Merge pull request #2313 from krkhan/dev

Report OS disk encryption status as "Unknown" for Linux VMs.

Author: Hovsep

src/ResourceManager/Compute/Commands.Compute/Commands.Compute.csproj

@@ -222,6 +222,7 @@
     <Compile Include="Extension\AzureDiskEncryption\AzureDiskEncryptionExtensionPublicSettings.cs" />
     <Compile Include="Extension\AzureDiskEncryption\DisableAzureDiskEncryption.cs" />
     <Compile Include="Extension\AzureDiskEncryption\GetAzureDiskEncryptionStatus.cs" />
+    <Compile Include="Extension\AzureDiskEncryption\OSType.cs" />
     <Compile Include="Extension\AzureDiskEncryption\RemoveAzureDiskEncryptionExtension.cs" />
     <Compile Include="Extension\AzureDiskEncryption\SetAzureDiskEncryptionExtension.cs" />
     <Compile Include="Extension\AzureVMBackup\AzureVMBackupExtensionUtil.cs" />

src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/AzureDiskEncryptionExtensionConstants.cs

@@ -35,5 +35,6 @@ public static class AzureDiskEncryptionExtensionConstants
         public const string passphraseKey = "Passphrase";
         public const string osTypeLinux = "Linux";
         public const string osTypeWindows = "Windows";
+        public const string defaultKeyEncryptionAlgorithm = "RSA-OAEP";
     }
 }

src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/GetAzureDiskEncryptionStatus.cs

@@ -17,6 +17,7 @@
 using Microsoft.Azure.Management.Compute;
 using Microsoft.Azure.Management.Compute.Models;
 using System;
+using System.Globalization;
 using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.Compute.Extension.AzureDiskEncryption
@@ -44,16 +45,47 @@ public class GetAzureDiskEncryptionStatusCommand : VirtualMachineExtensionBaseCm
         [ValidateNotNullOrEmpty]
         public string VMName { get; set; }
 
-        private bool IsOsVolumeEncrypted(VirtualMachine vmParameters)
+        private OSType GetOSType(VirtualMachine vmParameters)
         {
-            var osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters);
-            if (osVolumeEncryptionSettings != null)
+            if (vmParameters == null || vmParameters.StorageProfile == null || vmParameters.StorageProfile.OsDisk == null)
             {
-                return (osVolumeEncryptionSettings.Enabled == true
-                    && !string.IsNullOrWhiteSpace(osVolumeEncryptionSettings.DiskEncryptionKey.SecretUrl));
+                return OSType.Unknown;
             }
+            else
+            {
+                if (OperatingSystemTypes.Linux == vmParameters.StorageProfile.OsDisk.OsType)
+                {
+                    return OSType.Linux;
+                }
+                if (OperatingSystemTypes.Windows == vmParameters.StorageProfile.OsDisk.OsType)
+                {
+                    return OSType.Windows;
+                }
+                return OSType.Unknown;
+            }
+        }
+        private EncryptionStatus IsOsVolumeEncrypted(VirtualMachine vmParameters)
+        {
+            OSType osType = this.GetOSType(vmParameters);
+            switch (osType)
+            {
+                case OSType.Windows:
+                    DiskEncryptionSettings osEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters);
 
-            return false;
+                    if (osEncryptionSettings != null
+                        && osEncryptionSettings.DiskEncryptionKey != null
+                        && !String.IsNullOrEmpty(osEncryptionSettings.DiskEncryptionKey.SecretUrl)
+                        && osEncryptionSettings.Enabled == true)
+                    {
+                        return EncryptionStatus.Encrypted;
+                    }
+                    else
+                    {
+                        return EncryptionStatus.NotEncrypted;
+                    }
+                default:
+                    return EncryptionStatus.Unknown;
+            }
         }
 
         private DiskEncryptionSettings GetOsVolumeEncryptionSettings(VirtualMachine vmParameters)
@@ -66,18 +98,38 @@ private DiskEncryptionSettings GetOsVolumeEncryptionSettings(VirtualMachine vmPa
             }
             return null;
         }
-        private bool IsAzureDiskEncryptionExtension(VirtualMachineExtension vmExtension)
+
+        private bool IsAzureDiskEncryptionExtension(OSType osType, VirtualMachineExtension vmExtension)
         {
-            if ((vmExtension != null) &&
-                (vmExtension.Publisher != null) &&
-                (vmExtension.VirtualMachineExtensionType != null) &&
-                (vmExtension.Publisher.Equals(AzureDiskEncryptionExtensionContext.ExtensionDefaultPublisher, StringComparison.InvariantCultureIgnoreCase)) &&
-                (vmExtension.VirtualMachineExtensionType.Equals(AzureDiskEncryptionExtensionContext.ExtensionDefaultName, StringComparison.InvariantCultureIgnoreCase)))
+            switch (osType)
             {
-                return true;
-            }
+                case OSType.Windows:
+                    if ((vmExtension != null) &&
+                        (vmExtension.Publisher != null) &&
+                        (vmExtension.VirtualMachineExtensionType != null) &&
+                        (vmExtension.Publisher.Equals(AzureDiskEncryptionExtensionContext.ExtensionDefaultPublisher, StringComparison.InvariantCultureIgnoreCase)) &&
+                        (vmExtension.VirtualMachineExtensionType.Equals(AzureDiskEncryptionExtensionContext.ExtensionDefaultName, StringComparison.InvariantCultureIgnoreCase)))
+                    {
+                        return true;
+                    }
 
