{Network} CLI support for VPN Gateway Connection Certificate based authentication #32524
+27,307
−15,767
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
️✔️AzureCLI-FullTest
|
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| network vnet-gateway create | cmd network vnet-gateway create added parameter mi_system_assigned |
||
| network vnet-gateway create | cmd network vnet-gateway create added parameter mi_user_assigned |
||
| network vnet-gateway identity | sub group network vnet-gateway identity added |
||
| network vpn-connection create | cmd network vpn-connection create added parameter auth_type |
||
| network vpn-connection create | cmd network vpn-connection create added parameter cert_auth |
||
| network vpn-connection update | cmd network vpn-connection update added parameter authentication_type |
||
| network vpn-connection update | cmd network vpn-connection update added parameter certificate_authentication |
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
jsntcy,
kairu-ms and
yonzhan
huiii99
force-pushed
the
network-mi-vpn-cert
branch
from
d0edfa6 to
ea0d042
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for VPN Gateway Connection Certificate-based authentication and managed identity support for VNet gateways. The changes include:
- Adding managed identity (user-assigned) support to VNet gateway create/update operations
- Adding certificate-based authentication type to VPN connection create/update commands
- Updating the Network API version from 2024-07-01 to 2025-01-01
- Adding new identity management commands for VNet gateways
Reviewed changes
Copilot reviewed 25 out of 28 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| test_network_commands.py | Adds two comprehensive test classes covering managed identity and certificate authentication scenarios |
| VpnGatewayoutboundcert.pfx, VpnGatewayInboundCert.cer, VpnGatewayAuthCert.cer | Test certificate files for authentication scenarios |
| custom.py | Uncomments managed identity parameters and adds auth parameters to vpn-connection create |
| vpn_connection/*.py | AAZ-generated files updated with API version, authentication fields, and secret flags |
| vnet_gateway/*.py | AAZ-generated files updated with API version and identity support |
| vnet_gateway/identity/*.py | New identity management commands (assign/remove/show/wait) |
| _validators.py | Adds validation logic to clear shared keys when using certificate authentication |
| _template_builder.py | Updates API version and adds certificate auth parameters to template |
| _params.py | Adds auth_type and cert_auth parameters with JSON parsing support |
| _help.py | Adds documentation and examples for certificate authentication |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
huiii99
force-pushed
the
network-mi-vpn-cert
branch
from
fc1bd7f to
e2df42e
Compare
necusjz
reviewed
Dec 12, 2025
necusjz
reviewed
Dec 12, 2025
necusjz
reviewed
Dec 12, 2025
src/azure-cli/azure/cli/command_modules/network/tests/latest/certs/VpnGatewayAuthCert.cer
Show resolved
Hide resolved
necusjz
reviewed
Dec 12, 2025
src/azure-cli/azure/cli/command_modules/network/tests/latest/test_network_commands.py
Show resolved
Hide resolved
necusjz
reviewed
Dec 12, 2025
src/azure-cli/azure/cli/command_modules/network/tests/latest/test_network_commands.py
Outdated
Show resolved
Hide resolved
necusjz
reviewed
Dec 12, 2025
src/azure-cli/azure/cli/command_modules/network/tests/latest/test_network_commands.py
Outdated
Show resolved
Hide resolved
huiii99
force-pushed
the
network-mi-vpn-cert
branch
from
e2df42e to
b8084a8
Compare
Member
|
identity-related interfaces must strictly follow i.e., let's remove the parameters in the update command (subcommands are designed for that): |
Member
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
huiii99
force-pushed
the
network-mi-vpn-cert
branch
from
0939f81 to
ace8d36
Compare
huiii99
force-pushed
the
network-mi-vpn-cert
branch
3 times, most recently
from
b489e38 to
626c46a
Compare
…onnection feat: add vpn connection authentication test fix: cli linter error fix: ci error fix: add cli example fix: dev fix: fix review fix: identity-related dev fix: network modules test cases error fix: history tc failed dev dev dev fix: update test recording yaml dev dev
huiii99
force-pushed
the
network-mi-vpn-cert
branch
from
626c46a to
947c86f
Compare
necusjz
reviewed
Jan 8, 2026
necusjz
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related command
az network vnet-gateway createaz network vnet-gateway updateaz network vpn-connection createaz network vpn-connection updateDescription
Add managed identity support to network vnet-gateway create/update
Add authentication-type and certificate-based auth to network vpn-connection create/update
Resolve #32380
aaz Azure/aaz#912
Testing Guide
live test:
azdev test test_vnet_gateway_managed_identity --live --discoverazdev test test_vpn_connection_authentication --live --discoverplayback test after recording:
azdev test test_vnet_gateway_managed_identityazdev test test_vpn_connection_authenticationHistory Notes
[Network]
az network vnet-gateway: Add identity-related parameters and subgroup[Network]
az network vpn-connection: Add--auth-typeand--cert-authparametersThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.