Add IP rule cmdlets

Author: Y-Sindo

src/SignalR/SignalR.Test/ScenarioTests/AzureRmSignalRTests.cs

@@ -57,5 +57,12 @@ public void TestAzureRmSignalRCustomCertificateAndCustomDomain() =>
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestAzSignalRReplica() =>
             TestRunner.RunTestScript("Test-AzSignalRReplica");
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestAzSignalRNetworkIpRule()
+        {
+            TestRunner.RunTestScript("Test-AzSignalRNetworkIpRule");
+        }
     }
 }

src/SignalR/SignalR.Test/ScenarioTests/AzureRmSignalRTests.ps1

@@ -73,7 +73,7 @@ function Test-AzureRmSignalR
         $newKeys1 = Get-AzSignalRKey -ResourceGroupName $resourceGroupName -Name $signalrName
         Assert-NotNull $newKeys1
 
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Assert-AreNotEqual $keys.PrimaryKey $newKeys1.PrimaryKey
             Assert-AreNotEqual $keys.PrimaryConnectionString $newKeys1.PrimaryConnectionString
@@ -89,7 +89,7 @@ function Test-AzureRmSignalR
         Assert-NotNull $newKeys2
         Assert-AreEqual $newKeys1.PrimaryKey $newKeys2.PrimaryKey
         Assert-AreEqual $newKeys1.PrimaryConnectionString $newKeys2.PrimaryConnectionString
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Assert-AreNotEqual $newKeys1.SecondaryKey $newKeys2.SecondaryKey
             Assert-AreNotEqual $newKeys1.SecondaryConnectionString $newKeys2.SecondaryConnectionString
@@ -159,7 +159,7 @@ function Test-AzureRmSignalRWithDefaultArgs
         # The following two lines don't work in "playback" mode because all the connection strings are sanitized to the same value.
         # If test mode is playback , skip the test
 
-        if( GetTestMode -eq "Record" )
+        if( $env:AZURE_TEST_MODE -eq "Record" )
         {
             Assert-AreNotEqual $keys.PrimaryKey $newKeys1.PrimaryKey
             Assert-AreNotEqual $keys.PrimaryConnectionString $newKeys1.PrimaryConnectionString
@@ -498,43 +498,43 @@ function Test-AzureRmSignalRCustomCertificateAndCustomDomain
 
         # ===== Remove domain =====
         # Remove domain via resource group parameter set
-        $result = Remove-AzSignalRCustomDomain -ResourceGroupName $resourceGroupName -SignalRName $signalrName -Name "domain1"
+        $result = Remove-AzSignalRCustomDomain -ResourceGroupName $resourceGroupName -SignalRName $signalrName -Name "domain1" -PassThru
         Assert-True { $result }
 
         # Remove domain via SignalR object parameter set
-        $result = $signalr | Remove-AzSignalRCustomDomain -Name "domain2"
+        $result = $signalr | Remove-AzSignalRCustomDomain -Name "domain2" -PassThru
         Assert-True { $result }
 
         # Remove domain via input object parameter set
         $domain3 = $signalr | New-AzSignalRCustomDomain -Name "domain3" -DomainName $customDomainName -CustomCertificateId $cert1.Id
-        $result = $domain3 | Remove-AzSignalRCustomDomain
+        $result = $domain3 | Remove-AzSignalRCustomDomain -PassThru
         Assert-True { $result }
 
         # Remove domain via Resource ID parameter set
         $domain4 = $signalr | New-AzSignalRCustomDomain -Name "domain4" -DomainName $customDomainName -CustomCertificateId $cert1.Id
         $domain4Resource = [pscustomobject]@{ResourceId = $domain4.Id }
-        $result = $domain4Resource | Remove-AzSignalRCustomDomain
+        $result = $domain4Resource | Remove-AzSignalRCustomDomain -PassThru
         Assert-True { $result }
 
         # ====== Remove cert =====
 
         # Remove the certificate via resource group parameter set
-        $result = Remove-AzSignalRCustomCertificate -ResourceGroupName $resourceGroupName -SignalRName $signalrName -Name "cert1"
+        $result = Remove-AzSignalRCustomCertificate -ResourceGroupName $resourceGroupName -SignalRName $signalrName -Name "cert1" -PassThru
         Assert-True { $result }
 
         # Remove the certificate via SignalR object parameter set
-        $result = $signalr | Remove-AzSignalRCustomCertificate -Name "cert2"
+        $result = $signalr | Remove-AzSignalRCustomCertificate -Name "cert2" -PassThru
         Assert-True { $result }
 
