Merge branch 'release-network-2022-11-01' of https://github.com/Azure/azure-powershell into release-network-2022-11-01

Author: MikhailTryakhov

.azure-pipelines/test-coverage.yml

@@ -111,14 +111,10 @@ jobs:
       pwsh: true
       targetType: inline
       script: |
+        git checkout -b testcoverage-baseline
         $blDir = "./tools/TestFx/Coverage"
         $blCsv = Join-Path -Path $blDir -ChildPath "Baseline.csv"
-        if (Test-Path -Path $blCsv) {
-          Remove-Item -Path $blCsv -Force
-        }
-
-        git checkout -b testcoverage-baseline
-        Copy-Item -Path "$(Pipeline.Workspace)/artifacts/TestCoverageAnalysis/Results/Baseline.csv" -Destination $blDir
+        Copy-Item -Path "$(Pipeline.Workspace)/artifacts/TestCoverageAnalysis/Results/Baseline.csv" -Destination $blDir -Force
         git config user.email "[email protected]"
         git config user.name "azure-powershell-bot"
         git add $blCsv

src/Accounts/Accounts/Utilities/CommandMappings.json

@@ -4261,6 +4261,7 @@
       "New-AzOffice365PolicyProperty": {},
       "Get-AzNetworkVirtualApplianceSku": {},
       "New-AzVirtualApplianceSkuProperty": {},
+      "New-AzVirtualApplianceAdditionalNicProperty": {},
       "New-AzCustomIpPrefix": {},
       "Update-AzCustomIpPrefix": {},
       "Get-AzCustomIpPrefix": {},

src/Network/Network.Management.Sdk/Generated/Generated/Models/NetworkVirtualAppliance.cs

@@ -73,7 +73,9 @@ public NetworkVirtualAppliance()
         /// to cloud-init and config blob.</param>
         /// <param name="etag">A unique read-only string that changes whenever
         /// the resource is updated.</param>
-        public NetworkVirtualAppliance(string id = default(string), string name = default(string), string type = default(string), string location = default(string), IDictionary<string, string> tags = default(IDictionary<string, string>), VirtualApplianceSkuProperties nvaSku = default(VirtualApplianceSkuProperties), string addressPrefix = default(string), IList<string> bootStrapConfigurationBlobs = default(IList<string>), SubResource virtualHub = default(SubResource), IList<string> cloudInitConfigurationBlobs = default(IList<string>), string cloudInitConfiguration = default(string), long? virtualApplianceAsn = default(long?), string sshPublicKey = default(string), IList<VirtualApplianceNicProperties> virtualApplianceNics = default(IList<VirtualApplianceNicProperties>), IList<SubResource> virtualApplianceSites = default(IList<SubResource>), IList<SubResource> inboundSecurityRules = default(IList<SubResource>), string provisioningState = default(string), string deploymentType = default(string), DelegationProperties delegation = default(DelegationProperties), PartnerManagedResourceProperties partnerManagedResource = default(PartnerManagedResourceProperties), ManagedServiceIdentity identity = default(ManagedServiceIdentity), string etag = default(string))
+        /// <param name="additionalNic">A unique read-only string that changes whenever
+        /// the resource is updated.</param>
+        public NetworkVirtualAppliance(string id = default(string), string name = default(string), string type = default(string), string location = default(string), IDictionary<string, string> tags = default(IDictionary<string, string>), VirtualApplianceSkuProperties nvaSku = default(VirtualApplianceSkuProperties), string addressPrefix = default(string), IList<string> bootStrapConfigurationBlobs = default(IList<string>), SubResource virtualHub = default(SubResource), IList<string> cloudInitConfigurationBlobs = default(IList<string>), string cloudInitConfiguration = default(string), long? virtualApplianceAsn = default(long?), string sshPublicKey = default(string), IList<VirtualApplianceNicProperties> virtualApplianceNics = default(IList<VirtualApplianceNicProperties>), IList<SubResource> virtualApplianceSites = default(IList<SubResource>), IList<SubResource> inboundSecurityRules = default(IList<SubResource>), string provisioningState = default(string), string deploymentType = default(string), DelegationProperties delegation = default(DelegationProperties), PartnerManagedResourceProperties partnerManagedResource = default(PartnerManagedResourceProperties), ManagedServiceIdentity identity = default(ManagedServiceIdentity), string etag = default(string), IList<VirtualApplianceAdditionalNicProperties> additionalNic = null)
             : base(id, name, type, location, tags)
         {
             NvaSku = nvaSku;
@@ -94,6 +96,7 @@ public NetworkVirtualAppliance()
             Identity = identity;
             Etag = etag;
             CustomInit();
+            VirtualApplianceAdditionalNic = additionalNic;
         }
 
