public override void Execute()
{
base.Execute();
var present = this.IsVirtualNetworkGatewayPresent(this.ResourceGroupName, this.Name);
string warningMsg = string.Empty;
string continueMsg = Properties.Resources.CreatingResourceMessage;
bool force = true;
if (!string.IsNullOrEmpty(GatewaySku) &&
GatewaySku.Equals(MNM.VirtualNetworkGatewaySkuTier.UltraPerformance, StringComparison.InvariantCultureIgnoreCase))
{
warningMsg = string.Format(Properties.Resources.UltraPerformaceGatewayWarning, this.Name);
force = false;
}
else
{
warningMsg = string.Format(Properties.Resources.OverwritingResource, this.Name);
}
if (this.Force.IsPresent)
{
force = true;
}
ConfirmAction(
force,
warningMsg,
continueMsg,
Name,
() =>
{
var virtualNetworkGateway = CreateVirtualNetworkGateway();
WriteObject(virtualNetworkGateway);
},
() => present);
}
private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
{
var vnetGateway = new PSVirtualNetworkGateway();
vnetGateway.Name = this.Name;
vnetGateway.ResourceGroupName = this.ResourceGroupName;
vnetGateway.Location = this.Location;
if (this.GatewaySku != null)
{
vnetGateway.Sku = new PSVirtualNetworkGatewaySku();
vnetGateway.Sku.Tier = this.GatewaySku;
vnetGateway.Sku.Name = this.GatewaySku;
}
else
{
// If gateway sku param value is not passed, - Let NRP make the decision, just pass it as null here
vnetGateway.Sku = null;
}
if (this.EnableActiveActiveFeature.IsPresent && !this.VpnType.Equals(MNM.VpnType.RouteBased))
{
throw new ArgumentException("Virtual Network Gateway VpnType should be " + MNM.VpnType.RouteBased + " when Active-Active feature flag is set to True.");
}
if (this.IpConfigurations != null)
{
vnetGateway.IpConfigurations = this.IpConfigurations?.ToList();
}
if (!string.IsNullOrEmpty(GatewaySku) &&
GatewaySku.Equals(
MNM.VirtualNetworkGatewaySkuTier.UltraPerformance,
StringComparison.InvariantCultureIgnoreCase) && !string.IsNullOrEmpty(GatewayType) &&
!GatewayType.Equals(
MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(),
StringComparison.InvariantCultureIgnoreCase))
{
throw new ArgumentException("Virtual Network Gateway Need to be Express Route when the sku is UltraPerformance.");
}
vnetGateway.GatewayType = this.GatewayType;
vnetGateway.VpnType = this.VpnType;
vnetGateway.EnableBgp = this.EnableBgp;
vnetGateway.ActiveActive = this.EnableActiveActiveFeature.IsPresent;
if (this.GatewayDefaultSite != null)
{
vnetGateway.GatewayDefaultSite = new PSResourceId();
vnetGateway.GatewayDefaultSite.Id = this.GatewayDefaultSite.Id;
}
else
{
vnetGateway.GatewayDefaultSite = null;
}
if (this.VpnClientAddressPool != null ||
this.VpnClientRootCertificates != null ||
this.VpnClientRevokedCertificates != null ||
this.RadiusServerAddress != null ||
(this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0))
{
vnetGateway.VpnClientConfiguration = new PSVpnClientConfiguration();
if (this.VpnClientAddressPool != null)
{
// Make sure passed Virtual Network gateway type is RouteBased if P2S VpnClientAddressPool is specified.
