Added a fix and test for the removed-extension scenario for the Get-AzureDiskEncryptionStatus cmdlet

src/ResourceManager/Common/Commands.ScenarioTests.ResourceManager.Common/EnvironmentSetupHelper.cs

@@ -602,7 +602,7 @@ public virtual Collection<PSObject> RunPowerShellTest(params string[] scripts)
                 d.Add("Microsoft.Features", null);
                 d.Add("Microsoft.Authorization", null);
                 d.Add("Microsoft.Compute", null);
-                d.Add("Microsoft.Azure.Management.KeyVault", null);
+                d.Add("Microsoft.KeyVault", null);
                 var providersToIgnore = new Dictionary<string, string>();
                 providersToIgnore.Add("Microsoft.Azure.Management.Resources.ResourceManagementClient", "2016-02-01");
                 HttpMockServer.Matcher = new PermissiveRecordMatcherWithApiExclusion(true, d, providersToIgnore);

src/ResourceManager/Compute/Commands.Compute.Test/Commands.Compute.Test.csproj

@@ -71,7 +71,7 @@
     </Reference>
     <Reference Include="Microsoft.Azure.Management.KeyVault, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.KeyVault.2.3.0-preview\lib\net452\Microsoft.Azure.Management.KeyVault.dll</HintPath>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.KeyVault.2.4.1-alpha\lib\net452\Microsoft.Azure.Management.KeyVault.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Storage, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -405,6 +405,8 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Compute.Test.ScenarioTests.VirtualMachineExtensionTests\TestAzureDiskEncryptionExtensionSinglePass.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Compute.Test.ScenarioTests.VirtualMachineExtensionTests\TestAzureDiskEncryptionExtensionSinglePassDisableAndRemove.json" />
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Compute.Test.ScenarioTests.VirtualMachineExtensionTests\TestAzureDiskEncryptionExtensionSinglePassRemove.json" />
     <None Include="Templates\azuredeploy.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Compute/Commands.Compute.Test/Common/ComputeTestController.cs

@@ -24,6 +24,7 @@
 using System.IO;
 using System.Linq;
 using Microsoft.Azure.Management.Network;
+using Microsoft.Azure.Management.KeyVault;
 #if NETSTANDARD
 using Microsoft.Azure.Management.ResourceManager;
 #else
@@ -47,6 +48,8 @@ public sealed class ComputeTestController : RMTestBase
 
         public ComputeManagementClient ComputeManagementClient { get; private set; }
 
+        public KeyVaultManagementClient KeyVaultManagementClient { get; private set; }
+
         public NetworkManagementClient NetworkManagementClient { get; private set; }
 
         public NetworkManagementClientInternal NetworkManagementClientInternal { get; private set; }
@@ -99,6 +102,7 @@ public void RunPsTestWorkflow(
             d.Add("Microsoft.Authorization", null);
             d.Add("Microsoft.Compute", null);
             d.Add("Microsoft.Network", null);
+            d.Add("Microsoft.KeyVault", null);
             d.Add("Microsoft.Storage", null);
 
             var providersToIgnore = new Dictionary<string, string>();
@@ -126,6 +130,7 @@ public void RunPsTestWorkflow(
                     _helper.RMStorageModule,
                     _helper.GetRMModulePath("AzureRM.Compute.psd1"),
                     _helper.GetRMModulePath("AzureRM.Network.psd1"),
+                    _helper.GetRMModulePath("AzureRM.KeyVault.psd1"),
                     "AzureRM.Storage.ps1",
                     "AzureRM.Resources.ps1");
 
@@ -151,6 +156,7 @@ private void SetupManagementClients(MockContext context)
             ComputeManagementClient = GetComputeManagementClient(context);
             NetworkManagementClient = GetNetworkManagementClient(context);
             NetworkManagementClientInternal = GetNetworkManagementClientInternal(context);
+            KeyVaultManagementClient = GetKeyVaultManagementClient(context);
             ResourceManagementClient = GetResourceManagementClient(context);
             InternalResourceManagementClient = GetResourceManagementClientInternal(context);
 
