Merge pull request #5764 from ejarvi/vmssddstatus

Update Get-AzureRmVmssDiskEncryptionStatus cmdlets

Author: cormacpayne

src/ResourceManager/Compute/ChangeLog.md

@@ -18,6 +18,8 @@
         - Additional information about change #1
 -->
 ## Current Release
+* `Get-AzureRmVmssDiskEncryptionStatus` supports encryption status at data disk level
+* `Get-AzureRmVmssVmDiskEncryptionStatus` supports encryption status at data disk level
 * Update for Zone Resilient
 * `New-AzureRmVm` and `New-AzureRmVmss` (simple parameter set) support availability zones.
 * Updated to the latest version of the Azure ClientRuntime

src/ResourceManager/Compute/Commands.Compute.Test/ScenarioTests/VirtualMachineScaleSetExtensionTests.ps1

@@ -39,7 +39,7 @@ public class GetAzureVmssDiskEncryptionStatusCommand : VirtualMachineScaleSetExt
            Mandatory = false,
            Position = 0,
            ValueFromPipelineByPropertyName = true,
-           HelpMessage = "Resource group name of the virtual machine scale set")]
+           HelpMessage = "Resource group name of the virtual machine scale set.")]
         [ResourceGroupCompleter()]
         [ValidateNotNullOrEmpty]
         public string ResourceGroupName { get; set; }
@@ -57,7 +57,7 @@ public class GetAzureVmssDiskEncryptionStatusCommand : VirtualMachineScaleSetExt
            Mandatory = false,
            Position = 2,
            ValueFromPipelineByPropertyName = true,
-           HelpMessage = "The extension name. If this parameter is not specified, default values used are AzureDiskEncryption for windows VMs and AzureDiskEncryptionForLinux for Linux VMs")]
+           HelpMessage = "The extension name. If this parameter is not specified, defaults to AzureDiskEncryption for Windows and AzureDiskEncryptionForLinux for Linux.")]
         [ValidateNotNullOrEmpty]
         public string ExtensionName { get; set; }
 
@@ -132,8 +132,8 @@ private PSVmssDiskEncryptionStatusContext GetVmssDiskStatus(string rgName, strin
                 return psResult;
             }
 
+            // retrieve installation status of the extension 
             SetOSType(vmssResult.VirtualMachineProfile);
-
             try
             {
                 if (string.IsNullOrWhiteSpace(this.ExtensionName))
@@ -155,25 +155,19 @@ private PSVmssDiskEncryptionStatusContext GetVmssDiskStatus(string rgName, strin
             {
                 return psResult;
             }
-
             psResult.EncryptionExtensionInstalled = true;
 
+            // retrieve public configuration settings for the extension
             psResult.EncryptionSettings = JsonConvert.DeserializeObject<AzureVmssDiskEncryptionExtensionPublicSettings>(
                 ext.Settings.ToString());
 
-            if (psResult.EncryptionSettings.EncryptionOperation.Equals(AzureDiskEncryptionExtensionConstants.enableEncryptionOperation, StringComparison.OrdinalIgnoreCase))
-            {
-                psResult.EncryptionEnabled = true;
-            }
-
+            // retrieve any status summary for the extension 
             var vmssInstanceView = this.VirtualMachineScaleSetClient.GetInstanceView(rgName, vmssName);
-
             if (vmssInstanceView.Extensions == null
                 || vmssInstanceView.Extensions.Count == 0)
             {
                 return psResult;
             }
-
             try
             {
                 extSummary = vmssInstanceView.Extensions.First(e => e.Name.Equals(this.ExtensionName));
@@ -182,9 +176,45 @@ private PSVmssDiskEncryptionStatusContext GetVmssDiskStatus(string rgName, strin
             {
                 return psResult;
             }
-
             psResult.EncryptionSummary = extSummary.StatusesSummary;
 
