internal void Bind(NetworkSecurityGroup networkSecurityGroup, TargetTreeView targetTreeView)
{
try
{
_IsBinding = true;
_NetworkSecurityGroup = networkSecurityGroup;
_TargetTreeView = targetTreeView;
if (_NetworkSecurityGroup.SourceNetworkSecurityGroup != null)
{
if (_NetworkSecurityGroup.SourceNetworkSecurityGroup.GetType() == typeof(Azure.Asm.NetworkSecurityGroup))
{
Azure.Asm.NetworkSecurityGroup asmNetworkSecurityGroup = (Azure.Asm.NetworkSecurityGroup)_NetworkSecurityGroup.SourceNetworkSecurityGroup;
lblSourceName.Text = asmNetworkSecurityGroup.Name;
}
else if (_NetworkSecurityGroup.SourceNetworkSecurityGroup.GetType() == typeof(Azure.Arm.NetworkSecurityGroup))
{
Azure.Arm.NetworkSecurityGroup armNetworkSecurityGroup = (Azure.Arm.NetworkSecurityGroup)_NetworkSecurityGroup.SourceNetworkSecurityGroup;
lblSourceName.Text = armNetworkSecurityGroup.Name;
}
}
txtTargetName.Text = _NetworkSecurityGroup.TargetName;
}
finally
{
_IsBinding = false;
}
}
public static NetworkSecurityGroup CreateNsg(SqlVirtualMachineTestContext context, NetworkSecurityGroup nsg = null)
{
if (nsg == null)
{
nsg = new NetworkSecurityGroup(name: context.generateResourceName())
{
Location = context.location,
SecurityRules = new List <SecurityRule>(new SecurityRule[]
{
new SecurityRule()
{
Name = "default-allow-rdp",
Priority = 1000,
Protocol = "TCP",
Access = "Allow",
Direction = "Inbound",
SourceAddressPrefix = "*",
SourcePortRange = "*",
DestinationAddressPrefix = "*",
DestinationPortRange = "3389"
}
})
};
}
context.client.networkClient.NetworkSecurityGroups.CreateOrUpdate(context.resourceGroup.Name, nsg.Name, nsg);
return(context.client.networkClient.NetworkSecurityGroups.Get(context.resourceGroup.Name, nsg.Name));
}
public async ValueTask <Response <NetworkSecurityGroup> > GetAsync(string resourceGroupName, string networkSecurityGroupName, string expand = null, CancellationToken cancellationToken = default)
{
if (resourceGroupName == null)
{
throw new ArgumentNullException(nameof(resourceGroupName));
}
if (networkSecurityGroupName == null)
{
throw new ArgumentNullException(nameof(networkSecurityGroupName));
}
using var message = CreateGetRequest(resourceGroupName, networkSecurityGroupName, expand);
await _pipeline.SendAsync(message, cancellationToken).ConfigureAwait(false);
switch (message.Response.Status)
{
case 200:
{
NetworkSecurityGroup value = default;
using var document = await JsonDocument.ParseAsync(message.Response.ContentStream, default, cancellationToken).ConfigureAwait(false);
if (document.RootElement.ValueKind == JsonValueKind.Null)
{
value = null;
}
else
{
value = NetworkSecurityGroup.DeserializeNetworkSecurityGroup(document.RootElement);
}
return(Response.FromValue(value, message.Response));
}
public PSNetworkSecurityGroup ToPsNetworkSecurityGroup(NetworkSecurityGroup nsg)
{
var psNsg = Mapper.Map <PSNetworkSecurityGroup>(nsg);
psNsg.Tag = TagsConversionHelper.CreateTagHashtable(nsg.Tags);
return(psNsg);
}
internal NetworkSecurityGroup CreateNetworkSecurityGroup(string location, string networkSecurityGroupName)
{
NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location
};
return(HDInsightManagementHelper.CreateNetworkSecurityGroup(CommonData.ResourceGroupName, networkSecurityGroupName, networkSecurityGroup));
}
// Temporary - to be removed
public void NullifyApplicationSecurityGroupsIfAbsent(NetworkSecurityGroup nsg)
{
if (nsg == null)
{
return;
}
this.NullifyApplicationSecurityRulesIfAbsent(nsg.DefaultSecurityRules);
this.NullifyApplicationSecurityRulesIfAbsent(nsg.SecurityRules);
}
internal void Bind(TreeNode networkSecurityGroupNode, AsmToArm asmToArmForm)
{
_NetworkSecurityGroupNode = networkSecurityGroupNode;
TreeNode asmNetworkSecurityGroupNode = (TreeNode)_NetworkSecurityGroupNode.Tag;
NetworkSecurityGroup asmNetworkSecurityGroup = (NetworkSecurityGroup)asmNetworkSecurityGroupNode.Tag;
lblSourceName.Text = asmNetworkSecurityGroup.Name;
txtTargetName.Text = asmNetworkSecurityGroup.TargetName;
}
private void txtTargetName_TextChanged(object sender, EventArgs e)
{
TextBox txtSender = (TextBox)sender;
TreeNode asmNetworkSecurityGroupNode = (TreeNode)_NetworkSecurityGroupNode.Tag;
NetworkSecurityGroup asmNetworkSecurityGroup = (NetworkSecurityGroup)asmNetworkSecurityGroupNode.Tag;
asmNetworkSecurityGroup.TargetName = txtSender.Text;
_NetworkSecurityGroupNode.Text = asmNetworkSecurityGroup.GetFinalTargetName();
PropertyChanged();
}
public void UsageTest()
{
var handler = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (var context = UndoContext.Current)
{
context.Start();
var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(handler);
var networkResourceProviderClient = NetworkManagementTestUtilities.GetNetworkResourceProviderClient(handler);
var location = NetworkManagementTestUtilities.GetResourceLocation(resourcesClient, "Microsoft.Network/networkSecurityGroups");
string resourceGroupName = TestUtilities.GenerateName("csmrg");
resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName,
new ResourceGroup
{
Location = location
});
string networkSecurityGroupName = TestUtilities.GenerateName();
var networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
};
// Put Nsg
var putNsgResponse = networkResourceProviderClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Assert.Equal(HttpStatusCode.OK, putNsgResponse.StatusCode);
Assert.Equal("Succeeded", putNsgResponse.Status);
var getNsgResponse = networkResourceProviderClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName);
Assert.Equal(HttpStatusCode.OK, getNsgResponse.StatusCode);
// Query for usages
var usagesResponse = networkResourceProviderClient.Usages.List(getNsgResponse.NetworkSecurityGroup.Location.Replace(" ", string.Empty));
Assert.True(usagesResponse.StatusCode == HttpStatusCode.OK);
// Verify that the strings are populated
Assert.NotNull(usagesResponse.Usages);
Assert.True(usagesResponse.Usages.Any());
foreach (var usage in usagesResponse.Usages)
{
Assert.True(usage.Limit > 0);
