Skip to content

Commit 891996d

Browse files
NilambariNilambari
authored
Enable internet security feature for VirtualWan P2SVpnGateway client connections and expose Reset operations for VirtualWan P2SVpnGateway & VpnGateway resources. (#12449)
* Enable Internet security for Point to site clients feature changes * Added help files. * Incorporate code review comments * Enable test * Adding latest test recording * Skip failing unrelated SignalR test.
1 parent 2db6556 commit 891996d

File tree

14 files changed

+9841
-27881
lines changed

14 files changed

+9841
-27881
lines changed

src/Network/Network.Test/ScenarioTests/CortexTests.ps1

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,14 @@ function Test-CortexCRUD
176176

177177
$vpnGatewaysAll = Get-AzureRmVpnGateway
178178
Assert-NotNull $vpnGatewaysAll
179+
180+
# Reset/Reboot the VpnGateway using Reset-AzVpnGateway
181+
$job = Reset-AzVpnGateway -VpnGateway $vpnGateway -AsJob
182+
$job | Wait-Job
183+
$actual = $job | Receive-Job
184+
185+
$vpnGateway = Get-AzVpnGateway -ResourceGroupName $rgName -Name $vpnGatewayName
186+
Assert-AreEqual "Succeeded" $vpnGateway.ProvisioningState
179187

180188
# Create the VpnConnection
181189
$createdVpnConnection = New-AzVpnConnection -ResourceGroupName $rgName -ParentResourceName $vpnGatewayName -Name $vpnConnectionName -VpnSite $vpnSite -ConnectionBandwidth 20 -UseLocalAzureIpAddress
@@ -548,10 +556,9 @@ function Test-CortexExpressRouteCRUD
548556
$vpnClientAddressSpaces = New-Object string[] 2
549557
$vpnClientAddressSpaces[0] = "192.168.2.0/24"
550558
$vpnClientAddressSpaces[1] = "192.168.3.0/24"
551-
$customDnsServers = New-Object string[] 2
559+
$customDnsServers = New-Object string[] 1
552560
$customDnsServers[0] = "7.7.7.7"
553-
$customDnsServers[1] = "8.8.8.8"
554-
$createdP2SVpnGateway = New-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName -VirtualHub $virtualHub -VpnGatewayScaleUnit 1 -VpnClientAddressPool $vpnClientAddressSpaces -VpnServerConfiguration $vpnServerConfig1 -CustomDnsServer $customDnsServers
561+
$createdP2SVpnGateway = New-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName -VirtualHub $virtualHub -VpnGatewayScaleUnit 1 -VpnClientAddressPool $vpnClientAddressSpaces -VpnServerConfiguration $vpnServerConfig1 -CustomDnsServer $customDnsServers -EnableInternetSecurityFlag
555562
Assert-AreEqual "Succeeded" $createdP2SVpnGateway.ProvisioningState
556563

557564
# Get the created P2SVpnGateway using Get-AzP2sVpnGateway
@@ -560,9 +567,17 @@ function Test-CortexExpressRouteCRUD
560567
Assert-AreEqual $P2SvpnGatewayName $P2SVpnGateway.Name
561568
Assert-AreEqual $vpnServerConfig1.Id $P2SVpnGateway.VpnServerConfiguration.Id
562569
Assert-AreEqual "Succeeded" $P2SVpnGateway.ProvisioningState
563-
Assert-AreEqual 2 @($P2SVpnGateway.CustomDnsServers).Count
570+
Assert-AreEqual 1 @($P2SVpnGateway.CustomDnsServers).Count
564571
Assert-AreEqual "7.7.7.7" $P2SVpnGateway.CustomDnsServers[0]
565-
Assert-AreEqual "8.8.8.8" $P2SVpnGateway.CustomDnsServers[1]
572+
Assert-AreEqual $True $P2SVpnGateway.P2SConnectionConfigurations[0].EnableInternetSecurity
573+
574+
# Reset/Reboot the P2SVpnGateway using Reset-AzP2sVpnGateway
575+
$job = Reset-AzP2sVpnGateway -P2SVpnGateway $P2SVpnGateway -AsJob
576+
$job | Wait-Job
577+
$actual = $job | Receive-Job
578+
579+
$P2SVpnGateway = Get-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName
580+
Assert-AreEqual "Succeeded" $P2SVpnGateway.ProvisioningState
566581