         /// <summary>
@@ -208,6 +211,13 @@ public NetworkVirtualAppliance()
         [JsonProperty(PropertyName = "etag")]
         public string Etag { get; private set; }
 
+        /// <summary>
+        /// List of Virtual Appliance Additional Network Interfaces.
+        /// </summary>
+        [JsonProperty(PropertyName = "properties.virtualApplianceAdditionalNics")]
+        public IList<VirtualApplianceAdditionalNicProperties> VirtualApplianceAdditionalNic { get; set; }
+
+
         /// <summary>
         /// Validate the object.
         /// </summary>

src/Network/Network.Management.Sdk/Generated/Generated/Models/VirtualApplianceAdditionalNicProperties.cs

@@ -0,0 +1,65 @@
+// <auto-generated>
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for
+// license information.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is
+// regenerated.
+// </auto-generated>
+
+namespace Microsoft.Azure.Management.Network.Models
+{
+    using Newtonsoft.Json;
+    using System.Linq;
+
+    /// <summary>
+    /// Network Virtual Appliance Additional Nic Properties
+    /// </summary>
+    /// <remarks>
+    /// Network Virtual Appliance Additional NIC properties.
+    /// </remarks>
+    public partial class VirtualApplianceAdditionalNicProperties
+    {
+        /// <summary>
+        /// Initializes a new instance of the
+        /// VirtualApplianceAdditionalNicProperties class.
+        /// </summary>
+        public VirtualApplianceAdditionalNicProperties()
+        {
+            CustomInit();
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the
+        /// VirtualApplianceAdditionalNicProperties class.
+        /// </summary>
+        /// <param name="name">Customer Name for additional nic</param>
+        /// <param name="hasPublicIp">Customer Intent for Public Ip on
+        /// additional nic</param>
+        public VirtualApplianceAdditionalNicProperties(string name = default(string), bool? hasPublicIp = default(bool?))
+        {
+            Name = name;
+            HasPublicIp = hasPublicIp;
+            CustomInit();
+        }
+
+        /// <summary>
+        /// An initialization method that performs custom operations like setting defaults
+        /// </summary>
+        partial void CustomInit();
+
+        /// <summary>
+        /// Gets or sets customer Name for additional nic
+        /// </summary>
+        [JsonProperty(PropertyName = "name")]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or sets customer Intent for Public Ip on additional nic
+        /// </summary>
+        [JsonProperty(PropertyName = "hasPublicIp")]
+        public bool? HasPublicIp { get; set; }
+
+    }
+}

src/Network/Network.Test/Network.Test.csproj

@@ -23,6 +23,7 @@
     <PackageReference Include="Microsoft.Azure.Management.OperationalInsights" Version="0.25.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.ManagedServiceIdentity" Version="0.10.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.Storage" Version="25.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="26.0.0" />
   </ItemGroup>
 
   <ItemGroup>
@@ -49,9 +50,6 @@
   <ItemGroup>
     <Folder Include="SessionRecords\Commands.Network.Test.ScenarioTests.NetworkManagerTests\" />
   </ItemGroup>
-  
-  <ItemGroup>
-    <ProjectReference Include="..\Network.Management.Sdk\Network.Management.Sdk.csproj" />
-  </ItemGroup>
 
 </Project>
+

src/Network/Network.Test/NrpTeamAlias.cs

@@ -85,5 +85,8 @@ class NrpTeamAlias
         // Windows Azure NRP dev team
         public const string wanrpdev = "wanrpdev";
         public const string wanrpdev_subset1 = "wanrpdev_subset1";
+
+        //NVA Network Virtual Appliance Team
+        public const string nvaengdev = "nvaeng";
     }
 }

