/**
* It creates a new Azure virtual machine and it instantiate a Java Docker client.
* @param azure - instance of Azure
* @param rgName - name of the Azure resource group to be used when creating a virtual machine
* @param region - region to be used when creating a virtual machine
* @return an instance of DockerClient
*/
public static DockerClient FromNewDockerVM(IAzure azure, String rgName, Region region)
{
string dockerVMName = SdkContext.RandomResourceName("dockervm", 15);
string publicIPDnsLabel = SdkContext.RandomResourceName("pip", 10);
string vmUserName = "******";
string vmPassword = Utilities.CreatePassword();
// Could not find a Docker environment; presume that there is no local Docker engine running and
// attempt to configure a Docker engine running inside a new Azure virtual machine
Utilities.Log("Creating an Azure virtual machine running Docker");
IVirtualMachine dockerVM = azure.VirtualMachines.Define(dockerVMName)
.WithRegion(region)
.WithExistingResourceGroup(rgName)
.WithNewPrimaryNetwork("10.0.0.0/28")
.WithPrimaryPrivateIPAddressDynamic()
.WithNewPrimaryPublicIPAddress(publicIPDnsLabel)
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
.WithRootUsername(vmUserName)
.WithRootPassword(vmPassword)
.WithSize(VirtualMachineSizeTypes.Parse("Standard_D2a_v4"))
.Create();
Utilities.Log("Created Azure Virtual Machine: " + dockerVM.Id);
// Get the IP of the Docker host
INicIPConfiguration nicIPConfiguration = dockerVM.GetPrimaryNetworkInterface().PrimaryIPConfiguration;
IPublicIPAddress publicIp = nicIPConfiguration.GetPublicIPAddress();
string dockerHostIP = publicIp.IPAddress;
DockerClient dockerClient = InstallDocker(dockerHostIP, vmUserName, vmPassword);
return(dockerClient);
}
public async Task GetVmVn()
{
var allvms = await azure.VirtualMachines.ListAsync();
IVirtualMachine targetvm = allvms
.Where(vm => vm.Name == "Annvm")
.SingleOrDefault();
Console.WriteLine(targetvm?.Id);
INetworkInterface targetnic = targetvm.GetPrimaryNetworkInterface();
INicIPConfiguration targetipconfig = targetnic.PrimaryIPConfiguration;
IPublicIPAddress targetipaddress = targetipconfig.GetPublicIPAddress();
Console.WriteLine($"IP Address:\t{targetipaddress.IPAddress}");
Console.WriteLine("Press any key to exit.");
Console.ReadLine();
}
/// <summary>
/// Deletes virtual machine.
/// </summary>
/// <param name="name">Name of the virtual machine</param>
/// <param name="resourceGroup">Name of the resource group.</param>
/// <param name="deleteAll">true to remove all the resources associated with the virtual machine.</param>
/// <returns></returns>
public async Task Del(string name, string resourceGroup, bool deleteAll = false)
{
IVirtualMachine vmInstance = this.Get(name, resourceGroup);
string osDiskId = vmInstance.OSDiskId;
string priNetworkInterface = vmInstance.GetPrimaryNetworkInterface().Id;
string publicIPAddress = vmInstance.GetPrimaryPublicIPAddressId();
List <string> virtualNetworkNames = new List <string>();
var networkInterface = new NetworkInterfaces(this.credentials, this.subscriptionId);
INetworkInterface nwInterface = networkInterface.Get(priNetworkInterface);
var ipConfigs = nwInterface.IPConfigurations;
foreach (var k in ipConfigs.Keys)
{
virtualNetworkNames.Add(ipConfigs[k].GetNetwork().Name);
}
azure.VirtualMachines.DeleteById(this.getId(name, resourceGroup));
if (deleteAll)
{
Disks disks = new Disks(this.credentials, this.subscriptionId);
disks.Del(osDiskId);
var oNetworkInterface = new NetworkInterfaces(this.credentials, this.subscriptionId);
oNetworkInterface.Del(priNetworkInterface);
var oPublicIPAddress = new PublicIPAddresses(this.credentials, this.subscriptionId);
oPublicIPAddress.Del(publicIPAddress);
var virtualNetworks = new VirtualNetworks(this.credentials, this.subscriptionId);
foreach (var n in virtualNetworkNames)
{
await virtualNetworks.Del(n, resourceGroup);
}
}
}
public void CanCRUDLocks()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IAuthorizationManager authorizationManager = TestHelper.CreateAuthorizationManager();
IComputeManager computeManager = TestHelper.CreateComputeManager();
IResourceManager managerResources = computeManager.ResourceManager;
INetworkManager networkManager = TestHelper.CreateNetworkManager();
IStorageManager storageManager = TestHelper.CreateStorageManager();
// Prepare a VM
string password = SdkContext.RandomResourceName("P@s", 14);
string rgName = SdkContext.RandomResourceName("rg", 15);
