private static IEnumerable <SecurityRule> Merge(SecurityRule rule, SecurityRule[] rules) { List <SecurityRule> result = new List <SecurityRule>(); result.Add(rule); Collections.addAll(result, rules); return(result); }
private void AddSecurityRule(string resourceGroupName, string nsgName, string securityRuleName, int priority, string description, string protocol, string access, string direction, string sourcePortRange = "*", string sourceAddressPrefix = "*", string destinationPortRange = "*", string destinationAddressPrefix = "*") { var securityRule = new SecurityRule(protocol: protocol, sourceAddressPrefix: sourceAddressPrefix, destinationAddressPrefix: destinationAddressPrefix, access: access, direction: direction, description: description, sourcePortRange: sourcePortRange, destinationPortRange: destinationPortRange, priority: priority, name: securityRuleName); WrappedNetworkClient.SecurityRules.CreateOrUpdate(resourceGroupName, nsgName, securityRuleName, securityRule); }
public static bool Check(SecurityRule sg, ICollection <string> failedPredicateNames) { var failed = false; foreach (var check in _checks) { if (!check(sg)) { failedPredicateNames.Add(check.Method.Name); failed = true; } } return(!failed); }
private void CompareSecurityRule(SecurityRule rule1, SecurityRule rule2) { Assert.Equal(rule1.Name, rule2.Name); Assert.Equal(rule1.Etag, rule2.Etag); Assert.Equal(rule1.Access, rule2.Access); Assert.Equal(rule1.Description, rule2.Description); Assert.Equal(rule1.DestinationAddressPrefix, rule2.DestinationAddressPrefix); Assert.Equal(rule1.DestinationPortRange, rule2.DestinationPortRange); Assert.Equal(rule1.Direction, rule2.Direction); Assert.Equal(rule1.Protocol, rule2.Protocol); Assert.Equal(rule1.ProvisioningState, rule2.ProvisioningState); Assert.Equal(rule1.SourceAddressPrefix, rule2.SourceAddressPrefix); Assert.Equal(rule1.SourcePortRange, rule2.SourcePortRange); }
public async Task SetRule(Guid entityId, RuleSubject subject, SecurityRule rule) { var entityRule = await GetRule(entityId, subject, rule); if (entityRule != null) { entityRule.Rule = rule; await Update(entityRule); return; } await Add(new EntitySecurityRule { EntityId = entityId, Subject = subject, Rule = rule, }); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldPassThroughRequestToAnUnsecuredPath() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldPassThroughRequestToAnUnsecuredPath() { // given SecurityRule rule = mock(typeof(SecurityRule)); when(rule.ForUriPath()).thenReturn("/some-path"); FilterChain filterChain = mock(typeof(FilterChain)); SecurityFilter securityFilter = new SecurityFilter(rule); HttpServletRequest request = mock(typeof(HttpServletRequest)); when(request.ContextPath).thenReturn("/some-other-path"); // when securityFilter.DoFilter(request, mock(typeof(HttpServletResponse)), filterChain); // then verify(filterChain).doFilter(any(typeof(HttpServletRequest)), any(typeof(HttpServletResponse))); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldActivateRuleThatRejectsTheRequestForAMatchingPath() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldActivateRuleThatRejectsTheRequestForAMatchingPath() { // given SecurityRule rule = mock(typeof(SecurityRule)); when(rule.ForUriPath()).thenReturn("/some-path"); when(rule.IsAuthorized(any(typeof(HttpServletRequest)))).thenReturn(false); FilterChain filterChain = mock(typeof(FilterChain)); SecurityFilter securityFilter = new SecurityFilter(rule); HttpServletRequest request = mock(typeof(HttpServletRequest)); when(request.ContextPath).thenReturn("/some-path"); // when securityFilter.DoFilter(request, mock(typeof(HttpServletResponse)), filterChain); // then verify(filterChain, never()).doFilter(any(typeof(HttpServletRequest)), any(typeof(HttpServletResponse))); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldRemoveRules() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldRemoveRules() { // given SecurityRule securityRule1 = mock(typeof(SecurityRule)); when(securityRule1.ForUriPath()).thenReturn("/securityRule1"); SecurityRule securityRule2 = mock(typeof(SecurityRule)); when(securityRule2.ForUriPath()).thenReturn("/securityRule2"); SecurityFilter securityFilter = new SecurityFilter(securityRule1, securityRule2); HttpServletRequest request = mock(typeof(HttpServletRequest)); HttpServletResponse response = mock(typeof(HttpServletResponse)); FilterChain filterChain = mock(typeof(FilterChain)); // when securityFilter.Destroy(); securityFilter.DoFilter(request, response, filterChain); // then verify(filterChain).doFilter(request, response); }
/// <summary> /// The Put network security rule operation creates/updates a security rule in /// the specified network security group /// </summary> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='networkSecurityGroupName'> /// The name of the network security group. /// </param> /// <param name='securityRuleName'> /// The name of the security rule. /// </param> /// <param name='securityRuleParameters'> /// Parameters supplied to the create/update network security rule operation /// </param> /// <param name='customHeaders'> /// Headers that will be added to request. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public async Task <AzureOperationResponse <SecurityRule> > BeginCreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string networkSecurityGroupName, string securityRuleName, SecurityRule securityRuleParameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken)) { if (resourceGroupName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "resourceGroupName"); } if (networkSecurityGroupName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "networkSecurityGroupName"); } if (securityRuleName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "securityRuleName"); } if (securityRuleParameters == null) { throw new ValidationException(ValidationRules.CannotBeNull, "securityRuleParameters"); } if (securityRuleParameters != null) { securityRuleParameters.Validate(); } if (this.Client.ApiVersion == null) { throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.ApiVersion"); } if (this.Client.SubscriptionId == null) { throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.SubscriptionId"); } // Tracing bool shouldTrace = ServiceClientTracing.IsEnabled; string invocationId = null; if (shouldTrace) { invocationId = ServiceClientTracing.NextInvocationId.ToString(); Dictionary <string, object> tracingParameters = new Dictionary <string, object>(); tracingParameters.Add("resourceGroupName", resourceGroupName); tracingParameters.Add("networkSecurityGroupName", networkSecurityGroupName); tracingParameters.Add("securityRuleName", securityRuleName); tracingParameters.Add("securityRuleParameters", securityRuleParameters); tracingParameters.Add("cancellationToken", cancellationToken); ServiceClientTracing.Enter(invocationId, this, "BeginCreateOrUpdate", tracingParameters); } // Construct URL var baseUrl = this.Client.BaseUri.AbsoluteUri; var url = new Uri(new Uri(baseUrl + (baseUrl.EndsWith("/") ? "" : "/")), "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}/securityRules/{securityRuleName}").ToString(); url = url.Replace("{resourceGroupName}", Uri.EscapeDataString(resourceGroupName)); url = url.Replace("{networkSecurityGroupName}", Uri.EscapeDataString(networkSecurityGroupName)); url = url.Replace("{securityRuleName}", Uri.EscapeDataString(securityRuleName)); url = url.Replace("{subscriptionId}", Uri.EscapeDataString(this.Client.SubscriptionId)); List <string> queryParameters = new List <string>(); if (this.Client.ApiVersion != null) { queryParameters.Add(string.Format("api-version={0}", Uri.EscapeDataString(this.Client.ApiVersion))); } if (queryParameters.Count > 0) { url += "?" + string.Join("&", queryParameters); } // Create HTTP transport objects HttpRequestMessage httpRequest = new HttpRequestMessage(); httpRequest.Method = new HttpMethod("PUT"); httpRequest.RequestUri = new Uri(url); // Set Headers httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", Guid.NewGuid().ToString()); if (this.Client.AcceptLanguage != null) { if (httpRequest.Headers.Contains("accept-language")) { httpRequest.Headers.Remove("accept-language"); } httpRequest.Headers.TryAddWithoutValidation("accept-language", this.Client.AcceptLanguage); } if (customHeaders != null) { foreach (var header in customHeaders) { if (httpRequest.Headers.Contains(header.Key)) { httpRequest.Headers.Remove(header.Key); } httpRequest.Headers.TryAddWithoutValidation(header.Key, header.Value); } } // Serialize Request string requestContent = JsonConvert.SerializeObject(securityRuleParameters, this.Client.SerializationSettings); httpRequest.Content = new StringContent(requestContent, Encoding.UTF8); httpRequest.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json; charset=utf-8"); // Set Credentials if (this.Client.Credentials != null) { cancellationToken.ThrowIfCancellationRequested(); await this.Client.Credentials.ProcessHttpRequestAsync(httpRequest, cancellationToken).ConfigureAwait(false); } // Send Request if (shouldTrace) { ServiceClientTracing.SendRequest(invocationId, httpRequest); } cancellationToken.ThrowIfCancellationRequested(); HttpResponseMessage httpResponse = await this.Client.HttpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false); if (shouldTrace) { ServiceClientTracing.ReceiveResponse(invocationId, httpResponse); } HttpStatusCode statusCode = httpResponse.StatusCode; cancellationToken.ThrowIfCancellationRequested(); if ((int)statusCode != 200 && (int)statusCode != 201) { var ex = new CloudException(string.Format("Operation returned an invalid status code '{0}'", statusCode)); string responseContent = await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); CloudError errorBody = JsonConvert.DeserializeObject <CloudError>(responseContent, this.Client.DeserializationSettings); if (errorBody != null) { ex = new CloudException(errorBody.Message); ex.Body = errorBody; } ex.Request = new HttpRequestMessageWrapper(httpRequest, null); ex.Response = new HttpResponseMessageWrapper(httpResponse, responseContent); if (shouldTrace) { ServiceClientTracing.Error(invocationId, ex); } throw ex; } // Create Result var result = new AzureOperationResponse <SecurityRule>(); result.Request = httpRequest; result.Response = httpResponse; if (httpResponse.Headers.Contains("x-ms-request-id")) { result.RequestId = httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } // Deserialize Response if ((int)statusCode == 200) { string responseContent = await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); result.Body = JsonConvert.DeserializeObject <SecurityRule>(responseContent, this.Client.DeserializationSettings); } // Deserialize Response if ((int)statusCode == 201) { string responseContent = await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); result.Body = JsonConvert.DeserializeObject <SecurityRule>(responseContent, this.Client.DeserializationSettings); } if (shouldTrace) { ServiceClientTracing.Exit(invocationId, result); } return(result); }
internal ForbiddenRuleDecorator(SecurityRule rule) { this.InnerRule = rule; }
public SecurityFilter(SecurityRule rule, params SecurityRule[] rules) : this(Merge(rule, rules)) { }
/// <summary> /// Creates or updates a security rule in the specified network security group. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='networkSecurityGroupName'> /// The name of the network security group. /// </param> /// <param name='securityRuleName'> /// The name of the security rule. /// </param> /// <param name='securityRuleParameters'> /// Parameters supplied to the create or update network security rule /// operation. /// </param> public static SecurityRule BeginCreateOrUpdate(this ISecurityRulesOperations operations, string resourceGroupName, string networkSecurityGroupName, string securityRuleName, SecurityRule securityRuleParameters) { return(operations.BeginCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, securityRuleName, securityRuleParameters).GetAwaiter().GetResult()); }
/// <summary> /// Creates or updates a security rule in the specified network security group. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='networkSecurityGroupName'> /// The name of the network security group. /// </param> /// <param name='securityRuleName'> /// The name of the security rule. /// </param> /// <param name='securityRuleParameters'> /// Parameters supplied to the create or update network security rule /// operation. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <SecurityRule> BeginCreateOrUpdateAsync(this ISecurityRulesOperations operations, string resourceGroupName, string networkSecurityGroupName, string securityRuleName, SecurityRule securityRuleParameters, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, networkSecurityGroupName, securityRuleName, securityRuleParameters, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
public async Task SetEntityPermission(Guid entityId, RuleSubject subject, SecurityRule rule) { await SetEntityPermissions(entityId, subject, new List <SecurityRule> { rule }); }
/// <summary> /// The Put network security rule operation creates/updates a security /// rule in the specified network security group /// </summary> /// <param name='operations'> /// Reference to the /// Microsoft.Azure.Management.Network.ISecurityRuleOperations. /// </param> /// <param name='resourceGroupName'> /// Required. The name of the resource group. /// </param> /// <param name='networkSecurityGroupName'> /// Required. The name of the network security group. /// </param> /// <param name='securityRuleName'> /// Required. The name of the security rule. /// </param> /// <param name='securityRuleParameters'> /// Required. Parameters supplied to the create/update network security /// rule operation /// </param> /// <returns> /// Response for PUT SecurityRule Api service call /// </returns> public static Task <SecurityRulePutResponse> BeginCreateOrUpdatingAsync(this ISecurityRuleOperations operations, string resourceGroupName, string networkSecurityGroupName, string securityRuleName, SecurityRule securityRuleParameters) { return(operations.BeginCreateOrUpdatingAsync(resourceGroupName, networkSecurityGroupName, securityRuleName, securityRuleParameters, CancellationToken.None)); }
public CustomList <SecurityRule> GetAlltblSecurityRule() { return(SecurityRule.doSearch(String.Empty)); }