@@ -159,6 +165,7 @@ private void SetupManagementClients(MockContext context)
                 ComputeManagementClient,
                 NetworkManagementClient,
                 NetworkManagementClientInternal,
+                KeyVaultManagementClient,
                 ResourceManagementClient,
                 InternalResourceManagementClient);
         }
@@ -182,6 +189,11 @@ private static StorageManagementClient GetStorageManagementClient(MockContext co
             return context.GetServiceClient<StorageManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
         }
 
+        private static KeyVaultManagementClient GetKeyVaultManagementClient(MockContext context)
+        {
+            return context.GetServiceClient<KeyVaultManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
+        }
+
         private static NetworkManagementClient GetNetworkManagementClient(MockContext context)
         {
             return context.GetServiceClient<NetworkManagementClient>(TestEnvironmentFactory.GetTestEnvironment());

src/ResourceManager/Compute/Commands.Compute.Test/ScenarioTests/ComputeTestCommon.ps1

@@ -242,6 +242,96 @@ function Create-VirtualMachine
     return $vm
 }
 
+# Create a new virtual machine with other necessary resources configured
+function Create-VirtualMachineNoDataDisks
+{
+    Param
+    (
+        [Parameter(Mandatory=$false, Position=0)]
+        [string] $rgname,
+        [Parameter(Mandatory=$false, Position=1)]
+        [string] $vmname,
+        [Parameter(Mandatory=$false, Position=2)]
+        [string] $loc       
+    )
+
+    # initialize parameters if needed
+    if ([string]::IsNullOrEmpty($rgname)) { $rgname = Get-ComputeTestResourceName }
+    if ([string]::IsNullOrEmpty($vmname)) { $vmname = 'vm' + $rgname }
+    if ([string]::IsNullOrEmpty($loc)) { $loc = Get-ComputeVMLocation } 
+
+    # Common
+    $g = New-AzureRmResourceGroup -Name $rgname -Location $loc -Force;
+
+    # VM Profile & Hardware
+    $vmsize = 'Standard_D2S_V3';
+    $p = New-AzureRmVMConfig -VMName $vmname -VMSize $vmsize;
+    Assert-AreEqual $p.HardwareProfile.VmSize $vmsize;
+
+    # NRP
+    $subnet = New-AzureRmVirtualNetworkSubnetConfig -Name ('subnet' + $rgname) -AddressPrefix "10.0.0.0/24";
+    $vnet = New-AzureRmVirtualNetwork -Force -Name ('vnet' + $rgname) -ResourceGroupName $rgname -Location $loc -AddressPrefix "10.0.0.0/16" -Subnet $subnet;
+    $vnet = Get-AzureRmVirtualNetwork -Name ('vnet' + $rgname) -ResourceGroupName $rgname;
+    $subnetId = $vnet.Subnets[0].Id;
+    $pubip = New-AzureRmPublicIpAddress -Force -Name ('pubip' + $rgname) -ResourceGroupName $rgname -Location $loc -AllocationMethod Dynamic -DomainNameLabel ('pubip' + $rgname);
+    $pubip = Get-AzureRmPublicIpAddress -Name ('pubip' + $rgname) -ResourceGroupName $rgname;
+    $pubipId = $pubip.Id;
+    $nic = New-AzureRmNetworkInterface -Force -Name ('nic' + $rgname) -ResourceGroupName $rgname -Location $loc -SubnetId $subnetId -PublicIpAddressId $pubip.Id;
+    $nic = Get-AzureRmNetworkInterface -Name ('nic' + $rgname) -ResourceGroupName $rgname;
+    $nicId = $nic.Id;
+
+    $p = Add-AzureRmVMNetworkInterface -VM $p -Id $nicId;
+    Assert-AreEqual $p.NetworkProfile.NetworkInterfaces.Count 1;
+    Assert-AreEqual $p.NetworkProfile.NetworkInterfaces[0].Id $nicId;
+
+    # Storage Account (SA)
+    $stoname = 'sto' + $rgname;
+    $stotype = 'Standard_GRS';
+    $sa = New-AzureRmStorageAccount -ResourceGroupName $rgname -Name $stoname -Location $loc -Type $stotype;
+    Retry-IfException { $global:stoaccount = Get-AzureRmStorageAccount -ResourceGroupName $rgname -Name $stoname; }
