[Network]Support p2s vpn gateway and vpn server configuration (Azure#…

…1840)
idear1203 · Jun 17, 2020 · 32e83ad · 32e83ad
1 parent 91fbfac
commit 32e83ad
Show file tree

Hide file tree

Showing 13 changed files with 22,040 additions and 282 deletions.
diff --git a/pylintrc b/pylintrc
@@ -28,7 +28,7 @@ disable=missing-docstring,
 
 [TYPECHECK]
 # For Azure CLI extensions, we ignore some import errors as they'll be available in the environment of the CLI
-ignored-modules=azure,azure.cli,azure.cli.core,azure.cli.core.commands,knack,msrestazure,argcomplete,azure_devtools,isodate
+ignored-modules=azure,azure.cli,azure.cli.core,azure.cli.core.commands,knack,msrestazure,argcomplete,azure_devtools,isodate,OpenSSL
 
 [FORMAT]
 max-line-length=120

diff --git a/src/virtual-wan/azext_vwan/_client_factory.py b/src/virtual-wan/azext_vwan/_client_factory.py
@@ -30,6 +30,14 @@ def cf_virtual_hub_route_table_v2s(cli_ctx, _):
     return network_client_route_table_factory(cli_ctx).virtual_hub_route_table_v2s
 
 
+def cf_vpn_server_config(cli_ctx, _):
+    return network_client_route_table_factory(cli_ctx).vpn_server_configurations
+
+
+def cf_p2s_vpn_gateways(cli_ctx, _):
+    return network_client_route_table_factory(cli_ctx).p2s_vpn_gateways
+
+
 def cf_vpn_sites(cli_ctx, _):
     return network_client_factory(cli_ctx).vpn_sites
 

diff --git a/src/virtual-wan/azext_vwan/_help.py b/src/virtual-wan/azext_vwan/_help.py
@@ -314,3 +314,114 @@
     short-summary: Provide a SAS-URL to download the configuration for a VPN site.
 """
 # endregion
+
+# region VpnServerConfig
+helps['network vpn-server-config'] = """
+    type: group
+    short-summary: Manage VPN server configuration.
+"""
+
+helps['network vpn-server-config create'] = """
+    type: command
+    short-summary: Create a VPN server configuration.
+    examples:
+      - name: Create a VPN server configuration with VPN auth type
+        text: |
+            az network vpn-server-config create -n MyVPNServerConfig -g MyRG --vpn-client-root-certs "ApplicationGatewayAuthCert.cer" --vpn-client-revoked-certs "ApplicationGatewayAuthCert.pem"
+"""
+
+helps['network vpn-server-config list'] = """
+    type: command
+    short-summary: List all VPN server configuration.
+"""
+
+helps['network vpn-server-config show'] = """
+    type: command
+    short-summary: Show the details of a VPN server configuration.
+"""
+
+helps['network vpn-server-config set'] = """
+    type: command
+    short-summary: Set settings of a VPN server configuration.
+    examples:
+      - name: Set a VPN server configuration with Radius auth type
+        text: |
+            az network vpn-server-config set -n MyVPNServerConfig -g MyRG --radius-client-root-certs "ApplicationGatewayAuthCert.cer" --radius-server-root-certs "ApplicationGatewayAuthCert.pem" --radius-servers address=test1 secret=clitest score=10 --radius-servers address=test2 secret=clitest score=10
+"""
+
+helps['network vpn-server-config delete'] = """
+    type: command
+    short-summary: Delete a VPN server configuration.
+"""
+
+helps['network vpn-server-config wait'] = """
+    type: command
+    short-summary: Place the CLI in a waiting state until a condition of the VPN server configuration is met.
+"""
+
+helps['network vpn-server-config ipsec-policy'] = """
+    type: group
+    short-summary: Manage VPN server configuration IPSec policies.
+"""
+
+helps['network vpn-server-config ipsec-policy add'] = """
+    type: command
+    short-summary: Add an IPSec policy to a VPN server configuration.
+"""
+
+helps['network vpn-server-config ipsec-policy list'] = """
+    type: command
+    short-summary: List VPN server configuration IPSec policies.
+"""
+
+helps['network vpn-server-config ipsec-policy remove'] = """
+    type: command
+    short-summary: Remove an IPSec policy from a VPN server configuration.
+"""
+
+helps['network vpn-server-config ipsec-policy wait'] = """
+    type: command
+    short-summary: Place the CLI in a waiting state until a condition of the IPSec policy of a VPN server configuration is met.
+"""
+# endregion
+
+# region VpnServerConfig
+helps['network p2s-vpn-gateway'] = """
+    type: group
+    short-summary: Manage point-to-site VPN gateway.
+"""
+
+helps['network p2s-vpn-gateway create'] = """
+    type: command
+    short-summary: Create a point-to-site VPN gateway.
+    examples:
+      - name: Create a point-to-site VPN gateway.
+        text: |
+            az network p2s-vpn-gateway create -g MyRG -n MyP2SVPNGateway --scale-unit 2 --vhub MyVhub --vpn-server-config MyVPNServerConfig --address-space 10.0.0.0/24 11.0.0.0/24
+"""
+
+helps['network p2s-vpn-gateway list'] = """
+    type: command
+    short-summary: List all point-to-site VPN gateway.
+"""
+
+helps['network p2s-vpn-gateway show'] = """
+    type: command
+    short-summary: Show the details of a point-to-site VPN gateway.
+"""
+
+helps['network p2s-vpn-gateway update'] = """
+    type: command
+    short-summary: Update settings of a point-to-site VPN gateway.
+"""
+
+helps['network p2s-vpn-gateway delete'] = """
+    type: command
+    short-summary: Delete a point-to-site VPN gateway.
+"""
+
+helps['network p2s-vpn-gateway wait'] = """
+    type: command
+    short-summary: Place the CLI in a waiting state until a condition of the point-to-site VPN gateway is met.
+"""
+# endregion
diff --git a/src/virtual-wan/azext_vwan/_params.py b/src/virtual-wan/azext_vwan/_params.py
@@ -9,8 +9,9 @@
 from azure.cli.core.commands.parameters import (
     get_resource_name_completion_list, tags_type, get_location_type, get_three_state_flag, get_enum_type)
 from azure.cli.core.commands.validators import get_default_location_from_resource_group
-from .profiles import CUSTOM_VHUB_ROUTE_TABLE
 from ._validators import get_network_resource_name_or_id
+from .profiles import CUSTOM_VHUB_ROUTE_TABLE
+from .action import RadiusServerAddAction
 
