public override void Execute()
        {
            base.Execute();
            var    present     = this.IsVirtualNetworkGatewayPresent(this.ResourceGroupName, this.Name);
            string warningMsg  = string.Empty;
            string continueMsg = Properties.Resources.CreatingResourceMessage;
            bool   force       = true;

            if (!string.IsNullOrEmpty(GatewaySku) &&
                GatewaySku.Equals(MNM.VirtualNetworkGatewaySkuTier.UltraPerformance, StringComparison.InvariantCultureIgnoreCase))
            {
                warningMsg = string.Format(Properties.Resources.UltraPerformaceGatewayWarning, this.Name);
                force      = false;
            }
            else
            {
                warningMsg = string.Format(Properties.Resources.OverwritingResource, this.Name);
            }
            if (this.Force.IsPresent)
            {
                force = true;
            }

            ConfirmAction(
                force,
                warningMsg,
                continueMsg,
                Name,
                () =>
            {
                var virtualNetworkGateway = CreateVirtualNetworkGateway();
                WriteObject(virtualNetworkGateway);
            },
                () => present);
        }
        private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
        {
            var vnetGateway = new PSVirtualNetworkGateway();

            vnetGateway.Name = this.Name;
            vnetGateway.ResourceGroupName = this.ResourceGroupName;
            vnetGateway.Location          = this.Location;

            if (this.GatewaySku != null)
            {
                vnetGateway.Sku      = new PSVirtualNetworkGatewaySku();
                vnetGateway.Sku.Tier = this.GatewaySku;
                vnetGateway.Sku.Name = this.GatewaySku;
            }
            else
            {
                // If gateway sku param value is not passed,  - Let NRP make the decision, just pass it as null here
                vnetGateway.Sku = null;
            }

            if (this.EnableActiveActiveFeature.IsPresent && !this.VpnType.Equals(MNM.VpnType.RouteBased))
            {
                throw new ArgumentException("Virtual Network Gateway VpnType should be " + MNM.VpnType.RouteBased + " when Active-Active feature flag is set to True.");
            }

            if (this.IpConfigurations != null)
            {
                vnetGateway.IpConfigurations = this.IpConfigurations?.ToList();
            }

            if (!string.IsNullOrEmpty(GatewaySku) &&
                GatewaySku.Equals(
                    MNM.VirtualNetworkGatewaySkuTier.UltraPerformance,
                    StringComparison.InvariantCultureIgnoreCase) && !string.IsNullOrEmpty(GatewayType) &&
                !GatewayType.Equals(
                    MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(),
                    StringComparison.InvariantCultureIgnoreCase))
            {
                throw new ArgumentException("Virtual Network Gateway Need to be Express Route when the sku is UltraPerformance.");
            }
            vnetGateway.GatewayType  = this.GatewayType;
            vnetGateway.VpnType      = this.VpnType;
            vnetGateway.EnableBgp    = this.EnableBgp;
            vnetGateway.ActiveActive = this.EnableActiveActiveFeature.IsPresent;

            if (this.GatewayDefaultSite != null)
            {
                vnetGateway.GatewayDefaultSite    = new PSResourceId();
                vnetGateway.GatewayDefaultSite.Id = this.GatewayDefaultSite.Id;
            }
            else
            {
                vnetGateway.GatewayDefaultSite = null;
            }

            if (this.VpnClientAddressPool != null ||
                this.VpnClientRootCertificates != null ||
                this.VpnClientRevokedCertificates != null ||
                this.RadiusServerAddress != null ||
                (this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0))
            {
                vnetGateway.VpnClientConfiguration = new PSVpnClientConfiguration();

                if (this.VpnClientAddressPool != null)
                {
                    // Make sure passed Virtual Network gateway type is RouteBased if P2S VpnClientAddressPool is specified.
                    if (this.VpnType == null || !this.VpnType.Equals(MNM.VpnType.RouteBased))
                    {
                        throw new ArgumentException("Virtual Network Gateway VpnType should be :" + MNM.VpnType.RouteBased + " when P2S VpnClientAddressPool is specified.");
                    }

                    vnetGateway.VpnClientConfiguration.VpnClientAddressPool = new PSAddressSpace();
                    vnetGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool?.ToList();
                }

                if (this.VpnClientProtocol != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientProtocols = this.VpnClientProtocol?.ToList();
                }

                if (this.VpnClientRootCertificates != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates?.ToList();
                }

                if (this.VpnClientRevokedCertificates != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientRevokedCertificates = this.VpnClientRevokedCertificates?.ToList();
                }

