Merge branch 'network-september' into PacketCaptureChanges

Author: anton-evseev

src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayConnectionTests.cs

@@ -89,5 +89,12 @@ public void TestVirtualNetworkGatewayConnectionPacketCapture()
             TestRunner.RunTestScript("Test-VirtualNetworkGatewayConnectionPacketCapture");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.brooklynft_subset1)]
+        public void TestVirtualNetworkGatewayConnectionWithTrafficSelectorCRUD()
+        {
+            TestRunner.RunTestScript("Test-VirtualNetworkGatewayConnectionWithTrafficSelector");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayConnectionTests.ps1

@@ -145,6 +145,75 @@ function Test-VirtualNetworkGatewayConnectionWithBgpCRUD
      }
 }
 
+<#
+.SYNOPSIS
+Virtual network gateway connection tests
+#>
+function Test-VirtualNetworkGatewayConnectionWithTrafficSelector
+{
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $rname = Get-ResourceName
+    $domainNameLabel = Get-ResourceName
+    $vnetName = Get-ResourceName
+    $localnetName = Get-ResourceName
+    $vnetConnectionName = Get-ResourceName
+    $publicIpName = Get-ResourceName
+    $vnetGatewayConfigName = Get-ResourceName
+    $rglocation = Get-ProviderLocation ResourceManagement
+    $resourceTypeParent = "Microsoft.Network/connections"
+    $location = Get-ProviderLocation $resourceTypeParent
+    
+    try 
+     {
+      # Create the resource group
+      $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" } 
+    
+      # Create the Virtual Network
+      $subnet = New-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -AddressPrefix 10.0.0.0/24
+      $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+      $vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+      $subnet = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
+	  $trafficSelector = New-AzIpsecTrafficSelectorPolicy -LocalAddressRange ("20.20.0.0/16") -RemoteAddressRange ("10.10.0.0/16")
+
+      # Create the publicip
+      $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Dynamic -DomainNameLabel $domainNameLabel    
+
+      # Create VirtualNetworkGateway
+      $vnetIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name $vnetGatewayConfigName -PublicIpAddress $publicip -Subnet $subnet
+
+	  # Also test overriding the gateway ASN
+      $actual = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku Standard -Asn 55000
+      $vnetGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+      Assert-AreEqual $vnetGateway.BgpSettings.Asn $actual.BgpSettings.Asn	
+    
+      # Create LocalNetworkGateway    
+      $actual = New-AzLocalNetworkGateway -ResourceGroupName $rgname -name $localnetName -location $location -AddressPrefix 192.168.0.0/16 -GatewayIpAddress 192.168.3.10
+      $localnetGateway = Get-AzLocalNetworkGateway -ResourceGroupName $rgname -name $localnetName
+
+      # Create & Get VirtualNetworkGatewayConnection
+      $actual = New-AzVirtualNetworkGatewayConnection -ResourceGroupName $rgname -name $vnetConnectionName -location $location -VirtualNetworkGateway1 $vnetGateway -LocalNetworkGateway2 $localnetGateway -ConnectionType IPsec -RoutingWeight 3 -SharedKey abc -TrafficSelectorPolicy ($trafficSelector)
+      $connection = Get-AzVirtualNetworkGatewayConnection -ResourceGroupName $rgname -name $vnetConnectionName
+	  Assert-NotNull $connection;
+	  Assert-NotNull $connection.TrafficSelectorPolicies;
+	  Assert-AreEqual $connection.TrafficSelectorPolicies.Count 1
+	  
+	  $connectionTrafficSelector = $connection.TrafficSelectorPolicies[0];
+	  Assert-AreEqual $trafficSelector.LocalAddressRanges[0] $connectionTrafficSelector.LocalAddressRanges[0];
+	  Assert-AreEqual $trafficSelector.RemoteAddressRanges[0] $connectionTrafficSelector.RemoteAddressRanges[0];
+    
+      # Delete VirtualNetworkGatewayConnection
+      $delete = Remove-AzVirtualNetworkGatewayConnection -ResourceGroupName $actual.ResourceGroupName -name $vnetConnectionName -PassThru -Force
+      Assert-AreEqual true $delete
+
+     }
+     finally
+     {
+      # Cleanup
+        Clean-ResourceGroup $rgname
+     }
+}
+
 <#
 .SYNOPSIS
 Virtual network gateway connection tests with Ipsec Policies and policy-based TS

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayConnectionTests/TestVirtualNetworkGatewayConnectionWithTrafficSelectorCRUD.json

@@ -290,7 +290,7 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'Remove-AzVirtualNetworkGatewayConnection', 
                'Reset-AzVirtualNetworkGatewayConnectionSharedKey', 
                'Set-AzVirtualNetworkGatewayConnectionSharedKey', 
-               'Set-AzVirtualNetworkGatewayConnection', 'New-AzIpsecPolicy', 
+               'Set-AzVirtualNetworkGatewayConnection', 'New-AzIpsecPolicy', "New-AzIpsecTrafficSelectorPolicy",
                'Get-AzLoadBalancerBackendAddressPoolConfig', 
                'Add-AzLoadBalancerBackendAddressPoolConfig', 
                'New-AzLoadBalancerBackendAddressPoolConfig', 

src/Network/Network/Az.Network.psd1

@@ -19,6 +19,12 @@
 --->
 
 ## Upcoming Release
+* Added support for the adding traffic selectors to Virtual Network Gateway Connections
+    - New cmdlets added:
+        - New-AzureRmTrafficSelectorPolicy
+    - Cmdlets updated with optional parameter -TrafficSelectorPolicies
+        -New-AzureRmVirtualNetworkGatewayConnection
+        -Set-AzureRmVirtualNetworkGatewayConnection
 * Add support for ESP and AH protocols in network security rule configurations
     - Updated cmdlets:
         - Add-AzNetworkSecurityRuleConfig
@@ -236,3 +242,4 @@
         - Set-AzApplicationGatewaySslCertificate
     - New-AzApplicationGateway cmdlet updated with optional parameter -UserAssignedIdentityId, -UserAssignedIdentity
 * Add MaxCapacity property in ApplicationGatewayAutoscaleConfiguration
+

src/Network/Network/ChangeLog.md

@@ -0,0 +1,34 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+
+using Microsoft.WindowsAzure.Commands.Common.Attributes;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSTrafficSelectorPolicy
+    {
+        /// <summary>
+        /// CIDR formatted local address spaces 
+        /// </summary>
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string[] LocalAddressRanges { get; set; }
+
+        /// <summary>
+        /// CIDR formatted remote address spaces 
+        /// </summary>
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string[] RemoteAddressRanges { get; set; }
+    }
+}

src/Network/Network/Models/PSTrafficSelectorPolicy.cs

@@ -59,6 +59,8 @@ public class PSVirtualNetworkGatewayConnection : PSTopLevelResource
 
         public List<PSIpsecPolicy> IpsecPolicies { get; set; }
 
+        public List<PSTrafficSelectorPolicy> TrafficSelectorPolicies { get; set; }
+
         public bool ExpressRouteGatewayBypass { get; set; }
 
         [Ps1Xml(Target = ViewControl.Table)]

src/Network/Network/Models/PSVirtualNetworkGatewayConnection.cs

@@ -0,0 +1,54 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Models;
+using System;
+using System.Management.Automation;
+using System.Management.Automation.Internal;
+using MNM = Microsoft.Azure.Management.Network.Models;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet(
+        "New", 
+        ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "IpsecTrafficSelectorPolicy", 
+        DefaultParameterSetName = "ByName", SupportsShouldProcess = true), 
+        OutputType(typeof(PSTrafficSelectorPolicy))]
+    public class NewAzureRmTrafficSelectorPolicyCommand : NetworkBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "A collection of CIDR address ranges")]
+        [ValidateNotNullOrEmpty]
+        public virtual string[] LocalAddressRange { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "A collection of CIDR address ranges")]
+        [ValidateNotNullOrEmpty]
+        public virtual string[] RemoteAddressRange { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+            var trafficSelectorPolicy = new PSTrafficSelectorPolicy();
+            trafficSelectorPolicy.LocalAddressRanges = this.LocalAddressRange;
+            trafficSelectorPolicy.RemoteAddressRanges = this.RemoteAddressRange;
+
+            WriteObject(trafficSelectorPolicy);
+        }
+    }
+}

src/Network/Network/VirtualNetworkGatewayConnection/NewAzureRmTrafficSelectorPolicy.cs

@@ -144,6 +144,12 @@ public class NewAzureVirtualNetworkGatewayConnectionCommand : VirtualNetworkGate
              HelpMessage = "A list of IPSec policies.")]
         public PSIpsecPolicy[] IpsecPolicies { get; set; }
 
+        [Parameter(
+             Mandatory = false,
+             ValueFromPipelineByPropertyName = true,
+             HelpMessage = "A list of traffic selector policies.")]
+        public PSTrafficSelectorPolicy[] TrafficSelectorPolicy { get; set; }
+
         [Parameter(
         Mandatory = false,
         HelpMessage = "Gateway connection protocol:IKEv1/IKEv2")]
@@ -218,12 +224,17 @@ private PSVirtualNetworkGatewayConnection CreateVirtualNetworkGatewayConnection(
                 vnetGatewayConnection.Peer = new PSResourceId();
                 vnetGatewayConnection.Peer.Id = this.PeerId;
             }
-            
+
             if (this.IpsecPolicies != null)
             {
                 vnetGatewayConnection.IpsecPolicies = this.IpsecPolicies?.ToList();
             }
 
