Upload scripts to find ADE version (#13329)

Author: Jyotsna-Anand

src/Compute/Compute/Extension/AzureDiskEncryption/Scripts/Find_1passAdeVersion_VM.ps1

@@ -0,0 +1,96 @@
+<#
+READ ME:
+This script finds Windows and Linux Virtual Machines encrypted with single pass ADE in all resource groups present in a subscription. 
+INPUT: 
+Enter the subscription ID of the subscription. DO NOT remove hyphens. Example: 759532d8-9991-4d04-878f-xxxxxxxxxxxx
+OUTPUT: 
+A .csv file with file name "<SubscriptionId>_AdeVMInfo.csv" is created in the same working directory.
+Note: If the ADE_Version field = "Not Available" in the output, it means that the VM is encrypted but the extension version couldn't be found. Please check the version manually for these VMs.
+#>
+
+$ErrorActionPreference = "Continue"
+$SubscriptionId = Read-Host("Enter Subscription ID")
+$setSubscriptionContext = Set-AzContext -SubscriptionId $SubscriptionId
+
+if($setSubscriptionContext -ne $null)
+{
+    $getAllVMInSubscription = Get-AzVM
+    $outputContent = @()
+
+    foreach ($vmobject in $getAllVMInSubscription)
+    {
+        $vm_OS = ""
+        if ($vmobject.OSProfile.WindowsConfiguration -eq $null) 
+        { 
+            $vm_OS = "Linux" 
+        }
+        else 
+        {
+            $vm_OS = "Windows" 
+        }
+    
+        $vmInstanceView = Get-AzVM -ResourceGroupName $vmobject.ResourceGroupName -Name $vmobject.Name -Status    
+
+        $isVMADEEncrypted = $false
+        $isStoppedVM = $false
+        $adeVersion = ""
+
+        #Find ADE extension version if ADE extension is installed                 
+        $vmExtensions = $vmInstanceView.Extensions
+        foreach ($extension in $vmExtensions)
+        {
+            if ($extension.Name -like "azurediskencryption*")
+            {
+                $adeVersion = $extension.TypeHandlerVersion
+                $isVMADEEncrypted = $true
+                break;            
+            }            
+        }
+
+        #Look for encryption settings on disks. This applies to VMs that are in deallocated state
+        #Extension version information is unavailable for stopped VMs
+        if ($isVMADEEncrypted -eq $false)
+        {
+            $disks = $vmInstanceView.Disks
+            foreach ($diskObject in $disks)
+            {
+                if ($diskObject.EncryptionSettings -ne $null)
+                {
+                    $isStoppedEncryptedVM = $true
+                    break;
+                }
+            }
+        }        
+
+        if ($isVMADEEncrypted)
+        {        
+            #Prepare output content for single pass VMs            
+            if ((($vm_OS -eq "Windows") -and ($adeVersion -like "2.*")) -or (($vm_OS -eq "Linux") -and ($adeVersion -like "1.*")))
+            {            
+                $results = @{
+                VMName = $vmobject.Name
+                ResourceGroupName = $vmobject.ResourceGroupName
+                VM_OS = $vm_OS
+                ADE_Version = $adeVersion                        
+                }
+                $outputContent += New-Object PSObject -Property $results
+                Write-Host "Added details for encrypted VM " $vmobject.Name
+            }               
+        }
+        elseif ($isStoppedEncryptedVM)
+        {
+            $results = @{
+                VMName = $vmobject.Name
+                ResourceGroupName = $vmobject.ResourceGroupName
+                VM_OS = $vm_OS
+                ADE_Version = "Not Available"                        
+                }
+                $outputContent += New-Object PSObject -Property $results
+                Write-Host "Added details for encrypted VM. ADE version = Not available " $vmobject.Name
+        }                      
+   }
+
+    #Write to output file
+    $filePath = ".\" + $SubscriptionId + "_AdeVMInfo.csv"
+    $outputContent | export-csv -Path $filePath -NoTypeInformation
+}

src/Compute/Compute/Extension/AzureDiskEncryption/Scripts/Find_1passAdeVersion_VMSS.ps1

