Update Set-AzureRmOsDisk cmdlet for disk encryption

Author: hyonholee

src/ResourceManager/Compute/Commands.Compute.Test/Commands.Compute.Test.csproj

@@ -66,9 +66,8 @@
     <Reference Include="Microsoft.Azure.Management.Authorization">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Azure.Management.Compute, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.9.0.0\lib\net40\Microsoft.Azure.Management.Compute.dll</HintPath>
-      <Private>True</Private>
+    <Reference Include="Microsoft.Azure.Management.Compute.Internal">
+      <HintPath>..\..\..\packages\dedll\Microsoft.Azure.Management.Compute.Internal.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Network, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>

src/ResourceManager/Compute/Commands.Compute.Test/ScenarioTests/VirtualMachineProfileTests.ps1

@@ -244,13 +244,22 @@ function Test-VirtualMachineProfileWithoutAUC
     $dataDiskVhdUri2 = "https://$stoname.blob.core.windows.net/test/data2.vhd";
     $dataDiskVhdUri3 = "https://$stoname.blob.core.windows.net/test/data3.vhd";
 
-    $p = Set-AzureRmVMOSDisk -VM $p -Name $osDiskName -VhdUri $osDiskVhdUri -Caching $osDiskCaching -CreateOption Empty;
+    $dekUri = "https://testvault123.vault.azure.net/secrets/Test1/514ceb769c984379a7e0230bddaaaaaa";
+    $dekId =  "/subscriptions/" + $subid + "/resourceGroups/RgTest1/providers/Microsoft.KeyVault/vaults/TestVault123";
+    $kekUri = "http://keyVaultName.vault.azure.net/secrets/secretName/secretVersion";
+    $kekId = "/subscriptions/" + $subid + "/resourceGroups/RgTest1/providers/Microsoft.KeyVault/vaults/TestVault123";
+
+    $p = Set-AzureRmVMOSDisk -VM $p -Windows -Name $osDiskName -VhdUri $osDiskVhdUri -Caching $osDiskCaching -CreateOption Empty -DiskEncryptionKeyUrl $dekUri -DiskEncryptionKeyVaultId $dekId -KeyEncryptionKeyUrl $kekUri -KeyEncryptionKeyVaultId $kekId;
 
     $p = Add-AzureRmVMDataDisk -VM $p -Name 'testDataDisk1' -Caching 'ReadOnly' -DiskSizeInGB 10 -Lun 0 -VhdUri $dataDiskVhdUri1 -CreateOption Empty;
     $p = Add-AzureRmVMDataDisk -VM $p -Name 'testDataDisk2' -Caching 'ReadOnly' -DiskSizeInGB 11 -Lun 1 -VhdUri $dataDiskVhdUri2 -CreateOption Empty;
     $p = Add-AzureRmVMDataDisk -VM $p -Name 'testDataDisk3' -Caching 'ReadOnly' -DiskSizeInGB 12 -Lun 2 -VhdUri $dataDiskVhdUri3 -CreateOption Empty;
     $p = Remove-AzureRmVMDataDisk -VM $p -Name 'testDataDisk3';
 
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.DiskEncryptionKey.SourceVault.ReferenceUri $dekId
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.DiskEncryptionKey.SecretUrl $dekUri
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.KeyEncryptionKey.SourceVault.ReferenceUri $kekId
+    Assert-AreEqual $p.StorageProfile.OSDisk.EncryptionSettings.KeyEncryptionKey.KeyUrl $kekUri
     Assert-AreEqual $p.StorageProfile.OSDisk.Caching $osDiskCaching;
     Assert-AreEqual $p.StorageProfile.OSDisk.Name $osDiskName;
     Assert-AreEqual $p.StorageProfile.OSDisk.VirtualHardDisk.Uri $osDiskVhdUri;

src/ResourceManager/Compute/Commands.Compute.Test/packages.config

@@ -7,7 +7,7 @@
   <package id="Microsoft.Azure.Gallery" version="2.6.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Graph.RBAC" version="1.7.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Compute" version="9.0.0" targetFramework="net45" />
+  <!-- <package id="Microsoft.Azure.Management.Compute" version="9.0.0" targetFramework="net45" /> -->
   <package id="Microsoft.Azure.Management.Network" version="2.0.13-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.18.7-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Storage" version="2.4.0-preview" targetFramework="net45" />

src/ResourceManager/Compute/Commands.Compute/Commands.Compute.csproj

@@ -80,9 +80,8 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Microsoft.Azure.Management.Compute, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Compute.9.0.0\lib\net40\Microsoft.Azure.Management.Compute.dll</HintPath>
-      <Private>True</Private>
+    <Reference Include="Microsoft.Azure.Management.Compute.Internal">
+      <HintPath>..\..\..\packages\dedll\Microsoft.Azure.Management.Compute.Internal.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Network, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>

src/ResourceManager/Compute/Commands.Compute/VirtualMachine/Config/SetAzureVMOSDiskCommand.cs