Assert.NotNull(usage.Name);
Assert.True(!string.IsNullOrEmpty(usage.Name.LocalizedValue));
Assert.True(!string.IsNullOrEmpty(usage.Name.Value));
}
}
}
protected NetworkSecurityGroup CreateNsg(string rgName, string nsgName = null)
{
nsgName = nsgName ?? GenerateName("nsg");
var nsgParameters = new NetworkSecurityGroup()
{
Location = DEFAULT_LOCATION
};
var putNSgResponse = NetworkClient.NetworkSecurityGroups.CreateOrUpdate(rgName, nsgName, nsgParameters);
var getNsgResponse = NetworkClient.NetworkSecurityGroups.Get(rgName, nsgName);
return(getNsgResponse);
}
public override void ExecuteCmdlet()
{
ConfirmAction(
Force.IsPresent,
string.Format(Resources.RemoveNetworkSecurityRuleWarning, Name, NetworkSecurityGroup.GetInstance().Name),
Resources.RemoveNetworkSecurityRuleWarning,
Name,
() =>
{
Client.RemoveNetworkSecurityRule(NetworkSecurityGroup.GetInstance().Name, Name);
WriteObject(Client.GetNetworkSecurityGroup(NetworkSecurityGroup.GetInstance().Name, true));
});
}
protected NetworkSecurityGroup CreateNsg(string rgName, string nsgName = null)
{
nsgName = nsgName ?? ComputeManagementTestUtilities.GenerateName("nsg");
var nsgParameters = new NetworkSecurityGroup()
{
Location = m_location
};
var putNSgResponse = m_NrpClient.NetworkSecurityGroups.CreateOrUpdate(rgName, nsgName, nsgParameters);
var getNsgResponse = m_NrpClient.NetworkSecurityGroups.Get(rgName, nsgName);
return(getNsgResponse);
}
public override void ExecuteCmdlet()
{
Client.SetNetworkSecurityRule(
NetworkSecurityGroup.GetInstance().Name,
Name,
Type,
Priority,
Action,
SourceAddressPrefix,
SourcePortRange,
DestinationAddressPrefix,
DestinationPortRange,
Protocol);
WriteObject(Client.GetNetworkSecurityGroup(NetworkSecurityGroup.GetInstance().Name, true));
}
private void MetroWindow_Loaded(object sender, RoutedEventArgs e)
{
using (new WaitCursor())
{
MainWindow mainWindow = Application.Current.MainWindow as MainWindow;
NetworkSecurityGroup = mainWindow.GetNetworkSecurityGroup(SelectedInstance);
if (NetworkSecurityGroup != null)
{
DataContext = NetworkSecurityGroup.Rules.OrderBy(f => f.Name);
RulesGrid.ItemsSource = NetworkSecurityGroup.Rules.OrderBy(f => f.Name);
}
else
{
SharedMethods.NotLoggedIn();
}
}
}
private static CreateVirtualNetworkResult CreateVirtualNetwork(string suffix, ResourceGroup resourceGroup)
{
var virtualNetwork = new VirtualNetwork($"vnet-{suffix}", new VirtualNetworkArgs
{
AddressSpaces = { "10.0.0.0/16" },
ResourceGroupName = resourceGroup.Name
});
var subnet = new Subnet("apps", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = virtualNetwork.Name,
AddressPrefixes =
{
"10.0.1.0/24",
}
});
var nsg = new NetworkSecurityGroup($"nsg-{suffix}", new NetworkSecurityGroupArgs
{
ResourceGroupName = resourceGroup.Name,
});
var nsgSshAllowInbound = new NetworkSecurityRule("ssh-allow-inbound", new NetworkSecurityRuleArgs
{
Priority = 1001,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "22",
SourceAddressPrefix = "*",
DestinationAddressPrefix = "*",
NetworkSecurityGroupName = nsg.Name,
ResourceGroupName = resourceGroup.Name,
});
return(new CreateVirtualNetworkResult
{
NetworkSecurityGroupId = nsg.Id,
SubnetId = subnet.Id
});
}
private IEnumerable <NetworkSecurityGroup> ReadNetworkSecurityGroups(IResourceGroup resourceGroup)
{
var networkSecurityGroups = new List <NetworkSecurityGroup>();
var azurenetworkSecurityGroups = _azure.NetworkSecurityGroups.ListByResourceGroup(resourceGroup.Name);
foreach (var securityGroup in azurenetworkSecurityGroups)
{
NetworkSecurityGroup group = new NetworkSecurityGroup(securityGroup);
foreach (var networkInterfaceId in securityGroup.NetworkInterfaceIds)
{
var networkInterface = _azure.NetworkInterfaces.GetById(networkInterfaceId);
if (networkInterface != null)
{
group.NetworkInterfaces.Add(new NetworkInterface(networkInterface));
}
}
}
return(networkSecurityGroups);
}
public async Task UsageTest()
{
string resourceGroupName = Recording.GenerateAssetName("csmrg");
string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups");
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
};
// Put Nsg
NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation);
Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString());
Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
// Query for usages
AsyncPageable <Usage> usagesResponseAP = NetworkManagementClient.Usages.ListAsync(getNsgResponse.Value.Location.Replace(" ", string.Empty));
List <Usage> usagesResponse = await usagesResponseAP.ToEnumerableAsync();
// Verify that the strings are populated
Assert.NotNull(usagesResponse);
Assert.True(usagesResponse.Any());
foreach (Usage usage in usagesResponse)
{
Assert.True(usage.Limit > 0);
Assert.NotNull(usage.Name);
Assert.True(!string.IsNullOrEmpty(usage.Name.LocalizedValue));
Assert.True(!string.IsNullOrEmpty(usage.Name.Value));
}
}
public static void PrintNetworkSecurityGroup(NetworkSecurityGroup resource)
{
var nsgOutput = new StringBuilder();
nsgOutput.Append("NSG: ").Append(resource.Id)
.Append("Name: ").Append(resource.Name)
.Append("\n\tLocation: ").Append(resource.Location)
.Append("\n\tTags: ").Append(FormatDictionary(resource.Tags));
// Output security rules
foreach (var rule in resource.SecurityRules)
{
nsgOutput.Append("\n\tRule: ").Append(rule.Name)
.Append("\n\t\tAccess: ").Append(rule.Access)
.Append("\n\t\tDirection: ").Append(rule.Direction)
.Append("\n\t\tFrom address: ").Append(rule.SourceAddressPrefix)
.Append("\n\t\tFrom port range: ").Append(rule.SourcePortRange)
.Append("\n\t\tTo address: ").Append(rule.DestinationAddressPrefix)
.Append("\n\t\tTo port: ").Append(rule.DestinationPortRange)
.Append("\n\t\tProtocol: ").Append(rule.Protocol)
.Append("\n\t\tPriority: ").Append(rule.Priority);
}
Utilities.Log(nsgOutput.ToString());
}
/// <summary>
/// Creates or updates a network security group in the specified resource
/// group.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='networkSecurityGroupName'>
/// The name of the network security group.
