Azure
diff --git a/‎src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.cs
Lines changed: 16 additions & 0 deletions b/‎src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.cs
Lines changed: 16 additions & 0 deletions
diff --git a/‎src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1
Lines changed: 173 additions & 0 deletions b/‎src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1
Lines changed: 173 additions & 0 deletions
@@ -212,5 +212,21 @@ public void TestAzureFirewallPolicyIDPSProfiles()
         {
             TestRunner.RunTestScript("Test-AzureFirewallPolicyIDPSProfiles");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallPolicyDraft()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallPolicyDraft");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallPolicyRCGyDraft()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallPolicyRCGDraft");
+        }
     }
 }
@@ -2095,4 +2095,177 @@ function Test-AzureFirewallPolicyIDPSProfiles {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+<#
+.SYNOPSIS
+Tests function Test-AzureFirewallPolicyDraft.
+#>
+function Test-AzureFirewallPolicyDraft {
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $azureFirewallPolicyName = Get-ResourceName
+    $azureFirewallPolicyAsJobName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/FirewallPolicies"
+    $location = "westus2"
+    $tier = "Premium"
+ 
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
+        # Intrusion Detection Settings
+        $intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Alert"
+        # Create AzureFirewallPolicy
+        $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -SkuTier $tier -IntrusionDetection $intrusionDetection
+        # Create AzureFirewallPolicyDraft
+        $newAzureFirewallPolicyDraft = New-AzFirewallPolicyDraft -FirewallPolicyObject $azureFirewallPolicy
+        # Get AzureFirewallPolicyDraft
+        $getAzureFirewallPolicyDraft = Get-AzFirewallPolicyDraft -AzureFirewallPolicyName $azureFirewallPolicyName -ResourceGroupName $rgname
+        
+        # verification
+        Assert-NotNull $getAzureFirewallPolicyDraft.IntrusionDetection
+        Assert-AreEqual "Alert" $getAzureFirewallPolicyDraft.IntrusionDetection.Mode
+        Assert-Null $getAzureFirewallPolicyDraft.Snat
+
+        # Updated Intrusion Detection Settings
+        $intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Deny"
+        $setAzureFirewallPolicy = Set-AzFirewallPolicyDraft -AzureFirewallPolicyName $azureFirewallPolicyName -ResourceGroupName $rgname -IntrusionDetection $intrusionDetection
+        # Get AzureFirewallPolicyDraft
+        $getAzureFirewallPolicyDraft = Get-AzFirewallPolicyDraft -AzureFirewallPolicyName $azureFirewallPolicyName -ResourceGroupName $rgname
+        
+        # verification
+        Assert-AreEqual "Deny" $getAzureFirewallPolicyDraft.IntrusionDetection.Mode
+
+        # Deploy policy draft
+        Deploy-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+        # Get AzureFirewallPolicy
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+        # verification
+        Assert-NotNull $getAzureFirewallPolicyDraft.IntrusionDetection
+        Assert-AreEqual "Deny" $getAzureFirewallPolicyDraft.IntrusionDetection.Mode
+    }
+
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}
+ 
+<#
+.SYNOPSIS
+Tests function Test-AzureFirewallPolicyRCGDraft.
