Merge branch 'network-november-release' of github.com:akshaysngupta/azure-powershell into fig-ag

Author: markcowl

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -93,7 +93,7 @@ Cleans the created resource groups
 function Clean-ResourceGroup($rgname)
 {
     if ((Get-NetworkTestMode) -ne 'Playback') {
-        Remove-AzureRmResourceGroup -Name $rgname -Force
+        Remove-AzResourceGroup -Name $rgname -Force
     }
 }
 

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/Common.ps1

@@ -12,7 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using AutoMapper;
+using Microsoft.Azure.Commands.ManagedServiceIdentity.Models;
 using Microsoft.Azure.Commands.Network.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
@@ -183,6 +183,20 @@ public class NewAzureApplicationGatewayCommand : ApplicationGatewayBaseCmdlet
             HelpMessage = "A hashtable which represents resource tags.")]
         public Hashtable Tag { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "ResourceId of the user assigned identity to be assigned to Application Gateway.")]
+        [ValidateNotNullOrEmpty]
+        public string UserAssignedIdentityId { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "user assigned identity to be assigned to Application Gateway.")]
+        [ValidateNotNullOrEmpty]
+        public PsUserAssignedIdentity UserAssignedIdentity { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "Do not ask for confirmation if you want to overrite a resource")]
@@ -322,6 +336,23 @@ private PSApplicationGateway CreateApplicationGateway()
                 applicationGateway.Zones = this.Zone?.ToList();
             }
 
+            if (this.UserAssignedIdentity != null)
+            {
+                this.UserAssignedIdentityId = this.UserAssignedIdentity.Id;
+            }
+
+            if (this.UserAssignedIdentityId != null)
+            {
+                applicationGateway.Identity = new PSManagedServiceIdentity
+                {
+                    Type = MNM.ResourceIdentityType.UserAssigned,
+                    UserAssignedIdentities = new Dictionary<string, PSManagedServiceIdentityUserAssignedIdentitiesValue>
+                    {
+                        { this.UserAssignedIdentityId, new PSManagedServiceIdentityUserAssignedIdentitiesValue() }
+                    }
+                };
+            }
+
             if (this.CustomErrorConfiguration != null)
             {
                 applicationGateway.CustomErrorConfigurations = this.CustomErrorConfiguration?.ToList();

src/ResourceManager/Network/Commands.Network/ApplicationGateway/NewAzureApplicationGatewayCommand.cs

@@ -29,24 +29,36 @@ public class AzureApplicationGatewaySslCertificateBase : NetworkBaseCmdlet
         public string Name { get; set; }
 
         [Parameter(
-               Mandatory = true,
+               Mandatory = false,
                HelpMessage = "Path of certificate PFX file")]
         [ValidateNotNullOrEmpty]
         public string CertificateFile { get; set; }
 
         [Parameter(
-               Mandatory = true,
+               Mandatory = false,
                HelpMessage = "Certificate password")]
         [ValidateNotNullOrEmpty]
         public SecureString Password { get; set; }
 
+        [Parameter(
+               Mandatory = false,
+               HelpMessage = "SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.")]
+        [ValidateNotNullOrEmpty]
+        public string KeyVaultSecretId { get; set; }
+
         public PSApplicationGatewaySslCertificate NewObject()
         {
             var sslCertificate = new PSApplicationGatewaySslCertificate();
 
             sslCertificate.Name = this.Name;
-            sslCertificate.Data = Convert.ToBase64String(File.ReadAllBytes(this.CertificateFile));
-            sslCertificate.Password = this.Password;
+            if (this.CertificateFile != null)
+            {
+                sslCertificate.Data = Convert.ToBase64String(File.ReadAllBytes(this.CertificateFile));
+                sslCertificate.Password = this.Password;
+            }
+
+            sslCertificate.KeyVaultSecretId = this.KeyVaultSecretId;
+
             sslCertificate.Id =
                 ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
                     this.NetworkClient.NetworkManagementClient.SubscriptionId,

src/ResourceManager/Network/Commands.Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs

@@ -40,4 +40,10 @@
         - New-AzureRmApplicationGatewayUrlPathMapConfig
 * Removed deprecated -ResourceId parameter from Get-AzServiceEndpointPolicyDefinition
 * Removed deprecated EnableVmProtection property from PSVirtualNetwork
-* Removed deprecated Set-AzVirtualNetworkGatewayVpnClientConfig cmdlet
+* Removed deprecated Set-AzVirtualNetworkGatewayVpnClientConfig cmdlet
+* Added KeyVault Support to Application Gateway using Identity.
+    - Cmdlets updated with optonal parameter -KeyVaultSecretId, -KeyVaultSecret
+        - Add-AzApplicationGatewaySslCertificate
+        - New-AzApplicationGatewaySslCertificate
+        - Set-AzApplicationGatewaySslCertificate
+    - New-AzApplicationGateway cmdlet updated with optional parameter -UserAssignedIdentityId, -UserAssignedIdentity

src/ResourceManager/Network/Commands.Network/ChangeLog.md

@@ -68,4 +68,8 @@
   <ItemGroup>
     <Content Include="help\**\*" CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\ManagedServiceIdentity\Commands.ManagedServiceIdentity\Commands.ManagedServiceIdentity.Netcore.csproj" />
+  </ItemGroup>
 </Project>

src/ResourceManager/Network/Commands.Network/Commands.Network.Netcore.csproj

@@ -56,6 +56,12 @@ private static void Initialize()
                 cfg.CreateMap<CNM.PSResourceId, MNM.SubResource>();
                 cfg.CreateMap<MNM.SubResource, CNM.PSResourceId>();
 
+                // Managed Service Identity
+                cfg.CreateMap<CNM.PSManagedServiceIdentity, MNM.ManagedServiceIdentity>();
+                cfg.CreateMap<MNM.ManagedServiceIdentity, CNM.PSManagedServiceIdentity>();
+                cfg.CreateMap<CNM.PSManagedServiceIdentityUserAssignedIdentitiesValue, MNM.ManagedServiceIdentityUserAssignedIdentitiesValue>();
+                cfg.CreateMap<MNM.ManagedServiceIdentityUserAssignedIdentitiesValue, CNM.PSManagedServiceIdentityUserAssignedIdentitiesValue>();
+
                 // Route Filter 
                 cfg.CreateMap<CNM.PSRouteFilter, MNM.RouteFilter>();
                 cfg.CreateMap<MNM.RouteFilter, CNM.PSRouteFilter>();

src/ResourceManager/Network/Commands.Network/Common/NetworkResourceManagerProfile.cs

@@ -75,6 +75,9 @@ public class PSApplicationGateway : PSTopLevelResource
         [Ps1Xml(Target = ViewControl.Table)]
         public string ProvisioningState { get; set; }
 
+        [Ps1Xml(Target = ViewControl.Table)]
+        public PSManagedServiceIdentity Identity { get; set; }
+
         [JsonIgnore]
         public string GatewayIpConfigurationsText
         {

src/ResourceManager/Network/Commands.Network/Models/PSApplicationGateway.cs

@@ -23,6 +23,7 @@ public class PSApplicationGatewaySslCertificate : PSChildResource
         public string Data { get; set; }
         public SecureString Password { get; set; }
         public string PublicCertData { get; set; }
+        public string KeyVaultSecretId { get; set; }
         [Ps1Xml(Target = ViewControl.Table)]
         public string ProvisioningState { get; set; }
         public string Type { get; set; }

src/ResourceManager/Network/Commands.Network/Models/PSApplicationGatewaySslCertificate.cs

@@ -0,0 +1,33 @@
+//
+// Copyright (c) Microsoft.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+using Microsoft.Azure.Management.Network.Models;
+using Microsoft.WindowsAzure.Commands.Common.Attributes;
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSManagedServiceIdentity
+    {
+        [Ps1Xml(Target = ViewControl.Table)]
+        public ResourceIdentityType? Type { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string PrincipalId { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string TenantId { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public Dictionary<string, PSManagedServiceIdentityUserAssignedIdentitiesValue> UserAssignedIdentities { get; set; }
+    }
+}

src/ResourceManager/Network/Commands.Network/Models/PSManagedServiceIdentity.cs

@@ -0,0 +1,27 @@
+//
+// Copyright (c) Microsoft.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+using Microsoft.WindowsAzure.Commands.Common.Attributes;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSManagedServiceIdentityUserAssignedIdentitiesValue
+    {
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string PrincipalId { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string ClientId { get; set; }
+    }
+}

src/ResourceManager/Network/Commands.Network/Models/PSManagedServiceIdentityUserAssignedIdentitiesValue.cs