/// </param>
/// <param name='parameters'>
/// Parameters supplied to the create or update network security group
/// operation.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <NetworkSecurityGroup> BeginCreateOrUpdateAsync(this INetworkSecurityGroupsOperations operations, string resourceGroupName, string networkSecurityGroupName, NetworkSecurityGroup parameters, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, networkSecurityGroupName, parameters, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
protected NetworkInterface CreateNIC(string rgName, Subnet subnet, string publicIPaddress, string nicname = null, NetworkSecurityGroup nsg = null)
{
// Create Nic
nicname = nicname ?? ComputeManagementTestUtilities.GenerateName("nic");
string ipConfigName = ComputeManagementTestUtilities.GenerateName("ip");
var nicParameters = new NetworkInterface()
{
Location = m_location,
Tags = new Dictionary <string, string>()
{
{ "key", "value" }
},
IpConfigurations = new List <NetworkInterfaceIPConfiguration>()
{
new NetworkInterfaceIPConfiguration()
{
Name = ipConfigName,
PrivateIPAllocationMethod = IPAllocationMethod.Dynamic,
Subnet = subnet,
}
},
NetworkSecurityGroup = nsg
};
if (publicIPaddress != null)
{
nicParameters.IpConfigurations[0].PublicIPAddress = new Microsoft.Azure.Management.Network.Models.PublicIPAddress()
{
Id = publicIPaddress
};
}
var putNicResponse = m_NrpClient.NetworkInterfaces.CreateOrUpdate(rgName, nicname, nicParameters);
var getNicResponse = m_NrpClient.NetworkInterfaces.Get(rgName, nicname);
return(getNicResponse);
}
public static VirtualNetwork CreateVirtualNetwork(SqlManagementTestContext context, ResourceGroup resourceGroup, string location)
{
NetworkManagementClient networkClient = context.GetClient <NetworkManagementClient>();
// Create vnet andinitialize subnets
string vnetName = SqlManagementTestUtilities.GenerateName();
// Create network security group
NetworkSecurityGroup networkSecurityGroupParams = new NetworkSecurityGroup()
{
Location = TestEnvironmentUtilities.DefaultLocationId,
SecurityRules = new List <SecurityRule>()
{
new SecurityRule()
{
Direction = "Inbound",
Name = "allow_management_inbound",
DestinationAddressPrefix = "*",
DestinationPortRanges = new List <string>()
{
"1433", "1434", "5022", "9000", "9003", "1438", "1440", "1452", "80", "443"
},
SourceAddressPrefix = "*",
SourcePortRange = "*",
Protocol = "Tcp",
Access = "Allow",
Priority = 100
},
new SecurityRule()
{
Direction = "Inbound",
Name = "allow_misubnet_inbound",
DestinationPortRange = "*",
DestinationAddressPrefix = "*",
SourceAddressPrefix = "10.0.0.0/26",
SourcePortRange = "*",
Protocol = "*",
Access = "Allow",
Priority = 200
},
new SecurityRule()
{
Direction = "Inbound",
Name = "allow_health_probe",
DestinationAddressPrefix = "*",
DestinationPortRange = "*",
SourceAddressPrefix = "AzureLoadBalancer",
SourcePortRange = "*",
Protocol = "*",
Access = "Allow",
Priority = 300
},
new SecurityRule()
{
Direction = "Outbound",
Name = "allow_management_outbound",
DestinationAddressPrefix = "*",
DestinationPortRanges = new List <string>()
{
"80", "443", "12000"
},
Protocol = "*",
SourceAddressPrefix = "*",
SourcePortRange = "*",
Access = "Allow",
Priority = 100
},
new SecurityRule()
{
Direction = "Outbound",
Name = "allow_misubnet_outbound",
DestinationAddressPrefix = "10.0.0.0/26",
DestinationPortRange = "*",
Protocol = "*",
SourceAddressPrefix = "*",
SourcePortRange = "*",
Access = "Allow",
Priority = 200
}
}
};
string networkSecurityGroupName = SqlManagementTestUtilities.GenerateName();
networkClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroup.Name, networkSecurityGroupName, networkSecurityGroupParams);
NetworkSecurityGroup securityGroup = networkClient.NetworkSecurityGroups.Get(resourceGroup.Name, networkSecurityGroupName);
// Create route table
RouteTable routeTableParams = new RouteTable()
{
Location = TestEnvironmentUtilities.DefaultLocationId,
Routes = new List <Route>()
{
new Route()
{
Name = SqlManagementTestUtilities.GenerateName(),
AddressPrefix = "0.0.0.0/0",
NextHopType = "Internet"
},
new Route()
{
Name = SqlManagementTestUtilities.GenerateName(),
AddressPrefix = "10.0.0.0/26",
NextHopType = "VnetLocal"
}
}
};
string routeTableName = SqlManagementTestUtilities.GenerateName();
networkClient.RouteTables.CreateOrUpdate(resourceGroup.Name, routeTableName, routeTableParams);
RouteTable routeTable = networkClient.RouteTables.Get(resourceGroup.Name, routeTableName);
// Create subnet
List <Subnet> subnetList = new List <Subnet>();
Subnet subnet = new Subnet()
{
Name = "MISubnet",
AddressPrefix = "10.0.0.0/26",
NetworkSecurityGroup = securityGroup,
RouteTable = routeTable
};
subnetList.Add(subnet);
// Create vnet
var vnet = new VirtualNetwork()
{
Location = location,
AddressSpace = new AddressSpace()
{
AddressPrefixes = new List <string>()
{
"10.0.0.0/22",
}
},
Subnets = subnetList
};
// Put Vnet
var putVnetResponse = networkClient.VirtualNetworks.CreateOrUpdate(resourceGroup.Name, vnetName, vnet);
Assert.Equal("Succeeded", putVnetResponse.ProvisioningState);
// Get Vnets
var getVnetResponse = networkClient.VirtualNetworks.Get(resourceGroup.Name, vnetName);
return(getVnetResponse);
}
public NetworkSecurityGroup CreateNetworkSecurityGroup(string resourceGroupName, string networkSecurityGroupName, NetworkSecurityGroup networkSecurityGroupParameter)
{
return(networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroupParameter));
}
public VirtualNetwork CreateVirtualNetworkWithSubnet(string resourceGroupName, string location, string virtualNetworkName, string subnetName, NetworkSecurityGroup networkSecurityGroup = null, bool subnetPrivateEndpointNetworkPoliciesFlag = true, bool subnetPrivateLinkServiceNetworkPoliciesFlag = true)
{
VirtualNetwork vnet = new VirtualNetwork()
{
Location = location,
AddressSpace = new AddressSpace()
{
AddressPrefixes = new List <string>()
{
"10.0.0.0/16",
}
},
Subnets = new List <Subnet>()
{
new Subnet()
{
Name = subnetName,
AddressPrefix = "10.0.0.0/24",
NetworkSecurityGroup = networkSecurityGroup,
PrivateEndpointNetworkPolicies = subnetPrivateEndpointNetworkPoliciesFlag ? "Enabled" : "Disabled",
PrivateLinkServiceNetworkPolicies = subnetPrivateLinkServiceNetworkPoliciesFlag ? "Enabled" : "Disabled"
