Adding DisableIPsecProtection check(bool) to Virtual Network Gateway (Azure#18029)

misbamustaqim · misbamomin · wyunchi-ms · web-flow · commit c5385ee6d928 · 2022-05-07T13:00:44.000+08:00
* Adding DisableIPsecProtection to VirtualNetworkGateway

* adding session records

* updated help document

* Update changelog

Co-authored-by: Misba Momin &lt;mimomin@microsoft.com&gt;
Co-authored-by: Yunchi Wang &lt;54880216+wyunchi-ms@users.noreply.github.com&gt;
diff --git a/src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayTests.cs b/src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayTests.cs
@@ -59,6 +59,14 @@ public void TestSetVirtualNetworkGatewayCRUD()
             TestRunner.RunTestScript("Test-SetVirtualNetworkGatewayCRUD");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.brooklynft_subset2)]
+        public void VirtualNetworkGatewayDisableIPsecProtection()
+        {
+            TestRunner.RunTestScript("Test-VirtualNetworkGatewayDisableIPsecProtection");
+        }
+
         [Fact(Skip = "Skipped due to intermittent backend failures")]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         [Trait(Category.Owner, NrpTeamAlias.brooklynft_subset2)]
diff --git a/src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayTests.ps1 b/src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayTests.ps1
@@ -115,7 +115,7 @@ function Test-VirtualNetworkGatewayCRUD
       $ipconfigurationId = $vnetIpConfig.id
       $addresslist = @('169.254.21.25')
       $gw1ipconfBgp = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId -CustomAddress $addresslist
-      $job = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -AsJob
+      $job = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -DisableIPsecProtection $false -AsJob
 	  $job | Wait-Job
 	  $actual = $job | Receive-Job
       $expected = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
@@ -124,6 +124,7 @@ function Test-VirtualNetworkGatewayCRUD
       Assert-AreEqual "Vpn" $expected.GatewayType
       Assert-AreEqual "RouteBased" $expected.VpnType
       Assert-AreEqual 1 @($expected.BgpSettings.BGPPeeringAddresses).Count
+      Assert-AreEqual $expected.DisableIPsecProtection $actual.DisableIPsecProtection
 
 	  # List virtualNetworkGateways
       $list = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname
@@ -161,6 +162,64 @@ function Test-VirtualNetworkGatewayCRUD
      }
 }
 
+<#
+.SYNOPSIS
+Virtual network gateway tests
+#>
+function Test-VirtualNetworkGatewayDisableIPsecProtection
+{
+# Setup
+    $rgname = Get-ResourceGroupName
+    $rname = Get-ResourceName
+    $domainNameLabel = Get-ResourceName
+    $vnetName = Get-ResourceName
+    $publicIpName = Get-ResourceName
+    $vnetGatewayConfigName = Get-ResourceName
+    $rglocation = Get-ProviderLocation ResourceManagement
+    $resourceTypeParent = "Microsoft.Network/virtualNetworkGateways"
+    $location = Get-ProviderLocation $resourceTypeParent
+    
+    try 
+     {
+      # Create the resource group
+      $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" } 
+      
+      # Create the Virtual Network
+      $subnet = New-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -AddressPrefix 10.0.0.0/24
+      $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+      $vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+      $subnet = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
+
+      # Create the publicip
+      $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Dynamic -DomainNameLabel $domainNameLabel    
+
+      # Create & Get virtualnetworkgateway
+      $vnetIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name $vnetGatewayConfigName -PublicIpAddress $publicip -Subnet $subnet
+      $ipconfigurationId = $vnetIpConfig.id
+      $addresslist = @('169.254.21.25')
+      $gw1ipconfBgp = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId -CustomAddress $addresslist
+      $job = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -DisableIPsecProtection $true -AsJob
+	  $job | Wait-Job
+	  $actual = $job | Receive-Job
+      $expected = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+      Assert-AreEqual $expected.DisableIPsecProtection $actual.DisableIPsecProtection
+
+      # Delete virtualNetworkGateway
+      $job = Remove-AzVirtualNetworkGateway -ResourceGroupName $actual.ResourceGroupName -name $rname -PassThru -Force -AsJob
+	  $job | Wait-Job
+	  $delete = $job | Receive-Job
+      Assert-AreEqual true $delete
+      
+      $list = Get-AzVirtualNetworkGateway -ResourceGroupName $actual.ResourceGroupName
+      Assert-AreEqual 0 @($list).Count
+     }
+     finally
+     {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+     }
+}
+
 <#
 .SYNOPSIS
 Virtual network gateway tests
diff --git a/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayTests/TestVirtualNetworkGatewayCRUD.json b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayTests/TestVirtualNetworkGatewayCRUD.json
diff --git a/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayTests/VirtualNetworkGatewayDisableIPsecProtection.json b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayTests/VirtualNetworkGatewayDisableIPsecProtection.json
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
@@ -19,6 +19,7 @@
 --->
 
