Ejemplo n.º 1
0
        public override void ExecuteCmdlet()
        {
            if (this.IsParameterBound(c => c.ResourceId))
            {
                var resourceIdentifier = new ResourceIdentifier(ResourceId);
                this.Name = resourceIdentifier.ResourceName;
                this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
            }

            if (this.IsParameterBound(c => c.InputObject))
            {
                this.Name = this.InputObject.Name;
                this.ResourceGroupName = this.InputObject.ResourceGroup;
            }

            if (ResourceGroupName == null)
            {
                ResourceGroupName = GetResourceGroupByAccountName(Name);
            }

            var rotateParams = new ClusterDiskEncryptionParameters
            {
                KeyName    = EncryptionKeyName,
                KeyVersion = EncryptionKeyVersion,
                VaultUri   = EncryptionVaultUri
            };

            HDInsightManagementClient.RotateDiskEncryptionKey(ResourceGroupName, Name, rotateParams);

            var cluster = HDInsightManagementClient.GetCluster(ResourceGroupName, Name);

            if (cluster != null)
            {
                WriteObject(new AzureHDInsightCluster(cluster.First()));
            }
        }
Ejemplo n.º 2
0
        public void TestCreateKafkaClusterWithDiskEncryption()
        {
            TestInitialize();

            string mockedTenantId = TestUtilities.GenerateGuid().ToString();

            CommonData.TenantId = GetTenantId();
            this.Context.AddTextReplacementRule(CommonData.TenantId, mockedTenantId);

            string mockedClientObjectId = TestUtilities.GenerateGuid().ToString();

            CommonData.ClientObjectId = GetServicePrincipalObjectId();
            this.Context.AddTextReplacementRule(CommonData.ClientObjectId, mockedClientObjectId);

            Vault vault = null;

            try
            {
                // create key vault with soft delete enabled
                vault = CreateVault(CommonData.VaultName, true);

                // create managed identities for Azure resources.
                var msi = CreateMsi(CommonData.ManagedIdentityName);

                // add managed identity to vault
                var requiredPermissions = new Permissions
                {
                    Keys = new List <string>()
                    {
                        KeyPermissions.Get, KeyPermissions.WrapKey, KeyPermissions.UnwrapKey
                    },
                    Secrets = new List <string>()
                    {
                        SecretPermissions.Get, SecretPermissions.Set, SecretPermissions.Delete
                    }
                };

                vault = SetVaultPermissions(vault, msi.PrincipalId.ToString(), requiredPermissions);
                Assert.NotNull(vault);

                // create key
                string keyName       = TestUtilities.GenerateName("hdicsharpkey1");
                var    keyIdentifier = GenerateVaultKey(vault, keyName);

                // create HDInsight cluster with Kafka disk encryption
                string clusterName  = TestUtilities.GenerateName("hdisdk-kafka-byok");
                var    createParams = CommonData.PrepareClusterCreateParamsForWasb();
                createParams.Properties.ClusterDefinition.Kind = "Kafka";
                var workerNode = createParams.Properties.ComputeProfile.Roles.First(role => role.Name == "workernode");
                workerNode.DataDisksGroups = new List <DataDisksGroups>
                {
                    new DataDisksGroups
                    {
                        DisksPerNode = 8
                    }
                };

                createParams.Identity = new ClusterIdentity
                {
                    Type = ResourceIdentityType.UserAssigned,
                    UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>
                    {
                        { msi.Id, new UserAssignedIdentity() }
                    }
                };

                createParams.Properties.DiskEncryptionProperties = new DiskEncryptionProperties
                {
                    VaultUri      = keyIdentifier.Vault,
                    KeyName       = keyIdentifier.Name,
                    KeyVersion    = keyIdentifier.Version,
                    MsiResourceId = msi.Id
                };

                var cluster = HDInsightClient.Clusters.Create(CommonData.ResourceGroupName, clusterName, createParams);
                ValidateCluster(clusterName, createParams, cluster);

