Adding support for AzureFirewallPacketCapture in powershell (#24003)

* Adding support for AzureFirewallPacketCapture in powershell

* adding test structure

* fixing error in get call breaking builds

* adding test and commands to files

* session recordings

* fixing signatures

* added change to changelog

* minor change in changelog

* resolving merge conflict in changelog

* merge conflict resolution

* removing changes since i dont have write permissions

* Help files

* reveting az.netword.md changes

* updated az.network.md

* updating the help files

* Update New-AzFirewallPacketCaptureParameter.md

* Update Invoke-AzFirewallPacketCapture.md

* Update New-AzFirewallPacketCaptureParameter.md

* Update New-AzFirewallPacketCaptureRule.md

* Update Invoke-AzFirewallPacketCapture.md

* Update New-AzFirewallPacketCaptureParameter.md

* Update Invoke-AzFirewallPacketCapture.md

---------

Co-authored-by: Sai Sujith Reddy Mankala <[email protected]>
Co-authored-by: Yunchi Wang <[email protected]>

Author: 3 people

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs

@@ -201,5 +201,13 @@ public void TestGetAzureFirewallLearnedIpPrefixes()
         {
             TestRunner.RunTestScript("Test-GetAzureFirewallLearnedIpPrefixes");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestInvokeAzureFirewallPacketCapture()
+        {
+            TestRunner.RunTestScript("Test-InvokeAzureFirewallPacketCapture");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1

@@ -2119,4 +2119,48 @@ function Test-GetAzureFirewallLearnedIpPrefixes {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+<#
+.SYNOPSIS
+Tests Invoke-AzureFirewallPacketCapture
+#>
+function Test-InvokeAzureFirewallPacketCapture {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $location = Get-ProviderLocation $resourceTypeParent "eastus"
+
+    $vnetName = Get-ResourceName
+    $subnetName = "AzureFirewallSubnet"
+    $publicIpName = Get-ResourceName
+
+    try {
+
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+
+        # Create public ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+
+        # Create AzureFirewall
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location
+
+        # Verify
+        $azFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+
+        # Create a filter rules
+        $filter1 = New-AzFirewallPacketCaptureRule -Source "10.0.0.2","192.123.12.1" -Destination "172.32.1.2" -DestinationPort "80","443"
+        $filter2 = New-AzFirewallPacketCaptureRule -Source "10.0.0.5" -Destination "172.20.10.2" -DestinationPort "80","443"
+    
+        # Create the firewall packet capture parameters
+        $Params =  New-AzFirewallPacketCaptureParameter  -DurationInSeconds 300 -NumberOfPackets 5000 -SASUrl "ValidSasUrl" -Filename "AzFwPacketCapture" -Flag "Syn","Ack" -Protocol "Any" -Filter $Filter1, $Filter2
+
+        # Invoke a firewall packet capture
+        Invoke-AzFirewallPacketCapture -AzureFirewall $azureFirewall -Parameter $Params
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestInvokeAzureFirewallPacketCapture.json

@@ -646,7 +646,10 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'Remove-AzNetworkManagerManagementGroupConnection', 
                'Set-AzNetworkManagerManagementGroupConnection', 
                'Get-AzFirewallLearnedIpPrefix', 'New-AzFirewallPolicySnat', 
-               'New-AzGatewayCustomBgpIpConfigurationObject'
+               'New-AzGatewayCustomBgpIpConfigurationObject',
+               'New-AzFirewallPacketCaptureRule',
+               'New-AzFirewallPacketCaptureParameter',
+               'Invoke-AzFirewallPacketCapture'
 
 # Variables to export from this module
 # VariablesToExport = @()

src/Network/Network/Az.Network.psd1

@@ -17,7 +17,7 @@
 using Microsoft.Azure.Commands.Network.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
 using Microsoft.Azure.Management.Network;
-using Microsoft.Azure.Management.Network.Models;
+using MNM = Microsoft.Azure.Management.Network.Models;
 using Newtonsoft.Json;
 
 namespace Microsoft.Azure.Commands.Network
@@ -94,7 +94,7 @@ public PSAzureFirewall GetAzureFirewall(string resourceGroupName, string name)
             return psAzureFirewall;
         }
 