@@ -25,13 +25,16 @@ namespace Microsoft.Azure.Commands.Compute
     [Cmdlet(
         VerbsCommon.Set,
         ProfileNouns.OSDisk,
-        DefaultParameterSetName = WindowsParamSet),
+        DefaultParameterSetName = DefaultParamSet),
     OutputType(
         typeof(PSVirtualMachine))]
     public class SetAzureVMOSDiskCommand : Microsoft.Azure.Commands.ResourceManager.Common.AzureRMCmdlet
     {
+        protected const string DefaultParamSet = "DefaultParamSet";
         protected const string WindowsParamSet = "WindowsParamSet";
         protected const string LinuxParamSet = "LinuxParamSet";
+        protected const string WindowsDiskEncryptionParameterSet = "WindowsDiskEncryptionParameterSet";
+        protected const string LinuxDiskEncryptionParameterSet = "LinuxDiskEncryptionParameterSet";
 
         [Alias("VMProfile")]
         [Parameter(
@@ -90,15 +93,81 @@ public class SetAzureVMOSDiskCommand : Microsoft.Azure.Commands.ResourceManager.
             Position = 6,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = HelpMessages.VMOSDiskWindowsOSType)]
+        [Parameter(
+            ParameterSetName = WindowsDiskEncryptionParameterSet,
+            Position = 6,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskWindowsOSType)]
         public SwitchParameter Windows { get; set; }
 
         [Parameter(
             ParameterSetName = LinuxParamSet,
             Position = 6,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        [Parameter(
+            ParameterSetName = LinuxDiskEncryptionParameterSet,
+            Position = 6,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
         public SwitchParameter Linux { get; set; }
 
+        [Parameter(
+            ParameterSetName = WindowsDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 7,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        [Parameter(
+            ParameterSetName = LinuxDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 7,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        public Uri DiskEncryptionKeyUrl { get; set; }
+
+        [Parameter(
+            ParameterSetName = WindowsDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 8,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        [Parameter(
+            ParameterSetName = LinuxDiskEncryptionParameterSet,
+            Mandatory = true,
+            Position = 8,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        public string DiskEncryptionKeyVaultId { get; set; }
+
+        [Parameter(
+            ParameterSetName = WindowsDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 9,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        [Parameter(
+            ParameterSetName = LinuxDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 9,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        public Uri KeyEncryptionKeyUrl { get; set; }
+
+        [Parameter(
+            ParameterSetName = WindowsDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 10,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        [Parameter(
+            ParameterSetName = LinuxDiskEncryptionParameterSet,
+            Mandatory = false,
+            Position = 10,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMOSDiskLinuxOSType)]
+        public string KeyEncryptionKeyVaultId { get; set; }
+
         protected override void ProcessRecord()
         {
             if (this.VM.StorageProfile == null)
@@ -119,7 +188,31 @@ protected override void ProcessRecord()
                 {
                     Uri = this.SourceImageUri
                 },
-                CreateOption = this.CreateOption
+                CreateOption = this.CreateOption,
+                EncryptionSettings =
+                (this.ParameterSetName.Equals(WindowsDiskEncryptionParameterSet) || this.ParameterSetName.Equals(WindowsDiskEncryptionParameterSet))
+                ? new DiskEncryptionSettings
+                {
+                    DiskEncryptionKey = new KeyVaultSecretReference
+                    {
+                        SourceVault = new SourceVaultReference
+                        {
+                            ReferenceUri = this.DiskEncryptionKeyVaultId
+                        },
+                        SecretUrl = this.DiskEncryptionKeyUrl
+                    },
+                    KeyEncryptionKey = (this.KeyEncryptionKeyVaultId == null || this.KeyEncryptionKeyUrl == null)
+                    ? null
+                    : new KeyVaultKeyReference
+                    {
+                        KeyUrl = this.KeyEncryptionKeyUrl,
+                        SourceVault = new SourceVaultReference
+                        {
+                            ReferenceUri = this.KeyEncryptionKeyVaultId
+                        },
+                    }
+                }
+                : null
             };
 
             WriteObject(this.VM);

src/ResourceManager/Compute/Commands.Compute/packages.config

@@ -9,7 +9,7 @@
   <package id="Microsoft.Azure.Graph.RBAC" version="1.7.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.KeyVault.Core" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Compute" version="9.0.0" targetFramework="net45" />
+  <!-- <package id="Microsoft.Azure.Management.Compute" version="9.0.0" targetFramework="net45" /> -->
   <package id="Microsoft.Azure.Management.Network" version="2.0.13-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.18.7-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Storage" version="2.4.0-preview" targetFramework="net45" />