public static void RunSample(IAzure azure) { string rgName = SdkContext.RandomResourceName("rgSTMS", 20); string networkName = SdkContext.RandomResourceName("nw", 20); string subnetName = "subnetA"; string storageAccountName = SdkContext.RandomResourceName("sa", 15); string publicIpName = SdkContext.RandomResourceName("pip", 20); string vmName = SdkContext.RandomResourceName("vm", 10); try { // ============================================================ // Create a virtual network and a subnet with storage service subnet access enabled Utilities.Log("Creating a Virtual network and subnet with storage service subnet access enabled:"); INetwork network = azure.Networks.Define(networkName) .WithRegion(Region.USEast) .WithNewResourceGroup(rgName) .WithAddressSpace("10.0.0.0/28") .DefineSubnet(subnetName) .WithAddressPrefix("10.0.0.8/29") .WithAccessFromService(ServiceEndpointType.MicrosoftStorage) .Attach() .Create(); Utilities.Log("Created a Virtual network with subnet:"); Utilities.PrintVirtualNetwork(network); // ============================================================ // Create a storage account with access to it allowed only from a specific subnet var subnetId = $"{network.Id}/subnets/{subnetName}"; Utilities.Log($"Creating a storage account with access allowed only from the subnet{subnetId}"); IStorageAccount storageAccount = azure.StorageAccounts.Define(storageAccountName) .WithRegion(Region.USEast) .WithExistingResourceGroup(rgName) .WithAccessFromSelectedNetworks() .WithAccessFromNetworkSubnet(subnetId) .Create(); Utilities.Log("Created storage account:"); Utilities.PrintStorageAccount(storageAccount); // ============================================================ // Create a public IP address Utilities.Log("Creating a Public IP address"); IPublicIPAddress publicIPAddress = azure.PublicIPAddresses .Define(publicIpName) .WithRegion(Region.USEast) .WithExistingResourceGroup(rgName) .WithLeafDomainLabel(publicIpName) .Create(); Utilities.Log("Created Public IP address:"); Utilities.PrintIPAddress(publicIPAddress); // ============================================================ // Create a virtual machine and associate the public IP address Utilities.Log("Creating a VM with the Public IP address"); IVirtualMachine linuxVM = azure.VirtualMachines .Define(vmName) .WithRegion(Region.USEast) .WithExistingResourceGroup(rgName) .WithNewPrimaryNetwork("10.1.0.0/28") .WithPrimaryPrivateIPAddressDynamic() .WithExistingPrimaryPublicIPAddress(publicIPAddress) .WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts) .WithRootUsername(Utilities.CreateUsername()) .WithRootPassword(Utilities.CreatePassword()) .WithSize(VirtualMachineSizeTypes.Parse("Standard_D2a_v4")) .Create(); Utilities.Log($"Created the VM: {linuxVM.Id}"); Utilities.PrintVirtualMachine(linuxVM); publicIPAddress.Refresh(); // Refresh public IP resource to populate the assigned IPv4 address // ============================================================ // Update the storage account so that it can also be accessed from the PublicIP address Utilities.Log($"Updating storage account with access also allowed from publicIP{publicIPAddress.IPAddress}"); storageAccount.Update() .WithAccessFromIpAddress(publicIPAddress.IPAddress) .Apply(); Utilities.Log("Updated storage account:"); Utilities.PrintStorageAccount(storageAccount); // ============================================================ // Update the storage account to restrict incoming traffic to HTTPS Utilities.Log("Restricting access to storage account only via HTTPS"); storageAccount.Update() .WithOnlyHttpsTraffic() .Apply(); Utilities.Log("Updated the storage account:"); Utilities.PrintStorageAccount(storageAccount); } finally { if (azure.ResourceGroups.GetByName(rgName) != null) { Utilities.Log("Deleting Resource Group: " + rgName); azure.ResourceGroups.DeleteByName(rgName); Utilities.Log("Deleted Resource Group: " + rgName); } else { Utilities.Log("Did not create any resources in Azure. No clean up is necessary"); } } }