-        public PSAzureFirewall ToPsAzureFirewall(AzureFirewall firewall)
+        public PSAzureFirewall ToPsAzureFirewall(MNM.AzureFirewall firewall)
         {
             var azureFirewall = NetworkResourceManagerProfile.Mapper.Map<PSAzureFirewall>(firewall);
 

src/Network/Network/AzureFirewall/AzureFirewallBaseCmdlet.cs

@@ -18,7 +18,7 @@
 using Microsoft.Azure.Commands.Network.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.Network;
-using Microsoft.Azure.Management.Network.Models;
+using MNM = Microsoft.Azure.Management.Network.Models;
 using Microsoft.Rest.Azure;
 
 namespace Microsoft.Azure.Commands.Network
@@ -55,12 +55,12 @@ public override void ExecuteCmdlet()
             }
             else
             {
-                IPage<AzureFirewall> azureFirewallPage = ShouldListBySubscription(ResourceGroupName, Name)
+                IPage<MNM.AzureFirewall> azureFirewallPage = ShouldListBySubscription(ResourceGroupName, Name)
                     ? this.AzureFirewallClient.ListAll()
                     : this.AzureFirewallClient.List(this.ResourceGroupName);
 
                 // Get all resources by polling on next page link
-                var azureFirewallResponseList = ListNextLink<AzureFirewall>.GetAllResourcesByPollingNextLink(azureFirewallPage, this.AzureFirewallClient.ListNext);
+                var azureFirewallResponseList = ListNextLink<MNM.AzureFirewall>.GetAllResourcesByPollingNextLink(azureFirewallPage, this.AzureFirewallClient.ListNext);
 
                 var psAzureFirewalls = azureFirewallResponseList.Select(firewall =>
                 {

src/Network/Network/AzureFirewall/GetAzureFirewallCommand.cs

@@ -0,0 +1,66 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Linq;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Network.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
+using Microsoft.Azure.Management.Network;
+using Microsoft.Azure.Management.Network.Models;
+using Microsoft.Rest.Azure;
+using MNM = Microsoft.Azure.Management.Network.Models;
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet("Invoke", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "FirewallPacketCapture", SupportsShouldProcess = true), OutputType(typeof(PSAzureFirewallPacketCaptureParameters))]
+    public class InvokeAzureFirewallPacketCaptureCommand : AzureFirewallBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipeline = true,
+            HelpMessage = "The AzureFirewall")]
+        public PSAzureFirewall AzureFirewall { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            ValueFromPipeline = true,
+            HelpMessage = "The packet capture parameters")]
+        public PSAzureFirewallPacketCaptureParameters Parameter { get; set; }
+
+
+        [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
+        public SwitchParameter AsJob { get; set; }
+        
+        public override void Execute()
+        {
+            base.Execute();
+
+            if (!this.IsAzureFirewallPresent(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name))
+            {
+                throw new ArgumentException(Microsoft.Azure.Commands.Network.Properties.Resources.ResourceNotFound);
+            }
+
+            // Map to the sdk object
+            var secureGwParamsModel = NetworkResourceManagerProfile.Mapper.Map<MNM.FirewallPacketCaptureParameters>(this.Parameter);
+            
+
+            // Execute the PUT AzureFirewall call
+            var headers = this.AzureFirewallClient.PacketCaptureAsync(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name, secureGwParamsModel);
+
+            WriteObject(headers);
+        }
+    }
+}