                if (this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientIpsecPolicies = this.VpnClientIpsecPolicy?.ToList();
                }

                if ((this.RadiusServerAddress != null && this.RadiusServerSecret == null) ||
                    (this.RadiusServerAddress == null && this.RadiusServerSecret != null))
                {
                    throw new ArgumentException("Both radius server address and secret must be specified if external radius is being configured");
                }

                if (this.RadiusServerAddress != null)
                {
                    vnetGateway.VpnClientConfiguration.RadiusServerAddress = this.RadiusServerAddress;
                    vnetGateway.VpnClientConfiguration.RadiusServerSecret  = SecureStringExtensions.ConvertToString(this.RadiusServerSecret);
                }
            }
            else
            {
                vnetGateway.VpnClientConfiguration = null;
            }

            if (this.Asn > 0 || this.PeerWeight > 0)
            {
                vnetGateway.BgpSettings = new PSBgpSettings();
                vnetGateway.BgpSettings.BgpPeeringAddress = null; // We block modifying the gateway's BgpPeeringAddress (CA)

                if (this.Asn > 0)
                {
                    vnetGateway.BgpSettings.Asn = this.Asn;
                }

                if (this.PeerWeight > 0)
                {
                    vnetGateway.BgpSettings.PeerWeight = this.PeerWeight;
                }
                else if (this.PeerWeight < 0)
                {
                    throw new ArgumentException("PeerWeight must be a positive integer");
                }
            }

            if (this.CustomRoute != null && this.CustomRoute.Any())
            {
                vnetGateway.CustomRoutes = new PSAddressSpace();
                vnetGateway.CustomRoutes.AddressPrefixes = this.CustomRoute?.ToList();
            }
            else
            {
                vnetGateway.CustomRoutes = null;
            }

            // Map to the sdk object
            var vnetGatewayModel = NetworkResourceManagerProfile.Mapper.Map <MNM.VirtualNetworkGateway>(vnetGateway);

            vnetGatewayModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);

            // Execute the Create VirtualNetwork call
            this.VirtualNetworkGatewayClient.CreateOrUpdate(this.ResourceGroupName, this.Name, vnetGatewayModel);

            var getVirtualNetworkGateway = this.GetVirtualNetworkGateway(this.ResourceGroupName, this.Name);

            return(getVirtualNetworkGateway);
        }
Beispiel #3
0
        private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
        {
            var vnetGateway = new PSVirtualNetworkGateway();

            vnetGateway.Name = this.Name;
            vnetGateway.ResourceGroupName = this.ResourceGroupName;
            vnetGateway.Location          = this.Location;

            if (this.GatewaySku != null)
            {
                vnetGateway.Sku      = new PSVirtualNetworkGatewaySku();
                vnetGateway.Sku.Tier = this.GatewaySku;
                vnetGateway.Sku.Name = this.GatewaySku;
            }
            else
            {
                // If gateway sku param value is not passed, set gateway sku to Standard if VpnType is RouteBased and Basic if VpnType is PolicyBased
                if (this.VpnType != null && this.VpnType.Equals(MNM.VpnType.RouteBased))
                {
                    vnetGateway.Sku      = new PSVirtualNetworkGatewaySku();
                    vnetGateway.Sku.Tier = MNM.VirtualNetworkGatewaySkuTier.Standard;
                    vnetGateway.Sku.Name = MNM.VirtualNetworkGatewaySkuTier.Standard;
                }
                else
                {
                    vnetGateway.Sku      = new PSVirtualNetworkGatewaySku();
                    vnetGateway.Sku.Tier = MNM.VirtualNetworkGatewaySkuTier.Basic;
                    vnetGateway.Sku.Name = MNM.VirtualNetworkGatewaySkuTier.Basic;
                }
            }

            if (this.EnableActiveActiveFeature.IsPresent && !vnetGateway.Sku.Tier.Equals(MNM.VirtualNetworkGatewaySkuTier.HighPerformance))
            {
                throw new ArgumentException("Virtual Network Gateway Sku should be " + MNM.VirtualNetworkGatewaySkuTier.HighPerformance + " when Active-Active feature flag is set to True.");
            }

            if (this.EnableActiveActiveFeature.IsPresent && !this.VpnType.Equals(MNM.VpnType.RouteBased))
            {
                throw new ArgumentException("Virtual Network Gateway VpnType should be " + MNM.VpnType.RouteBased + " when Active-Active feature flag is set to True.");
            }

