Ipsec Policy for Virtual Network Gateway Connection#3666
Conversation
|
@henry416, |
|
Can one of the admins verify this patch? |
|
This PR is pending a merge from azure-sdk-for-net, will update nuget packages properly when this occurs. |
|
@cormacpayne Are there any steps / files I am missing in this PR? (other than the help files) |
|
@azuresdkci add to whitelist |
|
@cormacpayne can we rerun the check? It seems to be stuck. |
|
@azuresdkci test this please |
|
@cormacpayne I think the checks are failing b/c we haven't built and published a nuget package for the azure-sdk network branch. In the meantime is there any other component of this PR that is missing? |
cormacpayne
left a comment
cormacpayne
left a comment
There was a problem hiding this comment.
@henry416 Hey Henry, I left a couple of comments (most are about the version bump) that need to be resolved
| <Reference Include="Microsoft.Azure.Management.Network, Version=9.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | ||
| <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.9.1.0-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath> | ||
| <Reference Include="Microsoft.Azure.Management.Network, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | ||
| <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.9.2.0-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath> |
There was a problem hiding this comment.
@henry416 this will need to be bumped up to 10.0.0-preview
There was a problem hiding this comment.
@cormacpayne Shouldn't the version be 9.2.0? Anyways, the azure-sdk branch hasn't been merged yet so the nuget package to be published isn't available yet - think of the references as a placeholder for now.
| <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" /> | ||
| <package id="Microsoft.Azure.Management.Compute" version="14.0.0-prerelease" targetFramework="net45" /> | ||
| <package id="Microsoft.Azure.Management.Network" version="9.1.0-preview" targetFramework="net45" /> | ||
| <package id="Microsoft.Azure.Management.Network" version="9.2.0-preview" targetFramework="net45" /> |
| <Reference Include="Microsoft.Azure.Management.Network, Version=9.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | ||
| <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.9.1.0-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath> | ||
| <Reference Include="Microsoft.Azure.Management.Network, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | ||
| <HintPath>..\..\..\packages\Microsoft.Azure.Management.Network.9.2.0-preview\lib\net45\Microsoft.Azure.Management.Network.dll</HintPath> |
| <None Include="..\..\Common\Commands.ScenarioTests.ResourceManager.Common\AzureRM.Resources.ps1"> | ||
| <Link>ScenarioTests\AzureRM.Resources.ps1</Link> | ||
| </None> | ||
| <None Include="app.config" /> |
| } | ||
|
|
||
| [Fact] | ||
| [Fact(Skip = "Rerecord tests")] |
There was a problem hiding this comment.
@henry416 are these tests going to be re-recorded before this PR gets merged?
There was a problem hiding this comment.
Is that the standard procedure? I can change both tests back to [Fact]
There was a problem hiding this comment.
@henry416 is there any reason you are skipping these tests?
There was a problem hiding this comment.
I changed them back to [Fact]
| { | ||
| public class PSIpsecPolicy | ||
| { | ||
| public int SALifeTimeSeconds { get; set; } |
There was a problem hiding this comment.
@henry416 can you add a quick summary for each the properties?
/// <summary>
/// Brief description of property.
/// <summary>
public int SALifeTimeSeconds { get; set; }| ipsecPolicy.DhGroup = this.DhGroup; | ||
| ipsecPolicy.PfsGroup = this.PfsGroup; | ||
|
|
||
| WriteObject(ipsecPolicy); |
There was a problem hiding this comment.
@henry416 as an FYI, StaticAnalysis is going to throw an exception because this cmdlet uses the New verb, but doesn't implement ShouldProcess . Since this cmdlet is creating a local object, you do not need to implement this attribute, so you can suppress the exception. I will show you how to do so when the time comes 😄
There was a problem hiding this comment.
@cormacpayne Ah ok, that was an error that was confusing me. What would be the procedure to suppress that?
There was a problem hiding this comment.
@henry416 we have a suppression .csv file for each of the StaticAnalysis analyzers that we have, so the one you will be concerned about is tools/StaticAnalysis/Exceptions/SignatureIssues.csv, which is where you will paste the exception you want to suppress.
If you run the build locally, you will find a SignatureIssues.csv file in src/Package/Debug that contains all of the errors picked up during the build, and you will just need to copy the severity 1 issues from this file into the suppressed exceptions file mentioned previously.
There was a problem hiding this comment.
