Added Get-AzFirewallLearnedPrefix cmdlet and Route Server Id parameter to firewall (Azure#19825)

* Implemented learned IP prefixes

* Added Route Server Id to firewall

* Added unit test

* Added Get-AzFirewallLearnedPrefix cmdlet

* Added help and change log

* Added example section

* Implemented learned IP prefixes

* Added Route Server Id to firewall

* Added unit test

* Added Get-AzFirewallLearnedPrefix cmdlet

* Added help and change log

* Added example section

Co-authored-by: Gizachew Eshetie <[email protected]>

Author: Gizachew-Eshetie

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs

@@ -178,5 +178,20 @@ public void TestAzureFirewallCRUDEnableUDPLogOptimization()
             TestRunner.RunTestScript("Test-AzureFirewallCRUDEnableUDPLogOptimization");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallCRUDRouteServerId()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallCRUDRouteServerId");
+        }
+
+        [Fact(Skip = "Skipped due to LearnedIpPrefixes feature not available in most regions")]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestGetAzureFirewallLearnedIpPrefixes()
+        {
+            TestRunner.RunTestScript("Test-GetAzureFirewallLearnedIpPrefixes");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1

@@ -2009,4 +2009,89 @@ function Test-AzureFirewallCRUDEnableUDPLogOptimization {
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+<#
+.SYNOPSIS
+Tests AzureFirewall RouteServerId
+#>
+function Test-AzureFirewallCRUDRouteServerId {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $location = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+
+    $vnetName = Get-ResourceName
+    $subnetName = "AzureFirewallSubnet"
+    $publicIpName = Get-ResourceName
+    $routeServerId="/subscriptions/aeb5b02a-0f18-45a4-86d6-81808115cacf/resourceGroups/testRG/providers/Microsoft.Network/virtualHubs/TestRS"
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+
+        # Create public ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+
+        # Create AzureFirewall
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location -RouteServerId $routeServerId
+
+        # Verify
+        $azFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqual $routeServerId $azFirewall.RouteServerId
+
+        # Reset the RouteServerId 
+        $azFirewall.RouteServerId = ""
+        Set-AzFirewall -AzureFirewall $azFirewall
+        $azfw = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        
+        Assert-AreEqual "" $azfw.RouteServerId
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}
+
+<#
+.SYNOPSIS
+Tests  Get Azure Firewall LearnedPrefixes
+#>
+function Test-GetAzureFirewallLearnedIpPrefixes {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $location = Get-ProviderLocation $resourceTypeParent "Eastus2euap"
+
+    $vnetName = Get-ResourceName
+    $subnetName = "AzureFirewallSubnet"
+    $publicIpName = Get-ResourceName
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+
+        # Create public ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Static -Sku Standard
+
+        # Create AzureFirewall
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $location
+
+        # Get Firewall Learned Prefixes
+        $learnedPrefixes = Get-AzFirewallLearnedIpPrefix -Name $azureFirewallName -ResourceGroupName $rgname
+
+        # Verify
+         Assert-NotNull $learnedPrefixes
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallCRUDRouteServerId.json

@@ -642,7 +642,8 @@ CmdletsToExport = 'Add-AzApplicationGatewayAuthenticationCertificate',
                'New-AzNetworkManagerManagementGroupConnection', 
                'Get-AzNetworkManagerManagementGroupConnection', 
                'Remove-AzNetworkManagerManagementGroupConnection', 
-               'Set-AzNetworkManagerManagementGroupConnection'
+               'Set-AzNetworkManagerManagementGroupConnection',
+                "Get-AzFirewallLearnedIpPrefix"
 
 # Variables to export from this module
 VariablesToExport = '*'

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestGetAzureFirewallLearnedIpPrefixes.json

@@ -0,0 +1,65 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// --------
+
+using System;
+using System.Collections.Generic;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Network.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.Network;
+using Microsoft.Azure.Management.Network.Models;
+
+
+namespace Microsoft.Azure.Commands.Network
+{
+    [Cmdlet(VerbsCommon.Get, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "FirewallLearnedIpPrefix"), OutputType(typeof(PSAzureFirewallIpPrefix), typeof(IEnumerable<PSAzureFirewallIpPrefix>))]
+    public class GetAzureFirewallLearnedIpPrefixCommand : AzureFirewallBaseCmdlet
+    {
+        [Alias("ResourceName")]
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "The firewall resource name.")]
+        [ResourceNameCompleter("Microsoft.Network/azureFirewalls", "ResourceGroupName")]
+        [ValidateNotNullOrEmpty]
+        [SupportsWildcards]
+        public string Name { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "The resource group name.")]
+        [ValidateNotNullOrEmpty]
+        [SupportsWildcards]
+        public virtual string ResourceGroupName { get; set; }
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+            if (ShouldGetByName(ResourceGroupName, Name))
+            {
+                var learnedIPPrefixes = this.AzureFirewallClient.ListLearnedPrefixes(this.ResourceGroupName, this.Name);
+                var pslearnedIPPrefixes = new PSAzureFirewallIpPrefix();
+                if (learnedIPPrefixes != null)
+                {
+                    pslearnedIPPrefixes = NetworkResourceManagerProfile.Mapper.Map<PSAzureFirewallIpPrefix>(learnedIPPrefixes);
+                }
+                WriteObject(pslearnedIPPrefixes);
+            }
+            else
+            {
+                throw new ArgumentException($" Name and ResourceGroupName should be provided to get firewall learned IP prefixes.");
+            }
+        }
+    }
+}