if (this.VpnType == null || !this.VpnType.Equals(MNM.VpnType.RouteBased))
{
throw new ArgumentException("Virtual Network Gateway VpnType should be :" + MNM.VpnType.RouteBased + " when P2S VpnClientAddressPool is specified.");
}
vnetGateway.VpnClientConfiguration.VpnClientAddressPool = new PSAddressSpace();
vnetGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool?.ToList();
}
if (this.VpnClientProtocol != null)
{
vnetGateway.VpnClientConfiguration.VpnClientProtocols = this.VpnClientProtocol?.ToList();
}
if (this.VpnClientRootCertificates != null)
{
vnetGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates?.ToList();
}
if (this.VpnClientRevokedCertificates != null)
{
vnetGateway.VpnClientConfiguration.VpnClientRevokedCertificates = this.VpnClientRevokedCertificates?.ToList();
}
if (this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0)
{
vnetGateway.VpnClientConfiguration.VpnClientIpsecPolicies = this.VpnClientIpsecPolicy?.ToList();
}
if ((this.RadiusServerAddress != null && this.RadiusServerSecret == null) ||
(this.RadiusServerAddress == null && this.RadiusServerSecret != null))
{
throw new ArgumentException("Both radius server address and secret must be specified if external radius is being configured");
}
if (this.RadiusServerAddress != null)
{
vnetGateway.VpnClientConfiguration.RadiusServerAddress = this.RadiusServerAddress;
vnetGateway.VpnClientConfiguration.RadiusServerSecret = SecureStringExtensions.ConvertToString(this.RadiusServerSecret);
}
}
else
{
vnetGateway.VpnClientConfiguration = null;
}
if (this.Asn > 0 || this.PeerWeight > 0)
{
vnetGateway.BgpSettings = new PSBgpSettings();
vnetGateway.BgpSettings.BgpPeeringAddress = null; // We block modifying the gateway's BgpPeeringAddress (CA)
if (this.Asn > 0)
{
vnetGateway.BgpSettings.Asn = this.Asn;
}
if (this.PeerWeight > 0)
{
vnetGateway.BgpSettings.PeerWeight = this.PeerWeight;
}
else if (this.PeerWeight < 0)
{
throw new ArgumentException("PeerWeight must be a positive integer");
}
}
if (this.CustomRoute != null && this.CustomRoute.Any())
{
vnetGateway.CustomRoutes = new PSAddressSpace();
vnetGateway.CustomRoutes.AddressPrefixes = this.CustomRoute?.ToList();
}
else
{
vnetGateway.CustomRoutes = null;
}
// Map to the sdk object
var vnetGatewayModel = NetworkResourceManagerProfile.Mapper.Map <MNM.VirtualNetworkGateway>(vnetGateway);
vnetGatewayModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create VirtualNetwork call
this.VirtualNetworkGatewayClient.CreateOrUpdate(this.ResourceGroupName, this.Name, vnetGatewayModel);
var getVirtualNetworkGateway = this.GetVirtualNetworkGateway(this.ResourceGroupName, this.Name);
return(getVirtualNetworkGateway);
}
private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
{
var vnetGateway = new PSVirtualNetworkGateway();
vnetGateway.Name = this.Name;
vnetGateway.ResourceGroupName = this.ResourceGroupName;
vnetGateway.Location = this.Location;
if (this.GatewaySku != null)
{
vnetGateway.Sku = new PSVirtualNetworkGatewaySku();
vnetGateway.Sku.Tier = this.GatewaySku;
vnetGateway.Sku.Name = this.GatewaySku;
}
else
{
// If gateway sku param value is not passed, set gateway sku to Standard if VpnType is RouteBased and Basic if VpnType is PolicyBased
if (this.VpnType != null && this.VpnType.Equals(MNM.VpnType.RouteBased))
{
vnetGateway.Sku = new PSVirtualNetworkGatewaySku();
vnetGateway.Sku.Tier = MNM.VirtualNetworkGatewaySkuTier.Standard;
vnetGateway.Sku.Name = MNM.VirtualNetworkGatewaySkuTier.Standard;
}
else
{
vnetGateway.Sku = new PSVirtualNetworkGatewaySku();
vnetGateway.Sku.Tier = MNM.VirtualNetworkGatewaySkuTier.Basic;
vnetGateway.Sku.Name = MNM.VirtualNetworkGatewaySkuTier.Basic;
}
}
if (this.EnableActiveActiveFeature.IsPresent && !vnetGateway.Sku.Tier.Equals(MNM.VirtualNetworkGatewaySkuTier.HighPerformance))