+    $stokey = (Get-AzureRmStorageAccountKey -ResourceGroupName $rgname -Name $stoname).Key1;
+
+    $osDiskName = 'osDisk';
+    $osDiskCaching = 'ReadWrite';
+    $osDiskVhdUri = "https://$stoname.blob.core.windows.net/test/os.vhd";
+
+    $p = Set-AzureRmVMOSDisk -VM $p -Name $osDiskName -VhdUri $osDiskVhdUri -Caching $osDiskCaching -CreateOption FromImage;
+
+    Assert-AreEqual $p.StorageProfile.OsDisk.Caching $osDiskCaching;
+    Assert-AreEqual $p.StorageProfile.OsDisk.Name $osDiskName;
+    Assert-AreEqual $p.StorageProfile.OsDisk.Vhd.Uri $osDiskVhdUri;
+    Assert-AreEqual $p.StorageProfile.DataDisks.Count 0;
+
+    # OS & Image
+    $user = "Foo12";
+    $password = $PLACEHOLDER;
+    $securePassword = ConvertTo-SecureString $password -AsPlainText -Force;
+    $cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
+    $computerName = 'test';
+    $vhdContainer = "https://$stoname.blob.core.windows.net/test";
+
+    $p = Set-AzureRmVMOperatingSystem -VM $p -Windows -ComputerName $computerName -Credential $cred -ProvisionVMAgent;
+
+    $imgRef = Get-DefaultCRPWindowsImageOffline;
+    $p = ($imgRef | Set-AzureRmVMSourceImage -VM $p);
+
+    Assert-AreEqual $p.OSProfile.AdminUsername $user;
+    Assert-AreEqual $p.OSProfile.ComputerName $computerName;
+    Assert-AreEqual $p.OSProfile.AdminPassword $password;
+    Assert-AreEqual $p.OSProfile.WindowsConfiguration.ProvisionVMAgent $true;
+
+    Assert-AreEqual $p.StorageProfile.ImageReference.Offer $imgRef.Offer;
+    Assert-AreEqual $p.StorageProfile.ImageReference.Publisher $imgRef.PublisherName;
+    Assert-AreEqual $p.StorageProfile.ImageReference.Sku $imgRef.Skus;
+    Assert-AreEqual $p.StorageProfile.ImageReference.Version $imgRef.Version;
+
+    # Virtual Machine
+    $v = New-AzureRmVM -ResourceGroupName $rgname -Location $loc -VM $p;
+
+    $vm = Get-AzureRmVM -ResourceGroupName $rgname -VMName $vmname
+    return $vm
+}
+
 # Cleans the created resource group
 function Clean-ResourceGroup($rgname)
 {

src/ResourceManager/Compute/Commands.Compute.Test/ScenarioTests/VirtualMachineExtensionTests.cs

@@ -128,9 +128,9 @@ public void TestAzureDiskEncryptionExtension()
         [Fact(Skip = "Updated Storage, needs re-recorded")]
         [Trait(Category.RunType, Category.DesktopOnly)]
 #else
-        [Fact(Skip = "TODO: only works for live mode due to key vault dependency")]
+        [Fact]
 #endif
-        [Trait(Category.RunType, Category.LiveOnly)]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestAzureDiskEncryptionExtensionSinglePass()
         {
             ComputeTestController.NewInstance.RunPsTest(_logger, "Test-AzureDiskEncryptionExtensionSinglePass");
@@ -140,9 +140,21 @@ public void TestAzureDiskEncryptionExtensionSinglePass()
         [Fact(Skip = "Updated Storage, needs re-recorded")]
         [Trait(Category.RunType, Category.DesktopOnly)]
 #else
-        [Fact(Skip = "TODO: only works for live mode due to key vault dependency")]
+        [Fact]
 #endif
-        [Trait(Category.RunType, Category.LiveOnly)]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestAzureDiskEncryptionExtensionSinglePassRemove()
+        {
+            ComputeTestController.NewInstance.RunPsTest(_logger, "Test-AzureDiskEncryptionExtensionSinglePassRemove");
+        }
+
+#if NETSTANDARD
+        [Fact(Skip = "Updated Storage, needs re-recorded")]
+        [Trait(Category.RunType, Category.DesktopOnly)]
+#else
+        [Fact]
+#endif
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestAzureDiskEncryptionExtensionSinglePassDisableAndRemove()
         {
             ComputeTestController.NewInstance.RunPsTest(_logger, "Test-AzureDiskEncryptionExtensionSinglePassDisableAndRemove");

