Merge pull request #2255 from Azure/abmisr/mainToPreview

Bring updates from main to preview

e2e/test/iothub/messaging/AzureSecurityCenterForIoTSecurityMessageE2ETests.cs

@@ -20,13 +20,6 @@ public class AzureSecurityCenterForIoTSecurityMessageE2ETests : E2EMsTestBase
         private readonly string _devicePrefix = $"{nameof(AzureSecurityCenterForIoTSecurityMessageE2ETests)}_";
         private readonly string _modulePrefix = $"{nameof(AzureSecurityCenterForIoTSecurityMessageE2ETests)}_";
 
-        private readonly AzureSecurityCenterForIoTLogAnalyticsClient _logAnalyticsClient;
-
-        public AzureSecurityCenterForIoTSecurityMessageE2ETests()
-        {
-            _logAnalyticsClient = AzureSecurityCenterForIoTLogAnalyticsClient.CreateClient();
-        }
-
         [LoggedTestMethod]
         public Task SecurityMessage_DeviceSendSingleMessage_Amqp()
         {
@@ -82,10 +75,11 @@ public Task SecurityMessage_DeviceSendSingleMessage_Http()
             return TestSecurityMessageAsync(Client.TransportType.Http1);
         }
 
-        private Client.Message ComposeD2CSecurityTestMessage(out string eventId, out string payload, out string p1Value)
+        private Client.Message ComposeD2CSecurityTestMessage()
         {
-            eventId = p1Value = Guid.NewGuid().ToString();
-            payload = ComposeAzureSecurityCenterForIoTSecurityMessagePayload(eventId).ToString(Newtonsoft.Json.Formatting.None);
+            string eventId = Guid.NewGuid().ToString();
+            string p1Value = eventId;
+            string payload = ComposeAzureSecurityCenterForIoTSecurityMessagePayload(eventId).ToString(Newtonsoft.Json.Formatting.None);
 
             var message = new Client.Message(Encoding.UTF8.GetBytes(payload))
             {
@@ -130,7 +124,7 @@ private async Task TestSecurityMessageAsync(Client.TransportType transport)
 
             try
             {
-                await SendSingleSecurityMessageAsync(deviceClient, testDevice.Id, _logAnalyticsClient).ConfigureAwait(false);
+                await SendSingleSecurityMessageAsync(deviceClient).ConfigureAwait(false);
             }
             finally
             {
@@ -146,7 +140,7 @@ private async Task TestSecurityMessageModuleAsync(Client.TransportType transport
             {
                 try
                 {
-                    await SendSingleSecurityMessageModuleAsync(moduleClient, testModule.DeviceId, _logAnalyticsClient).ConfigureAwait(false);
+                    await SendSingleSecurityMessageModuleAsync(moduleClient).ConfigureAwait(false);
                 }
                 finally
                 {
@@ -156,46 +150,24 @@ private async Task TestSecurityMessageModuleAsync(Client.TransportType transport
         }
 
         private async Task SendSingleSecurityMessageAsync(
-            DeviceClient deviceClient,
-            string deviceId,
-            AzureSecurityCenterForIoTLogAnalyticsClient logAnalticsTestClient)
+            DeviceClient deviceClient)
         {
             await deviceClient.OpenAsync().ConfigureAwait(false);
 
-            using Client.Message testMessage = ComposeD2CSecurityTestMessage(out string eventId, out string payload, out string p1Value);
+            using Client.Message testMessage = ComposeD2CSecurityTestMessage();
             await deviceClient.SendEventAsync(testMessage).ConfigureAwait(false);
-
-            await ValidateEventAsync(deviceId, eventId, logAnalticsTestClient).ConfigureAwait(false);
         }
 
         private async Task SendSingleSecurityMessageModuleAsync(
-            ModuleClient moduleClient,
-            string deviceId,
-            AzureSecurityCenterForIoTLogAnalyticsClient logAnalticsTestClient)
+            ModuleClient moduleClient)
         {
             await moduleClient.OpenAsync().ConfigureAwait(false);
-            using Client.Message testMessage = ComposeD2CSecurityTestMessage(out string eventId, out _, out _);
+            using Client.Message testMessage = ComposeD2CSecurityTestMessage();
             await moduleClient.SendEventAsync(testMessage).ConfigureAwait(false);
-
-            await ValidateEventAsync(deviceId, eventId, logAnalticsTestClient).ConfigureAwait(false);
-        }
-
-        private async Task ValidateEventAsync(
-            string deviceId,
-            string eventId,
-            AzureSecurityCenterForIoTLogAnalyticsClient logAnalticsTestClient)
-        {
-            bool isReceivedOms = await logAnalticsTestClient.IsRawEventExist(deviceId, eventId).ConfigureAwait(false);
-            Assert.IsTrue(isReceivedOms, "Security message was not received in customer log analytics");
         }
 
         protected override void Dispose(bool disposing)
         {
-            if (disposing)
-            {
-                _logAnalyticsClient.Dispose();
-            }
-
             base.Dispose(disposing);
         }
     }

e2e/test/iothub/service/IoTHubCertificateValidationE2ETest.cs

@@ -12,8 +12,8 @@
 namespace Microsoft.Azure.Devices.E2ETests.Iothub.Service
 {
     [TestClass]
+    [Ignore("TODO: Enable when invalid cert server is back online.")]
     [TestCategory("InvalidServiceCertificate")]
-    [Ignore]
     public class IoTHubCertificateValidationE2ETest : E2EMsTestBase
     {
         [LoggedTestMethod]

e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1

@@ -15,12 +15,17 @@ param(
 
     # Specify this on the first execution to get everything installed in powershell. It does not need to be run every time.
     [Parameter()]
-    [bool] $InstallDependencies,
+    [switch] $InstallDependencies,
 