-            return false;
+                    return false;
+                case OSType.Linux:
+                    if ((vmExtension != null) &&
+                        (vmExtension.Publisher != null) &&
+                        (vmExtension.VirtualMachineExtensionType != null) &&
+                        (vmExtension.Publisher.Equals(AzureDiskEncryptionExtensionContext.LinuxExtensionDefaultPublisher, StringComparison.InvariantCultureIgnoreCase)) &&
+                        (vmExtension.VirtualMachineExtensionType.Equals(AzureDiskEncryptionExtensionContext.LinuxExtensionDefaultName, StringComparison.InvariantCultureIgnoreCase)))
+                    {
+                        return true;
+                    }
+
+                    return false;
+                case OSType.Unknown:
+                    return false;
+                default:
+                    return false;
+            }
         }
 
         private bool DataVolumeInExtensionConfig(AzureDiskEncryptionExtensionContext adeExtension)
@@ -108,32 +160,42 @@ private bool ExtensionProvisioningSucceeded(AzureDiskEncryptionExtensionContext
             return false;
         }
 
-        private bool AreDataVolumesEncrypted(VirtualMachine vmParameters)
+        private EncryptionStatus AreDataVolumesEncrypted(VirtualMachine vmParameters)
         {
             if (vmParameters == null || vmParameters.Resources == null)
             {
-                return false;
+                return EncryptionStatus.Unknown;
             }
 
+            OSType osType = this.GetOSType(vmParameters);
             foreach (VirtualMachineExtension vmExtension in vmParameters.Resources)
             {
-                if (IsAzureDiskEncryptionExtension(vmExtension))
+                switch (osType)
                 {
-                    AzureDiskEncryptionExtensionContext adeExtension = new AzureDiskEncryptionExtensionContext(vmExtension.ToPSVirtualMachineExtension(this.ResourceGroupName, this.VMName));
-                    if (DataVolumeInExtensionConfig(adeExtension))
-                    {
-                        if (adeExtension.EncryptionOperation.Equals(AzureDiskEncryptionExtensionConstants.enableEncryptionOperation, StringComparison.InvariantCultureIgnoreCase))
+                    case OSType.Windows:
+                    case OSType.Linux:
+                        if (IsAzureDiskEncryptionExtension(osType, vmExtension))
                         {
-                            if (ExtensionProvisioningSucceeded(adeExtension))
+                            AzureDiskEncryptionExtensionContext adeExtension = new AzureDiskEncryptionExtensionContext(vmExtension.ToPSVirtualMachineExtension(this.ResourceGroupName, this.VMName));
+                            if (DataVolumeInExtensionConfig(adeExtension))
                             {
-                                return true;
+                                if (adeExtension.EncryptionOperation.Equals(AzureDiskEncryptionExtensionConstants.enableEncryptionOperation, StringComparison.InvariantCultureIgnoreCase))
+                                {
+                                    if (ExtensionProvisioningSucceeded(adeExtension))
+                                    {
+                                        return EncryptionStatus.Encrypted;
+                                    }
+                                }
                             }
                         }
-                    }
+                        break;
+                    case OSType.Unknown:
+                        return EncryptionStatus.Unknown;
+                    default:
+                        return EncryptionStatus.Unknown;
                 }
             }
-
-            return false;
+            return EncryptionStatus.NotEncrypted;
         }
 
         public override void ExecuteCmdlet()
@@ -144,19 +206,31 @@ public override void ExecuteCmdlet()
             {
                 VirtualMachine vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(this.ResourceGroupName, this.VMName));
 
-                bool osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters);
+                EncryptionStatus osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters);
                 DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters);
-                bool dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters);
+                EncryptionStatus dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters);
 