string vmName = SdkContext.RandomResourceName("vm", 15);
string storageName = SdkContext.RandomResourceName("st", 15);
string diskName = SdkContext.RandomResourceName("dsk", 15);
string netName = SdkContext.RandomResourceName("net", 15);
Region region = Region.USEast;
IResourceGroup resourceGroup = null;
IManagementLock lockGroup = null,
lockVM = null,
lockStorage = null,
lockDiskRO = null,
lockDiskDel = null,
lockSubnet = null;
try
{
resourceGroup = managerResources.ResourceGroups.Define(rgName)
.WithRegion(region)
.Create();
Assert.NotNull(resourceGroup);
ICreatable <INetwork> netDefinition = networkManager.Networks.Define(netName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup)
.WithAddressSpace("10.0.0.0/28");
// Define a VM for testing VM locks
ICreatable <IVirtualMachine> vmDefinition = computeManager.VirtualMachines.Define(vmName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup)
.WithNewPrimaryNetwork(netDefinition)
.WithPrimaryPrivateIPAddressDynamic()
.WithoutPrimaryPublicIPAddress()
.WithPopularWindowsImage(KnownWindowsVirtualMachineImage.WindowsServer2012R2Datacenter)
.WithAdminUsername("tester")
.WithAdminPassword(password)
.WithSize(VirtualMachineSizeTypes.BasicA1);
// Define a managed disk for testing locks on that
ICreatable <IDisk> diskDefinition = computeManager.Disks.Define(diskName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup)
.WithData()
.WithSizeInGB(100);
// Define a storage account for testing locks on that
ICreatable <IStorageAccount> storageDefinition = storageManager.StorageAccounts.Define(storageName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup);
// Create resources in parallel to save time and money
Extensions.Synchronize(() => Task.WhenAll(
storageDefinition.CreateAsync(),
vmDefinition.CreateAsync(),
diskDefinition.CreateAsync()));
IVirtualMachine vm = (IVirtualMachine)vmDefinition;
IStorageAccount storage = (IStorageAccount)storageDefinition;
IDisk disk = (IDisk)diskDefinition;
INetwork network = vm.GetPrimaryNetworkInterface().PrimaryIPConfiguration.GetNetwork();
ISubnet subnet = network.Subnets.Values.FirstOrDefault();
// Lock subnet
ICreatable <IManagementLock> lockSubnetDef = authorizationManager.ManagementLocks.Define("subnetLock")
.WithLockedResource(subnet.Inner.Id)
.WithLevel(LockLevel.ReadOnly);
// Lock VM
ICreatable <IManagementLock> lockVMDef = authorizationManager.ManagementLocks.Define("vmlock")
.WithLockedResource(vm)
.WithLevel(LockLevel.ReadOnly)
.WithNotes("vm readonly lock");
// Lock resource group
ICreatable <IManagementLock> lockGroupDef = authorizationManager.ManagementLocks.Define("rglock")
.WithLockedResource(resourceGroup.Id)
.WithLevel(LockLevel.CanNotDelete);
// Lock storage
ICreatable <IManagementLock> lockStorageDef = authorizationManager.ManagementLocks.Define("stLock")
.WithLockedResource(storage)
.WithLevel(LockLevel.CanNotDelete);
// Create locks in parallel
ICreatedResources <IManagementLock> created = authorizationManager.ManagementLocks.Create(lockVMDef, lockGroupDef, lockStorageDef, lockSubnetDef);
lockVM = created.FirstOrDefault(o => o.Key.Equals(lockVMDef.Key));
lockStorage = created.FirstOrDefault(o => o.Key.Equals(lockStorageDef.Key));
lockGroup = created.FirstOrDefault(o => o.Key.Equals(lockGroupDef.Key));
lockSubnet = created.FirstOrDefault(o => o.Key.Equals(lockSubnetDef.Key));
// Lock disk synchronously
lockDiskRO = authorizationManager.ManagementLocks.Define("diskLockRO")
.WithLockedResource(disk)
.WithLevel(LockLevel.ReadOnly)
.Create();
lockDiskDel = authorizationManager.ManagementLocks.Define("diskLockDel")
.WithLockedResource(disk)
.WithLevel(LockLevel.CanNotDelete)
.Create();
// Verify VM lock
Assert.Equal(2, authorizationManager.ManagementLocks.ListForResource(vm.Id).Count());
Assert.NotNull(lockVM);
lockVM = authorizationManager.ManagementLocks.GetById(lockVM.Id);
Assert.NotNull(lockVM);
Assert.Equal(LockLevel.ReadOnly, lockVM.Level);
Assert.Equal(vm.Id, lockVM.LockedResourceId, true);
// Verify resource group lock
Assert.NotNull(lockGroup);
lockGroup = authorizationManager.ManagementLocks.GetByResourceGroup(resourceGroup.Name, "rglock");
Assert.NotNull(lockGroup);
Assert.Equal(LockLevel.CanNotDelete, lockGroup.Level);
Assert.Equal(resourceGroup.Id, lockGroup.LockedResourceId, true);
// Verify storage account lock
Assert.Equal(2, authorizationManager.ManagementLocks.ListForResource(storage.Id).Count());
Assert.NotNull(lockStorage);
lockStorage = authorizationManager.ManagementLocks.GetById(lockStorage.Id);
