public async Task VerifyIpFlowApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("azsmnet");
string location = "westus2";
var resourceGroup = await CreateResourceGroup(resourceGroupName, location);
string virtualMachineName1 = Recording.GenerateAssetName("azsmnet");
string networkInterfaceName1 = Recording.GenerateAssetName("azsmnet");
string networkSecurityGroupName = virtualMachineName1 + "-nsg";
//Deploy VM with a template
var vm = await CreateWindowsVM(virtualMachineName1, networkInterfaceName1, location, resourceGroup);
//TODO:There is no need to perform a separate create NetworkWatchers operation
//Create network Watcher
//string networkWatcherName = Recording.GenerateAssetName("azsmnet");
//NetworkWatcher properties = new NetworkWatcher { Location = location };
//await networkWatcherContainer.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties);
string localIPAddress = GetNetworkInterfaceContainer(resourceGroupName).GetAsync(networkInterfaceName1).Result.Value.Data.IpConfigurations.FirstOrDefault().PrivateIPAddress;
string securityRule1 = Recording.GenerateAssetName("azsmnet");
// Add a security rule
var SecurityRule = new SecurityRuleData()
{
Name = securityRule1,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "*",
};
var networkSecurityGroupContainer = GetNetworkSecurityGroupContainer(resourceGroupName);
Response <NetworkSecurityGroup> nsg = await networkSecurityGroupContainer.GetAsync(networkSecurityGroupName);
nsg.Value.Data.SecurityRules.Add(SecurityRule);
var createOrUpdateOperation = await networkSecurityGroupContainer.CreateOrUpdateAsync(networkSecurityGroupName, nsg.Value.Data);
await createOrUpdateOperation.WaitForCompletionAsync();;
VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters(vm.Id, "Outbound", "TCP", "80", "80", localIPAddress, "12.11.12.14");
//Verify IP flow from a VM to a location given the configured rule
var verifyIpFlowOperation = await GetNetworkWatcherContainer("NetworkWatcherRG").Get("NetworkWatcher_westus2").Value.VerifyIPFlowAsync(ipFlowProperties);
Response <VerificationIPFlowResult> verifyIpFlow = await verifyIpFlowOperation.WaitForCompletionAsync();;
//Verify validity of the result
Assert.AreEqual("Deny", verifyIpFlow.Value.Access.ToString());
Assert.AreEqual("securityRules/" + securityRule1, verifyIpFlow.Value.RuleName);
}
/// <summary>
/// Verify IP flow from the specified VM to a location given the currently
/// configured NSG rules.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='networkWatcherName'>
/// The name of the network watcher.
/// </param>
/// <param name='parameters'>
/// Parameters that define the IP flow to be verified.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <VerificationIPFlowResult> BeginVerifyIPFlowAsync(this INetworkWatchersOperations operations, string resourceGroupName, string networkWatcherName, VerificationIPFlowParameters parameters, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.BeginVerifyIPFlowWithHttpMessagesAsync(resourceGroupName, networkWatcherName, parameters, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Verify IP flow from the specified VM to a location given the currently
/// configured NSG rules.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='networkWatcherName'>
/// The name of the network watcher.
/// </param>
/// <param name='parameters'>
/// Parameters that define the IP flow to be verified.
/// </param>
public static VerificationIPFlowResult BeginVerifyIPFlow(this INetworkWatchersOperations operations, string resourceGroupName, string networkWatcherName, VerificationIPFlowParameters parameters)
{
return(operations.BeginVerifyIPFlowAsync(resourceGroupName, networkWatcherName, parameters).GetAwaiter().GetResult());
}
public void VerifyIpFlowApiTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler3 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var resourcesClient = ResourcesManagementTestUtilities.GetResourceManagementClientWithHandler(context, handler1);
var networkManagementClient = NetworkManagementTestUtilities.GetNetworkManagementClientWithHandler(context, handler2);
var computeManagementClient = NetworkManagementTestUtilities.GetComputeManagementClientWithHandler(context, handler3);
string location = "eastus";
string resourceGroupName = TestUtilities.GenerateName();
resourcesClient.ResourceGroups.CreateOrUpdate(resourceGroupName,
new ResourceGroup
{
Location = location
});
string virtualMachineName1 = TestUtilities.GenerateName();
string networkInterfaceName1 = TestUtilities.GenerateName();
string networkSecurityGroupName = virtualMachineName1 + "-nsg";
//Deploy VM with a template
Deployments.CreateVm(
resourcesClient: resourcesClient,
resourceGroupName: resourceGroupName,
location: location,
virtualMachineName: virtualMachineName1,
storageAccountName: TestUtilities.GenerateName(),
