Dtzemahweyl/Add new parameter -PrivateRange to New-AzFirewallPolicyIntrusionDetection (#17771)

diklatze · Dikla Tzemah Weyl · web-flow · commit 5a42518352a4 · 2022-05-12T08:37:46.000+08:00
* add  privareRanges

* Add tests and help file

* change help file

* change parameter of cmd

* keep the skip

* add markdown

* add recorded test

* update ChangeLog.md

Co-authored-by: Dikla Tzemah Weyl &lt;dtzemahweyl@microsoft.com&gt;
diff --git a/src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1 b/src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1
@@ -1436,7 +1436,7 @@ function Test-AzureFirewallPolicyPremiumFeatures {
         # Intrusion Detection Settings
         $bypass = New-AzFirewallPolicyIntrusionDetectionBypassTraffic -Name $bypassTestName -Protocol "TCP" -DestinationPort "80" -SourceAddress "10.0.0.0" -DestinationAddress "10.0.0.0"
         $sigOverride = New-AzFirewallPolicyIntrusionDetectionSignatureOverride -Id "123456798" -Mode "Deny"
-        $intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Alert" -SignatureOverride $sigOverride -BypassTraffic $bypass
+        $intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Alert" -SignatureOverride $sigOverride -BypassTraffic $bypass -PrivateRange @("10.0.0.0/8", "172.16.0.0/12")
 
         # Create AzureFirewallPolicy (with Intrusion Detection, TransportSecurity and Identity parameters)
         $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -SkuTier $tier -IntrusionDetection $intrusionDetection  -UserAssignedIdentityId $identity.Id
@@ -1455,8 +1455,11 @@ function Test-AzureFirewallPolicyPremiumFeatures {
         Assert-AreEqual "Alert" $getAzureFirewallPolicy.IntrusionDetection.Mode
         Assert-NotNull $getAzureFirewallPolicy.IntrusionDetection.Configuration.SignatureOverrides
         Assert-NotNull $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings
+        Write-Host $getAzureFirewallPolicy.IntrusionDetection.Configuration
+        Assert-NotNull $getAzureFirewallPolicy.IntrusionDetection.Configuration.PrivateRanges
         Assert-AreEqual "123456798" $getAzureFirewallPolicy.IntrusionDetection.Configuration.SignatureOverrides[0].Id
         Assert-AreEqual "Deny" $getAzureFirewallPolicy.IntrusionDetection.Configuration.SignatureOverrides[0].Mode
+        Assert-AreEqual "10.0.0.0/8" $getAzureFirewallPolicy.IntrusionDetection.Configuration.PrivateRanges[0]
         Assert-AreEqual $bypassTestName $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings[0].Name
         Assert-AreEqual "TCP" $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings[0].Protocol
         Assert-AreEqual "80" $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings[0].DestinationPorts[0]
diff --git a/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallPolicyTests/TestAzureFirewallPolicyPremiumFeatures.json b/src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallPolicyTests/TestAzureFirewallPolicyPremiumFeatures.json
diff --git a/src/Network/Network/AzureFirewallPolicy/IntrusionDetection/NewAzureFirewallPolicyIntrusionDetectionCommand.cs b/src/Network/Network/AzureFirewallPolicy/IntrusionDetection/NewAzureFirewallPolicyIntrusionDetectionCommand.cs
@@ -55,6 +55,12 @@ public class NewAzureFirewallPolicyIntrusionDetectionCommand : NetworkBaseCmdlet
          )]
         public PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[] BypassTraffic { get; set; }
 
+        [Parameter(
+             Mandatory = false,
+             HelpMessage = "List of IDPS Private IP ranges."
+         )]
+        public string[] PrivateRange { get; set; }
+
         public override void Execute()
         {
             base.Execute();
@@ -64,12 +70,13 @@ public override void Execute()
                 Mode = this.Mode
             };
 
-            if (this.SignatureOverride?.Count() > 0 || this.BypassTraffic?.Count() > 0)
+            if (this.SignatureOverride?.Count() > 0 || this.BypassTraffic?.Count() > 0 || this.PrivateRange?.Count() > 0)
             {
                 intrusionDetection.Configuration = new PSAzureFirewallPolicyIntrusionDetectionConfiguration
                 {
                     SignatureOverrides = this.SignatureOverride?.ToList(),
-                    BypassTrafficSettings = this.BypassTraffic?.ToList()
+                    BypassTrafficSettings = this.BypassTraffic?.ToList(),
+                    PrivateRanges = this.PrivateRange?.ToList()
                 };
             }
 
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
@@ -44,6 +44,8 @@
 
 ## Version 4.16.1
 * Fixed `ArgumentNullException` in `Add-AzureRmRouteConfig` when `RouteTable.Routes` is null.
+* Updated `New-AzFirewallPolicyIntrusionDetection` cmdlet:
+    - Added parameter -PrivateRange
 
