[Synapse] New-AzSynapseFirewallRule correct IP ranges for -AllowAllAzureIp and -AllowAllIp (#14601)

idear1203 · Dongwei Wang · web-flow · commit 23ecf1a4d317 · 2021-03-22T13:29:49.000+08:00
* Add -AllowAllIp for New-AzSynapseFirewallRule

* Update changelog

* Add exceptions and change tab to spaces

* Update session records

Co-authored-by: Dongwei Wang &lt;dongwwa@microsoft.com&gt;
diff --git a/src/Synapse/Synapse.Test/ScenarioTests/FirewallTests.ps1 b/src/Synapse/Synapse.Test/ScenarioTests/FirewallTests.ps1
@@ -48,6 +48,15 @@ function Test-SynapseFirewall
 
         # Delete firewall
         Assert-True {Remove-AzSynapseFirewallRule -ResourceGroupName $resourceGroupName -WorkspaceName $workspaceName -Name $firewallRuleName -PassThru -Force} "Remove firewall rule failed"
+
+        # create firewall rule to allow all Azure IP
+        $firewallCreated = New-AzSynapseFirewallRule -ResourceGroupName $resourceGroupName -WorkspaceName $workspaceName -AllowAllAzureIp
+        Assert-AreEqual "0.0.0.0" $firewallCreated.StartIpAddress
+        Assert-AreEqual "0.0.0.0" $firewallCreated.EndIpAddress
+
+        $firewallCreated = New-AzSynapseFirewallRule -ResourceGroupName $resourceGroupName -WorkspaceName $workspaceName -AllowAllIp
+        Assert-AreEqual "0.0.0.0" $firewallCreated.StartIpAddress
+        Assert-AreEqual "255.255.255.255" $firewallCreated.EndIpAddress
 	}
     finally
     {
diff --git a/src/Synapse/Synapse.Test/SessionRecords/Microsoft.Azure.Commands.Synapse.Test.ScenarioTests.FirewallTests/TestSynapseFirewall.json b/src/Synapse/Synapse.Test/SessionRecords/Microsoft.Azure.Commands.Synapse.Test.ScenarioTests.FirewallTests/TestSynapseFirewall.json
diff --git a/src/Synapse/Synapse/ChangeLog.md b/src/Synapse/Synapse/ChangeLog.md
@@ -18,6 +18,8 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Renamed -AllowAllAzureIP to -AllowAllAzureIp and changed IP range to 0.0.0.0-0.0.0.0 
+* Added -AllowAllIp and set IP range to 0.0.0.0-255.255.255.255
 
 ## Version 0.9.0
 * Added support for workspace key encryption management
diff --git a/src/Synapse/Synapse/Commands/ManagementCommands/Firewall/NewAzureSynapseFirewallRule.cs b/src/Synapse/Synapse/Commands/ManagementCommands/Firewall/NewAzureSynapseFirewallRule.cs
@@ -4,7 +4,6 @@
 using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
 using Microsoft.Azure.Commands.Synapse.Properties;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
-using System.Linq;
 using System.Management.Automation;
 using Microsoft.Azure.Management.Synapse.Models;
 
@@ -17,25 +16,33 @@ public class NewAzureSynapseFirewallRule : SynapseManagementCmdletBase
     {
         private const string CreateByNameParameterSet = "CreateByNameParameterSet";
         private const string CreateByParentObjectParameterSet = "CreateByParentObjectParameterSet";
+        private const string CreateByNameAllowAllAzureIpParameterSet = "CreateByNameAllowAllAzureIpParameterSet";
+        private const string CreateByParentObjectAllowAllAzureIpParameterSet = "CreateByParentObjectAllowAllAzureIpParameterSet";
         private const string CreateByNameAllowAllIpParameterSet = "CreateByNameAllowAllIpParameterSet";
         private const string CreateByParentObjectAllowAllIpParameterSet = "CreateByParentObjectAllowAllIpParameterSet";
-        private const string AzureRuleStartIp = "0.0.0.0";
-        private const string AzureRuleEndIp = "255.255.255.255";
-        private const string AzureRuleName = "AllowAllAzureIPs";
+        private const string AllowAllAzureIpRuleStartIp = "0.0.0.0";
+        private const string AllowAllAzureIpRuleEndIp = "0.0.0.0";
+        private const string AllowAllAzureIpRuleName = "AllowAllWindowsAzureIps";
+        private const string AllowAllIpRuleStartIp = "0.0.0.0";
+        private const string AllowAllIpRuleEndIp = "255.255.255.255";
+        private const string AllowAllIpRuleName = "allowAll";
 