         # Remove the certificate via input Object parameter set
         $cert2 = $signalr | New-AzSignalRCustomCertificate -Name "cert2" -KeyVaultBaseUri $keyVaultBaseUri -KeyVaultSecretName $keyVaultSecretName
-        $result = $cert2 | Remove-AzSignalRCustomCertificate
+        $result = $cert2 | Remove-AzSignalRCustomCertificate -PassThru
         Assert-True { $result }
 
         # Remove the certificate via Resource ID parameter set
         $cert2 = $signalr | New-AzSignalRCustomCertificate -Name "cert2" -KeyVaultBaseUri $keyVaultBaseUri -KeyVaultSecretName $keyVaultSecretName
         $certResource3 = [pscustomobject]@{ResourceId = $cert2.Id }
-        $result = $certResource3 | Remove-AzSignalRCustomCertificate
+        $result = $certResource3 | Remove-AzSignalRCustomCertificate -PassThru
         Assert-True { $result }
 
     } finally
@@ -571,7 +571,7 @@ function Test-AzSignalRReplica
         Assert-AreEqual 2 $replica1.Sku.Capacity
 
         # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -592,7 +592,7 @@ function Test-AzSignalRReplica
         Assert-AreEqual 2 $replicas.Count
 
         # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -602,7 +602,7 @@ function Test-AzSignalRReplica
         Assert-AreEqual "Disabled" $updatedReplica.RegionEndpointEnabled
 
         # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -612,7 +612,7 @@ function Test-AzSignalRReplica
         Assert-True { $result }
 
         # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -623,7 +623,7 @@ function Test-AzSignalRReplica
         Assert-True { $result }
 
         # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -633,7 +633,7 @@ function Test-AzSignalRReplica
         Assert-True { $result }
 
          # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -643,7 +643,7 @@ function Test-AzSignalRReplica
         Assert-True { $result }
 
         # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -653,7 +653,7 @@ function Test-AzSignalRReplica
         Assert-True { $result }
 
         # Replica may be in "updating" internally, wait until update finishes.
-        if( GetTestMode -eq "Record")
+        if( $env:AZURE_TEST_MODE -eq "Record")
         {
             Start-Sleep -Seconds 120
         }
@@ -756,4 +756,42 @@ function Remove-Environment
         [string] $resourceGroupName
     )
     Remove-AzResourceGroup -Name $resourceGroupName
+}
+
+<#!
+.SYNOPSIS
+Test IP rule cmdlets for SignalR (New/Add/Remove-AzSignalRNetworkIpRule).
+#>
+function Test-AzSignalRNetworkIpRule
+{
+    $location = Get-ProviderLocation "Microsoft.SignalRService/SignalR"
+    $nameSuffix = "iprule-test"
+    $resourceGroupName = Get-RandomResourceGroupName $nameSuffix
+    $signalrName = Get-RandomSignalRName  $nameSuffix
+
+    New-AzResourceGroup -Name $resourceGroupName -Location $location
+    $signalr = New-AzSignalR -ResourceGroupName $resourceGroupName -Name $signalrName -Sku "Premium_P1"
+
+    # Create IP rule objects
+    $rule1 = New-AzSignalRNetworkIpRuleObject -Value "10.1.0.0/16" -Action Allow
+    $rule2 = New-AzSignalRNetworkIpRuleObject -Value "20.2.2.2" -Action Deny
+
+    # a. Add via resource group parameter set
+    $acls = Add-AzSignalRNetworkIpRule -ResourceGroupName $resourceGroupName -Name $signalrName -IpRule $rule1, $rule2
+    Assert-NotNull $acls
+    Assert-AreEqual 4 $acls.IPRules.Count
+    Assert-True { $acls.IPRules | Where-Object { $_.Value -eq "10.1.0.0/16" -and $_.Action -eq "Allow" } }
+    Assert-True { $acls.IPRules | Where-Object { $_.Value -eq "20.2.2.2" -and $_.Action -eq "Deny" } }
+
+    # Remove one via resource group parameter set
+    $acls = Remove-AzSignalRNetworkIpRule -ResourceGroupName $resourceGroupName -Name $signalrName -IpRule $rule1
+    Assert-AreEqual 3 $acls.IPRules.Count
+    Assert-False { $acls.IPRules | Where-Object { $_.Value -eq "10.1.0.0/16" } }
+
+    # Remove one via resource ID parameter set
+    $signalr = Get-AzSignalR -ResourceGroupName $resourceGroupName -Name $signalrName
+    $acls = Remove-AzSignalRNetworkIpRule -ResourceId $signalr.Id -IpRule $rule2
+    Assert-AreEqual 2 $acls.IPRules.Count
+    Assert-False { $acls.IPRules | Where-Object { $_.Value -eq "20.2.2.2" } }
+
 }