Assert.NotNull(lockStorage);
Assert.Equal(LockLevel.CanNotDelete, lockStorage.Level);
Assert.Equal(storage.Id, lockStorage.LockedResourceId, true);
// Verify disk lock
Assert.Equal(3, authorizationManager.ManagementLocks.ListForResource(disk.Id).Count());
Assert.NotNull(lockDiskRO);
lockDiskRO = authorizationManager.ManagementLocks.GetById(lockDiskRO.Id);
Assert.NotNull(lockDiskRO);
Assert.Equal(LockLevel.ReadOnly, lockDiskRO.Level);
Assert.Equal(disk.Id, lockDiskRO.LockedResourceId, true);
Assert.NotNull(lockDiskDel);
lockDiskDel = authorizationManager.ManagementLocks.GetById(lockDiskDel.Id);
Assert.NotNull(lockDiskDel);
Assert.Equal(LockLevel.CanNotDelete, lockDiskDel.Level);
Assert.Equal(disk.Id, lockDiskDel.LockedResourceId, true);
// Verify subnet lock
Assert.Equal(2, authorizationManager.ManagementLocks.ListForResource(network.Id).Count());
lockSubnet = authorizationManager.ManagementLocks.GetById(lockSubnet.Id);
Assert.NotNull(lockSubnet);
Assert.Equal(LockLevel.ReadOnly, lockSubnet.Level);
Assert.Equal(subnet.Inner.Id, lockSubnet.LockedResourceId, true);
// Verify lock collection
var locksSubscription = authorizationManager.ManagementLocks.List();
var locksGroup = authorizationManager.ManagementLocks.ListByResourceGroup(vm.ResourceGroupName);
Assert.NotNull(locksSubscription);
Assert.NotNull(locksGroup);
int locksAllCount = locksSubscription.Count();
Assert.True(6 <= locksAllCount);
int locksGroupCount = locksGroup.Count();
Assert.Equal(6, locksGroup.Count());
}
finally
{
try
{
if (resourceGroup != null)
{
if (lockGroup != null)
{
authorizationManager.ManagementLocks.DeleteById(lockGroup.Id);
}
if (lockVM != null)
{
authorizationManager.ManagementLocks.DeleteById(lockVM.Id);
}
if (lockDiskRO != null)
{
authorizationManager.ManagementLocks.DeleteById(lockDiskRO.Id);
}
if (lockDiskDel != null)
{
authorizationManager.ManagementLocks.DeleteById(lockDiskDel.Id);
}
if (lockStorage != null)
{
authorizationManager.ManagementLocks.DeleteById(lockStorage.Id);
}
if (lockSubnet != null)
{
authorizationManager.ManagementLocks.DeleteById(lockSubnet.Id);
}
managerResources.ResourceGroups.BeginDeleteByName(rgName);
}
}
catch { }
}
}
}
public void CanCreateWithNetworking()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
var GroupName = TestUtilities.GenerateName("rgfluentchash-");
var NsgName = TestUtilities.GenerateName("nsg");
var NetworkName = TestUtilities.GenerateName("net");
var VMName = TestUtilities.GenerateName("vm");
var computeManager = TestHelper.CreateComputeManager();
var resourceManager = TestHelper.CreateResourceManager();
var networkManager = TestHelper.CreateNetworkManager();
try
{
var nsg = networkManager.NetworkSecurityGroups.Define(NsgName)
.WithRegion(Location)
.WithNewResourceGroup(GroupName)
.DefineRule("rule1")
.AllowInbound()
.FromAnyAddress()
.FromPort(80)
.ToAnyAddress()
.ToPort(80)
.WithProtocol(SecurityRuleProtocol.Tcp)
.Attach()
.Create();
ICreatable <INetwork> networkDefinition = networkManager.Networks.Define(NetworkName)
.WithRegion(Location)
.WithExistingResourceGroup(GroupName)
.WithAddressSpace("10.0.0.0/28")
.DefineSubnet("subnet1")
.WithAddressPrefix("10.0.0.0/29")
.WithExistingNetworkSecurityGroup(nsg)
.Attach();
// Create
IVirtualMachine vm = computeManager.VirtualMachines.Define(VMName)
.WithRegion(Location)
.WithExistingResourceGroup(GroupName)
.WithNewPrimaryNetwork(networkDefinition)
.WithPrimaryPrivateIPAddressDynamic()
.WithoutPrimaryPublicIPAddress()
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
.WithRootUsername("Foo12")
.WithRootPassword("abc!@#F0orL")
.Create();
var primaryNic = vm.GetPrimaryNetworkInterface();
Assert.NotNull(primaryNic);
var primaryIpConfig = primaryNic.PrimaryIPConfiguration;
Assert.NotNull(primaryIpConfig);
// Fetch the NSG the way before v1.2
Assert.NotNull(primaryIpConfig.NetworkId);
var network = primaryIpConfig.GetNetwork();
Assert.NotNull(primaryIpConfig.SubnetName);
ISubnet subnet = null;
network.Subnets.TryGetValue(primaryIpConfig.SubnetName, out subnet);
Assert.NotNull(subnet);
nsg = subnet.GetNetworkSecurityGroup();
Assert.NotNull(nsg);
Assert.Equal(NsgName, nsg.Name);
Assert.Equal(1, nsg.SecurityRules.Count);
// Fetch the NSG the v1.2 way
nsg = primaryIpConfig.GetNetworkSecurityGroup();
Assert.Equal(NsgName, nsg.Name);
}
finally
{
try
{
resourceManager.ResourceGroups.BeginDeleteByName(GroupName);
}
catch { }
}
}
}
/**
* Azure sample for applying locks to resources
*
* Summary ...
