class TestVirtualWan: cl = None @pytest.fixture def setup_rg(self, subscriptionId, resourceGroup, location): self.cl = ArmClient() self.rg = self.cl.create_resource_group(subscriptionId, resourceGroup, location) def test_vwan_create_delete(self, setup_rg, subscriptionId, location, resourceGroup): vwan = VirtualWAN() vwan.location = location vwan.resourceGroup = resourceGroup resource_id = '/subscriptions/' + subscriptionId + '/resourceGroups/' + resourceGroup + '/providers/Microsoft.Network/virtualWans/jammyvwan01' resourceJson = json.dumps(vwan.serialize()) resp = self.cl.put_resource(resource_id, resourceJson, version.VERSION)
def main(): parser = argparse.ArgumentParser() parser.add_argument( '--location', required=False, default="eastus", help='Region where the resource template should be deployed') parser.add_argument('--resourceGroup', required=True, help='Resource Group Name') parser.add_argument('--subscriptionId', required=True, help='Subscription Id') parser.add_argument('--filePath', required=True, help='Path of the template file') args = parser.parse_args() cl = ArmClient() rg = cl.create_resource_group(args.subscriptionId, args.resourceGroup, args.location) resource_group_id = '/subscriptions/' + args.subscriptionId + '/resourceGroups/' + args.resourceGroup cl.deploy_template(args.subscriptionId, "test-deployment", args.resourceGroup, args.location, args.filePath)
def main(): parser = argparse.ArgumentParser() parser.add_argument('--location', required=False, default= "eastus", help='Region where the resource template should be deployed') parser.add_argument('--resourceGroup', required=True, help='Resource Group Name') parser.add_argument('--subscriptionId', required=True, help='Subscription Id') parser.add_argument('--policyPath', required=True, help='Path of the customer firewall policy json file') args = parser.parse_args() cl = ArmClient() # path to vnet sandbox template_path = '../tests/firewall_policy/templates/firewallPolicySandbox.json' rg = cl.create_resource_group(args.subscriptionId, args.resourceGroup, args.location) resource_group_id = '/subscriptions/' + args.subscriptionId + '/resourceGroups/' + args.resourceGroup cl.deploy_template(args.subscriptionId, "test-deployment01", args.resourceGroup, args.location, template_path) # load the firewall policy from json fw_policy_resource_id =resource_group_id + '/providers/Microsoft.Network/firewallPolicies/' + 'fwpolicy01' rcg_list = [] for filename in os.listdir(args.policyPath): if filename.endswith('.json'): print('Opening file ', filename) with open(os.path.join(args.policyPath, filename), 'r') as f: resource_dict = json.load(f) if "RuleCollectionGroups" in resource_dict['type']: rcg = FirewallPolicyRuleCollectionGroup.from_dict(resource_dict) rcg.id = None rcg.location = args.location rcg_list.append(rcg) else: fp = FirewallPolicy.from_dict(resource_dict) fp.location = args.location fp.resourceGroup = args.resourceGroup fp.id = None # create the firewall policy resource resp = cl.put_resource(fw_policy_resource_id, json.dumps(fp.serialize()), "2020-06-01") for index, rcg in enumerate(rcg_list): res_id = fw_policy_resource_id + '/RuleCollectionGroups/rcg' + str(index) print('Creating Resource: ', res_id) resp = cl.put_resource(res_id, json.dumps(rcg.serialize()), "2020-06-01") print('Created Resource: ', res_id)
def setup_rg(self, subscriptionId, resourceGroup, location): self.cl = ArmClient() self.rg = self.cl.create_resource_group(subscriptionId, resourceGroup, location)
