Enable udp log optimization (Azure#19428)

* Added EnableUDPLogOptimization parameter to Firewall cmdlet

* Updated help markdown

* Rerun the pipeline

Co-authored-by: Gizachew Eshetie <[email protected]>

Author: Gizachew-Eshetie

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.cs

@@ -160,6 +160,14 @@ public void TestAzureFirewallCRUDIdentifyTopFatFlow()
         {
             TestRunner.RunTestScript("Test-AzureFirewallCRUDIdentifyTopFatFlow");
         }
-    
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
+        public void TestAzureFirewallCRUDEnableUDPLogOptimization()
+        {
+            TestRunner.RunTestScript("Test-AzureFirewallCRUDEnableUDPLogOptimization");
+        }
+
     }
 }

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1

@@ -1914,3 +1914,48 @@ function Test-AzureFirewallCRUDIdentifyTopFatFlow {
         Clean-ResourceGroup $rgname
     }
 }
+
+<#
+.SYNOPSIS
+Tests AzureFirewall EnableUDPLogOptimization
+#>
+function Test-AzureFirewallCRUDEnableUDPLogOptimization {
+    $rgname = Get-ResourceGroupName
+    $azureFirewallName = Get-ResourceName
+    $resourceTypeParent = "Microsoft.Network/AzureFirewalls"
+    $___location = Get-ProviderLocation $resourceTypeParent "eastus"
+
+    $vnetName = Get-ResourceName
+    $subnetName = "AzureFirewallSubnet"
+    $publicIpName = Get-ResourceName
+
+    try {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $___location
+
+        # Create the Virtual Network
+        $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
+        $vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $___location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+
+        # Create public ip
+        $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -___location $___location -AllocationMethod Static -Sku Standard
+
+        # Create AzureFirewall
+        $azureFirewall = New-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname -Location $___location -EnableUDPLogOptimization
+
+        # Verify
+        $azFirewall = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        Assert-AreEqual true $azFirewall.EnableUDPLogOptimization
+
+        # Reset the EnableUDPLogOptimization flag
+        $azFirewall.EnableUDPLogOptimization = $false
+        Set-AzFirewall -AzureFirewall $azFirewall
+        $azfw = Get-AzFirewall -Name $azureFirewallName -ResourceGroupName $rgname
+        
+        Assert-AreEqual false $azfw.EnableUDPLogOptimization
+    }
+    finally {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallCRUDEnableUDPLogOptimization.json

@@ -241,6 +241,12 @@ public class NewAzureFirewallCommand : AzureFirewallBaseCmdlet
        )]
         public SwitchParameter IdentifyTopFatFlow { get; set; }
 
+        [Parameter(
+             Mandatory = false,
+             HelpMessage = "Enable UDP Log Optimization. By default it is false."
+       )]
+        public SwitchParameter EnableUDPLogOptimization { get; set; }
+
         public override void Execute()
         {
             // Old params provided - Get the virtual network, get the public IP address
@@ -310,7 +316,8 @@ private PSAzureFirewall CreateAzureFirewall()
                     FirewallPolicy = FirewallPolicyId != null ? new MNM.SubResource(FirewallPolicyId) : null,
                     HubIPAddresses = this.HubIPAddress,
                     Zones = this.Zone == null ? null : this.Zone.ToList(),
-                    IdentifyTopFatFlow = (this.IdentifyTopFatFlow.IsPresent ? "True" : null)
+                    IdentifyTopFatFlow = (this.IdentifyTopFatFlow.IsPresent ? "True" : null),
+                    EnableUDPLogOptimization = (this.EnableUDPLogOptimization.IsPresent ? "True" : null)
                 };
             }
             else
@@ -331,7 +338,8 @@ private PSAzureFirewall CreateAzureFirewall()
                     DNSServer = this.DnsServer,
                     AllowActiveFTP = (this.AllowActiveFTP.IsPresent ? "true" : null),
                     Sku = sku,
-                    IdentifyTopFatFlow = (this.IdentifyTopFatFlow.IsPresent ? "True" : null)
+                    IdentifyTopFatFlow = (this.IdentifyTopFatFlow.IsPresent ? "True" : null),
+                    EnableUDPLogOptimization = (this.EnableUDPLogOptimization.IsPresent ? "True" : null)
                 };
 
                 if (this.Zone != null)

src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs

@@ -19,6 +19,9 @@
 --->
 
 ## Upcoming Release
+
+* Added `EnableUDPLogOptimization` parameter to `AzureFirewall`
+    - `New-AzFirewall`
 * Fixed a bug not able to add MSSQL application rules to an AZURE FIREWALL POLICY
 
