async Task <List <string> > VerifyInternetClosed(Sandbox sandbox, CancellationToken cancellation = default) { var validationErrors = new List <string>(); _logger.LogInformation(_sandboxNextPhaseEventId, "Sandbox {0}: Verifying that internet is closed for all VMs ", sandbox.Id); var allVms = CloudResourceUtil.GetAllResourcesByType(sandbox.Resources, AzureResourceType.VirtualMachine, false); var networkSecurityGroup = CloudResourceUtil.GetResourceByType(sandbox.Resources, AzureResourceType.NetworkSecurityGroup, true); bool anyVmsFound = false; foreach (var curVm in allVms) { anyVmsFound = true; var vmInternetRule = await _virtualMachineRuleService.GetInternetRule(curVm.Id); //Check if internet is set to open in Sepes if (!_virtualMachineRuleService.IsRuleSetToDeny(vmInternetRule)) { validationErrors.Add($"Internet is set to open on VM {curVm.ResourceName}"); } else if (await _azureNetworkSecurityGroupRuleService.IsRuleSetTo(curVm.ResourceGroupName, networkSecurityGroup.ResourceName, vmInternetRule.Name, RuleAction.Allow, cancellation)) //Verify that internet is actually closed in Network Security Group in Azure { validationErrors.Add($"Internet is actually open on VM in Azure {curVm.ResourceName}"); } if (await _cloudResourceOperationReadService.HasUnstartedCreateOrUpdateOperation(curVm.Id)) //Other unfinished VM update { validationErrors.Add($"Unfinished operation exists for VM {curVm.ResourceName}"); } } if (!anyVmsFound) { validationErrors.Add($"Sandbox contains no Virtual Machines"); } return(validationErrors); }