public void GivenIHaveAResourceAccessRuleForAResourceWithNameAndDisplayNameWithAnAccessTypeAndPermission(
string name, string displayName, string accessType, Permission permission)
{
var resourceAccessRule = new ResourceAccessRule(accessType, new Resource(new Uri(name, UriKind.Relative), displayName), permission);
this.scenarioContext.Set(resourceAccessRule, ResourceAccessRuleKey);
}
public void WhenICheckIfTheResourceAccessRuleIsAMatchForATargetWithResourceNameAndTarget(string resourceName, string accessType)
{
ResourceAccessRule resourceAccessRule = this.scenarioContext.Get <ResourceAccessRule>(ResourceAccessRuleKey);
bool result = resourceAccessRule.IsMatch(new Uri(resourceName, UriKind.Relative), accessType);
this.scenarioContext.Set(result, ResultKey);
}
//Parse wrapped property PSPSResourceAccessRule to single NetworkRule PSResourceAccessRule in SDK
public static ResourceAccessRule ParseStorageResourceAccessRule(PSResourceAccessRule rule)
{
ResourceAccessRule returnRule = new ResourceAccessRule();
returnRule.TenantId = rule.TenantId;
returnRule.ResourceId = rule.ResourceId;
return(returnRule);
}
//Parse single NetworkRule PSResourceAccessRule in SDK to wrapped property PSPSResourceAccessRule
public static PSResourceAccessRule ParsePSResourceAccessRule(ResourceAccessRule rule)
{
PSResourceAccessRule returnRule = new PSResourceAccessRule();
returnRule.TenantId = rule.TenantId;
returnRule.ResourceId = rule.ResourceId;
return(returnRule);
}
public void GivenTwoResourceAccessRulesHaveDifferingPermissions()
{
var resourceAccessRule1 = new ResourceAccessRule("GET", new Resource(new Uri("foo", UriKind.Relative), "Foo"), Permission.Allow);
var resourceAccessRule2 = new ResourceAccessRule("GET", new Resource(new Uri("foo", UriKind.Relative), "Foo"), Permission.Deny);
this.scenarioContext.Set(resourceAccessRule1, ResourceAccessRule1Key);
this.scenarioContext.Set(resourceAccessRule2, ResourceAccessRule2Key);
}
public void WhenTheResourceAccessRulesAreCompared()
{
ResourceAccessRule resourceAccessRule1 = this.scenarioContext.Get <ResourceAccessRule>(ResourceAccessRule1Key);
ResourceAccessRule resourceAccessRule2 = this.scenarioContext.Get <ResourceAccessRule>(ResourceAccessRule2Key);
bool result = resourceAccessRule1 == resourceAccessRule2;
this.scenarioContext.Set(result, ResultKey);
}
/// <summary>
/// Remove one ResourceAccessRule from ResourceAccessRule List
/// </summary>
/// <param name="ruleList">The ResourceAccessRule List</param>
/// <param name="ruleToRemove">The ResourceAccessRule to remove</param>
/// <returns>true if reove success</returns>
public bool RemoveResourceAccessRule(IList <ResourceAccessRule> ruleList, ResourceAccessRule ruleToRemove)
{
foreach (ResourceAccessRule rule in ruleList)
{
if (rule.TenantId.Equals(ruleToRemove.TenantId, System.StringComparison.InvariantCultureIgnoreCase) &&
rule.ResourceId.Equals(ruleToRemove.ResourceId, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleList.Remove(rule);
return(true);
}
}
return(false);
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
if (ShouldProcess(this.Name, "Add Storage Account NetworkRules"))
{
var storageAccount = this.StorageClient.StorageAccounts.GetProperties(
this.ResourceGroupName,
this.Name);
NetworkRuleSet storageACL = storageAccount.NetworkRuleSet;
if (storageACL == null)
{
storageACL = new NetworkRuleSet();
}
bool ruleChanged = false;
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (string s in VirtualNetworkResourceId)
{
bool ruleExist = false;
foreach (VirtualNetworkRule originRule in storageACL.VirtualNetworkRules)
{
if (originRule.VirtualNetworkResourceId.Equals(s, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add VirtualNetworkRule as it already exist: {0}", s));
break;
}
}
if (!ruleExist)
{
VirtualNetworkRule rule = new VirtualNetworkRule(s);
storageACL.VirtualNetworkRules.Add(rule);
ruleChanged = true;
}
}
break;
case IpRuleStringParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (string s in IPAddressOrRange)
{
