Support NetworkACL

Author: blueww

src/ResourceManager/Storage/AzureRM.Storage.psd1

@@ -78,7 +78,11 @@ CmdletsToExport = 'Get-AzureRmStorageAccount', 'Get-AzureRmStorageAccountKey',
                'Remove-AzureRmStorageAccount', 'Set-AzureRmCurrentStorageAccount', 
                'Set-AzureRmStorageAccount', 
                'Get-AzureRmStorageAccountNameAvailability', 
-               'Get-AzureRmStorageUsage'
+               'Get-AzureRmStorageUsage',
+			   'Update-AzureRmStorageAccountNetworkACL',
+			   'Get-AzureRmStorageAccountNetworkACL',
+			   'Add-AzureRmStorageAccountNetworkACLRule',
+			   'Remove-AzureRmStorageAccountNetworkACLRule'
 
 # Variables to export from this module
 # VariablesToExport = @()

src/ResourceManager/Storage/Commands.Management.Storage.Test/Commands.Management.Storage.Test.csproj

@@ -52,7 +52,7 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.2.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Storage, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Storage.6.4.0-preview\lib\net452\Microsoft.Azure.Management.Storage.dll</HintPath>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Storage.6.5.0-preview\lib\net452\Microsoft.Azure.Management.Storage.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.ResourceManager, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -170,6 +170,9 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Management.Storage.Test.ScenarioTests.StorageAccountTests\TestGetAzureStorageAccountKey.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Management.Storage.Test.ScenarioTests.StorageAccountTests\TestNetworkAcl.json" >
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Management.Storage.Test.ScenarioTests.StorageAccountTests\TestNewAzureStorageAccount.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Storage/Commands.Management.Storage.Test/ScenarioTests/Common.ps1

@@ -147,4 +147,13 @@ Gets the default location for a provider
 function Get-ProviderLocation($provider)
 {
     "westus"
+}
+
+<#
+.SYNOPSIS
+Gets the Canary location for a provider
+#>
+function Get-ProviderLocation_Canary($provider)
+{
+    "eastus2euap"
 }

src/ResourceManager/Storage/Commands.Management.Storage.Test/ScenarioTests/StorageAccountTests.cs

@@ -105,5 +105,12 @@ public void TestSetAzureRmStorageAccountKeySource()
             TestController.NewInstance.RunPsTest("Test-SetAzureRmStorageAccountKeySource");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestNetworkAcl()
+        {
+            TestController.NewInstance.RunPsTest("Test-NetworkAcl");
+        }
+
     }
 }

src/ResourceManager/Storage/Commands.Management.Storage.Test/ScenarioTests/StorageAccountTests.ps1

@@ -159,6 +159,7 @@ function Test-GetAzureStorageAccount
 		$kind = 'Storage'
 
         New-AzureRmResourceGroup -Name $rgname -Location $loc;
+		 Write-Output ("Resource Group created")
 
         New-AzureRmStorageAccount -ResourceGroupName $rgname -Name $stoname -Location $loc -Type $stotype ;
 