}
}
};
return(networkManagementClient.VirtualNetworks.CreateOrUpdate(resourceGroupName, virtualNetworkName, vnet));
}
public void FlowLogApiTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler3 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler4 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler5 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1);
var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2);
var computeManagementClient = NetworkManagementTestUtilities.GetComputeManagementClientWithHandler(context, handler3);
var storageManagementClient = NetworkManagementTestUtilities.GetStorageManagementClientWithHandler(context, handler4);
var operationalInsightsManagementClient = NetworkManagementTestUtilities.GetOperationalInsightsManagementClientWithHandler(context, handler5);
string location = "eastus2euap";
string workspaceLocation = "East US";
string resourceGroupName = TestUtilities.GenerateName();
resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName,
new ResourceGroup
{
Location = location
});
//Create network security group
string networkSecurityGroupName = TestUtilities.GenerateName();
var networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
};
// Put Nsg
var putNsgResponse = networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
// Get NSG
var getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName);
string networkWatcherName = TestUtilities.GenerateName();
NetworkWatcher properties = new NetworkWatcher();
properties.Location = location;
//Create network Watcher
var createNetworkWatcher = networkManagementClient.NetworkWatchers.CreateOrUpdate(resourceGroupName, networkWatcherName, properties);
//Create storage
string storageName = TestUtilities.GenerateName();
var storageParameters = new StorageAccountCreateParameters()
{
Location = location,
Kind = Kind.Storage,
Sku = new Sku
{
Name = SkuName.StandardLRS
}
};
var storageAccount = storageManagementClient.StorageAccounts.Create(resourceGroupName, storageName, storageParameters);
//create workspace
string workspaceName = TestUtilities.GenerateName();
var workSpaceParameters = new Workspace()
{
Location = workspaceLocation
};
var workspace = operationalInsightsManagementClient.Workspaces.CreateOrUpdate(resourceGroupName, workspaceName, workSpaceParameters);
FlowLogInformation configParameters = new FlowLogInformation()
{
TargetResourceId = getNsgResponse.Id,
Enabled = true,
StorageId = storageAccount.Id,
RetentionPolicy = new RetentionPolicyParameters
{
Days = 5,
Enabled = true
},
FlowAnalyticsConfiguration = new TrafficAnalyticsProperties()
{
NetworkWatcherFlowAnalyticsConfiguration = new TrafficAnalyticsConfigurationProperties()
{
Enabled = true,
WorkspaceId = workspace.CustomerId,
WorkspaceRegion = workspace.Location,
WorkspaceResourceId = workspace.Id
}
}
};
//configure flowlog and TA
var configureFlowLog1 = networkManagementClient.NetworkWatchers.SetFlowLogConfiguration(resourceGroupName, networkWatcherName, configParameters);
FlowLogStatusParameters flowLogParameters = new FlowLogStatusParameters()
{
TargetResourceId = getNsgResponse.Id
};
var queryFlowLogStatus1 = networkManagementClient.NetworkWatchers.GetFlowLogStatus(resourceGroupName, networkWatcherName, flowLogParameters);
//check both flowlog and TA config and enabled status
Assert.Equal(queryFlowLogStatus1.TargetResourceId, configParameters.TargetResourceId);
Assert.True(queryFlowLogStatus1.Enabled);
Assert.Equal(queryFlowLogStatus1.StorageId, configParameters.StorageId);
Assert.Equal(queryFlowLogStatus1.RetentionPolicy.Days, configParameters.RetentionPolicy.Days);
Assert.Equal(queryFlowLogStatus1.RetentionPolicy.Enabled, configParameters.RetentionPolicy.Enabled);
Assert.True(queryFlowLogStatus1.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled);
Assert.Equal(queryFlowLogStatus1.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceId,
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceId);
Assert.Equal(queryFlowLogStatus1.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceRegion,
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceRegion);
Assert.Equal(queryFlowLogStatus1.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceResourceId,
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.WorkspaceResourceId);
//disable TA
configParameters.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled = false;
var configureFlowLog2 = networkManagementClient.NetworkWatchers.SetFlowLogConfiguration(resourceGroupName, networkWatcherName, configParameters);
var queryFlowLogStatus2 = networkManagementClient.NetworkWatchers.GetFlowLogStatus(resourceGroupName, networkWatcherName, flowLogParameters);
//check TA disabled and ensure flowlog config is unchanged
Assert.Equal(queryFlowLogStatus2.TargetResourceId, configParameters.TargetResourceId);
Assert.True(queryFlowLogStatus2.Enabled);
Assert.Equal(queryFlowLogStatus2.StorageId, configParameters.StorageId);
Assert.Equal(queryFlowLogStatus2.RetentionPolicy.Days, configParameters.RetentionPolicy.Days);
Assert.Equal(queryFlowLogStatus2.RetentionPolicy.Enabled, configParameters.RetentionPolicy.Enabled);
Assert.False(queryFlowLogStatus2.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled);
//disable flowlog (and TA)
configParameters.Enabled = false;
var configureFlowLog3 = networkManagementClient.NetworkWatchers.SetFlowLogConfiguration(resourceGroupName, networkWatcherName, configParameters);
var queryFlowLogStatus3 = networkManagementClient.NetworkWatchers.GetFlowLogStatus(resourceGroupName, networkWatcherName, flowLogParameters);
//check both flowlog and TA disabled
Assert.False(queryFlowLogStatus3.Enabled);
Assert.False(queryFlowLogStatus3.FlowAnalyticsConfiguration.NetworkWatcherFlowAnalyticsConfiguration.Enabled);
}
}
public static async Task RunSample(TokenCredential credential)
{
string vnetName1 = Utilities.RandomResourceName("vnet1", 20);
string vnetName2 = Utilities.RandomResourceName("vnet2", 20);
string frontEndVmName = Utilities.RandomResourceName("fevm", 24);
string backEndVmName = Utilities.RandomResourceName("bevm", 24);
string publicIpAddressLeafDnsForFrontEndVm = Utilities.RandomResourceName("pip1", 24);
var networkManagementClient = new NetworkManagementClient(SubscriptionId, credential);
