Skip to content

Commit c60172e

Browse files
vidai-msftvidai-msft
authored
Disable default outbound access in live test (#27452)
1 parent dec0c0d commit c60172e

File tree

2 files changed

+26
-27
lines changed

2 files changed

+26
-27
lines changed

src/KeyVault/LiveTests/KeyVault/KeyVaultDataPlaneLiveTests/TestNetworkRuleSet.ps1

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,12 @@ Invoke-LiveTestScenario -Name "Create key vault and specifies network rules" -De
77
$vnName = New-LiveTestResourceName
88
$vaultLocation = "eastus"
99
$vnLocation = "westus"
10-
$frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name frontendSubnet -AddressPrefix "110.0.1.0/24" -ServiceEndpoint Microsoft.KeyVault
10+
$frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name frontendSubnet -AddressPrefix "110.0.1.0/24" -ServiceEndpoint Microsoft.KeyVault -DefaultOutboundAccess $false
1111
$virtualNetwork = New-AzVirtualNetwork -Name $vnName -ResourceGroupName $rg.ResourceGroupName -Location $vnLocation -AddressPrefix "110.0.0.0/16" -Subnet $frontendSubnet
1212
$myNetworkResId = $virtualNetwork.Subnets[0].Id
1313
$ruleSet = New-AzKeyVaultNetworkRuleSetObject -DefaultAction Allow -Bypass AzureServices -IpAddressRange "110.0.1.0/24" -VirtualNetworkResourceId $myNetworkResId
1414
$keyvault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -NetworkRuleSet $ruleSet -DisableRbacAuthorization
1515
Assert-AreEqual $keyvault.NetworkAcls.DefaultAction Allow
1616
Assert-AreEqual $keyvault.NetworkAcls.Bypass AzureServices
1717
# Assert-AreEqual $keyvault.NetworkAcls.VirtualNetworkResourceIds $myNetworkResId
18-
19-
}
18+
}

src/Network/LiveTests/Network/TestLiveScenarios.ps1

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ Invoke-LiveTestScenario -Name "Network interface CRUD with public IP address" -D
1111
$ipcfgName = New-LiveTestResourceName
1212
$nicName = New-LiveTestResourceName
1313

14-
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24
14+
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24 -DefaultOutboundAccess $false
1515
$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $snet
1616
$ipTag = New-AzPublicIpTag -IpTagType FirstPartyUsage -Tag "/NonProd"
1717
$pip = New-AzPublicIpAddress -ResourceGroupName $rgName -Name $pipName -Location $location -AllocationMethod Static -DomainNameLabel $domainNameLabel -IpTag $ipTag
@@ -57,7 +57,7 @@ Invoke-LiveTestScenario -Name "Network interface CRUD without public IP address"
5757
$snetName = New-LiveTestResourceName
5858
$nicName = New-LiveTestResourceName
5959

60-
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24
60+
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24 -DefaultOutboundAccess $false
6161
$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $snet
6262

6363
New-AzNetworkInterface -ResourceGroupName $rgName -Name $nicName -Location $location -Subnet $vnet.Subnets[0]
@@ -94,15 +94,15 @@ Invoke-LiveTestScenario -Name "Network interface CRUD with IP configuration" -De
9494
$ipconfig2Name = New-LiveTestResourceName
9595
$nicName = New-LiveTestResourceName
9696

97-
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24
97+
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24 -DefaultOutboundAccess $false
9898
$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $snet
9999

100100
$ipTag = New-AzPublicIpTag -IpTagType FirstPartyUsage -Tag "/NonProd"
101101
$pip = New-AzPublicIpAddress -ResourceGroupName $rgName -Name $pipName -Location $location -AllocationMethod Static -DomainNameLabel $domainNameLabel -IpTag $ipTag
102102
$ipconfig1 = New-AzNetworkInterfaceIpConfig -Name $ipconfig1Name -Subnet $vnet.Subnets[0] -PublicIpAddress $pip
103103
$ipconfig2 = New-AzNetworkInterfaceIpConfig -Name $ipconfig2Name -PrivateIpAddressVersion IPv6
104104

105-
New-AzNetworkInterface -ResourceGroupName $rgName -Name $nicName -Location $location -IpConfiguration $ipconfig1,$ipconfig2 -Tag @{ testtag = "testval" }
105+
New-AzNetworkInterface -ResourceGroupName $rgName -Name $nicName -Location $location -IpConfiguration $ipconfig1, $ipconfig2 -Tag @{ testtag = "testval" }
106106

107107
$actualNic = Get-AzNetworkInterface -Name $nicName -ResourceGroupName $rgName
108108
Assert-AreEqual $rgName $actualNic.ResourceGroupName
@@ -149,7 +149,7 @@ Invoke-LiveTestScenario -Name "Network interface CRUD with accelerated networkin
149149
$ipcfgName = New-LiveTestResourceName
150150
$nicName = New-LiveTestResourceName
151151

152-
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24
152+
$snet = New-AzVirtualNetworkSubnetConfig -Name $snetName -AddressPrefix 10.0.1.0/24 -DefaultOutboundAccess $false
153153
$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $snet
154154
$ipTag = New-AzPublicIpTag -IpTagType FirstPartyUsage -Tag "/NonProd"
155155
$pip = New-AzPublicIpAddress -ResourceGroupName $rgName -Name $pipName -Location $location -AllocationMethod Static -DomainNameLabel $domainNameLabel -IpTag $ipTag
@@ -197,10 +197,10 @@ Invoke-LiveTestScenario -Name "Network private link service" -Description "Test
197197
$plsIpCfgName = New-LiveTestResourceName
198198
$plsName = New-LiveTestResourceName
199199

