Onboard application gateway to PrivateLink Cmdlets (#12223)

* Onboard application gateway to PrivateLink Cmdlets

* Update ChangeLog.md

Co-authored-by: Yabo Hu <[email protected]>

Author: jaishals

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs

@@ -145,5 +145,13 @@ public void TestApplicationGatewayWithPrivateLinkConfiguration()
         {
             TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayWithPrivateLinkConfiguration -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)]
+        public void TestApplicationGatewayPrivateEndpointConnectionsWorkFlows()
+        {
+            TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayPrivateEndpointWorkFlows -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -2946,3 +2946,174 @@ function Test-ApplicationGatewayWithPrivateLinkConfiguration
 		Clean-ResourceGroup $rgname
 	}
 }
+
+function Test-ApplicationGatewayPrivateEndpointWorkFlows
+{
+	param
+	(
+		$basedir = "./"
+	)
+
+	# Setup
+	$location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "westus2"
+
+	$rgname = Get-ResourceGroupName
+	$appgwName = Get-ResourceName
+	$vnetName = Get-ResourceName
+	$gwSubnetName = Get-ResourceName
+	$plsSubnetName = Get-ResourceName
+	$publicIpName = Get-ResourceName
+	$gipconfigname = Get-ResourceName
+
+	$frontendPort01Name = Get-ResourceName
+	$fipconfigName = Get-ResourceName
+	$listener01Name = Get-ResourceName
+
+	$poolName = Get-ResourceName
+	$trustedRootCertName = Get-ResourceName
+	$poolSetting01Name = Get-ResourceName
+
+	$rule01Name = Get-ResourceName
+
+	$probeHttpName = Get-ResourceName
+
+	$privateLinkIpConfigName = Get-ResourceName
+	$privateLinkConfigName = Get-ResourceName
+
+	$peRgName = Get-ResourceGroupName
+	$peVnetName = Get-ResourceName
+	$peSubnetName = Get-ResourceName
+	$peName = Get-ResourceName
+	$peConnName = Get-ResourceName
+
+	try
+	{
+		# Create the appgw resource group
+		$resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"}
+		# Create the Virtual Network
+		$gwSubnet = New-AzVirtualNetworkSubnetConfig -Name $gwSubnetName -AddressPrefix 10.0.0.0/24  -PrivateLinkServiceNetworkPoliciesFlag "Disabled"
+		$plsSubnet = New-AzVirtualNetworkSubnetConfig -Name $plsSubnetName -AddressPrefix 10.0.1.0/24  -PrivateLinkServiceNetworkPoliciesFlag "Disabled"
+		$vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $gwSubnet, $plsSubnet
+		$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+		$gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name $gwSubnetName -VirtualNetwork $vnet
+		$plsSubnet = Get-AzVirtualNetworkSubnetConfig -Name $plsSubnetName -VirtualNetwork $vnet
+
+		# Create public ip
+		$publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -sku Standard
+
+		# Create ip configuration
+		$gipconfig = New-AzApplicationGatewayIPConfiguration -Name $gipconfigname -Subnet $gwSubnet
+
+		# private link configuration
+		$privateLinkIpConfiguration = New-AzApplicationGatewayPrivateLinkIpConfiguration -Name $privateLinkIpConfigName -Subnet $plsSubnet -Primary
+		$privateLinkConfiguration = New-AzApplicationGatewayPrivateLinkConfiguration -Name $privateLinkConfigName -IpConfiguration $privateLinkIpConfiguration
+
+		$fipconfig = New-AzApplicationGatewayFrontendIPConfig -Name $fipconfigName -PublicIPAddress $publicip -PrivateLinkConfiguration $privateLinkConfiguration
+		$fp01 = New-AzApplicationGatewayFrontendPort -Name $frontendPort01Name  -Port 80