src/Network/Network/Az.Network.psd1

@@ -87,7 +87,6 @@ public bool IsAzureFirewallPresent(string resourceGroupName, string name)
         public PSAzureFirewall GetAzureFirewall(string resourceGroupName, string name)
         {
             var azureFirewall = this.AzureFirewallClient.Get(resourceGroupName, name);
-
             var psAzureFirewall = NetworkResourceManagerProfile.Mapper.Map<PSAzureFirewall>(azureFirewall);
             psAzureFirewall.ResourceGroupName = resourceGroupName;
             psAzureFirewall.Tag = TagsConversionHelper.CreateTagHashtable(azureFirewall.Tags);

src/Network/Network/AzureFirewall/AutoLearnedPrefix/GetAzureFirewallLearnedIpPrefixCommand.cs

@@ -244,6 +244,11 @@ public class NewAzureFirewallCommand : AzureFirewallBaseCmdlet
        )]
         public SwitchParameter EnableUDPLogOptimization { get; set; }
 
+        [Parameter(
+        Mandatory = false,
+        HelpMessage = "The Route Server Id for the firewall")]
+        public string RouteServerId { get; set; }
+
         public override void Execute()
         {
             // Old params provided - Get the virtual network, get the public IP address
@@ -336,7 +341,8 @@ private PSAzureFirewall CreateAzureFirewall()
                     AllowActiveFTP = (this.AllowActiveFTP.IsPresent ? "true" : null),
                     Sku = sku,
                     EnableFatFlowLogging = (this.EnableFatFlowLogging.IsPresent ? "True" : null),
-                    EnableUDPLogOptimization = (this.EnableUDPLogOptimization.IsPresent ? "True" : null)
+                    EnableUDPLogOptimization = (this.EnableUDPLogOptimization.IsPresent ? "True" : null),
+                    RouteServerId = this.RouteServerId
                 };
 
                 if (this.Zone != null)

src/Network/Network/AzureFirewall/AzureFirewallBaseCmdlet.cs

@@ -19,6 +19,8 @@
 --->
 
 ## Upcoming Release
+* Added new cmdlet to get firewall learned ip prefixes 
+    * `Get-AzFirewallLearnedIpPrefix`
 * Fixed a bug that does not update firewall policy application, network and nat rules' descriptions even though description is provided via description parameter
 * Added new cmdlet `Get-AzNetworkSecurityPerimeterAssociableResourceType`
 * Updated `New-AzIpConfigurationBgpPeeringAddressObject` to remove validate null or empty check for CustomAddress in Azure Virtual Network Gateway

src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs

@@ -1321,9 +1321,11 @@ private static void Initialize()
                         { "Network.DNS.Servers", src.DNSServer?.Aggregate((result, item) => result + "," + item) },
                         { "Network.AdditionalLogs.EnableFatFlowLogging", src.EnableFatFlowLogging },
                         { "Network.Logging.EnableUDPLogOptimization", src.EnableUDPLogOptimization },
+                        { "Network.RouteServerInfo.RouteServerID", src.RouteServerId },
                     }.Where(kvp => kvp.Value != null).ToDictionary(key => key.Key, val => val.Value);   // TODO: remove after backend code is refactored
                 });
                 cfg.CreateMap<CNM.PSAzureFirewallSku, MNM.AzureFirewallSku>();
+                cfg.CreateMap<CNM.PSAzureFirewallIpPrefix, MNM.IPPrefixesList>();
                 cfg.CreateMap<CNM.PSAzureFirewallIpConfiguration, MNM.AzureFirewallIPConfiguration>();
                 cfg.CreateMap<CNM.PSAzureFirewallApplicationRuleCollection, MNM.AzureFirewallApplicationRuleCollection>();
                 cfg.CreateMap<CNM.PSAzureFirewallNatRuleCollection, MNM.AzureFirewallNatRuleCollection>();
@@ -1369,6 +1371,7 @@ private static void Initialize()
                     dest.DNSEnableProxy = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.DNS.EnableProxy", StringComparison.OrdinalIgnoreCase)).Value;
                     dest.EnableFatFlowLogging = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.AdditionalLogs.EnableFatFlowLogging", StringComparison.OrdinalIgnoreCase)).Value;
                     dest.EnableUDPLogOptimization = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.Logging.EnableUDPLogOptimization", StringComparison.OrdinalIgnoreCase)).Value;
+                    dest.RouteServerId = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.RouteServerInfo.RouteServerID", StringComparison.OrdinalIgnoreCase)).Value;
                     try
                     {
                         dest.DNSServer = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.DNS.Servers", StringComparison.OrdinalIgnoreCase)).Value?.Split(',').Select(str => str.Trim()).ToArray();
@@ -1379,6 +1382,7 @@ private static void Initialize()
                     }
                 });
                 cfg.CreateMap<MNM.AzureFirewallSku, CNM.PSAzureFirewallSku>();
+                cfg.CreateMap<MNM.IPPrefixesList, CNM.PSAzureFirewallIpPrefix>();
                 cfg.CreateMap<MNM.AzureFirewallIPConfiguration, CNM.PSAzureFirewallIpConfiguration>();
                 cfg.CreateMap<MNM.AzureFirewallApplicationRuleCollection, CNM.PSAzureFirewallApplicationRuleCollection>();
                 cfg.CreateMap<MNM.AzureFirewallNatRuleCollection, CNM.PSAzureFirewallNatRuleCollection>();