@@ -921,3 +921,250 @@ function Test-DiskEncryptionSet
921921 $encSet | Remove-AzDiskEncryptionSet - Force;
922922 }
923923}
924+
925+ <#
926+ . SYNOPSIS
927+ Testing the EncryptionType parameter passed to the Config obejct is inherited by an associated DiskEncryptionSet object.
928+ #>
929+ function Test-DiskEncryptionSetConfigEncryptionType
930+ {
931+ # Setup
932+ $loc = ' centraluseuap'
933+ $rgname = ' adamGroupDES7'
934+ $encryptionName = " enc" + $rgname ;
935+
936+ $vaultName1 = ' kv15' + $rgname ;
937+ $vaultName2 = ' kv16' + $rgname ;
938+
939+ try
940+ {
941+ <#
942+ #
943+ # Note: In order to record this test, you need to run the following commands to create KeyValut key and KeyVault secret in a separate Powershell window.
944+ #
945+ Note: In order to record this test, you need to run the following commands to create KeyValut key and KeyVault secret in a separate Powershell window.
946+ $vaultName1 = 'kv15' + $rgname ;
947+ $kekName1 = 'kek15' + $rgname;
948+ $secretname1 = 'mysecret15';
949+ $secretdata1 = 'mysecretvalue15';
950+ $securestring1 = ConvertTo-SecureString $secretdata1 -Force -AsPlainText;
951+
952+ $vaultName2 = 'kv16' + $rgname;
953+ $kekName2 = 'kek15' + $rgname; #not a typo
954+ $secretname2 = 'mysecret16';
955+ $secretdata2 = 'mysecretvalue16';
956+ $securestring2 = ConvertTo-SecureString $secretdata1 -Force -AsPlainText;
957+
958+ New-AzResourceGroup -Name $rgname -Location $loc -Force;
959+ $vault1 = New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgname -Location $loc -Sku Standard;
960+ $vault2 = New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgname -Location $loc -Sku Standard;
961+ $mocksourcevault1 = $vault1.ResourceId;
962+ $mocksourcevault2 = $vault2.ResourceId;
963+ $userPrincipalName = (Get-AzContext).Account.Id;
964+ Set-AzKeyVaultAccessPolicy -VaultName $vaultName1 -ResourceGroupName $rgname -EnabledForDiskEncryption;
965+ Set-AzKeyVaultAccessPolicy -VaultName $vaultName2 -ResourceGroupName $rgname -EnabledForDiskEncryption;
966+ $kek1 = Add-AzKeyVaultKey -VaultName $vaultName1 -Name $kekName1 -Destination "Software";
967+ $kek2 = Add-AzKeyVaultKey -VaultName $vaultName2 -Name $kekName2 -Destination "Software";
968+ $secret1 = Set-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretname1 -SecretValue $securestring1;
969+ $secret2 = Set-AzKeyVaultSecret -VaultName $vaultName2 -Name $secretname2 -SecretValue $securestring2;
970+ $mockkey1 = $kek1.Id
971+ $mockkey2 = $kek2.Id
972+ #>
973+
974+ $mockkey1 = " https://kv15adamgroupdes7.vault.azure.net/keys/kek15adamGroupDES7/74332f302a0e48999415f6f9bbf7430c"
975+ $mockkey2 = " https://kv16adamgroupdes7.vault.azure.net/keys/kek15adamGroupDES7/84412eaa63f344bf8a1b15612f2b36cb"
976+ $subId = Get-SubscriptionIdFromResourceGroup $rgname ;
977+ $mocksourcevault1 = ' /subscriptions/' + $subId + ' /resourceGroups/' + $rgname + ' /providers/Microsoft.KeyVault/vaults/' + $vaultName1 ;
978+ $mocksourcevault2 = ' /subscriptions/' + $subId + ' /resourceGroups/' + $rgname + ' /providers/Microsoft.KeyVault/vaults/' + $vaultName2 ;
979+
980+ $encryptionType = " EncryptionAtRestWithPlatformAndCustomerKeys"
981+
982+ $encSetConfig = New-AzDiskEncryptionSetConfig - Location $loc - EncryptionType $encryptionType ;
983+
984+ $encSetConfigValues = New-AzDiskEncryptionSetConfig - Location $loc - KeyUrl $mockkey1 - SourceVaultId $mocksourcevault1 - EncryptionType $encryptionType - IdentityType " SystemAssigned" `
985+