567582
# Get all associated VpnServerConfigurations at Wan level using Get-AzVirtualWanVpnServerConfiguration
568583
$associatedVpnServerConfigs = Get-AzVirtualWanVpnServerConfiguration -Name $virtualWanName -ResourceGroupName $rgName
@@ -620,7 +635,7 @@ function Test-CortexExpressRouteCRUD
620635

621636
# Update existing P2SVpnGateway with new VpnClientAddressPool and CustomDnsServers using Update-AzP2sVpnGateway
622637
$vpnClientAddressSpaces[1] = "192.168.4.0/24"
623-
$updatedP2SVpnGateway = Update-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName -VpnClientAddressPool $vpnClientAddressSpaces -CustomDnsServer 9.9.9.9
638+
$updatedP2SVpnGateway = Update-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName -VpnClientAddressPool $vpnClientAddressSpaces -CustomDnsServer 9.9.9.9 -DisableInternetSecurityFlag
624639

625640
$P2SVpnGateway = Get-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName
626641
Assert-AreEqual $P2SvpnGatewayName $P2SVpnGateway.Name
@@ -630,6 +645,7 @@ function Test-CortexExpressRouteCRUD
630645
Assert-AreEqual $setVpnClientAddressSpacesString $P2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes
631646
Assert-AreEqual 1 @($P2SVpnGateway.CustomDnsServers).Count
632647
Assert-AreEqual "9.9.9.9" $P2SVpnGateway.CustomDnsServers[0]
648+
Assert-AreEqual $false $P2SVpnGateway.P2SConnectionConfigurations[0].EnableInternetSecurity
633649

634650
# Update existing P2SVpnGateway to remove the CustomDnsServers
635651
$P2SVpnGateway = Get-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.CortexTests/TestP2SCortexCRUD.json

Lines changed: 9257 additions & 27822 deletions
Large diffs are not rendered by default.

src/Network/Network/Az.Network.psd1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -399,7 +399,7 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
399399
'Remove-AzVirtualHub', 'Set-AzVirtualHub', 'New-AzVirtualHubRoute',
400400
'Add-AzVirtualHubRoute', 'New-AzVirtualHubRouteTable',
401401
'Add-AzVirtualHubRouteTable', 'Get-AzVirtualHubRouteTable',
402-
'Remove-AzVirtualHubRouteTable', 'New-AzVpnGateway',
402+
'Remove-AzVirtualHubRouteTable', 'New-AzVpnGateway', 'Reset-AzVpnGateway',
403403
'Get-AzVpnGateway', 'Update-AzVpnGateway', 'Remove-AzVpnGateway',
404404
'New-AzVpnSite', 'New-AzVpnSiteLink', 'New-AzVpnSiteLinkConnection',
405405
'Get-AzVpnSite', 'Update-AzVpnSite', 'Remove-AzVpnSite',
@@ -414,7 +414,7 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
414414
'Get-AzP2sVpnGatewayConnectionHealth',
415415
'Get-AzP2sVpnGatewayDetailedConnectionHealth',
416416
'Get-AzP2sVpnGatewayVpnProfile', 'New-AzP2sVpnGateway',
417-
'Remove-AzP2sVpnGateway', 'Update-AzP2sVpnGateway',
417+
'Remove-AzP2sVpnGateway', 'Update-AzP2sVpnGateway', 'Reset-AzP2sVpnGateway',
418418
'Get-AzVirtualWanVpnConfiguration', 'Get-AzFirewall',
419419
'Set-AzFirewall', 'New-AzFirewall', 'Remove-AzFirewall',
420420
'New-AzFirewallApplicationRuleCollection',

