboarded Application Gateway to Private Link Common Cmdlets
 * Onboarded StorageSync to Private Link Common Cmdlets
 * Onboarded SignalR to Private Link Common Cmdlets
+* Updated `Set-AzVirtualNetworkSubnetConfig`
+    - Set NSG and Route Table properties of subnet to null if explicitly set in parameters[#1548][#9718]
 
 ## Version 3.1.0
 * Added support for AddressPrefixType parameter to `Remove-AzExpressRouteCircuitConnectionConfig`

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkTests/TestVirtualNetworkSubnetRouteTableCRUD.json

@@ -17,7 +17,6 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Management.Automation;
-using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 
 namespace Microsoft.Azure.Commands.Network
 {
@@ -54,11 +53,19 @@ public override void Execute()
                 {
                     this.NetworkSecurityGroupId = this.NetworkSecurityGroup.Id;
                 }
+                else if (this.MyInvocation.BoundParameters.ContainsKey("NetworkSecurityGroup"))
+                {
+                    this.NetworkSecurityGroupId = null;
+                }
 
                 if (this.RouteTable != null)
                 {
                     this.RouteTableId = this.RouteTable.Id;
                 }
+                else if (this.MyInvocation.BoundParameters.ContainsKey("RouteTable"))
+                {
+                    this.RouteTableId = null;
+                }
             }
 
             subnet.AddressPrefix = this.AddressPrefix?.ToList();
@@ -76,12 +83,20 @@ public override void Execute()
                 subnet.NetworkSecurityGroup = new PSNetworkSecurityGroup();
                 subnet.NetworkSecurityGroup.Id = this.NetworkSecurityGroupId;
             }
+            else if (this.MyInvocation.BoundParameters.ContainsKey("NetworkSecurityGroup") || this.MyInvocation.BoundParameters.ContainsKey("NetworkSecurityGroupId"))
+            {
+                subnet.NetworkSecurityGroup = null;
+            }
 
             if (!string.IsNullOrEmpty(this.RouteTableId))
             {
                 subnet.RouteTable = new PSRouteTable();
                 subnet.RouteTable.Id = this.RouteTableId;
             }
+            else if (this.MyInvocation.BoundParameters.ContainsKey("RouteTable") || this.MyInvocation.BoundParameters.ContainsKey("RouteTableId"))
+            {
+                subnet.RouteTable = null;
+            }
 
             if (this.ServiceEndpoint != null)
             {