-                AzureDiskEncryptionStatusContext encryptionStatus = new AzureDiskEncryptionStatusContext
+                OSType osType = GetOSType(vmParameters);
+                switch (osType)
                 {
-                    OsVolumeEncrypted = osVolumeEncrypted,
-                    OsVolumeEncryptionSettings = osVolumeEncryptionSettings,
-                    DataVolumesEncrypted = dataVolumesEncrypted
-                };
-                WriteObject(encryptionStatus);
+                    case OSType.Windows:
+                    case OSType.Linux:
+                        AzureDiskEncryptionStatusContext encryptionStatus = new AzureDiskEncryptionStatusContext
+                        {
+                            OsVolumeEncrypted = osVolumeEncrypted,
+                            DataVolumesEncrypted = dataVolumesEncrypted,
+                            OsVolumeEncryptionSettings = osVolumeEncryptionSettings
+                        };
+                        WriteObject(encryptionStatus);
+                        break;
+                    case OSType.Unknown:
+                        ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "OS type unknown.")),
+                                                      "InvalidResult",
+                                                      ErrorCategory.InvalidResult,
+                                                      null));
+                        break;
+                }
             });
-
         }
     }
 }

src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/OSType.cs

@@ -0,0 +1,29 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Commands.Compute.Extension.AzureDiskEncryption
+{
+    enum OSType
+    {
+        Windows,
+        Linux,
+        Unknown
+    }
+}

src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/SetAzureDiskEncryptionExtension.cs

@@ -311,11 +311,24 @@ private Hashtable GetExtensionPublicSettings()
             publicSettings.Add(AzureDiskEncryptionExtensionConstants.aadClientCertThumbprintKey, AadClientCertThumbprint ?? String.Empty);
             publicSettings.Add(AzureDiskEncryptionExtensionConstants.keyVaultUrlKey, DiskEncryptionKeyVaultUrl ?? String.Empty);
             publicSettings.Add(AzureDiskEncryptionExtensionConstants.keyEncryptionKeyUrlKey, KeyEncryptionKeyUrl ?? String.Empty);
-            publicSettings.Add(AzureDiskEncryptionExtensionConstants.keyEncryptionAlgorithmKey, KeyEncryptionAlgorithm ?? String.Empty);
             publicSettings.Add(AzureDiskEncryptionExtensionConstants.volumeTypeKey, VolumeType ?? String.Empty);
             publicSettings.Add(AzureDiskEncryptionExtensionConstants.encryptionOperationKey, AzureDiskEncryptionExtensionConstants.enableEncryptionOperation);
             publicSettings.Add(AzureDiskEncryptionExtensionConstants.sequenceVersionKey, SequenceVersion ?? String.Empty);
 
+            string keyEncryptAlgorithm = string.Empty;
+            if (!string.IsNullOrEmpty(this.KeyEncryptionKeyUrl))
+            {
+                if(!string.IsNullOrEmpty(KeyEncryptionAlgorithm))
+                {
+                    keyEncryptAlgorithm = KeyEncryptionAlgorithm;
+                }
+                else
+                {
+                    keyEncryptAlgorithm = AzureDiskEncryptionExtensionConstants.defaultKeyEncryptionAlgorithm;
+                }
+            }
+            publicSettings.Add(AzureDiskEncryptionExtensionConstants.keyEncryptionAlgorithmKey, keyEncryptAlgorithm);
+
             return publicSettings;
         }
 
@@ -347,12 +360,11 @@ private VirtualMachineExtension GetVmExtensionParameters(VirtualMachine vmParame
 
             if (OperatingSystemTypes.Windows.Equals(currentOSType))
             {
-                this.Name = this.Name ?? AzureDiskEncryptionExtensionContext.ExtensionDefaultName;
                 vmExtensionParameters = new VirtualMachineExtension
                 {
                     Location = vmParameters.Location,
                     Publisher = AzureDiskEncryptionExtensionContext.ExtensionDefaultPublisher,
-                    VirtualMachineExtensionType = AzureDiskEncryptionExtensionContext.ExtensionDefaultName,
+                    VirtualMachineExtensionType = this.Name ?? AzureDiskEncryptionExtensionContext.ExtensionDefaultName,
                     TypeHandlerVersion = (this.TypeHandlerVersion) ?? AzureDiskEncryptionExtensionContext.ExtensionDefaultVersion,
                     Settings = SettingString,
                     ProtectedSettings = ProtectedSettingString,
@@ -361,12 +373,11 @@ private VirtualMachineExtension GetVmExtensionParameters(VirtualMachine vmParame
             }
             else if (OperatingSystemTypes.Linux.Equals(currentOSType))
             {
-                this.Name = this.Name ?? AzureDiskEncryptionExtensionContext.LinuxExtensionDefaultName;
                 vmExtensionParameters = new VirtualMachineExtension
                 {
                     Location = vmParameters.Location,
                     Publisher = AzureDiskEncryptionExtensionContext.LinuxExtensionDefaultPublisher,
-                    VirtualMachineExtensionType = AzureDiskEncryptionExtensionContext.LinuxExtensionDefaultName,
+                    VirtualMachineExtensionType = this.Name ?? AzureDiskEncryptionExtensionContext.LinuxExtensionDefaultName,
                     TypeHandlerVersion = (this.TypeHandlerVersion) ?? AzureDiskEncryptionExtensionContext.LinuxExtensionDefaultVersion,
                     Settings = SettingString,
                     ProtectedSettings = ProtectedSettingString,

src/ResourceManager/Compute/Commands.Compute/Extension/AzureVMBackup/AzureVMBackupException.cs