+            // check if encryption is enabled on any disk in the scale set 
+            // stop evaluation at the first occurrence of an encrypted disk 
+            var page = this.VirtualMachineScaleSetVMsClient.List(rgName, vmssName);
+            while (!psResult.EncryptionEnabled && page!=null)
+            { 
+                foreach (var pageItem in page)
+                {
+                    if (psResult.EncryptionEnabled) break;
+                    VirtualMachineScaleSetVMInstanceView vmiv = this.VirtualMachineScaleSetVMsClient.GetInstanceView(rgName, vmssName, pageItem.InstanceId);
+                    if (vmiv != null && vmiv.Disks != null)
+                    {
+                        foreach (DiskInstanceView div in vmiv.Disks)
+                        {
+                            List<InstanceViewStatus> perDiskEncryptionStatuses = new List<InstanceViewStatus>();
+                            bool isEncrypted = false;
+                            foreach (InstanceViewStatus ivs in div.Statuses)
+                            {
+                                if (ivs != null && ivs.Code != null && ivs.Code.StartsWith("EncryptionState"))
+                                {
+                                    if (!psResult.EncryptionEnabled)
+                                    {
+                                        isEncrypted = ivs.Code.Equals("EncryptionState/encrypted");
+                                    }
+                                }
+                            }
+                            if (isEncrypted)
+                            {
+                                psResult.EncryptionEnabled = true;
+                                break;
+                            }
+                        }
+                    }
+                }
+                // advance to the next page as needed
+                page = (page.NextPageLink != null) ? VirtualMachineScaleSetVMsClient.ListNext(page.NextPageLink) : null;
+            }
+
             return psResult;
         }
     }

src/ResourceManager/Compute/Commands.Compute.Test/SessionRecords/Microsoft.Azure.Commands.Compute.Test.ScenarioTests.VirtualMachineScaleSetExtensionTests/TestDisableVirtualMachineScaleSetDiskEncryption.json

@@ -128,24 +128,23 @@ private PSVmssVMDiskEncryptionStatusContext GetDiskStatus(string rgName, string
                 psResult.Disks.Add(disk);
             }
 
-            try
-            {
-                psResult.Extension = vmssVMInstanceView.Extensions.First(e => e.Name.Equals(this.ExtensionName));
-            }
-            catch (InvalidOperationException)
-            {
-                psResult.DiskEncryptionStatus = string.Format("The Extension, {0}, is not installed.", this.ExtensionName);
-            }
+            psResult.Extension = null;
+            psResult.DiskEncryptionStatus = string.Format("The Extension, {0}, is not installed.", this.ExtensionName);
 
-            if (psResult.Extension != null
-            && psResult.Extension.Statuses != null
-            && psResult.Extension.Statuses.Count > 0)
+            // replace defaults with extension and status data for the instance if found 
+            if (vmssVMInstanceView != null && vmssVMInstanceView.Extensions != null)
             {
-                psResult.DiskEncryptionStatus = psResult.Extension.Statuses[0].DisplayStatus;
+                psResult.Extension = vmssVMInstanceView.Extensions.DefaultIfEmpty(null).FirstOrDefault(e => e.Name.Equals(this.ExtensionName));
+                if (psResult.Extension != null
+                    && psResult.Extension.Statuses != null
+                    && psResult.Extension.Statuses.Count > 0)
+                {
+                    psResult.DiskEncryptionStatus = psResult.Extension.Statuses[0].DisplayStatus;
+                }
             }
 
             psResult.OsVolumeEncrypted = GetOsDiskEncryptionStatus(psResult.Disks, vmssVM.StorageProfile);
-            psResult.DataVolumesEncrypted = GetDataDiskEncryptionStatus(rgName, vmssName, psResult.DiskEncryptionStatus, vmssVM.StorageProfile);
+            psResult.DataVolumesEncrypted = GetDataDiskEncryptionStatus(psResult.Disks, vmssVM.StorageProfile);
 
             return psResult;
         }
@@ -178,44 +177,34 @@ private EncryptionStatus GetOsDiskEncryptionStatus(List<DiskInstanceView> disks,
                 : ConvertToEncryptionStatus(status.Code.Replace(AzureVmssDiskEncryptionExtensionContext.EncryptionStateString, ""));
         }
 