public void ViewNsgRuleApiTest() { var handler1 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler2 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler3 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; using (MockContext context = MockContext.Start(this.GetType())) { var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1); var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2); var computeManagementClient = NetworkManagementTestUtilities.GetComputeManagementClientWithHandler(context, handler3); string location = "westcentralus"; string resourceGroupName = TestUtilities.GenerateName(); resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName, new ResourceGroup { Location = location }); string virtualMachineName = TestUtilities.GenerateName(); string networkInterfaceName = TestUtilities.GenerateName(); string networkSecurityGroupName = virtualMachineName + "-nsg"; //Deploy VM with template Deployments.CreateVm( resourcesClient: resourcesClient, resourceGroupName: resourceGroupName, location: location, virtualMachineName: virtualMachineName, storageAccountName: TestUtilities.GenerateName(), networkInterfaceName: networkInterfaceName, networkSecurityGroupName: networkSecurityGroupName, diagnosticsStorageAccountName: TestUtilities.GenerateName(), deploymentName: TestUtilities.GenerateName() ); string networkWatcherName = TestUtilities.GenerateName(); NetworkWatcher properties = new NetworkWatcher(); properties.Location = location; //Create network Watcher var createNetworkWatcher = networkManagementClient.NetworkWatchers.CreateOrUpdate(resourceGroupName, networkWatcherName, properties); var getVm = computeManagementClient.VirtualMachines.Get(resourceGroupName, virtualMachineName); string localIPAddress = networkManagementClient.NetworkInterfaces.Get(resourceGroupName, networkInterfaceName).IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = TestUtilities.GenerateName(); // Add a security rule var SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; var nsg = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName); nsg.SecurityRules.Add(SecurityRule); networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, nsg); SecurityGroupViewParameters sgvProperties = new SecurityGroupViewParameters() { TargetResourceId = getVm.Id }; //Get view security group rules var viewNSGRules = networkManagementClient.NetworkWatchers.GetVMSecurityRules(resourceGroupName, networkWatcherName, sgvProperties); //Verify effective security rule defined earlier var getEffectiveSecurityRule = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1); Assert.Equal("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol); Assert.Equal(501, getEffectiveSecurityRule.FirstOrDefault().Priority); Assert.Equal("Deny", getEffectiveSecurityRule.FirstOrDefault().Access); Assert.Equal("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction); Assert.Equal("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange); Assert.Equal("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix); Assert.Equal("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange); //Verify 6 default rules var getDefaultSecurityRule1 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound"); Assert.Equal("*", getDefaultSecurityRule1.FirstOrDefault().Protocol); Assert.Equal(65000, getDefaultSecurityRule1.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule1.FirstOrDefault().Access); Assert.Equal("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction); Assert.Equal("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange); Assert.Equal("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule2 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound"); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().Protocol); Assert.Equal(65001, getDefaultSecurityRule2.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule2.FirstOrDefault().Access); Assert.Equal("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange); Assert.Equal("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule3 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound"); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().Protocol); Assert.Equal(65500, getDefaultSecurityRule3.FirstOrDefault().Priority); Assert.Equal("Deny", getDefaultSecurityRule3.FirstOrDefault().Access); Assert.Equal("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule4 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound"); Assert.Equal("*", getDefaultSecurityRule4.FirstOrDefault().Protocol); Assert.Equal(65000, getDefaultSecurityRule4.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule4.FirstOrDefault().Access); Assert.Equal("Outbound", getDefaultSecurityRule4.FirstOrDefault().Direction); Assert.Equal("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule4.FirstOrDefault().DestinationPortRange); Assert.Equal("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule4.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule5 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound"); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().Protocol); Assert.Equal(65001, getDefaultSecurityRule5.FirstOrDefault().Priority); Assert.Equal("Allow", getDefaultSecurityRule5.FirstOrDefault().Access); Assert.Equal("Outbound", getDefaultSecurityRule5.FirstOrDefault().Direction); Assert.Equal("Internet", getDefaultSecurityRule5.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().DestinationPortRange); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule5.FirstOrDefault().SourcePortRange); var getDefaultSecurityRule6 = viewNSGRules.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound"); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().Protocol); Assert.Equal(65500, getDefaultSecurityRule6.FirstOrDefault().Priority); Assert.Equal("Deny", getDefaultSecurityRule6.FirstOrDefault().Access); Assert.Equal("Outbound", getDefaultSecurityRule6.FirstOrDefault().Direction); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().DestinationAddressPrefix); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().DestinationPortRange); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().SourceAddressPrefix); Assert.Equal("*", getDefaultSecurityRule6.FirstOrDefault().SourcePortRange); } }
/// <summary> /// The Put network security rule operation creates/updates a security rule in /// the specified network security group /// </summary> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='networkSecurityGroupName'> /// The name of the network security group. /// </param> /// <param name='securityRuleName'> /// The name of the security rule. /// </param> /// <param name='securityRuleParameters'> /// Parameters supplied to the create/update network security rule operation /// </param> /// <param name='customHeaders'> /// The headers that will be added to request. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public async Task <AzureOperationResponse <SecurityRule> > CreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string networkSecurityGroupName, string securityRuleName, SecurityRule securityRuleParameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken)) { // Send Request AzureOperationResponse <SecurityRule> response = await BeginCreateOrUpdateWithHttpMessagesAsync( resourceGroupName, networkSecurityGroupName, securityRuleName, securityRuleParameters, customHeaders, cancellationToken); return(await this.Client.GetPutOrPatchOperationResultAsync <SecurityRule>(response, customHeaders, cancellationToken)); }