         [Parameter(ParameterSetName = CreateByNameParameterSet,Mandatory = false, HelpMessage = HelpMessages.ResourceGroupName)]
+        [Parameter(ParameterSetName = CreateByNameAllowAllAzureIpParameterSet, Mandatory = false, HelpMessage = HelpMessages.ResourceGroupName)]
         [Parameter(ParameterSetName = CreateByNameAllowAllIpParameterSet, Mandatory = false, HelpMessage = HelpMessages.ResourceGroupName)]
         [ResourceGroupCompleter]
         [ValidateNotNullOrEmpty]
         public string ResourceGroupName { get; set; }
 
         [Parameter(ParameterSetName = CreateByNameParameterSet,Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
+        [Parameter(ParameterSetName = CreateByNameAllowAllAzureIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
         [Parameter(ParameterSetName = CreateByNameAllowAllIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
         [ResourceNameCompleter(ResourceTypes.Workspace, nameof(ResourceGroupName))]
         [ValidateNotNullOrEmpty]
         public string WorkspaceName { get; set; }
 
         [Parameter(ValueFromPipeline = true, ParameterSetName = CreateByParentObjectParameterSet, Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
+        [Parameter(ValueFromPipeline = true, ParameterSetName = CreateByParentObjectAllowAllAzureIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
         [Parameter(ValueFromPipeline = true, ParameterSetName = CreateByParentObjectAllowAllIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
         [ValidateNotNull]
         public PSSynapseWorkspace WorkspaceObject { get; set; }
@@ -56,9 +63,13 @@ public class NewAzureSynapseFirewallRule : SynapseManagementCmdletBase
         [ValidateNotNullOrEmpty]
         public string EndIpAddress { get; set; }
 
-        [Parameter(ParameterSetName = CreateByNameAllowAllIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.AzureIpRule)]
-        [Parameter(ParameterSetName = CreateByParentObjectAllowAllIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.AzureIpRule)]
-        public SwitchParameter AllowAllAzureIP { get; set; }
+        [Parameter(ParameterSetName = CreateByNameAllowAllAzureIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.AllowAllAzureIpRule)]
+        [Parameter(ParameterSetName = CreateByParentObjectAllowAllAzureIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.AllowAllAzureIpRule)]
+        public SwitchParameter AllowAllAzureIp { get; set; }
+
+        [Parameter(ParameterSetName = CreateByNameAllowAllIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.AllowAllIpRule)]
+        [Parameter(ParameterSetName = CreateByParentObjectAllowAllIpParameterSet, Mandatory = true, HelpMessage = HelpMessages.AllowAllIpRule)]
+        public SwitchParameter AllowAllIp { get; set; }
 
         [Parameter(Mandatory = false, HelpMessage = HelpMessages.AsJob)]
         public SwitchParameter AsJob { get; set; }
@@ -71,11 +82,18 @@ public override void ExecuteCmdlet()
                 this.WorkspaceName = this.WorkspaceObject.Name;
             }
 
