Added support for Inbound Security Rule for Network Virtual Appliance (#24898)

* Adding support for Inbound Security Rule creation for NVA

* Adding Tests fixing cmdlet import issue

* Removing changes made for local testing failures

* Removing changes from the file CommandMappings.json

* Adding online versions for the help file

* Adding changes to fix static analysis errors for command naming

* Adding Parameter checks

* Adding mandatory check for Name Parameter & removing * for protocol

* Adding missed mappings

Author: ashutmi

src/Network/Network.Test/ScenarioTests/InboundSecurityRuleTests.cs

@@ -0,0 +1,25 @@
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Network.Test.ScenarioTests;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Commands.Network.Test.ScenarioTests
+{
+    public class InboundSecurityRuleTests : NetworkTestRunner
+    {
+        public InboundSecurityRuleTests(Xunit.Abstractions.ITestOutputHelper output) : base(output)
+        {
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.nvadev)]
+        public void TestInboundSecurityRule()
+        {
+            TestRunner.RunTestScript(string.Format("Test-InboundSecurityRule"));
+        }
+    }
+}

src/Network/Network.Test/ScenarioTests/InboundSecurityRuleTests.ps1

@@ -0,0 +1,46 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.SYNOPSIS
+Test creating new Inbound Security Rule
+#>
+function Test-InboundSecurityRule
+{
+    $rgname = "AshuSneaky"
+
+    # The commands are not supported in all regions yet.
+    $location = "eastus2euap"
+    $nvaname = "sneaky4"
+    $applieson = "slbip"
+    $rulecollectionname = "PermanentRuleCollection"
+    $resourceTypeParent = "Microsoft.Network/networkVirtualAppliances/inboundSecurityRules"
+    $rulename1 = "InboundRule1"
+    $protocol = "TCP"
+    $sourceaddressprefix = "*"
+    $destinationportranges = "80-120","121-124"
+    $ruletype = "Permanent"
+    try{
+        $rule = New-AzVirtualApplianceInboundSecurityRulesProperty -Name $rulename1 -Protocol $protocol -SourceAddressPrefix $sourceaddressprefix -DestinationPortRangeList $destinationportranges -AppliesOn $applieson
+        Assert-NotNull $rule
+
+        $updateresult = Update-AzVirtualApplianceInboundSecurityRule -ResourceGroupName $rgname -VirtualApplianceName $nvaname -Name $rulecollectionname -RuleType $ruletype -Rule $rule
+        Assert-True { $updateresult }
+   	}   
+    finally{
+        
+	}
+}
+
+

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.InboundSecurityRuleTests/TestInboundSecurityRule.json

@@ -639,6 +639,8 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'Test-AzPrivateLinkServiceVisibility', 'Update-AzCustomIpPrefix', 
                'Update-AzNetworkVirtualApplianceConnection', 
                'New-AzVirtualApplianceInternetIngressIpsProperty', 
+               'New-AzVirtualApplianceInboundSecurityRulesProperty', 
+               'Update-AzVirtualApplianceInboundSecurityRule', 
                'New-AzFirewallPacketCaptureRule', 
                'New-AzFirewallPacketCaptureParameter', 
                'Invoke-AzFirewallPacketCapture', 

src/Network/Network/Az.Network.psd1

@@ -24,6 +24,8 @@
     - `New-AzApplicationGatewayFirewallPolicySetting`
 * Added optional property `HeaderValueMatcher` to `New-AzApplicationGatewayRewriteRuleHeaderConfiguration`
 * Added new cmdlet `New-AzApplicationGatewayHeaderValueMatcher` to support for the new property `HeaderValueMatcher`
+* Added new cmdlet `Update-AzVirtualApplianceInboundSecurityRule` to support Inbound Security Rule for Network Virtual Appliance
+* Added new cmdlet `New-AzVirtualApplianceInboundSecurityRulesProperty` to support for the property 'rules' of Inbound Security Rules
 * Added AdminState parameter to Load Balancer Backend Address
     - `New-AzLoadBalancerBackendAddressConfig`
 * Updated PS SDK to older SDK removing identity field

src/Network/Network/ChangeLog.md

@@ -2218,6 +2218,8 @@ private static void Initialize()
                     );
                 cfg.CreateMap<CNM.PSVirtualApplianceSite, MNM.VirtualApplianceSite>();
                 cfg.CreateMap<CNM.PSVirtualApplianceSkuProperties, MNM.VirtualApplianceSkuProperties>();
+                cfg.CreateMap<CNM.PSInboundSecurityRule, MNM.InboundSecurityRule>();
+                cfg.CreateMap<CNM.PSInboundSecurityRulesProperty, MNM.InboundSecurityRules>();
                 cfg.CreateMap<CNM.PSNetworkVirtualApplianceConnection, MNM.NetworkVirtualApplianceConnection>();
                 cfg.CreateMap<CNM.PSVirtualApplianceInternetIngressIpsProperties, MNM.InternetIngressPublicIpsProperties>();
                 cfg.CreateMap<CNM.PSNetworkVirtualApplianceDelegationProperties, MNM.DelegationProperties>();
@@ -2241,6 +2243,8 @@ private static void Initialize()
                     );
                 cfg.CreateMap<MNM.VirtualApplianceSite, CNM.PSVirtualApplianceSite>();
                 cfg.CreateMap<MNM.VirtualApplianceSkuProperties, CNM.PSVirtualApplianceSkuProperties>();
+                cfg.CreateMap<MNM.InboundSecurityRule, CNM.PSInboundSecurityRule>();
+                cfg.CreateMap<MNM.InboundSecurityRules, CNM.PSInboundSecurityRulesProperty>();
                 cfg.CreateMap<MNM.VirtualApplianceAdditionalNicProperties, CNM.PSVirtualApplianceAdditionalNicProperties>();
                 cfg.CreateMap<MNM.InternetIngressPublicIpsProperties, CNM.PSVirtualApplianceInternetIngressIpsProperties>();
                 cfg.CreateMap<MNM.NetworkVirtualApplianceConnection,CNM.PSNetworkVirtualApplianceConnection>();