src/ResourceManager/Compute/Commands.Compute.Test/ScenarioTests/VirtualMachineExtensionTests.ps1

@@ -1052,13 +1052,67 @@ function Test-AzureDiskEncryptionExtensionSinglePass
 		$status = Get-AzureRmVmDiskEncryptionStatus -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name
 		Assert-NotNull $status
 		Assert-AreEqual $status.OsVolumeEncrypted Encrypted
+		# For Native disks we expect the cmdlet to show the data disks as encrypted.
+		Assert-AreEqual $status.DataVolumesEncrypted Encrypted 
+
+		# verify encryption settings 
+		$settings = $status.OsVolumeEncryptionSettings
+		Assert-NotNull $settings
+		Assert-NotNull $settings.DiskEncryptionKey.SecretUrl
+		Assert-AreEqual $settings.DiskEncryptionKey.SourceVault.Id $kv.DiskEncryptionKeyVaultId
+	}
+	finally
+	{
+		Clean-ResourceGroup($resourceGroupName)
+	}
+}
+
+<#
+.SYNOPSIS
+Test the Get-AzureRmVmDiskEncryptionStatus single pass remove scenario
+#>
+function Test-AzureDiskEncryptionExtensionSinglePassRemove
+{
+	$resourceGroupName = Get-ComputeTestResourceName
+	try
+	{
+		# create virtual machine and key vault prerequisites
+		$vm = Create-VirtualMachineNoDataDisks $resourceGroupName
+		$kv = Create-KeyVault $vm.ResourceGroupName $vm.Location
+
+		# enable encryption with single pass syntax (omits AD parameters)
+		Set-AzureRmVMDiskEncryptionExtension `
+			-ResourceGroupName $vm.ResourceGroupName `
+			-VMName $vm.Name `
+			-DiskEncryptionKeyVaultUrl $kv.DiskEncryptionKeyVaultUrl `
+			-DiskEncryptionKeyVaultId $kv.DiskEncryptionKeyVaultId `
+			-Force
+
+		# verify encryption state
+		$status = Get-AzureRmVmDiskEncryptionStatus -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name
+		Assert-NotNull $status
+		Assert-AreEqual $status.OsVolumeEncrypted Encrypted
+		Assert-AreEqual $status.DataVolumesEncrypted NoDiskFound
+
+		# verify encryption settings 
+		$settings = $status.OsVolumeEncryptionSettings
+		Assert-NotNull $settings
+		Assert-NotNull $settings.DiskEncryptionKey.SecretUrl
+		Assert-AreEqual $settings.DiskEncryptionKey.SourceVault.Id $kv.DiskEncryptionKeyVaultId
+
+		# remove extension
+		Remove-AzureRmVmDiskEncryptionExtension -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name -Force
+		$status = Get-AzureRmVmDiskEncryptionStatus -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name
+		Assert-NotNull $status
+		Assert-AreEqual $status.OsVolumeEncrypted Encrypted
 		Assert-AreEqual $status.DataVolumesEncrypted NoDiskFound
 