public async Task Create_derived_item() { using (var server = CreateServerWithAuthentication()) using (server.Host.Services .GetRequiredService <ISecurityImpersonationService>() .ImpersonateUser("User1")) { var context = GetEntityContext <TestEntityContext>(server); #region create root var rootItem = await context.Commands.Add(new TestEntity { Name = "root" }); #endregion #region create var item = await context.Commands.Add(new DerivedTestEntity { Name = "gigi" }, rootItem); #endregion //#region AsQueryable retreive //Assert.NotEqual(Guid.Empty, item.Id); //var foundItem = context.Query // .AsQueryable<DerivedTestEntity>() // .FirstOrDefault(x => x.Id == item.Id); //Assert.NotNull(foundItem); //Assert.Equal(item.Id, foundItem.Id); //Assert.Equal(item.Name, foundItem.Name); //#endregion #region GetItem retreive var foundItem = await context.Query.GetItem <DerivedTestEntity>(item.Id); Assert.NotNull(foundItem); Assert.Equal(item.Id, foundItem.Id); Assert.Equal(item.Name, foundItem.Name); var foundItems = await context.Query.GetItems <TestEntity>("/root/gigi"); Assert.NotEmpty(foundItems); Assert.Contains(foundItems, x => x.Id == item.Id); Assert.Contains(foundItems, x => x.Name == item.Name); #endregion #region GetChild retreive foundItem = await context.Query.GetChild <DerivedTestEntity>(rootItem); Assert.NotNull(foundItem); Assert.Equal(item.Id, foundItem.Id); Assert.Equal(item.Name, foundItem.Name); #endregion #region filtered GetChild retreive foundItem = await context.Query.GetChild <DerivedTestEntity>(rootItem, x => x.Name == "gigio"); Assert.Null(foundItem); foundItem = await context.Query.GetChild <DerivedTestEntity>(rootItem, x => x.Name == "gigi"); Assert.NotNull(foundItem); Assert.Equal(item.Id, foundItem.Id); Assert.Equal(item.Name, foundItem.Name); #endregion #region Update var itemToUpdate = await context.Query.GetItem <DerivedTestEntity>(item.Id); itemToUpdate.Name = "gigi-new"; var updatedItem = await context.Commands.Update(itemToUpdate); Assert.NotNull(updatedItem); Assert.Equal(itemToUpdate.Name, updatedItem.Name); #endregion #region partial update var partialUpdatedItem = await context.Commands.Update <DerivedTestEntity, string>(itemToUpdate.Id, x => x.Val2, "val-2"); Assert.NotNull(partialUpdatedItem); Assert.Equal("val-2", partialUpdatedItem.Val2); var partialUpdatedItem2 = await context.Commands.Update <DerivedTestEntity, string>(itemToUpdate.Id, x => x.Val2, null); Assert.NotNull(partialUpdatedItem2); Assert.Null(partialUpdatedItem2.Val2); #endregion #region Rename await context.Commands.Rename(rootItem, "root-new"); var renamedRootItems = await context.Query.GetItems <TestEntity>("/root-new"); var renamedRootItem = renamedRootItems.FirstOrDefault(x => x.Id == rootItem.Id); Assert.NotNull(renamedRootItem); var renamedItems = await context.Query.GetItems <DerivedTestEntity>("/root-new/gigi"); var renamedItem = renamedItems.FirstOrDefault(x => x.Id == item.Id); Assert.NotNull(renamedItem); #endregion #region Move var rootItem2 = await context.Commands.Add(new TestEntity { Name = "root2" }); await context.Commands.Move(rootItem, rootItem2); var movedItems = await context.Query.GetItems <DerivedTestEntity>("/root2/root-new/gigi"); var movedItem = movedItems.FirstOrDefault(x => x.Id == item.Id); Assert.NotNull(movedItem); await context.Commands.Move(movedItem, rootItem2); var secondMovedItems = await context.Query.GetItems <DerivedTestEntity>("/root2/gigi"); var secondMovedItem = secondMovedItems.FirstOrDefault(x => x.Id == item.Id); Assert.NotNull(secondMovedItem); #endregion #region permissions await context.Commands.SetEntityPermission(rootItem2.Id, RuleSubject.User("User1"), SecurityRule.DenyRead(true)); var readDeniedItem = await context.Query.GetItem <TestEntity>(rootItem2.Id); Assert.Null(readDeniedItem); await context.Commands.ClearEntityPermissions(rootItem2.Id, RuleSubject.User("User1")); readDeniedItem = await context.Query.GetItem <TestEntity>(rootItem2.Id); Assert.NotNull(readDeniedItem); #endregion #region delete await context.Commands.Delete(rootItem2); var foundItemAfterDelete = await context.Query .GetItem <DerivedTestEntity>(item.Id); Assert.Null(foundItemAfterDelete); #endregion #region filtered delete await context.Commands.Add(new DerivedTestEntity() { Name = "derived-entity-to-delete" }); Assert.NotNull(await context.Query.GetItem <DerivedTestEntity>(x => x.Name == "derived-entity-to-delete")); await context.Commands.Delete <DerivedTestEntity>(x => x.Name == "derived-entity-to-delete"); Assert.Null(await context.Query.GetItem <DerivedTestEntity>(x => x.Name == "derived-entity-to-delete")); #endregion } }
public async Task SecurityRuleWithRulesApiTest() { string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups"); await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); string securityRule1 = Recording.GenerateAssetName("azsmnet"); string securityRule2 = Recording.GenerateAssetName("azsmnet"); string destinationPortRange = "123-3500"; NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup() { Location = location, SecurityRules = { new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation); Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString()); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name); // Get SecurityRule Response <SecurityRule> getSecurityRuleResponse = await NetworkManagementClient.SecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, securityRule1); Assert.AreEqual(securityRule1, getSecurityRuleResponse.Value.Name); CompareSecurityRule(getNsgResponse.Value.SecurityRules[0], getSecurityRuleResponse); // Add a new security rule SecurityRule SecurityRule = new SecurityRule() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; SecurityRulesCreateOrUpdateOperation putSecurityRuleResponseOperation = await NetworkManagementClient.SecurityRules.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, securityRule2, SecurityRule); Response <SecurityRule> putSecurityRuleResponse = await WaitForCompletionAsync(putSecurityRuleResponseOperation); Assert.AreEqual("Succeeded", putSecurityRuleResponse.Value.ProvisioningState.ToString()); // Get NSG getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); // Get the SecurityRule2 Response <SecurityRule> getSecurityRule2Response = await NetworkManagementClient.SecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, securityRule2); Assert.AreEqual(securityRule2, getSecurityRule2Response.Value.Name); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Deny, getSecurityRule2Response.Value.Access); Assert.AreEqual("Test outbound security rule", getSecurityRule2Response.Value.Description); Assert.AreEqual("*", getSecurityRule2Response.Value.DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getSecurityRule2Response.Value.DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Outbound, getSecurityRule2Response.Value.Direction); Assert.AreEqual(501, getSecurityRule2Response.Value.Priority); Assert.AreEqual(SecurityRuleProtocol.Udp, getSecurityRule2Response.Value.Protocol); Assert.AreEqual("Succeeded", getSecurityRule2Response.Value.ProvisioningState.ToString()); Assert.AreEqual("*", getSecurityRule2Response.Value.SourceAddressPrefix); Assert.AreEqual("656", getSecurityRule2Response.Value.SourcePortRange); CompareSecurityRule(getNsgResponse.Value.SecurityRules[1], getSecurityRule2Response); // List