Add PrivateEndpointVNetPolicies parameter (#26091)

* Add PrivateEndpointVNetPolicies parameter

* Update format.ps1xml

* Some boilerplate code

* Some more boilerplate code

* Test

* Fix

* Parameter PrivateEndpointVNetPolicies of cmdlet New-AzVirtualNetwork does not follow the enforced naming convention of using a singular noun for a parameter name.

* Update ChangeLog

* Fix parameter name

* Fix change log

* Able to run test now

* Creating a virtual network

* Looks like default behavior is working

* Fix comments

* Setting PrivateEndpointVNetPolicies to Basic works

* Enabling for PL64K is working

* Disabling for PL64K is working

* Testing is working

* Update help file New-AzVirtualNetwork.md

* Fix NrpTeamAlias

---------

Co-authored-by: Will Ehrich <wehrich@microsoft.com>

Author: wdehrich

src/Network/Network.Test/ScenarioTests/VirtualNetworkTests.cs

@@ -209,5 +209,13 @@ public void TestVirtualNetworkEncryption()
         {
             TestRunner.RunTestScript("Test-VirtualNetworkEncryption");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.Owner, NrpTeamAlias.plcpdev)]
+        public void TestVirtualNetworkPrivateEndpointVNetPolicies()
+        {
+            TestRunner.RunTestScript("Test-VirtualNetworkPrivateEndpointVNetPolicies");
+        }
     }
 }

src/Network/Network.Test/ScenarioTests/VirtualNetworkTests.ps1

@@ -1816,4 +1816,61 @@ function Test-VirtualNetworkEncryption
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+<#
+.SYNOPSIS
+Tests creating, updating, and deleting virtual networks with the PrivateEndpointVNetPolicies property
+.DESCRIPTION
+#>
+function Test-VirtualNetworkPrivateEndpointVNetPolicies
+{
+    # Setup
+    $rgname = Get-ResourceGroupName
+    $vnet1Name = Get-ResourceName
+    $vnet2Name = Get-ResourceName
+    $vnet3Name = Get-ResourceName
+    $rglocation = Get-ProviderLocation ResourceManagement
+    $resourceTypeParent = "Microsoft.Network/virtualNetworks"
+    $location = Get-ProviderLocation $resourceTypeParent "eastus2euap"
+
+    try
+    {
+        # Create the resource group
+        $resourceGroup = New-AzResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" }
+    
+        # Create virtual network without specifying PrivateEndpointVNetPolicies
+        New-AzVirtualNetwork -Name $vnet1Name -ResourceGroupName $rgname -Location $location -AddressPrefix 10.1.0.0/16
+        
+        # Verify that PrivateEndpointVNetPolicies is "Disabled" by default
+        $vnet1 = Get-AzVirtualNetwork -Name $vnet1Name -ResourceGroupName $rgname
+        Assert-AreEqual "Disabled" $vnet1.PrivateEndpointVNetPolicies
+
+        # Create virtual network with PrivateEndpointVNetPolicies specified as "Disabled"
+        New-AzVirtualNetwork -Name $vnet2Name -ResourceGroupName $rgname -Location $location -AddressPrefix 10.2.0.0/16 -PrivateEndpointVNetPoliciesValue "Disabled"
+        $vnet2 = Get-AzVirtualNetwork -Name $vnet2Name -ResourceGroupName $rgname
+        Assert-AreEqual "Disabled" $vnet2.PrivateEndpointVNetPolicies
+
+        # Validate that the virtual network can be updated to set PrivateEndpointVNetPolicies to "Basic"
+        $vnet2.PrivateEndpointVNetPolicies = "Basic"
+        $vnet2 | Set-AzVirtualNetwork
+        $vnet2 = Get-AzVirtualNetwork -Name $vnet2Name -ResourceGroupName $rgname
+        Assert-AreEqual "Basic" $vnet2.PrivateEndpointVNetPolicies
+
+        # Create virtual network with PrivateEndpointVNetPolicies specified as "Basic"
+        New-AzVirtualNetwork -Name $vnet3Name -ResourceGroupName $rgname -Location $location -AddressPrefix 10.3.0.0/16 -PrivateEndpointVNetPoliciesValue "Basic"
+        $vnet3 = Get-AzVirtualNetwork -Name $vnet3Name -ResourceGroupName $rgname
+        Assert-AreEqual "Basic" $vnet3.PrivateEndpointVNetPolicies
+
+        # Validate that the virtual network can be updated to set PrivateEndpointVNetPolicies to "Disabled"
+        $vnet3.PrivateEndpointVNetPolicies = "Disabled"
+        $vnet3 | Set-AzVirtualNetwork
+        $vnet3 = Get-AzVirtualNetwork -Name $vnet3Name -ResourceGroupName $rgname
+        Assert-AreEqual "Disabled" $vnet3.PrivateEndpointVNetPolicies
+    }
+    finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkTests/TestVirtualNetworkPrivateEndpointVNetPolicies.json

