Add PrivateEndpointVNetPolicies parameter (#26091)

* Add PrivateEndpointVNetPolicies parameter

* Update format.ps1xml

* Some boilerplate code

* Some more boilerplate code

* Test

* Fix

* Parameter PrivateEndpointVNetPolicies of cmdlet New-AzVirtualNetwork does not follow the enforced naming convention of using a singular noun for a parameter name.

* Update ChangeLog

* Fix parameter name

* Fix change log

* Able to run test now

* Creating a virtual network

* Looks like default behavior is working

* Fix comments

* Setting PrivateEndpointVNetPolicies to Basic works

* Enabling for PL64K is working

* Disabling for PL64K is working

* Testing is working

* Update help file New-AzVirtualNetwork.md

* Fix NrpTeamAlias

---------

Co-authored-by: Will Ehrich <[email protected]>

src/Network/Network.Test/ScenarioTests/VirtualNetworkTests.cs

@@ -209,5 +209,13 @@ public void TestVirtualNetworkEncryption()
  {
  TestRunner.RunTestScript("Test-VirtualNetworkEncryption");
  }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.CheckIn)]
+ [Trait(Category.Owner, NrpTeamAlias.plcpdev)]
+ public void TestVirtualNetworkPrivateEndpointVNetPolicies()
+ {
+ TestRunner.RunTestScript("Test-VirtualNetworkPrivateEndpointVNetPolicies");
+ }
  }
 }

src/Network/Network.Test/ScenarioTests/VirtualNetworkTests.ps1

@@ -1816,4 +1816,61 @@ function Test-VirtualNetworkEncryption
  # Cleanup
  Clean-ResourceGroup $rgname
  }
+}
+
+<#
+.SYNOPSIS
+Tests creating, updating, and deleting virtual networks with the PrivateEndpointVNetPolicies property
+.DESCRIPTION
+#>
+function Test-VirtualNetworkPrivateEndpointVNetPolicies
+{
+ # Setup
+ $rgname = Get-ResourceGroupName
+ $vnet1Name = Get-ResourceName
+ $vnet2Name = Get-ResourceName
+ $vnet3Name = Get-ResourceName
+ $rglocation = Get-ProviderLocation ResourceManagement
+ $resourceTypeParent = "Microsoft.Network/virtualNetworks"
+ $location = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+
+ try
+ {
+ # Create the resource group
+ $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" }
+
+ # Create virtual network without specifying PrivateEndpointVNetPolicies
+ New-AzVirtualNetwork -Name $vnet1Name -ResourceGroupName $rgname -Location $location -AddressPrefix 10.1.0.0/16
+
+ # Verify that PrivateEndpointVNetPolicies is "Disabled" by default
+ $vnet1 = Get-AzVirtualNetwork -Name $vnet1Name -ResourceGroupName $rgname
+ Assert-AreEqual "Disabled" $vnet1.PrivateEndpointVNetPolicies
+
+ # Create virtual network with PrivateEndpointVNetPolicies specified as "Disabled"
+ New-AzVirtualNetwork -Name $vnet2Name -ResourceGroupName $rgname -Location $location -AddressPrefix 10.2.0.0/16 -PrivateEndpointVNetPoliciesValue "Disabled"
+ $vnet2 = Get-AzVirtualNetwork -Name $vnet2Name -ResourceGroupName $rgname
+ Assert-AreEqual "Disabled" $vnet2.PrivateEndpointVNetPolicies
+
+ # Validate that the virtual network can be updated to set PrivateEndpointVNetPolicies to "Basic"
+ $vnet2.PrivateEndpointVNetPolicies = "Basic"
+ $vnet2 | Set-AzVirtualNetwork
+ $vnet2 = Get-AzVirtualNetwork -Name $vnet2Name -ResourceGroupName $rgname
+ Assert-AreEqual "Basic" $vnet2.PrivateEndpointVNetPolicies
+
+ # Create virtual network with PrivateEndpointVNetPolicies specified as "Basic"
+ New-AzVirtualNetwork -Name $vnet3Name -ResourceGroupName $rgname -Location $location -AddressPrefix 10.3.0.0/16 -PrivateEndpointVNetPoliciesValue "Basic"
+ $vnet3 = Get-AzVirtualNetwork -Name $vnet3Name -ResourceGroupName $rgname
+ Assert-AreEqual "Basic" $vnet3.PrivateEndpointVNetPolicies
+
+ # Validate that the virtual network can be updated to set PrivateEndpointVNetPolicies to "Disabled"
+ $vnet3.PrivateEndpointVNetPolicies = "Disabled"
+ $vnet3 | Set-AzVirtualNetwork
+ $vnet3 = Get-AzVirtualNetwork -Name $vnet3Name -ResourceGroupName $rgname
+ Assert-AreEqual "Disabled" $vnet3.PrivateEndpointVNetPolicies
+ }
+ finally
+ {
+ # Cleanup
+ Clean-ResourceGroup $rgname
+ }
 }