*
* This sample shows examples of management locks usage on various resources.
*
* Details ...
*
* 1. Create a number of various resources to apply locks to...
* 2. Apply various locks to the resources
* 3. Retrieve and show lock information
* 4. Remove the locks and clean up
*/
public static void RunSample(IAzure azure)
{
string password = SdkContext.RandomResourceName("P@s", 14);
string rgName = SdkContext.RandomResourceName("rg", 15);
string vmName = SdkContext.RandomResourceName("vm", 15);
string storageName = SdkContext.RandomResourceName("st", 15);
string diskName = SdkContext.RandomResourceName("dsk", 15);
string netName = SdkContext.RandomResourceName("net", 15);
Region region = Region.USEast;
IResourceGroup resourceGroup = null;
IManagementLock lockGroup = null,
lockVM = null,
lockStorage = null,
lockDiskRO = null,
lockDiskDel = null,
lockSubnet = null;
try
{
//=============================================================
// Create a shared resource group for all the resources so they can all be deleted together
//
resourceGroup = azure.ResourceGroups.Define(rgName)
.WithRegion(region)
.Create();
Utilities.Log("Created a new resource group - " + resourceGroup.Id);
//============================================================
// Create various resources for demonstrating locks
//
// Define a network to apply a lock to
ICreatable <INetwork> netDefinition = azure.Networks.Define(netName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup)
.WithAddressSpace("10.0.0.0/28");
// Define a managed disk for testing locks on that
ICreatable <IDisk> diskDefinition = azure.Disks.Define(diskName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup)
.WithData()
.WithSizeInGB(100);
// Define a VM to apply a lock to
ICreatable <IVirtualMachine> vmDefinition = azure.VirtualMachines.Define(vmName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup)
.WithNewPrimaryNetwork(netDefinition)
.WithPrimaryPrivateIPAddressDynamic()
.WithoutPrimaryPublicIPAddress()
.WithPopularWindowsImage(KnownWindowsVirtualMachineImage.WindowsServer2012Datacenter)
.WithAdminUsername("tester")
.WithAdminPassword(password)
.WithNewDataDisk(diskDefinition, 1, CachingTypes.None)
.WithSize(VirtualMachineSizeTypes.Parse("Standard_D2a_v4"));
// Define a storage account to apply a lock to
ICreatable <IStorageAccount> storageDefinition = azure.StorageAccounts.Define(storageName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroup);
// Create resources in parallel to save time
Utilities.Log("Creating the needed resources...");
Task.WaitAll(
storageDefinition.CreateAsync(),
vmDefinition.CreateAsync());
Utilities.Log("Resources created.");
IVirtualMachine vm = (IVirtualMachine)vmDefinition;
IStorageAccount storage = (IStorageAccount)storageDefinition;
IDisk disk = (IDisk)diskDefinition;
INetwork network = vm.GetPrimaryNetworkInterface().PrimaryIPConfiguration.GetNetwork();
ISubnet subnet = network.Subnets.Values.FirstOrDefault();
//============================================================
// Create various locks for the created resources
//
// Locks can be created serially, and multiple can be applied to the same resource:
Utilities.Log("Creating locks sequentially...");
// Apply a ReadOnly lock to the disk
lockDiskRO = azure.ManagementLocks.Define("diskLockRO")
.WithLockedResource(disk)
.WithLevel(LockLevel.ReadOnly)
.Create();
// Apply a lock preventing the disk from being deleted
lockDiskDel = azure.ManagementLocks.Define("diskLockDel")
.WithLockedResource(disk)
.WithLevel(LockLevel.CanNotDelete)
.Create();
// Locks can also be created in parallel, for better overall performance:
Utilities.Log("Creating locks in parallel...");
// Define a subnet lock
ICreatable <IManagementLock> lockSubnetDef = azure.ManagementLocks.Define("subnetLock")
.WithLockedResource(subnet.Inner.Id)
.WithLevel(LockLevel.ReadOnly);
// Define a VM lock
ICreatable <IManagementLock> lockVMDef = azure.ManagementLocks.Define("vmlock")
.WithLockedResource(vm)
.WithLevel(LockLevel.ReadOnly)
.WithNotes("vm readonly lock");
// Define a resource group lock
ICreatable <IManagementLock> lockGroupDef = azure.ManagementLocks.Define("rglock")
.WithLockedResource(resourceGroup.Id)