src/Network/Network/AzureFirewall/InvokeAzureFirewallPacketCaptureCommand.cs

@@ -0,0 +1,91 @@
+using Microsoft.Azure.Commands.Network.Models;
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+using System.Text;
+using MNM = Microsoft.Azure.Management.Network.Models;
+
+
+namespace Microsoft.Azure.Commands.Network.AzureFirewall.PacketCapture
+{
+    [Cmdlet(VerbsCommon.New, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "FirewallPacketCaptureParameter", SupportsShouldProcess = true), OutputType(typeof(PSAzureFirewallPacketCaptureParameters))]
+    public class NewAzureFirewallPacketCaptureParametersCommand : NetworkBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "The intended durations of packet capture in seconds")]
+        [ValidateRange(30,1800)]
+        public uint DurationInSeconds { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "The intended number of packets to capture")]
+        [ValidateRange(100,90000)]
+        public uint NumberOfPacketsToCapture { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "Upload capture storage container SASURL with write and delete permissions")]
+        [ValidateNotNullOrEmpty]
+        public virtual string SasUrl { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "Name of packet capture file")]
+        [ValidateNotNullOrEmpty]
+        public virtual string FileName { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The Protocols to capture")]
+        [ValidateSet(
+            MNM.AzureFirewallNetworkRuleProtocol.Any,
+            MNM.AzureFirewallNetworkRuleProtocol.TCP,
+            MNM.AzureFirewallNetworkRuleProtocol.UDP,
+            MNM.AzureFirewallNetworkRuleProtocol.Icmp,
+            IgnoreCase = false)]
+        public string Protocol { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The list of tcp-flags to capture")]
+        public string[] Flag { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "The list of filters to capture")]
+        [ValidateNotNullOrEmpty]
+        public PSAzureFirewallPacketCaptureRule[] Filter { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+
+            List<PSAzureFirewallPacketCaptureFlags> PSFlags = new List<PSAzureFirewallPacketCaptureFlags>();
+            
+            if(Flag != null)
+            {
+                foreach (var flag in Flag)
+                {
+                    PSFlags.Add(PSAzureFirewallPacketCaptureFlags.MapUserInputToPacketCaptureFlag(flag));
+                }
+            }          
+
+            var packetCaptureParameters = new PSAzureFirewallPacketCaptureParameters
+            {
+                DurationInSeconds = this.DurationInSeconds,
+                NumberOfPacketsToCapture = this.NumberOfPacketsToCapture,
+                SasUrl = this.SasUrl,
+                FileName = this.FileName,
+                Protocol = this.Protocol,
+                Flags = PSFlags,
+                Filters = this.Filter?.ToList(),
+
+            };
+
+            WriteObject(packetCaptureParameters);
+        }
+    }
+}

src/Network/Network/AzureFirewall/PacketCaptureParameter/NewAzureFirewallPacketCaptureParameterCommand.cs

@@ -0,0 +1,64 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Network.Models;
+using System.Text.RegularExpressions;
+using MNM = Microsoft.Azure.Management.Network.Models;
+
+namespace Microsoft.Azure.Commands.Network.AzureFirewall.PacketCaptureRule
+{
+    [Cmdlet(VerbsCommon.New, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "FirewallPacketCaptureRule", SupportsShouldProcess = true), OutputType(typeof(PSAzureFirewallPacketCaptureRule))]
+    public class NewAzureFirewallPacketCaptureRuleCommand : AzureFirewallBaseCmdlet
+    {
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "The source addresses of the rule")]
+        [ValidateNotNullOrEmpty]
+        public string[] Source { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "The destination addresses of the rule")]
+        [ValidateNotNullOrEmpty]
+        public string[] Destination { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "The destination ports of the rule")]
+        public string[] DestinationPort { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+
+            // Sources and destinations must be specified
+            if ((Source == null) || (Destination == null))
+            {
+                throw new ArgumentException("Both Sources and Destinations must be specified.");
+            }
+
+            var filterRule = new PSAzureFirewallPacketCaptureRule
+            {
+                Sources = Source.ToList(),
+                Destinations = Destination.ToList(),
+                DestinationPorts = DestinationPort?.ToList()
+            };
+            WriteObject(filterRule);
+        }
+    }
+}

src/Network/Network/AzureFirewall/PacketCaptureRule/NewAzureFirewallPacketCaptureRuleCommand.cs

@@ -27,6 +27,7 @@
 * Added support of `InternetIngressIp` Property in New-AzNetworkVirtualAppliance
 * Added the new cmdlet for supporting `InternetIngressIp` Property with Network Virtual Appliances -`New-AzVirtualApplianceInternetIngressIpsProperty`
 * Added a new AuxiliaryMode value `AuxiliaryMode.Floating`
+* Added support for AzureFirewallPacketCapture
 
 ## Version 7.1.0
 * Added DefaultOutboundAccess parameter on subnet creation