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs

@@ -156,6 +156,14 @@ public void TestApplicationGatewayWithFirewallPolicy()
             TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayWithFirewallPolicy -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)]
+        public void TestApplicationGatewayWithFirewallPolicyWithLogScrubbing()
+        {
+            TestRunner.RunTestScript(string.Format("Test-ApplicationGatewayFirewallPolicyWithLogScrubbing -baseDir '{0}'", AppDomain.CurrentDomain.BaseDirectory));
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)]
@@ -237,6 +245,13 @@ public void TestApplicationGatewayFirewallPolicyWithCustomRules()
             TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyWithCustomRules");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)]
+        public void TestApplicationGatewayFirewallPolicyWithRateLimitRule()
+        {
+            TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyWithRateLimitRule");
+        }
 
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]

src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -3477,6 +3477,55 @@ function Test-ApplicationGatewayFirewallPolicyWithPerRuleExclusions
 	}
 }
 
+<#
+.SYNOPSIS
+Application gateway v2 waf policy with log scrubbing
+#>
+function Test-ApplicationGatewayFirewallPolicyWithLogScrubbing
+{
+	# Setup
+	$location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "West US 2"
+
+	$rgname = Get-ResourceGroupName
+	$wafPolicyName = Get-ResourceName
+
+	try
+	{
+		$resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"}
+		
+		# WAF Policy and Custom Rule
+		$variable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestHeaders -Selector Content-Length
+		$condition =  New-AzApplicationGatewayFirewallCondition -MatchVariable $variable -Operator GreaterThan -MatchValue 1000 -Transform Lowercase -NegationCondition $False
+		$logScrubbingRule1 = New-AzApplicationGatewayFirewallPolicyLogScrubbingRule -State Enabled -MatchVariable RequestArgNames -SelectorMatchOperator Equals -Selector test
+		$logScrubbingRule2 = New-AzApplicationGatewayFirewallPolicyLogScrubbingRule -State Enabled -MatchVariable RequestIPAddress -SelectorMatchOperator EqualsAny
+		$logScrubbingRuleConfig = New-AzApplicationGatewayFirewallPolicyLogScrubbingConfiguration -State Enabled -ScrubbingRule $logScrubbingRule1, $logScrubbingRule2
+		$policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 4000 -MaxRequestBodySizeInKb 2000 -LogScrubbing $logScrubbingRuleConfig
+		$managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2"
+		$managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet
+		New-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname -Location $location -ManagedRule $managedRule -PolicySetting $policySettings
+	
+		$policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname
+
+		# Check firewall policy
+		Assert-AreEqual $policy.PolicySettings.FileUploadLimitInMb $policySettings.FileUploadLimitInMb
+		Assert-AreEqual $policy.PolicySettings.MaxRequestBodySizeInKb $policySettings.MaxRequestBodySizeInKb
+		Assert-AreEqual $policy.PolicySettings.RequestBodyCheck $policySettings.RequestBodyCheck
+		Assert-AreEqual $policy.PolicySettings.Mode $policySettings.Mode
+		Assert-AreEqual $policy.PolicySettings.State $policySettings.State
+		Assert-AreEqual $policy.PolicySettings.LogScrubbing.ScrubbingRules.Count 2
+		Assert-AreEqual $policy.PolicySettings.LogScrubbing.ScrubbingRules[0].State $policySettings.LogScrubbing.ScrubbingRules[0].State
+		Assert-AreEqual $policy.PolicySettings.LogScrubbing.ScrubbingRules[0].MatchVariable $policySettings.LogScrubbing.ScrubbingRules[0].MatchVariable
+		Assert-AreEqual $policy.PolicySettings.LogScrubbing.ScrubbingRules[0].SelectorMatchOperator $policySettings.LogScrubbing.ScrubbingRules[0].SelectorMatchOperator
+		Assert-AreEqual $policy.PolicySettings.LogScrubbing.ScrubbingRules[0].Selector $policySettings.LogScrubbing.ScrubbingRules[0].Selector
+
+	}
+	finally
+	{
+		# Cleanup
+		Clean-ResourceGroup $rgname
+	}
+}
+
 <#
 .SYNOPSIS
 This case tests the per-listener HostNames feature.
@@ -4245,6 +4294,62 @@ function Test-ApplicationGatewayFirewallPolicyWithCustomRules
 	}
 }
 
