public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(ResourceId);
this.Name = resourceIdentifier.ResourceName;
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
}
if (this.IsParameterBound(c => c.InputObject))
{
this.Name = this.InputObject.Name;
this.ResourceGroupName = this.InputObject.ResourceGroup;
}
if (ResourceGroupName == null)
{
ResourceGroupName = GetResourceGroupByAccountName(Name);
}
var rotateParams = new ClusterDiskEncryptionParameters
{
KeyName = EncryptionKeyName,
KeyVersion = EncryptionKeyVersion,
VaultUri = EncryptionVaultUri
};
HDInsightManagementClient.RotateDiskEncryptionKey(ResourceGroupName, Name, rotateParams);
var cluster = HDInsightManagementClient.GetCluster(ResourceGroupName, Name);
if (cluster != null)
{
WriteObject(new AzureHDInsightCluster(cluster.First()));
}
}
public void TestCreateKafkaClusterWithDiskEncryption()
{
TestInitialize();
string mockedTenantId = TestUtilities.GenerateGuid().ToString();
CommonData.TenantId = GetTenantId();
this.Context.AddTextReplacementRule(CommonData.TenantId, mockedTenantId);
string mockedClientObjectId = TestUtilities.GenerateGuid().ToString();
CommonData.ClientObjectId = GetServicePrincipalObjectId();
this.Context.AddTextReplacementRule(CommonData.ClientObjectId, mockedClientObjectId);
Vault vault = null;
try
{
// create key vault with soft delete enabled
vault = CreateVault(CommonData.VaultName, true);
// create managed identities for Azure resources.
var msi = CreateMsi(CommonData.ManagedIdentityName);
// add managed identity to vault
var requiredPermissions = new Permissions
{
Keys = new List <string>()
{
KeyPermissions.Get, KeyPermissions.WrapKey, KeyPermissions.UnwrapKey
},
Secrets = new List <string>()
{
SecretPermissions.Get, SecretPermissions.Set, SecretPermissions.Delete
}
};
vault = SetVaultPermissions(vault, msi.PrincipalId.ToString(), requiredPermissions);
Assert.NotNull(vault);
// create key
string keyName = TestUtilities.GenerateName("hdicsharpkey1");
var keyIdentifier = GenerateVaultKey(vault, keyName);
// create HDInsight cluster with Kafka disk encryption
string clusterName = TestUtilities.GenerateName("hdisdk-kafka-byok");
var createParams = CommonData.PrepareClusterCreateParamsForWasb();
createParams.Properties.ClusterDefinition.Kind = "Kafka";
var workerNode = createParams.Properties.ComputeProfile.Roles.First(role => role.Name == "workernode");
workerNode.DataDisksGroups = new List <DataDisksGroups>
{
new DataDisksGroups
{
DisksPerNode = 8
}
};
createParams.Identity = new ClusterIdentity
{
Type = ResourceIdentityType.UserAssigned,
UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>
{
{ msi.Id, new UserAssignedIdentity() }
}
};
createParams.Properties.DiskEncryptionProperties = new DiskEncryptionProperties
{
VaultUri = keyIdentifier.Vault,
KeyName = keyIdentifier.Name,
KeyVersion = keyIdentifier.Version,
MsiResourceId = msi.Id
};
var cluster = HDInsightClient.Clusters.Create(CommonData.ResourceGroupName, clusterName, createParams);
ValidateCluster(clusterName, createParams, cluster);
// check disk encryption properties
var diskEncryptionProperties = cluster.Properties.DiskEncryptionProperties;
var diskEncryptionPropertiesParams = createParams.Properties.DiskEncryptionProperties;
Assert.NotNull(diskEncryptionProperties);
Assert.Equal(diskEncryptionPropertiesParams.VaultUri, diskEncryptionProperties.VaultUri);
Assert.Equal(diskEncryptionPropertiesParams.KeyName, diskEncryptionProperties.KeyName);
Assert.Equal(diskEncryptionPropertiesParams.KeyVersion, diskEncryptionProperties.KeyVersion);
Assert.Equal(msi.Id, diskEncryptionProperties.MsiResourceId, true);
keyName = TestUtilities.GenerateName("hdicsharpkey2");
var secondKeyIdentifier = GenerateVaultKey(vault, keyName);
// rotate cluster key
var rotateParams = new ClusterDiskEncryptionParameters
{
VaultUri = secondKeyIdentifier.Vault,
KeyName = secondKeyIdentifier.Name,
KeyVersion = secondKeyIdentifier.Version
};
HDInsightClient.Clusters.RotateDiskEncryptionKey(CommonData.ResourceGroupName, clusterName, rotateParams);
cluster = HDInsightClient.Clusters.Get(CommonData.ResourceGroupName, clusterName);
// check disk encryption properties
diskEncryptionProperties = cluster.Properties.DiskEncryptionProperties;
Assert.NotNull(diskEncryptionProperties);
Assert.Equal(rotateParams.VaultUri, diskEncryptionProperties.VaultUri);
Assert.Equal(rotateParams.KeyName, diskEncryptionProperties.KeyName);
Assert.Equal(rotateParams.KeyVersion, diskEncryptionProperties.KeyVersion);
Assert.Equal(msi.Id, diskEncryptionProperties.MsiResourceId, true);
}
finally
{
if (vault != null)
{
DeleteVault(vault);
}
}
}
public virtual void RotateDiskEncryptionKey(string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters)
{
HdInsightManagementClient.Clusters.RotateDiskEncryptionKey(resourceGroupName, clusterName, parameters);
}
/// <summary>
/// Rotate disk encryption key of the specified HDInsight cluster.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='clusterName'>
/// The name of the cluster.
/// </param>
/// <param name='parameters'>
/// The parameters for the disk encryption operation.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task BeginRotateDiskEncryptionKeyAsync(this IClustersOperations operations, string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters, CancellationToken cancellationToken = default(CancellationToken))
{
(await operations.BeginRotateDiskEncryptionKeyWithHttpMessagesAsync(resourceGroupName, clusterName, parameters, null, cancellationToken).ConfigureAwait(false)).Dispose();
}
/// <summary>
/// Rotate disk encryption key of the specified HDInsight cluster.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='clusterName'>
/// The name of the cluster.
/// </param>
/// <param name='parameters'>
/// The parameters for the disk encryption operation.
/// </param>
public static void BeginRotateDiskEncryptionKey(this IClustersOperations operations, string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters)
{
operations.BeginRotateDiskEncryptionKeyAsync(resourceGroupName, clusterName, parameters).GetAwaiter().GetResult();
}
