Azure Firewall Autoscale Configuration Support (#26257)

bewatersmsft · web-flow · commit fae92de854d6 · 2024-10-29T16:33:17.000+08:00
* Azure Firewall Autoscale Configuration Support

* Help files with new parameters

* add validation
diff --git a/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs b/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs
@@ -225,5 +225,13 @@ public void TestAllocateByopipAzureHubFirewall()
         {
             TestRunner.RunTestScript("Test-InvokeAzureAllocateByopipHubFirewall");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallAutoscaleConfiguration()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallAutoscaleConfiguration");
+        }
     }
 }
diff --git a/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1 b/src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1
@@ -2311,4 +2311,67 @@ function Test-InvokeAzureAllocateByopipHubFirewall {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+<#
+.SYNOPSIS
+Tests Azure Firewall Autoscale Configuration feature
+#>
+function Test-AzureFirewallAutoscaleConfiguration {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $location = Get-ProviderLocation $resourceTypeParent "eastus"
+
+    $vnetName = Get-ResourceName
+    $subnetName = "AzureFirewallSubnet"
+    $publicIpName = Get-ResourceName
+
+    $expectedMinCapacity = 3
+    $expectedMaxCapacity = 5
+    $expectedUpdatedMinCapacity = 4
+    $expectedUpdatedMaxCapacity = 4
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+
+        # Create public ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+
+        # Create AzureFirewall
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location -MinCapacity $expectedMinCapacity -MaxCapacity $expectedMaxCapacity
+
+        # Verify
+        $getAzureFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqual $getAzureFirewall.AutoscaleConfiguration.MinCapacity $expectedMinCapacity
+        Assert-AreEqual $getAzureFirewall.AutoscaleConfiguration.MaxCapacity $expectedMaxCapacity
+
+        # Update Scale
+        $azureFirewall.AutoscaleConfiguration.MinCapacity = $expectedUpdatedMinCapacity
+        $azureFirewall.AutoscaleConfiguration.MaxCapacity = $expectedUpdatedMaxCapacity
+        Set-AzFirewall -AzureFirewall $azureFirewall
+
+        # Verify
+        $getAzureFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqual $getAzureFirewall.AutoscaleConfiguration.MinCapacity $expectedUpdatedMinCapacity
+        Assert-AreEqual $getAzureFirewall.AutoscaleConfiguration.MaxCapacity $expectedUpdatedMaxCapacity
+
+        # Reset
+        $azureFirewall.AutoscaleConfiguration.MinCapacity = $null
+        $azureFirewall.AutoscaleConfiguration.MaxCapacity = $null
+        Set-AzFirewall -AzureFirewall $azureFirewall
+
+        # Verify
+        $getAzureFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-Null $getAzureFirewall.AutoscaleConfiguration
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }
diff --git a/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallAutoscaleConfiguration.json b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallAutoscaleConfiguration.json
diff --git a/src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs b/src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs
@@ -230,6 +230,16 @@ public class NewAzureFirewallCommand : AzureFirewallBaseCmdlet
         HelpMessage = "The Route Server Id for the firewall")]
         public string RouteServerId { get; set; }
 
+        [Parameter(
+        Mandatory = false,
+        HelpMessage = "The minimum number of capacity units for this azure firewall")]
+        public int? MinCapacity { get; set; }
+
+        [Parameter(
+        Mandatory = false,
+        HelpMessage = "The maximum number of capacity units for this azure firewall")]
+        public int? MaxCapacity { get; set; }
+
         public override void Execute()
         {
             // Old params provided - Get the virtual network, get the public IP address
@@ -372,6 +382,19 @@ private PSAzureFirewall CreateAzureFirewall()
                 firewall.ValidateDNSProxyRequirements();
             }
 
+            PSAzureFirewallAutoscaleConfiguration autoscaleConfiguration = new PSAzureFirewallAutoscaleConfiguration();
+
+            if (this.MinCapacity.HasValue)
+            {
+                autoscaleConfiguration.MinCapacity = this.MinCapacity.Value;
+            }
+            if (this.MaxCapacity.HasValue)
+            {
+                autoscaleConfiguration.MaxCapacity = this.MaxCapacity.Value;
+            }
+
+            firewall.AutoscaleConfiguration = autoscaleConfiguration;
+
             // Map to the sdk object
             var azureFirewallModel = NetworkResourceManagerProfile.Mapper.Map<MNM.AzureFirewall>(firewall);
             azureFirewallModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
@@ -21,6 +21,8 @@
 ## Upcoming Release
 * Added `DefaultOutboundConnectivityEnabled` property in PSNetworkInterface
 
+* Added support for `AutoscaleConfiguration` property in `AzureFirewall` model for `New-AzFirewall` and `Set-AzFirewall` commands
+
 ## Version 7.10.0
 * Onboarded Azure Virtual Network Manager Cmdlets for UDR and NSG Management
     - `New/Get/Remove/Set-AzNetworkManagerRoutingConfiguration`
diff --git a/src/Network/Network/Common/NetworkResourceManagerProfile.cs b/src/Network/Network/Common/NetworkResourceManagerProfile.cs
@@ -1928,6 +1928,7 @@ private static void Initialize()
                 cfg.CreateMap<CNM.PSAzureFirewallPacketCaptureFlags, MNM.AzureFirewallPacketCaptureFlags>();
                 cfg.CreateMap<CNM.PSAzureFirewallPacketCaptureRule, MNM.AzureFirewallPacketCaptureRule>();
                 cfg.CreateMap<CNM.PSAzureFirewallPacketCaptureParameters, MNM.FirewallPacketCaptureParameters>();
+                cfg.CreateMap<CNM.PSAzureFirewallAutoscaleConfiguration, MNM.AzureFirewallAutoscaleConfiguration>();
 
