Merge pull request #7261 from ritwikbasu/nalin-september-release

Adding support for security provider integration in cortex cmdlets.

Author: Maddie Clayton

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/CortexTests.cs

@@ -30,7 +30,7 @@ public CortexTests(ITestOutputHelper output)
             XunitTracingInterceptor.AddToContext(new XunitTracingInterceptor(output));
         }
 
-        [Fact( Skip = "TODO, #7260: needs to be re-recorded")]
+        [Fact]
         [Trait(Category.Owner, Category.brooklynft)]
         public void TestCortexCRUD()
         {

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/CortexTests.ps1

@@ -46,6 +46,10 @@ function Test-CortexCRUD
 		Assert-AreEqual $false $virtualWan.AllowVnetToVnetTraffic
 		Assert-AreEqual $false $virtualWan.AllowBranchToBranchTraffic
 
+		# Get Supported SecurityProvider
+		$supportedSecurityProvider = Get-AzureRmVirtualWanSupportedSecurityProvider -ResourceGroupName $rgName -VirtualWanName $virtualWanName
+		Assert-NotNull $supportedSecurityProvider
+
 		# Create the Virtual Hub
 		$createdVirtualHub = New-AzureRmVirtualHub -ResourceGroupName $rgName -Name $virtualHubName -Location $rglocation -AddressPrefix "192.168.1.0/24" -VirtualWan $virtualWan
 		$virtualHub = Get-AzureRmVirtualHub -ResourceGroupName $rgName -Name $virtualHubName
@@ -95,6 +99,11 @@ function Test-CortexCRUD
 		$hubVnetConnection = Get-AzureRmVirtualHubVnetConnection -ResourceGroupName $rgName -VirtualHubName $virtualHubName -Name $hubVnetConnectionName
 		Assert-AreEqual $hubVnetConnectionName $hubVnetConnection.Name
 
+		# Update a HubVirtualNetworkConnection
+		Update-AzureRmVirtualHubVnetConnection -ResourceGroupName $rgName -VirtualHubName $virtualHubName -Name $hubVnetConnectionName -EnableInternetSecurity $true
+		$hubVnetConnection = Get-AzureRmVirtualHubVnetConnection -ResourceGroupName $rgName -VirtualHubName $virtualHubName -Name $hubVnetConnectionName
+		Assert-AreEqual $hubVnetConnection.EnableInternetSecurity $true
+
 		# Download config
 		$storetype = 'Standard_GRS'
 		$containerName = 'cont' + $rgName

src/ResourceManager/Network/Commands.Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.CortexTests/TestCortexCRUD.json

@@ -387,8 +387,10 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
     'Remove-AzVpnConnection',
     'New-AzVirtualHubVnetConnection',
     'Get-AzVirtualHubVnetConnection',
+	'Update-AzVirtualHubVnetConnection',
     'Remove-AzVirtualHubVnetConnection',
     'Get-AzVirtualWanVpnConfiguration',
+	'Get-AzVirtualWanSupportedSecurityProvider',
     'Get-AzFirewall',
     'Set-AzFirewall',
     'New-AzFirewall',

src/ResourceManager/Network/Commands.Network/Az.Network.psd1

@@ -384,9 +384,11 @@ CmdletsToExport = 'Add-AzureRmApplicationGatewayAuthenticationCertificate',
                'Update-AzureRmVpnConnection',
                'Remove-AzureRmVpnConnection',
                'New-AzureRmVirtualHubVnetConnection',
+			   'Update-AzureRmVirtualHubVnetConnection',
                'Get-AzureRmVirtualHubVnetConnection',
                'Remove-AzureRmVirtualHubVnetConnection',
                'Get-AzureRmVirtualWanVpnConfiguration',
+			   'Get-AzureRmVirtualWanSupportedSecurityProvider',
                'Get-AzureRmFirewall',
                'Set-AzureRmFirewall',
                'New-AzureRmFirewall',

src/ResourceManager/Network/Commands.Network/AzureRM.Network.psd1

@@ -19,6 +19,17 @@
 --->
 
 ## Current Release
+* Added cmdlets to integrate security provider in cortex
+  - Cmdlets updated with optonal parameters
+	- New-AzureRmVirtualWan : added parameters SecurityProviderName, Office365LocalBreakoutCategory
+	- Update-AzureRmVirtualWan : added parameters SecurityProviderName, Office365LocalBreakoutCategory
+	- New-AzureRmVpnSite : added parameter IsSecuritySite
+	- New-AzureRmVpnConnection : added parameter EnableInternetSecurity
+	- Update-AzureRmVpnConnection : added parameter EnableInternetSecurity
+	- New-AzureRmVirtualHubVnetConnection : added parameter EnableInternetSecurity
+  - New Cmdlets added:
+	- Get-AzureRmVirtualWanSupportedSecurityProvider
+	- Update-AzureRmVirtualHubVnetConnection
 
