Azure · mmyyrroonn · Feb 25, 2020 · Feb 21, 2020 · Feb 21, 2020 · Feb 24, 2020
@@ -242,3 +242,7 @@ def cf_virtual_router(cli_ctx, _):
 
 def cf_virtual_router_peering(cli_ctx, _):
     return network_client_factory(cli_ctx).virtual_router_peerings
+
+
+def cf_bastion_hosts(cli_ctx, _):
+    return network_client_factory(cli_ctx).bastion_hosts
@@ -5603,3 +5603,28 @@
 type: command
 short-summary: List available service aliases in the region which can be used for Service Endpoint Policies.
 """
+
+helps['network bastion'] = """
+type: group
+short-summary: Manage Azure bastion host.
+"""
+
+helps['network bastion create'] = """
+type: command
+short-summary: Create a Azure bastion host machine.
+"""
+
+helps['network bastion delete'] = """
+type: command
+short-summary: Delete a Azure bastion host machine.
+"""
+
+helps['network bastion list'] = """
+type: command
+short-summary: List all Azure bastion host machines.
+"""
+
+helps['network bastion show'] = """
+type: command
+short-summary: Show a Azure bastion host machine.
+"""
@@ -1722,3 +1722,11 @@ def load_arguments(self, _):
     with self.argument_context('network traffic-manager endpoint list') as c:
         c.argument('profile_name', id_part=None)
     # endregion
+
+    # region Bastion
+    with self.argument_context('network bastion') as c:
+        c.argument('bastion_host_name', help='Name of the Bastion Host.', options_list=['--name', '-n'])
+        c.argument('public_ip_address', help='Name or ID of the Azure public IP. The SKU of the public IP must be Standard.', validator=get_public_ip_validator())
+        c.argument('virtual_network_name', options_list=['--vnet-name'], help='Name of the virtual network. It must have a subnet called AzureBastionSubnet.', validator=get_subnet_validator())
+        c.ignore('subnet')
+    # endregion
@@ -27,7 +27,7 @@
     cf_express_route_circuit_connections, cf_express_route_gateways, cf_express_route_connections,
     cf_express_route_ports, cf_express_route_port_locations, cf_express_route_links, cf_app_gateway_waf_policy,
     cf_service_tags, cf_private_link_services, cf_private_endpoint_types, cf_peer_express_route_circuit_connections,
-    cf_virtual_router, cf_virtual_router_peering, cf_service_aliases)
+    cf_virtual_router, cf_virtual_router_peering, cf_service_aliases, cf_bastion_hosts)
 from azure.cli.command_modules.network._util import (
     list_network_resource_property, get_network_resource_property_entry, delete_network_resource_property_entry)
 from azure.cli.command_modules.network._format import (
@@ -335,6 +335,12 @@ def load_command_table(self, _):
         min_api='2019-08-01'
     )
 
+    network_bastion_hosts_sdk = CliCommandType(
+        operations_tmpl='azure.mgmt.network.operations#BastionHostsOperations.{}',
+        client_factory=cf_bastion_hosts,
+        min_api='2019-11-01'
+    )
+
     network_custom = CliCommandType(operations_tmpl='azure.cli.command_modules.network.custom#{}')
 
     # endregion
@@ -1111,3 +1117,11 @@ def _make_singular(value):
         g.show_command('show', 'get')
         g.command('list', 'list')
     # endregion
+
+    # region Bastion
+    with self.command_group('network bastion', network_bastion_hosts_sdk, is_preview=True) as g:
+        g.custom_command('create', 'create_bastion_host')
+        g.show_command('show', 'get')
+        g.custom_command('list', 'list_bastion_host')
+        g.command('delete', 'delete')
+    # endregion
@@ -5552,3 +5552,32 @@ def list_service_aliases(cmd, location, resource_group_name=None):
         return client.list_by_resource_group(resource_group_name=resource_group_name, location=location)
     return client.list(location=location)
 # endregion
+
+
+# region bastion
+def create_bastion_host(cmd, resource_group_name, bastion_host_name, virtual_network_name,
+                        public_ip_address, location=None, subnet='AzureBastionSubnet'):
+    client = network_client_factory(cmd.cli_ctx).bastion_hosts
+    (BastionHost,
+     BastionHostIPConfiguration,
+     SubResource) = cmd.get_models('BastionHost',
+                                   'BastionHostIPConfiguration',
+                                   'SubResource')
+    ip_config_name = "bastion_ip_config"
+    ip_configuration = BastionHostIPConfiguration(name=ip_config_name,
+                                                  subnet=SubResource(id=subnet),
+                                                  public_ip_address=SubResource(id=public_ip_address))
+
+    bastion_host = BastionHost(ip_configurations=[ip_configuration],
+                               location=location)
+    return client.create_or_update(resource_group_name=resource_group_name,
+                                   bastion_host_name=bastion_host_name,
+                                   parameters=bastion_host)
+
+
+def list_bastion_host(cmd, resource_group_name=None):
+    client = network_client_factory(cmd.cli_ctx).bastion_hosts
+    if resource_group_name is not None:
+        return client.list_by_resource_group(resource_group_name=resource_group_name)
+    return client.list()
+# endregion