 
 # pylint: disable=too-many-locals, too-many-branches, too-many-statements
@@ -21,6 +22,8 @@ def load_arguments(self, _):
          'IpsecEncryption', 'IpsecIntegrity', 'IkeEncryption', 'IkeIntegrity', 'DhGroup', 'PfsGroup',
          'VirtualNetworkGatewayConnectionProtocol')
 
+    (VpnGatewayTunnelingProtocol, VpnAuthenticationType) = self.get_models('VpnGatewayTunnelingProtocol', 'VpnAuthenticationType', resource_type=CUSTOM_VHUB_ROUTE_TABLE)
+
     # region VirtualWAN
     vwan_name_type = CLIArgumentType(options_list='--vwan-name', metavar='NAME', help='Name of the virtual WAN.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/virtualWANs'))
     vhub_name_type = CLIArgumentType(options_list='--vhub-name', metavar='NAME', help='Name of the virtual hub.', id_part='name', completer=get_resource_name_completion_list('Microsoft.Network/networkHubs'))
@@ -152,3 +155,44 @@ def load_arguments(self, _):
         c.argument('virtual_wan_name', vwan_name_type, id_part=None)
         c.argument('vpn_sites', help='Space-separated list of VPN site names or IDs.', nargs='+', validator=get_network_resource_name_or_id('vpn_sites', 'vpnSites'))
     # endregion
+
+    # region VpnServerConfigurations
+    with self.argument_context('network vpn-server-config') as c:
+        c.argument('vpn_protocols', nargs='+', options_list=['--protocols'], arg_type=get_enum_type(VpnGatewayTunnelingProtocol), help='VPN protocols for the VpnServerConfiguration.')
+        c.argument('vpn_auth_types', nargs='+', options_list=['--auth-types'], arg_type=get_enum_type(VpnAuthenticationType), help='VPN authentication types for the VpnServerConfiguration.')
+        c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group)
+        c.argument('vpn_server_configuration_name', options_list=['--name', '-n'], help='Name of the Vpn server configuration.')
+    with self.argument_context('network vpn-server-config', arg_group='AAD Auth') as c:
+        c.argument('aad_tenant', help='AAD Vpn authentication parameter AAD tenant.')
+        c.argument('aad_audience', help='AAD Vpn authentication parameter AAD audience.')
+        c.argument('aad_issuer', help='AAD Vpn authentication parameter AAD issuer.')
+    with self.argument_context('network vpn-server-config', arg_group='Certificate Auth') as c:
+        c.argument('vpn_client_root_certs', help='List of VPN client root certificate file paths.', nargs='+')
+        c.argument('vpn_client_revoked_certs', help='List of VPN client revoked certificate file paths.', nargs='+')
+    with self.argument_context('network vpn-server-config', arg_group='Radius Auth') as c:
+        c.argument('radius_client_root_certs', help='List of Radius client root certificate file paths.', nargs='+')
+        c.argument('radius_server_root_certs', help='List of Radius server root certificate file paths.', nargs='+')
+        c.argument('radius_servers', nargs='+', action=RadiusServerAddAction, help='Radius Server configuration.')
+
+    with self.argument_context('network vpn-server-config', arg_group='IP Security') as c:
+        c.argument('sa_life_time_seconds', options_list='--sa-lifetime', help='IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site-to-site VPN tunnel.', type=int)