bool ruleExist = false;
foreach (IPRule originRule in storageACL.IpRules)
{
if (originRule.IPAddressOrRange.Equals(s, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add IPAddressOrRange as it already exist: {0}", s));
break;
}
}
if (!ruleExist)
{
IPRule rule = new IPRule(s);
storageACL.IpRules.Add(rule);
ruleChanged = true;
}
}
break;
case ResourceAccessRuleStringParameterSet:
if (storageACL.ResourceAccessRules == null)
{
storageACL.ResourceAccessRules = new List <ResourceAccessRule>();
}
bool ResourceAccessruleExist = false;
foreach (ResourceAccessRule originRule in storageACL.ResourceAccessRules)
{
if (originRule.TenantId.Equals(this.TenantId, System.StringComparison.InvariantCultureIgnoreCase) &&
originRule.ResourceId.Equals(this.ResourceId, System.StringComparison.InvariantCultureIgnoreCase))
{
ResourceAccessruleExist = true;
WriteDebug(string.Format("Skip add ResourceAccessRule as it already exist, TenantId: {0}, ResourceId: {1}", this.TenantId, this.ResourceId));
break;
}
}
if (!ResourceAccessruleExist)
{
ResourceAccessRule rule = new ResourceAccessRule(this.TenantId, this.ResourceId);
storageACL.ResourceAccessRules.Add(rule);
ruleChanged = true;
}
break;
case NetworkRuleObjectParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (PSVirtualNetworkRule rule in VirtualNetworkRule)
{
bool ruleExist = false;
foreach (VirtualNetworkRule originRule in storageACL.VirtualNetworkRules)
{
if (originRule.VirtualNetworkResourceId.Equals(rule.VirtualNetworkResourceId, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add IPAddressOrRange as it already exist: {0}", rule.VirtualNetworkResourceId));
break;
}
}
if (!ruleExist)
{
storageACL.VirtualNetworkRules.Add(PSNetworkRuleSet.ParseStorageNetworkRuleVirtualNetworkRule(rule));
ruleChanged = true;
}
}
break;
case ResourceAccessRuleObjectParameterSet:
if (storageACL.ResourceAccessRules == null)
{
storageACL.ResourceAccessRules = new List <ResourceAccessRule>();
}
foreach (PSResourceAccessRule rule in ResourceAccessRule)
{
bool ruleExist = false;
foreach (ResourceAccessRule originRule in storageACL.ResourceAccessRules)
{
if (originRule.TenantId.Equals(rule.TenantId, System.StringComparison.InvariantCultureIgnoreCase) &&
originRule.ResourceId.Equals(rule.ResourceId, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add ResourceAccessRule as it already exist, TenantId: {0}, ResourceId: {1}", rule.TenantId, rule.ResourceId));
break;
}
}
if (!ruleExist)
{
storageACL.ResourceAccessRules.Add(PSNetworkRuleSet.ParseStorageResourceAccessRule(rule));
ruleChanged = true;
}
}
break;
case IpRuleObjectParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (PSIpRule rule in IPRule)
{
bool ruleExist = false;
foreach (IPRule originRule in storageACL.IpRules)
{
if (originRule.IPAddressOrRange.Equals(rule.IPAddressOrRange, System.StringComparison.InvariantCultureIgnoreCase))
{
ruleExist = true;
WriteDebug(string.Format("Skip add IPAddressOrRange as it already exist: {0}", rule.IPAddressOrRange));
break;
}
}
if (!ruleExist)
{
storageACL.IpRules.Add(PSNetworkRuleSet.ParseStorageNetworkRuleIPRule(rule));
ruleChanged = true;
}
}
break;
}
if (ruleChanged)
{
StorageAccountUpdateParameters updateParameters = new StorageAccountUpdateParameters();
updateParameters.NetworkRuleSet = storageACL;
var updatedAccountResponse = this.StorageClient.StorageAccounts.Update(
this.ResourceGroupName,
this.Name,
updateParameters);
storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
}
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
case NetworkRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).VirtualNetworkRules);
break;
case IpRuleStringParameterSet:
case IpRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).IpRules);
break;
case ResourceAccessRuleStringParameterSet:
case ResourceAccessRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).ResourceAccessRules);
break;
}
}
}
static string FormatRuleForError(ResourceAccessRule rule) => $"'{rule.AccessType} {rule.Resource.Uri} ({rule.Resource.DisplayName}): {rule.Permission}'";
