protected DiskEncryptionSettings GetEncryptionSettings(bool addKek = false)
{
string testVaultId =
@"/subscriptions/21466899-20b2-463c-8c30-b8fb28a43248/resourceGroups/RgTest1/providers/Microsoft.KeyVault/vaults/TestVault123";
string encryptionKeyFakeUri = @"https://testvault123.vault.azure.net/secrets/Test1/514ceb769c984379a7e0230bdd703272";
DiskEncryptionSettings diskEncryptionSettings = new DiskEncryptionSettings
{
DiskEncryptionKey = new KeyVaultSecretReference
{
SecretUrl = encryptionKeyFakeUri,
SourceVault = new Microsoft.Azure.Management.Compute.Models.SubResource
{
Id = testVaultId
}
}
};
if (addKek)
{
string nonExistentKekUri = @"https://testvault123.vault.azure.net/keys/TestKey/514ceb769c984379a7e0230bdd703272";
diskEncryptionSettings.KeyEncryptionKey = new KeyVaultKeyReference
{
KeyUrl = nonExistentKekUri,
SourceVault = new Microsoft.Azure.Management.Compute.Models.SubResource
{
Id = testVaultId
}
};
}
return(diskEncryptionSettings);
}
///GENMHASH:D1037603B1F11C451DD830F07021E503:EE1AB39DC25D0E54E8D460F4A5A910E3
public EncryptionStatus OSDiskStatus()
{
if (!HasEncryptionDetails())
{
return(EncryptionStatus.NotEncrypted);
}
if (encryptionExtension.ProvisioningState == null)
{
return(EncryptionStatus.NotEncrypted);
}
if (!encryptionExtension.ProvisioningState.Equals("Succeeded", System.StringComparison.OrdinalIgnoreCase))
{
return(EncryptionStatus.NotEncrypted);
}
if (this.virtualMachine.StorageProfile == null ||
virtualMachine.StorageProfile.OsDisk == null ||
virtualMachine.StorageProfile.OsDisk.EncryptionSettings == null)
{
return(EncryptionStatus.NotEncrypted);
}
DiskEncryptionSettings encryptionSettings = virtualMachine
.StorageProfile
.OsDisk
.EncryptionSettings;
if (encryptionSettings.DiskEncryptionKey != null &&
encryptionSettings.DiskEncryptionKey.SecretUrl != null &&
encryptionSettings.Enabled.HasValue &&
encryptionSettings.Enabled == true)
{
return(EncryptionStatus.Encrypted);
}
return(EncryptionStatus.NotEncrypted);
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
ExecuteClientAction(() =>
{
VirtualMachine vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(this.ResourceGroupName, this.VMName));
EncryptionStatus osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters);
DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters);
EncryptionStatus dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters);
OSType osType = GetOSType(vmParameters);
switch (osType)
{
case OSType.Windows:
case OSType.Linux:
AzureDiskEncryptionStatusContext encryptionStatus = new AzureDiskEncryptionStatusContext
{
OsVolumeEncrypted = osVolumeEncrypted,
DataVolumesEncrypted = dataVolumesEncrypted,
OsVolumeEncryptionSettings = osVolumeEncryptionSettings
};
WriteObject(encryptionStatus);
break;
case OSType.Unknown:
ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "OS type unknown.")),
"InvalidResult",
ErrorCategory.InvalidResult,
null));
break;
}
});
}
private EncryptionStatus IsOsVolumeEncrypted(VirtualMachine vmParameters)
{
OSType osType = this.GetOSType(vmParameters);
switch (osType)
{
case OSType.Windows:
DiskEncryptionSettings osEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters);
if (osEncryptionSettings != null &&
osEncryptionSettings.DiskEncryptionKey != null &&
!String.IsNullOrEmpty(osEncryptionSettings.DiskEncryptionKey.SecretUrl) &&
osEncryptionSettings.Enabled == true)
{
return(EncryptionStatus.Encrypted);
}
else
{
return(EncryptionStatus.NotEncrypted);
}
default:
return(EncryptionStatus.Unknown);
}
}
///GENMHASH:861A97732A551A94F695C3B49DFAB96C:E348102753EC23A2170268E43AF0844B
public override DiskEncryptionSettings StorageProfileEncryptionSettings()
{
KeyVaultKeyReference keyEncryptionKey = null;
if (settings.KeyEncryptionKeyURL() != null)
{
keyEncryptionKey = new KeyVaultKeyReference()
{
KeyUrl = settings.KeyEncryptionKeyURL()
};
if (settings.KeyEncryptionKeyVaultId() != null)
{
keyEncryptionKey.SourceVault = new ResourceManager.Fluent.SubResource()
{
Id = settings.KeyEncryptionKeyVaultId()
};
}
}
DiskEncryptionSettings diskEncryptionSettings = new DiskEncryptionSettings()
{
Enabled = true,
KeyEncryptionKey = keyEncryptionKey,
DiskEncryptionKey = new KeyVaultSecretReference()
{
SourceVault = new ResourceManager.Fluent.SubResource()
{
Id = settings.KeyVaultId()
}
}
};
return(diskEncryptionSettings);
}
/// <summary>
/// Updates the virtual machine's OS Disk model with the encryption specific details.
