static string CreateVmSettingsString(string size = VirtualMachineConstants.SIZE, string osCategory = "windows", string os = "win2019datacenter") { var vmSettings = new VmSettingsDto() { DiagnosticStorageAccountName = "diagstorageaccountname", NetworkName = "networkName", SubnetName = "subnetname", Size = size, Rules = VmRuleUtils.CreateInitialVmRules(1), OperatingSystemCategory = osCategory, OperatingSystem = os, Username = VirtualMachineConstants.USERNAME, Password = "******", }; return(CloudResourceConfigStringSerializer.Serialize(vmSettings)); }
async Task UpdateVmRules(ResourceProvisioningParameters parameters, VmSettingsDto vmSettings, string privateIp, CancellationToken cancellationToken = default) { _logger.LogInformation($"Setting desired VM rules for {parameters.Name}"); var existingRules = await _azureNetworkSecurityGroupRuleService.GetNsgRulesContainingName(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, $"{AzureResourceNameUtil.NSG_RULE_FOR_VM_PREFIX}{parameters.DatabaseId}", cancellationToken); var existingRulesThatStillExists = new HashSet <string>(); if (vmSettings.Rules == null) { throw new Exception($"No rules exists for VM {parameters.Name}"); } else { foreach (var curRule in vmSettings.Rules) { try { var ruleMapped = _mapper.Map <NsgRuleDto>(curRule); if (curRule.Direction == RuleDirection.Inbound) { ruleMapped.SourceAddress = curRule.Ip; ruleMapped.SourcePort = curRule.Port; ruleMapped.DestinationAddress = privateIp; ruleMapped.DestinationPort = curRule.Port; //get existing rule and use that name if (existingRules.TryGetValue(curRule.Name, out NsgRuleDto existingRule)) { existingRulesThatStillExists.Add(curRule.Name); ruleMapped.Priority = existingRule.Priority; await _azureNetworkSecurityGroupRuleService.UpdateInboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken); } else { ruleMapped.Priority = await FindNextPriority(parameters, existingRules, AzureVmConstants.MIN_RULE_PRIORITY, 10, AzureVmConstants.MAX_RULE_PRIORITY, curRule.Direction.ToString()); await _azureNetworkSecurityGroupRuleService.AddInboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken); } } else { ruleMapped.SourceAddress = privateIp; ruleMapped.SourcePort = curRule.Port; if (ruleMapped.Name.Contains(AzureVmConstants.RulePresets.OPEN_CLOSE_INTERNET)) { ruleMapped.DestinationAddress = "*"; ruleMapped.DestinationPort = 0; } else { ruleMapped.DestinationAddress = curRule.Ip; ruleMapped.DestinationPort = curRule.Port; } if (existingRules.TryGetValue(curRule.Name, out NsgRuleDto existingRule)) { existingRulesThatStillExists.Add(curRule.Name); ruleMapped.Priority = existingRule.Priority; //Ensure same priority is re-used await _azureNetworkSecurityGroupRuleService.UpdateOutboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken); } else { ruleMapped.Priority = await FindNextPriority(parameters, existingRules, AzureVmConstants.MIN_RULE_PRIORITY, 10, AzureVmConstants.MAX_RULE_PRIORITY, curRule.Direction.ToString()); await _azureNetworkSecurityGroupRuleService.AddOutboundRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, ruleMapped, cancellationToken); } } } catch (Exception ex) { throw new Exception($"Unable to create rule {curRule.Name} for VM {parameters.Name}", ex); } } } if (existingRules != null && existingRules.Count > 0) { foreach (var curExistingKvp in existingRules) { if (!existingRulesThatStillExists.Contains(curExistingKvp.Key)) { await _azureNetworkSecurityGroupRuleService.DeleteRule(parameters.ResourceGroupName, parameters.NetworkSecurityGroupName, curExistingKvp.Key, cancellationToken); } } } _logger.LogInformation($"Done setting desired VM rules for {parameters.Name}"); }