src/Network/Network/ChangeLog.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,11 @@
5858
* Onboarded Application Gateway to Private Link Common Cmdlets
5959
* Onboarded StorageSync to Private Link Common Cmdlets
6060
* Onboarded SignalR to Private Link Common Cmdlets
61+
* Updated below commands for feature: Enable internet security set/remove on VirtualWan P2SVpnGateway.
62+
- Updated `New-AzP2sVpnGateway`: Added optional switch parameter `EnableInternetSecurityFlag` for customers to set true to enable internet security on P2SVpnGateway, which will be applied for Point to site clients.
63+
- Updated `Update-AzP2sVpnGateway`: Added optional switch parameters `EnableInternetSecurityFlag` or `DisableInternetSecurityFlag` for customers to set true/false to enable/disable internet security on P2SVpnGateway, which will be applied for Point to site clients.
64+
* Added new cmdlet `Reset-AzP2sVpnGateway` for customers to reset/reboot their VirtualWan P2SVpnGateway for troubleshooting.
65+
* Added new cmdlet `Reset-AzVpnGateway` for customers to reset/reboot their VirtualWan VpnGateway for troubleshooting.
6166

6267
## Version 3.1.0
6368
* Added support for AddressPrefixType parameter to `Remove-AzExpressRouteCircuitConnectionConfig`

src/Network/Network/Cortex/P2SVpnGateway/NewAzureRmP2sVpnGatewayCommand.cs

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,11 @@ public class NewAzureRmP2SVpnGatewayCommand : P2SVpnGatewayBaseCmdlet
142142
HelpMessage = "The routing configuration for this P2SVpnGateway P2SConnectionConfiguration")]
143143
public PSRoutingConfiguration RoutingConfiguration { get; set; }
144144

145+
[Parameter(
146+
Mandatory = false,
147+
HelpMessage = "Flag to enable internet security feature on this P2SVpnGateway P2SConnectionConfiguration.")]
148+
public SwitchParameter EnableInternetSecurityFlag { get; set; }
149+
145150
[Parameter(
146151
Mandatory = false,
147152
HelpMessage = "A hashtable which represents resource tags.")]
@@ -203,7 +208,8 @@ public override void Execute()
203208
VpnClientAddressPool = new PSAddressSpace()
204209
{
205210
AddressPrefixes = new List<string>(this.VpnClientAddressPool)
206-
}
211+
},
212+
EnableInternetSecurity = this.EnableInternetSecurityFlag.IsPresent
207213
};
208214

209215
if (this.RoutingConfiguration != null)