986+ $encSet = New-AzDiskEncryptionSet - ResourceGroupName $rgname - Name $encryptionName - DiskEncryptionSet $encSetConfigValues ;
987+
988+ Assert-NotNull $encSetConfig ;
989+ Assert-AreEqual $encSetConfig.EncryptionType $encryptionType ;
990+
991+ Assert-NotNull $encSet ;
992+ Assert-AreEqual $encryptionType $encSet.EncryptionType ;
993+
994+ # Test default EncryptionType value
995+ $encSetConfigDefault = New-AzDiskEncryptionSetConfig - Location $loc - KeyUrl $mockkey2 - SourceVaultId $mocksourcevault2 - IdentityType " SystemAssigned"
996+ Assert-NotNull $encSetConfigDefault ;
997+ Assert-AreEqual $encSetDefaultConfig.EncryptionType $null ;
998+
999+ $encryptionNameDefault = $encryptionName + " Default"
1000+ $encryptionTypeDefault = " EncryptionAtRestWithCustomerKey"
1001+
1002+ $encSetDefault = New-AzDiskEncryptionSet - ResourceGroupName $rgname - Name $encryptionNameDefault - DiskEncryptionSet $encSetConfigDefault ;
1003+ Assert-NotNull $encSetDefault ;
1004+ Assert-AreEqual $encSetDefault.EncryptionType $encryptionTypeDefault ;
1005+
1006+ }
1007+ finally
1008+ {
1009+ # Cleanup
1010+ $encSet | Remove-AzDiskEncryptionSet - Force;
1011+ $encSetDefault | Remove-AzDiskEncryptionSet - Force;
1012+ }
1013+ }
1014+
1015+ <#
1016+ . SYNOPSIS
1017+ Testing diskAssess object
1018+ #>
1019+ function Test-DiskAccessObject
1020+ {
1021+ $rgname = Get-ComputeTestResourceName ;
1022+ $rgname2 = $rgname + ' 2'
1023+ $diskname1Rg1 = ' diskaccess1' + $rgname ;
1024+ $diskName2Rg1 = ' diskAccess2' + $rgname ;
1025+ $diskName3Rg2 = ' diskAccess1' + $rgname2 ;
1026+
1027+ try
1028+ {
1029+ # Common
1030+ $loc = " northcentralus"
1031+ New-AzResourceGroup - Name $rgname - Location $loc - Force;
1032+ New-AzResourceGroup - Name $rgname2 - Location $loc - Force;
1033+
1034+ # Create DiskAccess1 in ResourceGroup1
1035+ New-AzDiskAccess - ResourceGroupName $rgname - Name $diskname1Rg1 - location $loc
1036+
1037+ # Use Get-AzDiskAccess on DiskAccess1 using Default ParameterSet
1038+ $diskAccess1 = Get-AzDiskAccess - ResourceGroupName $rgname - Name $diskname1Rg1
1039+ # Use Get-AzDiskAccess on DiskAccess1 using resourceId
1040+ $diskAccess1check = Get-AzDiskAccess - resourceId $diskAccess1.id
1041+
1042+ # check if diskAccess1 is good
1043+ Assert-NotNull $diskAccess1
1044+ Assert-AreEqual $diskAccess1.Name $diskname1Rg1
1045+
1046+ # ASSERT check if diskaccess1 and diskaccess1check are same
1047+ Assert-AreEqual $diskAccess1.id $diskAccess1check.id
1048+
1049+ # Create DiskAccess2 in ResourceGroup1
1050+ New-AzDiskAccess - ResourceGroupName $rgname - Name $diskname2Rg1 - location $loc
1051+
1052+ # Use Get-AzDiskAccess by resourceGroupName
1053+ $rg1Result = Get-AzDiskAccess - ResourceGroupName $rgname
1054+
1055+ Assert-AreEqual $rg1Result.count 2
1056+
1057+ # add DiskAccess3 to ResourceGroup2
1058+ New-AzDiskAccess - ResourceGroupName $rgname2 - Name $diskname3Rg2 - location $loc
1059+
1060+ # use get-azdiskaccess with no parameters. count should be >= 3
1061+ $allResult = Get-AzDiskAccess
1062+
1063+ Assert-True {$allResult.Count -gt 2 ;}
1064+
1065+ # remove-AzDiskAccess to DiskAccess1 by resourceId
1066+ Remove-AzDiskAccess - resourceid $diskAccess1.id
1067+
1068+ # Remove-AzDiskAccess to DiskAccess2 by default parameter set
1069+ Remove-AzDiskAccess - ResourceGroupName $rgname - Name $diskname2Rg1
1070+
1071+ # Get-AzDiskAccess by resource group. Count should be 0
1072+ $allResult = Get-AzDiskAccess - ResourceGroupName $rgname
1073+
1074+ Assert-AreEqual $allResult.count 0
