[Network] Virtual-wan support multi link (Azure#4111)

* Add new cmds to support multi-link in virtualwan * update * update testcases * update version and history * fix style * fix names * fix * add examples * fix
bavneetsingh16 · Nov 18, 2021 · 4e935b9 · 4e935b9
1 parent e98e624
commit 4e935b9
Show file tree

Hide file tree

Showing 11 changed files with 15,679 additions and 22 deletions.
diff --git a/linter_exclusions.yml b/linter_exclusions.yml
@@ -1627,6 +1627,35 @@ network vhub connection create:
     allow_remote_vnet_to_use_hub_vnet_gateways:
       rule_exclusions:
       - option_length_too_long
+network vpn-gateway connection vpn-site-link-conn add:
+  parameters:
+    use_local_azure_ip_address:
+      rule_exclusions:
+      - option_length_too_long
+    use_policy_based_traffic_selectors:
+      rule_exclusions:
+      - option_length_too_long
+    vpn_connection_protocol_type:
+      rule_exclusions:
+      - option_length_too_long
+    vpn_link_connection_mode:
+      rule_exclusions:
+      - option_length_too_long
+network vpn-gateway connection vpn-site-link-conn ipsec-policy add:
+  parameters:
+    vpn_site_link_conn_name:
+      rule_exclusions:
+      - option_length_too_long
+network vpn-gateway connection vpn-site-link-conn ipsec-policy list:
+  parameters:
+    vpn_site_link_conn_name:
+      rule_exclusions:
+      - option_length_too_long
+network vpn-gateway connection vpn-site-link-conn ipsec-policy remove:
+  parameters:
+    vpn_site_link_conn_name:
+      rule_exclusions:
+      - option_length_too_long
 network vpn-server-config create:
   parameters:
     radius_client_root_certs:

diff --git a/src/virtual-wan/HISTORY.rst b/src/virtual-wan/HISTORY.rst
@@ -3,6 +3,14 @@
 Release History
 ===============
 
+0.2.11
+++++++
+* add new command group: `az network vpn-gateway connection vpn-site-link-conn`.
+* add new command group: `az network vpn-gateway connection vpn-site-link-conn ipsec-policy`.
+* add new command group: `az network vpn-site link`.
+* `az network vpn-gateway connection`: support new parameters `--vpn-site-link` and `--with-link`.
+* `az network vpn-site`: support new parameter `--with-link`.
+
 0.2.10
 ++++++
 * add new command group: `az network vhub bgpconnection`.

diff --git a/src/virtual-wan/azext_vwan/_help.py b/src/virtual-wan/azext_vwan/_help.py
@@ -411,6 +411,74 @@
     type: command
     short-summary: Remove an IPSec policy from a site-to-site VPN gateway connection.
 """
+
+helps['network vpn-gateway connection vpn-site-link-conn'] = """
+    type: group
+    short-summary: Manage site-to-site VPN gateway connection VPN site link connection.
+"""
+
+helps['network vpn-gateway connection vpn-site-link-conn add'] = """
+    type: command
+    short-summary: Add a VPN site link connection to a site-to-site VPN gateway connection.
+    examples:
+      - name: Add a VPN site link connection to site-to-site VPN gateway connection
+        text: |
+            az network vpn-gateway connection vpn-site-link-conn add -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn \
+--vpn-site-link /subscriptions/MySub/resourceGroups/MyRG/providers/Microsoft.Network/vpnSites/MyVPNSite/vpnSiteLinks/vpnsitelink \
+--vpn-connection-protocol-type IKEv2
+"""
+
+helps['network vpn-gateway connection vpn-site-link-conn list'] = """
+    type: command
+    short-summary: List site-to-site VPN gateway connection VPN site link connection.
+    examples:
+      - name: List VPN site link connections on site-to-site VPN gateway connection
+        text: |
+            az network vpn-gateway connection vpn-site-link-conn list -g MyRG --connection-name MyConnection --gateway-name MyGateway
+"""
+
+helps['network vpn-gateway connection vpn-site-link-conn remove'] = """
+    type: command
+    short-summary: Remove a VPN site link connection from a site-to-site VPN gateway connection.
+    examples:
+      - name: Remove aVPN site link connection from site-to-site VPN gateway connection
+        text: |
+            az network vpn-gateway connection vpn-site-link-conn remove -g MyRG --connection-name MyConnection --gateway-name MyGateway --index 1
+"""
+
+helps['network vpn-gateway connection vpn-site-link-conn ipsec-policy'] = """
+    type: group
+    short-summary: Manage site-to-site VPN gateway connection VPN site link IPSec policies.
+"""
+
+helps['network vpn-gateway connection vpn-site-link-conn ipsec-policy add'] = """
+    type: command
+    short-summary: Add an IPSec policy to a site-to-site VPN gateway connection VPN site link.
+    examples:
+      - name: Add an IPSec policy to a site-to-site VPN gateway connection VPN site link
+        text: |
+            az network vpn-gateway connection vpn-site-link-conn ipsec-policy add -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn \
+--ipsec-encryption AES256 --ipsec-integrity SHA256 --sa-lifetime 86471 \
+--sa-data-size 429496 --ike-encryption AES256 --ike-integrity SHA384 --dh-group DHGroup14 --pfs-group PFS14
+"""
+
+helps['network vpn-gateway connection vpn-site-link-conn ipsec-policy list'] = """
+    type: command
+    short-summary: List site-to-site VPN gateway connection VPN site link IPSec policies.
+    examples:
+      - name: List IPSec policies on a site-to-site VPN gateway connection VPN site link
+        text: |
+            az network vpn-gateway connection vpn-site-link-conn ipsec-policy list -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn
+"""
+
+helps['network vpn-gateway connection vpn-site-link-conn ipsec-policy remove'] = """
+    type: command
+    short-summary: Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link.
+    examples:
+      - name: Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link
+        text: |
+            az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn --index 1
+"""
 # endregion
 