-        private EncryptionStatus GetDataDiskEncryptionStatus(string rgName, string vmssName, string encryptionStatus, StorageProfile storage)
+        private EncryptionStatus GetDataDiskEncryptionStatus(List<DiskInstanceView> disks, StorageProfile storage)
         {
             if (storage == null || storage.DataDisks == null || storage.DataDisks.Count == 0)
             {
                 return EncryptionStatus.NotMounted;
             }
 
-            // Data disk does not have disk encryption extension setting.
-
-            var vmssResult = this.VirtualMachineScaleSetClient.Get(rgName, vmssName);
-            if (vmssResult.VirtualMachineProfile == null
-                || vmssResult.VirtualMachineProfile.ExtensionProfile == null
-                || vmssResult.VirtualMachineProfile.ExtensionProfile.Extensions == null
-                || vmssResult.VirtualMachineProfile.ExtensionProfile.Extensions.Count == 0)
-            {
-                return EncryptionStatus.NotEncrypted;
-            }
-
             try
             {
-                VirtualMachineScaleSetExtension ext = vmssResult.VirtualMachineProfile.ExtensionProfile.Extensions.First(
-                         e => e.Type.Equals(this.ExtensionName));
-
-                AzureVmssDiskEncryptionExtensionPublicSettings encryptionSettings = JsonConvert.DeserializeObject<AzureVmssDiskEncryptionExtensionPublicSettings>(
-                ext.Settings.ToString());
-                if (encryptionSettings.VolumeType.Equals(AzureVmssDiskEncryptionExtensionContext.VolumeTypeAll, StringComparison.OrdinalIgnoreCase)
-                    || encryptionSettings.VolumeType.Equals(AzureVmssDiskEncryptionExtensionContext.VolumeTypeData, StringComparison.OrdinalIgnoreCase))
+                InstanceViewStatus status = null;
+                try
                 {
-                    if (encryptionSettings.EncryptionOperation.Equals(AzureDiskEncryptionExtensionConstants.enableEncryptionOperation, StringComparison.OrdinalIgnoreCase))
+                    var disk = disks.First(e => e.Name.Equals(storage.DataDisks[0].Name));
+
+                    if (disk == null)
                     {
-                        return !string.IsNullOrEmpty(encryptionStatus) &&
-                            encryptionStatus.EndsWith(AzureVmssDiskEncryptionExtensionContext.StatusSucceeded, StringComparison.OrdinalIgnoreCase)
-                            ? EncryptionStatus.Encrypted
-                            : EncryptionStatus.Unknown;
+                        return EncryptionStatus.Unknown;
                     }
+                    status = disk.Statuses.First(s => s.Code.Contains(AzureVmssDiskEncryptionExtensionContext.EncryptionStateString));
+                }
+                catch (InvalidOperationException)
+                {
+                    return EncryptionStatus.NotEncrypted;
                 }
 
-                return EncryptionStatus.NotEncrypted;
+                return (status == null)
+                    ? EncryptionStatus.NotEncrypted
+                    : ConvertToEncryptionStatus(status.Code.Replace(AzureVmssDiskEncryptionExtensionContext.EncryptionStateString, ""));
             }
             catch (InvalidOperationException)
             {

src/ResourceManager/Compute/Commands.Compute.Test/SessionRecords/Microsoft.Azure.Commands.Compute.Test.ScenarioTests.VirtualMachineScaleSetExtensionTests/TestDisableVirtualMachineScaleSetDiskEncryption2.json

@@ -24,6 +24,7 @@ class PSVmssDiskEncryptionStatusContext
         public string VmScaleSetName { get; set; }
         public AzureVmssDiskEncryptionExtensionPublicSettings EncryptionSettings { get; set; }
         public IList<VirtualMachineStatusCodeCount> EncryptionSummary { get; set; }
+        // EncryptionEnabled is true when any disk reports an encrypted status
         public bool EncryptionEnabled { get; set; }
         public bool EncryptionExtensionInstalled { get; set; }
     }