 ## Version 6.8.0
 * Replaced LoadBalancer cmdlets with generated code

src/ResourceManager/Network/Commands.Network/ChangeLog.md

@@ -198,6 +198,8 @@
     <Compile Include="AzureFirewall\RemoveAzureFirewallCommand.cs" />
     <Compile Include="AzureFirewall\SetAzureFirewallCommand.cs" />
     <Compile Include="InterfaceEndpoint\AzureInterfaceEndpointBaseCmdlet.cs" />
+    <Compile Include="Cortex\HubVnetConnection\UpdateAzureRmHubVirtualNetworkConnectionCommand.cs" />
+    <Compile Include="Cortex\VirtualWan\GetAzureRmVirtualWanSupportedSecurityProviderCommand.cs" />
     <Compile Include="Generated\ApplicationSecurityGroup\GetAzureRMApplicationSecurityGroupCommand.cs" />
     <Compile Include="Generated\ApplicationSecurityGroup\NewAzureRMApplicationSecurityGroupCommand.cs" />
     <Compile Include="Generated\ApplicationSecurityGroup\RemoveAzureRMApplicationSecurityGroupCommand.cs" />
@@ -362,6 +364,7 @@
     <Compile Include="Generated\Models\PSTroubleshootingDetails.cs" />
     <Compile Include="Generated\Models\PSTroubleshootingRecommendedActions.cs" />
     <Compile Include="InterfaceEndpoint\GetAzureInterfaceEndpointCommand.cs" />
+    <Compile Include="Models\Cortex\PSVirtualWanSecurityProvider.cs" />
     <Compile Include="Models\PSTrafficAnalyticsConfigurationProperties.cs" />
     <Compile Include="Models\PSTrafficAnalyticsProperties.cs" />
     <Compile Include="Generated\Models\PSTunnelConnectionHealth.cs" />

src/ResourceManager/Network/Commands.Network/Commands.Network.csproj

@@ -123,6 +123,11 @@ public class NewHubVirtualNetworkConnectionCommand : HubVnetConnectionBaseCmdlet
         [ResourceIdCompleter("Microsoft.Network/virtualNetworks")]
         public string RemoteVirtualNetworkId { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Enable internet security for this connection")]
+        public SwitchParameter EnableInternetSecurity { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "Run cmdlet in the background")]
@@ -158,6 +163,7 @@ public override void Execute()
 
             PSHubVirtualNetworkConnection hubVnetConnection = new PSHubVirtualNetworkConnection();
             hubVnetConnection.Name = this.Name;
+            hubVnetConnection.EnableInternetSecurity = this.EnableInternetSecurity.IsPresent;
 
             //// Resolve the remote virtual network
             //// Let's not try to resolve this since this can be in other RG/Sub/Location

src/ResourceManager/Network/Commands.Network/Cortex/HubVnetConnection/NewAzureRmHubVirtualNetworkConnectionCommand.cs