@@ -47,6 +47,7 @@
 * Added support of `DestinationIPAddress` property in `New-AzPrivateLinkService` command
     - `LoadBalancerFrontendIpConfiguration` is not a mandatory parameter anymore.
     - The user can provide either `LoadBalancerFrontendIpConfiguration` or `DestinationIPAddress`.
+* Added support for `PrivateEndpointVNetPolicies` property in `New-AzVirtualNetwork`
 
 ## Version 7.8.1
 * Fixed secrets exposure in example documentation.

src/Network/Network/ChangeLog.md

@@ -49,6 +49,9 @@ public class PSVirtualNetwork : PSTopLevelResource, IResourceReference, IVirtual
 
         public PSExtendedLocation ExtendedLocation { get; set; }
 
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string PrivateEndpointVNetPolicies { get; set; }
+
         [JsonIgnore]
         public string AddressSpaceText
         {

src/Network/Network/Models/PSVirtualNetwork.cs

@@ -152,6 +152,10 @@
                 <Label>ExtendedLocation</Label>
                 <PropertyName>ExtendedLocationText</PropertyName>
               </ListItem>
+              <ListItem>
+                <Label>PrivateEndpointVNetPolicies</Label>
+                <PropertyName>PrivateEndpointVNetPolicies</PropertyName>
+              </ListItem>
             </ListItems>
           </ListEntry>
         </ListEntries>

src/Network/Network/Network.format.ps1xml

@@ -125,6 +125,12 @@ public class NewAzureVirtualNetworkCommand : VirtualNetworkBaseCmdlet
             HelpMessage = "The edge zone of the virtual network.")]
         public string EdgeZone { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "The PrivateEndpointVNetPolicies of the virtual network")]
+        public string PrivateEndpointVNetPoliciesValue { get; set; }
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "Do not ask for confirmation if you want to override a resource")]
@@ -193,6 +199,11 @@ private PSVirtualNetwork CreateVirtualNetwork()
                 vnet.ExtendedLocation = new PSExtendedLocation(this.EdgeZone);
             }
 
+            if(!string.IsNullOrEmpty(this.PrivateEndpointVNetPoliciesValue))
+            {
+                vnet.PrivateEndpointVNetPolicies = this.PrivateEndpointVNetPoliciesValue;
+            }
+
             // Map to the sdk object
             var vnetModel = NetworkResourceManagerProfile.Mapper.Map<MNM.VirtualNetwork>(vnet);
             vnetModel.Tags = TagsConversionHelper.CreateTagDictionary(Tag, validate: true);

src/Network/Network/VirtualNetwork/NewAzureVirtualNetworkCommand.cs

@@ -18,8 +18,8 @@ New-AzVirtualNetwork -Name <String> -ResourceGroupName <String> -Location <Strin
  [-DnsServer <String[]>] [-FlowTimeout <Int32>] [-Subnet <PSSubnet[]>] [-BgpCommunity <String>]
  [-EnableEncryption <String>] [-EncryptionEnforcementPolicy <String>] [-Tag <Hashtable>]
  [-EnableDdosProtection] [-DdosProtectionPlanId <String>] [-IpAllocation <PSIpAllocation[]>]
- [-EdgeZone <String>] [-Force] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ [-EdgeZone <String>] [-PrivateEndpointVNetPoliciesValue <String>] [-Force] [-AsJob]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -300,6 +300,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -PrivateEndpointVNetPoliciesValue
+The PrivateEndpointVNetPolicies of the virtual network
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -ResourceGroupName
 Specifies the name of a resource group to contain the virtual network.