+		$listener01 = New-AzApplicationGatewayHttpListener -Name $listener01Name -Protocol Http -FrontendIPConfiguration $fipconfig -FrontendPort $fp01
+
+		# backend part
+		# trusted root cert part
+		$certFilePath = $basedir + "/ScenarioTests/Data/ApplicationGatewayAuthCert.cer"
+		$trustedRoot01 = New-AzApplicationGatewayTrustedRootCertificate -Name $trustedRootCertName -CertificateFile $certFilePath
+		$pool = New-AzApplicationGatewayBackendAddressPool -Name $poolName -BackendIPAddresses www.microsoft.com, www.bing.com
+		$probeHttp = New-AzApplicationGatewayProbeConfig -Name $probeHttpName -Protocol Https -HostName "probe.com" -Path "/path/path.htm" -Interval 89 -Timeout 88 -UnhealthyThreshold 8 -port 1234
+		$poolSetting01 = New-AzApplicationGatewayBackendHttpSetting -Name $poolSetting01Name -Port 443 -Protocol Https -Probe $probeHttp -CookieBasedAffinity Enabled -PickHostNameFromBackendAddress -TrustedRootCertificate $trustedRoot01
+		
+		#rule
+		$rule01 = New-AzApplicationGatewayRequestRoutingRule -Name $rule01Name -RuleType basic -BackendHttpSettings $poolSetting01 -HttpListener $listener01 -BackendAddressPool $pool
+
+		# sku
+		$sku = New-AzApplicationGatewaySku -Name Standard_v2 -Tier Standard_v2
+
+		# autoscale configuration
+		$autoscaleConfig = New-AzApplicationGatewayAutoscaleConfiguration -MinCapacity 3
+
+		# Create Application Gateway
+		$appgw = New-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Zone 1,2 -Location $location -Probes $probeHttp -BackendAddressPools $pool -BackendHttpSettingsCollection $poolSetting01 -FrontendIpConfigurations $fipconfig -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $listener01 -RequestRoutingRules $rule01 -Sku $sku -TrustedRootCertificate $trustedRoot01 -AutoscaleConfiguration $autoscaleConfig -PrivateLinkConfiguration $privateLinkConfiguration
+
+		# Get Application Gateway
+		$getgw = Get-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname
+
+		# Operational State
+		Assert-AreEqual "Running" $getgw.OperationalState
+
+		# Verify PrivateLink Configuration
+		Assert-NotNull $getgw.PrivateLinkConfigurations
+		Assert-AreEqual 1 $getgw.PrivateLinkConfigurations.Count
+		$getPrivateLinkConfig = Get-AzApplicationGatewayPrivateLinkConfiguration -Name $privateLinkConfigName -ApplicationGateway $getgw
+        Assert-NotNull $getPrivateLinkConfig
+		Assert-AreEqual $getPrivateLinkConfig.IpConfigurations.Count 1
+		
+		# Get Private Link Resource
+		$privateLinkResource = Get-AzPrivateLinkResource -PrivateLinkResourceId $getgw.Id
+		Assert-AreEqual $privateLinkResource.Name $fipconfigName
+		Assert-AreEqual $privateLinkResource.GroupId $fipconfigName
+
+		# Create the private endpoint resource group, vnet and subnet
+		$peRg = New-AzResourceGroup -Name $peRgName -Location $location -Tags @{ testtag = "APPGw PrivateEndpoint tag"}
+		$peSubnet = New-AzVirtualNetworkSubnetConfig -Name $peSubnetName -AddressPrefix 20.0.1.0/24  -PrivateEndpointNetworkPolicies "Disabled"
+		$peVnet = New-AzVirtualNetwork -Name $peVnetName -ResourceGroupName $peRgName -Location $location -AddressPrefix 20.0.0.0/16 -Subnet $peSubnet
+		$peVnet = Get-AzVirtualNetwork -Name $peVnetName -ResourceGroupName $peRgName
+		$peSubnet = Get-AzVirtualNetworkSubnetConfig -Name $peSubnetName -VirtualNetwork $peVnet
+
+		# Set Private Endpoint Connection in memory
+		$connection = New-AzPrivateLinkServiceConnection -Name $peConnName -PrivateLinkServiceId $getgw.Id -GroupId $privateLinkResource.GroupId
