public async Task UsageTest()
{
string resourceGroupName = Recording.GenerateAssetName("csmrg");
string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups");
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
};
// Put Nsg
NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation);
Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString());
Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
// Query for usages
AsyncPageable <Usage> usagesResponseAP = NetworkManagementClient.Usages.ListAsync(getNsgResponse.Value.Location.Replace(" ", string.Empty));
List <Usage> usagesResponse = await usagesResponseAP.ToEnumerableAsync();
// Verify that the strings are populated
Assert.NotNull(usagesResponse);
Assert.True(usagesResponse.Any());
foreach (Usage usage in usagesResponse)
{
Assert.True(usage.Limit > 0);
Assert.NotNull(usage.Name);
Assert.True(!string.IsNullOrEmpty(usage.Name.LocalizedValue));
Assert.True(!string.IsNullOrEmpty(usage.Name.Value));
}
}
public async Task SecurityRuleWithRulesApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("csmrg");
string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups");
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
string securityRule1 = Recording.GenerateAssetName("azsmnet");
string securityRule2 = Recording.GenerateAssetName("azsmnet");
string destinationPortRange = "123-3500";
NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
SecurityRules =
{
new SecurityRule()
{
Name = securityRule1,
Access = SecurityRuleAccess.Allow,
Description = "Test security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Inbound,
Priority = 500,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "655"
}
}
};
// Put Nsg
NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation);
Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString());
// Get NSG
Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name);
// Get SecurityRule
Response <SecurityRule> getSecurityRuleResponse = await NetworkManagementClient.SecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, securityRule1);
Assert.AreEqual(securityRule1, getSecurityRuleResponse.Value.Name);
CompareSecurityRule(getNsgResponse.Value.SecurityRules[0], getSecurityRuleResponse);
// Add a new security rule
SecurityRule SecurityRule = new SecurityRule()
{
Name = securityRule2,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Udp,
SourceAddressPrefix = "*",
SourcePortRange = "656",
};
SecurityRulesCreateOrUpdateOperation putSecurityRuleResponseOperation = await NetworkManagementClient.SecurityRules.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, securityRule2, SecurityRule);
Response <SecurityRule> putSecurityRuleResponse = await WaitForCompletionAsync(putSecurityRuleResponseOperation);
Assert.AreEqual("Succeeded", putSecurityRuleResponse.Value.ProvisioningState.ToString());
// Get NSG
getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
// Get the SecurityRule2
Response <SecurityRule> getSecurityRule2Response = await NetworkManagementClient.SecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, securityRule2);
Assert.AreEqual(securityRule2, getSecurityRule2Response.Value.Name);
// Verify the security rule
Assert.AreEqual(SecurityRuleAccess.Deny, getSecurityRule2Response.Value.Access);
Assert.AreEqual("Test outbound security rule", getSecurityRule2Response.Value.Description);
Assert.AreEqual("*", getSecurityRule2Response.Value.DestinationAddressPrefix);
Assert.AreEqual(destinationPortRange, getSecurityRule2Response.Value.DestinationPortRange);
Assert.AreEqual(SecurityRuleDirection.Outbound, getSecurityRule2Response.Value.Direction);
Assert.AreEqual(501, getSecurityRule2Response.Value.Priority);
Assert.AreEqual(SecurityRuleProtocol.Udp, getSecurityRule2Response.Value.Protocol);
Assert.AreEqual("Succeeded", getSecurityRule2Response.Value.ProvisioningState.ToString());
Assert.AreEqual("*", getSecurityRule2Response.Value.SourceAddressPrefix);
Assert.AreEqual("656", getSecurityRule2Response.Value.SourcePortRange);
CompareSecurityRule(getNsgResponse.Value.SecurityRules[1], getSecurityRule2Response);
// List all SecurityRules
AsyncPageable <SecurityRule> getsecurityRulesAP = NetworkManagementClient.SecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName);
List <SecurityRule> getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync();
Assert.AreEqual(2, getsecurityRules.Count());
CompareSecurityRule(getNsgResponse.Value.SecurityRules[0], getsecurityRules.ElementAt(0));
CompareSecurityRule(getNsgResponse.Value.SecurityRules[1], getsecurityRules.ElementAt(1));
// Delete a SecurityRule
await NetworkManagementClient.SecurityRules.StartDeleteAsync(resourceGroupName, networkSecurityGroupName, securityRule2);
