Merge pull request #3 from Azure/master

Sync

Author: bashahee

src/Compute/Compute.Test/Compute.Test.csproj

@@ -12,7 +12,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.4.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Compute" Version="30.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Compute" Version="30.1.0" />
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="2.4.2" />
     <PackageReference Include="Microsoft.Azure.Management.Network" Version="19.17.0-preview" />
   </ItemGroup>

src/Compute/Compute.Test/ScenarioTests/DiskRPTests.cs

@@ -58,5 +58,12 @@ public void TestDiskUpload()
         {
             TestRunner.RunTestScript("Test-DiskUpload");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestDiskEncryptionSet()
+        {
+            TestRunner.RunTestScript("Test-DiskEncryptionSet");
+        }
     }
 }

src/Compute/Compute.Test/ScenarioTests/DiskRPTests.ps1

@@ -790,3 +790,59 @@ function Test-DiskUpload
         Clean-ResourceGroup $rgname
     }
 }
+
+<#
+.SYNOPSIS
+Testing disk upload
+#>
+function Test-DiskEncryptionSet
+{
+    # Setup
+    $loc = "westcentralus";
+    $rgname = "pstest";
+    $encryptionName = "enc" + $rgname;
+    $vaultName = 'kv' + $rgname;
+    $kekName = 'kek' + $rgname;
+
+    try
+    {
+        #
+        # Note: In order to record this test, you need to run the following commands to create KeyValut key and KeyVault secret in a separate Powershell window.
+        #
+        #New-AzResourceGroup -Name $rgname -Location $loc -Force;
+        #$vault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgname -Location $loc -Sku Standard;
+        #$userPrincipalName = (Get-AzContext).Account.Id;
+        #Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ResourceGroupName $rgname -EnabledForDiskEncryption;
+        #Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ResourceGroupName $rgname -ServicePrincipalName $userPrincipalName -PermissionsToKeys decrypt,encrypt,unwrapKey,wrapKey,verify,sign,get,list,update,create,import,delete,backup,restore,recover,purge;
+        #$kek = Add-AzKeyVaultKey -VaultName $vaultName -Name $kekName -Destination "Software";
+        #$secret = Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretname -SecretValue $securestring;
+        #$mockkey = $kek.Id
+
+        $subId = Get-SubscriptionIdFromResourceGroup $rgname;
+        $mockkey = "https://kvpstest.vault.azure.net:443/keys/kekpstest/bf109281146949a9b3ae234db1728493";
+        $mocksourcevault = '/subscriptions/' + $subId + '/resourceGroups/' + $rgname + '/providers/Microsoft.KeyVault/vaults/' + $vaultName;
+
+        New-AzDiskEncryptionSetConfig -Location $loc -KeyUrl $mockkey -SourceVaultId $mocksourcevault -IdentityType "SystemAssigned" `
+        | New-AzDiskEncryptionSet -ResourceGroupName $rgname -Name $encryptionName;
+
+        $encSet = Get-AzDiskEncryptionSet -ResourceGroupName $rgname -Name $encryptionName;
+        Assert-AreEqual $encryptionName $encSet.Name;
+        Assert-AreEqual $loc $encSet.Location;
+        Assert-AreEqual "SystemAssigned" $encSet.Identity.Type;
+        Assert-NotNull $encSet.Identity.PrincipalId;
+        Assert-NotNull $encSet.Identity.TenantId;
+        Assert-AreEqual $mockkey $encSet.ActiveKey.KeyUrl;
+        Assert-AreEqual $mocksourcevault $encSet.ActiveKey.SourceVault.Id;
+
+        $encSets = Get-AzDiskEncryptionSet -ResourceGroupName $rgname;
+        Assert-True {$encSets.Count -ge 1};
+
+        $encSets = Get-AzDiskEncryptionSet;
+        Assert-True {$encSets.Count -ge 1};
+    }
+    finally
+    {
+        # Cleanup
+        $encSet | Remove-AzDiskEncryptionSet -Force;
+    }
+}

src/Compute/Compute.Test/ScenarioTests/VirtualMachineProfileTests.ps1

@@ -73,22 +73,26 @@ function Test-VirtualMachineProfile
         { Add-AzVMDataDisk -VM $p -Name 'dataDisk' -Caching 'ReadOnly' -DiskSizeInGB $null -Lun 2 -CreateOption Empty -ManagedDiskId $managedDataDiskId -StorageAccountType Standard_LRS; } `
         "does not match with given managed disk ID";
 
-    $p = Add-AzVMDataDisk -VM $p -Name 'testDataDisk3' -Caching 'ReadOnly' -DiskSizeInGB $null -Lun 2 -CreateOption Empty -ManagedDiskId $managedDataDiskId -StorageAccountType Standard_LRS;
+    $p = Add-AzVMDataDisk -VM $p -Name 'testDataDisk3' -Caching 'ReadOnly' -DiskSizeInGB $null -Lun 2 -CreateOption Empty `
+                          -ManagedDiskId $managedDataDiskId -StorageAccountType Standard_LRS -DiskEncryptionSetId "enc_id1";
     Assert-AreEqual $managedDataDiskId $p.StorageProfile.DataDisks[2].ManagedDisk.Id;
     Assert-AreEqual "Standard_LRS" $p.StorageProfile.DataDisks[2].ManagedDisk.StorageAccountType;
     Assert-Null $p.StorageProfile.DataDisks[2].DiskSizeGB;
     Assert-AreEqual $false $p.StorageProfile.DataDisks[2].WriteAcceleratorEnabled;
+    Assert-AreEqual "enc_id1" $p.StorageProfile.DataDisks[2].ManagedDisk.DiskEncryptionSet.Id;
 
