Merge pull request Azure#6051 from maddieclayton/NetworkTests

KeyVault Network tests

Author: Maddie Clayton

TestMappings.json

@@ -117,7 +117,8 @@
     ".\\src\\ResourceManager\\RecoveryServices.Backup\\Commands.RecoveryServices.Backup.Test\\bin\\Debug\\Microsoft.Azure.Commands.RecoveryServices.Backup.Test.dll",
     ".\\src\\ResourceManager\\ServiceFabric\\Commands.ServiceFabric.Test\\bin\\Debug\\Microsoft.Azure.Commands.ServiceFabric.Test.dll",
     ".\\src\\ResourceManager\\Sql\\Commands.Sql.Test\\bin\\Debug\\Microsoft.Azure.Commands.Sql.Test.dll",
-    ".\\src\\ResourceManager\\Dns\\Commands.Dns.Test\\bin\\Debug\\Microsoft.Azure.Commands.Dns.Test.dll"
+    ".\\src\\ResourceManager\\Dns\\Commands.Dns.Test\\bin\\Debug\\Microsoft.Azure.Commands.Dns.Test.dll",
+    ".\\src\\ResourceManager\\KeyVault\\Commands.KeyVault.Test\\bin\\Debug\\Microsoft.Azure.Commands.KeyVault.Test.dll"
   ],
   "src/ResourceManager/NotificationHubs /": [
     ".\\src\\ResourceManager\\NotificationHubs\\Commands.NotificationHubs.Test\\bin\\Debug\\Microsoft.Azure.Commands.NotificationHubs.Test.dll"

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Commands.KeyVault.Test.csproj

@@ -81,6 +81,13 @@
     <Reference Include="Microsoft.Azure.Management.KeyVault">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.KeyVault.2.4.1-alpha\lib\net452\Microsoft.Azure.Management.KeyVault.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.Azure.Management.Network">
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.17.0.0-preview\lib\net452\Microsoft.Azure.Management.Network.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Azure.Management.ResourceManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.ResourceManager.1.6.0-preview\lib\net452\Microsoft.Azure.Management.ResourceManager.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Azure.ResourceManager, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Resources.2.20.0-preview\lib\net40\Microsoft.Azure.ResourceManager.dll</HintPath>
@@ -309,6 +316,9 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests.KeyVaultManagementTests\TestSetRemoveAccessPolicyByUPN.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests.KeyVaultManagementTests\TestNetworkSet.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\Common\Commands.Common.Authentication.Abstractions\Commands.Common.Authentication.Abstractions.csproj">

src/ResourceManager/KeyVault/Commands.KeyVault.Test/ScenarioTests/KeyVaultManagementController.cs

@@ -29,10 +29,13 @@
 using System.IO;
 using System.Linq;
 using LegacyTest = Microsoft.Azure.Test;
+using LegacyRMClient = Microsoft.Azure.Management.Resources;
+using RM = Microsoft.Azure.Management.ResourceManager;
 
 namespace Microsoft.Azure.Commands.KeyVault.Test
 {
     using Common.Authentication.Abstractions;
+    using Management.Network;
     using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
 
     using TestBase = Microsoft.Azure.Test.TestBase;
@@ -47,10 +50,12 @@ public class KeyVaultManagementController
         private const string DomainKey = "Domain";
         private const string SubscriptionIdKey = "SubscriptionId";
 
-        public ResourceManagementClient ResourceManagementClient { get; private set; }
+        public LegacyRMClient.ResourceManagementClient ResourceManagementClient { get; private set; }
 
         public Management.Internal.Resources.ResourceManagementClient NewResourceManagementClient { get; private set; }
 