all SecurityRules AsyncPageable <SecurityRule> getsecurityRulesAP = NetworkManagementClient.SecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName); List <SecurityRule> getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync(); Assert.AreEqual(2, getsecurityRules.Count()); CompareSecurityRule(getNsgResponse.Value.SecurityRules[0], getsecurityRules.ElementAt(0)); CompareSecurityRule(getNsgResponse.Value.SecurityRules[1], getsecurityRules.ElementAt(1)); // Delete a SecurityRule await NetworkManagementClient.SecurityRules.StartDeleteAsync(resourceGroupName, networkSecurityGroupName, securityRule2); getsecurityRulesAP = NetworkManagementClient.SecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName); getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync(); Has.One.EqualTo(getsecurityRules); // Delete NSG await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName); // List NSG AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.IsEmpty(listNsgResponse); }
public async Task NetworkSecurityGroupWithRulesApiTest() { string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = await NetworkManagementTestUtilities.GetResourceLocation(ResourceManagementClient, "Microsoft.Network/networkSecurityGroups"); await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); string securityRule1 = Recording.GenerateAssetName("azsmnet"); string securityRule2 = Recording.GenerateAssetName("azsmnet"); string destinationPortRange = "123-3500"; NetworkSecurityGroup networkSecurityGroup = new NetworkSecurityGroup() { Location = location, SecurityRules = { new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg NetworkSecurityGroupsCreateOrUpdateOperation putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await WaitForCompletionAsync(putNsgResponseOperation); Assert.AreEqual("Succeeded", putNsgResponse.Value.ProvisioningState.ToString()); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Name); Assert.AreEqual(6, getNsgResponse.Value.DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", getNsgResponse.Value.DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", getNsgResponse.Value.DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", getNsgResponse.Value.DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", getNsgResponse.Value.DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", getNsgResponse.Value.DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", getNsgResponse.Value.DefaultSecurityRules[5].Name); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Allow, getNsgResponse.Value.SecurityRules[0].Access); Assert.AreEqual("Test security rule", getNsgResponse.Value.SecurityRules[0].Description); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[0].DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getNsgResponse.Value.SecurityRules[0].DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Inbound, getNsgResponse.Value.SecurityRules[0].Direction); Assert.AreEqual(500, getNsgResponse.Value.SecurityRules[0].Priority); Assert.AreEqual(SecurityRuleProtocol.Tcp, getNsgResponse.Value.SecurityRules[0].Protocol); Assert.AreEqual("Succeeded", getNsgResponse.Value.SecurityRules[0].ProvisioningState.ToString()); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[0].SourceAddressPrefix); Assert.AreEqual("655", getNsgResponse.Value.SecurityRules[0].SourcePortRange); // List NSG AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Has.One.EqualTo(listNsgResponse); Assert.AreEqual(networkSecurityGroupName, listNsgResponse.First().Name); Assert.AreEqual(6, listNsgResponse.First().DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name); Assert.AreEqual(getNsgResponse.Value.Etag, listNsgResponse.First().Etag); // List NSG in a subscription AsyncPageable <NetworkSecurityGroup> listNsgSubsciptionResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAllAsync(); List <NetworkSecurityGroup> listNsgSubsciptionResponse = await listNsgSubsciptionResponseAP.ToEnumerableAsync(); Assert.IsNotEmpty(listNsgSubsciptionResponse); // Add a new security rule var SecurityRule = new SecurityRule() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; networkSecurityGroup.SecurityRules.Add(SecurityRule); putNsgResponseOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); await WaitForCompletionAsync(putNsgResponseOperation); // Get NSG getNsgResponse = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Deny, getNsgResponse.Value.SecurityRules[1].Access); Assert.AreEqual("Test outbound security rule", getNsgResponse.Value.SecurityRules[1].Description); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[1].DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getNsgResponse.Value.SecurityRules[1].DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Outbound, getNsgResponse.Value.SecurityRules[1].Direction); Assert.AreEqual(501, getNsgResponse.Value.SecurityRules[1].Priority); Assert.AreEqual(SecurityRuleProtocol.Udp, getNsgResponse.Value.SecurityRules[1].Protocol); Assert.AreEqual("Succeeded", getNsgResponse.Value.SecurityRules[1].ProvisioningState.ToString()); Assert.AreEqual("*", getNsgResponse.Value.SecurityRules[1].SourceAddressPrefix); Assert.AreEqual("656", getNsgResponse.Value.SecurityRules[1].SourcePortRange); // List Default Security Groups AsyncPageable <SecurityRule> listDefaultSecurityGroupsAP = NetworkManagementClient.DefaultSecurityRules.ListAsync(resourceGroupName, networkSecurityGroupName); List <SecurityRule> listDefaultSecurityGroups = await listDefaultSecurityGroupsAP.ToEnumerableAsync(); Assert.IsNotEmpty(listDefaultSecurityGroups); // Get Defaul Security Group Response <SecurityRule> getDefaultSecurityGroups = await NetworkManagementClient.DefaultSecurityRules.GetAsync(resourceGroupName, networkSecurityGroupName, listDefaultSecurityGroups.First().Name); Assert.AreEqual(listDefaultSecurityGroups.First().Name, getDefaultSecurityGroups.Value.Name); // Delete NSG await NetworkManagementClient.NetworkSecurityGroups.StartDeleteAsync(resourceGroupName, networkSecurityGroupName); // List NSG listNsgResponseAP = NetworkManagementClient.NetworkSecurityGroups.ListAsync(resourceGroupName); listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.IsEmpty(listNsgResponse); }