def test_firewall_policy_inheritence(self, subscriptionId, location, resourceGroup): resourceGroup = "inheritence" + resourceGroup self.cl = ArmClient() self.rg = self.cl.create_resource_group(subscriptionId, resourceGroup, location) fp = FirewallPolicy() fp.location = location fp.resourceGroup = resourceGroup resource_group_id = '/subscriptions/' + subscriptionId + '/resourceGroups/' + resourceGroup # first deploy the ARM template template_file = os.path.join(os.path.dirname(__file__), 'templates', 'firewallPolicySandbox.json') self.cl.deploy_template(subscriptionId, "test-deployment-inheritence", resourceGroup, location, template_file) # create base firewall policy resourceId = resource_group_id + '/providers/Microsoft.Network/firewallPolicies/jammyFPBase' childPolicyId = resource_group_id + '/providers/Microsoft.Network/firewallPolicies/jammyFPChild' resp = self.put_firewall_policy(resourceId, fp) # create a rule collection group rcg_id = resourceId + '/ruleCollectionGroups/rcg01' net_rule = NetworkRule() net_rule.name = 'google_dns' net_rule.source_addresses = ['10.1.0.0/24'] net_rule.destination_addresses = ['8.8.8.8', '8.8.8.4'] net_rule.destination_ports = ["53"] net_rule.ip_protocols = [FirewallPolicyRuleNetworkProtocol.udp] rule_list = [] rule_list.append(net_rule) rcg = FirewallPolicyRuleCollectionGroup() rcg.priority = 200 rcg.rule_collections = [] rc = FirewallPolicyFilterRuleCollection() allow_action = FirewallPolicyFilterRuleCollectionAction() allow_action.type = "ALLOW" rc.rule_collection_type = 'FirewallPolicyFilterRuleCollection' rc.name = "testRuleCollection01" rc.priority = 1000 rc.action = allow_action rc.rules = rule_list rcg.rule_collections.append(rc) resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_id, resourceJson, "2021-05-01") base_policy_ref = SubResource() base_policy_ref.id = resourceId fp.base_policy = base_policy_ref resp = self.put_firewall_policy(childPolicyId, fp) # now associate the firewall policy with the firewall deployed. fw_resourceId = resource_group_id + '/providers/Microsoft.Network/azureFirewalls/' + 'firewall1' resp = self.cl.get_resource(fw_resourceId , "2020-07-01") firewall = AzureFirewall.from_dict(json.loads(resp)) policy_ref = SubResource() policy_ref.id = childPolicyId firewall.firewall_policy = policy_ref resp = self.cl.put_resource(firewall.id, json.dumps(firewall.serialize()), "2020-07-01") # verify that the policy is associated with the firewall updated_policy = self.get_firewall_policy(childPolicyId) assert len(updated_policy.firewalls) > 0 , "No firewalls associated with firewall policy" #update the base policy rule settings ftp_rule = NetworkRule() ftp_rule.name = 'ftp' ftp_rule.source_addresses = ['10.1.0.0/24'] ftp_rule.destination_addresses = ['52.8.4.1', '80.1.18.4'] ftp_rule.destination_ports = ["21"] ftp_rule.ip_protocols = [FirewallPolicyRuleNetworkProtocol.tcp] rule_list.append(ftp_rule) rcg = FirewallPolicyRuleCollectionGroup.from_dict(json.loads(self.cl.get_resource(rcg_id, "2021-05-01"))) rc = rcg.rule_collections[0] rc.rules = rule_list resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_id, resourceJson, "2021-05-01") assert (self.get_firewall_policy(resourceId)).provisioning_state == 'Succeeded', "Policy in failed state post update" #finally delete the resource group self.cl.delete_resource(resource_group_id, '2019-10-01')