var networkSecurityGroups = networkManagementClient.NetworkSecurityGroups;
var virtualNetworks = networkManagementClient.VirtualNetworks;
var publicIPAddresses = networkManagementClient.PublicIPAddresses;
var networkInterfaces = networkManagementClient.NetworkInterfaces;
var computeManagementClient = new ComputeManagementClient(SubscriptionId, credential);
var virtualMachines = computeManagementClient.VirtualMachines;
try
{
await ResourceGroupHelper.CreateOrUpdateResourceGroup(ResourceGroupName, "eastus");
//============================================================
// Create a virtual network with specific address-space and two subnet
// Creates a network security group for backend subnet
Utilities.Log("Creating a network security group for virtual network backend subnet...");
Utilities.Log("Creating a network security group for virtual network frontend subnet...");
var networkSecurityGroupParameters = new NetworkSecurityGroup
{
Location = "eastus",
SecurityRules = new[]
{
new SecurityRule
{
Name = "DenyInternetInComing",
Priority = 700,
Access = SecurityRuleAccess.Deny,
Direction = SecurityRuleDirection.Inbound,
SourceAddressPrefix = "Internet",
SourcePortRange = "*",
DestinationAddressPrefix = "*",
DestinationPortRange = "*",
Protocol = SecurityRuleProtocol.Asterisk
},
new SecurityRule
{
Name = "DenyInternetOutGoing",
Priority = 701,
Access = SecurityRuleAccess.Deny,
Direction = SecurityRuleDirection.Outbound,
SourceAddressPrefix = "*",
SourcePortRange = "*",
DestinationAddressPrefix = "*",
DestinationPortRange = "*",
Protocol = SecurityRuleProtocol.Asterisk
}
}
};
var rawNetworkSecurityGroupResult = await networkSecurityGroups.StartCreateOrUpdateAsync(ResourceGroupName, VNet1BackEndSubnetNsgName, networkSecurityGroupParameters);
var backEndSubnetNsg = (await rawNetworkSecurityGroupResult.WaitForCompletionAsync()).Value;
Utilities.Log("Created backend network security group");
// Print the network security group
Utilities.PrintNetworkSecurityGroup(backEndSubnetNsg);
networkSecurityGroupParameters = new NetworkSecurityGroup
{
Location = "eastus",
SecurityRules = new[]
{
new SecurityRule
{
Name = "AllowHttpInComing",
Priority = 700,
Access = SecurityRuleAccess.Allow,
Direction = SecurityRuleDirection.Inbound,
SourceAddressPrefix = "Internet",
SourcePortRange = "*",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Protocol = SecurityRuleProtocol.Tcp
},
new SecurityRule
{
Name = "DenyInternetOutGoing",
Priority = 701,
Access = SecurityRuleAccess.Deny,
Direction = SecurityRuleDirection.Outbound,
SourceAddressPrefix = "*",
SourcePortRange = "*",
DestinationAddressPrefix = "INTERNET",
DestinationPortRange = "*",
Protocol = SecurityRuleProtocol.Asterisk
}
}
};
rawNetworkSecurityGroupResult = await networkSecurityGroups.StartCreateOrUpdateAsync(ResourceGroupName, VNet1FrontEndSubnetNsgName, networkSecurityGroupParameters);
var frontEndSubnetNsg = (await rawNetworkSecurityGroupResult.WaitForCompletionAsync()).Value;
Utilities.Log("Created frontend network security group");
// Print the network security group
Utilities.PrintNetworkSecurityGroup(frontEndSubnetNsg);
Utilities.Log("Creating virtual network #1...");
var virtualNetworkParameters = new VirtualNetwork
{
Location = "eastus",
AddressSpace = new AddressSpace {
AddressPrefixes = new List <string> {
"192.168.0.0/16"
}
},
Subnets = new List <Subnet>
{
new Subnet
{
Name = VNet1FrontEndSubnetName,
AddressPrefix = "192.168.1.0/24",
},
new Subnet
{
Name = VNet1BackEndSubnetName,
AddressPrefix = "192.168.2.0/24",
NetworkSecurityGroup = backEndSubnetNsg
}
}
};
var rawVirtualNetworkResult = await virtualNetworks.StartCreateOrUpdateAsync(ResourceGroupName, vnetName1, virtualNetworkParameters);
var virtualNetwork1 = (await rawVirtualNetworkResult.WaitForCompletionAsync()).Value;
Utilities.Log("Created a virtual network");
// Print the virtual network details
Utilities.PrintVirtualNetwork(virtualNetwork1);
//============================================================
// Update a virtual network
// Update the virtual network frontend subnet by associating it with network security group
Utilities.Log("Associating network security group rule to frontend subnet");
virtualNetworkParameters = new VirtualNetwork
{
Location = "eastus",
AddressSpace = new AddressSpace
{
AddressPrefixes = new List <string> {
"192.168.0.0/16"
}
},
Subnets = new List <Subnet>
{
new Subnet
{
Name = VNet1FrontEndSubnetName,
AddressPrefix = "192.168.1.0/24",
NetworkSecurityGroup = frontEndSubnetNsg
},
new Subnet {
Name = VNet1BackEndSubnetName,
AddressPrefix = "192.168.2.0/24",
NetworkSecurityGroup = backEndSubnetNsg
}
}
};
rawVirtualNetworkResult = await virtualNetworks.StartCreateOrUpdateAsync(ResourceGroupName, vnetName1, virtualNetworkParameters);
virtualNetwork1 = (await rawVirtualNetworkResult.WaitForCompletionAsync()).Value;
Utilities.Log("Network security group rule associated with the frontend subnet");
// Print the virtual network details
Utilities.PrintVirtualNetwork(virtualNetwork1);
//============================================================
// Create a virtual machine in each subnet
// Creates the first virtual machine in frontend subnet
Utilities.Log("Creating a Linux virtual machine in the frontend subnet");
// Creates the second virtual machine in the backend subnet
Utilities.Log("Creating a Linux virtual machine in the backend subnet");
// Create a virtual network with default address-space and one default subnet
Utilities.Log("Creating virtual network #2...");
Utilities.Log("Creating Public IP Address #1...");
var ipAddress = new PublicIPAddress
{
PublicIPAddressVersion = Azure.ResourceManager.Network.Models.IPVersion.IPv4,
PublicIPAllocationMethod = IPAllocationMethod.Dynamic,
Location = "eastus",
};
ipAddress = (await publicIPAddresses.StartCreateOrUpdate(ResourceGroupName, frontEndVmName + "_ip", ipAddress)
.WaitForCompletionAsync()).Value;
Utilities.Log("Created Public IP Address #1...");
Utilities.Log("Creating Network Interface #1...");
var networkInterface = new NetworkInterface
{
Location = "eastus",
IpConfigurations = new List <NetworkInterfaceIPConfiguration>
{
new NetworkInterfaceIPConfiguration
{
Name = "Primary",
Primary = true,
Subnet = new Subnet