 ## Upcoming Release
+* Added `DisableIPsecProtection` to `Virtual Network Gateway`.
 * Added new cmdlets to create/manage authorization objects for ExpressRoutePort:
     - `Add-AzExpressRoutePortAuthorization`
     - `Get-AzExpressRoutePortAuthorization`
diff --git a/src/Network/Network/Models/PSVirtualNetworkGateway.cs b/src/Network/Network/Models/PSVirtualNetworkGateway.cs
@@ -31,6 +31,9 @@ public class PSVirtualNetworkGateway : PSTopLevelResource
         [Ps1Xml(Target = ViewControl.Table)]
         public bool EnableBgp { get; set; }
 
+        [Ps1Xml(Target = ViewControl.Table)]
+        public bool DisableIPsecProtection { get; set; }
+
         [Ps1Xml(Target = ViewControl.Table)]
         public bool EnablePrivateIpAddress { get; set; }
 
diff --git a/src/Network/Network/VirtualNetworkGateway/NewAzureVirtualNetworkGatewayCommand.cs b/src/Network/Network/VirtualNetworkGateway/NewAzureVirtualNetworkGatewayCommand.cs
@@ -92,6 +92,12 @@ public class NewAzureVirtualNetworkGatewayCommand : VirtualNetworkGatewayBaseCmd
             HelpMessage = "EnableBgp Flag")]
         public bool EnableBgp { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Disable IPsec Protection Flag")]
+        public bool DisableIPsecProtection { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "Flag to enable Active Active feature on virtual network gateway")]
@@ -360,6 +366,7 @@ private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
             vnetGateway.GatewayType = this.GatewayType;
             vnetGateway.VpnType = this.VpnType;
             vnetGateway.EnableBgp = this.EnableBgp;
+            vnetGateway.DisableIPsecProtection = this.DisableIPsecProtection;
             vnetGateway.ActiveActive = this.EnableActiveActiveFeature.IsPresent;
             vnetGateway.EnablePrivateIpAddress = this.EnablePrivateIpAddress.IsPresent;
 
diff --git a/src/Network/Network/help/New-AzVirtualNetworkGateway.md b/src/Network/Network/help/New-AzVirtualNetworkGateway.md
@@ -16,7 +16,7 @@ Creates a Virtual Network Gateway
 ```
 New-AzVirtualNetworkGateway -Name <String> -ResourceGroupName <String> -Location <String>
  [-IpConfigurations <PSVirtualNetworkGatewayIpConfiguration[]>] [-GatewayType <String>] [-VpnType <String>]
- [-EnableBgp <Boolean>] [-EnableActiveActiveFeature] [-EnablePrivateIpAddress] [-GatewaySku <String>]
+ [-EnableBgp <Boolean>] [-DisableIPsecProtection <Boolean>] [-EnableActiveActiveFeature] [-EnablePrivateIpAddress] [-GatewaySku <String>]
  [-GatewayDefaultSite <PSLocalNetworkGateway>] [-VpnClientAddressPool <String[]>]
  [-VpnClientProtocol <String[]>] [-VpnAuthenticationType <String[]>]
  [-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
@@ -319,6 +319,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -DisableIPsecProtection 
+The Flag disables IPsec Protection on VirtualNetworkGateway.
+
+```yaml
+Type: System.Boolean
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -EnableBgpRouteTranslationForNat
 Flag to enable BgpRouteTranslationForNat on this VirtualNetworkGateway.
 
