fixing packet capture call to be async (#25888)

nikhilpadhye1 · VeryEarly · web-flow · commit 4a9f511f4f31 · 2024-08-23T12:49:15.000+08:00
* fixing packet capture call to be async

* fixing the test to return success

* replaced the hard coded sasurl with sasurl generated on the fly

* Adding session record for the fixed test

* adding change summary to changelog.md

* skipping test in cloud runner due to issues accessing deployed storage account

* removing storage account actions, replacing the sessions recording and replacing the sasurl with a dummySAS as per recommendation

* mask sas url in record json

---------

Co-authored-by: Yabo Hu &lt;yabhu@microsoft.com&gt;
diff --git a/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1 b/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1
@@ -2133,38 +2133,54 @@ function Test-GetAzureFirewallLearnedIpPrefixes {
 Tests Invoke-AzureFirewallPacketCapture
 #>
 function Test-InvokeAzureFirewallPacketCapture {
+    # Setup
     $rgname = Get-ResourceGroupName
     $azureFirewallName = Get-ResourceName
     $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
     $location = Get-ProviderLocation $resourceTypeParent "eastus"
 
     $vnetName = Get-ResourceName
     $subnetName = "AzureFirewallSubnet"
-    $publicIpName = Get-ResourceName
+	$mgmtSubnetName = "AzureFirewallManagementSubnet"
+    $publicIp1Name = Get-ResourceName
+    $mgmtPublicIpName = Get-ResourceName
 
     try {
-
         # Create the resource group
-        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
 
-        # Create public ip
-        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
+        $mgmtSubnet = New-AzVirtualNetworkSubnetConfig -Name $mgmtSubnetName -AddressPrefix 10.0.100.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet,$mgmtSubnet
+        
+        # Get full subnet details
+        $subnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName
+        $mgmtSubnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $mgmtSubnetName
 
-        # Create AzureFirewall
-        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location
+        # Create public ips
+        $publicip1 = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIp1Name -location $location -AllocationMethod Static -Sku Standard
+        $mgmtPublicIp = New-AzPublicIpAddress -ResourceGroupName $rgname -name $mgmtPublicIpName -location $location -AllocationMethod Static -Sku Standard
 
-        # Verify
-        $azFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        # Create AzureFirewall with a management IP
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location -VirtualNetwork $vnet -PublicIpAddress $publicip1 -ManagementPublicIpAddress $mgmtPublicIp
+
+        # Get AzureFirewall
+        $getAzureFirewall = Get-AzFirewall -name $azureFirewallName -ResourceGroupName $rgname
+
+        $sasurl = "https://powershellpacketcapture.blob.core.windows.net/testcapture?sp=wDummyURL"
 
         # Create a filter rules
         $filter1 = New-AzFirewallPacketCaptureRule -Source "10.0.0.2","192.123.12.1" -Destination "172.32.1.2" -DestinationPort "80","443"
         $filter2 = New-AzFirewallPacketCaptureRule -Source "10.0.0.5" -Destination "172.20.10.2" -DestinationPort "80","443"
     
         # Create the firewall packet capture parameters
-        $Params =  New-AzFirewallPacketCaptureParameter  -DurationInSeconds 300 -NumberOfPackets 5000 -SASUrl "ValidSasUrl" -Filename "AzFwPacketCapture" -Flag "Syn","Ack" -Protocol "Any" -Filter $Filter1, $Filter2
+        $Params =  New-AzFirewallPacketCaptureParameter  -DurationInSeconds 30 -NumberOfPackets 500 -SASUrl $sasurl -Filename "AzFwPowershellPacketCapture" -Flag "Syn","Ack" -Protocol "Any" -Filter $Filter1, $Filter2
 
         # Invoke a firewall packet capture
-        Invoke-AzFirewallPacketCapture -AzureFirewall $azureFirewall -Parameter $Params
+        $response = Invoke-AzFirewallPacketCapture -AzureFirewall $azureFirewall -Parameter $Params
+        Assert-NotNull $response
+        Assert-AreEqual "Microsoft.Azure.Management.Network.Models.AzureFirewallsPacketCaptureHeaders" $response.GetType().fullname
     }
     finally {
         # Cleanup
diff --git a/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestInvokeAzureFirewallPacketCapture.json b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestInvokeAzureFirewallPacketCapture.json
diff --git a/src/Network/Network/AzureFirewall/InvokeAzureFirewallPacketCaptureCommand.cs b/src/Network/Network/AzureFirewall/InvokeAzureFirewallPacketCaptureCommand.cs
@@ -58,7 +58,7 @@ public override void Execute()
             
 
             // Execute the PUT AzureFirewall call
-            var headers = this.AzureFirewallClient.PacketCaptureAsync(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name, secureGwParamsModel);
+            var headers = this.AzureFirewallClient.PacketCapture(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name, secureGwParamsModel);
 
             WriteObject(headers);
         }
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
@@ -19,6 +19,7 @@
 --->
 
 ## Upcoming Release
+* Fixed a bug in cmdlet `Invoke-AzFirewallPacketCapture` which caused the packet capture request to be stuck in a waiting for activation state. 
 * Updated cmdlet to add the property of `Sensitivity`, and updated corresponding cmdlets.
     - `New-AzApplicationGatewayFirewallPolicyManagedRuleOverride`
 * Added support for `DefaultOutboundAccess` property in `Set-AzVirtualNetworkSubnetConfig` command

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ public override void Execute()`
`58`	`58`
`59`	`59`
`60`	`60`	`// Execute the PUT AzureFirewall call`
`61`		`- var headers = this.AzureFirewallClient.PacketCaptureAsync(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name, secureGwParamsModel);`
	`61`	`+ var headers = this.AzureFirewallClient.PacketCapture(this.AzureFirewall.ResourceGroupName, this.AzureFirewall.Name, secureGwParamsModel);`
`62`	`62`
`63`	`63`	`WriteObject(headers);`
`64`	`64`	`}`