+        c.argument('sa_data_size_kilobytes', options_list='--sa-data-size', help='IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site-to-site VPN tunnel.', type=int)
+        c.argument('ipsec_encryption', arg_type=get_enum_type(IpsecEncryption), help='IPSec encryption algorithm (IKE phase 1).')
+        c.argument('ipsec_integrity', arg_type=get_enum_type(IpsecIntegrity), help='IPSec integrity algorithm (IKE phase 1).')
+        c.argument('ike_encryption', arg_type=get_enum_type(IkeEncryption), help='IKE encryption algorithm (IKE phase 2).')
+        c.argument('ike_integrity', arg_type=get_enum_type(IkeIntegrity), help='IKE integrity algorithm (IKE phase 2).')
+        c.argument('dh_group', arg_type=get_enum_type(DhGroup), help='DH Groups used in IKE Phase 1 for initial SA.')
+        c.argument('pfs_group', arg_type=get_enum_type(PfsGroup), help='The Pfs Groups used in IKE Phase 2 for new child SA.')
+        c.argument('index', type=int, help='List index of the ipsec policy(starting with 0).')
+    # endregion
+
+    # region P2SVpnGateways
+    with self.argument_context('network p2s-vpn-gateway') as c:
+        c.argument('address_space', nargs='+', help='Address space for P2S VpnClient. Space-separated list of IP address ranges.')
+        c.argument('p2s_conn_config_name', options_list=['--config-name'], help='Name or p2s connection configuration.')
+        c.argument('scale_unit', type=int, help='The scale unit for this VPN gateway.')
+        c.argument('gateway_name', options_list=['--name', '-n'], help='Name of the P2S Vpn Gateway.')
+        c.argument('virtual_hub', options_list='--vhub', help='Name or ID of a virtual hub.', validator=get_network_resource_name_or_id('virtual_hub', 'virtualHubs'))
+        c.argument('vpn_server_config', help='Name or ID of a vpn server configuration.', validator=get_network_resource_name_or_id('vpn_server_config', 'vpnServerConfigurations'))
+        c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group)
+    # endregion
diff --git a/src/virtual-wan/azext_vwan/action.py b/src/virtual-wan/azext_vwan/action.py
@@ -0,0 +1,25 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+# pylint: disable=protected-access
+# pylint: disable=line-too-long
+# pylint: disable=too-few-public-methods
+import argparse
+from knack.util import CLIError
+from .profiles import CUSTOM_VHUB_ROUTE_TABLE
+
+
+class RadiusServerAddAction(argparse._AppendAction):
+
+    def __call__(self, parser, namespace, values, keys=None, option_string=None):
+        RadiusServer = namespace._cmd.get_models('RadiusServer', resource_type=CUSTOM_VHUB_ROUTE_TABLE)
+        kwargs = {}
+        for item in values:
+            try:
+                key, value = item.split('=', 1)
+                kwargs['radius_server_' + key] = value
+            except ValueError:
+                raise CLIError('usage error: {} address=VALUE, score=VALUE, secret=VALUE'.format(option_string))
+        action = RadiusServer(**kwargs)
+        super(RadiusServerAddAction, self).__call__(parser, namespace, action, option_string)
diff --git a/src/virtual-wan/azext_vwan/commands.py b/src/virtual-wan/azext_vwan/commands.py
@@ -8,7 +8,9 @@
 from .profiles import CUSTOM_VHUB_ROUTE_TABLE
 