@@ -0,0 +1,92 @@
+<# 
+READ ME:
+This script finds Windows and Linux Virtual Machine Scale Sets encrypted with single pass ADE in all resource groups present in a subscription. 
+INPUT: 
+Enter the subscription ID of the subscription. DO NOT remove hyphens. Example: 759532d8-9991-4d04-878f-xxxxxxxxxxxx
+OUTPUT: 
+A .csv file with file name "<SubscriptionId>__AdeVMSSInfo.csv" is created in the same working directory. 
+Note: If the ADE_Version field = "Not Available" in the output, it means that the VM is encrypted but the extension version couldn't be found. Please check the version manually for these VMSS.
+#>
+
+$ErrorActionPreference = "Continue"
+$SubscriptionId = Read-Host("Enter Subscription ID")
+$setSubscriptionContext = Set-AzContext -SubscriptionId $SubscriptionId
+
+if($setSubscriptionContext -ne $null)
+{
+    $getAllVMSSInSubscription = Get-AzVmss
+    $outputContent = @()
+
+    foreach ($vmssobject in $getAllVMSSInSubscription)
+    {
+        $vmssModel = Get-AzVmss -ResourceGroupName $vmssobject.ResourceGroupName -VMScaleSetName $vmssobject.Name
+        if ($vmssModel.VirtualMachineProfile.OsProfile.WindowsConfiguration -eq $null) 
+        { 
+            $vmss_OS = "Linux" 
+        }
+        else 
+        {
+            $vmss_OS = "Windows" 
+        }
+
+        $isVMSSADEEncrypted = $false
+        $adeVersion = ""
+
+        #find if VMSS has ADE extension installed        
+        $vmssExtensions = $vmssObject.VirtualMachineProfile.ExtensionProfile.Extensions
+        foreach ($extension in $vmssExtensions)
+        {
+            if ($extension.Type -like "azurediskencryption*")
+            {
+                $isVMSSADEEncrypted = $true
+                break;            
+            }            
+        }
+
+        #find ADE extension version if VMSS has ADE installed. 
+        if ($isVMSSADEEncrypted)
+        {
+            $vmssInstanceView = Get-AzVmssVM -ResourceGroupName $vmssobject.ResourceGroupName -VMScaleSetName $vmssobject.Name -InstanceView
+            $vmssInstanceId = $vmssInstanceView[0].InstanceId
+            $vmssVMInstanceView = Get-AzVmssVM -ResourceGroupName $vmssobject.ResourceGroupName -VMScaleSetName $vmssobject.Name -InstanceView -InstanceId $vmssInstanceId
+
+            $vmssExtensions = $vmssVMInstanceView.Extensions
+            foreach ($extension in $vmssExtensions)
+            {
+                if ($extension.Type -like "Microsoft.Azure.Security.Azurediskencryption*")
+                {
+                    $adeVersion = $extension.TypeHandlerVersion
+                    break;            
+                }            
+            }
+
+            #Prepare output content for single pass VMSS            
+            if ((($vmss_OS -eq "Windows") -and ($adeVersion -like "2.*")) -or (($vmss_OS -eq "Linux") -and ($adeVersion -like "1.*")))
+            {            
+                $results = @{
+                VMSSName = $vmssobject.Name
+                ResourceGroupName = $vmssobject.ResourceGroupName
+                VMSS_OS = $vmss_OS
+                ADE_Version = $adeVersion        
+                }
+                $outputContent += New-Object PSObject -Property $results
+                Write-Host "Added details for encrypted VMSS" $vmssobject.Name
+            }
+            elseif ([string]::IsNullOrEmpty($adeVersion))
+            {
+                $results = @{
+                VMSSName = $vmssobject.Name
+                ResourceGroupName = $vmssobject.ResourceGroupName
+                VMSS_OS = $vmss_OS
+                ADE_Version = "Not Available"        
+                }
+                $outputContent += New-Object PSObject -Property $results
+                Write-Host "Added details for encrypted VMSS. ADE version = Not available" $vmssobject.Name
+            }                         
+        }                      
+    }
+
+    #Write to output file
+    $filePath = ".\" + $SubscriptionId + "_AdeVMSSInfo.csv"
+    $outputContent | export-csv -Path $filePath -NoTypeInformation
+}