class TestFirewallPolicy: cl = None @pytest.fixture def setup_rg(self, subscriptionId, resourceGroup, location): self.cl = ArmClient() self.rg = self.cl.create_resource_group(subscriptionId, resourceGroup, location) def get_firewall_policy(self, resource_id): resp = self.cl.get_resource(resource_id, "2021-05-01") return FirewallPolicy.from_dict(json.loads(resp)) def put_firewall_policy(self, resource_id, policy): resourceJson = json.dumps(policy.serialize()) resp = self.cl.put_resource(resource_id, resourceJson, "2021-05-01") return resp def create_network_rule(self, rule_name, src_addresses, dest_addresses, ports, protocols): net_rule = NetworkRule() net_rule.name = rule_name net_rule.source_addresses = src_addresses net_rule.destination_addresses = dest_addresses net_rule.destination_ports = ports net_rule.ip_protocols = protocols return net_rule def test_policy_with_ruleCollectionGroup(self, setup_rg, subscriptionId, location, resourceGroup): fp = FirewallPolicy() fp.location = location fp.resourceGroup = resourceGroup resourceId = '/subscriptions/' + subscriptionId + '/resourceGroups/' + resourceGroup + '/providers/Microsoft.Network/firewallPolicies/jammyFP01' resp = self.put_firewall_policy(resourceId, fp) rcg_resourceId = resourceId + '/ruleCollectionGroups/rcg01' rcg = FirewallPolicyRuleCollectionGroup() rcg.priority = 200 rcg.rule_collections = [] rc = FirewallPolicyRuleCollection() rc.rule_collection_type = 'FirewallPolicyFilterRuleCollection' rcg.rule_collections.append(rc) resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_resourceId, resourceJson, "2021-05-01") updated_policy = self.get_firewall_policy(resourceId) def test_create_delete_vhub_fw(self, setup_rg, subscriptionId, location, resourceGroup): fp = FirewallPolicy() fp.location = location fp.resourceGroup = resourceGroup resource_group_id = '/subscriptions/' + subscriptionId + '/resourceGroups/' + resourceGroup # first deploy the ARM template template_file = os.path.join(os.path.dirname(__file__), 'templates', 'firewallPolicyVhubSandbox.json') self.cl.deploy_template(subscriptionId, "test-deployment-vhub", resourceGroup, location, template_file) logger.info("test_create_delete_vhub_fw: Step 1: Deploying sandbox template succeeded") # create firewall policy resourceId = resource_group_id + '/providers/Microsoft.Network/firewallPolicies/jammyFP03' resp = self.put_firewall_policy(resourceId, fp) # create a rule collection group rcg_resourceId = resourceId + '/ruleCollectionGroups/rcg01' rcg = FirewallPolicyRuleCollectionGroup() rcg.priority = 200 rcg.rule_collections = [] rc = FirewallPolicyRuleCollection() allow_action = FirewallPolicyFilterRuleCollectionAction() allow_action.type = "ALLOW" rc.name = "testRuleCollection01" rc.priority = 1000 rc.action = allow_action rc.rule_collection_type = 'FirewallPolicyFilterRuleCollection' rule_list = [] rule_list.append(self.create_network_rule("rule1", ["10.1.0.0/16"], ["8.8.8.8"], ["53"],[FirewallPolicyRuleNetworkProtocol.udp])) rule_list.append(self.create_network_rule("rule2", ["10.1.0.0/16"], ["8.8.8.4"], ["53"],[FirewallPolicyRuleNetworkProtocol.udp])) rule_list.append(self.create_network_rule("rule3", ["10.1.0.0/16"], ["8.8.8.4"], ["443"],[FirewallPolicyRuleNetworkProtocol.tcp])) rc.rules = rule_list rcg.rule_collections.append(rc) resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_resourceId, resourceJson, "2021-05-01") logger.info("test_create_delete_vhub_fw: Step 2: Create FP with RuleCollectionGroup succeeded") # now associate the firewall policy with the firewall deployed. fw_resourceId = resource_group_id + '/providers/Microsoft.Network/azureFirewalls/' + 'firewall1' resp = self.cl.get_resource(fw_resourceId , "2020-07-01") firewall = AzureFirewall.from_dict(json.loads(resp)) policy_ref = SubResource() policy_ref.id = resourceId firewall.firewall_policy = policy_ref