200-
$feSubnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix 10.0.1.0/24
201-
$beSubnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix 10.0.2.0/24
202-
$oSubnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix 10.0.3.0/24 -PrivateLinkServiceNetworkPoliciesFlag Disabled
203-
$vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $feSubnet,$beSubnet,$oSubnet
200+
$feSubnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix 10.0.1.0/24 -DefaultOutboundAccess $false
201+
$beSubnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix 10.0.2.0/24 -DefaultOutboundAccess $false
202+
$oSubnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix 10.0.3.0/24 -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
203+
$vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $feSubnet, $beSubnet, $oSubnet
204204

205205
$lbIpCfg = New-AzLoadBalancerFrontendIpConfig -Name $lbIpCfgName -PrivateIpAddress 10.0.1.5 -Subnet $vnet.Subnets[0]
206206
$lbPoolCfg = New-AzLoadBalancerBackendAddressPoolConfig -Name $lbPoolCfgName
@@ -342,8 +342,8 @@ Invoke-LiveTestScenario -Name "Create virtual network" -Description "Test creati
342342
$beSnetName = New-LiveTestResourceName
343343
$vnetName = New-LiveTestResourceName
344344

345-
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24"
346-
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24"
345+
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -DefaultOutboundAccess $false
346+
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -DefaultOutboundAccess $false
347347
New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $feSnet, $beSnet -DnsServer 10.0.1.10, 10.0.1.11
348348

349349
$actual = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName
@@ -367,7 +367,7 @@ Invoke-LiveTestScenario -Name "Update virtual network" -Description "Test updati
367367
$beSnetName = New-LiveTestResourceName
368368
$vnetName = New-LiveTestResourceName
369369

370-
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24"
370+
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -DefaultOutboundAccess $false
371371
New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $feSnet
372372

373373
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName
@@ -378,7 +378,7 @@ Invoke-LiveTestScenario -Name "Update virtual network" -Description "Test updati
378378
Assert-AreEqual "Succeeded" $vnet.ProvisioningState
379379
Assert-AreEqual 1 $vnet.Subnets.Count
380380

381-
$vnet | Add-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24"
381+
$vnet | Add-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -DefaultOutboundAccess $false
382382
$vnet | Remove-AzVirtualNetworkSubnetConfig -Name $feSnetName
383383
$vnet | Set-AzVirtualNetwork
384384

@@ -402,8 +402,8 @@ Invoke-LiveTestScenario -Name "Remove virtual network" -Description "Test removi
402402
$beSnetName = New-LiveTestResourceName
403403
$vnetName = New-LiveTestResourceName
404404

405-
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24"
406-
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24"
405+
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -DefaultOutboundAccess $false
406+
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -DefaultOutboundAccess $false
407407
New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $feSnet, $beSnet
408408
Remove-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Force
409409

@@ -434,9 +434,9 @@ Invoke-LiveTestScenario -Name "Create private DNS zone group" -Description "Test
434434
$zoneCfgName = New-LiveTestResourceName
435435
$zoneGroupName = New-LiveTestResourceName
436436

437-
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
438-
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
439-
$oSnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix "10.0.3.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
437+
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
438+
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
439+
$oSnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix "10.0.3.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
440440
$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $feSnet, $beSnet, $oSnet
441441
$feSnet = $vnet.Subnets | Where-Object Name -eq $feSnetName
442442
$oSnet = $vnet.Subnets | Where-Object Name -eq $oSnetName
@@ -486,9 +486,9 @@ Invoke-LiveTestScenario -Name "Update private DNS zone group" -Description "Test
486486
$zoneCfgName1 = New-LiveTestResourceName
487487
$zoneGroupName = New-LiveTestResourceName
488488

489-
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
490-
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
491-
$oSnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix "10.0.3.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
489+
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
490+
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
491+
$oSnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix "10.0.3.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
492492
$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $feSnet, $beSnet, $oSnet
493493
$feSnet = $vnet.Subnets | Where-Object Name -eq $feSnetName
494494
$oSnet = $vnet.Subnets | Where-Object Name -eq $oSnetName
@@ -545,9 +545,9 @@ Invoke-LiveTestScenario -Name "Remove private DNS zone group" -Description "Test
545545
$zoneCfgName = New-LiveTestResourceName
546546
$zoneGroupName = New-LiveTestResourceName
547547

548-
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
549-
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
550-
$oSnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix "10.0.3.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled
548+
$feSnet = New-AzVirtualNetworkSubnetConfig -Name $feSnetName -AddressPrefix "10.0.1.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
549+
$beSnet = New-AzVirtualNetworkSubnetConfig -Name $beSnetName -AddressPrefix "10.0.2.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
550+
$oSnet = New-AzVirtualNetworkSubnetConfig -Name $oSnetName -AddressPrefix "10.0.3.0/24" -PrivateEndpointNetworkPoliciesFlag Disabled -PrivateLinkServiceNetworkPoliciesFlag Disabled -DefaultOutboundAccess $false
551551
$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name $vnetName -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $feSnet, $beSnet, $oSnet
552552
$feSnet = $vnet.Subnets | Where-Object Name -eq $feSnetName
553553
$oSnet = $vnet.Subnets | Where-Object Name -eq $oSnetName

0 commit comments

Comments
 (0)