 # region VpnSite
@@ -448,6 +516,39 @@
     type: command
     short-summary: Provide a SAS-URL to download the configuration for a VPN site.
 """
+
+
+helps['network vpn-site link'] = """
+    type: group
+    short-summary: Manage VPN site link.
+"""
+
+helps['network vpn-site link add'] = """
+    type: command
+    short-summary: Add a VPN site link to VPN site configuration.
+    examples:
+      - name: Add a VPN site link to VPN site configuration
+        text: |
+            az network vpn-site link add -g MyRG --site-name VpnSite -n VpnSiteLinkName --ip-address 10.0.1.111 --asn 1234 --bgp-peering-address 192.168.0.0
+"""
+
+helps['network vpn-site link list'] = """
+    type: command
+    short-summary: List VPN site links on VPN site configuration.
+    examples:
+      - name: List VPN site links on VPN site configuration
+        text: |
+            az network vpn-site link list -g MyRG --site-name VpnSite
+"""
+
+helps['network vpn-site link remove'] = """
+    type: command
+    short-summary: Remove a VPN site link from VPN site configuration.
+    examples:
+      - name: Remove a VPN site links from VPN site configuration
+        text: |
+            az network vpn-site link remove -g MyRG --site-name VpnSite --index 1
+"""
 # endregion
 
 # region VpnServerConfig

diff --git a/src/virtual-wan/azext_vwan/_params.py b/src/virtual-wan/azext_vwan/_params.py
@@ -130,12 +130,38 @@ def load_arguments(self, _):
         c.argument('protocol_type', arg_type=get_enum_type(VirtualNetworkGatewayConnectionProtocol), help='Connection protocol.')
         c.argument('routing_weight', type=int, help='Routing weight.')
         c.argument('shared_key', help='Shared key.')
+        c.argument("vpn_site_link", help='The resource ID of VPN Site Link.')
+        c.argument('with_link', help='Create VpnConnection with default link.', arg_type=get_three_state_flag())
 
     with self.argument_context('network vpn-gateway connection list') as c:
         # List commands cannot use --ids flag
         c.argument('resource_name', vpn_gateway_name_type, id_part=None)
         c.argument('gateway_name', id_part=None)
 
+    with self.argument_context('network vpn-gateway connection vpn-site-link-conn') as c:
+        c.argument("connection_name", help='Name of the VPN gateway connection.', options_list=['--connection-name'])
+        c.argument("item_name", help='Name of the VPN gateway connection.', options_list=['--connection-name'])
+        c.argument("vpn_site_link_conn_name", help='Name of the VPN site link connection.', options_list=['--name', '-n'], id_part='child_name_1')
+        c.argument("vpn_site_link", help='The resource ID of VPN Site Link.')
+        c.argument('routing_weight', type=int, help='Routing weight.')
+        c.argument('shared_key', help='Shared key.')
+        c.argument('enable_rate_limiting', options_list='--rate-limiting', arg_type=get_three_state_flag(), help='Enable rate limiting.')
+        c.argument('connection_bandwidth', help='Expected bandwidth in Mbps.', type=int)
+        c.argument('enable_bgp', arg_type=get_three_state_flag(), help='Enable BGP.')
+        c.argument('use_local_azure_ip_address', arg_type=get_three_state_flag(), help='Use local azure ip to initiate connection.')
+        c.argument('use_policy_based_traffic_selectors', arg_type=get_three_state_flag(), help='Enable policy-based traffic selectors.')
+        c.argument('vpn_connection_protocol_type', help='Connection protocol used for this connection.', arg_type=get_enum_type(['IKEv2', 'IKEv1']))
+        c.argument('vpn_link_connection_mode', help='Vpn link connection mode.', arg_type=get_enum_type(['Default', 'ResponderOnly', 'InitiatorOnly']))
+        c.argument('index', type=int, help='List index of the item (starting with 1).')
+
+    with self.argument_context('network vpn-gateway connection vpn-site-link-conn list') as c:
+        c.argument('resource_name', vpn_gateway_name_type, id_part=None)
+        c.argument('gateway_name', id_part=None)
+
+    with self.argument_context('network vpn-gateway connection vpn-site-link-conn ipsec-policy list') as c:
+        c.argument('resource_name', vpn_gateway_name_type, id_part=None)
+        c.argument('gateway_name', id_part=None)
+
     with self.argument_context('network vpn-gateway connection', arg_group='IP Security') as c:
         c.argument('sa_life_time_seconds', options_list='--sa-lifetime', help='IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site-to-site VPN tunnel.', type=int)
         c.argument('sa_data_size_kilobytes', options_list='--sa-data-size', help='IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site-to-site VPN tunnel.', type=int)
@@ -161,12 +187,26 @@ def load_arguments(self, _):
         c.argument('ip_address', help='IP address of the VPN site.')
         c.argument('site_key', help='Key for the VPN site that can be used for connections.')
         c.argument('address_prefixes', nargs='+', help='Space-separated list of CIDR address prefixes.')
+        c.argument('with_link', help='Create VPN site with default link.', arg_type=get_three_state_flag())
 