getsecurityRulesAP = NetworkManagementClient.SecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName);
getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync();
Has.One.EqualTo(getsecurityRules);
// Delete NSG
await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName);
// List NSG
AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName);
List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Assert.IsEmpty(listNsgResponse);
}
public async Task FlowLogApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("azsmnet");
string location = "eastus2euap";
//string workspaceLocation = "East US";
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
//Create network security group
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
var networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
};
// Put Nsg
NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
await WaitForCompletionAsync(putNsgResponseOperation);
// Get NSG
Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
string networkWatcherName = Recording.GenerateAssetName("azsmnet");
NetworkWatcher properties = new NetworkWatcher {
Location = location
};
//Create network Watcher
await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties);
//Create storage
string storageName = Recording.GenerateAssetName("azsmnet");
var storageParameters = new StorageAccountCreateParameters(new Sku(SkuName.StandardLRS), Kind.Storage, location);
Operation <StorageAccount> storageAccountOperation = await StorageManagementClient.StorageAccounts.StartCreateAsync(resourceGroupName, storageName, storageParameters);
Response <StorageAccount> storageAccount = await WaitForCompletionAsync(storageAccountOperation);
//create workspace
string workspaceName = Recording.GenerateAssetName("azsmnet");
//TODO:Need OperationalInsightsManagementClient SDK
//var workSpaceParameters = new Workspace()
//{
// Location = workspaceLocation
//};
//var workspace = operationalInsightsManagementClient.Workspaces.CreateOrUpdate(resourceGroupName, workspaceName, workSpaceParameters);
FlowLogInformation configParameters = new FlowLogInformation(getNsgResponse.Value.Id, storageAccount.Value.Id, true)
{
RetentionPolicy = new RetentionPolicyParameters
{
Days = 5,
Enabled = true
},
FlowAnalyticsConfiguration = new TrafficAnalyticsProperties()
{
NetworkWatcherFlowAnalyticsConfiguration = new TrafficAnalyticsConfigurationProperties()
{
Enabled = true,
//WorkspaceId = workspace.CustomerId,
//WorkspaceRegion = workspace.Location,
//WorkspaceResourceId = workspace.Id
}
}
};
//configure flowlog and TA
NetworkWatchersSetFlowLogConfigurationOperation configureFlowLog1Operation = await NetworkManagementClient.NetworkWatchers.StartSetFlowLogConfigurationAsync(resourceGroupName, networkWatcherName, configParameters);
await WaitForCompletionAsync(configureFlowLog1Operation);
FlowLogStatusParameters flowLogParameters = new FlowLogStatusParameters(getNsgResponse.Value.Id);
NetworkWatchersGetFlowLogStatusOperation queryFlowLogStatus1Operation = await NetworkManagementClient.NetworkWatchers.StartGetFlowLogStatusAsync(resourceGroupName, networkWatcherName, flowLogParameters);
Response <FlowLogInformation> queryFlowLogStatus1 = await WaitForCompletionAsync(queryFlowLogStatus1Operation);
//check both flowlog and TA config and enabled status
Assert.AreEqual(queryFlowLogStatus1.Value.TargetResourceId, configParameters.TargetResourceId);
Assert.True(queryFlowLogStatus1.Value.Enabled);
Assert.AreEqual(queryFlowLogStatus1.Value.StorageId, configParameters.StorageId);
Assert.AreEqual(queryFlowLogStatus1.Value.RetentionPolicy.Days, configParameters.RetentionPolicy.Days);
Assert.AreEqual(queryFlowLogStatus1.Value.RetentionPolicy.Enabled, configParameters.RetentionPolicy.Enabled);
Assert.True(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled);
Assert.AreEqual(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceId,
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceId);
Assert.AreEqual(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceRegion,
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceRegion);
Assert.AreEqual(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceResourceId,
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceResourceId);
//disable TA
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled = false;
NetworkWatchersSetFlowLogConfigurationOperation configureFlowLog2Operation = await NetworkManagementClient.NetworkWatchers.StartSetFlowLogConfigurationAsync(resourceGroupName, networkWatcherName, configParameters);
await WaitForCompletionAsync(configureFlowLog2Operation);
NetworkWatchersGetFlowLogStatusOperation queryFlowLogStatus2Operation = await NetworkManagementClient.NetworkWatchers.StartGetFlowLogStatusAsync(resourceGroupName, networkWatcherName, flowLogParameters);