 ## Version 4.20.1

src/Network/Network/ChangeLog.md

@@ -1308,6 +1308,7 @@ private static void Initialize()
                         { "Network.DNS.EnableProxy", src.DNSEnableProxy },
                         { "Network.DNS.Servers", src.DNSServer?.Aggregate((result, item) => result + "," + item) },
                         { "Network.AdditionalLogs.EnableFatFlowLogging", src.IdentifyTopFatFlow },
+                        { "Network.Logging.EnableUDPLogOptimization", src.EnableUDPLogOptimization },
                     }.Where(kvp => kvp.Value != null).ToDictionary(key => key.Key, val => val.Value);   // TODO: remove after backend code is refactored
                 });
                 cfg.CreateMap<CNM.PSAzureFirewallSku, MNM.AzureFirewallSku>();
@@ -1355,6 +1356,7 @@ private static void Initialize()
                     dest.AllowActiveFTP = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.FTP.AllowActiveFTP", StringComparison.OrdinalIgnoreCase)).Value;
                     dest.DNSEnableProxy = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.DNS.EnableProxy", StringComparison.OrdinalIgnoreCase)).Value;
                     dest.IdentifyTopFatFlow = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.AdditionalLogs.EnableFatFlowLogging", StringComparison.OrdinalIgnoreCase)).Value;
+                    dest.EnableUDPLogOptimization = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.Logging.EnableUDPLogOptimization", StringComparison.OrdinalIgnoreCase)).Value;
                     try
                     {
                         dest.DNSServer = src.AdditionalProperties?.SingleOrDefault(kvp => kvp.Key.Equals("Network.DNS.Servers", StringComparison.OrdinalIgnoreCase)).Value?.Split(',').Select(str => str.Trim()).ToArray();

src/Network/Network/Common/NetworkResourceManagerProfile.cs

@@ -81,6 +81,8 @@ public string[] PrivateRange
 
         public string IdentifyTopFatFlow { get; set; }
 
+        public string EnableUDPLogOptimization { get; set; }
+
         [JsonIgnore]
         public string IpConfigurationsText
         {

src/Network/Network/Models/AzureFirewall/PSAzureFirewall.cs

@@ -22,7 +22,7 @@ New-AzFirewall -Name <String> -ResourceGroupName <String> -Location <String>
  [-ThreatIntelWhitelist <PSAzureFirewallThreatIntelWhitelist>] [-PrivateRange <String[]>] [-EnableDnsProxy]
  [-DnsServer <String[]>] [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-SkuName <String>]
  [-SkuTier <String>] [-VirtualHubId <String>] [-HubIPAddress <PSAzureFirewallHubIpAddresses>]
- [-FirewallPolicyId <String>] [-AllowActiveFTP] [-IdentifyTopFatFlow]
+ [-FirewallPolicyId <String>] [-AllowActiveFTP] [-IdentifyTopFatFlow] [-EnableUDPLogOptimization]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -35,7 +35,7 @@ New-AzFirewall -Name <String> -ResourceGroupName <String> -Location <String> -Vi
  [-ThreatIntelWhitelist <PSAzureFirewallThreatIntelWhitelist>] [-PrivateRange <String[]>] [-EnableDnsProxy]
  [-DnsServer <String[]>] [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-SkuName <String>]
  [-SkuTier <String>] [-VirtualHubId <String>] [-HubIPAddress <PSAzureFirewallHubIpAddresses>]
- [-FirewallPolicyId <String>] [-AllowActiveFTP] [-IdentifyTopFatFlow]
+ [-FirewallPolicyId <String>] [-AllowActiveFTP] [-IdentifyTopFatFlow] [-EnableUDPLogOptimization]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -49,7 +49,7 @@ New-AzFirewall -Name <String> -ResourceGroupName <String> -Location <String> -Vi
  [-ThreatIntelWhitelist <PSAzureFirewallThreatIntelWhitelist>] [-PrivateRange <String[]>] [-EnableDnsProxy]
  [-DnsServer <String[]>] [-Tag <Hashtable>] [-Force] [-AsJob] [-Zone <String[]>] [-SkuName <String>]
  [-SkuTier <String>] [-VirtualHubId <String>] [-HubIPAddress <PSAzureFirewallHubIpAddresses>]
- [-FirewallPolicyId <String>] [-AllowActiveFTP] [-IdentifyTopFatFlow]
+ [-FirewallPolicyId <String>] [-AllowActiveFTP] [-IdentifyTopFatFlow] [-EnableUDPLogOptimization]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -346,6 +346,21 @@ Accept wildcard characters: False
 Enable DNS Proxy. By default it is disabled.
 
 
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -EnableUDPLogOptimization
+Enable UDP Log Optimization. By default it is false.
+
 ```yaml
 Type: System.Management.Automation.SwitchParameter
 Parameter Sets: (All)