{
throw new ArgumentException("Virtual Network Gateway Sku should be " + MNM.VirtualNetworkGatewaySkuTier.HighPerformance + " when Active-Active feature flag is set to True.");
}
if (this.EnableActiveActiveFeature.IsPresent && !this.VpnType.Equals(MNM.VpnType.RouteBased))
{
throw new ArgumentException("Virtual Network Gateway VpnType should be " + MNM.VpnType.RouteBased + " when Active-Active feature flag is set to True.");
}
if (this.EnableActiveActiveFeature.IsPresent && this.IpConfigurations.Count != 2)
{
throw new ArgumentException("Virtual Network Gateway should have 2 Gateway IpConfigurations specified when Active-Active feature flag is True.");
}
if (!this.EnableActiveActiveFeature.IsPresent && this.IpConfigurations.Count == 2)
{
throw new ArgumentException("Virtual Network Gateway should have Active-Active feature flag set to True as there are 2 Gateway IpConfigurations specified. OR there should be only one Gateway IpConfiguration specified.");
}
if (this.IpConfigurations != null)
{
vnetGateway.IpConfigurations = this.IpConfigurations;
}
if (!string.IsNullOrEmpty(GatewaySku) &&
GatewaySku.Equals(
MNM.VirtualNetworkGatewaySkuTier.UltraPerformance,
StringComparison.InvariantCultureIgnoreCase) && !string.IsNullOrEmpty(GatewayType) &&
!GatewayType.Equals(
MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(),
StringComparison.InvariantCultureIgnoreCase))
{
throw new ArgumentException("Virtual Network Gateway Need to be Express Route when the sku is UltraPerformance.");
}
vnetGateway.GatewayType = this.GatewayType;
vnetGateway.VpnType = this.VpnType;
vnetGateway.EnableBgp = this.EnableBgp;
vnetGateway.ActiveActive = this.EnableActiveActiveFeature.IsPresent;
if (this.GatewayDefaultSite != null)
{
vnetGateway.GatewayDefaultSite = new PSResourceId();
vnetGateway.GatewayDefaultSite.Id = this.GatewayDefaultSite.Id;
}
else
{
vnetGateway.GatewayDefaultSite = null;
}
if (this.VpnClientAddressPool != null || this.VpnClientRootCertificates != null || this.VpnClientRevokedCertificates != null)
{
vnetGateway.VpnClientConfiguration = new PSVpnClientConfiguration();
if (this.VpnClientAddressPool != null)
{
// Make sure passed Virtual Network gateway type is RouteBased if P2S VpnClientAddressPool is specified.
if (this.VpnType == null || !this.VpnType.Equals(MNM.VpnType.RouteBased))
{
throw new ArgumentException("Virtual Network Gateway VpnType should be :" + MNM.VpnType.RouteBased + " when P2S VpnClientAddressPool is specified.");
}
vnetGateway.VpnClientConfiguration.VpnClientAddressPool = new PSAddressSpace();
vnetGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool;
}
if (this.VpnClientRootCertificates != null)
{
vnetGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates;
}
if (this.VpnClientRevokedCertificates != null)
{
vnetGateway.VpnClientConfiguration.VpnClientRevokedCertificates = this.VpnClientRevokedCertificates;
}
}
else
{
vnetGateway.VpnClientConfiguration = null;
}
if (this.Asn > 0 || this.PeerWeight > 0)
{
vnetGateway.BgpSettings = new PSBgpSettings();
vnetGateway.BgpSettings.BgpPeeringAddress = null; // We block modifying the gateway's BgpPeeringAddress (CA)
if (this.Asn > 0)
{
vnetGateway.BgpSettings.Asn = this.Asn;
}
if (this.PeerWeight > 0)
{
vnetGateway.BgpSettings.PeerWeight = this.PeerWeight;
}
else if (this.PeerWeight < 0)
{
throw new ArgumentException("PeerWeight must be a positive integer");
}
}
// Map to the sdk object
var vnetGatewayModel = Mapper.Map <MNM.VirtualNetworkGateway>(vnetGateway);
vnetGatewayModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create VirtualNetwork call
this.VirtualNetworkGatewayClient.CreateOrUpdate(this.ResourceGroupName, this.Name, vnetGatewayModel);
var getVirtualNetworkGateway = this.GetVirtualNetworkGateway(this.ResourceGroupName, this.Name);