resp = self.cl.put_resource(firewall.id, json.dumps(firewall.serialize()), "2020-07-01") # verify that the policy is associated with the firewall updated_policy = self.get_firewall_policy(resourceId) assert len(updated_policy.firewalls) > 0 , "No firewalls associated with firewall policy" logger.info("test_create_delete_vhub_fw: Step 3: Associate FP with Firewall succeeded") #finally delete the resource group self.cl.delete_resource(resource_group_id, '2019-10-01') def test_create_delete_vnet_fw(self, setup_rg, subscriptionId, location, resourceGroup): fp = FirewallPolicy() fp.location = location fp.resourceGroup = resourceGroup resource_group_id = '/subscriptions/' + subscriptionId + '/resourceGroups/' + resourceGroup # first deploy the ARM template template_file = os.path.join(os.path.dirname(__file__), 'templates', 'firewallPolicySandbox.json') self.cl.deploy_template(subscriptionId, "test-deployment", resourceGroup, location, template_file) logger.info("test_create_delete_vnet_fw: Step 1: Deploying sandbox template succeeded") # create firewall policy resourceId = resource_group_id + '/providers/Microsoft.Network/firewallPolicies/jammyFP02' resp = self.put_firewall_policy(resourceId, fp) # create a rule collection group rcg_id = resourceId + '/ruleCollectionGroups/rcg01' net_rule = NetworkRule() net_rule.name = 'google_dns' net_rule.source_addresses = ['10.1.0.0/24'] net_rule.destination_addresses = ['8.8.8.8', '8.8.8.4'] net_rule.destination_ports = ["53"] net_rule.ip_protocols = [FirewallPolicyRuleNetworkProtocol.udp] rule_list = [] rule_list.append(net_rule) rcg = FirewallPolicyRuleCollectionGroup() rcg.priority = 200 rcg.rule_collections = [] rc = FirewallPolicyFilterRuleCollection() allow_action = FirewallPolicyFilterRuleCollectionAction() allow_action.type = "ALLOW" rc.rule_collection_type = 'FirewallPolicyFilterRuleCollection' rc.name = "testRuleCollection01" rc.priority = 1000 rc.action = allow_action rc.rules = rule_list rcg.rule_collections.append(rc) resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_id, resourceJson, "2021-05-01") logger.info("test_create_delete_vnet_fw: Step 2: Create FP with RuleCollectionGroup succeeded") # now associate the firewall policy with the firewall deployed. fw_resourceId = resource_group_id + '/providers/Microsoft.Network/azureFirewalls/' + 'firewall1' resp = self.cl.get_resource(fw_resourceId , "2020-07-01") firewall = AzureFirewall.from_dict(json.loads(resp)) policy_ref = SubResource() policy_ref.id = resourceId firewall.firewall_policy = policy_ref resp = self.cl.put_resource(firewall.id, json.dumps(firewall.serialize()), "2020-07-01") # verify that the policy is associated with the firewall updated_policy = self.get_firewall_policy(resourceId) assert len(updated_policy.firewalls) > 0 , "No firewalls associated with firewall policy" logger.info("test_create_delete_vnet_fw: Step 3: Associate FP with Firewall succeeded") #update the policy rule settings ftp_rule = NetworkRule() ftp_rule.name = 'ftp' ftp_rule.source_addresses = ['10.1.0.0/24'] ftp_rule.destination_addresses = ['52.8.4.1', '80.1.18.4'] ftp_rule.destination_ports = ["21"] ftp_rule.ip_protocols = [FirewallPolicyRuleNetworkProtocol.tcp] rule_list.append(ftp_rule) rcg = FirewallPolicyRuleCollectionGroup.from_dict(json.loads(self.cl.get_resource(rcg_id, "2021-05-01"))) rc = rcg.rule_collections[0] rc.rules = rule_list resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_id, resourceJson, "2021-05-01") assert (self.get_firewall_policy(resourceId)).provisioning_state == 'Succeeded', "Policy in failed