public void CreateVMWithNetworkSecurityGroupOnNIC()
{
using (var undoContext = UndoContext.Current)
{
undoContext.Start();
using (NetworkTestBase _testFixture = new NetworkTestBase())
{
// setup
bool storageAccountCreated = false;
bool hostedServiceCreated = false;
string serviceName = _testFixture.GenerateRandomName();
string deploymentName = _testFixture.GenerateRandomName();
string roleName = _testFixture.GenerateRandomName();
string networkInterfaceName = _testFixture.GenerateRandomName();
string location = _testFixture.ManagementClient.GetDefaultLocation("Storage", "Compute", "PersistentVMRole");
string virtualNetworkName = "virtualNetworkSiteName";
string subnetName = "FrontEndSubnet5";
string storageAccountName = _testFixture.GenerateRandomName().ToLower();
// create Network Security Group
string securityGroupName = _testFixture.GenerateRandomNetworkSecurityGroupName();
string securityGroupLabel = _testFixture.GenerateRandomName();
string securityGroupLocation = "North Central US";
_testFixture.CreateNetworkSecurityGroup(securityGroupName, securityGroupLabel, securityGroupLocation);
_testFixture.CreateStorageAccount(location, storageAccountName, out storageAccountCreated);
_testFixture.SetSimpleVirtualNetwork();
_testFixture.CreateHostedService(location, serviceName, out hostedServiceCreated);
var multiNICVMDeployment = _testFixture.CreateMultiNICIaaSDeploymentParameters(
serviceName,
deploymentName,
roleName,
networkInterfaceName,
storageAccountName,
virtualNetworkName,
subnetName);
var configurationSets = multiNICVMDeployment.Roles.Single(
r => string.Equals(r.RoleName, roleName)).ConfigurationSets;
configurationSets
.Single(
cs => string.Equals(cs.ConfigurationSetType, ConfigurationSetTypes.NetworkConfiguration))
.NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName))
.NetworkSecurityGroup = securityGroupName;
try
{
// action 1: create Deployment with NSG
_testFixture.ComputeClient.VirtualMachines.CreateDeployment(
serviceName,
multiNICVMDeployment);
// assert 1
NetworkSecurityGroupGetAssociationResponse response =
_testFixture.NetworkClient.NetworkSecurityGroups.GetForNetworkInterface(
serviceName,
deploymentName,
roleName,
networkInterfaceName);
Assert.Equal(securityGroupName, response.Name);
var deployment = _testFixture.ComputeClient.Deployments.GetBySlot(serviceName,
DeploymentSlot.Production);
Assert.Equal(
securityGroupName,
deployment.Roles.Single(r => string.Equals(r.RoleName, roleName))
.ConfigurationSets.Single(
cs =>
string.Equals(cs.ConfigurationSetType,
ConfigurationSetTypes.NetworkConfiguration))
.NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName))
.NetworkSecurityGroup);
// action 2: update deployment without NSG
configurationSets
.Single(
cs => string.Equals(cs.ConfigurationSetType, ConfigurationSetTypes.NetworkConfiguration))
.NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName))
.NetworkSecurityGroup = null;
_testFixture.ComputeClient.VirtualMachines.Update(serviceName, deploymentName, roleName,
new VirtualMachineUpdateParameters()
{
RoleName = roleName,
ConfigurationSets = configurationSets,
OSVirtualHardDisk = _testFixture.GetOSVirtualHardDisk(storageAccountName, serviceName)
});
// assert 2
deployment = _testFixture.ComputeClient.Deployments.GetBySlot(serviceName,
DeploymentSlot.Production);
Assert.Null(
deployment.Roles.Single(r => string.Equals(r.RoleName, roleName))
.ConfigurationSets.Single(
cs =>
string.Equals(cs.ConfigurationSetType,
ConfigurationSetTypes.NetworkConfiguration))
.NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName))
.NetworkSecurityGroup);
}
finally
{
if (hostedServiceCreated)
{
_testFixture.ComputeClient.HostedServices.DeleteAll(serviceName);
}
}
}
}
}
public void AddAndRemoveNetworkSecurityGroupToRole()
{
using (var undoContext = UndoContext.Current)
{
undoContext.Start();
using (NetworkTestBase _testFixture = new NetworkTestBase())
{
// setup
bool storageAccountCreated = false;
bool hostedServiceCreated = false;
string serviceName = _testFixture.GenerateRandomName();
string deploymentName = _testFixture.GenerateRandomName();
string roleName = "WebRole1";
string location = _testFixture.ManagementClient.GetDefaultLocation("Storage", "Compute", "PersistentVMRole");
string storageAccountName = _testFixture.GenerateRandomName().ToLower();
// create Network Security Group
string securityGroupName = _testFixture.GenerateRandomNetworkSecurityGroupName();
string securityGroupLabel = _testFixture.GenerateRandomName();
string securityGroupLocation = "North Central US";
_testFixture.CreateNetworkSecurityGroup(securityGroupName, securityGroupLabel, securityGroupLocation);
_testFixture.CreateStorageAccount(location, storageAccountName, out storageAccountCreated);
_testFixture.SetSimpleVirtualNetwork();
_testFixture.CreateHostedService(location, serviceName, out hostedServiceCreated);
var deployment = _testFixture.CreatePaaSDeployment(
storageAccountName,
serviceName,
deploymentName,
NetworkTestConstants.OneWebOneWorkerPkgFilePath,
NetworkTestConstants.VnetOneWebOneWorkerCscfgFilePath,
startDeployment: true);
try
{
// action 1