return(getVirtualNetworkGateway);
}
private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
{
var vnetGateway = new PSVirtualNetworkGateway();
vnetGateway.Name = this.Name;
vnetGateway.ResourceGroupName = this.ResourceGroupName;
vnetGateway.Location = this.Location;
if (this.GatewaySku != null)
{
vnetGateway.Sku = new PSVirtualNetworkGatewaySku();
vnetGateway.Sku.Tier = this.GatewaySku;
vnetGateway.Sku.Name = this.GatewaySku;
}
else
{
// If gateway sku param value is not passed, - Let NRP make the decision, just pass it as null here
vnetGateway.Sku = null;
}
if (this.EnableActiveActiveFeature.IsPresent && !this.VpnType.Equals(MNM.VpnType.RouteBased))
{
throw new ArgumentException("Virtual Network Gateway VpnType should be " + MNM.VpnType.RouteBased + " when Active-Active feature flag is set to True.");
}
if (this.IpConfigurations != null)
{
vnetGateway.IpConfigurations = this.IpConfigurations?.ToList();
}
if (!string.IsNullOrEmpty(GatewaySku) &&
GatewaySku.Equals(
MNM.VirtualNetworkGatewaySkuTier.UltraPerformance,
StringComparison.InvariantCultureIgnoreCase) && !string.IsNullOrEmpty(GatewayType) &&
!GatewayType.Equals(
MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(),
StringComparison.InvariantCultureIgnoreCase))
{
throw new ArgumentException("Virtual Network Gateway Need to be Express Route when the sku is UltraPerformance.");
}
vnetGateway.GatewayType = this.GatewayType;
vnetGateway.VpnType = this.VpnType;
vnetGateway.EnableBgp = this.EnableBgp;
vnetGateway.DisableIPsecProtection = this.DisableIPsecProtection;
vnetGateway.ActiveActive = this.EnableActiveActiveFeature.IsPresent;
vnetGateway.EnablePrivateIpAddress = this.EnablePrivateIpAddress.IsPresent;
if (this.GatewayDefaultSite != null)
{
vnetGateway.GatewayDefaultSite = new PSResourceId();
vnetGateway.GatewayDefaultSite.Id = this.GatewayDefaultSite.Id;
}
else
{
vnetGateway.GatewayDefaultSite = null;
}
if (this.VpnClientAddressPool != null ||
this.VpnClientRootCertificates != null ||
this.VpnClientRevokedCertificates != null ||
this.RadiusServerAddress != null ||
(this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0) ||
this.AadTenantUri != null)
{
vnetGateway.VpnClientConfiguration = new PSVpnClientConfiguration();
if (this.VpnClientAddressPool != null)
{
// Make sure passed Virtual Network gateway type is RouteBased if P2S VpnClientAddressPool is specified.
if (this.VpnType == null || !this.VpnType.Equals(MNM.VpnType.RouteBased))
{
throw new ArgumentException("Virtual Network Gateway VpnType should be :" + MNM.VpnType.RouteBased + " when P2S VpnClientAddressPool is specified.");
}
vnetGateway.VpnClientConfiguration.VpnClientAddressPool = new PSAddressSpace();
vnetGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool?.ToList();
}
if (this.VpnClientProtocol != null)
{
vnetGateway.VpnClientConfiguration.VpnClientProtocols = this.VpnClientProtocol?.ToList();
}
if (this.VpnAuthenticationType != null)
{
vnetGateway.VpnClientConfiguration.VpnAuthenticationTypes = this.VpnAuthenticationType?.ToList();
}
if (this.VpnClientRootCertificates != null)
{
vnetGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates?.ToList();
}
if (this.VpnClientRevokedCertificates != null)
{
vnetGateway.VpnClientConfiguration.VpnClientRevokedCertificates = this.VpnClientRevokedCertificates?.ToList();
}
if (this.VpnClientIpsecPolicy != null && this.VpnClientIpsecPolicy.Length != 0)
{
vnetGateway.VpnClientConfiguration.VpnClientIpsecPolicies = this.VpnClientIpsecPolicy?.ToList();
}
if ((this.RadiusServerAddress != null && this.RadiusServerSecret == null) ||
(this.RadiusServerAddress == null && this.RadiusServerSecret != null))
{
throw new ArgumentException("Both radius server address and secret must be specified if external radius is being configured");
}