{
Id = virtualNetwork1.Subnets.First(s => s.Name == VNet1FrontEndSubnetName).Id
},
PrivateIPAllocationMethod = IPAllocationMethod.Dynamic,
PublicIPAddress = new PublicIPAddress {
Id = ipAddress.Id
}
}
}
};
networkInterface = (await networkInterfaces
.StartCreateOrUpdate(ResourceGroupName, frontEndVmName + "_nic", networkInterface).WaitForCompletionAsync()).Value;
Utilities.Log("Created Network Interface #1...");
var t1 = DateTime.UtcNow;
var virtualMachineParameters = new VirtualMachine("eastus")
{
NetworkProfile = new Azure.ResourceManager.Compute.Models.NetworkProfile
{
NetworkInterfaces = new[]
{
new NetworkInterfaceReference {
Id = networkInterface.Id
}
}
},
OsProfile = new OSProfile
{
ComputerName = frontEndVmName,
AdminUsername = UserName,
LinuxConfiguration = new LinuxConfiguration
{
Ssh = new SshConfiguration
{
PublicKeys = new List <SshPublicKey>
{
new SshPublicKey
{
Path = "/home/" + UserName + "/.ssh/authorized_keys",
KeyData = SshKey
}
}
}
}
},
StorageProfile = new StorageProfile
{
ImageReference = new ImageReference
{
Offer = "UbuntuServer",
Publisher = "Canonical",
Sku = "16.04-LTS",
Version = "latest"
},
DataDisks = new List <DataDisk>()
},
HardwareProfile = new HardwareProfile
{
VmSize = VirtualMachineSizeTypes.StandardD3V2
}
};
var rawVirtualMachineResult = await virtualMachines.StartCreateOrUpdateAsync(ResourceGroupName, frontEndVmName, virtualMachineParameters);
var frontEndVM = (await rawVirtualMachineResult.WaitForCompletionAsync()).Value;
var t2 = DateTime.UtcNow;
Utilities.Log("Created Linux VM: (took " + (t2 - t1).TotalSeconds + " seconds) " + frontEndVM.Id);
// Print virtual machine details
Utilities.PrintVirtualMachine(frontEndVM);
Utilities.Log("Creating Network Interface #2...");
networkInterface = new NetworkInterface
{
Location = "eastus",
IpConfigurations = new List <NetworkInterfaceIPConfiguration>
{
new NetworkInterfaceIPConfiguration
{
Name = "Primary",
Primary = true,
Subnet = new Subnet
{
Id = virtualNetwork1.Subnets.First(s => s.Name == VNet1BackEndSubnetName).Id
},
PrivateIPAllocationMethod = IPAllocationMethod.Dynamic,
}
}
};
networkInterface = (await networkInterfaces
.StartCreateOrUpdate(ResourceGroupName, backEndVmName + "_nic", networkInterface)
.WaitForCompletionAsync()).Value;
Utilities.Log("Created Network Interface #1...");
t1 = DateTime.UtcNow;
virtualMachineParameters = new VirtualMachine("eastus")
{
NetworkProfile = new Azure.ResourceManager.Compute.Models.NetworkProfile
{
NetworkInterfaces = new[]
{
new NetworkInterfaceReference {
Id = networkInterface.Id
}
}
},
OsProfile = new OSProfile
{
ComputerName = frontEndVmName,
AdminUsername = UserName,
LinuxConfiguration = new LinuxConfiguration
{
Ssh = new SshConfiguration
{
PublicKeys = new List <SshPublicKey>
{
new SshPublicKey
{
Path = "/home/" + UserName + "/.ssh/authorized_keys",
KeyData = SshKey
}
}
}
}
},
StorageProfile = new StorageProfile
{
ImageReference = new ImageReference
{
Offer = "UbuntuServer",
Publisher = "Canonical",
Sku = "16.04-LTS",
Version = "latest"
},
DataDisks = new List <DataDisk>()
},
HardwareProfile = new HardwareProfile
{
VmSize = VirtualMachineSizeTypes.StandardD3V2
}
};
rawVirtualMachineResult = await virtualMachines.StartCreateOrUpdateAsync(ResourceGroupName, backEndVmName, virtualMachineParameters);
var backEndVM = (await rawVirtualMachineResult.WaitForCompletionAsync()).Value;
var t3 = DateTime.UtcNow;
Utilities.Log("Created Linux VM: (took " + (t3 - t1).TotalSeconds + " seconds) " + backEndVM.Id);
// Print virtual machine details
Utilities.PrintVirtualMachine(backEndVM);
Utilities.Log("Creating a virtual network #2");
rawVirtualNetworkResult = await virtualNetworks.StartCreateOrUpdateAsync(
ResourceGroupName,
vnetName2,
new VirtualNetwork
{
Location = "eastus",
AddressSpace = new AddressSpace
{
AddressPrefixes = new List <string> {
"10.0.0.0/16"
}
}
});
var virtualNetwork2 = (await rawVirtualNetworkResult.WaitForCompletionAsync()).Value;
Utilities.Log("Created a virtual network #2");
// Print the virtual network details
Utilities.PrintVirtualNetwork(virtualNetwork2);
//============================================================
// List virtual networks
Utilities.Log("List virtual networks");
foreach (var virtualNetwork in await virtualNetworks.ListAsync(ResourceGroupName).ToEnumerableAsync())
{
Utilities.PrintVirtualNetwork(virtualNetwork);
}
//============================================================
// Delete a virtual network
Utilities.Log("Deleting the virtual network");
await(await virtualNetworks.StartDeleteAsync(ResourceGroupName, vnetName2)).WaitForCompletionAsync();
Utilities.Log("Deleted the virtual network");
}
finally
{
try
{
await ResourceGroupHelper.DeleteResourceGroup(ResourceGroupName);
}
catch (NullReferenceException)
{
Utilities.Log("Did not create any resources in Azure. No clean up is necessary");
}
catch (Exception ex)
{
Utilities.Log(ex);
}
}
}
public virtual NetworkSecurityGroupsCreateOrUpdateOperation StartCreateOrUpdate(string resourceGroupName, string networkSecurityGroupName, NetworkSecurityGroup parameters, CancellationToken cancellationToken = default)
{
if (resourceGroupName == null)
{
throw new ArgumentNullException(nameof(resourceGroupName));
}
if (networkSecurityGroupName == null)
{
throw new ArgumentNullException(nameof(networkSecurityGroupName));
}
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
using var scope = _clientDiagnostics.CreateScope("NetworkSecurityGroupsOperations.StartCreateOrUpdate");
scope.Start();
try
{
var originalResponse = RestClient.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, parameters, cancellationToken);
return(new NetworkSecurityGroupsCreateOrUpdateOperation(_clientDiagnostics, _pipeline, RestClient.CreateCreateOrUpdateRequest(resourceGroupName, networkSecurityGroupName, parameters).Request, originalResponse));
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
/// <summary>
/// Creates or updates a network security group in the specified resource
/// group.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='networkSecurityGroupName'>
/// The name of the network security group.
/// </param>
/// <param name='parameters'>
/// Parameters supplied to the create or update network security group
/// operation.