src/SignalR/SignalR.Test/ScenarioTests/Common.ps1

@@ -73,20 +73,4 @@ function Get-ProviderLocation([string]$provider)
 	}
 
 	return "East US"
-}
-
-<#
-.SYNOPSIS
-Gets the current test mode, either "Record" or "Playback"
-#>
-function GetTestMode()
-{
-	if( $env:AZURE_TEST_MODE -eq "Record" )
-	{
-		return "Record"
-	}
-	else
-	{
-		return "Playback"
-	}
 }

src/SignalR/SignalR.Test/SessionRecords/Microsoft.Azure.Commands.SignalR.Test.ScenarioTests.AzureRmSignalRTests/TestAzSignalRNetworkIpRule.json

@@ -94,7 +94,8 @@ CmdletsToExport = 'Get-AzSignalR', 'Get-AzSignalRKey', 'Get-AzSignalRUsage',
                'Update-AzSignalR', 'Update-AzSignalRNetworkAcl', 
                'New-AzSignalRCustomDomain', 'Get-AzSignalRCustomDomain', 'Remove-AzSignalRCustomDomain', 'Update-AzSignalRCustomDomain',
                'New-AzSignalRCustomCertificate', 'Get-AzSignalRCustomCertificate', 'Remove-AzSignalRCustomCertificate',
-               'Get-AzSignalRReplica', 'New-AzSignalRReplica', 'Remove-AzSignalRReplica', 'Restart-AzSignalRReplica', 'Start-AzSignalRReplica', 'Stop-AzSignalRReplica', 'Update-AzSignalRReplica'
+               'Get-AzSignalRReplica', 'New-AzSignalRReplica', 'Remove-AzSignalRReplica', 'Restart-AzSignalRReplica', 'Start-AzSignalRReplica', 'Stop-AzSignalRReplica', 'Update-AzSignalRReplica',
+               'New-AzSignalRNetworkIpRuleObject', 'Remove-AzSignalRNetworkIpRule', 'Add-AzSignalRNetworkIpRule'
 
 # Variables to export from this module
 # VariablesToExport = @()

src/SignalR/SignalR/Az.SignalR.psd1

@@ -26,6 +26,10 @@
     - Start-AzSignalRReplica: start a SignalR replica
     - Stop-AzSignalRReplica: stop a SignalR replica
     - Update-AzSignalRReplica: update a SignalR replica
+* Added cmdlets for managing network IP rules
+    - New-AzSignalRNetworkIpRuleObject: create a new network IP rule object for SignalR
+    - Add-AzSignalRNetworkIpRule: add network IP rule(s) to SignalR
+    - Remove-AzSignalRNetworkIpRule: remove network IP rule(s) from SignalR
 
 ## Version 2.2.0
 * Added cmdlets for managing custom domains: `New-AzSignalRCustomDomain`, `Get-AzSignalRCustomDomain`, `Remove-AzSignalRCustomDomain`, `Update-AzSignalRCustomDomain`