+        public RM.ResourceManagementClient ResourceClient { get; private set; }
+
         public SubscriptionClient SubscriptionClient { get; private set; }
 
         public KeyVaultManagementClient KeyVaultManagementClient { get; private set; }
@@ -61,6 +66,8 @@ public class KeyVaultManagementController
 
         public GraphRbacManagementClient GraphClient { get; private set; }
 
+        public NetworkManagementClient NetworkManagementClient { get; private set; }
+
         public string UserDomain { get; private set; }
 
         public static KeyVaultManagementController NewInstance
@@ -132,7 +139,8 @@ public void RunPsTestWorkflow(
                     "Scripts\\ControlPlane\\" + callingClassName + ".ps1",
                     helper.RMProfileModule,
                     helper.RMResourceModule,
-                    helper.GetRMModulePath("AzureRM.KeyVault.psd1"));
+                    helper.GetRMModulePath("AzureRM.KeyVault.psd1"),
+                    helper.RMNetworkModule);
 
                 try
                 {
@@ -160,13 +168,17 @@ private void SetupManagementClients(MockContext context)
         {
             ResourceManagementClient = GetResourceManagementClient();
             NewResourceManagementClient = GetResourceManagementClient(context);
+            ResourceClient = GetResourceClient(context);
+            NetworkManagementClient = GetNetworkManagementClient(context);
             SubscriptionClient = GetSubscriptionClient();
             GalleryClient = GetGalleryClient();
             AuthorizationManagementClient = GetAuthorizationManagementClient();
             GraphClient = GetGraphClient(context);
             KeyVaultManagementClient = GetKeyVaultManagementClient(context);
             helper.SetupManagementClients(ResourceManagementClient,
                 NewResourceManagementClient,
+                ResourceClient,
+                NetworkManagementClient,
                 SubscriptionClient,
                 KeyVaultManagementClient,
                 AuthorizationManagementClient,
@@ -175,22 +187,31 @@ private void SetupManagementClients(MockContext context)
                 );
         }
 
+        private NetworkManagementClient GetNetworkManagementClient(MockContext context)
+        {
+            return context.GetServiceClient<NetworkManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
+        }
 
         private AuthorizationManagementClient GetAuthorizationManagementClient()
         {
             return LegacyTest.TestBase.GetServiceClient<AuthorizationManagementClient>(this.csmTestFactory);
         }
 
-        private ResourceManagementClient GetResourceManagementClient()
+        private LegacyRMClient.ResourceManagementClient GetResourceManagementClient()
         {
-            return LegacyTest.TestBase.GetServiceClient<ResourceManagementClient>(this.csmTestFactory);
+            return LegacyTest.TestBase.GetServiceClient<LegacyRMClient.ResourceManagementClient>(this.csmTestFactory);
         }
 
         private Management.Internal.Resources.ResourceManagementClient GetResourceManagementClient(MockContext context)
         {
             return context.GetServiceClient<Management.Internal.Resources.ResourceManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
         }
 
+        private RM.ResourceManagementClient GetResourceClient(MockContext context)
+        {
+            return context.GetServiceClient<RM.ResourceManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
+        }
+
         private KeyVaultManagementClient GetKeyVaultManagementClient(MockContext context)
         {
             return context.GetServiceClient<KeyVaultManagementClient>(TestEnvironmentFactory.GetTestEnvironment());

src/ResourceManager/KeyVault/Commands.KeyVault.Test/ScenarioTests/KeyVaultManagementTests.cs

@@ -630,6 +630,19 @@ public void TestCreateDeleteVaultWithPiping()
 
         #endregion
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestNetworkSet()
+        {
+            KeyVaultManagementController.NewInstance.RunPsTestWorkflow(
+                () => { return new[] { "Test-NetworkRuleSet" }; },
+                (env) => Initialize(),
+                null,
+                TestUtilities.GetCallingClass(),
+                TestUtilities.GetCurrentMethodName()
+                );
+        }
+
         #region Helper Methods
         private string GetUser(TestEnvironment environment)
         {

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/ControlPlane/KeyVaultManagementTests.ps1