-    # Set this to true if you are generating resources for the DevOps test pipeline.
+    # Set this if you are generating resources for the DevOps test pipeline.
     # This will create resources capable of handling the test pipeline traffic, which is greater than what you would generally require for local testing.
     [Parameter()]
-    [bool] $GenerateResourcesForDevOpsPipeline
+    [switch] $GenerateResourcesForDevOpsPipeline,
+
+    # Set this if you would like to enable security solutions for your IoT Hub.
+    # Security solution for IoT Hub enables you to route security messages to a specific Log Analytics Workspace.
+    [Parameter()]
+    [switch] $EnableIotHubSecuritySolution
 )
 
 $startTime = (Get-Date)
@@ -32,6 +37,14 @@ $startTime = (Get-Date)
 $ErrorActionPreference = "Stop"
 $WarningActionPreference = "Continue"
 
+########################################################################################################
+# Log the values of optional parameters passed
+########################################################################################################
+
+Write-Host "`nInstallDependencies $InstallDependencies"
+Write-Host "`GenerateResourcesForDevOpsPipeline $GenerateResourcesForDevOpsPipeline"
+Write-Host "`EnableIotHubSecuritySolution $EnableIotHubSecuritySolution"
+
 ###########################################################################
 # Connect-AzureSubscription - gets current Azure context or triggers a 
 # user log in to Azure. Selects the Azure subscription for creation of 
@@ -390,7 +403,8 @@ az deployment group create `
     DpsCustomAllocatorRunCsxContent=$dpsCustomAllocatorRunCsxContent `
     DpsCustomAllocatorProjContent=$dpsCustomAllocatorProjContent `
     HubUnitsCount=$iothubUnitsToBeCreated `
-    UserAssignedManagedIdentityName=$managedIdentityName
+    UserAssignedManagedIdentityName=$managedIdentityName `
+    EnableIotHubSecuritySolution=$EnableIotHubSecuritySolution
 
 if ($LastExitCode -ne 0)
 {

e2e/test/prerequisites/E2ETestsSetup/test-resources.bicep

@@ -65,6 +65,9 @@ param ContainerName string = 'fileupload'
 @description('The name of the user assigned managed identity.')
 param UserAssignedManagedIdentityName string
 
+@description('Flag to indicate if IoT hub should have security solution enabled.')
+param EnableIotHubSecuritySolution bool = false
+
 var hubKeysId = resourceId('Microsoft.Devices/IotHubs/Iothubkeys', HubName, 'iothubowner')
 var farHubKeysId =  resourceId('Microsoft.Devices/IotHubs/Iothubkeys', FarHubName, 'iothubowner')
 var dpsKeysId = resourceId('Microsoft.Devices/ProvisioningServices/keys', DpsName, 'provisioningserviceowner')
@@ -254,14 +257,14 @@ resource provisioningService 'Microsoft.Devices/provisioningServices@2017-11-15'
   }
 }
 
-resource operationalInsightsWorkspaces 'Microsoft.OperationalInsights/workspaces@2017-03-15-preview' = {
+resource operationalInsightsWorkspaces 'Microsoft.OperationalInsights/workspaces@2017-03-15-preview' = if (EnableIotHubSecuritySolution) {
   name: OperationalInsightsName
   location: OperationInsightsLocation
   properties: {
   }
 }
 
-resource iotSecuritySolution 'Microsoft.Security/IoTSecuritySolutions@2019-08-01' = {
+resource iotSecuritySolution 'Microsoft.Security/IoTSecuritySolutions@2019-08-01' = if (EnableIotHubSecuritySolution) {
   name: SecuritySolutionName
   location: resourceGroup().location
   properties: {
@@ -366,7 +369,7 @@ output farHubConnectionString string = 'HostName=${FarHubName}.azure-devices.net
 output dpsName string = DpsName
 output dpsConnectionString string = 'HostName=${DpsName}.azure-devices-provisioning.net;SharedAccessKeyName=provisioningserviceowner;SharedAccessKey=${listkeys(dpsKeysId, '2017-11-15').primaryKey}'
 output storageAccountConnectionString string = 'DefaultEndpointsProtocol=https;AccountName=${StorageAccountName};AccountKey=${listkeys(storageAccount.id, '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net'
-output workspaceId string = '${reference(operationalInsightsWorkspaces.id, '2017-03-15-preview').customerId}'
+output workspaceId string = (EnableIotHubSecuritySolution) ? '${reference(operationalInsightsWorkspaces.id, '2017-03-15-preview').customerId}' : ''
 output customAllocationPolicyWebhook string = 'https://${WebsiteName}.azurewebsites.net/api/${DpsCustomAllocatorFunctionName}?code=${listkeys(functionKeysId, '2019-08-01').default}'
 output keyVaultName string = KeyVaultName
 output instrumentationKey string = reference(applicationInsights.id, '2015-05-01').InstrumentationKey