/// <summary> /// Gets the configured and effective security group rules on the specified VM. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='networkWatcherName'> /// The name of the network watcher. /// </param> /// <param name='parameters'> /// Parameters that define the VM to check security groups for. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <SecurityGroupViewResult> BeginGetVMSecurityRulesAsync(this INetworkWatchersOperations operations, string resourceGroupName, string networkWatcherName, SecurityGroupViewParameters parameters, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.BeginGetVMSecurityRulesWithHttpMessagesAsync(resourceGroupName, networkWatcherName, parameters, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
public void ViewNsgRuleApiTest() { var handler1 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler2 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler3 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; using (MockContext context = MockContext.Start(this.GetType())) { var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1); var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2); var computeManagementClient = NetworkManagementTestUtilities.GetComputeManagementClientWithHandler(context, handler3); string location = "westcentralus"; string resourceGroupName = TestUtilities.GenerateName(); resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName, new ResourceGroup { Location = location }); string virtualMachineName = TestUtilities.GenerateName(); string networkInterfaceName = TestUtilities.GenerateName(); string networkSecurityGroupName = virtualMachineName + "-nsg"; //Deploy VM with template Deployments.CreateVm( resourcesClient: resourcesClient, resourceGroupName: resourceGroupName, location: location, virtualMachineName: virtualMachineName, storageAccountName: TestUtilities.GenerateName(), networkInterfaceName: networkInterfaceName, networkSecurityGroupName: networkSecurityGroupName, diagnosticsStorageAccountName: TestUtilities.GenerateName(), deploymentName: TestUtilities.GenerateName() ); string networkWatcherName = TestUtilities.GenerateName(); NetworkWatcher properties = new NetworkWatcher(); properties.Location = location; //Create network Watcher var createNetworkWatcher = networkManagementClient.NetworkWatchers.CreateOrUpdate(resourceGroupName, networkWatcherName, properties); var getVm = computeManagementClient.VirtualMachines.Get(resourceGroupName, virtualMachineName); string localIPAddress = networkManagementClient.NetworkInterfaces.Get(resourceGroupName, networkInterfaceName).IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = TestUtilities.GenerateName(); // Add a security rule var SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; var nsg = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName); nsg.SecurityRules.Add(SecurityRule); networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, nsg); SecurityGroupViewParameters sgvProperties = new SecurityGroupViewParameters() { TargetResourceId = getVm.Id }; //Get view security group rules var viewNSGRules = networkManagementClient.NetworkWatchers.GetVMSecurityRules(resourceGroupName, networkWatcherName, sgvProperties); //Verify effective security rule defined earlier var getEffectiveSecurityRule = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1); Assert.Equal("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol); Assert.Equal(501, getEffectiveSecurityRule.FirstOrDefault().Priority); Assert.Equal("Deny", getEffectiveSecurityRule.FirstOrDefault().Access); Assert.Equal("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction); Assert.Equal("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange); Assert.Equal("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix); Assert.Equal("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange); //Verify 6 default rules var getDefaultSecurityRule1 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound"); Assert.Equal("*", getDefaultSecurityRule1.FirstOrDefault().Protocol); Assert.Equal(65000, getDefaultSecurityRule1.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule1.FirstOrDefault().Access); Assert.Equal("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction); Assert.Equal("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange); Assert.Equal("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule2 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound"); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().Protocol); Assert.Equal(65001, getDefaultSecurityRule2.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule2.FirstOrDefault().Access); Assert.Equal("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange); Assert.Equal("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule3 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound"); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().Protocol); Assert.Equal(65500, getDefaultSecurityRule3.FirstOrDefault().Priority); Assert.Equal("Deny", getDefaultSecurityRule3.FirstOrDefault().Access); Assert.Equal("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule4 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound"); Assert.Equal("*", getDefaultSecurityRule4.FirstOrDefault().Protocol); Assert.Equal(65000, getDefaultSecurityRule4.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule4.FirstOrDefault().Access); Assert.Equal("Outbound", getDefaultSecurityRule4.FirstOrDefault().Direction); Assert.Equal("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule4.FirstOrDefault().DestinationPortRange); Assert.Equal("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule4.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule5 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound"); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().Protocol); Assert.Equal(65001, getDefaultSecurityRule5.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule5.FirstOrDefault().Access); Assert.Equal("Outbound", getDefaultSecurityRule5.FirstOrDefault().Direction); Assert.Equal("Internet", getDefaultSecurityRule5.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().DestinationPortRange); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule6 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound"); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().Protocol); Assert.Equal(65500, getDefaultSecurityRule6.FirstOrDefault().Priority); Assert.Equal("Deny", getDefaultSecurityRule6.FirstOrDefault().Access); Assert.Equal("Outbound", getDefaultSecurityRule6.FirstOrDefault().Direction); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().DestinationPortRange); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().SourcePortRange); } }