.WithLevel(LockLevel.CanNotDelete);
// Define a storage lock
ICreatable <IManagementLock> lockStorageDef = azure.ManagementLocks.Define("stLock")
.WithLockedResource(storage)
.WithLevel(LockLevel.CanNotDelete);
var created = azure.ManagementLocks.Create(
lockVMDef,
lockGroupDef,
lockStorageDef,
lockSubnetDef);
lockVM = created.FirstOrDefault(o => o.Key.Equals(lockVMDef.Key, StringComparison.OrdinalIgnoreCase));
lockStorage = created.FirstOrDefault(o => o.Key.Equals(lockStorageDef.Key, StringComparison.OrdinalIgnoreCase));
lockGroup = created.FirstOrDefault(o => o.Key.Equals(lockGroupDef.Key, StringComparison.OrdinalIgnoreCase));
lockSubnet = created.FirstOrDefault(o => o.Key.Equals(lockSubnetDef.Key, StringComparison.OrdinalIgnoreCase));
Utilities.Log("Locks created.");
//============================================================
// Retrieve and show lock information
//
// Count and show locks (Note: locks returned for a resource include the locks for its resource group and child resources)
int lockCount = azure.ManagementLocks.ListForResource(vm.Id).Count();
Utilities.Log("Number of locks applied to the virtual machine: " + lockCount);
lockCount = azure.ManagementLocks.ListByResourceGroup(resourceGroup.Name).Count();
Utilities.Log("Number of locks applied to the resource group (includes locks on resources in the group): " + lockCount);
lockCount = azure.ManagementLocks.ListForResource(storage.Id).Count();
Utilities.Log("Number of locks applied to the storage account: " + lockCount);
lockCount = azure.ManagementLocks.ListForResource(disk.Id).Count();
Utilities.Log("Number of locks applied to the managed disk: " + lockCount);
lockCount = azure.ManagementLocks.ListForResource(network.Id).Count();
Utilities.Log("Number of locks applied to the network (including its subnets): " + lockCount);
// Locks can be retrieved using their ID
lockVM = azure.ManagementLocks.GetById(lockVM.Id);
lockGroup = azure.ManagementLocks.GetByResourceGroup(resourceGroup.Name, "rglock");
lockStorage = azure.ManagementLocks.GetById(lockStorage.Id);
lockDiskRO = azure.ManagementLocks.GetById(lockDiskRO.Id);
lockDiskDel = azure.ManagementLocks.GetById(lockDiskDel.Id);
lockSubnet = azure.ManagementLocks.GetById(lockSubnet.Id);
// Show the locks
Utilities.Print(lockGroup);
Utilities.Print(lockVM);
Utilities.Print(lockDiskDel);
Utilities.Print(lockDiskRO);
Utilities.Print(lockStorage);
Utilities.Print(lockSubnet);
// List all locks within a subscription
var locksSubscription = azure.ManagementLocks.List();
Utilities.Log("Total number of locks within this subscription: " + locksSubscription.Count());
}
finally
{
try
{
// Clean up (remember to unlock resources before deleting the resource group)
azure.ManagementLocks.DeleteByIds(
lockGroup.Id,
lockVM.Id,
lockDiskRO.Id,
lockDiskDel.Id,
lockStorage.Id,
lockSubnet.Id);
Utilities.Log("Starting the deletion of the resource group: " + rgName);
azure.ResourceGroups.BeginDeleteByName(rgName);
}
catch (NullReferenceException)
{
Utilities.Log("Did not create any resources in Azure. No clean up is necessary");
}
catch (Exception ex)
{
Utilities.Log(ex);
}
}
}
/**
* Azure Network sample for managing network watcher -
* - Create Network Watcher
* - Manage packet capture – track traffic to and from a virtual machine
* Create a VM
* Start a packet capture
* Stop a packet capture
* Get a packet capture
* Delete a packet capture
* - Verify IP flow – verify if traffic is allowed to or from a virtual machine
* Get the IP address of a NIC on a virtual machine
* Test IP flow on the NIC
* - Analyze next hop – get the next hop type and IP address for a virtual machine
* - Retrieve network topology for a resource group
* - Analyze Virtual Machine Security by examining effective network security rules applied to a VM
* Get security group view for the VM
* - Configure Network Security Group Flow Logs
* Get flow log settings
* Enable NSG flow log
* Disable NSG flow log
* - Delete network watcher
*/
public static void RunSample(IAzure azure)
{
string nwName = SdkContext.RandomResourceName("nw", 8);
string userName = "******";
string vnetName = SdkContext.RandomResourceName("vnet", 20);
