merge network changes

Author: erich-wang

ChangeLog.md

@@ -134,7 +134,7 @@
 * Added SoftDelete feature for VM and added tests for softdelete
 
 #### Az.Resources
-* Update dependency assemlby Microsoft.Extensions.Caching.Memory from 1.1.1 to 2.2
+* Update dependency assembly Microsoft.Extensions.Caching.Memory from 1.1.1 to 2.2
 
 #### Az.Network
 * Change all cmdlets for PrivateEndpointConnection to support generic service provider.

src/Accounts/Accounts/AzureRmAlias/Mappings.json

@@ -1262,7 +1262,7 @@
     "Set-AzApplicationGatewayAutoscaleConfiguration": "Set-AzureRmApplicationGatewayAutoscaleConfiguration",
     "Set-AzApplicationGatewayAuthenticationCertificate": "Set-AzureRmApplicationGatewayAuthenticationCertificate",
     "Get-AzApplicationGatewayAvailableWafRuleSets": "Get-AzureRmApplicationGatewayAvailableWafRuleSets",
-   	"Get-AzApplicationGatewayAvailableServerVariableAndHeader": "Get-AzureRmApplicationGatewayAvailableServerVariableAndHeader",
+    "Get-AzApplicationGatewayAvailableServerVariableAndHeader": "Get-AzureRmApplicationGatewayAvailableServerVariableAndHeader",
     "Get-AzApplicationGatewayAvailableSslOptions": "Get-AzureRmApplicationGatewayAvailableSslOptions",
     "Add-AzApplicationGatewayBackendAddressPool": "Add-AzureRmApplicationGatewayBackendAddressPool",
     "Get-AzApplicationGatewayBackendAddressPool": "Get-AzureRmApplicationGatewayBackendAddressPool",
@@ -2519,4 +2519,4 @@
     "New-AzWebAppAzureStoragePath": "New-AzureRmWebAppAzureStoragePath",
     "Swap-AzWebAppSlot": "Swap-AzureRmWebAppSlot"
   }
-}
+}

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs

@@ -66,5 +66,13 @@ public void TestAzureFirewallVirtualHubCRUD()
             TestRunner.RunTestScript("Test-AzureFirewallVirtualHubCRUD");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallThreatIntelWhitelistCRUD()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallThreatIntelWhitelistCRUD");
+        }
+
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1

@@ -1156,3 +1156,52 @@ function Test-AzureFirewallVirtualHubCRUD {
         Clean-ResourceGroup $rgname
     }
 }
+
+<#
+.SYNOPSIS
+Tests AzureFirewall ThreatIntelWhitelist
+#>
+function Test-AzureFirewallThreatIntelWhitelistCRUD {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $location = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+
+    $vnetName = Get-ResourceName
+    $subnetName = "AzureFirewallSubnet"
+    $publicIpName = Get-ResourceName
+
+    $threatIntelWhitelist1 = New-AzFirewallThreatIntelWhitelist -FQDN @("*.microsoft.com", "microsoft.com") -IpAddress @("8.8.8.8", "1.1.1.1")
+    $threatIntelWhitelist2 = New-AzFirewallThreatIntelWhitelist -IpAddress @("  2.2.2.2  ","  3.3.3.3  ") -FQDN @("  bing.com  ",  "yammer.com  ")
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+
+        # Create public ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+
+        # Create AzureFirewall
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location -ThreatIntelWhitelist $threatIntelWhitelist1
+
+        # Verify
+        $getAzureFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqualArray $threatIntelWhitelist1.FQDNs $getAzureFirewall.ThreatIntelWhitelist.FQDNs
+        Assert-AreEqualArray $threatIntelWhitelist1.IpAddresses $getAzureFirewall.ThreatIntelWhitelist.IpAddresses
+
+        # Modify
+        $azureFirewall.ThreatIntelWhitelist = $threatIntelWhitelist2
+        Set-AzFirewall -AzureFirewall $azureFirewall
+        $getAzureFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqualArray $threatIntelWhitelist2.FQDNs $getAzureFirewall.ThreatIntelWhitelist.FQDNs
+        Assert-AreEqualArray $threatIntelWhitelist2.IpAddresses $getAzureFirewall.ThreatIntelWhitelist.IpAddresses
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}

