async Task <List <string> > VerifyInternetClosed(Sandbox sandbox, CancellationToken cancellation = default)
{
var validationErrors = new List <string>();
_logger.LogInformation(_sandboxNextPhaseEventId, "Sandbox {0}: Verifying that internet is closed for all VMs ", sandbox.Id);
var allVms = CloudResourceUtil.GetAllResourcesByType(sandbox.Resources, AzureResourceType.VirtualMachine, false);
var networkSecurityGroup = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.NetworkSecurityGroup, true);
bool anyVmsFound = false;
foreach (var curVm in allVms)
{
anyVmsFound = true;
var vmInternetRule = await _virtualMachineRuleService.GetInternetRule(curVm.Id);
//Check if internet is set to open in Sepes
if (!_virtualMachineRuleService.IsRuleSetToDeny(vmInternetRule))
{
validationErrors.Add($"Internet is set to open on VM {curVm.ResourceName}");
}
else if (await _azureNetworkSecurityGroupRuleService.IsRuleSetTo(curVm.ResourceGroupName, networkSecurityGroup.ResourceName, vmInternetRule.Name, RuleAction.Allow, cancellation)) //Verify that internet is actually closed in Network Security Group in Azure
{
validationErrors.Add($"Internet is actually open on VM in Azure {curVm.ResourceName}");
}
if (await _cloudResourceOperationReadService.HasUnstartedCreateOrUpdateOperation(curVm.Id)) //Other unfinished VM update
{
validationErrors.Add($"Unfinished operation exists for VM {curVm.ResourceName}");
}
}
if (!anyVmsFound)
{
validationErrors.Add($"Sandbox contains no Virtual Machines");
}
return(validationErrors);
}