+            if (this.TrafficSelectorPolicy != null)
+            {
+                vnetGatewayConnection.TrafficSelectorPolicies = this.TrafficSelectorPolicy?.ToList();
+            }
+
             // Map to the sdk object
             var vnetGatewayConnectionModel = NetworkResourceManagerProfile.Mapper.Map<MNM.VirtualNetworkGatewayConnection>(vnetGatewayConnection);
             vnetGatewayConnectionModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);

src/Network/Network/VirtualNetworkGatewayConnection/NewAzureVirtualNetworkGatewayConnectionCommand.cs

@@ -53,6 +53,12 @@ public class SetAzureVirtualNetworkGatewayConnectionCommand : VirtualNetworkGate
              HelpMessage = "A list of IPSec policies.")]
         public PSIpsecPolicy[] IpsecPolicies { get; set; }
 
+        [Parameter(
+             Mandatory = false,
+             ValueFromPipelineByPropertyName = true,
+             HelpMessage = "A list of traffic selector policies.")]
+        public PSTrafficSelectorPolicy[] TrafficSelectorPolicy { get; set; }
+
         [Parameter(
             Mandatory = true,
             ParameterSetName = VirtualNetworkGatewayParameterSets.UpdateResourceWithTags,
@@ -98,6 +104,11 @@ public override void Execute()
                         this.VirtualNetworkGatewayConnection.IpsecPolicies = this.IpsecPolicies?.ToList();
                     }
 
+                    if (this.TrafficSelectorPolicy != null)
+                    {
+                        this.VirtualNetworkGatewayConnection.TrafficSelectorPolicies = this.TrafficSelectorPolicy?.ToList();
+                    }
+
                     var vnetGatewayConnectionModel = NetworkResourceManagerProfile.Mapper.Map<MNM.VirtualNetworkGatewayConnection>(this.VirtualNetworkGatewayConnection);
 
                     vnetGatewayConnectionModel.Tags =

src/Network/Network/VirtualNetworkGatewayConnection/UpdateAzureVirtualNetworkGatewayConnectionCommand.cs

@@ -680,6 +680,9 @@ Creates a Azure Firewall Network Collection of Network rules.
 ### [New-AzIpsecPolicy](New-AzIpsecPolicy.md)
 Creates an IPSec Policy.
 
+### [New-AzIpsecTrafficSelectorPolicy](New-AzIpsecTrafficSelectorPolicy.md)
+Creates an IPSec Traffic Selector Policy.
+
 ### [New-AzLoadBalancer](New-AzLoadBalancer.md)
 Creates a load balancer.
 

src/Network/Network/help/Az.Network.md

@@ -0,0 +1,93 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.Network.dll-Help.xml
+Module Name: Az.Network
+online version: https://docs.microsoft.com/en-us/powershell/module/az.network/new-azipsectrafficselectorpolicy
+schema: 2.0.0
+---
+
+# New-AzIpsecTrafficSelectorPolicy
+
+## SYNOPSIS
+Creates a traffic selector policy.
+
+## SYNTAX
+
+```
+New-AzIpsecTrafficSelectorPolicy -LocalAddressRange <String[]> -RemoteAddressRange <String[]>
+ [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+The New-AzTrafficSelectorPolicy cmdlet creates a traffic selector policy proposal to be used in a virtual network gateway connection.
+
+## EXAMPLES
+
+### Example 1
+```powershell
+$trafficSelectorPolicy = New-AzIpsecTrafficSelectorPolicy -LocalAddressRange ("10.10.10.0/24", "20.20.20.0/24") -RemoteAddressRange ("30.30.30.0/24", "40.40.40.0/24")
+New-AzVirtualNetworkGatewayConnection -ResourceGroupName $rgname -name $vnetConnectionName -location $location -VirtualNetworkGateway1 $vnetGateway -LocalNetworkGateway2 $localnetGateway -ConnectionType IPsec -RoutingWeight 3 -SharedKey $sharedKey -UsePolicyBasedTrafficSelectors $true -TrafficSelectorPolicies ($trafficSelectorPolicy)
+```
+
+Creates an instance of a traffic selector policy and adds it as a parameter when creating a virtual network gateway connection with an IKEv2 protocol.
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -LocalAddressRange
+A collection of CIDR address ranges
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -RemoteAddressRange
+A collection of CIDR address ranges
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.String[]
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.Network.Models.PSTrafficSelectorPolicy
+
+## NOTES
+
+## RELATED LINKS