src/Network/Network.Test/ScenarioTests/CortexTests.cs

@@ -50,5 +50,13 @@ public void TestCortexDownloadConfig()
         {
             TestRunner.RunTestScript("Test-CortexDownloadConfig");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.LiveOnly)]
+        [Trait(Category.Owner, NrpTeamAlias.brooklynft)]
+        public void TestP2SCortexCRUD()
+        {
+            TestRunner.RunTestScript("Test-P2SCortexCRUD");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/CortexTests.ps1

@@ -481,4 +481,208 @@ function Test-CortexExpressRouteCRUD
     {
         Clean-ResourceGroup $rgname
     }
+}
+
+<# .SYNOPSIS
+ Point to site Cortex feature tests
+ #>
+ function Test-P2SCortexCRUD
+ {
+ param 
+    ( 
+        $basedir = ".\" 
+    )
+
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $rglocation = Get-ProviderLocation "Microsoft.Network/VirtualWans"
+ 
+    $virtualWanName = Get-ResourceName
+    $virtualHubName = Get-ResourceName
+    $VpnServerConfiguration1Name = Get-ResourceName
+    $VpnServerConfiguration2Name = Get-ResourceName
+    $P2SVpnGatewayName = Get-ResourceName
+    $vpnclientAuthMethod = "EAPTLS"
+
+    $storeName = 'blob' + $rgName
+
+    try
+	{
+		# Create the resource group
+		$resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation
+
+		# Create the Virtual Wan
+		$createdVirtualWan = New-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName -Location $rglocation
+		$virtualWan = Get-AzVirtualWan -ResourceGroupName $rgName -Name $virtualWanName
+		Assert-AreEqual $rgName $virtualWan.ResourceGroupName
+		Assert-AreEqual $virtualWanName $virtualWan.Name
+
+		# Create the Virtual Hub
+		$createdVirtualHub = New-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName -Location $rglocation -AddressPrefix "192.168.1.0/24" -VirtualWan $virtualWan
+		$virtualHub = Get-AzVirtualHub -ResourceGroupName $rgName -Name $virtualHubName
+		Assert-AreEqual $rgName $virtualHub.ResourceGroupName
+		Assert-AreEqual $virtualHubName $virtualHub.Name
+		Assert-AreEqual $virtualWan.Id $virtualhub.VirtualWan.Id
+
+		# Create the VpnServerConfiguration1 with VpnClient settings using New-AzVpnServerConfiguration
+		$VpnServerConfigCertFilePath = Join-Path -Path $basedir -ChildPath "\ScenarioTests\Data\ApplicationGatewayAuthCert.cer"
+		$listOfCerts = New-Object "System.Collections.Generic.List[String]"
+		$listOfCerts.Add($VpnServerConfigCertFilePath)
+		$vpnclientipsecpolicy1 = New-AzVpnClientIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86471 -SADataSize 429496 -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup14 -PfsGroup PFS14
+        New-AzVpnServerConfiguration -Name $VpnServerConfiguration1Name -ResourceGroupName $rgName -VpnProtocol IkeV2 -VpnAuthenticationType Certificate -VpnClientRootCertificateFilesList $listOfCerts -VpnClientRevokedCertificateFilesList $listOfCerts -VpnClientIpsecPolicy $vpnclientipsecpolicy1 -Location $rglocation
+
+        # Get created VpnServerConfiguration using Get-AzVpnServerConfiguration
+        $vpnServerConfig1 = Get-AzVpnServerConfiguration -ResourceGroupName $rgName -Name $VpnServerConfiguration1Name
+        Assert-NotNull $vpnServerConfig1
+		Assert-AreEqual $rgName $vpnServerConfig1.ResourceGroupName
+		Assert-AreEqual $VpnServerConfiguration1Name $vpnServerConfig1.Name
+		$protocols = $vpnServerConfig1.VpnProtocols
