Skip to content

Commit 875a6d9

Browse files
houk-mshouk-ms
authoredAug 14, 2020
[Network] Support private link for managed disks (Azure#14707)
* support private link for disks * fix typos * adjust error message * code refining
·
azure-cli-2.36.0azure-cli-2.11.0
1 parent db54374 commit 875a6d9

File tree

3 files changed

+1052
-2
lines changed

3 files changed

+1052
-2
lines changed
 

‎src/azure-cli/azure/cli/command_modules/network/private_link_resource_and_endpoint_connections/custom.py

+15-2
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,10 @@ def register_providers():
3131
_register_one_provider('Microsoft.EventGrid/domains', '2020-04-01-preview', True)
3232
_register_one_provider('Microsoft.SignalRService/signalr', '2020-05-01', False)
3333
_register_one_provider('Microsoft.Network/applicationGateways', '2020-05-01', True)
34+
_register_one_provider('Microsoft.Compute/diskAccesses', '2020-05-01', False, support_connection_operation=False)
3435

3536

36-
def _register_one_provider(provider, api_version, support_list_or_not, resource_get_api_version=None):
37+
def _register_one_provider(provider, api_version, support_list_or_not, resource_get_api_version=None, support_connection_operation=True): # pylint: disable=line-too-long
3738
"""
3839
:param provider: namespace + type.
3940
:param api_version: API version for private link scenarios.
@@ -43,12 +44,20 @@ def _register_one_provider(provider, api_version, support_list_or_not, resource_
4344
general_client_settings = {
4445
"api_version": api_version,
4546
"support_list_or_not": support_list_or_not,
46-
"resource_get_api_version": resource_get_api_version
47+
"resource_get_api_version": resource_get_api_version,
48+
"support_connection_operation": support_connection_operation
4749
}
4850

4951
TYPE_CLIENT_MAPPING[provider] = general_client_settings
5052

5153

54+
def _check_connection_operation_support(rp_mapping, resource_provider):
55+
if resource_provider in rp_mapping \
56+
and isinstance(rp_mapping[resource_provider], dict) \
57+
and not rp_mapping[resource_provider]['support_connection_operation']:
58+
raise CLIError("Resource provider {} currently does not support this operation".format(resource_provider))
59+
60+
5261
def _get_client(rp_mapping, resource_provider):
5362
for key, value in rp_mapping.items():
5463
if str.lower(key) == str.lower(resource_provider):
@@ -68,6 +77,7 @@ def list_private_link_resource(cmd, resource_group_name, name, resource_provider
6877

6978
def approve_private_endpoint_connection(cmd, resource_group_name, resource_name, resource_provider,
7079
name, approval_description=None):
80+
_check_connection_operation_support(TYPE_CLIENT_MAPPING, resource_provider)
7181
client = _get_client(TYPE_CLIENT_MAPPING, resource_provider)
7282
return client.approve_private_endpoint_connection(cmd, resource_group_name,
7383
resource_name, name,
@@ -76,18 +86,21 @@ def approve_private_endpoint_connection(cmd, resource_group_name, resource_name,
7686

7787
def reject_private_endpoint_connection(cmd, resource_group_name, resource_name, resource_provider,
7888
name, rejection_description=None):
89+
_check_connection_operation_support(TYPE_CLIENT_MAPPING, resource_provider)
7990
client = _get_client(TYPE_CLIENT_MAPPING, resource_provider)
8091
return client.reject_private_endpoint_connection(cmd, resource_group_name,
8192
resource_name, name,
8293
rejection_description)
8394

8495

8596
def remove_private_endpoint_connection(cmd, resource_group_name, resource_name, resource_provider, name):
97+
_check_connection_operation_support(TYPE_CLIENT_MAPPING, resource_provider)
8698
client = _get_client(TYPE_CLIENT_MAPPING, resource_provider)
8799
return client.remove_private_endpoint_connection(cmd, resource_group_name, resource_name, name)
88100

89101

90102
def show_private_endpoint_connection(cmd, resource_group_name, resource_name, resource_provider, name):
103+
_check_connection_operation_support(TYPE_CLIENT_MAPPING, resource_provider)
91104
client = _get_client(TYPE_CLIENT_MAPPING, resource_provider)
92105
return client.show_private_endpoint_connection(cmd, resource_group_name, resource_name, name)
93106

‎src/azure-cli/azure/cli/command_modules/network/tests/latest/recordings/test_disk_access_private_endpoint.yaml

+988
Large diffs are not rendered by default.

‎src/azure-cli/azure/cli/command_modules/network/tests/latest/test_private_endpoint_commands.py

+49
Original file line numberDiff line numberDiff line change
@@ -1342,5 +1342,54 @@ def test_manage_appgw_private_endpoint(self, resource_group):
13421342
# self.cmd('network application-gateway private-link list -g {rg} --gateway-name {appgw} ')
13431343

13441344

1345+
class NetworkPrivateLinkDiskAccessScenarioTest(ScenarioTest):
1346+
@ResourceGroupPreparer(name_prefix='test_disk_access_private_endpoint_')
1347+
def test_disk_access_private_endpoint(self, resource_group):
1348+
self.kwargs.update({
1349+
'loc': 'centraluseuap',
1350+
'disk_access': 'disk_access_name',
1351+
'pe_vnet': 'private_endpoint_vnet',
1352+
'pe_subnet': 'private_endpoint_subnet',
1353+
'pe_name': 'private_endpoint_name',
1354+
'pe_connection': 'private_connection_name'
1355+
})
1356+
1357+
# Create disk access for private endpoint
1358+
disk_access_output = self.cmd('disk-access create -g {rg} -l {loc} -n {disk_access}').get_output_in_json()
1359+
self.kwargs.update({
1360+
'disk_access_id': disk_access_output['id']
1361+
})
1362+
1363+
# Check private link resource
1364+
self.cmd('network private-link-resource list -g {rg} -n {disk_access} --type Microsoft.Compute/diskAccesses',
1365+
checks=[
1366+
self.check('length(@)', 1),
1367+
self.check('@[0].name', 'disks')
1368+
])
1369+
1370+
# Prepare the vnet to be connected to
1371+
self.cmd('network vnet create -g {rg} -n {pe_vnet} --subnet-name {pe_subnet}')
1372+
# Enable private endpoint on a vnet would require --disable-private-endpoint-network-policies=true
1373+
self.cmd('network vnet subnet update -g {rg} -n {pe_subnet} '
1374+
'--vnet-name {pe_vnet} '
1375+
'--disable-private-endpoint-network-policies true')
1376+
1377+
# Create a private endpoint connection for the disk access object
1378+
pe_output = self.cmd('network private-endpoint create -g {rg} -n {pe_name} --vnet-name {pe_vnet} '
1379+
'--subnet {pe_subnet} --private-connection-resource-id {disk_access_id} '
1380+
'--group-ids disks --connection-name {pe_connection}').get_output_in_json()
1381+
self.kwargs.update({
1382+
'pe_id': pe_output['id']
1383+
})
1384+
1385+
# Check the auto-approve of the private endpoint connection
1386+
self.cmd('network private-endpoint-connection list -g {rg} -n {disk_access} --type Microsoft.Compute/diskAccesses',
1387+
checks=[
1388+
self.check('length(@)', 1),
1389+
self.check('@[0].properties.privateEndpoint.id', '{pe_id}'),
1390+
self.check('@[0].properties.privateLinkServiceConnectionState.status', 'Approved')
1391+
])
1392+
1393+
13451394
if __name__ == '__main__':
13461395
unittest.main()

0 commit comments

Comments
 (0)
Please sign in to comment.