Response <FlowLogInformation> queryFlowLogStatus2 = await WaitForCompletionAsync(queryFlowLogStatus2Operation);
//check TA disabled and ensure flowlog config is unchanged
Assert.AreEqual(queryFlowLogStatus2.Value.TargetResourceId, configParameters.TargetResourceId);
Assert.True(queryFlowLogStatus2.Value.Enabled);
Assert.AreEqual(queryFlowLogStatus2.Value.StorageId, configParameters.StorageId);
Assert.AreEqual(queryFlowLogStatus2.Value.RetentionPolicy.Days, configParameters.RetentionPolicy.Days);
Assert.AreEqual(queryFlowLogStatus2.Value.RetentionPolicy.Enabled, configParameters.RetentionPolicy.Enabled);
Assert.False(queryFlowLogStatus2.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled);
//disable flowlog (and TA)
configParameters.Enabled = false;
NetworkWatchersSetFlowLogConfigurationOperation configureFlowLog3Operation = await NetworkManagementClient.NetworkWatchers.StartSetFlowLogConfigurationAsync(resourceGroupName, networkWatcherName, configParameters);
await WaitForCompletionAsync(configureFlowLog3Operation);
NetworkWatchersGetFlowLogStatusOperation queryFlowLogStatus3Operation = await NetworkManagementClient.NetworkWatchers.StartGetFlowLogStatusAsync(resourceGroupName, networkWatcherName, flowLogParameters);
Response <FlowLogInformation> queryFlowLogStatus3 = await WaitForCompletionAsync(queryFlowLogStatus3Operation);
//check both flowlog and TA disabled
Assert.False(queryFlowLogStatus3.Value.Enabled);
Assert.False(queryFlowLogStatus3.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled);
}
public async Task NetworkSecurityGroupApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("csmrg");
string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups");
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
};
// Put Nsg
NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation);
Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString());
// Get NSG
Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name);
Assert.NotNull(getNsgResponse.Value.ResourceGuid);
Assert.AreEqual(6, getNsgResponse.Value.DefaultSecurityRules.Count);
Assert.AreEqual("AllowVnetInBound", getNsgResponse.Value.DefaultSecurityRules[0].Name);
Assert.AreEqual("AllowAzureLoadBalancerInBound", getNsgResponse.Value.DefaultSecurityRules[1].Name);
Assert.AreEqual("DenyAllInBound", getNsgResponse.Value.DefaultSecurityRules[2].Name);
Assert.AreEqual("AllowVnetOutBound", getNsgResponse.Value.DefaultSecurityRules[3].Name);
Assert.AreEqual("AllowInternetOutBound", getNsgResponse.Value.DefaultSecurityRules[4].Name);
Assert.AreEqual("DenyAllOutBound", getNsgResponse.Value.DefaultSecurityRules[5].Name);
// Verify a default security rule
Assert.AreEqual(SecurityRuleAccess.Allow, getNsgResponse.Value.DefaultSecurityRules[0].Access);
Assert.AreEqual("Allow inbound traffic from all VMs in VNET", getNsgResponse.Value.DefaultSecurityRules[0].Description);
Assert.AreEqual("VirtualNetwork", getNsgResponse.Value.DefaultSecurityRules[0].DestinationAddressPrefix);
Assert.AreEqual("*", getNsgResponse.Value.DefaultSecurityRules[0].DestinationPortRange);
Assert.AreEqual(SecurityRuleDirection.Inbound, getNsgResponse.Value.DefaultSecurityRules[0].Direction);
Assert.AreEqual(65000, getNsgResponse.Value.DefaultSecurityRules[0].Priority);
Assert.AreEqual(SecurityRuleProtocol.Asterisk, getNsgResponse.Value.DefaultSecurityRules[0].Protocol);
Assert.AreEqual("Succeeded", getNsgResponse.Value.DefaultSecurityRules[0].ProvisioningState.ToString());
Assert.AreEqual("VirtualNetwork", getNsgResponse.Value.DefaultSecurityRules[0].SourceAddressPrefix);
Assert.AreEqual("*", getNsgResponse.Value.DefaultSecurityRules[0].SourcePortRange);
// List NSG
AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName);
List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Assert.AreEqual(networkSecurityGroupName, listNsgResponse.First().Name);
Assert.AreEqual(6, listNsgResponse.First().DefaultSecurityRules.Count);
Assert.AreEqual("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name);
Assert.AreEqual("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name);
Assert.AreEqual("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name);
Assert.AreEqual("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name);
Assert.AreEqual("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name);
Assert.AreEqual("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name);
Assert.AreEqual(getNsgResponse.Value.Etag, listNsgResponse.First().Etag);
// List NSG in a subscription
AsyncPageable <NetworkSecurityGroup> listNsgSubsciptionResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAllAsync();