src/Network/Network/Common/NetworkResourceManagerProfile.cs

@@ -0,0 +1,28 @@
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+
+using Microsoft.WindowsAzure.Commands.Common.Attributes;
+using Newtonsoft.Json;
+using System.Collections.Generic;
+using System.Reflection.Emit;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSInboundSecurityRule : PSChildResource
+    {
+        public string RuleType { get; set; }
+        public string ProvisioningState { get; set; }
+        public string Type { get; set; }
+        public List<PSInboundSecurityRulesProperty> Rules { get; set; }
+    }
+}

src/Network/Network/Models/PSInboundSecurityRule.cs

@@ -0,0 +1,30 @@
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+
+using Microsoft.WindowsAzure.Commands.Common.Attributes;
+using Newtonsoft.Json;
+using System.Collections.Generic;
+using System.Reflection.Emit;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSInboundSecurityRulesProperty
+    {
+        public string Name { get; set; }
+        public string Protocol { get; set; }
+        public string SourceAddressPrefix { get; set; }
+        public int? DestinationPortRange { get; set; }
+        public List<string> DestinationPortRanges{ get; set; }
+        public List<string> AppliesOn { get; set; }
+    }
+}

src/Network/Network/Models/PSInboundSecurityRulesProperty.cs

@@ -0,0 +1,93 @@
+
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+namespace Microsoft.Azure.Commands.Network
+{
+    using Microsoft.Azure.Commands.Network.Models;
+    using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+    using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+    using Microsoft.Azure.Management.Network.Models;
+    using System;
+    using System.Collections.Generic;
+    using System.Linq;
+    using System.Management.Automation;
+
+    [Cmdlet(VerbsCommon.New, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VirtualApplianceInboundSecurityRulesProperty",
+        SupportsShouldProcess = true),
+        OutputType(typeof(PSInboundSecurityRulesProperty))]
+    public class NewVirtualApplianceInboundSecurityRulesPropertyCommand : VirtualApplianceInboundSecurityRuleBaseCmdlet
+    {
+        [Parameter(
+           Mandatory = true,
+           HelpMessage = "Name of the Inbound Security Rules Property")]
+        public string Name { get; set; }
+
+        [Parameter(
+            Mandatory = true,
+            HelpMessage = "Rule protocol")]
+        [ValidateSet(
+            SecurityRuleProtocol.Tcp,
+            SecurityRuleProtocol.Udp,
+            IgnoreCase = true)]
+        [ValidateNotNullOrEmpty]
+        public string Protocol { get; set; }
+
+        [Parameter(
+           Mandatory = true,
+           HelpMessage = "The Source Address Prefix of the rule")]
+        public string SourceAddressPrefix { get; set; }
+
+        [Parameter(
+           Mandatory = false,
+           HelpMessage = "Destination Port Range of the rule")]
+        public int? DestinationPortRange { get; set; }
+
+        [Parameter(
+           Mandatory = false,
+           HelpMessage = "Destination Port Ranges of the rule")]
+        public string[] DestinationPortRangeList { get; set; }
+
+        [Parameter(
+           Mandatory = true,
+           HelpMessage = "The Applies On value of the rule for the SLP IP/Interface")]
+        public string[] AppliesOn { get; set; }
+
+        public override void Execute()
+        {
+            base.Execute();
+
+            if (!this.DestinationPortRange.HasValue && (this.DestinationPortRangeList == null || this.DestinationPortRangeList.Length == 0))
+            {
+                throw new PSArgumentException("Both 'DestinationPortRange' and 'DestinationPortRangeList' cannot be null. Please make sure to input value for one of the parameters.");
+            }
+
+            if (this.DestinationPortRange.HasValue && this.DestinationPortRangeList != null && this.DestinationPortRangeList.Length >= 0)
+            {
+                throw new PSArgumentException("Both 'DestinationPortRange' and 'DestinationPortRangeList' cannot have values. Please make sure to input value for only one of the parameters.");
+            }
+
+            var rule = new PSInboundSecurityRulesProperty();
+            rule.Name = this.Name;
+            rule.Protocol = this.Protocol;
+            rule.SourceAddressPrefix = this.SourceAddressPrefix;
+            rule.DestinationPortRange = this.DestinationPortRange;
+            rule.DestinationPortRanges = this.DestinationPortRangeList !=null ? this.DestinationPortRangeList.ToList() : null;
+            rule.AppliesOn = this.AppliesOn.ToList();
+
+            WriteObject(rule, true);
+
+        }
+    }
+}