string subnetName = "subnet1";
string nsgName = SdkContext.RandomResourceName("nsg", 20);
string dnsLabel = SdkContext.RandomResourceName("pipdns", 20);
string rgName = SdkContext.RandomResourceName("rg", 24);
string saName = SdkContext.RandomResourceName("sa", 24);
string vmName = SdkContext.RandomResourceName("vm", 24);
string packetCaptureName = SdkContext.RandomResourceName("pc", 8);
INetworkWatcher nw = null;
try
{
//============================================================
// Create network watcher
Utilities.Log("Creating network watcher...");
nw = azure.NetworkWatchers.Define(nwName)
.WithRegion(region)
.WithNewResourceGroup()
.Create();
Utilities.Log("Created network watcher");
// Print the network watcher
Utilities.Print(nw);
//============================================================
// Manage packet capture – track traffic to and from a virtual machine
// Create network security group, virtual network and VM; add packetCapture extension to enable packet capture
Utilities.Log("Creating network security group...");
INetworkSecurityGroup nsg = azure.NetworkSecurityGroups.Define(nsgName)
.WithRegion(region)
.WithNewResourceGroup(rgName)
.DefineRule("DenyInternetInComing")
.DenyInbound()
.FromAddress("INTERNET")
.FromAnyPort()
.ToAnyAddress()
.ToPort(443)
.WithAnyProtocol()
.Attach()
.Create();
Utilities.Log("Creating virtual network...");
ICreatable <INetwork> virtualNetwork = azure.Networks.Define(vnetName)
.WithRegion(region)
.WithExistingResourceGroup(rgName)
.WithAddressSpace("192.168.0.0/16")
.DefineSubnet(subnetName)
.WithAddressPrefix("192.168.2.0/24")
.WithExistingNetworkSecurityGroup(nsg)
.Attach();
Utilities.Log("Creating virtual machine...");
IVirtualMachine vm = azure.VirtualMachines.Define(vmName)
.WithRegion(region)
.WithExistingResourceGroup(rgName)
.WithNewPrimaryNetwork(virtualNetwork)
.WithPrimaryPrivateIPAddressDynamic()
.WithNewPrimaryPublicIPAddress(dnsLabel)
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer14_04_Lts)
.WithRootUsername(userName)
.WithRootPassword("Abcdef.123456")
.WithSize(VirtualMachineSizeTypes.Parse("Standard_D2a_v4"))
.DefineNewExtension("packetCapture")
.WithPublisher("Microsoft.Azure.NetworkWatcher")
.WithType("NetworkWatcherAgentLinux")
.WithVersion("1.4")
.WithMinorVersionAutoUpgrade()
.Attach()
.Create();
// Create storage account
Utilities.Log("Creating storage account...");
IStorageAccount storageAccount = azure.StorageAccounts.Define(saName)
.WithRegion(region)
.WithExistingResourceGroup(rgName)
.Create();
// Start a packet capture
Utilities.Log("Creating packet capture...");
IPacketCapture packetCapture = nw.PacketCaptures
.Define(packetCaptureName)
.WithTarget(vm.Id)
.WithStorageAccountId(storageAccount.Id)
.WithTimeLimitInSeconds(1500)
.DefinePacketCaptureFilter()
.WithProtocol(PcProtocol.TCP)
.Attach()
.Create();
Utilities.Log("Created packet capture");
Utilities.Print(packetCapture);
// Stop a packet capture
Utilities.Log("Stopping packet capture...");
packetCapture.Stop();
Utilities.Print(packetCapture);
// Get a packet capture
Utilities.Log("Getting packet capture...");
IPacketCapture packetCapture1 = nw.PacketCaptures.GetByName(packetCaptureName);
Utilities.Print(packetCapture1);
// Delete a packet capture
Utilities.Log("Deleting packet capture");
nw.PacketCaptures.DeleteByName(packetCapture.Name);
//============================================================
// Verify IP flow – verify if traffic is allowed to or from a virtual machine
// Get the IP address of a NIC on a virtual machine
String ipAddress = vm.GetPrimaryNetworkInterface().PrimaryPrivateIP;
// Test IP flow on the NIC
Utilities.Log("Verifying IP flow for vm id " + vm.Id + "...");
IVerificationIPFlow verificationIPFlow = nw.VerifyIPFlow()
.WithTargetResourceId(vm.Id)
.WithDirection(Direction.Outbound)
.WithProtocol(IpFlowProtocol.TCP)
.WithLocalIPAddress(ipAddress)
.WithRemoteIPAddress("8.8.8.8")
.WithLocalPort("443")
.WithRemotePort("443")
.Execute();
Utilities.Print(verificationIPFlow);
//============================================================
// Analyze next hop – get the next hop type and IP address for a virtual machine
Utilities.Log("Calculating next hop...");