/// </summary>
/// <param name="encryptConfig">The configuration specific to disabling the encryption.</param>
/// <return>An observable that emits updated virtual machine.</return>
///GENMHASH:9E912268A5CDF429573A7112EC718690:63BF821D222D03E59BCD43264C3339D8
private async Task <Microsoft.Azure.Management.Compute.Fluent.IVirtualMachine> UpdateVMStorageProfileAsync(EnableDisableEncryptConfig encryptConfig, CancellationToken cancellationToken = default(CancellationToken))
{
DiskEncryptionSettings diskEncryptionSettings = encryptConfig.StorageProfileEncryptionSettings();
return(await virtualMachine.Update()
.WithOSDiskEncryptionSettings(diskEncryptionSettings)
.ApplyAsync(cancellationToken));
}
internal RestorePointSourceVmosDisk(OperatingSystemType?osType, DiskEncryptionSettings encryptionSettings, string name, CachingTypes?caching, int?diskSizeGB, ManagedDiskParameters managedDisk, ApiEntityReference diskRestorePoint)
{
OsType = osType;
EncryptionSettings = encryptionSettings;
Name = name;
Caching = caching;
DiskSizeGB = diskSizeGB;
ManagedDisk = managedDisk;
DiskRestorePoint = diskRestorePoint;
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
ExecuteClientAction(() =>
{
if (this.ShouldProcess(VMName, Properties.Resources.EnableDiskEncryptionAction) &&
(this.Force.IsPresent ||
this.ShouldContinue(Properties.Resources.EnableAzureDiskEncryptionConfirmation, Properties.Resources.EnableAzureDiskEncryptionCaption)))
{
VirtualMachine virtualMachineResponse = this.ComputeClient.ComputeManagementClient.VirtualMachines.GetWithInstanceView(
this.ResourceGroupName, VMName).Body;
currentOSType = virtualMachineResponse.StorageProfile.OsDisk.OsType;
if (OperatingSystemTypes.Linux.Equals(currentOSType) && !SkipVmBackup)
{
CreateVMBackupForLinx();
}
VirtualMachineExtension parameters = GetVmExtensionParameters(virtualMachineResponse);
DiskEncryptionSettings encryptionSettingsBackup = virtualMachineResponse.StorageProfile.OsDisk.EncryptionSettings ??
new DiskEncryptionSettings {
Enabled = false
};
// The "1st pass". If this goes wrong, just bubble up the error and abort.