/// <summary> /// Gets the configured and effective security group rules on the specified VM. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='networkWatcherName'> /// The name of the network watcher. /// </param> /// <param name='parameters'> /// Parameters that define the VM to check security groups for. /// </param> public static SecurityGroupViewResult BeginGetVMSecurityRules(this INetworkWatchersOperations operations, string resourceGroupName, string networkWatcherName, SecurityGroupViewParameters parameters) { return(operations.BeginGetVMSecurityRulesAsync(resourceGroupName, networkWatcherName, parameters).GetAwaiter().GetResult()); }
public async Task ViewNsgRuleApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "westus2"; await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string virtualMachineName = Recording.GenerateAssetName("azsmnet"); string networkInterfaceName = Recording.GenerateAssetName("azsmnet"); string networkSecurityGroupName = virtualMachineName + "-nsg"; //Deploy VM with template await CreateVm( resourcesClient : ResourceManagementClient, resourceGroupName : resourceGroupName, location : location, virtualMachineName : virtualMachineName, storageAccountName : Recording.GenerateAssetName("azsmnet"), networkInterfaceName : networkInterfaceName, networkSecurityGroupName : networkSecurityGroupName, diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"), deploymentName : Recording.GenerateAssetName("azsmnet"), adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#") ); //TODO:There is no need to perform a separate create NetworkWatchers operation //Create network Watcher //string networkWatcherName = Recording.GenerateAssetName("azsmnet"); //NetworkWatcher properties = new NetworkWatcher { Location = location }; //Response<NetworkWatcher> createNetworkWatcher = await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties); Response <VirtualMachine> getVm = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName); string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = Recording.GenerateAssetName("azsmnet"); // Add a security rule SecurityRule SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); nsg.Value.SecurityRules.Add(SecurityRule); NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg); Response <NetworkSecurityGroup> networkSecurityGroup = await WaitForCompletionAsync(createOrUpdateOperation); //Get view security group rules SecurityGroupViewParameters sgvProperties = new SecurityGroupViewParameters(getVm.Value.Id); NetworkWatchersGetVMSecurityRulesOperation viewNSGRulesOperation = await NetworkManagementClient.NetworkWatchers.StartGetVMSecurityRulesAsync("NetworkWatcherRG", "NetworkWatcher_westus2", sgvProperties); Response <SecurityGroupViewResult> viewNSGRules = await WaitForCompletionAsync(viewNSGRulesOperation); //Verify effective security rule defined earlier IEnumerable <EffectiveNetworkSecurityRule> getEffectiveSecurityRule = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1); Assert.AreEqual("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol); Assert.AreEqual(501, getEffectiveSecurityRule.FirstOrDefault().Priority); Assert.AreEqual("Deny", getEffectiveSecurityRule.FirstOrDefault().Access); Assert.AreEqual("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange); //Verify 6 default rules IEnumerable <SecurityRule> getDefaultSecurityRule1 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound"); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRule1.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule1.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule2 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound"); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRule2.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule2.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange); Assert.AreEqual("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule3 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound"); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRule3.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRule3.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule4 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound"); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRule4.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule4.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule4.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule5 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound"); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRule5.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule5.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule5.FirstOrDefault().Direction); Assert.AreEqual("Internet", getDefaultSecurityRule5.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule6 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound"); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRule6.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRule6.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule6.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourcePortRange); }