@@ -24,6 +24,7 @@ public class SetAzureDiskEncryptionExtensionCommand : VirtualMachineExtensionBas
2424
2525 private const string aadClientIDKey = "AADClientID" ;
2626 private const string aadClientSecretKey = "AADClientSecret" ;
27+ private const string aadClientCertThumbprintKey = "AADClientCertThumbprint" ;
2728 private const string keyVaultUrlKey = "KeyVaultURL" ;
2829 private const string keyEncryptionKeyUrlKey = "KeyEncryptionKeyURL" ;
2930 private const string keyEncryptionAlgorithmKey = "KeyEncryptionAlgorithm" ;
@@ -96,49 +97,41 @@ public class SetAzureDiskEncryptionExtensionCommand : VirtualMachineExtensionBas
9697 HelpMessage = "ResourceID of the KeyVault where generated encryption key will be placed to" ) ]
9798 public string DiskEncryptionKeyVaultId { get ; set ; }
9899
99- [ Parameter (
100- Mandatory = true ,
101- Position = 7 ,
102- ValueFromPipelineByPropertyName = true ,
103- HelpMessage = "The location of the VM" ) ]
104- [ ValidateNotNullOrEmpty ]
105- public string Location { get ; set ; }
106-
107100 [ Parameter (
108101 Mandatory = false ,
109- Position = 8 ,
102+ Position = 7 ,
110103 ValueFromPipelineByPropertyName = true ,
111- HelpMessage = "KeyVault URL of the KeyEncryptionKey used to encrypt the disk encryption key" ) ]
104+ HelpMessage = "Versioned KeyVault URL of the KeyEncryptionKey used to encrypt the disk encryption key" ) ]
112105 [ ValidateNotNullOrEmpty ]
113106 public string KeyEncryptionKeyUrl { get ; set ; }
114107
115108 [ Parameter (
116109 Mandatory = false ,
117- Position = 9 ,
110+ Position = 8 ,
118111 ValueFromPipelineByPropertyName = true ,
119112 HelpMessage = "ResourceID of the KeyVault containing the KeyEncryptionKey used to encrypt the disk encryption key" ) ]
120113 [ ValidateNotNullOrEmpty ]
121114 public string KeyEncryptionKeyVaultId { get ; set ; }
122115
123116 [ Parameter (
124117 Mandatory = false ,
125- Position = 10 ,
118+ Position = 9 ,
126119 ValueFromPipelineByPropertyName = true ,
127120 HelpMessage = "KeyEncryption Algorithm used to encrypt the volume encryption key" ) ]
128121 [ ValidateSet ( "RSA-OAEP" , "RSA1_5" ) ]
129122 public string KeyEncryptionAlgorithm { get ; set ; }
130123
131124 [ Parameter (
132125 Mandatory = false ,
133- Position = 11 ,
126+ Position = 10 ,
134127 ValueFromPipelineByPropertyName = true ,
135128 HelpMessage = "Type of the volume (OS or Data) to perform encryption operation" ) ]
136129 [ ValidateSet ( "OS" , "Data" , "All" ) ]
137130 public string VolumeType { get ; set ; }
138131
139132 [ Parameter (
140133 Mandatory = false ,
141- Position = 12 ,
134+ Position = 11 ,
142135 ValueFromPipelineByPropertyName = true ,
143136 HelpMessage = "Sequence version of encryption operation. This must be incremented to perform repeated encryption operations on the same VM" ) ]
144137 [ ValidateNotNullOrEmpty ]
@@ -147,7 +140,7 @@ public class SetAzureDiskEncryptionExtensionCommand : VirtualMachineExtensionBas
147140 [ Alias ( "HandlerVersion" , "Version" ) ]
148141 [ Parameter (
149142 Mandatory = false ,
150- Position = 13 ,
143+ Position = 12 ,
151144 ValueFromPipelineByPropertyName = true ,
152145 HelpMessage = "The type handler version." ) ]
153146 [ ValidateNotNullOrEmpty ]
@@ -181,15 +174,15 @@ private void ValidateInputParameters()
181174 private string GetExtensionStatusMessage ( )
182175 {
183176 VirtualMachineExtensionGetResponse extensionResult = this . VirtualMachineExtensionClient . GetWithInstanceView ( this . ResourceGroupName , this . VMName , this . Name ) ;
184- if ( extensionResult == null )
177+ if ( extensionResult == null )
185178 {
186179 ThrowTerminatingError ( new ErrorRecord ( new ApplicationFailedException ( string . Format ( CultureInfo . CurrentUICulture , "Failed to retrieve extension status" ) ) ,