AzureOperationResponse <VirtualMachineExtension> extensionPushResult = this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
this.VMName,
this.Name,
parameters).GetAwaiter().GetResult();
if (!extensionPushResult.Response.IsSuccessStatusCode)
{
ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture,
"Installation failed for extension {0} with error {1}",
parameters.VirtualMachineExtensionType,
extensionPushResult.Response.Content.ReadAsStringAsync().GetAwaiter().GetResult())),
"InvalidResult",
ErrorCategory.InvalidResult,
null));
}
var op = UpdateVmEncryptionSettings(encryptionSettingsBackup);
var result = Mapper.Map <PSAzureOperationResponse>(op);
WriteObject(result);
}
});
}
internal OSDisk(OperatingSystemTypes?osType, DiskEncryptionSettings encryptionSettings, string name, VirtualHardDisk vhd, VirtualHardDisk image, CachingTypes?caching, bool?writeAcceleratorEnabled, DiffDiskSettings diffDiskSettings, DiskCreateOptionTypes createOption, int?diskSizeGB, ManagedDiskParameters managedDisk)
{
OsType = osType;
EncryptionSettings = encryptionSettings;
Name = name;
Vhd = vhd;
Image = image;
Caching = caching;
WriteAcceleratorEnabled = writeAcceleratorEnabled;
DiffDiskSettings = diffDiskSettings;
CreateOption = createOption;
DiskSizeGB = diskSizeGB;
ManagedDisk = managedDisk;
}
/// <summary>
/// This function gets the VM model, fills in the OSDisk properties with encryptionSettings and does an UpdateVM
/// </summary>
private AzureOperationResponse <VirtualMachine> UpdateVmEncryptionSettings()
{
string statusMessage = GetExtensionStatusMessage();
var vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(
this.ResourceGroupName, this.VMName));
if ((vmParameters == null) ||
(vmParameters.StorageProfile == null) ||
(vmParameters.StorageProfile.OsDisk == null))
{
//VM should have been created and have valid storageProfile and OSDisk by now
ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "Set-AzureDiskEncryptionExtension can enable encryption only on a VM that was already created and has appropriate storageProfile and OS disk")),
"InvalidResult",
ErrorCategory.InvalidResult,
null));
}
DiskEncryptionSettings encryptionSettings = new DiskEncryptionSettings();
encryptionSettings.Enabled = true;
encryptionSettings.DiskEncryptionKey = new KeyVaultSecretReference();
encryptionSettings.DiskEncryptionKey.SourceVault = new SubResource(this.DiskEncryptionKeyVaultId);
encryptionSettings.DiskEncryptionKey.SecretUrl = statusMessage;
if (this.KeyEncryptionKeyUrl != null)
{
encryptionSettings.KeyEncryptionKey = new KeyVaultKeyReference();
encryptionSettings.KeyEncryptionKey.SourceVault = new SubResource(this.KeyEncryptionKeyVaultId);
encryptionSettings.KeyEncryptionKey.KeyUrl = this.KeyEncryptionKeyUrl;
}
vmParameters.StorageProfile.OsDisk.EncryptionSettings = encryptionSettings;
var parameters = new VirtualMachine
{
DiagnosticsProfile = vmParameters.DiagnosticsProfile,
HardwareProfile = vmParameters.HardwareProfile,
StorageProfile = vmParameters.StorageProfile,
NetworkProfile = vmParameters.NetworkProfile,
OsProfile = vmParameters.OsProfile,
Plan = vmParameters.Plan,
AvailabilitySet = vmParameters.AvailabilitySet,
Location = vmParameters.Location,
Tags = vmParameters.Tags
};
return(this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
vmParameters.Name,
parameters).GetAwaiter().GetResult());
}
/// <summary>
/// Validate if encryption settings are populated in DiskInstanceView as part of VM instance view
/// </summary>
protected void ValidateEncryptionSettingsInVMScaleSetVMInstanceView(
VirtualMachineScaleSetVMInstanceView vmScaleSetVMInstanceView,
bool hasManagedDisks)
{
Assert.True(hasManagedDisks); // VMSS disk encryption is supported only with managed disks
Assert.NotNull(vmScaleSetVMInstanceView);
Assert.NotNull(vmScaleSetVMInstanceView.Disks);
Assert.True(vmScaleSetVMInstanceView.Disks.Any());
DiskInstanceView diskInstanceView = vmScaleSetVMInstanceView.Disks.First();
Assert.NotNull(diskInstanceView.EncryptionSettings);
Assert.True(diskInstanceView.EncryptionSettings.Any());
DiskEncryptionSettings encryptionSettings = diskInstanceView.EncryptionSettings.First();
Assert.NotNull(encryptionSettings.Enabled);
}
protected override void ProcessRecord()
{
base.ProcessRecord();
ExecuteClientAction(() =>
{
VirtualMachine vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(this.ResourceGroupName, this.VMName)).VirtualMachine;
bool osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters);
DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters);
bool dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters);
AzureDiskEncryptionStatusContext encryptionStatus = new AzureDiskEncryptionStatusContext
{
OsVolumeEncrypted = osVolumeEncrypted,
OsVolumeEncryptionSettings = osVolumeEncryptionSettings,
DataVolumesEncrypted = dataVolumesEncrypted
};
WriteObject(encryptionStatus);
});
}
private EncryptionStatus IsWindowsOsVolumeEncryptedDualPass(VirtualMachine vmParameters)
{
switch (vmParameters.StorageProfile.OsDisk.OsType)
{
case OperatingSystemTypes.Windows:
DiskEncryptionSettings osEncryptionSettings = GetOsVolumeEncryptionSettingsDualPass(vmParameters);
if (osEncryptionSettings != null &&
osEncryptionSettings.DiskEncryptionKey != null &&
!string.IsNullOrEmpty(osEncryptionSettings.DiskEncryptionKey.SecretUrl) &&
osEncryptionSettings.Enabled == true)
{
return(EncryptionStatus.Encrypted);
}
else
{
return(EncryptionStatus.NotEncrypted);
}
default:
return(EncryptionStatus.Unknown);
}
}
/// <summary>
/// This function gets the VM model, fills in the OSDisk properties with encryptionSettings and does an UpdateVM
/// </summary>
private AzureOperationResponse <VirtualMachine> UpdateVmEncryptionSettings(DiskEncryptionSettings encryptionSettingsBackup)
{
string statusMessage = GetExtensionStatusMessage();
var vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(
this.ResourceGroupName, this.VMName));
if ((vmParameters == null) ||
(vmParameters.StorageProfile == null) ||
(vmParameters.StorageProfile.OsDisk == null))
{
//VM should have been created and have valid storageProfile and OSDisk by now
ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "Set-AzDiskEncryptionExtension can enable encryption only on a VM that was already created and has appropriate storageProfile and OS disk")),
"InvalidResult",
ErrorCategory.InvalidResult,
null));
}
//encryption settings object to clear out encryption settings before updating
DiskEncryptionSettings resetEncryptionSettings = new DiskEncryptionSettings();
resetEncryptionSettings.Enabled = false;
resetEncryptionSettings.DiskEncryptionKey = null;
resetEncryptionSettings.KeyEncryptionKey = null;
DiskEncryptionSettings encryptionSettings = new DiskEncryptionSettings();
encryptionSettings.Enabled = true;
encryptionSettings.DiskEncryptionKey = new KeyVaultSecretReference();
encryptionSettings.DiskEncryptionKey.SourceVault = new SubResource(this.DiskEncryptionKeyVaultId);
encryptionSettings.DiskEncryptionKey.SecretUrl = statusMessage;
if (this.KeyEncryptionKeyUrl != null)
{
encryptionSettings.KeyEncryptionKey = new KeyVaultKeyReference();
encryptionSettings.KeyEncryptionKey.SourceVault = new SubResource(this.KeyEncryptionKeyVaultId);
encryptionSettings.KeyEncryptionKey.KeyUrl = this.KeyEncryptionKeyUrl;
}
vmParameters.StorageProfile.OsDisk.EncryptionSettings = encryptionSettings;
var parameters = new VirtualMachine
{
DiagnosticsProfile = vmParameters.DiagnosticsProfile,
HardwareProfile = vmParameters.HardwareProfile,
StorageProfile = vmParameters.StorageProfile,
NetworkProfile = vmParameters.NetworkProfile,
OsProfile = vmParameters.OsProfile,
Plan = vmParameters.Plan,
AvailabilitySet = vmParameters.AvailabilitySet,
Location = vmParameters.Location,
Tags = vmParameters.Tags
};
AzureOperationResponse <VirtualMachine> updateResult = null;
// The 2nd pass. TODO: If something goes wrong here, try to revert to encryptionSettingsBackup.
if (encryptionSettingsBackup.Enabled != true)
{
updateResult = this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
vmParameters.Name,
parameters).GetAwaiter().GetResult();
}
else
{
// stop-clear-update-start
// stop vm
this.ComputeClient.ComputeManagementClient.VirtualMachines
.DeallocateWithHttpMessagesAsync(this.ResourceGroupName, this.VMName).GetAwaiter()
.GetResult();
// first update vm call to clear encryption settings
vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(
this.ResourceGroupName, this.VMName));
vmParameters.StorageProfile.OsDisk.EncryptionSettings = resetEncryptionSettings;
parameters = new VirtualMachine
{
DiagnosticsProfile = vmParameters.DiagnosticsProfile,
HardwareProfile = vmParameters.HardwareProfile,
StorageProfile = vmParameters.StorageProfile,
NetworkProfile = vmParameters.NetworkProfile,
OsProfile = vmParameters.OsProfile,
Plan = vmParameters.Plan,
AvailabilitySet = vmParameters.AvailabilitySet,
Location = vmParameters.Location,
Tags = vmParameters.Tags
};