List <NetworkSecurityGroup> listNsgSubsciptionResponse = await listNsgSubsciptionResponseAP.ToEnumerableAsync();
Assert.IsNotEmpty(listNsgSubsciptionResponse);
// Delete NSG
await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName);
// List NSG
listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName);
listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Assert.IsEmpty(listNsgResponse);
}
public async Task NetworkSecurityGroupWithRulesApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("csmrg");
string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups");
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
string securityRule1 = Recording.GenerateAssetName("azsmnet");
string securityRule2 = Recording.GenerateAssetName("azsmnet");
string destinationPortRange = "123-3500";
NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
SecurityRules =
{
new SecurityRule()
{
Name = securityRule1,
Access = SecurityRuleAccess.Allow,
Description = "Test security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Inbound,
Priority = 500,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "655"
}
}
};
// Put Nsg
NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation);
Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString());
// Get NSG
Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name);
Assert.AreEqual(6, getNsgResponse.Value.DefaultSecurityRules.Count);
Assert.AreEqual("AllowVnetInBound", getNsgResponse.Value.DefaultSecurityRules[0].Name);
Assert.AreEqual("AllowAzureLoadBalancerInBound", getNsgResponse.Value.DefaultSecurityRules[1].Name);
Assert.AreEqual("DenyAllInBound", getNsgResponse.Value.DefaultSecurityRules[2].Name);
Assert.AreEqual("AllowVnetOutBound", getNsgResponse.Value.DefaultSecurityRules[3].Name);
Assert.AreEqual("AllowInternetOutBound", getNsgResponse.Value.DefaultSecurityRules[4].Name);
Assert.AreEqual("DenyAllOutBound", getNsgResponse.Value.DefaultSecurityRules[5].Name);
// Verify the security rule
Assert.AreEqual(SecurityRuleAccess.Allow, getNsgResponse.Value.SecurityRules[0].Access);
Assert.AreEqual("Test security rule", getNsgResponse.Value.SecurityRules[0].Description);
Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[0].DestinationAddressPrefix);
Assert.AreEqual(destinationPortRange, getNsgResponse.Value.SecurityRules[0].DestinationPortRange);
Assert.AreEqual(SecurityRuleDirection.Inbound, getNsgResponse.Value.SecurityRules[0].Direction);
Assert.AreEqual(500, getNsgResponse.Value.SecurityRules[0].Priority);
Assert.AreEqual(SecurityRuleProtocol.Tcp, getNsgResponse.Value.SecurityRules[0].Protocol);
Assert.AreEqual("Succeeded", getNsgResponse.Value.SecurityRules[0].ProvisioningState.ToString());
Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[0].SourceAddressPrefix);
Assert.AreEqual("655", getNsgResponse.Value.SecurityRules[0].SourcePortRange);
// List NSG
AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName);
List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Has.One.EqualTo(listNsgResponse);
Assert.AreEqual(networkSecurityGroupName, listNsgResponse.First().Name);
Assert.AreEqual(6, listNsgResponse.First().DefaultSecurityRules.Count);
Assert.AreEqual("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name);
Assert.AreEqual("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name);
Assert.AreEqual("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name);
Assert.AreEqual("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name);
Assert.AreEqual("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name);
Assert.AreEqual("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name);
Assert.AreEqual(getNsgResponse.Value.Etag, listNsgResponse.First().Etag);
// List NSG in a subscription
AsyncPageable <NetworkSecurityGroup> listNsgSubsciptionResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAllAsync();
List <NetworkSecurityGroup> listNsgSubsciptionResponse = await listNsgSubsciptionResponseAP.ToEnumerableAsync();
Assert.IsNotEmpty(listNsgSubsciptionResponse);
// Add a new security rule
var SecurityRule = new SecurityRule()
{
Name = securityRule2,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Udp,
SourceAddressPrefix = "*",
SourcePortRange = "656",
};
networkSecurityGroup.SecurityRules.Add(SecurityRule);
putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
await WaitForCompletionAsync(putNsgResponseOperation);
// Get NSG
getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
// Verify the security rule
Assert.AreEqual(SecurityRuleAccess.Deny, getNsgResponse.Value.SecurityRules[1].Access);
Assert.AreEqual("Test outbound security rule", getNsgResponse.Value.SecurityRules[1].Description);
Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[1].DestinationAddressPrefix);
