Add customer control knobs for different ExpressRoute gateway types (#22990)

* Add control knobs

* Fixes

* all changes

* fix expected value type

* Fix UT

* Update ChangeLog.md

* fix UT

* Add test recording

* add cortex tests

* .

* recording for ER gateways

* Fix static analysis

---------

Co-authored-by: Javier Colomer <[email protected]>
Co-authored-by: Yabo Hu <[email protected]>

Author: 3 people

src/Network/Network.Test/ScenarioTests/ExpressRouteGatewayTests.cs

@@ -0,0 +1,37 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using Microsoft.Azure.Commands.Network.Test.ScenarioTests;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+
+namespace Commands.Network.Test.ScenarioTests
+{
+    public class ExpressRouteGatewayTests : NetworkTestRunner
+    {
+        public ExpressRouteGatewayTests(Xunit.Abstractions.ITestOutputHelper output)
+            : base(output)
+        {
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.exrdev)]
+        public void TestExpressRouteGatewayUpdatesForDifferentCustomerBlockTrafficPreferences()
+        {
+            TestRunner.RunTestScript("Test-ExpressRouteGatewayForDifferentCustomerBlockTrafficPreferences");
+        }
+    }
+}

src/Network/Network.Test/ScenarioTests/ExpressRouteGatewayTests.ps1

@@ -0,0 +1,75 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.SYNOPSIS
+ExpressRoute gateway traffic block preferences that may be configured by customers
+#>
+function Test-ExpressRouteGatewayForDifferentCustomerBlockTrafficPreferences
+{
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $vWanName = Get-ResourceName
+    $vHubName = Get-ResourceName
+    $gatewayName = Get-ResourceName
+
+    # return
+    $rname = Get-ResourceName
+    $vnetName = Get-ResourceName
+    $publicIpName = Get-ResourceName
+    $vnetGatewayConfigName = Get-ResourceName
+    $rglocation = "centraluseuap"
+    $resourceTypeParent = "Microsoft.Network/virtualNetworkGateways"
+    $location = "centraluseuap"
+
+    try 
+    {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" } 
+
+        # Create the virtual WAN
+        $vwan = New-AzVirtualWan -ResourceGroupName $rgname -Name $vWanName -Location $rglocation
+
+        # Create the virtual hub
+        $hub = New-AzVirtualHub -ResourceGroupName $rgname -Name $vHubName -VirtualWan $vwan -AddressPrefix '10.0.0.0/16' -Location $rglocation
+
+        # Create the ExpressRoute gateway
+        $gateway = New-AzExpressRouteGateway -ResourceGroupName $rgname -Name $gatewayName -MinScaleUnits 1 -VirtualHub $hub
+
+        # Update vnet-to-vWAN via property and pass it as input object
+        $gateway.AllowNonVirtualWanTraffic = $true
+        Set-AzExpressRouteGateway -InputObject $gateway
+        $gateway = Get-AzExpressRouteGateway -ResourceGroupName $rgname -Name $gatewayName
+        Assert-AreEqual $true $gateway.AllowNonVirtualWanTraffic
+
+        $gateway.AllowNonVirtualWanTraffic = $false
+        Set-AzExpressRouteGateway -InputObject $gateway
+        $gateway = Get-AzExpressRouteGateway -ResourceGroupName $rgname -Name $gatewayName
+        Assert-AreEqual $false $gateway.AllowNonVirtualWanTraffic
+
+        # Update vnet-to-vWAN via cmdlet switch
+        Set-AzExpressRouteGateway -ResourceGroupName $rgname -Name $gatewayName -AllowNonVirtualWanTraffic $true
+        $gateway = Get-AzExpressRouteGateway -ResourceGroupName $rgname -Name $gatewayName
+        Assert-AreEqual $true $gateway.AllowNonVirtualWanTraffic
+
+        Set-AzExpressRouteGateway -ResourceGroupName $rgname -Name $gatewayName -AllowNonVirtualWanTraffic $false
+        $gateway = Get-AzExpressRouteGateway -ResourceGroupName $rgname -Name $gatewayName
+        Assert-AreEqual $false $gateway.AllowNonVirtualWanTraffic
+    }
+    finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+} 