networkInterfaceName: networkInterfaceName1,
networkSecurityGroupName: networkSecurityGroupName,
diagnosticsStorageAccountName: TestUtilities.GenerateName(),
deploymentName: TestUtilities.GenerateName()
);
string networkWatcherName = TestUtilities.GenerateName();
NetworkWatcher properties = new NetworkWatcher();
properties.Location = location;
//Create network Watcher
var createNetworkWatcher = networkManagementClient.NetworkWatchers.CreateOrUpdate(resourceGroupName, networkWatcherName, properties);
var getVm1 = computeManagementClient.VirtualMachines.Get(resourceGroupName, virtualMachineName1);
string localIPAddress = networkManagementClient.NetworkInterfaces.Get(resourceGroupName, networkInterfaceName1).IpConfigurations.FirstOrDefault().PrivateIPAddress;
string securityRule1 = TestUtilities.GenerateName();
// Add a security rule
var SecurityRule = new SecurityRule()
{
Name = securityRule1,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "*",
};
var nsg = networkManagementClient.NetworkSecurityGroups.Get(resourceGroupName, networkSecurityGroupName);
nsg.SecurityRules.Add(SecurityRule);
networkManagementClient.NetworkSecurityGroups.CreateOrUpdate(resourceGroupName, networkSecurityGroupName, nsg);
VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters()
{
TargetResourceId = getVm1.Id,
Direction = "Outbound",
Protocol = "TCP",
LocalPort = "80",
RemotePort = "80",
LocalIPAddress = localIPAddress,
RemoteIPAddress = "12.11.12.14"
};
//Verify IP flow from a VM to a location given the configured rule
var verifyIpFlow = networkManagementClient.NetworkWatchers.VerifyIPFlow(resourceGroupName, networkWatcherName, ipFlowProperties);
//Verify validity of the result
Assert.Equal("Deny", verifyIpFlow.Access);
Assert.Equal("securityRules/" + securityRule1, verifyIpFlow.RuleName);
}
}
public async Task VerifyIpFlowApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("azsmnet");
string location = "westus2";
await ResourceGroupsOperations.CreateOrUpdateAsync(resourceGroupName, new ResourceGroup(location));
string virtualMachineName1 = Recording.GenerateAssetName("azsmnet");
string networkInterfaceName1 = Recording.GenerateAssetName("azsmnet");
string networkSecurityGroupName = virtualMachineName1 + "-nsg";
//Deploy VM with a template
await CreateVm(
resourcesClient : ResourceManagementClient,
resourceGroupName : resourceGroupName,
location : location,
virtualMachineName : virtualMachineName1,
storageAccountName : Recording.GenerateAssetName("azsmnet"),
networkInterfaceName : networkInterfaceName1,
networkSecurityGroupName : networkSecurityGroupName,
diagnosticsStorageAccountName : Recording.GenerateAssetName("azsmnet"),
deploymentName : Recording.GenerateAssetName("azsmnet"),
adminPassword : Recording.GenerateAlphaNumericId("AzureSDKNetworkTest#")
);
//TODO:There is no need to perform a separate create NetworkWatchers operation
//Create network Watcher
//string networkWatcherName = Recording.GenerateAssetName("azsmnet");
//NetworkWatcher properties = new NetworkWatcher { Location = location };
//await NetworkManagementClient.NetworkWatchers.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties);
Response <VirtualMachine> getVm1 = await ComputeManagementClient.VirtualMachines.GetAsync(resourceGroupName, virtualMachineName1);
string localIPAddress = NetworkManagementClient.NetworkInterfaces.GetAsync(resourceGroupName, networkInterfaceName1).Result.Value.IpConfigurations.FirstOrDefault().PrivateIPAddress;
string securityRule1 = Recording.GenerateAssetName("azsmnet");
// Add a security rule
SecurityRule SecurityRule = new SecurityRule()
{
Name = securityRule1,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "*",
};
Response <NetworkSecurityGroup> nsg = await NetworkManagementClient.NetworkSecurityGroups.GetAsync(resourceGroupName, networkSecurityGroupName);
nsg.Value.SecurityRules.Add(SecurityRule);
NetworkSecurityGroupsCreateOrUpdateOperation createOrUpdateOperation = await NetworkManagementClient.NetworkSecurityGroups.StartCreateOrUpdateAsync(resourceGroupName, networkSecurityGroupName, nsg);
await WaitForCompletionAsync(createOrUpdateOperation);
VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters(getVm1.Value.Id, "Outbound", "TCP", "80", "80", localIPAddress, "12.11.12.14");
//Verify IP flow from a VM to a location given the configured rule
NetworkWatchersVerifyIPFlowOperation verifyIpFlowOperation = await NetworkManagementClient.NetworkWatchers.StartVerifyIPFlowAsync("NetworkWatcherRG", "NetworkWatcher_westus2", ipFlowProperties);
Response <VerificationIPFlowResult> verifyIpFlow = await WaitForCompletionAsync(verifyIpFlowOperation);
//Verify validity of the result
Assert.AreEqual("Deny", verifyIpFlow.Value.Access.ToString());
Assert.AreEqual("securityRules/" + securityRule1, verifyIpFlow.Value.RuleName);
}
