public async Task UsageTest() { string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups"); await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup() { Location = location, }; // Put Nsg NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation); Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString()); Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); // Query for usages AsyncPageable <Usage> usagesResponseAP = NetworkManagementClient.Usages.ListAsync(getNsgResponse.Value.Location.Replace(" ", string.Empty)); List <Usage> usagesResponse = await usagesResponseAP.ToEnumerableAsync(); // Verify that the strings are populated Assert.NotNull(usagesResponse); Assert.True(usagesResponse.Any()); foreach (Usage usage in usagesResponse) { Assert.True(usage.Limit > 0); Assert.NotNull(usage.Name); Assert.True(!string.IsNullOrEmpty(usage.Name.LocalizedValue)); Assert.True(!string.IsNullOrEmpty(usage.Name.Value)); } }
public async Task SecurityRuleWithRulesApiTest() { string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups"); await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); string securityRule1 = Recording.GenerateAssetName("azsmnet"); string securityRule2 = Recording.GenerateAssetName("azsmnet"); string destinationPortRange = "123-3500"; NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup() { Location = location, SecurityRules = { new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation); Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString()); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name); // Get SecurityRule Response <SecurityRule> getSecurityRuleResponse = await NetworkManagementClient.SecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, securityRule1); Assert.AreEqual(securityRule1, getSecurityRuleResponse.Value.Name); CompareSecurityRule(getNsgResponse.Value.SecurityRules[0], getSecurityRuleResponse); // Add a new security rule SecurityRule SecurityRule = new SecurityRule() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; SecurityRulesCreateOrUpdateOperation putSecurityRuleResponseOperation = await NetworkManagementClient.SecurityRules.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, securityRule2, SecurityRule); Response <SecurityRule> putSecurityRuleResponse = await WaitForCompletionAsync(putSecurityRuleResponseOperation); Assert.AreEqual("Succeeded", putSecurityRuleResponse.Value.ProvisioningState.ToString()); // Get NSG getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); // Get the SecurityRule2 Response <SecurityRule> getSecurityRule2Response = await NetworkManagementClient.SecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, securityRule2); Assert.AreEqual(securityRule2, getSecurityRule2Response.Value.Name); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Deny, getSecurityRule2Response.Value.Access); Assert.AreEqual("Test outbound security rule", getSecurityRule2Response.Value.Description); Assert.AreEqual("*", getSecurityRule2Response.Value.DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getSecurityRule2Response.Value.DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Outbound, getSecurityRule2Response.Value.Direction); Assert.AreEqual(501, getSecurityRule2Response.Value.Priority); Assert.AreEqual(SecurityRuleProtocol.Udp, getSecurityRule2Response.Value.Protocol); Assert.AreEqual("Succeeded", getSecurityRule2Response.Value.ProvisioningState.ToString()); Assert.AreEqual("*", getSecurityRule2Response.Value.SourceAddressPrefix); Assert.AreEqual("656", getSecurityRule2Response.Value.SourcePortRange); CompareSecurityRule(getNsgResponse.Value.SecurityRules[1], getSecurityRule2Response); // List all SecurityRules AsyncPageable <SecurityRule> getsecurityRulesAP = NetworkManagementClient.SecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName); List <SecurityRule> getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync(); Assert.AreEqual(2, getsecurityRules.Count()); CompareSecurityRule(getNsgResponse.Value.SecurityRules[0], getsecurityRules.ElementAt(0)); CompareSecurityRule(getNsgResponse.Value.SecurityRules[1], getsecurityRules.ElementAt(1)); // Delete a SecurityRule await NetworkManagementClient.SecurityRules.StartDeleteAsync(resourceGroupName, networkSecurityGroupName, securityRule2); getsecurityRulesAP = NetworkManagementClient.SecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName); getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync(); Has.One.EqualTo(getsecurityRules); // Delete NSG await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName); // List NSG AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.IsEmpty(listNsgResponse); }