-    $p = Set-AzVMDataDisk -VM $p -Name 'testDataDisk3' -StorageAccountType Premium_LRS -WriteAccelerator;
+    $p = Set-AzVMDataDisk -VM $p -Name 'testDataDisk3' -StorageAccountType Premium_LRS -WriteAccelerator -DiskEncryptionSetId "enc_id2";
     Assert-AreEqual $managedDataDiskId $p.StorageProfile.DataDisks[2].ManagedDisk.Id;
     Assert-AreEqual "Premium_LRS" $p.StorageProfile.DataDisks[2].ManagedDisk.StorageAccountType;
     Assert-AreEqual $true $p.StorageProfile.DataDisks[2].WriteAcceleratorEnabled;
+    Assert-AreEqual "enc_id2" $p.StorageProfile.DataDisks[2].ManagedDisk.DiskEncryptionSet.Id;
 
     $p = Remove-AzVMDataDisk -VM $p -Name 'testDataDisk3';
 
     Assert-AreEqual $p.StorageProfile.OSDisk.Caching $osDiskCaching;
     Assert-AreEqual $p.StorageProfile.OSDisk.Name $osDiskName;
     Assert-AreEqual $p.StorageProfile.OSDisk.Vhd.Uri $osDiskVhdUri;
+    Assert-AreEqual $p.StorageProfile.OSDisk.Vhd.Uri $osDiskVhdUri;
     Assert-AreEqual $p.StorageProfile.DataDisks.Count 2;
     Assert-AreEqual $p.StorageProfile.DataDisks[0].Caching 'ReadOnly';
     Assert-AreEqual $p.StorageProfile.DataDisks[0].DiskSizeGB 10;
@@ -131,11 +135,12 @@ function Test-VirtualMachineProfile
     Assert-AreEqual $true $p.StorageProfile.OSDisk.WriteAcceleratorEnabled;
     Assert-Null $p.StorageProfile.OSDisk.DiffDiskSettings;
 
-    $p = Set-AzVMOsDisk -VM $p -ManagedDiskId $managedOsDiskId_1 -DiffDiskSetting "Local";
+    $p = Set-AzVMOsDisk -VM $p -ManagedDiskId $managedOsDiskId_1 -DiffDiskSetting "Local" -DiskEncryptionSetId "enc_id3";
     Assert-AreEqual $p.StorageProfile.OSDisk.Caching $osDiskCaching;
     Assert-AreEqual $p.StorageProfile.OSDisk.Name $osDiskName;
     Assert-AreEqual $p.StorageProfile.OSDisk.Vhd.Uri $osDiskVhdUri;
     Assert-AreEqual $managedOsDiskId_1 $p.StorageProfile.OSDisk.ManagedDisk.Id;
+    Assert-AreEqual "enc_id3" $p.StorageProfile.OSDisk.ManagedDisk.DiskEncryptionSet.Id;
     Assert-Null $p.StorageProfile.OSDisk.ManagedDisk.StorageAccountType;
     Assert-AreEqual $false $p.StorageProfile.OSDisk.WriteAcceleratorEnabled;
     Assert-AreEqual "Local" $p.StorageProfile.OSDisk.DiffDiskSettings.Option;

src/Compute/Compute.Test/ScenarioTests/VirtualMachineScaleSetProfileTests.ps1

@@ -151,7 +151,8 @@ function Test-VirtualMachineScaleSetProfile
 
     $vmss4 = $vmss4 | Set-AzVmssStorageProfile -OsDiskCreateOption 'FromImage' -OsDiskCaching 'None' `
             -ImageReferenceOffer $imgRef.Offer -ImageReferenceSku $imgRef.Skus -ImageReferenceVersion $imgRef.Version `
-            -ImageReferencePublisher $imgRef.PublisherName -OsDiskWriteAccelerator -ManagedDisk "Premium_LRS" -DiffDiskSetting "Local";
+            -ImageReferencePublisher $imgRef.PublisherName -OsDiskWriteAccelerator `
+            -ManagedDisk "Premium_LRS" -DiffDiskSetting "Local" -DiskEncryptionSetId "enc_id1";
 
     # Storage profile
     Assert-AreEqual $createOption $vmss4.VirtualMachineProfile.StorageProfile.OsDisk.CreateOption;
@@ -161,6 +162,7 @@ function Test-VirtualMachineScaleSetProfile
     Assert-AreEqual $imgRef.Version $vmss4.VirtualMachineProfile.StorageProfile.ImageReference.Version;
     Assert-AreEqual $imgRef.PublisherName $vmss4.VirtualMachineProfile.StorageProfile.ImageReference.Publisher;
     Assert-AreEqual "Premium_LRS" $vmss4.VirtualMachineProfile.StorageProfile.OsDisk.ManagedDisk.StorageAccountType;
+    Assert-AreEqual "enc_id1" $vmss4.VirtualMachineProfile.StorageProfile.OsDisk.ManagedDisk.DiskEncryptionSet.Id;
     Assert-AreEqual "Local" $vmss4.VirtualMachineProfile.StorageProfile.OsDisk.DiffDiskSettings.Option;
     Assert-AreEqual $ppgid $vmss4.ProximityPlacementGroup.Id;
 }