updateResult = this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
vmParameters.Name,
parameters).GetAwaiter().GetResult();
// second update vm call to set new encryption settings
vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(
this.ResourceGroupName, this.VMName));
vmParameters.StorageProfile.OsDisk.EncryptionSettings = encryptionSettings;
parameters = new VirtualMachine
{
DiagnosticsProfile = vmParameters.DiagnosticsProfile,
HardwareProfile = vmParameters.HardwareProfile,
StorageProfile = vmParameters.StorageProfile,
NetworkProfile = vmParameters.NetworkProfile,
OsProfile = vmParameters.OsProfile,
Plan = vmParameters.Plan,
AvailabilitySet = vmParameters.AvailabilitySet,
Location = vmParameters.Location,
Tags = vmParameters.Tags
};
updateResult = this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
vmParameters.Name,
parameters).GetAwaiter().GetResult();
// start vm
this.ComputeClient.ComputeManagementClient.VirtualMachines
.StartWithHttpMessagesAsync(ResourceGroupName, this.VMName).GetAwaiter().GetResult();
}
return(updateResult);
}
private AzureDiskEncryptionStatusContext getStatusDualPass(VirtualMachine vm)
{
DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettingsDualPass(vm);
AzureDiskEncryptionStatusContext encryptionStatus = null;
switch (vm.StorageProfile.OsDisk.OsType)
{
case OperatingSystemTypes.Windows:
EncryptionStatus osVolumeEncrypted = IsWindowsOsVolumeEncryptedDualPass(vm);
EncryptionStatus dataVolumesEncrypted = AreWindowsDataVolumesEncryptedDualPass(vm);
encryptionStatus = new AzureDiskEncryptionStatusContext
{
OsVolumeEncrypted = osVolumeEncrypted,
DataVolumesEncrypted = dataVolumesEncrypted,
OsVolumeEncryptionSettings = osVolumeEncryptionSettings,
ProgressMessage = string.Format(CultureInfo.CurrentUICulture, "OsVolume: {0}, DataVolumes: {1}", osVolumeEncrypted, dataVolumesEncrypted)
};
break;
case OperatingSystemTypes.Linux:
if (!this.IsExtensionInstalled(vm) && this.isVMRunning(vm))
{
VirtualMachineExtension parameters = GetDualPassQueryVmExtensionParameters(vm);
this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
this.VMName,
this.Name,
parameters).GetAwaiter().GetResult();
}
Dictionary <string, string> encryptionStatusParsed = null;
try
{
string encryptionStatusJson = GetExtensionStatusMessage(vm, returnSubstatusMessage: true);
encryptionStatusParsed = JsonConvert.DeserializeObject <Dictionary <string, string> >(encryptionStatusJson);
}
catch (KeyNotFoundException)
{
encryptionStatusParsed = new Dictionary <string, string>()
{
{ AzureDiskEncryptionExtensionConstants.encryptionResultOsKey, EncryptionStatus.Unknown.ToString() },
{ AzureDiskEncryptionExtensionConstants.encryptionResultDataKey, EncryptionStatus.Unknown.ToString() }
};
}
string progressMessage = null;
try
{
progressMessage = GetExtensionStatusMessage(vm);
}
catch (KeyNotFoundException)
{
progressMessage = string.Format(CultureInfo.CurrentUICulture, "Extension status not available on the VM");
}
encryptionStatus = new AzureDiskEncryptionStatusContext
{
OsVolumeEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultOsKey]),
DataVolumesEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultDataKey]),
OsVolumeEncryptionSettings = osVolumeEncryptionSettings,
ProgressMessage = progressMessage
};
break;
default:
ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "OS type unknown.")),
"InvalidResult",
ErrorCategory.InvalidResult,
null));
break;
}
return(encryptionStatus);
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
ExecuteClientAction(() =>
{
VirtualMachine vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(this.ResourceGroupName, this.VMName));
EncryptionStatus osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters);
DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters);
EncryptionStatus dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters);
AzureDiskEncryptionStatusContext encryptionStatus = null;
string progressMessage = null;
OSType osType = GetOSType(vmParameters);
switch (osType)
{
case OSType.Windows:
encryptionStatus = new AzureDiskEncryptionStatusContext
{
OsVolumeEncrypted = osVolumeEncrypted,
DataVolumesEncrypted = dataVolumesEncrypted,
OsVolumeEncryptionSettings = osVolumeEncryptionSettings,
ProgressMessage = string.Format(CultureInfo.CurrentUICulture, "OsVolume: {0}, DataVolumes: {1}", osVolumeEncrypted, dataVolumesEncrypted)
};
WriteObject(encryptionStatus);
break;
case OSType.Linux:
if (!IsExtensionInstalled(osType))
{