src/SignalR/SignalR/ChangeLog.md

@@ -0,0 +1,91 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Commands.SignalR.Models;
+using Microsoft.Azure.Commands.SignalR.Properties;
+using Microsoft.Azure.Management.SignalR;
+
+namespace Microsoft.Azure.Commands.SignalR.Cmdlets
+{
+    [Cmdlet("Add", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SignalRNetworkIpRule", SupportsShouldProcess = true, DefaultParameterSetName = ResourceGroupParameterSet)]
+    [OutputType(typeof(PSSignalRNetworkAcls))]
+    public class AddAzureRmSignalRNetworkIpRule : SignalRCmdletBase, IWithResourceId, IWithSignalRInputObject
+    {
+        [Parameter(Mandatory = false, ParameterSetName = ResourceGroupParameterSet, HelpMessage = "The resource group name. The default one will be used if not specified.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty]
+        public override string ResourceGroupName { get; set; }
+
+        [Parameter(Mandatory = true, Position = 0, ParameterSetName = ResourceGroupParameterSet, HelpMessage = "The SignalR service name.")]
+        [ValidateNotNullOrEmpty]
+        [ResourceNameCompleter(Constants.SignalRResourceType, nameof(ResourceGroupName))]
+        public string Name { get; set; }
+
+        [Parameter(Mandatory = true, ParameterSetName = ResourceIdParameterSet, ValueFromPipelineByPropertyName = true, HelpMessage = "The SignalR service resource ID.")]
+        [ValidateNotNullOrEmpty]
+        public string ResourceId { get; set; }
+
+        [Parameter(Mandatory = true, ParameterSetName = InputObjectParameterSet, ValueFromPipeline = true, HelpMessage = "The SignalR resource object.")]
+        [ValidateNotNull]
+        public PSSignalRResource InputObject { get; set; }
+
+        [Parameter(Mandatory = true, ParameterSetName = ResourceIdParameterSet, ValueFromPipeline = true, HelpMessage = "IP rule object(s) created by New-AzSignalRNetworkIpRule.")]
+        [Parameter(Mandatory = true, ParameterSetName = ResourceGroupParameterSet, ValueFromPipeline = true, HelpMessage = "IP rule object(s) created by New-AzSignalRNetworkIpRule.")]
+        [Parameter(Mandatory = true, ParameterSetName = InputObjectParameterSet, ValueFromPipeline = true, HelpMessage = "IP rule object(s) created by New-AzSignalRNetworkIpRule.")]
+        [ValidateNotNull]
+        public PSIpRule[] IpRule { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+
+            RunCmdlet(() =>
+            {
+                switch (ParameterSetName)
+                {
+                    case ResourceGroupParameterSet:
+                        ResolveResourceGroupName();
+                        break;
+                    case ResourceIdParameterSet:
+                        this.LoadFromResourceId();
+                        break;
+                    case InputObjectParameterSet:
+                        this.LoadFromSignalRInputObject();
+                        break;
+                    default:
+                        throw new ArgumentException(Resources.ParameterSetError);
+                }
+                if (ShouldProcess($"SignalR service {ResourceGroupName}/{Name}", "add network IP rule(s)"))
+                {
+                    var signalr = Client.SignalR.Get(ResourceGroupName, Name);
+                    var networkACLs = signalr.NetworkAcLs;
+                    if (networkACLs.IPRules == null)
+                    {
+                        networkACLs.IPRules = new List<Microsoft.Azure.Management.SignalR.Models.IPRule>();
+                    }
+                    foreach (var rule in IpRule)
+                    {
+                        networkACLs.IPRules.Add(rule.ToSdkModel());
+                    }
+                    signalr = Client.SignalR.Update(ResourceGroupName, Name, signalr);
+                    WriteObject(new PSSignalRNetworkAcls(signalr.NetworkAcLs));
+                }
+            });
+        }
+    }
+}

src/SignalR/SignalR/Cmdlets/AddAzureRmSignalRNetworkIpRule.cs

@@ -61,8 +61,8 @@ public sealed class NewAzureRmSignalR : SignalRCmdletBase
 
         [Parameter(
             Mandatory = false,
-            HelpMessage = "The SignalR service unit count, value only from {1, 2, 5, 10, 20, 50, 100}. Default to 1.")]
-        [PSArgumentCompleter("1", "2", "5", "10", "20", "50", "100")]
+            HelpMessage = "The SignalR service unit count. Free_F1: 1; Standard_S1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P2: 100,200,300,400,500,600,700,800,900,1000. Default to 1.")]
+        [PSArgumentCompleter("1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "20", "30", "40", "50", "60", "70", "80", "90", "100", "200", "300", "400", "500", "600", "700", "800", "900", "1000")]
         public int UnitCount { get; set; } = DefaultUnitCount;
 
         [Parameter(

src/SignalR/SignalR/Cmdlets/NewAzureRmSignalR.cs

@@ -0,0 +1,22 @@
+using System.Management.Automation;
+using Microsoft.Azure.Commands.SignalR.Models;
+
+namespace Microsoft.Azure.Commands.SignalR.Cmdlets
+{
+    [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SignalRNetworkIpRuleObject", SupportsShouldProcess = false)]
+    [OutputType(typeof(PSIpRule))]
+    public class NewAzureRmSignalRNetworkIpRuleObject : PSCmdlet
+    {
+        [Parameter(Mandatory = true, HelpMessage = "IP rule value. Accepts IP, CIDR or ServiceTag.")]
+        public string Value { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Action for the IP rule. Allow or Deny. Default: Allow")]
+        [ValidateSet("Allow", "Deny", IgnoreCase = true)]
+        public string Action { get; set; } = "Allow";
+
+        protected override void ProcessRecord()
+        {
+            WriteObject(new PSIpRule { Value = Value, Action = Action });
+        }
+    }
+}