src/Network/Network/Cortex/P2SVpnGateway/ResetAzureP2SVpnGatewayCommand.cs

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
// ----------------------------------------------------------------------------------
2+
//
3+
// Copyright Microsoft Corporation
4+
// Licensed under the Apache License, Version 2.0 (the "License");
5+
// you may not use this file except in compliance with the License.
6+
// You may obtain a copy of the License at
7+
// http://www.apache.org/licenses/LICENSE-2.0
8+
// Unless required by applicable law or agreed to in writing, software
9+
// distributed under the License is distributed on an "AS IS" BASIS,
10+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11+
// See the License for the specific language governing permissions and
12+
// limitations under the License.
13+
// ----------------------------------------------------------------------------------
14+
15+
using AutoMapper;
16+
using Microsoft.Azure.Commands.Network.Models;
17+
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
18+
using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
19+
using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
20+
using Microsoft.Azure.Management.Network;
21+
using System;
22+
using System.Management.Automation;
23+
24+
namespace Microsoft.Azure.Commands.Network
25+
{
26+
[Cmdlet("Reset",
27+
ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "P2sVpnGateway",
28+
DefaultParameterSetName = CortexParameterSetNames.ByP2SVpnGatewayName,
29+
SupportsShouldProcess = true),
30+
OutputType(typeof(PSP2SVpnGateway))]
31+
public class ResetAzureP2SVpnGatewayCommand : P2SVpnGatewayBaseCmdlet
32+
{
33+
[Parameter(
34+
ParameterSetName = CortexParameterSetNames.ByP2SVpnGatewayName,
35+
Mandatory = true,
36+
HelpMessage = "The resource group name.")]
37+
[ResourceGroupCompleter]
38+
[ValidateNotNullOrEmpty]
39+
public string ResourceGroupName { get; set; }
40+
41+
[Alias("ResourceName", "P2SVpnGatewayName", "GatewayName")]
42+
[Parameter(
43+
ParameterSetName = CortexParameterSetNames.ByP2SVpnGatewayName,
44+
Mandatory = true,
45+
HelpMessage = "The p2s vpn gateway name.")]
46+
[ResourceNameCompleter("Microsoft.Network/p2sVpnGateways", "ResourceGroupName")]
47+
[ValidateNotNullOrEmpty]
48+
public string Name { get; set; }
49+
50+
[Alias("P2SVpnGateway")]
51+
[Parameter(
52+
ParameterSetName = CortexParameterSetNames.ByP2SVpnGatewayObject,
53+
Mandatory = true,
54+
ValueFromPipeline = true,
55+
HelpMessage = "The p2s vpn gateway to reset")]
56+
[ValidateNotNullOrEmpty]
57+
public PSP2SVpnGateway InputObject { get; set; }
58+
59+
[Parameter(
60+
ParameterSetName = CortexParameterSetNames.ByP2SVpnGatewayResourceId,
61+
Mandatory = true,
62+
ValueFromPipelineByPropertyName = true,
63+
HelpMessage = "The Azure resource ID of the P2SVpnGateway to reset.")]
64+
[ValidateNotNullOrEmpty]
65+
public string ResourceId { get; set; }
66+
67+
[Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
68+
public SwitchParameter AsJob { get; set; }
69+
70+
public override void Execute()
71+
{
72+
PSP2SVpnGateway existingVpnGateway = null;
73+
if (ParameterSetName.Equals(CortexParameterSetNames.ByP2SVpnGatewayObject))
74+
{
75+
existingVpnGateway = this.InputObject;
76+
this.ResourceGroupName = this.InputObject.ResourceGroupName;
77+
this.Name = this.InputObject.Name;
78+
}
79+
else
80+
{
81+
if (ParameterSetName.Equals(CortexParameterSetNames.ByP2SVpnGatewayResourceId))
82+
{
83+
var parsedResourceId = new ResourceIdentifier(ResourceId);
84+
Name = parsedResourceId.ResourceName;
85+
ResourceGroupName = parsedResourceId.ResourceGroupName;
86+
}
87+
88+
existingVpnGateway = this.GetP2SVpnGateway(this.ResourceGroupName, this.Name);
89+
}
90+
91+
if (existingVpnGateway == null)
92+
{
93+
throw new PSArgumentException(Properties.Resources.P2SVpnGatewayNotFound);
94+
}
95+
96+
string shouldProcessMessage = string.Format("Execute {0}P2sVpnGateway for ResourceGroupName {1} P2SVpnGateway {2}", ResourceManager.Common.AzureRMConstants.AzureRMPrefix, this.ResourceGroupName, this.Name);
97+
if (ShouldProcess(shouldProcessMessage, VerbsCommon.Reset))
98+
{
99+
this.P2SVpnGatewayClient.Reset(this.ResourceGroupName, this.Name);
100+
101+
var getVpnGateway = this.GetP2SVpnGateway(this.ResourceGroupName, this.Name);
102+
WriteObject(getVpnGateway);
103+
}
104+
}
105+
}
106+
}

src/Network/Network/Cortex/P2SVpnGateway/UpdateAzureRmP2SVpnGatewayCommand.cs

Lines changed: 41 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,16 @@ public class UpdateAzureRmP2SVpnGatewayCommand : P2SVpnGatewayBaseCmdlet
163163
HelpMessage = "The routing configuration for this P2SVpnGateway P2SConnectionConfiguration")]
164164
public PSRoutingConfiguration RoutingConfiguration { get; set; }
165165