+#>
+function Test-AzureFirewallPolicyRCGDraft {
+   # Setup
+    $rgname = Get-ResourceGroupName
+    $azureFirewallPolicyName = Get-ResourceName
+    $azureFirewallPolicyAsJobName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/FirewallPolicies"
+    $location = "canadacentral"
+ 
+    $ruleGroupName = Get-ResourceName
+    $ruleGroupDraftName = Get-ResourceName
+ 
+    # AzureFirewallPolicyNatRuleCollection
+    $natRcName = "natRc"
+    $natRcName2 = "natRc2"
+    $natRcPriority = 100
+    $natRcActionType = "Dnat"
+ 
+    # AzureFirewallPolicyNatRule 1
+    $natRule1Name = "natRule"
+    $natRule1Desc = "desc1"
+    $natRule1SourceAddress1 = "10.0.0.0"
+    $natRule1SourceAddress2 = "111.1.0.0/24"
+    $natRule1Protocol1 = "UDP"
+    $natRule1Protocol2 = "TCP"
+    $natRule1DestinationAddress1 = "10.10.10.1"
+    $natRule1DestinationPort1 = "90"
+    $natRule1TranslatedFqdn = "server1.internal.com"
+    $natRule1TranslatedPort = "91"
+ 
+    $pipelineRcPriority = 154
+ 
+    try 
+    {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "testval" }
+        # Create AzureFirewallPolicy
+        $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location
+        # Get AzureFirewallPolicy
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+        # Create NAT rule
+        $natRule = New-AzFirewallPolicyNatRule -Name $natRule1Name -Description $natRule1Desc -Protocol $natRule1Protocol1, $natRule1Protocol2 -SourceAddress $natRule1SourceAddress1, $natRule1SourceAddress2 -DestinationAddress $natRule1DestinationAddress1 -DestinationPort $natRule1DestinationPort1 -TranslatedFqdn $natRule1TranslatedFqdn -TranslatedPort $natRule1TranslatedPort
+        # Create a NAT Rule Collection
+        $natRc = New-AzFirewallPolicyNatRuleCollection -Name $natRcName -ActionType $natRcActionType -Priority $natRcPriority -Rule $natRule
+        New-AzFirewallPolicyRuleCollectionGroup -Name $ruleGroupName -Priority 100 -RuleCollection $natRc -FirewallPolicyObject $azureFirewallPolicy
+        # Set AzureFirewallPolicy
+        Set-AzFirewallPolicy -InputObject $azureFirewallPolicy
+
+        # Create Policy Draft
+        New-AzFirewallPolicyDraft -AzureFirewallPolicyName $azureFirewallPolicyName -ResourceGroupName $rgname
+        # Create a NAT Rule Collection
+        $natRc2 = New-AzFirewallPolicyNatRuleCollection -Name $natRcName2 -ActionType $natRcActionType -Priority $natRcPriority -Rule $natRule
+        # Create RuleCollection Group Draft
+        New-AzFirewallPolicyRuleCollectionGroupDraft -AzureFirewallPolicyRuleCollectionGroupName $ruleGroupName -Priority 100 -RuleCollection $natRc2 -FirewallPolicyObject $azureFirewallPolicy
+        # Get AzureFirewallPolicy Rule Collection Group draft
+        $getAzureFirewallPolicyDraft = Get-AzFirewallPolicyDraft -AzureFirewallPolicyName $azureFirewallPolicyName -ResourceGroupName $rgName
+        $getAzureFirewallPolicyRuleCollectionGroupDraft = Get-AzFirewallPolicyRuleCollectionGroupDraft -AzureFirewallPolicyRuleCollectionGroupName $ruleGroupName -FirewallPolicyObject $azureFirewallPolicy
+  
+        # Verification
+        Assert-AreEqual 1 @($getAzureFirewallPolicyRuleCollectionGroupDraft.properties.ruleCollection).Count
+        $natRuleCollection = $getAzureFirewallPolicyRuleCollectionGroupDraft.Properties.GetRuleCollectionByName($natRcName2)
+ 
+        # Verify NAT rule collection and NAT rule
+        $natRule = $natRuleCollection.GetRuleByName($natRule1Name)
+ 
+        Assert-AreEqual $natRcName2 $natRuleCollection.Name
+        Assert-AreEqual $natRcPriority $natRuleCollection.Priority