+		Assert-AreEqual 1 @($protocols).Count
+		Assert-AreEqual "IkeV2" $protocols[0]
+		$authenticationTypes = $vpnServerConfig1.VpnAuthenticationTypes
+		Assert-AreEqual 1 @($authenticationTypes).Count
+		Assert-AreEqual "Certificate" $authenticationTypes[0]
+
+		# Create the P2SVpnGateway using New-AzP2sVpnGateway
+		$vpnClientAddressSpaces = New-Object string[] 2
+		$vpnClientAddressSpaces[0] = "192.168.2.0/24"
+		$vpnClientAddressSpaces[1] = "192.168.3.0/24"
+		$createdP2SVpnGateway = New-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName -VirtualHub $virtualHub -VpnGatewayScaleUnit 1 -VpnClientAddressPool $vpnClientAddressSpaces -VpnServerConfiguration $vpnServerConfig1
+		Assert-AreEqual "Succeeded" $createdP2SVpnGateway.ProvisioningState
+
+		# Get the created P2SVpnGateway using Get-AzP2sVpnGateway
+		$P2SVpnGateway = Get-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName
+		Assert-AreEqual $rgName $P2SVpnGateway.ResourceGroupName
+		Assert-AreEqual $P2SvpnGatewayName $P2SVpnGateway.Name
+		Assert-AreEqual $vpnServerConfig1.Id $P2SVpnGateway.VpnServerConfiguration.Id
+		Assert-AreEqual "Succeeded" $P2SVpnGateway.ProvisioningState
+
+		# Get all associated VpnServerConfigurations at Wan level using Get-AzVirtualWanVpnServerConfiguration
+        $associatedVpnServerConfigs = Get-AzVirtualWanVpnServerConfiguration -Name $virtualWanName -ResourceGroupName $rgName
+        Assert-NotNull $associatedVpnServerConfigs
+        Assert-AreEqual 1 @($associatedVpnServerConfigs.VpnServerConfigurationResourceIds).Count
+        Assert-AreEqual $vpnServerConfig1.Id $associatedVpnServerConfigs.VpnServerConfigurationResourceIds[0]
+
+        # Get VpnServerConfiguration1 and see that it shows as attached to P2SVpnGateway created.
+        $vpnServerConfig1 = Get-AzVpnServerConfiguration -ResourceGroupName $rgName -Name $VpnServerConfiguration1Name
+        Assert-NotNull $vpnServerConfig1
+        Assert-AreEqual $vpnServerConfig1.P2sVpnGateways[0].Id $P2SVpnGateway.Id
+
+        # List all VpnServerConfigurations under Resource group
+        $vpnServerConfigs = Get-AzVpnServerConfiguration -ResourceGroupName $rgName
+        Assert-NotNull $vpnServerConfigs
+        Assert-AreEqual 1 @($vpnServerConfigs).Count
+        
+        # Generate vpn profile at Hub/P2SVpnGateway level using Get-AzP2sVpnGatewayVpnProfile
+		$vpnProfileResponse = Get-AzP2sVpnGatewayVpnProfile -Name $P2SVpnGatewayName -ResourceGroupName $rgName -AuthenticationMethod $vpnclientAuthMethod
+		Assert-NotNull $vpnProfileResponse.ProfileUrl
+		Assert-AreEqual True ($vpnProfileResponse.ProfileUrl -Match "zip")
+
+		# Generate vpn profile at Wan-VpnServerConfiguration combination level using Get-AzP2sVpnGatewayVpnProfile
+		$vpnProfileWanResponse = Get-AzVirtualWanVpnServerConfigurationVpnProfile -Name $virtualWanName -ResourceGroupName $rgName -AuthenticationMethod $vpnclientAuthMethod -VpnServerConfiguration $vpnServerConfig1
+		Assert-NotNull $vpnProfileWanResponse.ProfileUrl
+		Assert-AreEqual True ($vpnProfileWanResponse.ProfileUrl -Match "zip")
+
+		# Create the VpnServerConfiguration2 with RadiusClient settings using New-AzVpnServerConfiguration
+		#[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test passwords only valid for the duration of the test")]