            if (this.EnableActiveActiveFeature.IsPresent && this.IpConfigurations.Count != 2)
            {
                throw new ArgumentException("Virtual Network Gateway should have 2 Gateway IpConfigurations specified when Active-Active feature flag is True.");
            }

            if (!this.EnableActiveActiveFeature.IsPresent && this.IpConfigurations.Count == 2)
            {
                throw new ArgumentException("Virtual Network Gateway should have Active-Active feature flag set to True as there are 2 Gateway IpConfigurations specified. OR there should be only one Gateway IpConfiguration specified.");
            }

            if (this.IpConfigurations != null)
            {
                vnetGateway.IpConfigurations = this.IpConfigurations;
            }

            if (!string.IsNullOrEmpty(GatewaySku) &&
                GatewaySku.Equals(
                    MNM.VirtualNetworkGatewaySkuTier.UltraPerformance,
                    StringComparison.InvariantCultureIgnoreCase) && !string.IsNullOrEmpty(GatewayType) &&
                !GatewayType.Equals(
                    MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(),
                    StringComparison.InvariantCultureIgnoreCase))
            {
                throw new ArgumentException("Virtual Network Gateway Need to be Express Route when the sku is UltraPerformance.");
            }
            vnetGateway.GatewayType  = this.GatewayType;
            vnetGateway.VpnType      = this.VpnType;
            vnetGateway.EnableBgp    = this.EnableBgp;
            vnetGateway.ActiveActive = this.EnableActiveActiveFeature.IsPresent;

            if (this.GatewayDefaultSite != null)
            {
                vnetGateway.GatewayDefaultSite    = new PSResourceId();
                vnetGateway.GatewayDefaultSite.Id = this.GatewayDefaultSite.Id;
            }
            else
            {
                vnetGateway.GatewayDefaultSite = null;
            }

            if (this.VpnClientAddressPool != null || this.VpnClientRootCertificates != null || this.VpnClientRevokedCertificates != null)
            {
                vnetGateway.VpnClientConfiguration = new PSVpnClientConfiguration();

                if (this.VpnClientAddressPool != null)
                {
                    // Make sure passed Virtual Network gateway type is RouteBased if P2S VpnClientAddressPool is specified.
                    if (this.VpnType == null || !this.VpnType.Equals(MNM.VpnType.RouteBased))
                    {
                        throw new ArgumentException("Virtual Network Gateway VpnType should be :" + MNM.VpnType.RouteBased + " when P2S VpnClientAddressPool is specified.");
                    }

                    vnetGateway.VpnClientConfiguration.VpnClientAddressPool = new PSAddressSpace();
                    vnetGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool;
                }

                if (this.VpnClientRootCertificates != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates;
                }

                if (this.VpnClientRevokedCertificates != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientRevokedCertificates = this.VpnClientRevokedCertificates;
                }
            }
            else
            {
                vnetGateway.VpnClientConfiguration = null;
            }

            if (this.Asn > 0 || this.PeerWeight > 0)
            {
                vnetGateway.BgpSettings = new PSBgpSettings();
                vnetGateway.BgpSettings.BgpPeeringAddress = null; // We block modifying the gateway's BgpPeeringAddress (CA)

                if (this.Asn > 0)
                {
                    vnetGateway.BgpSettings.Asn = this.Asn;
                }

                if (this.PeerWeight > 0)
                {
                    vnetGateway.BgpSettings.PeerWeight = this.PeerWeight;
                }
                else if (this.PeerWeight < 0)
                {
                    throw new ArgumentException("PeerWeight must be a positive integer");
                }
            }

            // Map to the sdk object
            var vnetGatewayModel = Mapper.Map <MNM.VirtualNetworkGateway>(vnetGateway);

            vnetGatewayModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);

            // Execute the Create VirtualNetwork call
            this.VirtualNetworkGatewayClient.CreateOrUpdate(this.ResourceGroupName, this.Name, vnetGatewayModel);

            var getVirtualNetworkGateway = this.GetVirtualNetworkGateway(this.ResourceGroupName, this.Name);

            return(getVirtualNetworkGateway);
        }
Beispiel #4
0
        private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
        {
            var vnetGateway = new PSVirtualNetworkGateway();

            vnetGateway.Name = this.Name;
            vnetGateway.ResourceGroupName = this.ResourceGroupName;
            vnetGateway.Location          = this.Location;