Assert.AreEqual(destinationPortRange, getNsgResponse.Value.SecurityRules[1].DestinationPortRange);
Assert.AreEqual(SecurityRuleDirection.Outbound, getNsgResponse.Value.SecurityRules[1].Direction);
Assert.AreEqual(501, getNsgResponse.Value.SecurityRules[1].Priority);
Assert.AreEqual(SecurityRuleProtocol.Udp, getNsgResponse.Value.SecurityRules[1].Protocol);
Assert.AreEqual("Succeeded", getNsgResponse.Value.SecurityRules[1].ProvisioningState.ToString());
Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[1].SourceAddressPrefix);
Assert.AreEqual("656", getNsgResponse.Value.SecurityRules[1].SourcePortRange);
// List Default Security Groups
AsyncPageable <SecurityRule> listDefaultSecurityGroupsAP = NetworkManagementClient.DefaultSecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName);
List <SecurityRule> listDefaultSecurityGroups = await listDefaultSecurityGroupsAP.ToEnumerableAsync();
Assert.IsNotEmpty(listDefaultSecurityGroups);
// Get Defaul Security Group
Response <SecurityRule> getDefaultSecurityGroups = await NetworkManagementClient.DefaultSecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, listDefaultSecurityGroups.First().Name);
Assert.AreEqual(listDefaultSecurityGroups.First().Name, getDefaultSecurityGroups.Value.Name);
// Delete NSG
await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName);
// List NSG
listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName);
listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Assert.IsEmpty(listNsgResponse);
}
public async Task ViewNsgRuleApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("azsmnet");
string location = "westus2";
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string virtualMachineName = Recording.GenerateAssetName("azsmnet");
string networkInterfaceName = Recording.GenerateAssetName("azsmnet");
string networkSecurityGroupName = virtualMachineName + "-nsg";
//Deploy VM with template
await CreateVm(
resourcesClient : ResourceManagementClient,
resourceGroupName : resourceGroupName,
location : location,
virtualMachineName : virtualMachineName,
storageAccountName : Recording.GenerateAssetName("azsmnet"),
networkInterfaceName : networkInterfaceName,
networkSecurityGroupName : networkSecurityGroupName,
diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"),
deploymentName : Recording.GenerateAssetName("azsmnet"),
adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#")
);
//TODO:There is no need to perform a separate create NetworkWatchers operation
//Create network Watcher
//string networkWatcherName = Recording.GenerateAssetName("azsmnet");
//NetworkWatcher properties = new NetworkWatcher { Location = location };
//Response<NetworkWatcher> createNetworkWatcher = await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties);
Response <VirtualMachine> getVm = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName);
string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress;
string securityRule1 = Recording.GenerateAssetName("azsmnet");
// Add a security rule
SecurityRule SecurityRule = new SecurityRule()
{
Name = securityRule1,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "*",
};
Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
nsg.Value.SecurityRules.Add(SecurityRule);
NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg);
Response <NetworkSecurityGroup> networkSecurityGroup = await WaitForCompletionAsync(createOrUpdateOperation);
//Get view security group rules
SecurityGroupViewParameters sgvProperties = new SecurityGroupViewParameters(getVm.Value.Id);
NetworkWatchersGetVMSecurityRulesOperation viewNSGRulesOperation = await NetworkManagementClient.NetworkWatchers.StartGetVMSecurityRulesAsync("NetworkWatcherRG", "NetworkWatcher_westus2", sgvProperties);
Response <SecurityGroupViewResult> viewNSGRules = await WaitForCompletionAsync(viewNSGRulesOperation);
//Verify effective security rule defined earlier
IEnumerable <EffectiveNetworkSecurityRule> getEffectiveSecurityRule = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1);
Assert.AreEqual("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol);
Assert.AreEqual(501, getEffectiveSecurityRule.FirstOrDefault().Priority);
Assert.AreEqual("Deny", getEffectiveSecurityRule.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction);
Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange);
//Verify 6 default rules
IEnumerable <SecurityRule> getDefaultSecurityRule1 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound");
Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().Protocol);
Assert.AreEqual(65000, getDefaultSecurityRule1.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRule1.FirstOrDefault().Access);