@cormacpayne I have suppressed the exceptions for the files I have altered.
| Mandatory = false, | ||
| ValueFromPipelineByPropertyName = true, | ||
| HelpMessage = "Whether to enable policy-based traffic selectors for a S2S connection")] | ||
| public string UsePolicyBasedTrafficSelectors { get; set; } |
There was a problem hiding this comment.
@henry416 why use a string here if you're going to just parse it into a bool? The recommended pattern is to add a parameter called EnablePolicyBasedTrafficSelectors, and when this switch is enabled, users can provide a value for the IpsecPolicies parameter. These two parameters would need to be in a separate parameter set from the default one, and EnablePolicyBasedTrafficSelectors would need to be a mandatory parameter. Let me know if you have any questions about this.
There was a problem hiding this comment.
@cormacpayne This field is meant to act similar to the enableBgp field - it should be completely optional so that it doesn't break any existing PS scripts. PolicyBasedTrafficSelectors is also independent of the IpsecPolicies field.
There was a problem hiding this comment.
@henry416 oops, sorry, I thought the two new parameters should be grouped together. In that case, you should just make this string parameter into a SwitchParameter called EnablePolicyBasedTrafficSelectors.
Following this pattern will make for a much better user experience - if the user wants to enable policy-based traffic selectors, then they will add -EnablePolicyBasedTrafficSelectors to the end of the command, and if they don't want to use it, then they don't have to do anything extra. Having the user provide a string that is being parsed into a bool is a less user-friendly way of having using a SwitchParameter.
There was a problem hiding this comment.
@cormacpayne I have changed it to SwitchParameter
| ``` | ||
|
|
||
| ## DESCRIPTION | ||
| {{Fill in the Description}} |
There was a problem hiding this comment.
@henry416 there are a few templates left behind from platyPS when generating the markdown for the first time. Would you mind replacing these templates (description, examples, etc.) with useful information for the user?
There was a problem hiding this comment.
@cormacpayne during platyPS regen, there were also a lot of other .md files changed that are not related to my work + Commands.Network/Microsoft.Azure.Commands.Network.dll-Help.xml - should I add those files as well?
There was a problem hiding this comment.
@henry416 you do not need to add those files - I am working on a change that will get rid of the XML help from the repository and refresh all of the markdown files (updating them with the latest changes in the code), so all of that should be taken care of when my PR gets merged
| <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" /> | ||
| <package id="Microsoft.Azure.Management.Compute" version="14.0.0-prerelease" targetFramework="net45" /> | ||
| <package id="Microsoft.Azure.Management.Network" version="9.1.0-preview" targetFramework="net45" /> | ||
| <package id="Microsoft.Azure.Management.Network" version="9.2.0-preview" targetFramework="net45" /> |
|
@cormacpayne Will I be able to push in changes after today? I haven't seen the sdk-for-net package being built yet - should I just put in the 10.0.0 version in the nuget references despite the package not existing? |
|
@cormacpayne I have added auto-generated .md files - picked up several changes from other services that weren't in the checked-in files |
| Creates a new peering configuration to be added to an ExpressRoute circuit. | ||
|
|
||
| ### [New-AzureRmIpsecPolicy](New-AzureRmIpsecPolicy.md) | ||
| {{Fill in the Synopsis}} |
|
@henry416 we will make sure the SDK gets published by early next week, and then once it is published (and any other feedback for this PR is resolved), then we can merge this |
|
@cormacpayne Okay, just to make sure, will this PR make the early april release in that case? |
|
@azuresdkci test this please |
|
@cormacpayne I updated the nuget package. Pending sign off if nothing else is blocking. |
|
@cormacpayne Fixed nuget package for compute |
|
@cormacpayne I have fixed two tests, however, I think the application gateway test is failing - could you contact someone on app gw to fix this? |
|
@cormacpayne Looks clear then - can merge proceed? |
|
@cormacpayne Fixed merge issues and added changelog |
|
@cormacpayne Can this be merged? |
5 participants
Description
THIS CHANGE MUST GO IN EARLY APRIL RELEASE
IPsec Policy support for Virtual Network Gateway Connection
Reference PR: Azure/azure-sdk-for-net#2943
This checklist is used to make sure that common guidelines for a pull request are followed. You can find a more complete discussion of PowerShell cmdlet best practices here.
General Guidelines
Testing Guidelines
Cmdlet Signature Guidelines
ShouldProcessand haveSupportShouldProcess=truespecified in the cmdlet attribute. You can find more information onShouldProcesshere.OutputTypeattribute if any output is produced - if the cmdlet produces no output, it should implement aPassThruparameter.Cmdlet Parameter Guidelines