src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayTests.cs

@@ -188,5 +188,12 @@ public void TestVirtualNetworkExpressRouteGatewayCRUDwithAdminState()
             TestRunner.RunTestScript("Test-VirtualNetworkExpressRouteGatewayCRUDwithAdminState");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.exrdev)]
+        public void TestVirtualNetworkExpressRouteGatewayUpdatesForDifferentCustomerBlockTrafficPreferences()
+        {
+            TestRunner.RunTestScript("Test-VirtualNetworkExpressRouteGatewayForDifferentCustomerBlockTrafficPreferences");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/VirtualNetworkGatewayTests.ps1

@@ -1651,3 +1651,100 @@ function Test-VirtualNetworkExpressRouteGatewayCRUDwithAdminState
         Clean-ResourceGroup $rgname
      }
 }
+
+<#
+.SYNOPSIS
+Virtual network gateway traffic block preferences that may be configured by customers
+#>
+function Test-VirtualNetworkExpressRouteGatewayForDifferentCustomerBlockTrafficPreferences
+{
+    # Setup
+    $rgname = Get-ResourceGroupName
+    # return
+
+    $rname = Get-ResourceName
+    $vnetName = Get-ResourceName
+    $publicIpName = Get-ResourceName
+    $vnetGatewayConfigName = Get-ResourceName
+    $rglocation = "centraluseuap"
+    $resourceTypeParent = "Microsoft.Network/virtualNetworkGateways"
+    $location = "centraluseuap"
+
+    try 
+    {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" } 
+
+        # Create the virtual network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -AddressPrefix 10.0.0.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+        $vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
+        $subnet = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
+
+        # Create the public IP
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static 
+
+        # Create & Get virtual network gateway
+        $vnetIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name $vnetGatewayConfigName -PublicIpAddress $publicip -Subnet $subnet
+
+        $createdGateway = New-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -GatewayType ExpressRoute -GatewaySku UltraPerformance
+        
+        # Brand-new gateway validations
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $retrievedGateway.ResourceGroupName $createdGateway.ResourceGroupName	
+        Assert-AreEqual $retrievedGateway.Name $createdGateway.Name	
+        Assert-AreEqual "ExpressRoute" $retrievedGateway.GatewayType
+        Assert-AreEqual $false $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $false $retrievedGateway.AllowVirtualWanTraffic
+
+        # Update vnet-to-vWAN via property
+        $retrievedGateway.AllowVirtualWanTraffic = $true
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $false $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $true $retrievedGateway.AllowVirtualWanTraffic
+        $retrievedGateway.AllowVirtualWanTraffic = $false
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway
+        Assert-AreEqual $false $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $false $retrievedGateway.AllowVirtualWanTraffic
+
+        # Update vnet-to-vWAN via switch
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway -AllowVirtualWanTraffic $true
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $false $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $true $retrievedGateway.AllowVirtualWanTraffic
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway -AllowVirtualWanTraffic $false
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $false $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $false $retrievedGateway.AllowVirtualWanTraffic
+
+        # Update vnet-to-vnet via property
+        $retrievedGateway.AllowRemoteVnetTraffic = $true
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $true $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $false $retrievedGateway.AllowVirtualWanTraffic
+        $retrievedGateway.AllowRemoteVnetTraffic = $false
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $false $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $false $retrievedGateway.AllowVirtualWanTraffic
+
+        # Update vnet-to-vnet via switch
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway -AllowRemoteVnetTraffic $true
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $true $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $false $retrievedGateway.AllowVirtualWanTraffic
+        Set-AzVirtualNetworkGateway -VirtualNetworkGateway $retrievedGateway -AllowRemoteVnetTraffic $false
+        $retrievedGateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+        Assert-AreEqual $false $retrievedGateway.AllowRemoteVnetTraffic
+        Assert-AreEqual $false $retrievedGateway.AllowVirtualWanTraffic
+    }
+    finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}