+		$Secure_String_Pwd = ConvertTo-SecureString "TestRadiusServerPassword" -AsPlainText -Force
+		New-AzVpnServerConfiguration -Name $VpnServerConfiguration2Name -ResourceGroupName $rgName -VpnProtocol IkeV2 -VpnAuthenticationType Radius -RadiusServerAddress "TestRadiusServer" -RadiusServerSecret $Secure_String_Pwd -RadiusServerRootCertificateFilesList $listOfCerts -RadiusClientRootCertificateFilesList $listOfCerts -Location $rglocation
+        
+        $vpnServerConfig2 = Get-AzVpnServerConfiguration -ResourceGroupName $rgName -Name $VpnServerConfiguration2Name
+		Assert-AreEqual "Succeeded" $vpnServerConfig2.ProvisioningState
+		Assert-AreEqual "TestRadiusServer" $vpnServerConfig2.RadiusServerAddress
+	
+        # List all VpnServerConfigurations under Resource group
+        $vpnServerConfigs = Get-AzVpnServerConfiguration -ResourceGroupName $rgName
+        Assert-NotNull $vpnServerConfigs
+        Assert-AreEqual 2 @($vpnServerConfigs).Count
+
+		# Update existing VpnServerConfiguration2 using Update-AzVpnServerConfiguration
+		Update-AzVpnServerConfiguration -Name $VpnServerConfiguration2Name -ResourceGroupName $rgName -RadiusServerAddress "TestRadiusServer1"
+		$VpnServerConfig2 = Get-AzVpnServerConfiguration -Name $VpnServerConfiguration2Name -ResourceGroupName $rgName
+		Assert-AreEqual $VpnServerConfiguration2Name $VpnServerConfig2.Name
+		Assert-AreEqual "TestRadiusServer1" $VpnServerConfig2.RadiusServerAddress
+		
+		Update-AzVpnServerConfiguration -ResourceId  $VpnServerConfig2.Id -RadiusServerAddress "TestRadiusServer2"			
+		$VpnServerConfig2Get = Get-AzVpnServerConfiguration -ResourceGroupName $rgName -Name $VpnServerConfiguration2Name
+		Assert-AreEqual "TestRadiusServer2" $VpnServerConfig2Get.RadiusServerAddress
+						
+		Update-AzVpnServerConfiguration -InputObject $VpnServerConfig2Get -RadiusServerAddress "TestRadiusServer3"
+		$VpnServerConfig2Get = Get-AzVpnServerConfiguration -ResourceGroupName $rgName -Name $VpnServerConfiguration2Name
+        Assert-AreEqual "TestRadiusServer3" $VpnServerConfig2Get.RadiusServerAddress
+
+        # Update existing P2SVpnGateway  with new VpnClientAddressPool using Update-AzP2sVpnGateway
+        $vpnClientAddressSpaces[1] = "192.168.4.0/24"
+        $updatedP2SVpnGateway = Update-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName -VpnClientAddressPool $vpnClientAddressSpaces
+
+        $P2SVpnGateway = Get-AzP2sVpnGateway -ResourceGroupName $rgName -Name $P2SvpnGatewayName
+		Assert-AreEqual $P2SvpnGatewayName $P2SVpnGateway.Name
+		Assert-AreEqual "Succeeded" $P2SVpnGateway.ProvisioningState
+		Assert-AreEqual $vpnServerConfig1.Id $P2SVpnGateway.VpnServerConfiguration.Id
+		$setVpnClientAddressSpacesString = [system.String]::Join(" ", $vpnClientAddressSpaces)
+        Assert-AreEqual $setVpnClientAddressSpacesString $P2SVpnGateway.P2SConnectionConfigurations[0].VpnClientAddressPool.AddressPrefixes
+        
+        $associatedVpnServerConfigs = Get-AzVirtualWanVpnServerConfiguration -ResourceId $virtualWan.Id
+        Assert-NotNull $associatedVpnServerConfigs
+        Assert-AreEqual 1 @($associatedVpnServerConfigs.VpnServerConfigurationResourceIds).Count
+        Assert-AreEqual $vpnServerConfig1.Id $associatedVpnServerConfigs.VpnServerConfigurationResourceIds[0]
+
+        # Delete VpnServerConfiguration2 using Remove-AzVirtualWanVpnServerConfiguration