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
if (ShouldProcess(this.Name, "Remove Storage Account Networkrules"))
{
var storageAccount = this.StorageClient.StorageAccounts.GetProperties(
this.ResourceGroupName,
this.Name);
NetworkRuleSet storageACL = storageAccount.NetworkRuleSet;
if (storageACL == null)
{
storageACL = new NetworkRuleSet();
}
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (string s in VirtualNetworkResourceId)
{
VirtualNetworkRule rule = new VirtualNetworkRule(s);
if (!RemoveNetworkRule(storageACL.VirtualNetworkRules, rule))
{
throw new ArgumentOutOfRangeException("VirtualNetworkResourceId", String.Format("Can't remove VirtualNetworkRule with specific ResourceId since not exist: {0}", rule.VirtualNetworkResourceId));
}
}
break;
case IpRuleStringParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (string s in IPAddressOrRange)
{
IPRule rule = new IPRule(s);
if (!RemoveIpRule(storageACL.IpRules, rule))
{
throw new ArgumentOutOfRangeException("IPAddressOrRange", String.Format("Can't remove IpRule with specific IPAddressOrRange since not exist: {0}", rule.IPAddressOrRange));
}
}
break;
case ResourceAccessRuleStringParameterSet:
if (storageACL.ResourceAccessRules == null)
{
storageACL.ResourceAccessRules = new List <ResourceAccessRule>();
}
ResourceAccessRule resourceaccessrule = new ResourceAccessRule(this.TenantId, this.ResourceId);
if (!RemoveResourceAccessRule(storageACL.ResourceAccessRules, resourceaccessrule))
{
throw new ArgumentOutOfRangeException("TenantId, ResourceId", String.Format("Can't remove ResourceAccessRule since not exist, TenantId: {0}, ResourceId : {1}", resourceaccessrule.TenantId, resourceaccessrule.ResourceId));
}
break;
case NetworkRuleObjectParameterSet:
if (storageACL.VirtualNetworkRules == null)
{
storageACL.VirtualNetworkRules = new List <VirtualNetworkRule>();
}
foreach (PSVirtualNetworkRule rule in VirtualNetworkRule)
{
if (!RemoveNetworkRule(storageACL.VirtualNetworkRules, PSNetworkRuleSet.ParseStorageNetworkRuleVirtualNetworkRule(rule)))
{
throw new ArgumentOutOfRangeException("VirtualNetworkRule", String.Format("Can't remove VirtualNetworkRule with specific ResourceId since not exist: {0}", rule.VirtualNetworkResourceId));
}
}
break;
case IpRuleObjectParameterSet:
if (storageACL.IpRules == null)
{
storageACL.IpRules = new List <IPRule>();
}
foreach (PSIpRule rule in IPRule)
{
if (!RemoveIpRule(storageACL.IpRules, PSNetworkRuleSet.ParseStorageNetworkRuleIPRule(rule)))
{
throw new ArgumentOutOfRangeException("IPRule", String.Format("Can't remove IpRule with specific IPAddressOrRange since not exist: {0}", rule.IPAddressOrRange));
}
}
break;
case ResourceAccessRuleObjectParameterSet:
if (storageACL.ResourceAccessRules == null)
{
storageACL.ResourceAccessRules = new List <ResourceAccessRule>();
}
foreach (PSResourceAccessRule rule in this.ResourceAccessRule)
{
if (!RemoveResourceAccessRule(storageACL.ResourceAccessRules, PSNetworkRuleSet.ParseStorageResourceAccessRule(rule)))
{
throw new ArgumentOutOfRangeException("ResourceAccessRule", String.Format("Can't remove ResourceAccessRule since not exist, TenantId: {0}, ResourceId : {1}", rule.TenantId, rule.ResourceId));
}
}
break;
}
StorageAccountUpdateParameters updateParameters = new StorageAccountUpdateParameters();
updateParameters.NetworkRuleSet = storageACL;
var updatedAccountResponse = this.StorageClient.StorageAccounts.Update(
this.ResourceGroupName,
this.Name,
updateParameters);
storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
switch (ParameterSetName)
{
case NetWorkRuleStringParameterSet:
case NetworkRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).VirtualNetworkRules);
break;
case IpRuleStringParameterSet:
case IpRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).IpRules);
break;
case ResourceAccessRuleStringParameterSet:
case ResourceAccessRuleObjectParameterSet:
WriteObject(PSNetworkRuleSet.ParsePSNetworkRule(storageAccount.NetworkRuleSet).ResourceAccessRules);
break;
}
}
}