public async Task FlowLogApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "eastus2euap"; //string workspaceLocation = "East US"; await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); //Create network security group string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); var networkSecurityGroup = new NetworkSecurityGroup() { Location = location, }; // Put Nsg NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); await WaitForCompletionAsync(putNsgResponseOperation); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); string networkWatcherName = Recording.GenerateAssetName("azsmnet"); NetworkWatcher properties = new NetworkWatcher { Location = location }; //Create network Watcher await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties); //Create storage string storageName = Recording.GenerateAssetName("azsmnet"); var storageParameters = new StorageAccountCreateParameters(new Sku(SkuName.StandardLRS), Kind.Storage, location); Operation <StorageAccount> storageAccountOperation = await StorageManagementClient.StorageAccounts.StartCreateAsync(resourceGroupName, storageName, storageParameters); Response <StorageAccount> storageAccount = await WaitForCompletionAsync(storageAccountOperation); //create workspace string workspaceName = Recording.GenerateAssetName("azsmnet"); //TODO:Need OperationalInsightsManagementClient SDK //var workSpaceParameters = new Workspace() //{ // Location = workspaceLocation //}; //var workspace = operationalInsightsManagementClient.Workspaces.CreateOrUpdate(resourceGroupName, workspaceName, workSpaceParameters); FlowLogInformation configParameters = new FlowLogInformation(getNsgResponse.Value.Id, storageAccount.Value.Id, true) { RetentionPolicy = new RetentionPolicyParameters { Days = 5, Enabled = true }, FlowAnalyticsConfiguration = new TrafficAnalyticsProperties() { NetworkWatcherFlowAnalyticsConfiguration = new TrafficAnalyticsConfigurationProperties() { Enabled = true, //WorkspaceId = workspace.CustomerId, //WorkspaceRegion = workspace.Location, //WorkspaceResourceId = workspace.Id } } }; //configure flowlog and TA NetworkWatchersSetFlowLogConfigurationOperation configureFlowLog1Operation = await NetworkManagementClient.NetworkWatchers.StartSetFlowLogConfigurationAsync(resourceGroupName, networkWatcherName, configParameters); await WaitForCompletionAsync(configureFlowLog1Operation); FlowLogStatusParameters flowLogParameters = new FlowLogStatusParameters(getNsgResponse.Value.Id); NetworkWatchersGetFlowLogStatusOperation queryFlowLogStatus1Operation = await NetworkManagementClient.NetworkWatchers.StartGetFlowLogStatusAsync(resourceGroupName, networkWatcherName, flowLogParameters); Response <FlowLogInformation> queryFlowLogStatus1 = await WaitForCompletionAsync(queryFlowLogStatus1Operation); //check both flowlog and TA config and enabled status Assert.AreEqual(queryFlowLogStatus1.Value.TargetResourceId, configParameters.TargetResourceId); Assert.True(queryFlowLogStatus1.Value.Enabled); Assert.AreEqual(queryFlowLogStatus1.Value.StorageId, configParameters.StorageId); Assert.AreEqual(queryFlowLogStatus1.Value.RetentionPolicy.Days, configParameters.RetentionPolicy.Days); Assert.AreEqual(queryFlowLogStatus1.Value.RetentionPolicy.Enabled, configParameters.RetentionPolicy.Enabled); Assert.True(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled); Assert.AreEqual(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceId, configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceId); Assert.AreEqual(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceRegion, configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceRegion); Assert.AreEqual(queryFlowLogStatus1.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceResourceId, configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceResourceId); //disable TA configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled = false; NetworkWatchersSetFlowLogConfigurationOperation configureFlowLog2Operation = await NetworkManagementClient.NetworkWatchers.StartSetFlowLogConfigurationAsync(resourceGroupName, networkWatcherName, configParameters); await WaitForCompletionAsync(configureFlowLog2Operation); NetworkWatchersGetFlowLogStatusOperation queryFlowLogStatus2Operation = await NetworkManagementClient.NetworkWatchers.StartGetFlowLogStatusAsync(resourceGroupName, networkWatcherName, flowLogParameters); Response <FlowLogInformation> queryFlowLogStatus2 = await WaitForCompletionAsync(queryFlowLogStatus2Operation); //check TA disabled and ensure flowlog config is unchanged Assert.AreEqual(queryFlowLogStatus2.Value.TargetResourceId, configParameters.TargetResourceId); Assert.True(queryFlowLogStatus2.Value.Enabled); Assert.AreEqual(queryFlowLogStatus2.Value.StorageId, configParameters.StorageId); Assert.AreEqual(queryFlowLogStatus2.Value.RetentionPolicy.Days, configParameters.RetentionPolicy.Days); Assert.AreEqual(queryFlowLogStatus2.Value.RetentionPolicy.Enabled, configParameters.RetentionPolicy.Enabled); Assert.False(queryFlowLogStatus2.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled); //disable flowlog (and TA) configParameters.Enabled = false; NetworkWatchersSetFlowLogConfigurationOperation configureFlowLog3Operation = await NetworkManagementClient.NetworkWatchers.StartSetFlowLogConfigurationAsync(resourceGroupName, networkWatcherName, configParameters); await WaitForCompletionAsync(configureFlowLog3Operation); NetworkWatchersGetFlowLogStatusOperation queryFlowLogStatus3Operation = await NetworkManagementClient.NetworkWatchers.StartGetFlowLogStatusAsync(resourceGroupName, networkWatcherName, flowLogParameters); Response <FlowLogInformation> queryFlowLogStatus3 = await WaitForCompletionAsync(queryFlowLogStatus3Operation); //check both flowlog and TA disabled Assert.False(queryFlowLogStatus3.Value.Enabled); Assert.False(queryFlowLogStatus3.Value.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled); }