@@ -808,4 +808,49 @@ function Compare-Vaults
         CheckVaultAccessPolicy $vault1 $vault2.AccessPolicies[0].PermissionsToKeys $vault2.AccessPolicies[0].PermissionsToSecrets $vault2.AccessPolicies[0].PermissionsToCertificates $vault2.AccessPolicies[0].PermissionsToStorage
         Assert-AreEqual $vault1.AccessPolicies[0].ObjectId $vault2.AccessPolicies[0].ObjectId
     }
+}
+
+function Test-NetworkRuleSet
+{
+	$resourceGroupName = getAssetName
+	$resourceGroupLocation = Get-Location "Microsoft.Resources" "resourceGroups" "westus"
+	$vaultName = getAssetName
+	$vaultLocation = Get-Location "Microsoft.KeyVault" "vaults" "westus"
+	$virtualNetworkName = getAssetName
+	$virtualNetworkLocation = Get-Location "Microsoft.Network" "virtualNetworks" "westus"
+
+	try
+	{
+		$rg = New-AzureRmResourceGroup -Name $resourceGroupName -Location $resourceGroupLocation
+		$vault = New-AzureRmKeyVault -VaultName $vaultName -ResourceGroupName $resourceGroupName -Location $vaultLocation
+
+		$frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name frontendSubnet -AddressPrefix "10.0.1.0/24" -ServiceEndpoint Microsoft.KeyVault 
+		$virtualNetwork = New-AzureRmVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $resourceGroupName -Location $virtualNetworkLocation -AddressPrefix "10.0.0.0/16" -Subnet $frontendSubnet
+
+		$myNetworkResId = (Get-AzureRmVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $resourceGroupName).Subnets[0].Id
+		Add-AzureRmKeyVaultNetworkRule -VaultName $vaultName -IpAddressRange "10.0.1.0/24" -VirtualNetworkResourceId $myNetworkResId
+		$vault = Get-AzureRmKeyVault -ResourceGroupName $resourceGroupName -Name $vaultName
+		Assert-AreEqual $vault.NetworkAcls.IpAddressRanges.Count 1
+		Assert-AreEqual $vault.NetworkAcls.IpAddressRanges[0] "10.0.1.0/24"
+		Assert-AreEqual $vault.NetworkAcls.VirtualNetworkResourceIds.Count 1
+		Assert-AreEqual $vault.NetworkAcls.VirtualNetworkResourceIds[0] $myNetworkResId
+		Assert-AreEqual $vault.NetworkAcls.Bypass.toString() "AzureServices"
+		Assert-AreEqual $vault.NetworkAcls.DefaultAction.toString() "Allow"
+
+		$networkRule = Update-AzureRmKeyVaultNetworkRuleSet -VaultName $vaultName -ResourceGroupName $resourceGroupName -Bypass None -DefaultAction Deny -PassThru
+		Assert-AreEqual $networkRule.NetworkAcls.Bypass.toString() "None"
+		Assert-AreEqual $networkRule.NetworkAcls.DefaultAction.toString() "Deny"
+		$vault = Get-AzureRmKeyVault -ResourceGroupName $resourceGroupName -Name $vaultName
+		Assert-AreEqual $vault.NetworkAcls.Bypass.toString() "None"
+		Assert-AreEqual $vault.NetworkAcls.DefaultAction.toString() "Deny"
+
+		Remove-AzureRmKeyVaultNetworkRule -VaultName $vaultName -ResourceGroupName $resourceGroupName -IpAddressRange "10.0.1.0/24" -VirtualNetworkResourceId $myNetworkResId
+		$vault = Get-AzureRmKeyVault -ResourceGroupName $resourceGroupName -Name $vaultName
+		Assert-AreEqual $vault.NetworkAcls.IpAddressRanges.Count 0
+		Assert-AreEqual $vault.NetworkAcls.VirtualNetworkResourceIds.Count 0
+	}
+	finally
+	{
+		Remove-AzureRmResourceGroup -Name $resourceGroupName -Force
+	}
 }

src/ResourceManager/KeyVault/Commands.KeyVault.Test/SessionRecords/Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests.KeyVaultManagementTests/TestNetworkSet.json

@@ -36,6 +36,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Commands.Resources", "..\Re
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Commands.Resources.Rest", "..\Resources\Commands.ResourceManager\Cmdlets\Commands.Resources.Rest.csproj", "{8058D403-06E3-4BED-8924-D166CE303961}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Commands.Network", "..\Network\Commands.Network\Commands.Network.csproj", "{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -106,6 +108,10 @@ Global
 		{8058D403-06E3-4BED-8924-D166CE303961}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8058D403-06E3-4BED-8924-D166CE303961}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8058D403-06E3-4BED-8924-D166CE303961}.Release|Any CPU.Build.0 = Release|Any CPU
+		{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE