Merge pull request #50 from hyonholee/de

Update Set-AzureRmOsDisk cmdlet for Disk Encryption

Author: AzureRT

src/ResourceManager/Compute/Commands.Compute.Test/Commands.Compute.Test.csproj

@@ -67,8 +67,8 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Compute, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.9.0.0\lib\net40\Microsoft.Azure.Management.Compute.dll</HintPath>
-      <Private>True</Private>
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.9.1.0\lib\net40\Microsoft.Azure.Management.Compute.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Network, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>

src/ResourceManager/Compute/Commands.Compute.Test/ScenarioTests/ComputeTestCommon.ps1

@@ -398,27 +398,29 @@ function Get-SasUri
 # Get a Location according to resource provider.
 function Get-ResourceProviderLocation
 {
-	if ([Microsoft.Azure.Test.HttpRecorder.HttpMockServer]::Mode -ne [Microsoft.Azure.Test.HttpRecorder.HttpRecorderMode]::Playback)
-	{
-			$namespace = $provider.Split("/")[0]  
-		if($provider.Contains("/"))  
-		{  
-			$type = $provider.Substring($namespace.Length + 1)  
-			$location = Get-AzureRmResourceProvider -ProviderNamespace $namespace | where {$_.ResourceTypes[0].ResourceTypeName -eq $type}  
+    param ([string] $provider)
+    if ([Microsoft.Azure.Test.HttpRecorder.HttpMockServer]::Mode -ne [Microsoft.Azure.Test.HttpRecorder.HttpRecorderMode]::Playback)
+    {
+        $namespace = $provider.Split("/")[0]
+        if($provider.Contains("/"))
+        {
+            $type = $provider.Substring($namespace.Length + 1)
+            $location = Get-AzureRmResourceProvider -ProviderNamespace $namespace | where {$_.ResourceTypes[0].ResourceTypeName -eq $type}
 
-			if ($location -eq $null) 
-			{  
-				return "West US"  
-			} else 
-			{  
-				return $location.Locations[0]  
-			}  
-		}
+            if ($location -eq $null)
+            {
+                return "West US"
+            }
+            else
+            {
+                return $location.Locations[0]
+            }
+        }
 
-		return "West US"
-	}
+        return "West US"
+    }
 
-	return "WestUS"
+    return "WestUS"
 }
 
 function Get-ComputeVMLocation

src/ResourceManager/Compute/Commands.Compute.Test/ScenarioTests/VirtualMachineProfileTests.ps1

@@ -244,13 +244,22 @@ function Test-VirtualMachineProfileWithoutAUC
     $dataDiskVhdUri2 = "https://$stoname.blob.core.windows.net/test/data2.vhd";
     $dataDiskVhdUri3 = "https://$stoname.blob.core.windows.net/test/data3.vhd";
 
-    $p = Set-AzureRmVMOSDisk -VM $p -Name $osDiskName -VhdUri $osDiskVhdUri -Caching $osDiskCaching -CreateOption Empty;
+    $dekUri = "https://testvault123.vault.azure.net/secrets/Test1/514ceb769c984379a7e0230bddaaaaaa";
+    $dekId =  "/subscriptions/" + $subid + "/resourceGroups/RgTest1/providers/Microsoft.KeyVault/vaults/TestVault123";
+    $kekUri = "http://keyVaultName.vault.azure.net/secrets/secretName/secretVersion";
+    $kekId = "/subscriptions/" + $subid + "/resourceGroups/RgTest1/providers/Microsoft.KeyVault/vaults/TestVault123";
+
+    $p = Set-AzureRmVMOSDisk -VM $p -Windows -Name $osDiskName -VhdUri $osDiskVhdUri -Caching $osDiskCaching -CreateOption Empty -DiskEncryptionKeyUrl $dekUri -DiskEncryptionKeyVaultId $dekId -KeyEncryptionKeyUrl $kekUri -KeyEncryptionKeyVaultId $kekId;
 
     $p = Add-AzureRmVMDataDisk -VM $p -Name 'testDataDisk1' -Caching 'ReadOnly' -DiskSizeInGB 10 -Lun 0 -VhdUri $dataDiskVhdUri1 -CreateOption Empty;
     $p = Add-AzureRmVMDataDisk -VM $p -Name 'testDataDisk2' -Caching 'ReadOnly' -DiskSizeInGB 11 -Lun 1 -VhdUri $dataDiskVhdUri2 -CreateOption Empty;
     $p = Add-AzureRmVMDataDisk -VM $p -Name 'testDataDisk3' -Caching 'ReadOnly' -DiskSizeInGB 12 -Lun 2 -VhdUri $dataDiskVhdUri3 -CreateOption Empty;
     $p = Remove-AzureRmVMDataDisk -VM $p -Name 'testDataDisk3';
 
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.DiskEncryptionKey.SourceVault.ReferenceUri $dekId
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.DiskEncryptionKey.SecretUrl $dekUri
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.KeyEncryptionKey.SourceVault.ReferenceUri $kekId
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.KeyEncryptionKey.KeyUrl $kekUri
     Assert-AreEqual $p.StorageProfile.OSDisk.Caching $osDiskCaching;
     Assert-AreEqual $p.StorageProfile.OSDisk.Name $osDiskName;
     Assert-AreEqual $p.StorageProfile.OSDisk.VirtualHardDisk.Uri $osDiskVhdUri;

src/ResourceManager/Compute/Commands.Compute.Test/packages.config

@@ -7,7 +7,7 @@
   <package id="Microsoft.Azure.Gallery" version="2.6.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Graph.RBAC" version="1.7.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Compute" version="9.0.0" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Compute" version="9.1.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Network" version="2.0.13-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.18.7-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Storage" version="2.4.0-preview" targetFramework="net45" />

src/ResourceManager/Compute/Commands.Compute/Commands.Compute.csproj

@@ -81,8 +81,8 @@
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Compute, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.9.0.0\lib\net40\Microsoft.Azure.Management.Compute.dll</HintPath>
-      <Private>True</Private>
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.9.1.0\lib\net40\Microsoft.Azure.Management.Compute.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Network, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>

src/ResourceManager/Compute/Commands.Compute/Common/ConstantStringTypes.cs

@@ -28,6 +28,10 @@ public static class HelpMessages
         public const string VMOSDiskCaching = "The virtual machine OS disk's caching.";
         public const string VMOSDiskWindowsOSType = "The virtual machine disk's OS is Windows.";
         public const string VMOSDiskLinuxOSType = "The virtual machine disk's OS is Linux.";
+        public const string VMOSDiskDiskEncryptionKeyUrl = "the URL referencing a secret in a disk encryption key vault";
+        public const string VMOSDiskDiskEncryptionKeyVaultId = "the Id of a disk encryption key vault";
+        public const string VMOSDiskKeyEncryptionKeyUrl = "the URL referencing a key in a key encryption key vault";
+        public const string VMOSDiskKeyEncryptionKeyVaultId = "the Id of a key encryption key Vault";
         public const string VMSourceImageUri = "The virtual machine OS disk's source image Uri.";
 
         public const string VMDataDiskName = "The virtual machine data disk's name.";

src/ResourceManager/Compute/Commands.Compute/Properties/Resources.Designer.cs

@@ -452,4 +452,7 @@ The file needs to be a PowerShell script (.ps1 or .psm1) or a ZIP archive (.zip)
     <value>Since the VM is created using premium storage, existing standard storage account, {0}, is used for boot diagnostics.</value>
     <comment>{0} = existing standard storage account name</comment>
   </data>
+  <data name="VMOSDiskDiskEncryptionBothKekVaultIdAndKekUrlRequired" xml:space="preserve">
+    <value>You have to specify either both of KeyEncryptionKeyVaultId and KeyEncryptionKeyUrl or none of them.</value>
+  </data>
 </root>

src/ResourceManager/Compute/Commands.Compute/Properties/Resources.resx

@@ -25,13 +25,16 @@ namespace Microsoft.Azure.Commands.Compute
     [Cmdlet(
         VerbsCommon.Set,
         ProfileNouns.OSDisk,
-        DefaultParameterSetName = WindowsParamSet),
+        DefaultParameterSetName = DefaultParamSet),
     OutputType(
         typeof(PSVirtualMachine))]
     public class SetAzureVMOSDiskCommand : Microsoft.Azure.Commands.ResourceManager.Common.AzureRMCmdlet
     {
+        protected const string DefaultParamSet = "DefaultParamSet";
         protected const string WindowsParamSet = "WindowsParamSet";
         protected const string LinuxParamSet = "LinuxParamSet";
+        protected const string WindowsAndDiskEncryptionParameterSet = "WindowsDiskEncryptionParameterSet";
+        protected const string LinuxAndDiskEncryptionParameterSet = "LinuxDiskEncryptionParameterSet";
 
         [Alias("VMProfile")]
         [Parameter(
@@ -90,22 +93,96 @@ public class SetAzureVMOSDiskCommand : Microsoft.Azure.Commands.ResourceManager.
             Position = 6,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = HelpMessages.VMOSDiskWindowsOSType)]
+        [Parameter(
+            ParameterSetName = WindowsAndDiskEncryptionParameterSet,
+            Position = 6,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskWindowsOSType)]
         public SwitchParameter Windows { get; set; }
 
         [Parameter(
             ParameterSetName = LinuxParamSet,
             Position = 6,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        [Parameter(
+            ParameterSetName = LinuxAndDiskEncryptionParameterSet,
+            Position = 6,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
         public SwitchParameter Linux { get; set; }
 
+        [Parameter(
+            ParameterSetName = WindowsAndDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 7,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskDiskEncryptionKeyUrl)]
+        [Parameter(
+            ParameterSetName = LinuxAndDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 7,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskDiskEncryptionKeyUrl)]
+        public string DiskEncryptionKeyUrl { get; set; }
+
+        [Parameter(
+            ParameterSetName = WindowsAndDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 8,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskDiskEncryptionKeyVaultId)]
+        [Parameter(
+            ParameterSetName = LinuxAndDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 8,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskDiskEncryptionKeyVaultId)]
+        public string DiskEncryptionKeyVaultId { get; set; }
+
+        [Parameter(
+            ParameterSetName = WindowsAndDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 9,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskKeyEncryptionKeyUrl)]
+        [Parameter(
+            ParameterSetName = LinuxAndDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 9,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskKeyEncryptionKeyUrl)]
+        public string KeyEncryptionKeyUrl { get; set; }
+
+        [Parameter(
+            ParameterSetName = WindowsAndDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 10,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskKeyEncryptionKeyVaultId)]
+        [Parameter(
+            ParameterSetName = LinuxAndDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 10,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskKeyEncryptionKeyVaultId)]
+        public string KeyEncryptionKeyVaultId { get; set; }
+
         protected override void ProcessRecord()
         {
             if (this.VM.StorageProfile == null)
             {
                 this.VM.StorageProfile = new StorageProfile();
             }
 
+            if ((string.IsNullOrEmpty(this.KeyEncryptionKeyVaultId) && !string.IsNullOrEmpty(this.KeyEncryptionKeyUrl))
+                || (!string.IsNullOrEmpty(this.KeyEncryptionKeyVaultId) && string.IsNullOrEmpty(this.KeyEncryptionKeyUrl)))
+            {
+                WriteError(new ErrorRecord(
+                        new Exception(Properties.Resources.VMOSDiskDiskEncryptionBothKekVaultIdAndKekUrlRequired),
+                        string.Empty, ErrorCategory.InvalidArgument, null));
+            }
+
             this.VM.StorageProfile.OSDisk = new OSDisk
             {
                 Caching = this.Caching,
@@ -119,7 +196,31 @@ protected override void ProcessRecord()
                 {
                     Uri = this.SourceImageUri
                 },
-                CreateOption = this.CreateOption
+                CreateOption = this.CreateOption,
+                EncryptionSettings =
+                (this.ParameterSetName.Equals(WindowsAndDiskEncryptionParameterSet) || this.ParameterSetName.Equals(LinuxAndDiskEncryptionParameterSet))
+                ? new DiskEncryptionSettings
+                {
+                    DiskEncryptionKey = new KeyVaultSecretReference
+                    {
+                        SourceVault = new SourceVaultReference
+                        {
+                            ReferenceUri = this.DiskEncryptionKeyVaultId
+                        },
+                        SecretUrl = this.DiskEncryptionKeyUrl
+                    },
+                    KeyEncryptionKey = (this.KeyEncryptionKeyVaultId == null || this.KeyEncryptionKeyUrl == null)
+                    ? null
+                    : new KeyVaultKeyReference
+                    {
+                        KeyUrl = this.KeyEncryptionKeyUrl,
+                        SourceVault = new SourceVaultReference
+                        {
+                            ReferenceUri = this.KeyEncryptionKeyVaultId
+                        },
+                    }
+                }
+                : null
             };
 
             WriteObject(this.VM);

src/ResourceManager/Compute/Commands.Compute/VirtualMachine/Config/SetAzureVMOSDiskCommand.cs

@@ -9,7 +9,7 @@
   <package id="Microsoft.Azure.Graph.RBAC" version="1.7.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.KeyVault.Core" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Compute" version="9.0.0" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Compute" version="9.1.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Network" version="2.0.13-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.18.7-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Storage" version="2.4.0-preview" targetFramework="net45" />