public async Task NetworkSecurityGroupApiTest() { string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups"); await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup() { Location = location, }; // Put Nsg NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation); Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString()); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name); Assert.NotNull(getNsgResponse.Value.ResourceGuid); Assert.AreEqual(6, getNsgResponse.Value.DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", getNsgResponse.Value.DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", getNsgResponse.Value.DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", getNsgResponse.Value.DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", getNsgResponse.Value.DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", getNsgResponse.Value.DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", getNsgResponse.Value.DefaultSecurityRules[5].Name); // Verify a default security rule Assert.AreEqual(SecurityRuleAccess.Allow, getNsgResponse.Value.DefaultSecurityRules[0].Access); Assert.AreEqual("Allow inbound traffic from all VMs in VNET", getNsgResponse.Value.DefaultSecurityRules[0].Description); Assert.AreEqual("VirtualNetwork", getNsgResponse.Value.DefaultSecurityRules[0].DestinationAddressPrefix); Assert.AreEqual("*", getNsgResponse.Value.DefaultSecurityRules[0].DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Inbound, getNsgResponse.Value.DefaultSecurityRules[0].Direction); Assert.AreEqual(65000, getNsgResponse.Value.DefaultSecurityRules[0].Priority); Assert.AreEqual(SecurityRuleProtocol.Asterisk, getNsgResponse.Value.DefaultSecurityRules[0].Protocol); Assert.AreEqual("Succeeded", getNsgResponse.Value.DefaultSecurityRules[0].ProvisioningState.ToString()); Assert.AreEqual("VirtualNetwork", getNsgResponse.Value.DefaultSecurityRules[0].SourceAddressPrefix); Assert.AreEqual("*", getNsgResponse.Value.DefaultSecurityRules[0].SourcePortRange); // List NSG AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.AreEqual(networkSecurityGroupName, listNsgResponse.First().Name); Assert.AreEqual(6, listNsgResponse.First().DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name); Assert.AreEqual(getNsgResponse.Value.Etag, listNsgResponse.First().Etag); // List NSG in a subscription AsyncPageable <NetworkSecurityGroup> listNsgSubsciptionResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAllAsync(); List <NetworkSecurityGroup> listNsgSubsciptionResponse = await listNsgSubsciptionResponseAP.ToEnumerableAsync(); Assert.IsNotEmpty(listNsgSubsciptionResponse); // Delete NSG await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName); // List NSG listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.IsEmpty(listNsgResponse); }
public async Task NetworkSecurityGroupWithRulesApiTest() { string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups"); await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); string securityRule1 = Recording.GenerateAssetName("azsmnet"); string securityRule2 = Recording.GenerateAssetName("azsmnet"); string destinationPortRange = "123-3500"; NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup() { Location = location, SecurityRules = { new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation); Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString()); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name); Assert.AreEqual(6, getNsgResponse.Value.DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", getNsgResponse.Value.DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", getNsgResponse.Value.DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", getNsgResponse.Value.DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", getNsgResponse.Value.DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", getNsgResponse.Value.DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", getNsgResponse.Value.DefaultSecurityRules[5].Name); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Allow, getNsgResponse.Value.SecurityRules[0].Access); Assert.AreEqual("Test security