[Network] Added changes for Allocate function in Azure Firewall (#25385)

* Added changes for Allocate function

* Updated change log file

* Updated the test case

* Updated the test which was failing

* Updated the failed test

---------

Co-authored-by: uditmisra52 <[email protected]>

Author: udit1402

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs

@@ -217,5 +217,13 @@ public void TestByopipAzureHubFirewall()
         {
             TestRunner.RunTestScript("Test-InvokeAzureByopipHubFirewall");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAllocateByopipAzureHubFirewall()
+        {
+            TestRunner.RunTestScript("Test-InvokeAzureAllocateByopipHubFirewall");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1

@@ -2181,7 +2181,7 @@ function Test-InvokeAzureByopipHubFirewall {
     $rgname = Get-ResourceGroupName
     $azureFirewallName = Get-ResourceName
     $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
-    $location = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+    $location = Get-ProviderLocation $resourceTypeParent "westcentralus"
     $azureFirewallPolicyName = Get-ResourceName
     $skuName = "AZFW_Hub"
     $skuTier = "Standard"
@@ -2224,4 +2224,75 @@ function Test-InvokeAzureByopipHubFirewall {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+
+<#
+.SYNOPSIS
+Tests Byopip Allocate feature for Hub Firewall
+#>
+function Test-InvokeAzureAllocateByopipHubFirewall {
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $location = Get-ProviderLocation $resourceTypeParent "westcentralus"
+    $azureFirewallPolicyName = Get-ResourceName
+    $skuName = "AZFW_Hub"
+    $skuTier = "Standard"
+    $publicIpName = Get-ResourceName
+    $virtualWanName = Get-ResourceName
+    $virtualHubName = Get-ResourceName
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
+
+        #Creating Public Ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+
+        # Create virtual Hub
+        $Vwan = New-AzVirtualWan -Name $virtualWanName -ResourceGroupName $rgname -Location $location -AllowVnetToVnetTraffic -AllowBranchToBranchTraffic -VirtualWANType "Standard"
+        $Hub = New-AzVirtualHub -Name $virtualHubName -ResourceGroupName $rgname -VirtualWan $Vwan -Location $Location -AddressPrefix "192.168.1.0/24" -Sku "Standard"
+
+        # Create firewall
+        $vHubId = $Hub.Id
+
+        $hubIp = New-AzFirewallHubPublicIpAddress -Count 2
+		$AzFWHubIPs = New-AzFirewallHubIpAddress -PublicIP $hubIp
+
+        New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location -SkuName $skuName -SkuTier $skuTier -HubIPAddress $AzFWHubIPs -VirtualHubId $vHubId
+
+        $AzFw = Get-AzFirewall -name $azureFirewallName -ResourceGroupName $rgname
+
+        $hubIp = New-AzFirewallHubPublicIpAddress -Count 0
+		$AzFWHubIPs = New-AzFirewallHubIpAddress -PublicIP $hubIp
+		$Azfw.HubIpAddresses = $AzFWHubIPs	
+		$AzFw.Deallocate()
+        Set-AzFirewall -AzureFirewall $AzFw	
+
+        # Allocate the firewall
+        $AzFw = Get-AzFirewall -name $azureFirewallName -ResourceGroupName $rgname
+        $AzFw.Allocate($Hub.Id, $publicip)
+        Set-AzFirewall -AzureFirewall $AzFw	
+
+        # Get AzureFirewall
+        $getAzureFirewall = Get-AzFirewall -name $azureFirewallName -ResourceGroupName $rgname
+
+        #verification
+        Assert-AreEqual $rgName $getAzureFirewall.ResourceGroupName
+        Assert-AreEqual $azureFirewallName $getAzureFirewall.Name
+        Assert-NotNull $getAzureFirewall.Location
+        Assert-AreEqual (Normalize-Location $location) $getAzureFirewall.Location
+        Assert-NotNull $getAzureFirewall.Sku
+        Assert-AreEqual $skuName $getAzureFirewall.Sku.Name
+        Assert-AreEqual $skuTier $getAzureFirewall.Sku.Tier
+        Assert-AreEqual 1 @($getAzureFirewall.IpConfigurations).Count
+        Assert-NotNull $getAzureFirewall.IpConfigurations[0].PublicIpAddress.Id
+        Assert-NotNull $getAzureFirewall.IpConfigurations[0].PrivateIpAddress
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAllocateByopipAzureHubFirewall.json

@@ -43,6 +43,7 @@
 * Updated the Azure Firewall and Azure Firewall Policy setter for their respective Private Range properties
   - Fixed a bug that prevented using /32 in private ranges on classic Azure Firewalls
   - Updated the error message to provide a suggested private range when the supplied range is not correctly masked by the host identifier
+  - Added a new Allocate function for Azure Firewall that allows allocating customer public ip address to the firewall
   - Fixed a bug that caused firewalls and policies to lose their private range property value when using their 'Get' cmdlets
 
 ## Version 7.6.0

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestByopipAzureHubFirewall.json

@@ -150,6 +150,39 @@ public void Allocate(Management.Network.Models.SubResource virtualHub)
                 throw new ArgumentException($"Hub firewall allocation attempted on a Non-hub firewall. Firewall name = {this.Name}, Sku name = {this.Sku.Name}");
             }
         }
+        public void Allocate(Management.Network.Models.SubResource virtualHub, PSPublicIpAddress[] publicIpAddresses)
+        {
+            if (this.Sku.Name.Equals("AZFW_Hub", StringComparison.OrdinalIgnoreCase))
+            {
+                this.VirtualHub = virtualHub;
+            }
+            else
+            {
+                throw new ArgumentException($"Hub firewall allocation attempted on a Non-hub firewall. Firewall name = {this.Name}, Sku name = {this.Sku.Name}");
+            }
+
+            this.IpConfigurations = new List<PSAzureFirewallIpConfiguration>();
+
+            if (publicIpAddresses != null && publicIpAddresses.Count() > 0)
+            {
+                for (var i = 0; i < publicIpAddresses.Count(); i++)
+                {
+                    this.IpConfigurations.Add(
+                        new PSAzureFirewallIpConfiguration
+                        {
+                            Name = $"{AzureFirewallIpConfigurationName}{i}",
+                            PublicIpAddress = new PSResourceId { Id = publicIpAddresses[i].Id }
+                        });
+                }
+            }
+            else
+            {
+                this.IpConfigurations.Add(new PSAzureFirewallIpConfiguration { Name = $"{AzureFirewallIpConfigurationName}{0}" });
+            }
+
+            // Making HubIpAddresses property null because it is an allocate for Byopip Hub firewall, where HubIpAddress should be kept null
+            this.HubIPAddresses = null;
+        }          
 
         public void Allocate(PSVirtualNetwork virtualNetwork, PSPublicIpAddress[] publicIpAddresses, PSPublicIpAddress ManagementPublicIpAddress = null)
         {