INextHop nextHop = nw.NextHop().WithTargetResourceId(vm.Id)
.WithSourceIPAddress(ipAddress)
.WithDestinationIPAddress("8.8.8.8")
.Execute();
Utilities.Print(nextHop);
//============================================================
// Retrieve network topology for a resource group
Utilities.Log("Getting topology...");
ITopology topology = nw.Topology()
.WithTargetResourceGroup(rgName)
.Execute();
Utilities.Print(topology);
//============================================================
// Analyze Virtual Machine Security by examining effective network security rules applied to a VM
// Get security group view for the VM
Utilities.Log("Getting security group view for a vm");
ISecurityGroupView sgViewResult = nw.GetSecurityGroupView(vm.Id);
Utilities.Print(sgViewResult);
//============================================================
// Configure Network Security Group Flow Logs
// Get flow log settings
IFlowLogSettings flowLogSettings = nw.GetFlowLogSettings(nsg.Id);
Utilities.Print(flowLogSettings);
// Enable NSG flow log
flowLogSettings.Update()
.WithLogging()
.WithStorageAccount(storageAccount.Id)
.WithRetentionPolicyDays(5)
.WithRetentionPolicyEnabled()
.Apply();
Utilities.Print(flowLogSettings);
// Disable NSG flow log
flowLogSettings.Update()
.WithoutLogging()
.Apply();
Utilities.Print(flowLogSettings);
//============================================================
// Delete network watcher
Utilities.Log("Deleting network watcher");
azure.NetworkWatchers.DeleteById(nw.Id);
Utilities.Log("Deleted network watcher");
}
finally
{
try
{
Utilities.Log("Deleting Resource Group: " + rgName);
azure.ResourceGroups.BeginDeleteByName(rgName);
if (nw != null)
{
Utilities.Log("Deleting network watcher resource group: " + nw.ResourceGroupName);
azure.ResourceGroups.BeginDeleteByName(nw.ResourceGroupName);
}
}
catch (NullReferenceException)
{
Utilities.Log("Did not create any resources in Azure. No clean up is necessary");
}
catch (Exception ex)
{
Utilities.Log(ex);
}
}
}
/**
* Azure Network sample for enabling and updating network peering between two virtual networks
*
* Summary ...
*
* - This sample uses Azure Network Watcher's connectivity check to verify connectivity between
* two peered virtual networks.
*
* Details ...
*
* 1. Define two virtual networks network "A" and network "B" with one subnet each
*
* 2. Create two virtual machines, each within a separate network
* - The virtual machines currently must use a special extension to support Network Watcher
*
* 3. Peer the networks...
* - the peering will initially have default settings:
* - each network's IP address spaces will be accessible from the other network
* - no traffic forwarding will be enabled between the networks
* - no gateway transit between one network and the other will be enabled
*
* 4. Use Network Watcher to check connectivity between the virtual machines in different peering scenarios:
* - both virtual machines accessible to each other (bi-directional)
* - virtual machine A accessible to virtual machine B, but not the other way
*/
public static void RunSample(IAzure azure)
{
Region region = Region.USEast;
string resourceGroupName = SdkContext.RandomResourceName("rg", 15);
string vnetAName = SdkContext.RandomResourceName("net", 15);
string vnetBName = SdkContext.RandomResourceName("net", 15);
string[] vmNames = SdkContext.RandomResourceNames("vm", 15, 2);
string[] vmIPAddresses = new String[] {
/* within subnetA */ "10.0.0.8",
/* within subnetB */ "10.1.0.8"
};
string peeringABName = SdkContext.RandomResourceName("peer", 15);
string rootname = "tirekicker";
string password = SdkContext.RandomResourceName("pWd!", 15);
string networkWatcherName = SdkContext.RandomResourceName("netwch", 20);
try
{
//=============================================================
// Define two virtual networks to peer and put the virtual machines in, at specific IP addresses
List <ICreatable <INetwork> > networkDefinitions = new List <ICreatable <INetwork> >();
networkDefinitions.Add(azure.Networks.Define(vnetAName)
.WithRegion(region)
.WithNewResourceGroup(resourceGroupName)
.WithAddressSpace("10.0.0.0/27")
.WithSubnet("subnetA", "10.0.0.0/27"));