var associationParams = new NetworkSecurityGroupAddAssociationParameters(securityGroupName);
_testFixture.NetworkClient.NetworkSecurityGroups.AddToRole(serviceName, deploymentName, roleName,
associationParams);
// assert 1
NetworkSecurityGroupGetAssociationResponse response =
_testFixture.NetworkClient.NetworkSecurityGroups.GetForRole(serviceName, deploymentName, roleName);
Assert.Equal(associationParams.Name, response.Name);
// action 2
_testFixture.NetworkClient.NetworkSecurityGroups.RemoveFromRole(
serviceName,
deploymentName,
roleName,
securityGroupName);
// assert 2
Assert.Throws <CloudException>(() =>
_testFixture.NetworkClient.NetworkSecurityGroups.GetForRole(serviceName, deploymentName, roleName));
}
finally
{
if (storageAccountCreated)
{
_testFixture.StorageClient.StorageAccounts.Delete(storageAccountName);
}
if (hostedServiceCreated)
{
_testFixture.ComputeClient.HostedServices.DeleteAll(serviceName);
}
}
}
}
}
public void AddAndRemoveNetworkSecurityGroupToNIC()
{
using (var undoContext = UndoContext.Current)
{
undoContext.Start();
using (NetworkTestBase _testFixture = new NetworkTestBase())
{
// setup
bool storageAccountCreated = false;
bool hostedServiceCreated = false;
string serviceName = _testFixture.GenerateRandomName();
string deploymentName = _testFixture.GenerateRandomName();
string roleName = _testFixture.GenerateRandomName();
string networkInterfaceName = _testFixture.GenerateRandomName();
string location = _testFixture.ManagementClient.GetDefaultLocation("Storage", "Compute", "PersistentVMRole");
string virtualNetworkName = "virtualNetworkSiteName";
string subnetName = "FrontEndSubnet5";
string storageAccountName = _testFixture.GenerateRandomName().ToLower();
// create Network Security Group
string securityGroupName = _testFixture.GenerateRandomNetworkSecurityGroupName();
string securityGroupLabel = _testFixture.GenerateRandomName();
string securityGroupLocation = "North Central US";
_testFixture.CreateNetworkSecurityGroup(securityGroupName, securityGroupLabel, securityGroupLocation);
_testFixture.CreateStorageAccount(location, storageAccountName, out storageAccountCreated);
_testFixture.SetSimpleVirtualNetwork();
_testFixture.CreateHostedService(location, serviceName, out hostedServiceCreated);
_testFixture.ComputeClient.VirtualMachines.CreateDeployment(
serviceName,
_testFixture.CreateMultiNICIaaSDeploymentParameters(
serviceName,
deploymentName,
roleName,
networkInterfaceName,
storageAccountName,
virtualNetworkName,
subnetName));
try
{
// action 1
var associationParams = new NetworkSecurityGroupAddAssociationParameters(securityGroupName);
_testFixture.NetworkClient.NetworkSecurityGroups.AddToNetworkInterface(
serviceName,
deploymentName,
roleName,
networkInterfaceName,
associationParams);
// assert 1
NetworkSecurityGroupGetAssociationResponse response =
_testFixture.NetworkClient.NetworkSecurityGroups.GetForNetworkInterface(
serviceName,
deploymentName,
roleName,
networkInterfaceName);
Assert.Equal(associationParams.Name, response.Name);
// action 2
_testFixture.NetworkClient.NetworkSecurityGroups.RemoveFromNetworkInterface(
serviceName,
deploymentName,
roleName,
networkInterfaceName,
securityGroupName);
// assert 2
Assert.Throws <CloudException>(() => _testFixture.NetworkClient.NetworkSecurityGroups.GetForNetworkInterface(
serviceName,
deploymentName,
roleName,
networkInterfaceName));
}
finally
{
if (hostedServiceCreated)
{
_testFixture.ComputeClient.HostedServices.DeleteAll(serviceName);
}
}
}
}
}
public override void ExecuteCmdlet()
{
NetworkSecurityGroupGetAssociationResponse assocResponse = null;
string warningAssociationNotFullyCrated = null;
if (string.Equals(this.ParameterSetName, GetNetworkSecurityGroupAssociationForSubnet))
{
assocResponse = Client.GetNetworkSecurityGroupForSubnet(VirtualNetworkName, SubnetName);
warningAssociationNotFullyCrated = string.Format(
Resources.NetworkSecurityGroupNotActiveInSubnet,
assocResponse.Name,
VirtualNetworkName,
SubnetName);
}
else
{
this.obtainedDeploymentName = Client.GetDeploymentName(this.VM, this.Slot, this.ServiceName);
if (string.Equals(this.ParameterSetName, GetNetworkSecurityGroupAssociationForIaaSRole))
{
this.RoleName = this.VM.Name;
}
if (string.IsNullOrEmpty(this.NetworkInterfaceName))
{
assocResponse = Client.GetNetworkSecurityGroupForRole(
this.ServiceName,
this.obtainedDeploymentName,
this.RoleName);
warningAssociationNotFullyCrated = string.Format(
Resources.NetworkSecurityGroupNotActiveInRole,
assocResponse.Name,
this.ServiceName,
this.obtainedDeploymentName,
this.RoleName);
}
else
{
assocResponse = Client.GetNetworkSecurityGroupForNetworkInterface(
this.ServiceName,
this.obtainedDeploymentName,
this.RoleName,
this.NetworkInterfaceName);
warningAssociationNotFullyCrated = string.Format(
Resources.NetworkSecurityGroupNotActiveInNIC,
assocResponse.Name,
this.ServiceName,
this.obtainedDeploymentName,
this.RoleName,
this.NetworkInterfaceName);
}
}
if (assocResponse.State != "Created")
{
WriteWarningWithTimestamp(warningAssociationNotFullyCrated);
}
INetworkSecurityGroup securityGroup = Client.GetNetworkSecurityGroup(assocResponse.Name, Detailed);
WriteObject(securityGroup);
}