rule", getNsgResponse.Value.SecurityRules[0].Description); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[0].DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getNsgResponse.Value.SecurityRules[0].DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Inbound, getNsgResponse.Value.SecurityRules[0].Direction); Assert.AreEqual(500, getNsgResponse.Value.SecurityRules[0].Priority); Assert.AreEqual(SecurityRuleProtocol.Tcp, getNsgResponse.Value.SecurityRules[0].Protocol); Assert.AreEqual("Succeeded", getNsgResponse.Value.SecurityRules[0].ProvisioningState.ToString()); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[0].SourceAddressPrefix); Assert.AreEqual("655", getNsgResponse.Value.SecurityRules[0].SourcePortRange); // List NSG AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Has.One.EqualTo(listNsgResponse); Assert.AreEqual(networkSecurityGroupName, listNsgResponse.First().Name); Assert.AreEqual(6, listNsgResponse.First().DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name); Assert.AreEqual(getNsgResponse.Value.Etag, listNsgResponse.First().Etag); // List NSG in a subscription AsyncPageable <NetworkSecurityGroup> listNsgSubsciptionResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAllAsync(); List <NetworkSecurityGroup> listNsgSubsciptionResponse = await listNsgSubsciptionResponseAP.ToEnumerableAsync(); Assert.IsNotEmpty(listNsgSubsciptionResponse); // Add a new security rule var SecurityRule = new SecurityRule() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; networkSecurityGroup.SecurityRules.Add(SecurityRule); putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); await WaitForCompletionAsync(putNsgResponseOperation); // Get NSG getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Deny, getNsgResponse.Value.SecurityRules[1].Access); Assert.AreEqual("Test outbound security rule", getNsgResponse.Value.SecurityRules[1].Description); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[1].DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getNsgResponse.Value.SecurityRules[1].DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Outbound, getNsgResponse.Value.SecurityRules[1].Direction); Assert.AreEqual(501, getNsgResponse.Value.SecurityRules[1].Priority); Assert.AreEqual(SecurityRuleProtocol.Udp, getNsgResponse.Value.SecurityRules[1].Protocol); Assert.AreEqual("Succeeded", getNsgResponse.Value.SecurityRules[1].ProvisioningState.ToString()); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[1].SourceAddressPrefix); Assert.AreEqual("656", getNsgResponse.Value.SecurityRules[1].SourcePortRange); // List Default Security Groups AsyncPageable <SecurityRule> listDefaultSecurityGroupsAP = NetworkManagementClient.DefaultSecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName); List <SecurityRule> listDefaultSecurityGroups = await listDefaultSecurityGroupsAP.ToEnumerableAsync(); Assert.IsNotEmpty(listDefaultSecurityGroups); // Get Defaul Security Group Response <SecurityRule> getDefaultSecurityGroups = await NetworkManagementClient.DefaultSecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, listDefaultSecurityGroups.First().Name); Assert.AreEqual(listDefaultSecurityGroups.First().Name, getDefaultSecurityGroups.Value.Name); // Delete NSG await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName); // List NSG listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.IsEmpty(listNsgResponse); }
public async Task ViewNsgRuleApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "westus2"; await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string virtualMachineName = Recording.GenerateAssetName("azsmnet"); string networkInterfaceName = Recording.GenerateAssetName("azsmnet"); string networkSecurityGroupName = virtualMachineName + "-nsg"; //Deploy VM with template await CreateVm( resourcesClient : ResourceManagementClient, resourceGroupName : resourceGroupName, location : location, virtualMachineName : virtualMachineName, storageAccountName : Recording.GenerateAssetName("azsmnet"), networkInterfaceName : networkInterfaceName, networkSecurityGroupName : networkSecurityGroupName, diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"), deploymentName : Recording.GenerateAssetName("azsmnet"), adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#") ); //TODO:There is no need to perform a separate create NetworkWatchers operation //Create network Watcher //string networkWatcherName = Recording.GenerateAssetName("azsmnet"); //NetworkWatcher properties = new NetworkWatcher { Location = location }; //Response<NetworkWatcher> createNetworkWatcher = await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties); Response <VirtualMachine> getVm = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName); string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = Recording.GenerateAssetName("azsmnet"); // Add a security rule SecurityRule SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); nsg.Value.SecurityRules.Add(SecurityRule); NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg); Response <NetworkSecurityGroup> networkSecurityGroup = await WaitForCompletionAsync(createOrUpdateOperation); //Get view security group rules SecurityGroupViewParameters sgvProperties = new SecurityGroupViewParameters(getVm.Value.Id); NetworkWatchersGetVMSecurityRulesOperation