public void VerifyIpFlowApiTest() { var handler1 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler2 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler3 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; using (MockContext context = MockContext.Start(this.GetType().FullName)) { var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1); var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2); var computeManagementClient = NetworkManagementTestUtilities.GetComputeManagementClientWithHandler(context, handler3); string location = "eastus"; string resourceGroupName = TestUtilities.GenerateName(); resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName, new ResourceGroup { Location = location }); string virtualMachineName1 = TestUtilities.GenerateName(); string networkInterfaceName1 = TestUtilities.GenerateName(); string networkSecurityGroupName = virtualMachineName1 + "-nsg"; //Deploy VM with a template Deployments.CreateVm( resourcesClient: resourcesClient, resourceGroupName: resourceGroupName, location: location, virtualMachineName: virtualMachineName1, storageAccountName: TestUtilities.GenerateName(), networkInterfaceName: networkInterfaceName1, networkSecurityGroupName: networkSecurityGroupName, diagnosticsStorageAccountName: TestUtilities.GenerateName(), deploymentName: TestUtilities.GenerateName() ); string networkWatcherName = TestUtilities.GenerateName(); NetworkWatcher properties = new NetworkWatcher(); properties.Location = location; //Create network Watcher var createNetworkWatcher = networkManagementClient.NetworkWatchers.CreateOrUpdate(resourceGroupName, networkWatcherName, properties); var getVm1 = computeManagementClient.VirtualMachines.Get(resourceGroupName, virtualMachineName1); string localIPAddress = networkManagementClient.NetworkInterfaces.Get(resourceGroupName, networkInterfaceName1).IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = TestUtilities.GenerateName(); // Add a security rule var SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; var nsg = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName); nsg.SecurityRules.Add(SecurityRule); networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, nsg); VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters() { TargetResourceId = getVm1.Id, Direction = "Outbound", Protocol = "TCP", LocalPort = "80", RemotePort = "80", LocalIPAddress = localIPAddress, RemoteIPAddress = "12.11.12.14" }; //Verify IP flow from a VM to a location given the configured rule var verifyIpFlow = networkManagementClient.NetworkWatchers.VerifyIPFlow(resourceGroupName, networkWatcherName, ipFlowProperties); //Verify validity of the result Assert.Equal("Deny", verifyIpFlow.Access); Assert.Equal("securityRules/" + securityRule1, verifyIpFlow.RuleName); } }
public static string Name(this SecurityRule rule) { return(EnumerationExtensions.GetDescription(rule)); }
public async Task ViewNsgRuleApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "westus2"; await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string virtualMachineName = Recording.GenerateAssetName("azsmnet"); string networkInterfaceName = Recording.GenerateAssetName("azsmnet"); string networkSecurityGroupName = virtualMachineName + "-nsg"; //Deploy VM with template await CreateVm( resourcesClient : ResourceManagementClient, resourceGroupName : resourceGroupName, location : location, virtualMachineName : virtualMachineName, storageAccountName : Recording.GenerateAssetName("azsmnet"), networkInterfaceName : networkInterfaceName, networkSecurityGroupName : networkSecurityGroupName, diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"), deploymentName : Recording.GenerateAssetName("azsmnet"), adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#") ); //TODO:There is no need to perform a separate create NetworkWatchers operation //Create network Watcher //string networkWatcherName = Recording.GenerateAssetName("azsmnet"); //NetworkWatcher properties = new NetworkWatcher { Location = location }; //Response<NetworkWatcher> createNetworkWatcher = await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties); Response <VirtualMachine> getVm = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName); string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = Recording.GenerateAssetName("azsmnet"); // Add a security rule SecurityRule SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); nsg.Value.SecurityRules.Add(SecurityRule); NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg); Response <NetworkSecurityGroup> networkSecurityGroup = await WaitForCompletionAsync(createOrUpdateOperation); //Get view security group rules SecurityGroupViewParameters sgvProperties = new SecurityGroupViewParameters(getVm.Value.Id); NetworkWatchersGetVMSecurityRulesOperation viewNSGRulesOperation = await NetworkManagementClient.NetworkWatchers.StartGetVMSecurityRulesAsync("NetworkWatcherRG", "NetworkWatcher_westus2", sgvProperties); Response <SecurityGroupViewResult> viewNSGRules = await WaitForCompletionAsync(viewNSGRulesOperation); //Verify effective security rule defined earlier IEnumerable <EffectiveNetworkSecurityRule> getEffectiveSecurityRule = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1); Assert.AreEqual("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol); Assert.AreEqual(501, getEffectiveSecurityRule.FirstOrDefault().Priority); Assert.AreEqual("Deny", getEffectiveSecurityRule.FirstOrDefault().Access); Assert.AreEqual("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange); //Verify 6 default rules IEnumerable <SecurityRule> getDefaultSecurityRule1 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound"); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRule1.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule1.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule2 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound"); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRule2.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule2.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange); Assert.AreEqual("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule3 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound"); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRule3.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRule3.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule4 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound"); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRule4.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule4.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule4.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule4.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule4.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule5 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound"); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRule5.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule5.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule5.FirstOrDefault().Direction); Assert.AreEqual("Internet", getDefaultSecurityRule5.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule5.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRule> getDefaultSecurityRule6 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound"); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRule6.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRule6.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRule6.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule6.FirstOrDefault().SourcePortRange); }