if (this.RadiusServerAddress != null && this.RadiusServerSecret != null)
{
vnetGateway.VpnClientConfiguration.RadiusServerAddress = this.RadiusServerAddress;
vnetGateway.VpnClientConfiguration.RadiusServerSecret = SecureStringExtensions.ConvertToString(this.RadiusServerSecret);
}
if (this.RadiusServerList != null && this.RadiusServerList.Any())
{
vnetGateway.VpnClientConfiguration.RadiusServers = this.RadiusServerList?.ToList();
}
if (this.AadTenantUri != null)
{
if (this.AadIssuerUri == null || this.AadAudienceId == null)
{
throw new ArgumentException("AadTenantUri, AadIssuerUri and AadAudienceId must be specified if AAD authentication is being configured for P2S.");
}
if (vnetGateway.VpnClientConfiguration.VpnClientProtocols.Count() == 1 &&
vnetGateway.VpnClientConfiguration.VpnClientProtocols.First().Equals(MNM.VpnClientProtocol.OpenVPN))
{
vnetGateway.VpnClientConfiguration.AadTenant = this.AadTenantUri;
vnetGateway.VpnClientConfiguration.AadIssuer = this.AadIssuerUri;
vnetGateway.VpnClientConfiguration.AadAudience = this.AadAudienceId;
}
else
{
throw new ArgumentException("Virtual Network Gateway VpnClientProtocol should be :" + MNM.VpnClientProtocol.OpenVPN + " when P2S AAD authentication is being configured.");
}
}
}
else
{
vnetGateway.VpnClientConfiguration = null;
}
if (this.Asn > 0 || this.PeerWeight > 0)
{
vnetGateway.BgpSettings = new PSBgpSettings();
vnetGateway.BgpSettings.BgpPeeringAddress = null; // We block modifying the gateway's BgpPeeringAddress (CA)
if (this.Asn > 0)
{
vnetGateway.BgpSettings.Asn = this.Asn;
}
if (this.PeerWeight > 0)
{
vnetGateway.BgpSettings.PeerWeight = this.PeerWeight;
}
else if (this.PeerWeight < 0)
{
throw new ArgumentException("PeerWeight must be a positive integer");
}
}
if (this.IpConfigurationBgpPeeringAddresses != null)
{
if (vnetGateway.BgpSettings == null)
{
vnetGateway.BgpSettings = new PSBgpSettings();
}
vnetGateway.BgpSettings.BgpPeeringAddresses = new List <PSIpConfigurationBgpPeeringAddress>();
foreach (var address in this.IpConfigurationBgpPeeringAddresses)
{
address.IpconfigurationId = FormatIdBgpPeeringAddresses(address.IpconfigurationId, this.ResourceGroupName, this.Name);
vnetGateway.BgpSettings.BgpPeeringAddresses.Add(address);
}
}
else if (vnetGateway.BgpSettings != null)
{
vnetGateway.BgpSettings.BgpPeeringAddresses = null;
}
if (this.CustomRoute != null && this.CustomRoute.Any())
{
vnetGateway.CustomRoutes = new PSAddressSpace();
vnetGateway.CustomRoutes.AddressPrefixes = this.CustomRoute?.ToList();
}
else
{
vnetGateway.CustomRoutes = null;
}
vnetGateway.VpnGatewayGeneration = MNM.VpnGatewayGeneration.None;
if (this.VpnGatewayGeneration != null)
{
if (GatewayType.Equals(MNM.VirtualNetworkGatewayType.ExpressRoute.ToString(), StringComparison.InvariantCultureIgnoreCase) &&
!this.VpnGatewayGeneration.Equals(MNM.VpnGatewayGeneration.None, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentException("Virtual Network Express Route Gateway cannot have any generation other than None.");
}
vnetGateway.VpnGatewayGeneration = this.VpnGatewayGeneration;
}
if (this.NatRule != null && this.NatRule.Any())
{
vnetGateway.NatRules = this.NatRule?.ToList();
}
// Set the EnableBgpRouteTranslationForNat, if it is specified by customer.
vnetGateway.EnableBgpRouteTranslationForNat = EnableBgpRouteTranslationForNat.IsPresent;
// Map to the sdk object
var vnetGatewayModel = NetworkResourceManagerProfile.Mapper.Map <MNM.VirtualNetworkGateway>(vnetGateway);
vnetGatewayModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create VirtualNetwork call
this.VirtualNetworkGatewayClient.CreateOrUpdate(this.ResourceGroupName, this.Name, vnetGatewayModel);
var getVirtualNetworkGateway = this.GetVirtualNetworkGateway(this.ResourceGroupName, this.Name);
return(getVirtualNetworkGateway);
}