Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding DisableIPsecProtection check(bool) to Virtual Network Gateway #18029

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,14 @@ public void TestSetVirtualNetworkGatewayCRUD()
TestRunner.RunTestScript("Test-SetVirtualNetworkGatewayCRUD");
}

[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
[Trait(Category.Owner, NrpTeamAlias.brooklynft_subset2)]
public void VirtualNetworkGatewayDisableIPsecProtection()
{
TestRunner.RunTestScript("Test-VirtualNetworkGatewayDisableIPsecProtection");
}

[Fact(Skip = "Skipped due to intermittent backend failures")]
[Trait(Category.AcceptanceType, Category.CheckIn)]
[Trait(Category.Owner, NrpTeamAlias.brooklynft_subset2)]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ function Test-VirtualNetworkGatewayCRUD
$ipconfigurationId = $vnetIpConfig.id
$addresslist = @('169.254.21.25')
$gw1ipconfBgp = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId -CustomAddress $addresslist
$job = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -AsJob
$job = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -DisableIPsecProtection $false -AsJob
$job | Wait-Job
$actual = $job | Receive-Job
$expected = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
Expand All @@ -124,6 +124,7 @@ function Test-VirtualNetworkGatewayCRUD
Assert-AreEqual "Vpn" $expected.GatewayType
Assert-AreEqual "RouteBased" $expected.VpnType
Assert-AreEqual 1 @($expected.BgpSettings.BGPPeeringAddresses).Count
Assert-AreEqual $expected.DisableIPsecProtection $actual.DisableIPsecProtection

# List virtualNetworkGateways
$list = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname
Expand Down Expand Up @@ -161,6 +162,64 @@ function Test-VirtualNetworkGatewayCRUD
}
}

<#
.SYNOPSIS
Virtual network gateway tests
#>
function Test-VirtualNetworkGatewayDisableIPsecProtection
{
# Setup
$rgname = Get-ResourceGroupName
$rname = Get-ResourceName
$domainNameLabel = Get-ResourceName
$vnetName = Get-ResourceName
$publicIpName = Get-ResourceName
$vnetGatewayConfigName = Get-ResourceName
$rglocation = Get-ProviderLocation ResourceManagement
$resourceTypeParent = "Microsoft.Network/virtualNetworkGateways"
$location = Get-ProviderLocation $resourceTypeParent

try
{
# Create the resource group
$resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" }

# Create the Virtual Network
$subnet = New-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -AddressPrefix 10.0.0.0/24
$vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
$subnet = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet

# Create the publicip
$publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Dynamic -DomainNameLabel $domainNameLabel

# Create & Get virtualnetworkgateway
$vnetIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name $vnetGatewayConfigName -PublicIpAddress $publicip -Subnet $subnet
$ipconfigurationId = $vnetIpConfig.id
$addresslist = @('169.254.21.25')
$gw1ipconfBgp = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId -CustomAddress $addresslist
$job = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -DisableIPsecProtection $true -AsJob
$job | Wait-Job
$actual = $job | Receive-Job
$expected = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
Assert-AreEqual $expected.DisableIPsecProtection $actual.DisableIPsecProtection

# Delete virtualNetworkGateway
$job = Remove-AzVirtualNetworkGateway -ResourceGroupName $actual.ResourceGroupName -name $rname -PassThru -Force -AsJob
$job | Wait-Job
$delete = $job | Receive-Job
Assert-AreEqual true $delete

$list = Get-AzVirtualNetworkGateway -ResourceGroupName $actual.ResourceGroupName
Assert-AreEqual 0 @($list).Count
}
finally
{
# Cleanup
Clean-ResourceGroup $rgname
}
}

<#
.SYNOPSIS
Virtual network gateway tests
Expand Down

Large diffs are not rendered by default.

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions src/Network/Network/ChangeLog.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
--->

## Upcoming Release
* Added `DisableIPsecProtection` to `Virtual Network Gateway`.
* Added new cmdlets to create/manage authorization objects for ExpressRoutePort:
- `Add-AzExpressRoutePortAuthorization`
- `Get-AzExpressRoutePortAuthorization`
Expand Down
3 changes: 3 additions & 0 deletions src/Network/Network/Models/PSVirtualNetworkGateway.cs
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ public class PSVirtualNetworkGateway : PSTopLevelResource
[Ps1Xml(Target = ViewControl.Table)]
public bool EnableBgp { get; set; }

[Ps1Xml(Target = ViewControl.Table)]
public bool DisableIPsecProtection { get; set; }

[Ps1Xml(Target = ViewControl.Table)]
public bool EnablePrivateIpAddress { get; set; }

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,12 @@ public class NewAzureVirtualNetworkGatewayCommand : VirtualNetworkGatewayBaseCmd
HelpMessage = "EnableBgp Flag")]
public bool EnableBgp { get; set; }

[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "Disable IPsec Protection Flag")]
public bool DisableIPsecProtection { get; set; }

misbamustaqim marked this conversation as resolved.
Show resolved Hide resolved
[Parameter(
Mandatory = false,
HelpMessage = "Flag to enable Active Active feature on virtual network gateway")]
Expand Down Expand Up @@ -360,6 +366,7 @@ private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
vnetGateway.GatewayType = this.GatewayType;
vnetGateway.VpnType = this.VpnType;
vnetGateway.EnableBgp = this.EnableBgp;
vnetGateway.DisableIPsecProtection = this.DisableIPsecProtection;
vnetGateway.ActiveActive = this.EnableActiveActiveFeature.IsPresent;
vnetGateway.EnablePrivateIpAddress = this.EnablePrivateIpAddress.IsPresent;

Expand Down
17 changes: 16 additions & 1 deletion src/Network/Network/help/New-AzVirtualNetworkGateway.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Creates a Virtual Network Gateway
```
New-AzVirtualNetworkGateway -Name <String> -ResourceGroupName <String> -Location <String>
[-IpConfigurations <PSVirtualNetworkGatewayIpConfiguration[]>] [-GatewayType <String>] [-VpnType <String>]
[-EnableBgp <Boolean>] [-EnableActiveActiveFeature] [-EnablePrivateIpAddress] [-GatewaySku <String>]
[-EnableBgp <Boolean>] [-DisableIPsecProtection <Boolean>] [-EnableActiveActiveFeature] [-EnablePrivateIpAddress] [-GatewaySku <String>]
[-GatewayDefaultSite <PSLocalNetworkGateway>] [-VpnClientAddressPool <String[]>]
[-VpnClientProtocol <String[]>] [-VpnAuthenticationType <String[]>]
[-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
Expand Down Expand Up @@ -319,6 +319,21 @@ Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
```

### -DisableIPsecProtection
The Flag disables IPsec Protection on VirtualNetworkGateway.

```yaml
Type: System.Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
```

### -EnableBgpRouteTranslationForNat
Flag to enable BgpRouteTranslationForNat on this VirtualNetworkGateway.

Expand Down