networkDefinitions.Add(azure.Networks.Define(vnetBName)
.WithRegion(region)
.WithNewResourceGroup(resourceGroupName)
.WithAddressSpace("10.1.0.0/27")
.WithSubnet("subnetB", "10.1.0.0/27"));
//=============================================================
// Define a couple of Windows VMs and place them in each of the networks
List <ICreatable <IVirtualMachine> > vmDefinitions = new List <ICreatable <IVirtualMachine> >();
for (int i = 0; i < networkDefinitions.Count; i++)
{
vmDefinitions.Add(azure.VirtualMachines.Define(vmNames[i])
.WithRegion(region)
.WithExistingResourceGroup(resourceGroupName)
.WithNewPrimaryNetwork(networkDefinitions[i])
.WithPrimaryPrivateIPAddressStatic(vmIPAddresses[i])
.WithoutPrimaryPublicIPAddress()
.WithPopularWindowsImage(KnownWindowsVirtualMachineImage.WindowsServer2012R2Datacenter)
.WithAdminUsername(rootname)
.WithAdminPassword(password)
// Extension currently needed for network watcher support
.DefineNewExtension("packetCapture")
.WithPublisher("Microsoft.Azure.NetworkWatcher")
.WithType("NetworkWatcherAgentWindows")
.WithVersion("1.4")
.Attach());
}
// Create the VMs in parallel for better performance
Utilities.Log("Creating virtual machines and virtual networks...");
var createdVMs = azure.VirtualMachines.Create(vmDefinitions);
IVirtualMachine vmA = createdVMs.FirstOrDefault(vm => vm.Key == vmDefinitions[0].Key);
IVirtualMachine vmB = createdVMs.FirstOrDefault(vm => vm.Key == vmDefinitions[1].Key);
Utilities.Log("Created the virtual machines and networks.");
//=============================================================
// Peer the two networks using default settings
INetwork networkA = vmA.GetPrimaryNetworkInterface().PrimaryIPConfiguration.GetNetwork();
INetwork networkB = vmB.GetPrimaryNetworkInterface().PrimaryIPConfiguration.GetNetwork();
Utilities.PrintVirtualNetwork(networkA);
Utilities.PrintVirtualNetwork(networkB);
Utilities.Log(
"Peering the networks using default settings...\n"
+ "- Network access enabled\n"
+ "- Traffic forwarding disabled\n"
+ "- Gateway use (transit) by the remote network disabled");
INetworkPeering peeringAB = networkA.Peerings.Define(peeringABName)
.WithRemoteNetwork(networkB)
.Create();
Utilities.PrintVirtualNetwork(networkA);
Utilities.PrintVirtualNetwork(networkB);
//=============================================================
// Check connectivity between the two VMs/networks using Network Watcher
INetworkWatcher networkWatcher = azure.NetworkWatchers.Define(networkWatcherName)
.WithRegion(region)
.WithExistingResourceGroup(resourceGroupName)
.Create();
// Verify bi-directional connectivity between the VMs on port 22 (SSH enabled by default on Linux VMs)
IExecutable <IConnectivityCheck> connectivityAtoB = networkWatcher.CheckConnectivity()
.ToDestinationAddress(vmIPAddresses[1])
.ToDestinationPort(22)
.FromSourceVirtualMachine(vmA);
Utilities.Log("Connectivity from A to B: " + connectivityAtoB.Execute().ConnectionStatus);
IExecutable <IConnectivityCheck> connectivityBtoA = networkWatcher.CheckConnectivity()
.ToDestinationAddress(vmIPAddresses[0])
.ToDestinationPort(22)
.FromSourceVirtualMachine(vmB);
Utilities.Log("Connectivity from B to A: " + connectivityBtoA.Execute().ConnectionStatus);
// Change the peering to allow access between A and B
Utilities.Log("Changing the peering to disable access between A and B...");
peeringAB.Update()
.WithoutAccessFromEitherNetwork()
.Apply();
Utilities.PrintVirtualNetwork(networkA);
Utilities.PrintVirtualNetwork(networkB);
// Verify connectivity no longer possible between A and B
Utilities.Log("Peering configuration changed.\nNow, A should be unreachable from B, and B should be unreachable from A...");
Utilities.Log("Connectivity from A to B: " + connectivityAtoB.Execute().ConnectionStatus);
Utilities.Log("Connectivity from B to A: " + connectivityBtoA.Execute().ConnectionStatus);
}
finally
{
try
{
Utilities.Log("Deleting Resource Group: " + resourceGroupName);
azure.ResourceGroups.BeginDeleteByName(resourceGroupName);
}
catch (NullReferenceException)
{
Utilities.Log("Did not create any resources in Azure. No clean up is necessary");
}
catch (Exception ex)
{
Utilities.Log(ex);
}
}
}
