From 59f5d374f687a08b26259dc493f0ffa9ff7146ba Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Fri, 19 Apr 2024 10:57:20 -0700 Subject: [PATCH 1/9] Add parameters for cert based auth connection --- ...VirtualNetworkGatewayConnectionCreate.json | 33 ++++++++++++-- .../VirtualNetworkGatewayConnectionGet.json | 11 ++++- .../examples/VirtualNetworkGatewayGet.json | 6 +++ .../examples/VirtualNetworkGatewayUpdate.json | 18 ++++++++ .../2024-01-01/virtualNetworkGateway.json | 45 +++++++++++++++++++ 5 files changed, 109 insertions(+), 4 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionCreate.json index 2bbdc2d99689..53db7c0c6499 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionCreate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionCreate.json @@ -83,7 +83,16 @@ "usePolicyBasedTrafficSelectors": false, "ipsecPolicies": [], "trafficSelectorPolicies": [], - "connectionMode": "Default" + "connectionMode": "Default", + "authenticationType": "Certificate", + "certificateAuthentication": { + "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version", + "inboundAuthCertificateChain": [ + "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...", + "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..." + ], + "inboundAuthCertificateSubjectName": "CN=rootCert.com" + } }, "location": "centralus" } @@ -128,7 +137,16 @@ "ipsecPolicies": [], "ingressBytesTransferred": 0, "egressBytesTransferred": 0, - "connectionMode": "Default" + "connectionMode": "Default", + "authenticationType": "Certificate", + "certificateAuthentication": { + "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version", + "inboundAuthCertificateChain": [ + "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...", + "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..." + ], + "inboundAuthCertificateSubjectName": "CN=rootCert.com" + } } } }, @@ -181,7 +199,16 @@ "ipsecPolicies": [], "ingressBytesTransferred": 0, "egressBytesTransferred": 0, - "connectionMode": "Default" + "connectionMode": "Default", + "authenticationType": "Certificate", + "certificateAuthentication": { + "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version", + "inboundAuthCertificateChain": [ + "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...", + "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..." + ], + "inboundAuthCertificateSubjectName": "CN=rootCert.com" + } } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionGet.json index 84c2cefe435e..68483dc66b67 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionGet.json @@ -57,7 +57,16 @@ "connectionStatus": "Connecting", "ingressBytesTransferred": 0, "egressBytesTransferred": 0, - "connectionMode": "Default" + "connectionMode": "Default", + "authenticationType": "Certificate", + "certificateAuthentication": { + "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version", + "inboundAuthCertificateChain": [ + "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...", + "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..." + ], + "inboundAuthCertificateSubjectName": "CN=rootCert.com" + } } } } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayGet.json index 8acddbb2b3dc..7e78493bc23d 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayGet.json @@ -13,6 +13,12 @@ "etag": "W/\"00000000-0000-0000-0000-000000000000\"", "type": "Microsoft.Network/virtualNetworkGateways", "location": "centralus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {} + } + }, "properties": { "provisioningState": "Succeeded", "resourceGuid": "00000000-0000-0000-0000-000000000000", diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayUpdate.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayUpdate.json index 82319faf654f..f1a232c44ae3 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayUpdate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayUpdate.json @@ -5,6 +5,12 @@ "resourceGroupName": "rg1", "virtualNetworkGatewayName": "vpngw", "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {} + } + }, "properties": { "ipConfigurations": [ { @@ -109,6 +115,12 @@ "etag": "W/\"00000000-0000-0000-0000-000000000000\"", "type": "Microsoft.Network/virtualNetworkGateways", "location": "centralus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {} + } + }, "properties": { "provisioningState": "Succeeded", "resourceGuid": "00000000-0000-0000-0000-000000000000", @@ -232,6 +244,12 @@ "etag": "W/\"00000000-0000-0000-0000-000000000000\"", "type": "Microsoft.Network/virtualNetworkGateways", "location": "centralus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {} + } + }, "properties": { "provisioningState": "Succeeded", "resourceGuid": "00000000-0000-0000-0000-000000000000", diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json index c7aa419c1ef9..8e998e7cf28a 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json @@ -3292,6 +3292,10 @@ "readOnly": true, "type": "string", "description": "A unique read-only string that changes whenever the resource is updated." + }, + "identity": { + "$ref": "./network.json#/definitions/ManagedServiceIdentity", + "description": "The identity of the virtual network gateway, if configured." } }, "allOf": [ @@ -3563,6 +3567,14 @@ "enablePrivateLinkFastPath": { "type": "boolean", "description": "Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled." + }, + "authenticationType": { + "$ref": "#/definitions/ConnectionAuthenticationType", + "description": "Gateway connection authentication