 		# verify encryption settings 
 		$settings = $status.OsVolumeEncryptionSettings
 		Assert-NotNull $settings
 		Assert-NotNull $settings.DiskEncryptionKey.SecretUrl
-		Assert-NotNull $settings.DiskEncryptionKey.SourceVault
+		Assert-AreEqual $settings.DiskEncryptionKey.SourceVault.Id $kv.DiskEncryptionKeyVaultId
+
 	}
 	finally
 	{
@@ -1091,20 +1145,30 @@ function Test-AzureDiskEncryptionExtensionSinglePassDisableAndRemove
 		$status = Get-AzureRmVmDiskEncryptionStatus -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name
 		Assert-NotNull $status
 		Assert-AreEqual $status.OsVolumeEncrypted Encrypted
-		Assert-AreEqual $status.DataVolumesEncrypted NoDiskFound
+		Assert-AreEqual $status.DataVolumesEncrypted Encrypted
+
+		# verify encryption settings 
+		$settings = $status.OsVolumeEncryptionSettings
+		Assert-NotNull $settings
+		Assert-NotNull $settings.DiskEncryptionKey.SecretUrl
+		Assert-AreEqual $settings.DiskEncryptionKey.SourceVault.Id $kv.DiskEncryptionKeyVaultId
 
 		# disable encryption
-		$status = Disable-AzureRmVmDiskEncryption -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name
+		$status = Disable-AzureRmVmDiskEncryption -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name -Force
 		Assert-NotNull $status
 
 		# verify encryption state
 		$status = Get-AzureRmVmDiskEncryptionStatus -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name
 		Assert-NotNull $status
 		Assert-AreEqual $status.OsVolumeEncrypted NotEncrypted
-		Assert-AreEqual $status.DataVolumesEncrypted NoDiskFound
+		Assert-AreEqual $status.DataVolumesEncrypted NotEncrypted
+
+		# verify encryption settings 
+		$settings = $status.OsVolumeEncryptionSettings
+		Assert-Null $settings
 
 		# remove extension
-		$status = Remove-AzureRmVmDiskEncryptionExtension -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name
+		$status = Remove-AzureRmVmDiskEncryptionExtension -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name -Force
 		Assert-NotNull $status
 	}
 	finally

src/ResourceManager/Compute/Commands.Compute.Test/packages.config

@@ -7,7 +7,7 @@
   <package id="Microsoft.Azure.Graph.RBAC" version="3.4.0-preview" targetFramework="net452" />
   <package id="Microsoft.Azure.Management.Authorization" version="2.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Compute" version="21.0.0" targetFramework="net452" />
-  <package id="Microsoft.Azure.Management.KeyVault" version="2.3.0-preview" targetFramework="net452" />
+  <package id="Microsoft.Azure.Management.KeyVault" version="2.4.1-alpha" targetFramework="net452" />
   <package id="Microsoft.Azure.Management.Network" version="19.1.0-preview" targetFramework="net452" />
   <package id="Microsoft.Azure.Management.Storage" version="4.1.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.20.1-preview" targetFramework="net40" />

src/ResourceManager/Compute/Commands.Compute/ChangeLog.md

@@ -23,6 +23,7 @@
 * Add EvictionPolicy parameter to New-AzureRmVmssConfig
 * Use default location in the `DiskFileParameterSet` of New-AzureRmVm if no Location is specified.
 * Fix parameter description in Save-AzureRmVMImage
+* Fix Get-AzureRmVMDiskEncryptionStatus cmdlet for certain singlepass related scenarios
 
 ## Version 5.4.0
 * Fix issue with creating a vm using `DiskFileParameterSet` in `New-AzureRmVm` failing because of `PremiumLRS` storage account type renaming.
@@ -35,7 +36,6 @@
 * Updated all help files to include full parameter types and correct input/output types.
 * Update description for Set-AzureRmVMOSDisk
 * Update Example 1 for Set-AzureRmVMBginfoExtension to correct spelling and prefix. 
-* Fix Get-AzureRmVMDiskEncryptionStatus cmdlet for certain singlepass related scenarios
 
 ## Version 5.3.0
 * Add -Tag parameter to Update/New-AzureRmAvailabilitySet