public override ILoadBalancer CreateResource(ILoadBalancers resources) { pips = resources.Manager.PublicIPAddresses; networks = resources.Manager.Networks; availabilitySets = computeManager.AvailabilitySets; var existingVMs = loadBalancerHelper.EnsureVMs(networks, computeManager, 2); Assert.Equal(2, existingVMs.Count()); var existingPips = loadBalancerHelper.EnsurePIPs(pips); var nic1 = existingVMs.ElementAt(0).GetPrimaryNetworkInterface(); var nic2 = existingVMs.ElementAt(1).GetPrimaryNetworkInterface(); IPublicIPAddress pip = resources.Manager.PublicIPAddresses.GetByResourceGroup( loadBalancerHelper.GroupName, loadBalancerHelper.PipNames[0]); // Create a load balancer var lb = resources.Define(loadBalancerHelper.LoadBalancerName) .WithRegion(loadBalancerHelper.Region) .WithExistingResourceGroup(loadBalancerHelper.GroupName) // Load balancing rules .DefineLoadBalancingRule("rule1") .WithProtocol(TransportProtocol.Tcp) // Required .FromExistingPublicIPAddress(pip) .FromFrontendPort(81) .ToBackend("backend1") .ToBackendPort(82) // Optionals .WithProbe("tcpProbe1") .WithIdleTimeoutInMinutes(10) .WithLoadDistribution(LoadDistribution.SourceIP) .Attach() // Inbound NAT rules .DefineInboundNatRule("natrule1") .WithProtocol(TransportProtocol.Tcp) .FromExistingPublicIPAddress(pip) // Implicitly uses the same frontend because the PIP is the same .FromFrontendPort(88) .Attach() // Probes .DefineTcpProbe("tcpProbe1") .WithPort(25) // Required .WithIntervalInSeconds(15) // Optionals .WithNumberOfProbes(5) .Attach() .DefineHttpProbe("httpProbe1") .WithRequestPath("/") // Required .WithIntervalInSeconds(13) // Optionals .WithNumberOfProbes(4) .Attach() .Create(); string backendName = lb.Backends.Values.First().Name; string frontendName = lb.Frontends.Values.First().Name; // Connect NICs explicitly nic1.Update() .WithExistingLoadBalancerBackend(lb, backendName) .WithExistingLoadBalancerInboundNatRule(lb, "natrule1") .Apply(); NetworkInterfaceHelper.PrintNic(nic1); Assert.Equal(nic1.PrimaryIPConfiguration.ListAssociatedLoadBalancerBackends().ElementAt(0) .Name, backendName, ignoreCase: true); Assert.Equal("natrule1", nic1.PrimaryIPConfiguration.ListAssociatedLoadBalancerInboundNatRules().ElementAt(0) .Name, ignoreCase: true); nic2.Update() .WithExistingLoadBalancerBackend(lb, backendName) .Apply(); NetworkInterfaceHelper.PrintNic(nic2); Assert.Equal(nic2.PrimaryIPConfiguration.ListAssociatedLoadBalancerBackends().ElementAt(0) .Name, backendName, ignoreCase: true); // Verify frontends Assert.Single(lb.Frontends.Values); Assert.Single(lb.PublicFrontends.Values); Assert.Empty(lb.PrivateFrontends.Values); Assert.True(lb.Frontends.ContainsKey(frontendName)); var frontend = lb.Frontends[frontendName]; Assert.True(frontend.IsPublic); var publicFrontend = (ILoadBalancerPublicFrontend)frontend; Assert.Equal(pip.Id, publicFrontend.PublicIPAddressId, ignoreCase: true); pip.Refresh(); Assert.Equal(pip.GetAssignedLoadBalancerFrontend().Name, frontendName, ignoreCase: true); // Verify backends Assert.True(lb.Backends.ContainsKey(backendName)); Assert.Single(lb.Backends.Values); // Verify probes Assert.True(lb.HttpProbes.ContainsKey("httpProbe1")); Assert.Single(lb.HttpProbes.Values); Assert.True(lb.TcpProbes.ContainsKey("tcpProbe1")); Assert.Single(lb.TcpProbes.Values); // Verify rules Assert.Single(lb.LoadBalancingRules.Values); Assert.True(lb.LoadBalancingRules.ContainsKey("rule1")); var rule = lb.LoadBalancingRules["rule1"]; Assert.Equal(rule.Backend.Name, backendName, ignoreCase: true); Assert.Equal(rule.Frontend.Name, frontendName, ignoreCase: true); Assert.Equal("tcpProbe1", rule.Probe.Name, ignoreCase: true); // Verify inbound NAT rules Assert.Single(lb.InboundNatRules.Values); Assert.True(lb.InboundNatRules.ContainsKey("natrule1")); var inboundNatRule = lb.InboundNatRules["natrule1"]; Assert.Equal(inboundNatRule.Frontend.Name, frontendName, ignoreCase: true); Assert.Equal(88, inboundNatRule.FrontendPort); Assert.Equal(88, inboundNatRule.BackendPort); return(lb); }