Add new commandlet 'Add-AzServiceFabricManagedClusterNetworkSecurityRule' (#21687)

* new AddNetworkSecurityRule command

* Adding tests for new command

* Adding new commandlet 'Add-AzServiceFabricManagedNetworkSecurityRule'

* delete unused files

* Adding enum and updating naming of parameters

* Adding enum files and updating help notes

* More updates

* Updating enum names

* add test session json

* Adding previously removed value back to accepted OS values

* Updating help notes

* Fixing example parameters

* reverting to old file

* changing 'WithPramsByName' to 'WithParamsByName'

* more updates

Author: mwesigwaguma

src/Accounts/Accounts/Utilities/CommandMappings.json

@@ -5599,6 +5599,7 @@
       "Set-AzServiceFabricManagedCluster": {},
       "Remove-AzServiceFabricManagedCluster": {},
       "Add-AzServiceFabricManagedClusterClientCertificate": {},
+      "Add-AzServiceFabricManagedClusterNetworkSecurityRule": {},
       "Remove-AzServiceFabricManagedClusterClientCertificate": {},
       "New-AzServiceFabricManagedNodeType": {},
       "Get-AzServiceFabricManagedNodeType": {},

src/ServiceFabric/ServiceFabric.Test/ScenarioTests/ServiceFabricManagedClustersTests.cs

@@ -47,5 +47,12 @@ public void TestCertAndExtension()
         {
             TestRunner.RunTestScript("Test-CertAndExtension");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestAddNetworkSecurityRule() 
+        {
+            TestRunner.RunTestScript("Test-AddNetworkSecurityRule");
+        }
     }
 }

src/ServiceFabric/ServiceFabric.Test/ScenarioTests/ServiceFabricManagedClustersTests.ps1