                 // MNM to CNM
                 cfg.CreateMap<MNM.AzureFirewall, CNM.PSAzureFirewall>()
@@ -2022,6 +2023,8 @@ private static void Initialize()
                 // MNM to CNM
                 cfg.CreateMap<MNM.AzureFirewallFqdnTag, CNM.PSAzureFirewallFqdnTag>();
 
+                cfg.CreateMap<MNM.AzureFirewallAutoscaleConfiguration, CNM.PSAzureFirewallAutoscaleConfiguration>();
+
                 // Azure Firewall Policies
                 // CNM to MNM
                 cfg.CreateMap<CNM.PSAzureFirewallPolicyExplicitProxy, MNM.ExplicitProxy>();
diff --git a/src/Network/Network/Models/AzureFirewall/PSAzureFirewall.cs b/src/Network/Network/Models/AzureFirewall/PSAzureFirewall.cs
@@ -57,6 +57,8 @@ public class PSAzureFirewall : PSTopLevelResource
 
         public PSAzureFirewallIpPrefix LearnedIPPrefixes { get; set; }
 
+        public PSAzureFirewallAutoscaleConfiguration AutoscaleConfiguration { get; set; }
+
         public string[] PrivateRange
         {
             get
diff --git a/src/Network/Network/Models/AzureFirewall/PSAzureFirewallAutoscaleConfiguration.cs b/src/Network/Network/Models/AzureFirewall/PSAzureFirewallAutoscaleConfiguration.cs
@@ -0,0 +1,50 @@
+﻿namespace Microsoft.Azure.Commands.Network.Models
+{
+    using System;
+    using System.Management.Automation;
+
+    public class PSAzureFirewallAutoscaleConfiguration
+    {
+        public const int AbsoluteMinCapacity = 2;
+
+        private int? minCapacity;
+        private int? maxCapacity;
+
+        public int? MinCapacity
+        {
+            get
+            {
+                return this.minCapacity;
+            }
+            set
+            {
+                ValidateCapacity(value);
+                minCapacity = value;
+            }
+        }
+
+        public int? MaxCapacity
+        {
+            get
+            {
+                return this.maxCapacity;
+            }
+            set
+            {
+                ValidateCapacity(value);
+                maxCapacity = value;
+            }
+        }
+
+        private void ValidateCapacity(int? capacity)
+        {
+            if (capacity.HasValue)
+            {
+                if (capacity < 2)
+                {
+                    throw new PSArgumentException(String.Format("\'{0}\' is below the service minimum of \'{1}\'", capacity, AbsoluteMinCapacity));
+                }
+            }
+        }
+    }
+}
diff --git a/src/Network/Network/help/Get-AzFirewall.md b/src/Network/Network/help/Get-AzFirewall.md
@@ -283,7 +283,7 @@ This example retrieves a firewall and calls Allocate on the firewall to start th
 The credentials, account, tenant, and subscription used for communication with azure.
 
 ```yaml
-Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Type: IAzureContextContainer
 Parameter Sets: (All)
 Aliases: AzContext, AzureRmContext, AzureCredential
 
@@ -298,7 +298,7 @@ Accept wildcard characters: False
 Specifies the name of the Firewall that this cmdlet gets.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases: ResourceName
 
@@ -313,7 +313,7 @@ Accept wildcard characters: True
 Specifies the name of the resource group that Firewall belongs to.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases:
 
diff --git a/src/Network/Network/help/New-AzFirewall.md b/src/Network/Network/help/New-AzFirewall.md
diff --git a/src/Network/Network/help/Set-AzFirewall.md b/src/Network/Network/help/Set-AzFirewall.md

Original file line number	Diff line number	Diff line change
`@@ -225,5 +225,13 @@ public void TestAllocateByopipAzureHubFirewall()`
`225`	`225`	`{`
`226`	`226`	`TestRunner.RunTestScript("Test-InvokeAzureAllocateByopipHubFirewall");`
`227`	`227`	`}`
	`228`	`+`
	`229`	`+ [Fact]`
	`230`	`+ [Trait(Category.AcceptanceType, Category.CheckIn)]`
	`231`	`+ [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]`
	`232`	`+ public void TestAzureFirewallAutoscaleConfiguration()`
	`233`	`+ {`
	`234`	`+ TestRunner.RunTestScript("Test-AzureFirewallAutoscaleConfiguration");`
	`235`	`+ }`
`228`	`236`	`}`
`229`	`237`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,8 @@ public class PSAzureFirewall : PSTopLevelResource`
`57`	`57`
`58`	`58`	`public PSAzureFirewallIpPrefix LearnedIPPrefixes { get; set; }`
`59`	`59`
	`60`	`+ public PSAzureFirewallAutoscaleConfiguration AutoscaleConfiguration { get; set; }`
	`61`	`+`
`60`	`62`	`public string[] PrivateRange`
`61`	`63`	`{`
`62`	`64`	`get`