+ 
+        Assert-AreEqual $natRule1Name $natRule.Name
+ 
+        Assert-AreEqual 2 $natRule.SourceAddresses.Count 
+        Assert-AreEqual $natRule1SourceAddress1 $natRule.SourceAddresses[0]
+        Assert-AreEqual $natRule1SourceAddress2 $natRule.SourceAddresses[1]
+ 
+        Assert-AreEqual 1 $natRule.DestinationAddresses.Count
+ 
+        Assert-AreEqual 2 $natRule.Protocols.Count
+        Assert-AreEqual $natRule1Protocol1 $natRule.Protocols[0]
+        Assert-AreEqual $natRule1Protocol2 $natRule.Protocols[1]
+ 
+        Assert-AreEqual 1 $natRule.DestinationPorts.Count
+        Assert-AreEqual $natRule1DestinationPort1 $natRule.DestinationPorts[0]
+ 
+        Assert-AreEqual $natRule1TranslatedFqdn $natRule.TranslatedFqdn
+        Assert-AreEqual $natRule1TranslatedPort $natRule.TranslatedPort
+        $testPipelineRg = Get-AzFirewallPolicyRuleCollectionGroupDraft -AzureFirewallPolicyRuleCollectionGroupName $ruleGroupName -AzureFirewallPolicyName $getAzureFirewallPolicy.Name -ResourceGroupName $rgname
+        $testPipelineRg|Set-AzFirewallPolicyRuleCollectionGroupDraft -Priority $pipelineRcPriority
+                
+        $testPipelineRg = Get-AzFirewallPolicyRuleCollectionGroupDraft -AzureFirewallPolicyRuleCollectionGroupName $ruleGroupName -AzureFirewallPolicyName $getAzureFirewallPolicy.Name -ResourceGroupName $rgname
+        Assert-AreEqual $pipelineRcPriority $testPipelineRg.properties.Priority
+ 
+        $azureFirewallPolicyAsJob = New-AzFirewallPolicy -Name $azureFirewallPolicyAsJobName -ResourceGroupName $rgname -Location $location -AsJob
+        $result = $azureFirewallPolicyAsJob | Wait-Job
+        Assert-AreEqual "Completed" $result.State
+        
+        # Deploy policy draft
+        Deploy-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname
+        # Get AzureFirewallPolicy
+        $getAzureFirewallPolicyRuleCollectionGroup = Get-AzFirewallPolicyRuleCollectionGroup -Name $ruleGroupName -ResourceGroupName $rgname -AzureFirewallPolicyName  $azureFirewallPolicyName
+        $getAzureFirewallPolicy = Get-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgName
+
+        # verification
+        Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
+        Assert-AreEqual $azureFirewallPolicyName $getAzureFirewallPolicy.Name
+        Assert-NotNull $getAzureFirewallPolicy.Location
+        Assert-AreEqual $location $getAzureFirewallPolicy.Location
+
+        # Check rule collection groups count
+        Assert-AreEqual 1 @($getAzureFirewallPolicy.RuleCollectionGroups).Count
+        Assert-AreEqual 1 @($getAzureFirewallPolicyRuleCollectionGroup.properties.ruleCollection).Count
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -212,5 +212,21 @@ public void TestAzureFirewallPolicyIDPSProfiles()`
`212`	`212`	`{`
`213`	`213`	`TestRunner.RunTestScript("Test-AzureFirewallPolicyIDPSProfiles");`
`214`	`214`	`}`
	`215`	`+`
	`216`	`+ [Fact]`
	`217`	`+ [Trait(Category.AcceptanceType, Category.CheckIn)]`
	`218`	`+ [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]`
	`219`	`+ public void TestAzureFirewallPolicyDraft()`
	`220`	`+ {`
	`221`	`+ TestRunner.RunTestScript("Test-AzureFirewallPolicyDraft");`
	`222`	`+ }`
	`223`	`+`
	`224`	`+ [Fact]`
	`225`	`+ [Trait(Category.AcceptanceType, Category.CheckIn)]`
	`226`	`+ [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]`
	`227`	`+ public void TestAzureFirewallPolicyRCGyDraft()`
	`228`	`+ {`
	`229`	`+ TestRunner.RunTestScript("Test-AzureFirewallPolicyRCGDraft");`
	`230`	`+ }`
`215`	`231`	`}`
`216`	`232`	`}`