@@ -143,4 +143,89 @@ function Test-CertAndExtension
 
 	$removeResponse = $cluster | Remove-AzServiceFabricManagedCluster -PassThru
 	Assert-True { $removeResponse }
+}
+
+# new network security rule test
+function Test-AddNetworkSecurityRule
+{
+	$resourceGroupName = "sfmcps-rg-" + (getAssetname)
+	$clusterName = "sfmcps-" + (getAssetname)
+	$pass = (ConvertTo-SecureString -AsPlainText -Force "TestPass1234!@#")
+	$location = "southcentralus"
+	$testClientTp = "123BDACDCDFB2C7B250192C6078E47D1E1DB119B"
+	Assert-ThrowsContains { Get-AzServiceFabricManagedCluster -ResourceGroupName $resourceGroupName -Name $clusterName } "NotFound"
+
+	$tags = @{"test"="tag"}
+
+	$cluster = New-AzServiceFabricManagedCluster -ResourceGroupName $resourceGroupName -ClusterName $clusterName -Location $location `
+		-AdminPassword $pass -Sku Basic -ClientCertThumbprint $testClientTp -Tag $tags -Verbose
+	Assert-AreEqual "Succeeded" $cluster.ProvisioningState 
+	Assert-AreEqual "Automatic" $cluster.ClusterUpgradeMode
+
+	$pnt = New-AzServiceFabricManagedNodeType -ResourceGroupName $resourceGroupName -ClusterName $clusterName -Name pnt -InstanceCount 5 -DiskType Standard_LRS -Primary
+	Assert-AreEqual 5 $pnt.VmInstanceCount
+	Assert-AreEqual "Standard_LRS" $pnt.DataDiskType
+
+
+	$clusterFromGet = Get-AzServiceFabricManagedCluster -ResourceGroupName $resourceGroupName -Name $clusterName
+	Assert-AreEqual "Ready" $clusterFromGet.ClusterState
+
+	$NSRName = "testSecRule1"
+	$sourcePortRanges = "1-1000"
+	$destinationPortRanges = "1-65535"
+	$destinationAddressPrefixes = "194.69.104.0/25", "194.69.119.64/26", "167.220.249.128/26", "255.255.255.255/32"
+	$sourceAddressPrefixes = "167.220.242.0/27", "167.220.0.0/23", "131.107.132.16/28", "167.220.81.128/26"
+
+	$cluster = Add-AzServiceFabricManagedClusterNetworkSecurityRule -ResourceGroupName $resourceGroupName -ClusterName $clusterName `
+			-Name $NSRName -Access Allow -Direction Inbound -Protocol tcp -Priority 1200 -SourcePortRange $sourcePortRanges -DestinationPortRange $destinationPortRanges -DestinationAddressPrefix $destinationAddressPrefixes -SourceAddressPrefix $sourceAddressPrefixes -Verbose
+
+	$clusterFromGet = Get-AzServiceFabricManagedCluster -ResourceGroupName $resourceGroupName -Name $clusterName
+
+	Assert-NotNull $clusterFromGet.NetworkSecurityRules
+	Assert-AreEqual "allow" $clusterFromGet.NetworkSecurityRules[0].Access
+	Assert-AreEqual "inbound" $clusterFromGet.NetworkSecurityRules[0].Direction
+	Assert-AreEqual "tcp" $clusterFromGet.NetworkSecurityRules[0].Protocol
+	Assert-AreEqual "testSecRule1" $clusterFromGet.NetworkSecurityRules[0].Name
+	Assert-AreEqual "194.69.104.0/25" $clusterFromGet.NetworkSecurityRules[0].DestinationAddressPrefixes[0]
+	Assert-AreEqual $SourceAddressPrefixes.Count $clusterFromGet.NetworkSecurityRules[0].SourceAddressPrefixes.Count
+
+	$NSRName = "testSecRule2"
+	$sourcePortRanges = "1-1000"
+	$destinationPortRanges = "1-65535"
+	$destinationAddressPrefixes = "194.69.104.0/25", "194.69.119.64/26", "167.220.249.128/26", "255.255.255.255/32"
+	$sourceAddressPrefixes = "167.220.242.0/27", "167.220.0.0/23", "131.107.132.16/28", "167.220.81.128/26"
+
+	$cluster = Add-AzServiceFabricManagedClusterNetworkSecurityRule -ResourceGroupName $resourceGroupName -ClusterName $clusterName `
+			-Name $NSRName -Access Deny -Direction Outbound -Protocol udp -Priority 1300 -SourcePortRange $sourcePortRanges -DestinationPortRange $destinationPortRanges -DestinationAddressPrefix $destinationAddressPrefixes -SourceAddressPrefix $sourceAddressPrefixes -Verbose
+
+	$clusterFromGet = Get-AzServiceFabricManagedCluster -ResourceGroupName $resourceGroupName -Name $clusterName
+
+	Assert-NotNull $clusterFromGet.NetworkSecurityRules
+	Assert-AreEqual "testSecRule2" $clusterFromGet.NetworkSecurityRules[1].Name
+	Assert-AreEqual "outbound" $clusterFromGet.NetworkSecurityRules[1].Direction
+	Assert-AreEqual "udp" $clusterFromGet.NetworkSecurityRules[1].Protocol
+	Assert-AreEqual "194.69.119.64/26" $clusterFromGet.NetworkSecurityRules[1].DestinationAddressPrefixes[1]
+	Assert-AreEqual "167.220.81.128/26" $clusterFromGet.NetworkSecurityRules[1].SourceAddressPrefixes[3]
+
+	$NSRName = "testSecRule3"
+	$description = "test network security rule"
+	$sourcePortRanges = "1-1000"
+	$destinationPortRanges = "1-65535"
+	$destinationAddressPrefixes = "194.69.104.0/25", "194.69.119.64/26", "167.220.249.128/26", "255.255.255.255/32"
+	$sourceAddressPrefixes = "167.220.242.0/27", "167.220.0.0/23", "131.107.132.16/28", "167.220.81.128/26"
+
+	$cluster = $clusterFromGet | Add-AzServiceFabricManagedClusterNetworkSecurityRule `
+			-Name $NSRName -Access Allow -Description $description -Direction Outbound -Protocol any -Priority 1400 -SourcePortRange $sourcePortRanges -DestinationPortRange $destinationPortRanges -DestinationAddressPrefix $destinationAddressPrefixes -SourceAddressPrefix $sourceAddressPrefixes -Verbose
+
+	$clusterFromGet = Get-AzServiceFabricManagedCluster -ResourceGroupName $resourceGroupName -Name $clusterName
+
+	Assert-NotNull $clusterFromGet.NetworkSecurityRules
+	Assert-AreEqual "testSecRule3" $clusterFromGet.NetworkSecurityRules[2].Name
+	Assert-AreEqual "allow" $clusterFromGet.NetworkSecurityRules[2].Access
+	Assert-AreEqual "*" $clusterFromGet.NetworkSecurityRules[2].Protocol
+	Assert-AreEqual "1-1000" $clusterFromGet.NetworkSecurityRules[2].SourcePortRanges[0]
+	Assert-AreEqual 4 $clusterFromGet.NetworkSecurityRules[2].DestinationAddressPrefixes.Count
+	Assert-AreEqual 4 $clusterFromGet.NetworkSecurityRules[2].SourceAddressPrefixes.Count
+
+	Assert-AreEqual 3 $clusterFromGet.NetworkSecurityRules.Count
 }