166+
[Parameter(
167+
Mandatory = false,
168+
HelpMessage = "Flag to enable internet security feature on this P2SVpnGateway P2SConnectionConfiguration.")]
169+
public SwitchParameter EnableInternetSecurityFlag { get; set; }
170+
171+
[Parameter(
172+
Mandatory = false,
173+
HelpMessage = "Flag to disable internet security feature on this P2SVpnGateway P2SConnectionConfiguration.")]
174+
public SwitchParameter DisableInternetSecurityFlag { get; set; }
175+
166176
[Parameter(
167177
Mandatory = false,
168178
HelpMessage = "A hashtable which represents resource tags.")]
@@ -206,28 +216,42 @@ public override void Execute()
206216
}
207217

208218
//// Modify the P2SConnectionConfigurations
209-
if (this.VpnClientAddressPool != null)
219+
if (existingP2SVpnGateway.P2SConnectionConfigurations == null || !existingP2SVpnGateway.P2SConnectionConfigurations.Any())
210220
{
211-
if (existingP2SVpnGateway.P2SConnectionConfigurations != null && existingP2SVpnGateway.P2SConnectionConfigurations.Any())
212-
{
213-
existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes.Clear();
214-
existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes = new List<string>(this.VpnClientAddressPool);
215-
}
216-
else
221+
PSP2SConnectionConfiguration p2sConnectionConfig = new PSP2SConnectionConfiguration()
217222
{
218-
PSP2SConnectionConfiguration p2sConnectionConfig = new PSP2SConnectionConfiguration()
223+
Name = P2SConnectionConfigurationName,
224+
VpnClientAddressPool = new PSAddressSpace()
219225
{
220-
Name = P2SConnectionConfigurationName,
221-
VpnClientAddressPool = new PSAddressSpace()
222-
{
223-
AddressPrefixes = new List<string>(this.VpnClientAddressPool)
224-
}
225-
};
226-
existingP2SVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>()
226+
AddressPrefixes = new List<string>()
227+
}
228+
};
229+
230+
existingP2SVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>()
227231
{
228232
p2sConnectionConfig
229233
};
230-
}
234+
}
235+
236+
if (this.VpnClientAddressPool != null)
237+
{
238+
existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes.Clear();
239+
existingP2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes = new List<string>(this.VpnClientAddressPool);
240+
}
241+
242+
if (this.EnableInternetSecurityFlag.IsPresent && this.DisableInternetSecurityFlag.IsPresent)
243+
{
244+
throw new ArgumentException("Both EnableInternetSecurityFlag and DisableInternetSecurityFlag Parameters can not be passed.");
245+
}
246+
247+
if (this.EnableInternetSecurityFlag.IsPresent)
248+
{
249+
existingP2SVpnGateway.P2SConnectionConfigurations[0].EnableInternetSecurity = true;
250+
}
251+
252+
if (this.DisableInternetSecurityFlag.IsPresent)
253+
{
254+
existingP2SVpnGateway.P2SConnectionConfigurations[0].EnableInternetSecurity = false;
231255
}
232256

233257
if (this.RoutingConfiguration != null)
@@ -237,22 +261,7 @@ public override void Execute()
237261
throw new PSArgumentException(Properties.Resources.StaticRoutesNotSupportedForThisRoutingConfiguration);
238262
}
239263

240-
if (existingP2SVpnGateway.P2SConnectionConfigurations != null && existingP2SVpnGateway.P2SConnectionConfigurations.Any())
241-
{
242-
existingP2SVpnGateway.P2SConnectionConfigurations[0].RoutingConfiguration = RoutingConfiguration;
243-
}
244-
else
245-
{
246-
PSP2SConnectionConfiguration p2sConnectionConfig = new PSP2SConnectionConfiguration()
247-
{
248-
Name = P2SConnectionConfigurationName,
249-
RoutingConfiguration = RoutingConfiguration
250-
};
251-
existingP2SVpnGateway.P2SConnectionConfigurations = new List<PSP2SConnectionConfiguration>()
252-
{
253-
p2sConnectionConfig
254-
};
255-
}
264+
existingP2SVpnGateway.P2SConnectionConfigurations[0].RoutingConfiguration = RoutingConfiguration;
256265
}
257266

258267
// Set the custom dns servers, if it is specified by customer.

0 commit comments

Comments
 (0)