viewNSGRulesOperation = await NetworkManagementClient.NetworkWatchers.StartGetVMSecurityRulesAsync("NetworkWatcherRG", "NetworkWatcher_westus2", sgvProperties); Response <SecurityGroupViewResult> viewNSGRules = await WaitForCompletionAsync(viewNSGRulesOperation); //Verify effective security rule defined earlier IEnumerable <EffectiveNetworkSecurityRule> getEffectiveSecurityRule = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1); Assert.AreEqual("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol); Assert.AreEqual(501, getEffectiveSecurityRule.FirstOrDefault().Priority); Assert.AreEqual("Deny", getEffectiveSecurityRule.FirstOrDefault().Access); Assert.AreEqual("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange); //Verify 6 default rules IEnumerable <SecurityRule> getDefaultSecurityRule1 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound"); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRule1.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule1.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule2 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound"); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRule2.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule2.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange); Assert.AreEqual("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule3 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound"); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRule3.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRule3.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule4 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound"); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRule4.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule4.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule4.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule5 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound"); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRule5.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule5.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule5.FirstOrDefault().Direction); Assert.AreEqual("Internet", getDefaultSecurityRule5.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule6 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound"); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRule6.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRule6.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule6.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourcePortRange); }
public async Task VerifyIpFlowApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "westus2"; await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string virtualMachineName1 = Recording.GenerateAssetName("azsmnet"); string networkInterfaceName1 = Recording.GenerateAssetName("azsmnet"); string networkSecurityGroupName = virtualMachineName1 + "-nsg"; //Deploy VM with a template await CreateVm( resourcesClient : ResourceManagementClient, resourceGroupName : resourceGroupName, location : location, virtualMachineName : virtualMachineName1, storageAccountName : Recording.GenerateAssetName("azsmnet"), networkInterfaceName : networkInterfaceName1, networkSecurityGroupName : networkSecurityGroupName, diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"), deploymentName : Recording.GenerateAssetName("azsmnet"), adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#") ); //TODO:There is no need to perform a separate create NetworkWatchers operation //Create network Watcher //string networkWatcherName = Recording.GenerateAssetName("azsmnet"); //NetworkWatcher properties = new NetworkWatcher { Location = location }; //await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties); Response <VirtualMachine> getVm1 = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName1); string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName1).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = Recording.GenerateAssetName("azsmnet"); // Add a security rule SecurityRule SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); nsg.Value.SecurityRules.Add(SecurityRule); NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg); await WaitForCompletionAsync(createOrUpdateOperation); VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters(getVm1.Value.Id, "Outbound", "TCP", "80", "80", localIPAddress, "12.11.12.14"); //Verify IP flow from a VM to a location given the configured rule NetworkWatchersVerifyIPFlowOperation verifyIpFlowOperation = await NetworkManagementClient.NetworkWatchers.StartVerifyIPFlowAsync("NetworkWatcherRG", "NetworkWatcher_westus2", ipFlowProperties); Response <VerificationIPFlowResult> verifyIpFlow = await WaitForCompletionAsync(verifyIpFlowOperation); //Verify validity of the result Assert.AreEqual("Deny", verifyIpFlow.Value.Access.ToString()); Assert.AreEqual("securityRules/" + securityRule1, verifyIpFlow.Value.RuleName); }