src/Network/Network/ChangeLog.md

@@ -47,6 +47,7 @@
 * Added support of `DestinationIPAddress` property in `New-AzPrivateLinkService` command
  - `LoadBalancerFrontendIpConfiguration` is not a mandatory parameter anymore.
  - The user can provide either `LoadBalancerFrontendIpConfiguration` or `DestinationIPAddress`.
+* Added support for `PrivateEndpointVNetPolicies` property in `New-AzVirtualNetwork`
 
 ## Version 7.8.1
 * Fixed secrets exposure in example documentation.

src/Network/Network/Models/PSVirtualNetwork.cs

@@ -49,6 +49,9 @@ public class PSVirtualNetwork : PSTopLevelResource, IResourceReference, IVirtual
 
  public PSExtendedLocation ExtendedLocation { get; set; }
 
+ [Ps1Xml(Target = ViewControl.Table)]
+ public string PrivateEndpointVNetPolicies { get; set; }
+
  [JsonIgnore]
  public string AddressSpaceText
  {

src/Network/Network/Network.format.ps1xml

@@ -152,6 +152,10 @@
  <Label>ExtendedLocation</Label>
  <PropertyName>ExtendedLocationText</PropertyName>
  </ListItem>
+ <ListItem>
+ <Label>PrivateEndpointVNetPolicies</Label>
+ <PropertyName>PrivateEndpointVNetPolicies</PropertyName>
+ </ListItem>
  </ListItems>
  </ListEntry>
  </ListEntries>

src/Network/Network/VirtualNetwork/NewAzureVirtualNetworkCommand.cs

@@ -125,6 +125,12 @@ public class NewAzureVirtualNetworkCommand : VirtualNetworkBaseCmdlet
  HelpMessage = "The edge zone of the virtual network.")]
  public string EdgeZone { get; set; }
 
+ [Parameter(
+ Mandatory = false,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "The PrivateEndpointVNetPolicies of the virtual network")]
+ public string PrivateEndpointVNetPoliciesValue { get; set; }
+
  [Parameter(
  Mandatory = false,
  HelpMessage = "Do not ask for confirmation if you want to override a resource")]
@@ -193,6 +199,11 @@ private PSVirtualNetwork CreateVirtualNetwork()
  vnet.ExtendedLocation = new PSExtendedLocation(this.EdgeZone);
  }
 
+ if(!string.IsNullOrEmpty(this.PrivateEndpointVNetPoliciesValue))
+ {
+ vnet.PrivateEndpointVNetPolicies = this.PrivateEndpointVNetPoliciesValue;
+ }
+
  // Map to the sdk object
  var vnetModel = NetworkResourceManagerProfile.Mapper.Map<MNM.VirtualNetwork>(vnet);
  vnetModel.Tags = TagsConversionHelper.CreateTagDictionary(Tag, validate: true);

src/Network/Network/help/New-AzVirtualNetwork.md

@@ -18,8 +18,8 @@ New-AzVirtualNetwork -Name <String> -ResourceGroupName <String> -Location <Strin
  [-DnsServer <String[]>] [-FlowTimeout <Int32>] [-Subnet <PSSubnet[]>] [-BgpCommunity <String>]
  [-EnableEncryption <String>] [-EncryptionEnforcementPolicy <String>] [-Tag <Hashtable>]
  [-EnableDdosProtection] [-DdosProtectionPlanId <String>] [-IpAllocation <PSIpAllocation[]>]
- [-EdgeZone <String>] [-Force] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ [-EdgeZone <String>] [-PrivateEndpointVNetPoliciesValue <String>] [-Force] [-AsJob]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -300,6 +300,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -PrivateEndpointVNetPoliciesValue
+The PrivateEndpointVNetPolicies of the virtual network
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -ResourceGroupName
 Specifies the name of a resource group to contain the virtual network.