            if (this.GatewaySku != null)
            {
                vnetGateway.Sku      = new PSVirtualNetworkGatewaySku();
                vnetGateway.Sku.Tier = this.GatewaySku;
                vnetGateway.Sku.Name = this.GatewaySku;
            }
            else
            {
                // If gateway sku param value is not passed,  - Let NRP make the decision, just pass it as null here
                vnetGateway.Sku = null;
            }

            if (this.EnableActiveActiveFeature.IsPresent && !this.VpnType.Equals(MNM.VpnType.RouteBased))
            {
                throw new ArgumentException("Virtual Network Gateway VpnType should be " + MNM.VpnType.RouteBased + " when Active-Active feature flag is set to True.");
            }

            if (this.IpConfigurations != null)
            {
                vnetGateway.IpConfigurations = this.IpConfigurations?.ToList();
            }

            if (!string.IsNullOrEmpty(GatewaySku) &&
                GatewaySku.Equals(
                    MNM.VirtualNetworkGatewaySkuTier.UltraPerformance,
                    StringComparison.InvariantCultureIgnoreCase) && !string.IsNullOrEmpty(GatewayType) &&
                !GatewayType.Equals(
                    MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(),
                    StringComparison.InvariantCultureIgnoreCase))
            {
                throw new ArgumentException("Virtual Network Gateway Need to be Express Route when the sku is UltraPerformance.");
            }
            vnetGateway.GatewayType            = this.GatewayType;
            vnetGateway.VpnType                = this.VpnType;
            vnetGateway.EnableBgp              = this.EnableBgp;
            vnetGateway.DisableIPsecProtection = this.DisableIPsecProtection;
            vnetGateway.ActiveActive           = this.EnableActiveActiveFeature.IsPresent;
            vnetGateway.EnablePrivateIpAddress = this.EnablePrivateIpAddress.IsPresent;

            if (this.GatewayDefaultSite != null)
            {
                vnetGateway.GatewayDefaultSite    = new PSResourceId();
                vnetGateway.GatewayDefaultSite.Id = this.GatewayDefaultSite.Id;
            }
            else
            {
                vnetGateway.GatewayDefaultSite = null;
            }

            if (this.VpnClientAddressPool != null ||
                this.VpnClientRootCertificates != null ||
                this.VpnClientRevokedCertificates != null ||
                this.RadiusServerAddress != null ||
                (this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0) ||
                this.AadTenantUri != null)
            {
                vnetGateway.VpnClientConfiguration = new PSVpnClientConfiguration();

                if (this.VpnClientAddressPool != null)
                {
                    // Make sure passed Virtual Network gateway type is RouteBased if P2S VpnClientAddressPool is specified.
                    if (this.VpnType == null || !this.VpnType.Equals(MNM.VpnType.RouteBased))
                    {
                        throw new ArgumentException("Virtual Network Gateway VpnType should be :" + MNM.VpnType.RouteBased + " when P2S VpnClientAddressPool is specified.");
                    }

                    vnetGateway.VpnClientConfiguration.VpnClientAddressPool = new PSAddressSpace();
                    vnetGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool?.ToList();
                }

                if (this.VpnClientProtocol != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientProtocols = this.VpnClientProtocol?.ToList();
                }

                if (this.VpnAuthenticationType != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnAuthenticationTypes = this.VpnAuthenticationType?.ToList();
                }

                if (this.VpnClientRootCertificates != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates?.ToList();
                }

                if (this.VpnClientRevokedCertificates != null)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientRevokedCertificates = this.VpnClientRevokedCertificates?.ToList();
                }

                if (this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0)
                {
                    vnetGateway.VpnClientConfiguration.VpnClientIpsecPolicies = this.VpnClientIpsecPolicy?.ToList();
                }

                if ((this.RadiusServerAddress != null && this.RadiusServerSecret == null) ||
                    (this.RadiusServerAddress == null && this.RadiusServerSecret != null))
                {
                    throw new ArgumentException("Both radius server address and secret must be specified if external radius is being configured");
                }

                if (this.RadiusServerAddress != null && this.RadiusServerSecret != null)
                {
                    vnetGateway.VpnClientConfiguration.RadiusServerAddress = this.RadiusServerAddress;
                    vnetGateway.VpnClientConfiguration.RadiusServerSecret  = SecureStringExtensions.ConvertToString(this.RadiusServerSecret);
                }

                if (this.RadiusServerList != null && this.RadiusServerList.Any())
                {
                    vnetGateway.VpnClientConfiguration.RadiusServers = this.RadiusServerList?.ToList();
                }