@@ -15,16 +15,16 @@ Adds an SSL certificate to an application gateway.
 
 ```
 Add-AzApplicationGatewaySslCertificate -ApplicationGateway <PSApplicationGateway> -Name <String>
- -CertificateFile <String> -Password <SecureString> [-DefaultProfile <IAzureContextContainer>]
- [<CommonParameters>]
+ [-CertificateFile <String>] [-Password <SecureString>] [-KeyVaultSecretId <String>]
+ [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
 The **Add-AzApplicationGatewaySslCertificate** cmdlet adds an SSL certificate to an application gateway.
 
 ## EXAMPLES
 
-### Example 1: Add an SSL certificate to an application gateway.
+### Example 1: Add an SSL certificate using pfx to an application gateway.
 ```
 PS C:\> $AppGW = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
 PS C:\> $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
@@ -33,6 +33,28 @@ PS C:\> $AppGW = Add-AzApplicationGatewaySslCertificate -ApplicationGateway $App
 
 This command gets an application gateway named ApplicationGateway01 and then adds an SSL certificate named Cert01 to it.
 
+### Example 2: Add an SSL certificate using KeyVault Secret (version-less secretId) to an application gateway.
+```
+PS C:\> $AppGW = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+PS C:\> $secret = Get-AzKeyVaultSecret -VaultName "keyvault01" -Name "sslCert01"
+PS C:\> $secretId = $secret.Id.Replace($secret.Version, "") # https://<keyvaultname>.vault.azure.net/secrets/
+PS C:\> $AppGW = Add-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -KeyVaultSecretId $secretId
+```
+
+Get the secret and reference it in the `Add-AzApplicationGatewaySslCertificate` to add it to the Application Gateway with name `Cert01`.
+Note: As version-less secretId is provided here, Application Gateway will sync the certificate in regular intervals with the KeyVault.
+
+### Example 3: Add an SSL certificate using KeyVault Secret (versioned secretId) to an application gateway.
+```
+PS C:\> $AppGW = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+PS C:\> $secret = Get-AzKeyVaultSecret -VaultName "keyvault01" -Name "sslCert01"
+PS C:\> $secretId = $secret.Id # https://<keyvaultname>.vault.azure.net/secrets/<hash>
+PS C:\> $AppGW = Add-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -KeyVaultSecretId $secretId
+```
+
+Get the secret and reference it in the `Add-AzApplicationGatewaySslCertificate` to add it to the Application Gateway with name `Cert01`.
+Note: If it is required that Application Gateway syncs the certificate with the KeyVault, please provide the version-less secretId.
+
 ## PARAMETERS
 
 ### -ApplicationGateway
@@ -58,7 +80,7 @@ Type: System.String
 Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
@@ -71,7 +93,22 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -KeyVaultSecretId
+SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
 
 Required: False
 Position: Named
@@ -103,7 +140,7 @@ Type: System.Security.SecureString
 Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewaySslCertificate.md

@@ -30,7 +30,8 @@ New-AzApplicationGateway -Name <String> -ResourceGroupName <String> -Location <S
  [-RedirectConfigurations <PSApplicationGatewayRedirectConfiguration[]>]
  [-WebApplicationFirewallConfiguration <PSApplicationGatewayWebApplicationFirewallConfiguration>]
  [-AutoscaleConfiguration <PSApplicationGatewayAutoscaleConfiguration>] [-EnableHttp2] [-EnableFIPS]
- [-Zone <String[]>] [-Tag <Hashtable>] [-Force] [-AsJob]
+ [-Zone <String[]>] [-Tag <Hashtable>] [-UserAssignedIdentityId <String>]
+ [-UserAssignedIdentity <PsUserAssignedIdentity>] [-Force] [-AsJob]
  [-CustomErrorConfiguration <PSApplicationGatewayCustomError[]>] [-DefaultProfile <IAzureContextContainer>]
  [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
@@ -191,7 +192,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named
@@ -501,6 +502,36 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -UserAssignedIdentity
+user assigned identity to be assigned to Application Gateway.
+
+```yaml
+Type: Microsoft.Azure.Commands.ManagedServiceIdentity.Models.PsUserAssignedIdentity
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -UserAssignedIdentityId
+ResourceId of the user assigned identity to be assigned to Application Gateway.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -WebApplicationFirewallConfiguration
 Specifies a web application firewall (WAF) configuration. You can use the
 Get-AzApplicationGatewayWebApplicationFirewallConfiguration cmdlet to get a WAF.