public async Task VerifyIpFlowApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "westus2"; await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location)); string virtualMachineName1 = Recording.GenerateAssetName("azsmnet"); string networkInterfaceName1 = Recording.GenerateAssetName("azsmnet"); string networkSecurityGroupName = virtualMachineName1 + "-nsg"; //Deploy VM with a template await CreateVm( resourcesClient : ResourceManagementClient, resourceGroupName : resourceGroupName, location : location, virtualMachineName : virtualMachineName1, storageAccountName : Recording.GenerateAssetName("azsmnet"), networkInterfaceName : networkInterfaceName1, networkSecurityGroupName : networkSecurityGroupName, diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"), deploymentName : Recording.GenerateAssetName("azsmnet"), adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#") ); //TODO:There is no need to perform a separate create NetworkWatchers operation //Create network Watcher //string networkWatcherName = Recording.GenerateAssetName("azsmnet"); //NetworkWatcher properties = new NetworkWatcher { Location = location }; //await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties); Response <VirtualMachine> getVm1 = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName1); string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName1).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = Recording.GenerateAssetName("azsmnet"); // Add a security rule SecurityRule SecurityRule = new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName); nsg.Value.SecurityRules.Add(SecurityRule); NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg); await WaitForCompletionAsync(createOrUpdateOperation); VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters(getVm1.Value.Id, "Outbound", "TCP", "80", "80", localIPAddress, "12.11.12.14"); //Verify IP flow from a VM to a location given the configured rule NetworkWatchersVerifyIPFlowOperation verifyIpFlowOperation = await NetworkManagementClient.NetworkWatchers.StartVerifyIPFlowAsync("NetworkWatcherRG", "NetworkWatcher_westus2", ipFlowProperties); Response <VerificationIPFlowResult> verifyIpFlow = await WaitForCompletionAsync(verifyIpFlowOperation); //Verify validity of the result Assert.AreEqual("Deny", verifyIpFlow.Value.Access.ToString()); Assert.AreEqual("securityRules/" + securityRule1, verifyIpFlow.Value.RuleName); }
public async Task DeleteRule(Guid entityId, RuleSubject subject, SecurityRule rule) { await Delete(Filter(entityId, subject, rule)); }
public void NetworkSecurityGroupWithRulesApiTest() { var handler1 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler2 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; using (MockContext context = MockContext.Start(this.GetType().FullName)) { var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1); var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2); var location = NetworkManagementTestUtilities.GetResourceLocation(resourcesClient, "Microsoft.Network/networkSecurityGroups"); string resourceGroupName = TestUtilities.GenerateName("csmrg"); resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName, new ResourceGroup { Location = location }); string networkSecurityGroupName = TestUtilities.GenerateName(); string securityRule1 = TestUtilities.GenerateName(); string securityRule2 = TestUtilities.GenerateName(); string destinationPortRange = "123-3500"; var networkSecurityGroup = new NetworkSecurityGroup() { Location = location, SecurityRules = new List <SecurityRule>() { new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg var putNsgResponse = networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Assert.Equal("Succeeded", putNsgResponse.ProvisioningState); // Get NSG var getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName); Assert.Equal(networkSecurityGroupName, getNsgResponse.Name); Assert.Equal(6, getNsgResponse.DefaultSecurityRules.Count); Assert.Equal("AllowVnetInBound", getNsgResponse.DefaultSecurityRules[0].Name); Assert.Equal("AllowAzureLoadBalancerInBound", getNsgResponse.DefaultSecurityRules[1].Name); Assert.Equal("DenyAllInBound", getNsgResponse.DefaultSecurityRules[2].Name); Assert.Equal("AllowVnetOutBound", getNsgResponse.DefaultSecurityRules[3].Name); Assert.Equal("AllowInternetOutBound", getNsgResponse.DefaultSecurityRules[4].Name); Assert.Equal("DenyAllOutBound", getNsgResponse.DefaultSecurityRules[5].Name); // Verify the security rule Assert.Equal(SecurityRuleAccess.Allow, getNsgResponse.SecurityRules[0].Access); Assert.Equal("Test security rule", getNsgResponse.SecurityRules[0].Description); Assert.Equal("*", getNsgResponse.SecurityRules[0].DestinationAddressPrefix); Assert.Equal(destinationPortRange, getNsgResponse.SecurityRules[0].DestinationPortRange); Assert.Equal(SecurityRuleDirection.Inbound, getNsgResponse.SecurityRules[0].Direction); Assert.Equal(500, getNsgResponse.SecurityRules[0].Priority); Assert.Equal(SecurityRuleProtocol.Tcp, getNsgResponse.SecurityRules[0].Protocol); Assert.Equal("Succeeded", getNsgResponse.SecurityRules[0].ProvisioningState); Assert.Equal("*", getNsgResponse.SecurityRules[0].SourceAddressPrefix); Assert.Equal("655", getNsgResponse.SecurityRules[0].SourcePortRange); // List NSG var listNsgResponse = networkManagementClient.NetworkSecurityGroups.List(resourceGroupName); Assert.Single(listNsgResponse); Assert.Equal(networkSecurityGroupName, listNsgResponse.First().Name); Assert.Equal(6, listNsgResponse.First().DefaultSecurityRules.Count); Assert.Equal("AllowVnetInBound", listNsgResponse.First().DefaultSecurityRules[0].Name); Assert.Equal("AllowAzureLoadBalancerInBound", listNsgResponse.First().DefaultSecurityRules[1].Name); Assert.Equal("DenyAllInBound", listNsgResponse.First().DefaultSecurityRules[2].Name); Assert.Equal("AllowVnetOutBound", listNsgResponse.First().DefaultSecurityRules[3].Name); Assert.Equal("AllowInternetOutBound", listNsgResponse.First().DefaultSecurityRules[4].Name); Assert.Equal("DenyAllOutBound", listNsgResponse.First().DefaultSecurityRules[5].Name); Assert.Equal(getNsgResponse.Etag, listNsgResponse.First().Etag); // List NSG in a subscription var listNsgSubsciptionResponse = networkManagementClient.NetworkSecurityGroups.ListAll(); Assert.NotEmpty(listNsgSubsciptionResponse); // Add a new security rule var SecurityRule = new SecurityRule() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; networkSecurityGroup.SecurityRules.Add(SecurityRule); putNsgResponse = networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); // Get NSG getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName); // Verify the security rule Assert.Equal(SecurityRuleAccess.Deny, getNsgResponse.SecurityRules[1].Access); Assert.Equal("Test outbound security rule", getNsgResponse.SecurityRules[1].Description); Assert.Equal("*", getNsgResponse.SecurityRules[1].DestinationAddressPrefix); Assert.Equal(destinationPortRange, getNsgResponse.SecurityRules[1].DestinationPortRange); Assert.Equal(SecurityRuleDirection.Outbound, getNsgResponse.SecurityRules[1].Direction); Assert.Equal(501, getNsgResponse.SecurityRules[1].Priority); Assert.Equal(SecurityRuleProtocol.Udp, getNsgResponse.SecurityRules[1].Protocol); Assert.Equal("Succeeded", getNsgResponse.SecurityRules[1].ProvisioningState); Assert.Equal("*", getNsgResponse.SecurityRules[1].SourceAddressPrefix); Assert.Equal("656", getNsgResponse.SecurityRules[1].SourcePortRange); // List Default Security Groups var listDefaultSecurityGroups = networkManagementClient.DefaultSecurityRules.List(resourceGroupName, networkSecurityGroupName); Assert.NotEmpty(listDefaultSecurityGroups); // Get Defaul Security Group var getDefaultSecurityGroups = networkManagementClient.DefaultSecurityRules.Get(resourceGroupName, networkSecurityGroupName, listDefaultSecurityGroups.First().Name); Assert.Equal(listDefaultSecurityGroups.First().Name, getDefaultSecurityGroups.Name); // Delete NSG networkManagementClient.NetworkSecurityGroups.Delete(resourceGroupName, networkSecurityGroupName); // List NSG listNsgResponse = networkManagementClient.NetworkSecurityGroups.List(resourceGroupName); Assert.Empty(listNsgResponse); } }