VirtualMachine virtualMachineResponse = this.ComputeClient.ComputeManagementClient.VirtualMachines.GetWithInstanceView(
this.ResourceGroupName, VMName).Body;
VirtualMachineExtension parameters = GetVmExtensionParameters(virtualMachineResponse, osType);
this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
this.VMName,
this.Name,
parameters).GetAwaiter().GetResult();
}
Dictionary <string, string> encryptionStatusParsed = null;
try
{
string encryptionStatusJson = GetExtensionStatusMessage(osType, returnSubstatusMessage: true);
encryptionStatusParsed = JsonConvert.DeserializeObject <Dictionary <string, string> >(encryptionStatusJson);
}
catch (KeyNotFoundException)
{
encryptionStatusParsed = new Dictionary <string, string>()
{
{ AzureDiskEncryptionExtensionConstants.encryptionResultOsKey, EncryptionStatus.Unknown.ToString() },
{ AzureDiskEncryptionExtensionConstants.encryptionResultDataKey, EncryptionStatus.Unknown.ToString() }
};
}
try
{
progressMessage = GetExtensionStatusMessage(osType);
}
catch (KeyNotFoundException)
{
progressMessage = string.Format(CultureInfo.CurrentUICulture, "Extension status not available on the VM");
}
encryptionStatus = new AzureDiskEncryptionStatusContext
{
OsVolumeEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultOsKey]),
DataVolumesEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultDataKey]),
OsVolumeEncryptionSettings = osVolumeEncryptionSettings,
ProgressMessage = progressMessage
};
WriteObject(encryptionStatus);
break;
case OSType.Unknown:
ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "OS type unknown.")),
"InvalidResult",
ErrorCategory.InvalidResult,
null));
break;
}
});
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
ExecuteClientAction(() =>
{
if (this.ShouldProcess(VMName, Properties.Resources.EnableDiskEncryptionAction) &&
(this.Force.IsPresent ||
this.ShouldContinue(Properties.Resources.EnableAzureDiskEncryptionConfirmation, Properties.Resources.EnableAzureDiskEncryptionCaption)))
{
VirtualMachine virtualMachineResponse = this.ComputeClient.ComputeManagementClient.VirtualMachines.GetWithInstanceView(
this.ResourceGroupName, VMName).Body;
currentOSType = virtualMachineResponse.StorageProfile.OsDisk.OsType;
if (OperatingSystemTypes.Linux.Equals(currentOSType) && !SkipVmBackup)
{
CreateVMBackupForLinx();
}
VirtualMachineExtension parameters = GetVmExtensionParameters(virtualMachineResponse);
DiskEncryptionSettings encryptionSettingsBackup = virtualMachineResponse.StorageProfile.OsDisk.EncryptionSettings ??
new DiskEncryptionSettings {
Enabled = false
};
// Single Pass
// newer model, supported by newer extension versions and host functionality
// if SinglePassParameterSet is used, cmdlet will default to newer extension version
// [first and only pass]
// only one enable extension call will be issued from the cmdlet n
// No AD identity information or protected settings will be passed to the extension
// Host performs the necessary key vault operations and vm model updates
// Dual Pass
// older model, supported by older extension versions
// if an AD ParameterSet is used, cmdlet will default to older extension version
// [first pass]
// AD identity information is passed into the VM via protected settings of the extension
// VM uses the AD identity to authenticate and perform key vault operations
// VM returns result of key vault operation to caller via the extension status message
// [second pass]
// powershell reads extension status message returned from first pass
// updates VM model with encryption settings
// updates VM
// First Pass
AzureOperationResponse <VirtualMachineExtension> firstPass = this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync(
this.ResourceGroupName,
this.VMName,
this.Name,
parameters).GetAwaiter().GetResult();
if (!firstPass.Response.IsSuccessStatusCode)
{
ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture,
"Installation failed for extension {0} with error {1}",
parameters.VirtualMachineExtensionType,
firstPass.Response.Content.ReadAsStringAsync().GetAwaiter().GetResult())),
"InvalidResult",
ErrorCategory.InvalidResult,
null));
}
if (this.ParameterSetName.Equals(AzureDiskEncryptionExtensionConstants.singlePassParameterSet))
{
WriteObject(ComputeAutoMapperProfile.Mapper.Map <PSAzureOperationResponse>(firstPass));
}
else
{
// Second pass
var secondPass = UpdateVmEncryptionSettings(encryptionSettingsBackup);
WriteObject(ComputeAutoMapperProfile.Mapper.Map <PSAzureOperationResponse>(secondPass));
}
}
});
}