187180 "InvalidResult" ,
188181 ErrorCategory . InvalidResult ,
189182 null ) ) ;
190183 }
191184 PSVirtualMachineExtension returnedExtension = extensionResult . ToPSVirtualMachineExtension ( this . ResourceGroupName ) ;
192- if ( ( returnedExtension == null ) ||
185+ if ( ( returnedExtension == null ) ||
193186 ( string . IsNullOrWhiteSpace ( returnedExtension . Publisher ) ) ||
194187 ( string . IsNullOrWhiteSpace ( returnedExtension . ExtensionType ) ) )
195188 {
@@ -202,9 +195,9 @@ private string GetExtensionStatusMessage()
202195 returnedExtension . ExtensionType . Equals ( AzureDiskEncryptionExtensionContext . ExtensionDefaultName , StringComparison . InvariantCultureIgnoreCase ) )
203196 {
204197 AzureDiskEncryptionExtensionContext context = new AzureDiskEncryptionExtensionContext ( returnedExtension ) ;
205- if ( ( context == null ) ||
206- ( context . Statuses == null ) ||
207- ( context . Statuses . Count < 1 ) ||
198+ if ( ( context == null ) ||
199+ ( context . Statuses == null ) ||
200+ ( context . Statuses . Count < 1 ) ||
208201 ( string . IsNullOrWhiteSpace ( context . Statuses [ 0 ] . Message ) ) )
209202 {
210203 ThrowTerminatingError ( new ErrorRecord ( new ApplicationFailedException ( string . Format ( CultureInfo . CurrentUICulture , "Invalid extension status" ) ) ,
@@ -248,7 +241,7 @@ private ComputeLongRunningOperationResponse UpdateVmEncryptionSettings()
248241 encryptionSettings . DiskEncryptionKey . SourceVault = new SourceVaultReference ( ) ;
249242 encryptionSettings . DiskEncryptionKey . SourceVault . ReferenceUri = this . DiskEncryptionKeyVaultId ;
250243 encryptionSettings . DiskEncryptionKey . SecretUrl = statusMessage ;
251- if ( this . KeyEncryptionKeyUrl != null )
244+ if ( this . KeyEncryptionKeyUrl != null )
252245 {
253246 encryptionSettings . KeyEncryptionKey = new KeyVaultKeyReference ( ) ;
254247 encryptionSettings . KeyEncryptionKey . SourceVault = new SourceVaultReference ( ) ;
@@ -276,6 +269,7 @@ private string GetExtensionPublicSettings()
276269 {
277270 Hashtable publicSettings = new Hashtable ( ) ;
278271 publicSettings . Add ( aadClientIDKey , AadClientID ?? String . Empty ) ;
272+ publicSettings . Add ( aadClientCertThumbprintKey , AadClientCertThumbprint ?? String . Empty ) ;
279273 publicSettings . Add ( keyVaultUrlKey , DiskEncryptionKeyVaultUrl ?? String . Empty ) ;
280274 publicSettings . Add ( keyEncryptionKeyUrlKey , KeyEncryptionKeyUrl ?? String . Empty ) ;
281275 publicSettings . Add ( keyEncryptionAlgorithmKey , KeyEncryptionAlgorithm ?? String . Empty ) ;
@@ -299,9 +293,18 @@ private VirtualMachineExtension GetVmExtensionParameters()
299293 string SettingString = GetExtensionPublicSettings ( ) ;
300294 string ProtectedSettingString = GetExtensionProtectedSettings ( ) ;
301295
296+ VirtualMachine vmParameters = ( this . ComputeClient . ComputeManagementClient . VirtualMachines . Get ( this . ResourceGroupName , this . VMName ) ) . VirtualMachine ;
297+ if ( vmParameters == null )
298+ {
299+ ThrowTerminatingError ( new ErrorRecord ( new ApplicationException ( string . Format ( CultureInfo . CurrentUICulture , "Set-AzureDiskEncryptionExtension can enable encryption only on a VM that was already created " ) ) ,
300+ "InvalidResult" ,
301+ ErrorCategory . InvalidResult ,
302+ null ) ) ;
303+ }
304+
302305 VirtualMachineExtension vmExtensionParameters = new VirtualMachineExtension
303306 {
304- Location = this . Location ,
307+ Location = vmParameters . Location ,
305308 Name = this . Name ,
306309 Type = VirtualMachineExtensionType ,
307310 Publisher = AzureDiskEncryptionExtensionContext . ExtensionDefaultPublisher ,
0 commit comments