@@ -501,3 +502,95 @@ function Test-SetAzureRmCurrentStorageAccount
         Clean-ResourceGroup $rgname
     }
 }
+
+
+<#
+.SYNOPSIS
+Test NetworkAcl
+#>
+function Test-NetworkAcl
+{
+    # Setup
+    $rgname = Get-StorageManagementTestResourceName;
+
+    try
+    {
+        # Test
+        $stoname = 'sto' + $rgname;
+        $stotype = 'Standard_LRS';
+        $loc = Get-ProviderLocation_Canary  ResourceManagement;
+        $ip1 = "20.11.0.0/16";
+        $ip2 = "10.0.0.0/7";
+        $ip3 = "11.1.1.0/24";
+        $ip4 = "28.0.2.0/19";
+
+        New-AzureRmResourceGroup -Name $rgname -Location $loc;
+		
+        New-AzureRmStorageAccount -ResourceGroupName $rgname -Name $stoname -Location $loc -Type $stotype -NetworkAcl (@{bypass="Logging,Metrics,AzureServices";
+			ipRules=(@{IPAddressOrRange="$ip1";Action="allow"},
+            @{IPAddressOrRange="$ip2";Action="allow"});
+			defaultAction="Deny"}) 
+
+		$stoacl = (Get-AzureRmStorageAccount -ResourceGroupName $rgname -Name $stoname).NetworkAcls
+        Assert-AreEqual $stoacl.Bypass 7;
+        Assert-AreEqual $stoacl.DefaultAction Deny;
+        Assert-AreEqual $stoacl.IpRules.Count 2
+        Assert-AreEqual $stoacl.IpRules[0].IPAddressOrRange $ip1;
+        Assert-AreEqual $stoacl.IpRules[1].IPAddressOrRange $ip2;
+        Assert-AreEqual $stoacl.VirtualNetworkRules $null
+
+		Update-AzureRmStorageAccountNetworkACL -verbose -ResourceGroupName $rgname -Name $stoname -Bypass AzureServices,Metrics -DefaultAction Allow -IpRule (@{IPAddressOrRange="$ip3";Action="allow"},@{IPAddressOrRange="$ip4";Action="allow"})
+        $stoacl = Get-AzureRmStorageAccountNetworkACL -ResourceGroupName $rgname -Name $stoname
+		$stoacliprule = $stoacl.IpRules
+        Assert-AreEqual $stoacl.Bypass 6;
+        Assert-AreEqual $stoacl.DefaultAction Allow;
+        Assert-AreEqual $stoacl.IpRules.Count 2
+        Assert-AreEqual $stoacl.IpRules[0].IPAddressOrRange $ip3;
+        Assert-AreEqual $stoacl.IpRules[1].IPAddressOrRange $ip4;
+        Assert-AreEqual $stoacl.VirtualNetworkRules $null
+
+		Remove-AzureRmStorageAccountNetworkACLRule -ResourceGroupName $rgname -Name $stoname -IPAddressOrRange "$ip3"
+        $stoacl = Get-AzureRmStorageAccountNetworkACL -ResourceGroupName $rgname -Name $stoname
+        Assert-AreEqual $stoacl.Bypass 6;
+        Assert-AreEqual $stoacl.DefaultAction Allow;
+        Assert-AreEqual $stoacl.IpRules.Count 1
+        Assert-AreEqual $stoacl.IpRules[0].IPAddressOrRange $ip4;
+        Assert-AreEqual $stoacl.VirtualNetworkRules $null
+		
+		Update-AzureRmStorageAccountNetworkACL -ResourceGroupName $rgname -Name $stoname -IpRule @() -DefaultAction Deny -Bypass None
+        $stoacl = Get-AzureRmStorageAccountNetworkACL -ResourceGroupName $rgname -Name $stoname
+        Assert-AreEqual $stoacl.Bypass 0;
+        Assert-AreEqual $stoacl.DefaultAction Deny;
+        Assert-AreEqual $stoacl.IpRules $null
+        Assert-AreEqual $stoacl.VirtualNetworkRules $null
+		
+		$stoacliprule | Add-AzureRmStorageAccountNetworkACLRule -ResourceGroupName $rgname -Name $stoname
+        $stoacl = Get-AzureRmStorageAccountNetworkACL -ResourceGroupName $rgname -Name $stoname
+        Assert-AreEqual $stoacl.Bypass 0;
+        Assert-AreEqual $stoacl.DefaultAction Deny;
+        Assert-AreEqual $stoacl.IpRules.Count 2
+        Assert-AreEqual $stoacl.IpRules[0].IPAddressOrRange $ip3;
+        Assert-AreEqual $stoacl.IpRules[1].IPAddressOrRange $ip4;
+        Assert-AreEqual $stoacl.VirtualNetworkRules $null
+		
+        Set-AzureRmStorageAccount -ResourceGroupName $rgname -Name $stoname  -NetworkAcl (@{bypass="AzureServices";
+			ipRules=(@{IPAddressOrRange="$ip1";Action="allow"},
+            @{IPAddressOrRange="$ip2";Action="allow"});
+			defaultAction="Allow"}) 
+
+		$stoacl = Get-AzureRmStorageAccountNetworkACL -ResourceGroupName $rgname -Name $stoname
+        Assert-AreEqual $stoacl.Bypass 4;
+        Assert-AreEqual $stoacl.DefaultAction Allow;
+        Assert-AreEqual $stoacl.IpRules.Count 2
+        Assert-AreEqual $stoacl.IpRules[0].IPAddressOrRange $ip1;
+        Assert-AreEqual $stoacl.IpRules[1].IPAddressOrRange $ip2;
+        Assert-AreEqual $stoacl.VirtualNetworkRules $null
+
+        Remove-AzureRmStorageAccount -Force -ResourceGroupName $rgname -Name $stoname;
+    }
+    finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}