Assert.AreEqual("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRule> getDefaultSecurityRule2 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound");
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().Protocol);
Assert.AreEqual(65001, getDefaultSecurityRule2.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRule2.FirstOrDefault().Access);
Assert.AreEqual("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction);
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRule> getDefaultSecurityRule3 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound");
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().Protocol);
Assert.AreEqual(65500, getDefaultSecurityRule3.FirstOrDefault().Priority);
Assert.AreEqual("Deny", getDefaultSecurityRule3.FirstOrDefault().Access);
Assert.AreEqual("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRule> getDefaultSecurityRule4 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound");
Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().Protocol);
Assert.AreEqual(65000, getDefaultSecurityRule4.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRule4.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getDefaultSecurityRule4.FirstOrDefault().Direction);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRule> getDefaultSecurityRule5 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound");
Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().Protocol);
Assert.AreEqual(65001, getDefaultSecurityRule5.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRule5.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getDefaultSecurityRule5.FirstOrDefault().Direction);
Assert.AreEqual("Internet", getDefaultSecurityRule5.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRule> getDefaultSecurityRule6 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound");
Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().Protocol);
Assert.AreEqual(65500, getDefaultSecurityRule6.FirstOrDefault().Priority);
Assert.AreEqual("Deny", getDefaultSecurityRule6.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getDefaultSecurityRule6.FirstOrDefault().Direction);
Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourcePortRange);
}
public async Task VerifyIpFlowApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("azsmnet");
string location = "westus2";
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string virtualMachineName1 = Recording.GenerateAssetName("azsmnet");
string networkInterfaceName1 = Recording.GenerateAssetName("azsmnet");
string networkSecurityGroupName = virtualMachineName1 + "-nsg";
//Deploy VM with a template
await CreateVm(
resourcesClient : ResourceManagementClient,
resourceGroupName : resourceGroupName,
location : location,
virtualMachineName : virtualMachineName1,
storageAccountName : Recording.GenerateAssetName("azsmnet"),
networkInterfaceName : networkInterfaceName1,
networkSecurityGroupName : networkSecurityGroupName,
diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"),
deploymentName : Recording.GenerateAssetName("azsmnet"),
adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#")
);
//TODO:There is no need to perform a separate create NetworkWatchers operation
//Create network Watcher
//string networkWatcherName = Recording.GenerateAssetName("azsmnet");
//NetworkWatcher properties = new NetworkWatcher { Location = location };
//await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties);
Response <VirtualMachine> getVm1 = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName1);
string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName1).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress;
string securityRule1 = Recording.GenerateAssetName("azsmnet");
// Add a security rule
SecurityRule SecurityRule = new SecurityRule()
{
Name = securityRule1,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "*",
};
Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
nsg.Value.SecurityRules.Add(SecurityRule);
NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg);
await WaitForCompletionAsync(createOrUpdateOperation);
VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters(getVm1.Value.Id, "Outbound", "TCP", "80", "80", localIPAddress, "12.11.12.14");
//Verify IP flow from a VM to a location given the configured rule
NetworkWatchersVerifyIPFlowOperation verifyIpFlowOperation = await NetworkManagementClient.NetworkWatchers.StartVerifyIPFlowAsync("NetworkWatcherRG", "NetworkWatcher_westus2", ipFlowProperties);
Response <VerificationIPFlowResult> verifyIpFlow = await WaitForCompletionAsync(verifyIpFlowOperation);
//Verify validity of the result
Assert.AreEqual("Deny", verifyIpFlow.Value.Access.ToString());
Assert.AreEqual("securityRules/" + securityRule1, verifyIpFlow.Value.RuleName);
}