+		$delete = Remove-AzVpnServerConfiguration -InputObject $VpnServerConfig2Get -Force -PassThru
+		Assert-AreEqual $True $delete
+
+		$vpnServerConfigs = Get-AzVpnServerConfiguration -ResourceGroupName $rgName
+        Assert-NotNull $vpnServerConfigs
+        Assert-AreEqual 1 @($vpnServerConfigs).Count
+
+        # Get aggreagated point to site connections health from P2SVpnGateway
+        #$aggregatedConnectionHealth = Get-AzP2sVpnGatewayConnectionHealth -Name $P2SvpnGatewayName -ResourceGroupName $rgName
+        #Assert-NotNull $aggregatedConnectionHealth
+        #Assert-NotNull $aggregatedConnectionHealth.VpnClientConnectionHealth
+        #Assert-AreEqual 0 $aggregatedConnectionHealth.VpnClientConnectionHealth.VpnClientConnectionsCount
+        
+        # Get a SAS url for getting detained point to site connections health details.
+        $storetype = 'Standard_GRS'
+		$containerName = "cont$($rgName)"
+		New-AzStorageAccount -ResourceGroupName $rgName -Name $storeName -Location $rglocation -Type $storetype
+		$key = Get-AzStorageAccountKey -ResourceGroupName $rgName -Name $storeName
+		$context = New-AzStorageContext -StorageAccountName $storeName -StorageAccountKey $key[0].Value
+		New-AzStorageContainer -Name $containerName -Context $context
+		$container = Get-AzStorageContainer -Name $containerName -Context $context
+		New-Item -Name EmptyFile.txt -ItemType File -Force
+		Set-AzStorageBlobContent -File "EmptyFile.txt" -Container $containerName -Blob "emptyfile.txt" -Context $context
+		$now=get-date
+		$blobSasUrl = New-AzStorageBlobSASToken -Container $containerName -Blob emptyfile.txt -Context $context -Permission "rwd" -StartTime $now.AddHours(-1) -ExpiryTime $now.AddDays(1) -FullUri
+
+        # Get detailed point to site connections health from P2SVpnGateway
+        $detailedConnectionHealth = Get-AzP2sVpnGatewayDetailedConnectionHealth -Name $P2SvpnGatewayName -ResourceGroupName $rgName -OutputBlobSasUrl $blobSasUrl
+        Assert-NotNull $detailedConnectionHealth
+        Assert-NotNull $detailedConnectionHealth.SasUrl
+        Assert-AreEqual $blobSasUrl $detailedConnectionHealth.SasUrl
+     }
+     finally
+     {
+		# Delete P2SVpnGateway using Remove-AzP2sVpnGateway
+		$delete = Remove-AzP2sVpnGateway -Name $P2SVpnGatewayName -ResourceGroupName $rgName -Force -PassThru
+		Assert-AreEqual $True $delete
+
+        # Verify that there are no associated VpnServerConfigurations to Virtual wan anymore
+        $associatedVpnServerConfigs = Get-AzVirtualWanVpnServerConfiguration -Name $virtualWanName -ResourceGroupName $rgName
+        Assert-NotNull $associatedVpnServerConfigs
+        Assert-AreEqual 0 @($associatedVpnServerConfigs.VpnServerConfigurationResourceIds).Count
+
+		# Delete VpnServerConfiguration1 using Remove-AzVpnServerConfiguration      
+		$delete = Remove-AzVpnServerConfiguration -ResourceGroupName $rgName -Name $VpnServerConfiguration1Name -Force -PassThru
+		Assert-AreEqual $True $delete
+
+		# Delete Virtual hub
+		$delete = Remove-AzVirtualHub -ResourceGroupName $rgname -Name $virtualHubName -Force -PassThru
+		Assert-AreEqual $True $delete
+
+		# Delete Virtual wan
+		$delete = Remove-AzVirtualWan -InputObject $virtualWan -Force -PassThru
+		Assert-AreEqual $True $delete
+
+		Clean-ResourceGroup $rgname
+     }
 }