+            if (ParameterSetName == CreateByNameAllowAllAzureIpParameterSet || ParameterSetName == CreateByParentObjectAllowAllAzureIpParameterSet)
+            {
+                this.Name = AllowAllAzureIpRuleName;
+                this.StartIpAddress = AllowAllAzureIpRuleStartIp;
+                this.EndIpAddress = AllowAllAzureIpRuleEndIp;
+            }
+
             if (ParameterSetName == CreateByNameAllowAllIpParameterSet || ParameterSetName == CreateByParentObjectAllowAllIpParameterSet)
             {
-                this.Name = AzureRuleName;
-                this.StartIpAddress = AzureRuleStartIp;
-                this.EndIpAddress = AzureRuleEndIp;
+                this.Name = AllowAllIpRuleName;
+                this.StartIpAddress = AllowAllIpRuleStartIp;
+                this.EndIpAddress = AllowAllIpRuleEndIp;
             }
 
             if (string.IsNullOrEmpty(this.ResourceGroupName))
diff --git a/src/Synapse/Synapse/Common/HelpMessages.cs b/src/Synapse/Synapse/Common/HelpMessages.cs
@@ -259,7 +259,9 @@ SELECT on dbo.myTable by public
 
         public const string EndIpAddress = "The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress.";
 
-        public const string AzureIpRule = "Creates a special firewall rule that permits all Azure IPs to have access.";
+        public const string AllowAllAzureIpRule = "Creates a special firewall rule that permits all Azure IPs to have access. The Start IP is 0.0.0.0. The End IP is 0.0.0.0.";
+
+        public const string AllowAllIpRule = "Creates a special firewall rule that allows connections from all IP addresses. The Start IP is 0.0.0.0. The End IP is 255.255.255.255.";
 
         public const string RoleAssignmentId = "The ID of the role assignment.";
 
diff --git a/src/Synapse/Synapse/Models/SynapseConstants.cs b/src/Synapse/Synapse/Models/SynapseConstants.cs
@@ -204,10 +204,6 @@ public static class SynapseConstants
 
         public const string DefaultCollation = "SQL_Latin1_General_CP1_CI_AS";
 
-        public const string AllowAllStartIpAddress = "0.0.0.0";
-
-        public const string AllowAllEndIpAddress = "255.255.255.255";
-
         public const string StorageBlobDataContributorRoleName = "Azure Blob Data Contributor";
 
         public class Security
diff --git a/src/Synapse/Synapse/help/New-AzSynapseFirewallRule.md b/src/Synapse/Synapse/help/New-AzSynapseFirewallRule.md
@@ -19,9 +19,15 @@ New-AzSynapseFirewallRule [-ResourceGroupName <String>] -WorkspaceName <String>
  [-Confirm] [<CommonParameters>]
 ```
 
+### CreateByNameAllowAllAzureIpParameterSet
+```
+New-AzSynapseFirewallRule [-ResourceGroupName <String>] -WorkspaceName <String> [-AllowAllAzureIp] [-AsJob]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
 ### CreateByNameAllowAllIpParameterSet
 ```
-New-AzSynapseFirewallRule [-ResourceGroupName <String>] -WorkspaceName <String> [-AllowAllAzureIP] [-AsJob]
+New-AzSynapseFirewallRule [-ResourceGroupName <String>] -WorkspaceName <String> [-AllowAllIp] [-AsJob]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -32,9 +38,15 @@ New-AzSynapseFirewallRule -WorkspaceObject <PSSynapseWorkspace> -Name <String> -
  [<CommonParameters>]
 ```
 
+### CreateByParentObjectAllowAllAzureIpParameterSet
+```
+New-AzSynapseFirewallRule -WorkspaceObject <PSSynapseWorkspace> [-AllowAllAzureIp] [-AsJob]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
 ### CreateByParentObjectAllowAllIpParameterSet
 ```
-New-AzSynapseFirewallRule -WorkspaceObject <PSSynapseWorkspace> [-AllowAllAzureIP] [-AsJob]
+New-AzSynapseFirewallRule -WorkspaceObject <PSSynapseWorkspace> [-AllowAllIp] [-AsJob]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -67,9 +79,24 @@ This command creates firewall rule that allow all azure ips under a workspace.
 
 ## PARAMETERS
 
-### -AllowAllAzureIP
+### -AllowAllAzureIp
 Creates a special firewall rule that permits all Azure IPs to have access.
 