 from ._client_factory import (
-    cf_virtual_wans, cf_virtual_hubs, cf_vpn_sites, cf_vpn_site_configs, cf_vpn_gateways, cf_virtual_hub_route_table_v2s)
+    cf_virtual_wans, cf_virtual_hubs, cf_vpn_sites, cf_vpn_site_configs,
+    cf_vpn_gateways, cf_virtual_hub_route_table_v2s, cf_vpn_server_config,
+    cf_p2s_vpn_gateways)
 from ._util import (
     list_network_resource_property, delete_network_resource_property_entry, get_network_resource_property_entry)
 
@@ -55,6 +57,20 @@ def load_command_table(self, _):
         min_api='2018-08-01'
     )
 
+    network_vpn_server_config_sdk = CliCommandType(
+        operations_tmpl='azext_vwan.vendored_sdks.v2020_04_01.operations#VpnServerConfigurationsOperations.{}',
+        client_factory=cf_vpn_server_config,
+        resource_type=CUSTOM_VHUB_ROUTE_TABLE,
+        min_api='2020-03-01'
+    )
+
+    network_p2s_vpn_gateway_sdk = CliCommandType(
+        operations_tmpl='azext_vwan.vendored_sdks.v2020_04_01.operations#P2sVpnGatewaysOperations.{}',
+        client_factory=cf_p2s_vpn_gateways,
+        resource_type=CUSTOM_VHUB_ROUTE_TABLE,
+        min_api='2020-03-01'
+    )
+
     network_util = CliCommandType(
         operations_tmpl='azext_vwan._util#{}',
         client_factory=None
@@ -141,3 +157,29 @@ def load_command_table(self, _):
     with self.command_group('network vpn-site', network_vpn_site_config_sdk) as g:
         g.command('download', 'download')
     # endregion
+
+    # region VpnServer
+    with self.command_group('network vpn-server-config', network_vpn_server_config_sdk, resource_type=CUSTOM_VHUB_ROUTE_TABLE) as g:
+        g.custom_command('create', 'create_vpn_server_config', supports_no_wait=True)
+        g.custom_command('set', 'create_vpn_server_config', supports_no_wait=True)
+        # due to service limitation, we cannot support update command right now.
+        # g.generic_update_command('update', custom_func_name='update_vpn_server_config', supports_no_wait=True, setter_arg_name='vpn_server_configuration_parameters')
+        g.show_command('show')
+        g.command('delete', 'delete', confirmation=True)
+        g.custom_command('list', 'list_vpn_server_config')
+        g.wait_command('wait')
+
+    with self.command_group('network vpn-server-config ipsec-policy', network_vpn_server_config_sdk, resource_type=CUSTOM_VHUB_ROUTE_TABLE) as g:
+        g.custom_command('add', 'add_vpn_server_config_ipsec_policy', supports_no_wait=True)
+        g.custom_command('list', 'list_vpn_server_config_ipsec_policies')
+        g.custom_command('remove', 'remove_vpn_server_config_ipsec_policy', supports_no_wait=True)
+        g.wait_command('wait')
+
+    with self.command_group('network p2s-vpn-gateway', network_p2s_vpn_gateway_sdk, resource_type=CUSTOM_VHUB_ROUTE_TABLE) as g:
+        g.custom_command('create', 'create_p2s_vpn_gateway', supports_no_wait=True)
+        g.command('delete', 'delete', confirmation=True)
+        g.custom_command('list', 'list_p2s_vpn_gateways')
+        g.show_command('show')
+        g.generic_update_command('update', custom_func_name='update_p2s_vpn_gateway', supports_no_wait=True, setter_arg_name='p2_svpn_gateway_parameters')
+        g.wait_command('wait')
+    # endregion