type." + }, + "certificateAuthentication": { + "$ref": "#/definitions/CertificateAuthentication", + "description": "Certificate Authentication information for a certificate based authentication connection." } }, "required": [ @@ -4480,6 +4492,39 @@ "customBgpIpAddress" ], "description": "GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection." + }, + "ConnectionAuthenticationType": { + "type": "string", + "description": "Gateway connection authentication type.", + "enum": [ + "PSK", + "Certificate" + ], + "x-ms-enum": { + "name": "ConnectionAuthenticationType", + "modelAsString": true + } + }, + "CertificateAuthentication": { + "type": "object", + "properties": { + "outboundAuthCertificate": { + "type": "string", + "description": "Outbound authentication certificate." + }, + "inboundAuthCertificateSubjectName": { + "type": "string", + "description": "Inbound authentication certificate subject name." + }, + "inboundAuthCertificateChain": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Inbound authentication certificate chain." + } + }, + "description": "Certificate Authentication information for a certificate based authentication connection." } } } From 9cd7ff5d53f60f40ae1c934386d9865d7c4ca28c Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Fri, 19 Apr 2024 13:48:15 -0700 Subject: [PATCH 2/9] retrigger checks From 5d8014596ac1d1dc3ce0d7954e26edaab06441bf Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Tue, 23 Apr 2024 10:12:33 -0700 Subject: [PATCH 3/9] retrigger checks From dd493e269b5b41b06c689183e3b2952ce3bf914f Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Wed, 24 Apr 2024 15:17:34 -0700 Subject: [PATCH 4/9] lintDiff --- .../stable/2024-01-01/virtualNetworkGateway.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json index 8e998e7cf28a..908372b49322 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json @@ -3295,7 +3295,11 @@ }, "identity": { "$ref": "./network.json#/definitions/ManagedServiceIdentity", - "description": "The identity of the virtual network gateway, if configured." + "description": "The identity of the virtual network gateway, if configured.", + "x-ms-mutability": [ + "create", + "read" + ] } }, "allOf": [ From b175e48bde57c480a31866645294b2fa53f5e0f5 Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Tue, 14 May 2024 10:03:16 -0700 Subject: [PATCH 5/9] Trigger Build From 6886a5e2b3a7602994e448a71d47725f871bb865 Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Tue, 14 May 2024 11:47:27 -0700 Subject: [PATCH 6/9] revert PATCH changes --- .../stable/2024-01-01/virtualNetworkGateway.json | 8 -------- 1 file changed, 8 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json index 908372b49322..2ee70a0888e8 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json @@ -3292,14 +3292,6 @@ "readOnly": true, "type": "string", "description": "A unique read-only string that changes whenever the resource is updated." - }, - "identity": { - "$ref": "./network.json#/definitions/ManagedServiceIdentity", - "description": "The identity of the virtual network gateway, if configured.", - "x-ms-mutability": [ - "create", - "read" - ] } }, "allOf": [ From 83958af465f9da9f3161be6407fda32fda1beb0d Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Tue, 14 May 2024 11:58:19 -0700 Subject: [PATCH 7/9] fix --- .../stable/2024-01-01/virtualNetworkGateway.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json index 2ee70a0888e8..8e998e7cf28a 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json @@ -3292,6 +3292,10 @@ "readOnly": true, "type": "string", "description": "A unique read-only string that changes whenever the resource is updated." + }, + "identity": { + "$ref": "./network.json#/definitions/ManagedServiceIdentity", + "description": "The identity of the virtual network gateway, if configured." } }, "allOf": [ From 629f9fd7f4b30cfb6e336849f5da4e51819956b0 Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Fri, 17 May 2024 11:42:22 -0700 Subject: [PATCH 8/9] change managed identity to v5 --- .../stable/2024-01-01/virtualNetworkGateway.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json index 8e998e7cf28a..977d5daff204 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json @@ -3294,7 +3294,7 @@ "description": "A unique read-only string that changes whenever the resource is updated." }, "identity": { - "$ref": "./network.json#/definitions/ManagedServiceIdentity", + "$ref": "../../../../../common-types/resource-management/v5/managedidentity.json#/definitions/ManagedServiceIdentity", "description": "The identity of the virtual network gateway, if configured." } }, From 477a05d60b95bac74a0ae0943aecb7e05b38b5c2 Mon Sep 17 00:00:00 2001 From: Dawei Wang Date: Wed, 29 May 2024 11:06:02 -0700 Subject: [PATCH 9/9] add format and description --- .../stable/2024-01-01/virtualNetworkGateway.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json index 977d5daff204..1a3d1784363b 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json @@ -4510,7 +4510,8 @@ "properties": { "outboundAuthCertificate": { "type": "string", - "description": "Outbound authentication certificate." + "format": "uri", + "description": "Keyvault secret ID for outbound authentication certificate." }, "inboundAuthCertificateSubjectName": { "type": "string", @@ -4521,7 +4522,7 @@ "items": { "type": "string" }, - "description": "Inbound authentication certificate chain." + "description": "Inbound authentication certificate public keys." } }, "description": "Certificate Authentication information for a certificate based authentication connection."