@@ -0,0 +1,142 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+namespace Microsoft.Azure.Commands.Network
+{
+    using AutoMapper;
+    using System;
+    using System.Collections;
+    using System.Collections.Generic;
+    using System.Management.Automation;
+    using System.Security;
+    using Microsoft.Azure.Commands.Network.Models;
+    using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
+    using Microsoft.Azure.Management.Network;
+    using Microsoft.WindowsAzure.Commands.Common;
+    using MNM = Microsoft.Azure.Management.Network.Models;
+    using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+    using System.Linq;
+    using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+
+    [Cmdlet("Update",
+        ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VirtualHubVnetConnection",
+        DefaultParameterSetName = CortexParameterSetNames.ByHubVirtualNetworkConnectionName,
+        SupportsShouldProcess = true),
+        OutputType(typeof(PSHubVirtualNetworkConnection))]
+    public class UpdateAzureRmHubVirtualNetworkConnectionCommand : HubVnetConnectionBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = true,
+            ParameterSetName = CortexParameterSetNames.ByHubVirtualNetworkConnectionName,
+            HelpMessage = "The resource group name.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty]
+        public virtual string ResourceGroupName { get; set; }
+
+        [Alias("VirtualHubName", "ParentVirtualHubName")]
+        [Parameter(
+            Mandatory = true,
+            ParameterSetName = CortexParameterSetNames.ByHubVirtualNetworkConnectionName,
+            HelpMessage = "The parent resource name.")]
+        [ResourceGroupCompleter]
+        public string ParentResourceName { get; set; }
+
+        [Alias("ResourceName", "HubVirtualNetworkConnectionName")]
+        [Parameter(
+            Mandatory = true,
+            ParameterSetName = CortexParameterSetNames.ByHubVirtualNetworkConnectionName,
+            HelpMessage = "The resource name.")]
+        [ValidateNotNullOrEmpty]
+        public virtual string Name { get; set; }
+
+        [Alias("HubVirtualNetworkConnection")]
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipeline = true,
+            ParameterSetName = CortexParameterSetNames.ByHubVirtualNetworkConnectionObject,
+            HelpMessage = "The hubvirtualnetworkconnection resource to modify.")]
+        public PSHubVirtualNetworkConnection InputObject { get; set; }
+
+        [Alias("HubVirtualNetworkConnectionId")]
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipelineByPropertyName = true,
+            ParameterSetName = CortexParameterSetNames.ByHubVirtualNetworkConnectionResourceId,
+            HelpMessage = "The resource id of the hubvirtualnetworkconnection resource to modify.")]
+        public string ResourceId { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Enable internet security for this connection.")]
+        public bool? EnableInternetSecurity { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Run cmdlet in the background")]
+        public SwitchParameter AsJob { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+
+            //// Resolve the VirtualHub
+            if (ParameterSetName.Equals(CortexParameterSetNames.ByHubVirtualNetworkConnectionObject, StringComparison.OrdinalIgnoreCase))
+            {
+                this.ResourceId = this.InputObject.Id;
+
+                if (string.IsNullOrWhiteSpace(this.ResourceId))
+                {
+                    throw new PSArgumentException(Properties.Resources.HubVnetConnectionNotFound);
+                }
+
+                var parsedResourceId = new ResourceIdentifier(this.ResourceId);
+                this.ResourceGroupName = parsedResourceId.ResourceGroupName;
+                this.ParentResourceName = parsedResourceId.ParentResource.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries).Last();
+                this.Name = parsedResourceId.ResourceName;
+            }
+            else if (ParameterSetName.Equals(CortexParameterSetNames.ByHubVirtualNetworkConnectionResourceId, StringComparison.OrdinalIgnoreCase))
+            {
+                var parsedResourceId = new ResourceIdentifier(this.ResourceId);
+                this.ResourceGroupName = parsedResourceId.ResourceGroupName;
+                this.ParentResourceName = parsedResourceId.ParentResource.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries).Last();
+                this.Name = parsedResourceId.ResourceName;
+            }
+
+            //// Get the virtual hub - this will throw not found if the resource is invalid
+            PSVirtualHub parentVirtualHub = this.GetVirtualHub(this.ResourceGroupName, this.ParentResourceName);
+
+            var connectionToModify = parentVirtualHub.VirtualNetworkConnections.FirstOrDefault(connection => connection.Name.Equals(this.Name, StringComparison.OrdinalIgnoreCase));
+            if (connectionToModify == null)
+            {
+                throw new PSArgumentException(Properties.Resources.HubVnetConnectionNotFound);
+            }
+
+            if (this.EnableInternetSecurity.HasValue)
+            {
+                connectionToModify.EnableInternetSecurity = this.EnableInternetSecurity.Value;
+            }
+
+            ConfirmAction(
+                    Properties.Resources.SettingResourceMessage,
+                    this.Name,
+                    () =>
+                    {
+                        this.CreateOrUpdateVirtualHub(this.ResourceGroupName, this.ParentResourceName, parentVirtualHub, parentVirtualHub.Tag);
+                        var updatedVirtualHub = this.GetVirtualHub(this.ResourceGroupName, this.ParentResourceName);
+
+                        WriteObject(updatedVirtualHub.VirtualNetworkConnections.FirstOrDefault(hubConnection => hubConnection.Name.Equals(this.Name, StringComparison.OrdinalIgnoreCase)));
+                    });
+        }
+    }
+}

src/ResourceManager/Network/Commands.Network/Cortex/HubVnetConnection/UpdateAzureRmHubVirtualNetworkConnectionCommand.cs