/// </param>
public static NetworkSecurityGroup BeginCreateOrUpdate(this INetworkSecurityGroupsOperations operations, string resourceGroupName, string networkSecurityGroupName, NetworkSecurityGroup parameters)
{
return(operations.BeginCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, parameters).GetAwaiter().GetResult());
}
public async Task CreateInVirtualNetworkStv2Tests()
{
Environment.SetEnvironmentVariable("AZURE_TEST_MODE", "Playback");
using (MockContext context = MockContext.Start(this.GetType()))
{
var testBase = new ApiManagementTestBase(context);
var virtualNetworkName = TestUtilities.GenerateName("apimvnet");
var subnetName = TestUtilities.GenerateName("apimsubnet");
// setup NSG
string networkSecurityGroupName = TestUtilities.GenerateName();
var networkSecurityGroup = new NetworkSecurityGroup()
{
Location = testBase.location,
};
// Put Nsg
var putNsgResponse = testBase.networkClient.NetworkSecurityGroups.CreateOrUpdate(testBase.rgName, networkSecurityGroupName, networkSecurityGroup);
Assert.Equal("Succeeded", putNsgResponse.ProvisioningState);
// setup VNET
var vnet = new VirtualNetwork()
{
Location = testBase.location,
AddressSpace = new AddressSpace()
{
AddressPrefixes = new List <string>()
{
"10.0.0.0/16",
}
},
Subnets = new List <Subnet>()
{
new Subnet()
{
Name = subnetName,
AddressPrefix = "10.0.1.0/24",
NetworkSecurityGroup = new NetworkSecurityGroup()
{
Id = putNsgResponse.Id
}
}
}
};
// Put Vnet
var putVnetResponse = testBase.networkClient.VirtualNetworks.CreateOrUpdate(testBase.rgName, virtualNetworkName, vnet);
Assert.Equal("Succeeded", putVnetResponse.ProvisioningState);
var getSubnetResponse = testBase.networkClient.Subnets.Get(testBase.rgName, virtualNetworkName, subnetName);
Assert.NotNull(getSubnetResponse);
Assert.NotNull(getSubnetResponse.Id);
// create public IP
var putPublicIPResponse = await SetupPublicIPAsync(testBase);
testBase.serviceProperties.VirtualNetworkType = VirtualNetworkType.External;
testBase.serviceProperties.VirtualNetworkConfiguration = new VirtualNetworkConfiguration()
{
SubnetResourceId = getSubnetResponse.Id
};
testBase.serviceProperties.PublicIpAddressId = putPublicIPResponse.Id;
var createdService = testBase.client.ApiManagementService.CreateOrUpdate(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName,
parameters: testBase.serviceProperties);
ValidateService(createdService,
testBase.serviceName,
testBase.rgName,
testBase.subscriptionId,
testBase.location,
testBase.serviceProperties.PublisherEmail,
testBase.serviceProperties.PublisherName,
testBase.serviceProperties.Sku.Name,
testBase.tags,
PlatformVersion.Stv2);
Assert.Equal(VirtualNetworkType.External, createdService.VirtualNetworkType);
Assert.NotNull(createdService.VirtualNetworkConfiguration);
Assert.Equal(getSubnetResponse.Id, createdService.VirtualNetworkConfiguration.SubnetResourceId);
Assert.Equal(putPublicIPResponse.Id, createdService.PublicIpAddressId);
// apply network configuration
var applyNetworkConfigParameters = new ApiManagementServiceApplyNetworkConfigurationParameters()
{
Location = createdService.Location
};
var applyNetworkServiceResponse = testBase.client.ApiManagementService.ApplyNetworkConfigurationUpdates(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName,
parameters: applyNetworkConfigParameters);
Assert.NotNull(applyNetworkServiceResponse);
Assert.Equal(createdService.Name, applyNetworkServiceResponse.Name);
Assert.NotNull(applyNetworkServiceResponse.VirtualNetworkConfiguration);
Assert.Equal(VirtualNetworkType.External, applyNetworkServiceResponse.VirtualNetworkType);
// get the network status by service
var serviceNetworkStatus = await testBase.client.NetworkStatus.ListByServiceAsync(
testBase.rgName,
testBase.serviceName);
Assert.NotNull(serviceNetworkStatus);
Assert.Single(serviceNetworkStatus);
Assert.Equal(testBase.location.ToLowerAndRemoveWhiteSpaces(), serviceNetworkStatus.First().Location.ToLowerAndRemoveWhiteSpaces());
Assert.NotNull(serviceNetworkStatus.First().NetworkStatus.ConnectivityStatus);
Assert.NotNull(serviceNetworkStatus.First().NetworkStatus.DnsServers);
Assert.Equal("success", serviceNetworkStatus.First().NetworkStatus.ConnectivityStatus.First().Status, true);
Assert.NotNull(serviceNetworkStatus.First().NetworkStatus.ConnectivityStatus.First().Name);
Assert.NotNull(serviceNetworkStatus.First().NetworkStatus.ConnectivityStatus.First().ResourceType);
// get the network status by location
var serviceNetworkStatusByLocation = await testBase.client.NetworkStatus.ListByLocationAsync(
testBase.rgName,
testBase.serviceName,
createdService.Location);
Assert.NotNull(serviceNetworkStatusByLocation);
Assert.NotNull(serviceNetworkStatusByLocation.ConnectivityStatus);
Assert.NotNull(serviceNetworkStatusByLocation.DnsServers);
Assert.Equal("success", serviceNetworkStatusByLocation.ConnectivityStatus.First().Status, true);
Assert.NotNull(serviceNetworkStatusByLocation.ConnectivityStatus.First().Name);
// Move to Internal Virtual Network
// setup new public ip
var putPublicIPResponse2 = await SetupPublicIPAsync(testBase);
testBase.serviceProperties.VirtualNetworkType = VirtualNetworkType.Internal;
testBase.serviceProperties.PublicIpAddressId = putPublicIPResponse2.Id;
var updatedService = testBase.client.ApiManagementService.CreateOrUpdate(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName,
parameters: testBase.serviceProperties);
Assert.Equal(VirtualNetworkType.Internal, updatedService.VirtualNetworkType);
Assert.NotNull(updatedService.VirtualNetworkConfiguration);
Assert.Equal(getSubnetResponse.Id, updatedService.VirtualNetworkConfiguration.SubnetResourceId);
Assert.Equal(putPublicIPResponse2.Id, updatedService.PublicIpAddressId);
// Delete
testBase.client.ApiManagementService.Delete(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName);
Assert.Throws <Microsoft.Azure.Management.ApiManagement.Models.ErrorResponseException>(() =>
{
testBase.client.ApiManagementService.Get(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName);
});
}
}
public void NetworkSecurityGroupApiTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1);
var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2);
var location = NetworkManagementTestUtilities.GetResourceLocation(resourcesClient, "Microsoft.Network/networkSecurityGroups");
string resourceGroupName = TestUtilities.GenerateName("csmrg");
resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName,
new ResourceGroup
{
Location = location
});
string networkSecurityGroupName = TestUtilities.GenerateName();
var networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
};
// Put Nsg
var putNsgResponse = networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Assert.Equal("Succeeded", putNsgResponse.ProvisioningState);
// Get NSG
var getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName);
Assert.Equal(networkSecurityGroupName, getNsgResponse.Name);
Assert.NotNull(getNsgResponse.ResourceGuid);
Assert.Equal(6, getNsgResponse.DefaultSecurityRules.Count);
Assert.Equal("AllowVnetInBound", getNsgResponse.DefaultSecurityRules[0].Name);
Assert.Equal("AllowAzureLoadBalancerInBound", getNsgResponse.DefaultSecurityRules[1].Name);
Assert.Equal("DenyAllInBound", getNsgResponse.DefaultSecurityRules[2].Name);
Assert.Equal("AllowVnetOutBound", getNsgResponse.DefaultSecurityRules[3].Name);
Assert.Equal("AllowInternetOutBound", getNsgResponse.DefaultSecurityRules[4].Name);
Assert.Equal("DenyAllOutBound", getNsgResponse.DefaultSecurityRules[5].Name);
// Verify a default security rule
Assert.Equal(SecurityRuleAccess.Allow, getNsgResponse.DefaultSecurityRules[0].Access);