1075+
1076+ }
1077+ finally
1078+ {
1079+ # Cleanup
1080+ Clean - ResourceGroup $rgname
1081+ Clean - ResourceGroup $rgname2
1082+ }
1083+ }
1084+
1085+ <#
1086+ . SYNOPSIS
1087+ Testing DiskConfig property NetworkAccessPolicy
1088+ #>
1089+ function Test-DiskConfigDiskAccessNetworkAccess
1090+ {
1091+ # Setup
1092+ $rgname = Get-ComputeTestResourceName ;
1093+ $diskname0 = ' disk0' + $rgname ;
1094+
1095+ try
1096+ {
1097+ # Common
1098+ $loc = Get-ComputeVMLocation ;
1099+ New-AzResourceGroup - Name $rgname - Location $loc - Force;
1100+
1101+ # Testing disk access
1102+ $diskAccess = New-AzDiskAccess - ResourceGroupName $rgname - Name " diskaccessname" - location $loc
1103+ $diskconfig = New-AzDiskConfig - Location $loc - SkuName ' Standard_LRS' - OsType ' Windows' `
1104+ - UploadSizeInBytes 35183298347520 - CreateOption ' Upload' - DiskAccessId $diskAccess.Id ;
1105+ New-AzDisk - ResourceGroupName $rgname - DiskName $diskname0 - Disk $diskconfig ;
1106+ $disk = Get-AzDisk - ResourceGroupName $rgname - DiskName $diskname0 ;
1107+
1108+ Assert-AreEqual $diskAccess.Id $disk.DiskAccessId ;
1109+
1110+ Remove-AzDisk - ResourceGroupName $rgname - DiskName $diskname0 - Force;
1111+
1112+ $diskconfig2 = New-AzDiskConfig - Location $loc - SkuName ' Standard_LRS' - OsType ' Windows' `
1113+ - UploadSizeInBytes 35183298347520 - CreateOption ' Upload' - NetworkAccessPolicy " AllowAll"
1114+ New-AzDisk - ResourceGroupName $rgname - DiskName $diskname0 - Disk $diskconfig2 ;
1115+ $disk2 = Get-AzDisk - ResourceGroupName $rgname - DiskName $diskname0 ;
1116+ Assert-AreEqual " AllowAll" $disk2.NetworkAccessPolicy ;
1117+
1118+ }
1119+ finally
1120+ {
1121+ # Cleanup
1122+ Clean - ResourceGroup $rgname
1123+ }
1124+ }
1125+
1126+ <#
1127+ . SYNOPSIS
1128+ Testing SnapshotConfig property NetworkAccessPolicy
1129+ #>
1130+ function Test-SnapshotConfigDiskAccessNetworkPolicy
1131+ {
1132+ # Setup
1133+ $rgname = Get-ComputeTestResourceName ;
1134+ $snapshotname = ' snapshot' + $rgname ;
1135+
1136+ try
1137+ {
1138+ # Common
1139+ $loc = Get-ComputeVMLocation ;
1140+ New-AzResourceGroup - Name $rgname - Location $loc - Force;
1141+
1142+ # Config and create test
1143+ $diskAccess = New-AzDiskAccess - ResourceGroupName $rgname - Name " diskaccessname" - location $loc
1144+
1145+ $snapshotconfig = New-AzSnapshotConfig - Location $loc - DiskSizeGB 5 - AccountType Standard_LRS - OsType Windows - CreateOption Empty `
1146+ - EncryptionSettingsEnabled $true - HyperVGeneration " V2" - DiskAccessId $diskAccess.Id ;
1147+
1148+ $snapshotconfig.EncryptionSettingsCollection.Enabled = $false ;
1149+ $snapshotconfig.EncryptionSettingsCollection.EncryptionSettings = $null ;
1150+ $snapshotconfig.CreationData.ImageReference = $null ;
1151+ $job = New-AzSnapshot - ResourceGroupName $rgname - SnapshotName $snapshotname - Snapshot $snapshotconfig - AsJob;
1152+ $result = $job | Wait-Job ;
1153+ Assert-AreEqual " Completed" $result.State ;
1154+
1155+ $snapshot = Get-AzSnapshot - ResourceGroupName $rgname
1156+ Assert-AreEqual $diskAccess.Id $snapshot.DiskAccessId
1157+
1158+ # Remove test
1159+ $job = Remove-AzSnapshot - ResourceGroupName $rgname - SnapshotName $snapshotname - Force - AsJob;
1160+ $result = $job | Wait-Job ;
1161+ Assert-AreEqual " Completed" $result.State ;
1162+ $st = $job | Receive-Job ;
1163+ Verify- PSOperationStatusResponse $st ;
1164+ }
1165+ finally
1166+ {
1167+ # Cleanup
1168+ Clean - ResourceGroup $rgname
1169+ }
1170+ }
0 commit comments