 ## Version 4.16.0
 * Added support for retrieving the state of packet capture even when the provisioning state of the packet capture was failure
diff --git a/src/Network/Network/Models/AzureFirewallPolicy/PSAzureFirewallPolicyIntrusionDetectionConfiguration.cs b/src/Network/Network/Models/AzureFirewallPolicy/PSAzureFirewallPolicyIntrusionDetectionConfiguration.cs
@@ -13,6 +13,7 @@
 // limitations under the License.
 //
 
+using System;
 using System.Collections.Generic;
 
 namespace Microsoft.Azure.Commands.Network.Models
@@ -22,5 +23,8 @@ public class PSAzureFirewallPolicyIntrusionDetectionConfiguration
         public List<PSAzureFirewallPolicyIntrusionDetectionSignatureOverride> SignatureOverrides { get; set; }
 
         public List<PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting> BypassTrafficSettings { get; set; }
+
+        public List<string> PrivateRanges { get; set; }
+
     }
 }
diff --git a/src/Network/Network/Network.csproj b/src/Network/Network/Network.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="Current">
 
   <PropertyGroup>
     <PsModuleName>Network</PsModuleName>
diff --git a/src/Network/Network/help/New-AzFirewallPolicyIntrusionDetection.md b/src/Network/Network/help/New-AzFirewallPolicyIntrusionDetection.md
@@ -15,7 +15,7 @@ Creates a new Azure Firewall Policy Intrusion Detection to associate with Firewa
 ```
 New-AzFirewallPolicyIntrusionDetection -Mode <String>
  [-SignatureOverride <PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[]>]
- [-BypassTraffic <PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]>]
+ [-BypassTraffic <PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]>] [-PrivateRange <String[]>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -48,13 +48,21 @@ New-AzFirewallPolicy -Name fp1 -Location "westus2" -ResourceGroupName TestRg -Sk
 
 This example creates intrusion detection with bypass traffic setting
 
+### Example 4: Create firewall policy with intrusion detection configured with private ranges setting
+```powershell
+$intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Deny" -PrivateRange @("167.220.204.0/24", "167.221.205.101/32")
+New-AzFirewallPolicy -Name fp1 -Location "westus2" -ResourceGroup TestRg -SkuTier "Premium" -IntrusionDetection $intrusionDetection
+```
+
+This example creates intrusion detection with bypass traffic setting
+
 ## PARAMETERS
 
 ### -BypassTraffic
 List of rules for traffic to bypass.
 
 ```yaml
-Type: PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]
+Type: Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]
 Parameter Sets: (All)
 Aliases:
 
@@ -69,7 +77,7 @@ Accept wildcard characters: False
 The credentials, account, tenant, and subscription used for communication with Azure.
 
 ```yaml
-Type: IAzureContextContainer
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
 Aliases: AzContext, AzureRmContext, AzureCredential
 
@@ -84,7 +92,7 @@ Accept wildcard characters: False
 Intrusion Detection general state.
 
 ```yaml
-Type: String
+Type: System.String
 Parameter Sets: (All)
 Aliases:
 Accepted values: Off, Alert, Deny
@@ -96,11 +104,26 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -PrivateRange
+List of IDPS Private IP ranges.
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -SignatureOverride
 List of specific signatures states.
 
 ```yaml
-Type: PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[]
+Type: Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[]
 Parameter Sets: (All)
 Aliases:
 
@@ -115,7 +138,7 @@ Accept wildcard characters: False
 Prompts you for confirmation before running the cmdlet.
 
 ```yaml
-Type: SwitchParameter
+Type: System.Management.Automation.SwitchParameter
 Parameter Sets: (All)
 Aliases: cf
 
@@ -131,7 +154,7 @@ Shows what would happen if the cmdlet runs.
 The cmdlet is not run.
 
 ```yaml
-Type: SwitchParameter
+Type: System.Management.Automation.SwitchParameter
 Parameter Sets: (All)
 Aliases: wi
 

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`	`// limitations under the License.`
`14`	`14`	`//`
`15`	`15`
	`16`	`+using System;`
`16`	`17`	`using System.Collections.Generic;`
`17`	`18`
`18`	`19`	`namespace Microsoft.Azure.Commands.Network.Models`
`@@ -22,5 +23,8 @@ public class PSAzureFirewallPolicyIntrusionDetectionConfiguration`
`22`	`23`	`public List<PSAzureFirewallPolicyIntrusionDetectionSignatureOverride> SignatureOverrides { get; set; }`
`23`	`24`
`24`	`25`	`public List<PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting> BypassTrafficSettings { get; set; }`
	`26`	`+`
	`27`	`+ public List<string> PrivateRanges { get; set; }`
	`28`	`+`
`25`	`29`	`}`
`26`	`30`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<Project Sdk="Microsoft.NET.Sdk">`
	`1`	`+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="Current">`
`2`	`2`
`3`	`3`	`<PropertyGroup>`
`4`	`4`	`<PsModuleName>Network</PsModuleName>`