                // check disk encryption properties
                var diskEncryptionProperties       = cluster.Properties.DiskEncryptionProperties;
                var diskEncryptionPropertiesParams = createParams.Properties.DiskEncryptionProperties;
                Assert.NotNull(diskEncryptionProperties);
                Assert.Equal(diskEncryptionPropertiesParams.VaultUri, diskEncryptionProperties.VaultUri);
                Assert.Equal(diskEncryptionPropertiesParams.KeyName, diskEncryptionProperties.KeyName);
                Assert.Equal(diskEncryptionPropertiesParams.KeyVersion, diskEncryptionProperties.KeyVersion);
                Assert.Equal(msi.Id, diskEncryptionProperties.MsiResourceId, true);

                keyName = TestUtilities.GenerateName("hdicsharpkey2");
                var secondKeyIdentifier = GenerateVaultKey(vault, keyName);

                // rotate cluster key
                var rotateParams = new ClusterDiskEncryptionParameters
                {
                    VaultUri   = secondKeyIdentifier.Vault,
                    KeyName    = secondKeyIdentifier.Name,
                    KeyVersion = secondKeyIdentifier.Version
                };

                HDInsightClient.Clusters.RotateDiskEncryptionKey(CommonData.ResourceGroupName, clusterName, rotateParams);
                cluster = HDInsightClient.Clusters.Get(CommonData.ResourceGroupName, clusterName);

                // check disk encryption properties
                diskEncryptionProperties = cluster.Properties.DiskEncryptionProperties;
                Assert.NotNull(diskEncryptionProperties);
                Assert.Equal(rotateParams.VaultUri, diskEncryptionProperties.VaultUri);
                Assert.Equal(rotateParams.KeyName, diskEncryptionProperties.KeyName);
                Assert.Equal(rotateParams.KeyVersion, diskEncryptionProperties.KeyVersion);
                Assert.Equal(msi.Id, diskEncryptionProperties.MsiResourceId, true);
            }
            finally
            {
                if (vault != null)
                {
                    DeleteVault(vault);
                }
            }
        }
Ejemplo n.º 3
0
 public virtual void RotateDiskEncryptionKey(string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters)
 {
     HdInsightManagementClient.Clusters.RotateDiskEncryptionKey(resourceGroupName, clusterName, parameters);
 }
Ejemplo n.º 4
0
 /// <summary>
 /// Rotate disk encryption key of the specified HDInsight cluster.
 /// </summary>
 /// <param name='operations'>
 /// The operations group for this extension method.
 /// </param>
 /// <param name='resourceGroupName'>
 /// The name of the resource group.
 /// </param>
 /// <param name='clusterName'>
 /// The name of the cluster.
 /// </param>
 /// <param name='parameters'>
 /// The parameters for the disk encryption operation.
 /// </param>
 /// <param name='cancellationToken'>
 /// The cancellation token.
 /// </param>
 public static async Task BeginRotateDiskEncryptionKeyAsync(this IClustersOperations operations, string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters, CancellationToken cancellationToken = default(CancellationToken))
 {
     (await operations.BeginRotateDiskEncryptionKeyWithHttpMessagesAsync(resourceGroupName, clusterName, parameters, null, cancellationToken).ConfigureAwait(false)).Dispose();
 }
Ejemplo n.º 5
0
 /// <summary>
 /// Rotate disk encryption key of the specified HDInsight cluster.
 /// </summary>
 /// <param name='operations'>
 /// The operations group for this extension method.
 /// </param>
 /// <param name='resourceGroupName'>
 /// The name of the resource group.
 /// </param>
 /// <param name='clusterName'>
 /// The name of the cluster.
 /// </param>
 /// <param name='parameters'>
 /// The parameters for the disk encryption operation.
 /// </param>
 public static void BeginRotateDiskEncryptionKey(this IClustersOperations operations, string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters)
 {
     operations.BeginRotateDiskEncryptionKeyAsync(resourceGroupName, clusterName, parameters).GetAwaiter().GetResult();
 }