+		$privateEndpoint = New-AzPrivateEndpoint -ResourceGroupName $peRgName -Name $peName -Location $location -Subnet $peSubnet -PrivateLinkServiceConnection $connection -ByManualRequest
+
+		# Get Private Endpoint and verify
+		$privateEndpoint = Get-AzPrivateEndpoint -ResourceGroupName $peRgName -Name $peName
+		Assert-AreEqual "Succeeded" $privateEndpoint.ProvisioningState
+
+		# Verify PrivateEndpointConnections using appgw Id
+		$connection = Get-AzPrivateEndpointConnection -PrivateLinkResourceId $getgw.Id
+		Assert-AreEqual 1 $connection.Count
+		Assert-NotNull $connection.PrivateEndpoint
+		Assert-NotNull $connection.PrivateLinkServiceConnectionState
+		Assert-AreEqual $privateEndpoint.Id $connection.PrivateEndpoint.Id
+		Assert-AreEqual "Pending" $connection.PrivateLinkServiceConnectionState.Status
+
+		# Verify PrivateEndpointConnections using connection Id
+		$connection = Get-AzPrivateEndpointConnection -ResourceId $connection.Id
+		Assert-NotNull $connection.PrivateEndpoint
+		Assert-NotNull $connection.PrivateLinkServiceConnectionState
+		Assert-AreEqual $privateEndpoint.Id $connection.PrivateEndpoint.Id
+		Assert-AreEqual "Pending" $connection.PrivateLinkServiceConnectionState.Status
+		
+		# Verify PrivateEndpointConnections on Application Gateway
+		$getgw = Get-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname
+		Assert-AreEqual 1 $getgw.PrivateEndpointConnections.Count
+		$connection = $getgw.PrivateEndpointConnections
+
+		# Approve Connection
+		$approve = Approve-AzPrivateEndpointConnection -ResourceId $connection.Id
+		Assert-NotNull $approve;
+        Assert-AreEqual "Approved" $approve.PrivateLinkServiceConnectionState.Status
+		Start-Sleep -s 30
+
+		# Deny Connection
+		$deny = Deny-AzPrivateEndpointConnection -ResourceId $connection.Id
+		Assert-NotNull $deny;
+        Assert-AreEqual "Rejected" $deny.PrivateLinkServiceConnectionState.Status
+		Start-Sleep -s 30
+
+		# Remove Connection
+		$remove = Remove-AzPrivateEndpointConnection -ResourceId $connection.Id -Force
+		Start-Sleep -s 30
+
+		# Verify PrivateEndpointConnections on Application Gateway
+		$getgw = Get-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname
+		Assert-AreEqual 0 $getgw.PrivateEndpointConnections.Count
+
+		# Delete Application Gateway
+		Remove-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Force
+	}
+	finally
+	{
+		# Cleanup
+		Clean-ResourceGroup $peRgName
+
+		# Cleanup
+		Clean-ResourceGroup $rgname
+	}
+}

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayPrivateEndpointConnectionsWorkFlows.json

@@ -19,6 +19,7 @@
 --->
 
 ## Upcoming Release
+* Application Gateway Onboarding to PrivateLink Common Cmdlets.
 * Added new cmdlets for Azure Network Virtual Appliance Sites
     - `Get-AzVirtualApplianceSite`
     - `New-AzVirtualApplianceSite`

src/Network/Network/ChangeLog.md

@@ -26,6 +26,7 @@ static ProviderConfiguration()
             RegisterConfiguration("Microsoft.Devices/IotHubs", "2020-03-01");
             RegisterConfiguration("Microsoft.EventGrid/topics", "2020-04-01-preview");
             RegisterConfiguration("Microsoft.EventGrid/domains", "2020-04-01-preview");
+            RegisterConfiguration("Microsoft.Network/applicationgateways", "2020-05-01");
         }
 
         private static void RegisterConfiguration(string type, string apiVersion, bool hasConnectionsURI = true)