                if (this.AadTenantUri != null)
                {
                    if (this.AadIssuerUri == null || this.AadAudienceId == null)
                    {
                        throw new ArgumentException("AadTenantUri, AadIssuerUri and AadAudienceId must be specified if AAD authentication is being configured for P2S.");
                    }

                    if (vnetGateway.VpnClientConfiguration.VpnClientProtocols.Count() == 1 &&
                        vnetGateway.VpnClientConfiguration.VpnClientProtocols.First().Equals(MNM.VpnClientProtocol.OpenVPN))
                    {
                        vnetGateway.VpnClientConfiguration.AadTenant   = this.AadTenantUri;
                        vnetGateway.VpnClientConfiguration.AadIssuer   = this.AadIssuerUri;
                        vnetGateway.VpnClientConfiguration.AadAudience = this.AadAudienceId;
                    }
                    else
                    {
                        throw new ArgumentException("Virtual Network Gateway VpnClientProtocol should be :" + MNM.VpnClientProtocol.OpenVPN + " when P2S AAD authentication is being configured.");
                    }
                }
            }
            else
            {
                vnetGateway.VpnClientConfiguration = null;
            }

            if (this.Asn > 0 || this.PeerWeight > 0)
            {
                vnetGateway.BgpSettings = new PSBgpSettings();
                vnetGateway.BgpSettings.BgpPeeringAddress = null; // We block modifying the gateway's BgpPeeringAddress (CA)

                if (this.Asn > 0)
                {
                    vnetGateway.BgpSettings.Asn = this.Asn;
                }

                if (this.PeerWeight > 0)
                {
                    vnetGateway.BgpSettings.PeerWeight = this.PeerWeight;
                }
                else if (this.PeerWeight < 0)
                {
                    throw new ArgumentException("PeerWeight must be a positive integer");
                }
            }

            if (this.IpConfigurationBgpPeeringAddresses != null)
            {
                if (vnetGateway.BgpSettings == null)
                {
                    vnetGateway.BgpSettings = new PSBgpSettings();
                }

                vnetGateway.BgpSettings.BgpPeeringAddresses = new List <PSIpConfigurationBgpPeeringAddress>();

                foreach (var address in this.IpConfigurationBgpPeeringAddresses)
                {
                    address.IpconfigurationId = FormatIdBgpPeeringAddresses(address.IpconfigurationId, this.ResourceGroupName, this.Name);
                    vnetGateway.BgpSettings.BgpPeeringAddresses.Add(address);
                }
            }
            else if (vnetGateway.BgpSettings != null)
            {
                vnetGateway.BgpSettings.BgpPeeringAddresses = null;
            }

            if (this.CustomRoute != null && this.CustomRoute.Any())
            {
                vnetGateway.CustomRoutes = new PSAddressSpace();
                vnetGateway.CustomRoutes.AddressPrefixes = this.CustomRoute?.ToList();
            }
            else
            {
                vnetGateway.CustomRoutes = null;
            }

            vnetGateway.VpnGatewayGeneration = MNM.VpnGatewayGeneration.None;
            if (this.VpnGatewayGeneration != null)
            {
                if (GatewayType.Equals(MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(), StringComparison.InvariantCultureIgnoreCase) &&
                    !this.VpnGatewayGeneration.Equals(MNM.VpnGatewayGeneration.None, StringComparison.OrdinalIgnoreCase))
                {
                    throw new ArgumentException("Virtual Network Express Route Gateway cannot have any generation other than None.");
                }

                vnetGateway.VpnGatewayGeneration = this.VpnGatewayGeneration;
            }

            if (this.NatRule != null && this.NatRule.Any())
            {
                vnetGateway.NatRules = this.NatRule?.ToList();
            }

            // Set the EnableBgpRouteTranslationForNat, if it is specified by customer.
            vnetGateway.EnableBgpRouteTranslationForNat = EnableBgpRouteTranslationForNat.IsPresent;

            // Map to the sdk object
            var vnetGatewayModel = NetworkResourceManagerProfile.Mapper.Map <MNM.VirtualNetworkGateway>(vnetGateway);

            vnetGatewayModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);

            // Execute the Create VirtualNetwork call
            this.VirtualNetworkGatewayClient.CreateOrUpdate(this.ResourceGroupName, this.Name, vnetGatewayModel);

            var getVirtualNetworkGateway = this.GetVirtualNetworkGateway(this.ResourceGroupName, this.Name);

            return(getVirtualNetworkGateway);
        }