Assert.Equal("Allow inbound traffic from all VMs in VNET", getNsgResponse.DefaultSecurityRules[0].Description);
Assert.Equal("VirtualNetwork", getNsgResponse.DefaultSecurityRules[0].DestinationAddressPrefix);
Assert.Equal("*", getNsgResponse.DefaultSecurityRules[0].DestinationPortRange);
Assert.Equal(SecurityRuleDirection.Inbound, getNsgResponse.DefaultSecurityRules[0].Direction);
Assert.Equal(65000, getNsgResponse.DefaultSecurityRules[0].Priority);
Assert.Equal(SecurityRuleProtocol.Asterisk, getNsgResponse.DefaultSecurityRules[0].Protocol);
Assert.Equal("Succeeded", getNsgResponse.DefaultSecurityRules[0].ProvisioningState);
Assert.Equal("VirtualNetwork", getNsgResponse.DefaultSecurityRules[0].SourceAddressPrefix);
Assert.Equal("*", getNsgResponse.DefaultSecurityRules[0].SourcePortRange);
// List NSG
var listNsgResponse = networkManagementClient.NetworkSecurityGroups.List(resourceGroupName);
Assert.Single(listNsgResponse);
Assert.Equal(networkSecurityGroupName, listNsgResponse.First().Name);
Assert.Equal(6, listNsgResponse.First().DefaultSecurityRules.Count);
Assert.Equal("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name);
Assert.Equal("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name);
Assert.Equal("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name);
Assert.Equal("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name);
Assert.Equal("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name);
Assert.Equal("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name);
Assert.Equal(getNsgResponse.Etag, listNsgResponse.First().Etag);
// List NSG in a subscription
var listNsgSubsciptionResponse = networkManagementClient.NetworkSecurityGroups.ListAll();
Assert.NotEmpty(listNsgSubsciptionResponse);
// Delete NSG
networkManagementClient.NetworkSecurityGroups.Delete(resourceGroupName, networkSecurityGroupName);
// List NSG
listNsgResponse = networkManagementClient.NetworkSecurityGroups.List(resourceGroupName);
Assert.Empty(listNsgResponse);
}
}
public void NetworkSecurityGroupWithRulesApiTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1);
var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2);
var location = NetworkManagementTestUtilities.GetResourceLocation(resourcesClient, "Microsoft.Network/networkSecurityGroups");
string resourceGroupName = TestUtilities.GenerateName("csmrg");
resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName,
new ResourceGroup
{
Location = location
});
string networkSecurityGroupName = TestUtilities.GenerateName();
string securityRule1 = TestUtilities.GenerateName();
string securityRule2 = TestUtilities.GenerateName();
string destinationPortRange = "123-3500";
var networkSecurityGroup = new NetworkSecurityGroup()
{
Location = location,
SecurityRules = new List <SecurityRule>()
{
new SecurityRule()
{
Name = securityRule1,
Access = SecurityRuleAccess.Allow,
Description = "Test security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Inbound,
Priority = 500,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "655"
}
}
};
// Put Nsg
var putNsgResponse = networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
Assert.Equal("Succeeded", putNsgResponse.ProvisioningState);
// Get NSG
var getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName);
Assert.Equal(networkSecurityGroupName, getNsgResponse.Name);
Assert.Equal(6, getNsgResponse.DefaultSecurityRules.Count);
Assert.Equal("AllowVnetInBound", getNsgResponse.DefaultSecurityRules[0].Name);
Assert.Equal("AllowAzureLoadBalancerInBound", getNsgResponse.DefaultSecurityRules[1].Name);
Assert.Equal("DenyAllInBound", getNsgResponse.DefaultSecurityRules[2].Name);
Assert.Equal("AllowVnetOutBound", getNsgResponse.DefaultSecurityRules[3].Name);
Assert.Equal("AllowInternetOutBound", getNsgResponse.DefaultSecurityRules[4].Name);
Assert.Equal("DenyAllOutBound", getNsgResponse.DefaultSecurityRules[5].Name);
// Verify the security rule
Assert.Equal(SecurityRuleAccess.Allow, getNsgResponse.SecurityRules[0].Access);
Assert.Equal("Test security rule", getNsgResponse.SecurityRules[0].Description);
Assert.Equal("*", getNsgResponse.SecurityRules[0].DestinationAddressPrefix);
Assert.Equal(destinationPortRange, getNsgResponse.SecurityRules[0].DestinationPortRange);
Assert.Equal(SecurityRuleDirection.Inbound, getNsgResponse.SecurityRules[0].Direction);
Assert.Equal(500, getNsgResponse.SecurityRules[0].Priority);
Assert.Equal(SecurityRuleProtocol.Tcp, getNsgResponse.SecurityRules[0].Protocol);
Assert.Equal("Succeeded", getNsgResponse.SecurityRules[0].ProvisioningState);
Assert.Equal("*", getNsgResponse.SecurityRules[0].SourceAddressPrefix);
Assert.Equal("655", getNsgResponse.SecurityRules[0].SourcePortRange);
// List NSG
var listNsgResponse = networkManagementClient.NetworkSecurityGroups.List(resourceGroupName);
Assert.Single(listNsgResponse);
Assert.Equal(networkSecurityGroupName, listNsgResponse.First().Name);
Assert.Equal(6, listNsgResponse.First().DefaultSecurityRules.Count);
Assert.Equal("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name);
Assert.Equal("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name);
Assert.Equal("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name);
Assert.Equal("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name);
Assert.Equal("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name);
Assert.Equal("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name);
Assert.Equal(getNsgResponse.Etag, listNsgResponse.First().Etag);
// List NSG in a subscription
var listNsgSubsciptionResponse = networkManagementClient.NetworkSecurityGroups.ListAll();
Assert.NotEmpty(listNsgSubsciptionResponse);
// Add a new security rule
var SecurityRule = new SecurityRule()
{
Name = securityRule2,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Udp,
SourceAddressPrefix = "*",
SourcePortRange = "656",
};
networkSecurityGroup.SecurityRules.Add(SecurityRule);
putNsgResponse = networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup);
// Get NSG
getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName);
// Verify the security rule
Assert.Equal(SecurityRuleAccess.Deny, getNsgResponse.SecurityRules[1].Access);
Assert.Equal("Test outbound security rule", getNsgResponse.SecurityRules[1].Description);
Assert.Equal("*", getNsgResponse.SecurityRules[1].DestinationAddressPrefix);
Assert.Equal(destinationPortRange, getNsgResponse.SecurityRules[1].DestinationPortRange);
Assert.Equal(SecurityRuleDirection.Outbound, getNsgResponse.SecurityRules[1].Direction);
Assert.Equal(501, getNsgResponse.SecurityRules[1].Priority);
Assert.Equal(SecurityRuleProtocol.Udp, getNsgResponse.SecurityRules[1].Protocol);
Assert.Equal("Succeeded", getNsgResponse.SecurityRules[1].ProvisioningState);
Assert.Equal("*", getNsgResponse.SecurityRules[1].SourceAddressPrefix);
Assert.Equal("656", getNsgResponse.SecurityRules[1].SourcePortRange);
// List Default Security Groups
var listDefaultSecurityGroups = networkManagementClient.DefaultSecurityRules.List(resourceGroupName, networkSecurityGroupName);
Assert.NotEmpty(listDefaultSecurityGroups);
// Get Defaul Security Group
var getDefaultSecurityGroups = networkManagementClient.DefaultSecurityRules.Get(resourceGroupName, networkSecurityGroupName, listDefaultSecurityGroups.First().Name);
Assert.Equal(listDefaultSecurityGroups.First().Name, getDefaultSecurityGroups.Name);
// Delete NSG
networkManagementClient.NetworkSecurityGroups.Delete(resourceGroupName, networkSecurityGroupName);
// List NSG
listNsgResponse = networkManagementClient.NetworkSecurityGroups.List(resourceGroupName);
Assert.Empty(listNsgResponse);
}
}