     with self.argument_context('network vpn-site', arg_group='Device Property') as c:
         c.argument('device_model', help='Model of the device.')
         c.argument('device_vendor', help='Name of the device vendor.')
         c.argument('link_speed', help='Link speed in Mbps.', type=int)
 
+    with self.argument_context('network vpn-site link') as c:
+        c.argument('vpn_site_name', vpn_site_name_type)
+        c.argument('vpn_site_link_name', help='The name of vpn site link.', options_list=['--name', '-n'])
+        c.argument('fqdn', help='FQDN of vpn-site-link.')
+        c.argument('link_provider_name', help='Name of the link provider.')
+        c.argument('link_speed_in_mbps', help='Link speed.', type=int)
+        c.argument('index', type=int, help='List index of the item (starting with 1).')
+
+    with self.argument_context('network vpn-site link list') as c:
+        c.argument('resource_name', vpn_gateway_name_type, id_part=None)
+        c.argument('virtual_wan_name', vwan_name_type, id_part=None)
+        c.argument('vpn_site_name', vpn_site_name_type, options_list=['--site-name'], id_part=None)
+
     for scope in ['vpn-site', 'vpn-gateway']:
         with self.argument_context('network {}'.format(scope), arg_group='BGP Peering') as c:
             c.argument('asn', help='BGP speaker\'s ASN.', type=int)

diff --git a/src/virtual-wan/azext_vwan/commands.py b/src/virtual-wan/azext_vwan/commands.py
@@ -176,6 +176,16 @@ def load_command_table(self, _):
         g.custom_command('add', 'add_vpn_gateway_connection_ipsec_policy', supports_no_wait=True)
         g.custom_command('list', 'list_vpn_conn_ipsec_policies')
         g.custom_command('remove', 'remove_vpn_conn_ipsec_policy', supports_no_wait=True)
+
+    with self.command_group('network vpn-gateway connection vpn-site-link-conn', network_vpn_gateway_connection_sdk) as g:
+        g.custom_command('add', 'add_vpn_gateway_connection_vpn_site_link_conn', supports_no_wait=True)
+        g.custom_command('remove', 'remove_vpn_gateway_connection_vpn_site_link_conn', supports_no_wait=True)
+        g.custom_command('list', 'list_vpn_conn_vpn_site_link_conn')
+
+    with self.command_group('network vpn-gateway connection vpn-site-link-conn ipsec-policy', network_vpn_gateway_connection_sdk) as g:
+        g.custom_command('add', 'add_vpn_gateway_connection_link_ipsec_policy', supports_no_wait=True)
+        g.custom_command('list', 'list_vpn_conn_link_ipsec_policies')
+        g.custom_command('remove', 'remove_vpn_conn_link_ipsec_policy', supports_no_wait=True)
     # endregion
 
     # region VpnSites
@@ -186,6 +196,11 @@ def load_command_table(self, _):
         g.show_command('show')
         g.generic_update_command('update', custom_func_name='update_vpn_site', setter_name='begin_create_or_update', setter_arg_name='vpn_site_parameters', supports_no_wait=True)
 
+    with self.command_group('network vpn-site link', network_vpn_site_sdk) as g:
+        g.custom_command('add', 'add_vpn_site_link', supports_no_wait=True)
+        g.custom_command('remove', 'remove_vpn_site_link', supports_no_wait=True)
+        g.custom_command('list', 'list_vpn_site_link')
+
     with self.command_group('network vpn-site', network_vpn_site_config_sdk) as g:
         g.command('download', 'begin_download')
     # endregion