@@ -0,0 +1,90 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+namespace Microsoft.Azure.Commands.Network
+{
+    using System;
+    using System.Management.Automation;
+    using Microsoft.Azure.Commands.Network.Models;
+    using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+    using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+    using Microsoft.Azure.Management.Network;
+
+    [Cmdlet(
+        VerbsCommon.Get,
+        ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VirtualWanSupportedSecurityProvider",
+        DefaultParameterSetName = CortexParameterSetNames.ByVirtualWanName),
+        OutputType(typeof(PSVirtualWanSecurityProvider))]
+    public class GetAzureRmVirtualWanSupportedSecurityProviderCommand : VirtualWanBaseCmdlet
+    {
+        [Parameter(
+             ParameterSetName = CortexParameterSetNames.ByVirtualWanName,
+             Mandatory = true,
+             HelpMessage = "The resource group name.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty]
+        public string ResourceGroupName { get; set; }
+
+        [Alias("ResourceName", "VirtualWanName")]
+        [Parameter(
+            ParameterSetName = CortexParameterSetNames.ByVirtualWanName,
+            Mandatory = true,
+            HelpMessage = "The resource name.")]
+        [ValidateNotNullOrEmpty]
+        public string Name { get; set; }
+
+        [Alias("VirtualWan")]
+        [Parameter(
+            ParameterSetName = CortexParameterSetNames.ByVirtualWanObject,
+            Mandatory = true,
+            ValueFromPipeline = true,
+            HelpMessage = "The virtual wan object to be modified")]
+        [ValidateNotNullOrEmpty]
+        public PSVirtualWan InputObject { get; set; }
+
+        [Alias("VirtualWanId")]
+        [Parameter(
+            ParameterSetName = CortexParameterSetNames.ByVirtualWanResourceId,
+            Mandatory = true,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "The Azure resource ID for the virtual wan.")]
+        public string ResourceId { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+
+            //// Resolve the virtual wan
+            if (ParameterSetName.Contains(CortexParameterSetNames.ByVirtualWanObject))
+            {
+                this.ResourceGroupName = this.InputObject.ResourceGroupName;
+                this.Name = this.InputObject.Name;
+            }
+            else if (ParameterSetName.Equals(CortexParameterSetNames.ByVirtualWanResourceId))
+            {
+                var parsedResourceId = new ResourceIdentifier(this.ResourceId);
+                this.ResourceGroupName = parsedResourceId.ResourceGroupName;
+                this.Name = parsedResourceId.ResourceName;
+            }
+
+            if (string.IsNullOrWhiteSpace(this.ResourceGroupName) || string.IsNullOrWhiteSpace(this.Name))
+            {
+                throw new PSArgumentException(Properties.Resources.VirtualWanRequiredForVpnSiteConfiguration);
+            }
+
+            var supportedSecurityProviders = NetworkClient.NetworkManagementClient.SupportedSecurityProviders(this.ResourceGroupName, this.Name);
+            WriteObject(supportedSecurityProviders.SupportedProviders);
+        }
+    }
+}

src/ResourceManager/Network/Commands.Network/Cortex/VirtualWan/GetAzureRmVirtualWanSupportedSecurityProviderCommand.cs

@@ -54,6 +54,17 @@ public class NewAzureRmVirtualWanCommand : VirtualWanBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string Location { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The name of the selected security provider.")]
+        public string SecurityProviderName { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Local breakout category for office 365 traffic.")]
+        [ValidateSet(MNM.OfficeTrafficCategory.All, MNM.OfficeTrafficCategory.None, MNM.OfficeTrafficCategory.Optimize, MNM.OfficeTrafficCategory.OptimizeAndAllow)]
+        public string Office365LocalBreakoutCategory { get; set; }
+
         [Parameter(
            Mandatory = false,
            HelpMessage = "Allow vnet to vnet traffic for VirtualWan.")]
@@ -99,6 +110,8 @@ private PSVirtualWan CreateVirtualWan()
             virtualWan.Name = this.Name;
             virtualWan.ResourceGroupName = this.ResourceGroupName;
             virtualWan.Location = this.Location;
+            virtualWan.SecurityProviderName = this.SecurityProviderName;
+            virtualWan.Office365LocalBreakoutCategory = this.Office365LocalBreakoutCategory;
             virtualWan.AllowBranchToBranchTraffic = this.AllowBranchToBranchTraffic.IsPresent;
             virtualWan.AllowVnetToVnetTraffic = this.AllowVnetToVnetTraffic.IsPresent;