public void SecurityRuleWithRulesApiTest() { var handler1 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler2 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; using (MockContext context = MockContext.Start(this.GetType())) { var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1); var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2); var location = NetworkManagementTestUtilities.GetResourceLocation(resourcesClient, "Microsoft.Network/networkSecurityGroups"); string resourceGroupName = TestUtilities.GenerateName("csmrg"); resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName, new ResourceGroup { Location = location }); string networkSecurityGroupName = TestUtilities.GenerateName(); string securityRule1 = TestUtilities.GenerateName(); string securityRule2 = TestUtilities.GenerateName(); string destinationPortRange = "123-3500"; var networkSecurityGroup = new NetworkSecurityGroup() { Location = location, SecurityRules = new List <SecurityRule>() { new SecurityRule() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg var putNsgResponse = networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, networkSecurityGroup); Assert.Equal("Succeeded", putNsgResponse.ProvisioningState); // Get NSG var getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName); Assert.Equal(networkSecurityGroupName, getNsgResponse.Name); // Get SecurityRule var getSecurityRuleResponse = networkManagementClient.SecurityRules.Get(resourceGroupName, networkSecurityGroupName, securityRule1); Assert.Equal(securityRule1, getSecurityRuleResponse.Name); this.CompareSecurityRule(getNsgResponse.SecurityRules[0], getSecurityRuleResponse); // Add a new security rule var SecurityRule = new SecurityRule() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; var putSecurityRuleResponse = networkManagementClient.SecurityRules.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, securityRule2, SecurityRule); Assert.Equal("Succeeded", putSecurityRuleResponse.ProvisioningState); // Get NSG getNsgResponse = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName); // Get the SecurityRule2 var getSecurityRule2Response = networkManagementClient.SecurityRules.Get(resourceGroupName, networkSecurityGroupName, securityRule2); Assert.Equal(securityRule2, getSecurityRule2Response.Name); // Verify the security rule Assert.Equal(SecurityRuleAccess.Deny, getSecurityRule2Response.Access); Assert.Equal("Test outbound security rule", getSecurityRule2Response.Description); Assert.Equal("*", getSecurityRule2Response.DestinationAddressPrefix); Assert.Equal(destinationPortRange, getSecurityRule2Response.DestinationPortRange); Assert.Equal(SecurityRuleDirection.Outbound, getSecurityRule2Response.Direction); Assert.Equal(501, getSecurityRule2Response.Priority); Assert.Equal(SecurityRuleProtocol.Udp, getSecurityRule2Response.Protocol); Assert.Equal("Succeeded", getSecurityRule2Response.ProvisioningState); Assert.Equal("*", getSecurityRule2Response.SourceAddressPrefix); Assert.Equal("656", getSecurityRule2Response.SourcePortRange); this.CompareSecurityRule(getNsgResponse.SecurityRules[1], getSecurityRule2Response); // List all SecurityRules var getsecurityRules = networkManagementClient.SecurityRules.List(resourceGroupName, networkSecurityGroupName); Assert.Equal(2, getsecurityRules.Count()); this.CompareSecurityRule(getNsgResponse.SecurityRules[0], getsecurityRules.ElementAt(0)); this.CompareSecurityRule(getNsgResponse.SecurityRules[1], getsecurityRules.ElementAt(1)); // Delete a SecurityRule networkManagementClient.SecurityRules.Delete(resourceGroupName, networkSecurityGroupName, securityRule2); getsecurityRules = networkManagementClient.SecurityRules.List(resourceGroupName, networkSecurityGroupName); Assert.Single(getsecurityRules); // Delete NSG networkManagementClient.NetworkSecurityGroups.Delete(resourceGroupName, networkSecurityGroupName); // List NSG var listNsgResponse = networkManagementClient.NetworkSecurityGroups.List(resourceGroupName); Assert.Empty(listNsgResponse); } }
public virtual SecurityRulesCreateOrUpdateOperation StartCreateOrUpdate(string resourceGroupName, string networkSecurityGroupName, string securityRuleName, SecurityRule securityRuleParameters, CancellationToken cancellationToken = default) { if (resourceGroupName == null) { throw new ArgumentNullException(nameof(resourceGroupName)); } if (networkSecurityGroupName == null) { throw new ArgumentNullException(nameof(networkSecurityGroupName)); } if (securityRuleName == null) { throw new ArgumentNullException(nameof(securityRuleName)); } if (securityRuleParameters == null) { throw new ArgumentNullException(nameof(securityRuleParameters)); } using var scope = _clientDiagnostics.CreateScope("SecurityRulesOperations.StartCreateOrUpdate"); scope.Start(); try { var originalResponse = RestClient.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, securityRuleName, securityRuleParameters, cancellationToken); return(new SecurityRulesCreateOrUpdateOperation(_clientDiagnostics, _pipeline, RestClient.CreateCreateOrUpdateRequest(resourceGroupName, networkSecurityGroupName, securityRuleName, securityRuleParameters).Request, originalResponse)); } catch (Exception e) { scope.Failed(e); throw; } }
/// <summary> /// The Put network security rule operation creates/updates a security /// rule in the specified network security group /// </summary> /// <param name='operations'> /// Reference to the /// Microsoft.Azure.Management.Network.ISecurityRuleOperations. /// </param> /// <param name='resourceGroupName'> /// Required. The name of the resource group. /// </param> /// <param name='networkSecurityGroupName'> /// Required. The name of the network security group. /// </param> /// <param name='securityRuleName'> /// Required. The name of the security rule. /// </param> /// <param name='securityRuleParameters'> /// Required. Parameters supplied to the create/update network security /// rule operation /// </param> /// <returns> /// Response for PUT SecurityRule Api service call /// </returns> public static SecurityRulePutResponse BeginCreateOrUpdating(this ISecurityRuleOperations operations, string resourceGroupName, string networkSecurityGroupName, string securityRuleName, SecurityRule securityRuleParameters) { return(Task.Factory.StartNew((object s) => { return ((ISecurityRuleOperations)s).BeginCreateOrUpdatingAsync(resourceGroupName, networkSecurityGroupName, securityRuleName, securityRuleParameters); } , operations, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default).Unwrap().GetAwaiter().GetResult()); }