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: CreateByNameAllowAllAzureIpParameterSet, CreateByParentObjectAllowAllAzureIpParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -AllowAllIp
+Creates a special firewall rule that allows connections from all IP addresses. The Start IP is 0.0.0.0. The End IP is 255.255.255.255.
+
 ```yaml
 Type: System.Management.Automation.SwitchParameter
 Parameter Sets: CreateByNameAllowAllIpParameterSet, CreateByParentObjectAllowAllIpParameterSet
@@ -149,7 +176,7 @@ Resource group name.
 
 ```yaml
 Type: System.String
-Parameter Sets: CreateByNameParameterSet, CreateByNameAllowAllIpParameterSet
+Parameter Sets: CreateByNameParameterSet, CreateByNameAllowAllAzureIpParameterSet, CreateByNameAllowAllIpParameterSet
 Aliases:
 
 Required: False
@@ -180,7 +207,7 @@ Name of Synapse workspace.
 
 ```yaml
 Type: System.String
-Parameter Sets: CreateByNameParameterSet, CreateByNameAllowAllIpParameterSet
+Parameter Sets: CreateByNameParameterSet, CreateByNameAllowAllAzureIpParameterSet, CreateByNameAllowAllIpParameterSet
 Aliases:
 
 Required: True
@@ -195,7 +222,7 @@ workspace input object, usually passed through the pipeline.
 
 ```yaml
 Type: Microsoft.Azure.Commands.Synapse.Models.PSSynapseWorkspace
-Parameter Sets: CreateByParentObjectParameterSet, CreateByParentObjectAllowAllIpParameterSet
+Parameter Sets: CreateByParentObjectParameterSet, CreateByParentObjectAllowAllAzureIpParameterSet, CreateByParentObjectAllowAllIpParameterSet
 Aliases:
 
 Required: True
diff --git a/tools/StaticAnalysis/Exceptions/Az.Synapse/BreakingChangeIssues.csv b/tools/StaticAnalysis/Exceptions/Az.Synapse/BreakingChangeIssues.csv
@@ -45,3 +45,6 @@
 "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.RestoreAzureSynapseSqlPool","Restore-AzSynapseSqlPool","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Restore-AzSynapseSqlPool' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Restore-AzSynapseSqlPool'."
 "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.UpdateAzureSynapseWorkspace","Update-AzSynapseWorkspace","0","1050","The parameter set 'SetByNameParameterSet' for cmdlet 'Update-AzSynapseWorkspace' has been removed.","Add parameter set 'SetByNameParameterSet' back to cmdlet 'Update-AzSynapseWorkspace'."
 "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synaspe.NewAzureSynapseWorkspace","New-AzSynapseWorkspace","0","2020","The cmdlet 'New-AzSynapseWorkspace' no longer supports the type 'System.String' for parameter 'ManagedVirtualNetwork'.","Change the type for parameter 'ManagedVirtualNetwork' back to 'System.String'."
+ "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseFirewallRule","New-AzSynapseFirewallRule","0","2000","The cmdlet 'New-AzSynapseFirewallRule' no longer supports the parameter 'AllowAllAzureIP' and no alias was found for the original parameter name.","Add the parameter 'AllowAllAzureIP' back to the cmdlet 'New-AzSynapseFirewallRule', or add an alias to the original parameter name."
+ "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseFirewallRule","New-AzSynapseFirewallRule","0","1050","The parameter set 'CreateByNameAllowAllIpParameterSet' for cmdlet 'New-AzSynapseFirewallRule' has been removed.","Add parameter set 'CreateByNameAllowAllIpParameterSet' back to cmdlet 'New-AzSynapseFirewallRule'."
+ "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseFirewallRule","New-AzSynapseFirewallRule","0","1050","The parameter set 'CreateByParentObjectAllowAllIpParameterSet' for cmdlet 'New-AzSynapseFirewallRule' has been removed.","Add parameter set 'CreateByParentObjectAllowAllIpParameterSet' back to cmdlet 'New-AzSynapseFirewallRule'."
