static string CreateVmSettingsString(string size = VirtualMachineConstants.SIZE, string osCategory = "windows", string os = "win2019datacenter")
{
var vmSettings = new VmSettingsDto()
{
DiagnosticStorageAccountName = "diagstorageaccountname",
NetworkName = "networkName",
SubnetName = "subnetname",
Size = size,
Rules = VmRuleUtils.CreateInitialVmRules(1),
OperatingSystemCategory = osCategory,
OperatingSystem = os,
Username = VirtualMachineConstants.USERNAME,
Password = "******",
};
return(CloudResourceConfigStringSerializer.Serialize(vmSettings));
}
async Task UpdateVmRules(ResourceProvisioningParameters parameters, VmSettingsDto vmSettings, string privateIp, CancellationToken cancellationToken = default)
{
_logger.LogInformation($"Setting desired VM rules for {parameters.Name}");
var existingRules = await _azureNetworkSecurityGroupRuleService.GetNsgRulesContainingName(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, $"{AzureResourceNameUtil.NSG_RULE_FOR_VM_PREFIX}{parameters.DatabaseId}", cancellationToken);
var existingRulesThatStillExists = new HashSet <string>();
if (vmSettings.Rules == null)
{
throw new Exception($"No rules exists for VM {parameters.Name}");
}
else
{
foreach (var curRule in vmSettings.Rules)
{
try
{
var ruleMapped = _mapper.Map <NsgRuleDto>(curRule);
if (curRule.Direction == RuleDirection.Inbound)
{
ruleMapped.SourceAddress = curRule.Ip;
ruleMapped.SourcePort = curRule.Port;
ruleMapped.DestinationAddress = privateIp;
ruleMapped.DestinationPort = curRule.Port;
//get existing rule and use that name
if (existingRules.TryGetValue(curRule.Name, out NsgRuleDto existingRule))
{
existingRulesThatStillExists.Add(curRule.Name);
ruleMapped.Priority = existingRule.Priority;
await _azureNetworkSecurityGroupRuleService.UpdateInboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken);
}
else
{
ruleMapped.Priority = await FindNextPriority(parameters, existingRules, AzureVmConstants.MIN_RULE_PRIORITY, 10, AzureVmConstants.MAX_RULE_PRIORITY, curRule.Direction.ToString());
await _azureNetworkSecurityGroupRuleService.AddInboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken);
}
}
else
{
ruleMapped.SourceAddress = privateIp;
ruleMapped.SourcePort = curRule.Port;
if (ruleMapped.Name.Contains(AzureVmConstants.RulePresets.OPEN_CLOSE_INTERNET))
{
ruleMapped.DestinationAddress = "*";
ruleMapped.DestinationPort = 0;
}
else
{
ruleMapped.DestinationAddress = curRule.Ip;
ruleMapped.DestinationPort = curRule.Port;
}
if (existingRules.TryGetValue(curRule.Name, out NsgRuleDto existingRule))
{
existingRulesThatStillExists.Add(curRule.Name);
ruleMapped.Priority = existingRule.Priority; //Ensure same priority is re-used
await _azureNetworkSecurityGroupRuleService.UpdateOutboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken);
}
else
{
ruleMapped.Priority = await FindNextPriority(parameters, existingRules, AzureVmConstants.MIN_RULE_PRIORITY, 10, AzureVmConstants.MAX_RULE_PRIORITY, curRule.Direction.ToString());
await _azureNetworkSecurityGroupRuleService.AddOutboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken);
}
}
}
catch (Exception ex)
{
throw new Exception($"Unable to create rule {curRule.Name} for VM {parameters.Name}", ex);
}
}
}
if (existingRules != null && existingRules.Count > 0)
{
foreach (var curExistingKvp in existingRules)
{
if (!existingRulesThatStillExists.Contains(curExistingKvp.Key))
{
await _azureNetworkSecurityGroupRuleService.DeleteRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, curExistingKvp.Key, cancellationToken);
}
}
}
_logger.LogInformation($"Done setting desired VM rules for {parameters.Name}");
}