state post update" logger.info("test_create_delete_vnet_fw: Step 4: Update Firewall Policy succeeded") #finally delete the resource group self.cl.delete_resource(resource_group_id, '2019-10-01') def test_firewall_policy_inheritence(self, subscriptionId, location, resourceGroup): resourceGroup = "inheritence" + resourceGroup self.cl = ArmClient() self.rg = self.cl.create_resource_group(subscriptionId, resourceGroup, location) fp = FirewallPolicy() fp.location = location fp.resourceGroup = resourceGroup resource_group_id = '/subscriptions/' + subscriptionId + '/resourceGroups/' + resourceGroup # first deploy the ARM template template_file = os.path.join(os.path.dirname(__file__), 'templates', 'firewallPolicySandbox.json') self.cl.deploy_template(subscriptionId, "test-deployment-inheritence", resourceGroup, location, template_file) # create base firewall policy resourceId = resource_group_id + '/providers/Microsoft.Network/firewallPolicies/jammyFPBase' childPolicyId = resource_group_id + '/providers/Microsoft.Network/firewallPolicies/jammyFPChild' resp = self.put_firewall_policy(resourceId, fp) # create a rule collection group rcg_id = resourceId + '/ruleCollectionGroups/rcg01' net_rule = NetworkRule() net_rule.name = 'google_dns' net_rule.source_addresses = ['10.1.0.0/24'] net_rule.destination_addresses = ['8.8.8.8', '8.8.8.4'] net_rule.destination_ports = ["53"] net_rule.ip_protocols = [FirewallPolicyRuleNetworkProtocol.udp] rule_list = [] rule_list.append(net_rule) rcg = FirewallPolicyRuleCollectionGroup() rcg.priority = 200 rcg.rule_collections = [] rc = FirewallPolicyFilterRuleCollection() allow_action = FirewallPolicyFilterRuleCollectionAction() allow_action.type = "ALLOW" rc.rule_collection_type = 'FirewallPolicyFilterRuleCollection' rc.name = "testRuleCollection01" rc.priority = 1000 rc.action = allow_action rc.rules = rule_list rcg.rule_collections.append(rc) resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_id, resourceJson, "2021-05-01") base_policy_ref = SubResource() base_policy_ref.id = resourceId fp.base_policy = base_policy_ref resp = self.put_firewall_policy(childPolicyId, fp) # now associate the firewall policy with the firewall deployed. fw_resourceId = resource_group_id + '/providers/Microsoft.Network/azureFirewalls/' + 'firewall1' resp = self.cl.get_resource(fw_resourceId , "2020-07-01") firewall = AzureFirewall.from_dict(json.loads(resp)) policy_ref = SubResource() policy_ref.id = childPolicyId firewall.firewall_policy = policy_ref resp = self.cl.put_resource(firewall.id, json.dumps(firewall.serialize()), "2020-07-01") # verify that the policy is associated with the firewall updated_policy = self.get_firewall_policy(childPolicyId) assert len(updated_policy.firewalls) > 0 , "No firewalls associated with firewall policy" #update the base policy rule settings ftp_rule = NetworkRule() ftp_rule.name = 'ftp' ftp_rule.source_addresses = ['10.1.0.0/24'] ftp_rule.destination_addresses = ['52.8.4.1', '80.1.18.4'] ftp_rule.destination_ports = ["21"] ftp_rule.ip_protocols = [FirewallPolicyRuleNetworkProtocol.tcp] rule_list.append(ftp_rule) rcg = FirewallPolicyRuleCollectionGroup.from_dict(json.loads(self.cl.get_resource(rcg_id, "2021-05-01"))) rc = rcg.rule_collections[0] rc.rules = rule_list resourceJson = json.dumps(rcg.serialize()) resp = self.cl.put_resource(rcg_id, resourceJson, "2021-05-01") assert (self.get_firewall_policy(resourceId)).provisioning_state == 'Succeeded', "Policy in failed state post update" #finally delete the resource group self.cl.delete_resource(resource_group_id, '2019-10-01')