@@ -21,6 +21,7 @@ public class AzureVMBackupErrorCodes
         public const int TimeOut = 1;
         public const int OSNotSupported = 2;
         public const int WrongBlobUriFormat = 3;
+        public const int NoSnapshotFound = 4;
     }
 
     public class AzureVMBackupException : Exception

src/ResourceManager/Compute/Commands.Compute/Extension/AzureVMBackup/AzureVMBackupExtensionUtil.cs

@@ -29,6 +29,7 @@
 using System;
 using System.Collections.Generic;
 using System.Threading;
+using System.Threading.Tasks;
 
 namespace Microsoft.Azure.Commands.Compute.Extension.AzureVMBackup
 {
@@ -168,10 +169,18 @@ public void RemoveSnapshot(AzureVMBackupConfig vmConfig, string snapshotTag, Vir
             List<string> blobUris = this.GetDiskBlobUris(virtualMachineResponse.Body);
 
             Dictionary<string, string> snapshotQuery = new Dictionary<string, string>();
-            List<CloudPageBlob> snapshots = this.FindSnapshot(blobUris, snapshotQuery, storageCredentialsFactory);
-            foreach (CloudPageBlob snapshot in snapshots)
+            snapshotQuery.Add(backupExtensionMetadataName, snapshotTag);
+            List <CloudPageBlob> snapshots = this.FindSnapshot(blobUris, snapshotQuery, storageCredentialsFactory);
+            if (snapshots == null || snapshots.Count == 0)
+            {
+                throw new AzureVMBackupException(AzureVMBackupErrorCodes.NoSnapshotFound, "snapshot with the tag not found.");
+            }
+            else
             {
-                snapshot.Delete();
+                foreach (CloudPageBlob snapshot in snapshots)
+                {
+                    snapshot.Delete();
+                }
             }
         }
 

src/ResourceManager/Compute/Commands.Compute/Microsoft.Azure.Commands.Compute.dll-Help.xml

@@ -3087,7 +3087,7 @@ PS C:\> Add-AzureRmVmssWinRMListener -VirtualMachineScaleSet $VMSS -Protocol
 		<dev:version />
 	</command:details>
 	<maml:description>
-		<maml:para>The Disable-AzureRmVMDiskEncryption cmdlet disables encryption on an infrastructure as a service (IaaS) virtual machine. This cmdlet is only supported on Windows virtual machines and not Linux virtual machines. This cmdlet installs an extension on the virtual machine to disable encryption. If the Name parameter is not specified, an extension with the default name &quot;AzureDiskEncryption for Windows VMs&quot; is created. Caution: This cmdlet reboots the virtual machine.</maml:para>
+		<maml:para>The Disable-AzureRmVMDiskEncryption cmdlet disables encryption on an infrastructure as a service (IaaS) virtual machine. This cmdlet installs an extension on the virtual machine to disable encryption. If the Name parameter is not specified, extension with the name &quot;AzureDiskEncryption/AzureDiskEncryptionForLinux&quot; (depending on the OS) is used. Caution: This cmdlet reboots the virtual machine.</maml:para>
 	</maml:description>
 	<command:syntax>
 		<command:syntaxItem>
@@ -5438,7 +5438,8 @@ PS C:\&gt; Disable-AzureRMVMDiskEncryption -ResourceGroupName &quot;Group002&quo
 		<dev:version />
 	</command:details>
 	<maml:description>
-		<maml:para>The Get-AzureRmVMDiskEncryptionStatus cmdlet gets the encryption status of the virtual machine. It displays the encryption status of the operating system and data volumes. In addition to encryption status, it also displays the encryption secret URL, key encryption key URL, resource IDs of the KeyVaults where the encryption key and key encryption key for operating system volume are present.</maml:para>
+		<maml:para>The Get-AzureRmVMDiskEncryptionStatus cmdlet gets the encryption status of the virtual machine. It displays the encryption status of the operating system and data volumes. In addition to encryption status, it also displays the encryption secret URL, key encryption key URL, resource IDs of the KeyVaults where the encryption key and key encryption key for operating system volume are present. </maml:para>
+		<maml:para>The OS disk encryption status reporting is not supported for Linux VMs in the preview release. Currently it is reported as &quot;Unknown&quot;.</maml:para>
 	</maml:description>
 	<command:syntax>
 		<command:syntaxItem>