+function Test-ApplicationGatewayFirewallPolicyWithRateLimitRule
+{
+	# Setup
+	$location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "West US 2"
+	$rgname = Get-ResourceGroupName
+	$wafPolicyName = "wafPolicy1"
+
+	try {
+		
+		$resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"}
+
+		# WAF Policy with rate limiting rule custom Rule
+		$variable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestHeaders -Selector Malicious-Header
+		$condition =  New-AzApplicationGatewayFirewallCondition -MatchVariable $variable -Operator Any -NegationCondition $False
+		$groupbyVar = New-AzApplicationGatewayFirewallCustomRuleGroupByVariable -VariableName ClientAddr 
+		$groupbyUserSes = New-AzApplicationGatewayFirewallCustomRuleGroupByUserSession -GroupByVariable $groupbyVar
+		$customRule = New-AzApplicationGatewayFirewallCustomRule -Name example -Priority 2 -RateLimitDuration OneMin -RateLimitThreshold 10 -RuleType RateLimitRule -MatchCondition $condition -GroupByUserSession $groupbyUserSes -Action Block
+
+		$policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70
+		$managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2"
+		$managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet 
+		New-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname -Location $location -ManagedRule $managedRule -PolicySetting $policySettings -CustomRule $customRule
+
+		$policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname
+
+		# Check WAF policy
+		Assert-AreEqual $policy.CustomRules[0].Name $customRule.Name
+		Assert-AreEqual $policy.CustomRules[0].RuleType $customRule.RuleType
+		Assert-AreEqual $policy.CustomRules[0].Action $customRule.Action
+		Assert-AreEqual $policy.CustomRules[0].Priority $customRule.Priority
+		Assert-AreEqual $policy.CustomRules[0].RateLimitDuration $customRule.RateLimitDuration
+		Assert-AreEqual $policy.CustomRules[0].RateLimitThreshold $customRule.RateLimitThreshold
+		Assert-AreEqual $policy.CustomRules[0].State "Enabled"
+		Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].OperatorProperty $customRule.MatchConditions[0].OperatorProperty
+		Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].NegationConditon $customRule.MatchConditions[0].NegationConditon
+		Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].VariableName $customRule.MatchConditions[0].MatchVariables[0].VariableName
+		Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].Selector $customRule.MatchConditions[0].MatchVariables[0].Selector
+		Assert-AreEqual $policy.CustomRules[0].GroupByUserSession[0].GroupByVariables[0].VariableName $customRule.GroupByUserSession[0].GroupByVariables[0].VariableName
+		Assert-AreEqual $policy.PolicySettings.FileUploadLimitInMb $policySettings.FileUploadLimitInMb
+		Assert-AreEqual $policy.PolicySettings.MaxRequestBodySizeInKb $policySettings.MaxRequestBodySizeInKb
+		Assert-AreEqual $policy.PolicySettings.RequestBodyCheck $policySettings.RequestBodyCheck
+		Assert-AreEqual $policy.PolicySettings.Mode $policySettings.Mode
+		Assert-AreEqual $policy.PolicySettings.State $policySettings.State
+
+		$policy.CustomRules[0].State = "Disabled"
+		Set-AzApplicationGatewayFirewallPolicy -InputObject $policy
+		$policy1 = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname
+		Assert-AreEqual $policy1.CustomRules[0].State "Disabled"
+	}
+	finally
+	{
+		# Cleanup
+		Clean-ResourceGroup $rgname
+	}
+}
+
 function Test-ApplicationGatewayFirewallPolicyWithUppercaseTransform
 {
 	# Setup

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.cs

@@ -180,5 +180,13 @@ public void TestAzureFirewallSnat()
         {
             TestRunner.RunTestScript("Test-AzureFirewallSnat");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallPolicyApplicationRuleCustomHttpHeader()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallPolicyApplicationRuleCustomHttpHeader");
+        }
     }
 }