public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.ResourceId)) { var resourceIdentifier = new ResourceIdentifier(ResourceId); this.Name = resourceIdentifier.ResourceName; this.ResourceGroupName = resourceIdentifier.ResourceGroupName; } if (this.IsParameterBound(c => c.InputObject)) { this.Name = this.InputObject.Name; this.ResourceGroupName = this.InputObject.ResourceGroup; } if (ResourceGroupName == null) { ResourceGroupName = GetResourceGroupByAccountName(Name); } var rotateParams = new ClusterDiskEncryptionParameters { KeyName = EncryptionKeyName, KeyVersion = EncryptionKeyVersion, VaultUri = EncryptionVaultUri }; HDInsightManagementClient.RotateDiskEncryptionKey(ResourceGroupName, Name, rotateParams); var cluster = HDInsightManagementClient.GetCluster(ResourceGroupName, Name); if (cluster != null) { WriteObject(new AzureHDInsightCluster(cluster.First())); } }
public void TestCreateKafkaClusterWithDiskEncryption() { TestInitialize(); string mockedTenantId = TestUtilities.GenerateGuid().ToString(); CommonData.TenantId = GetTenantId(); this.Context.AddTextReplacementRule(CommonData.TenantId, mockedTenantId); string mockedClientObjectId = TestUtilities.GenerateGuid().ToString(); CommonData.ClientObjectId = GetServicePrincipalObjectId(); this.Context.AddTextReplacementRule(CommonData.ClientObjectId, mockedClientObjectId); Vault vault = null; try { // create key vault with soft delete enabled vault = CreateVault(CommonData.VaultName, true); // create managed identities for Azure resources. var msi = CreateMsi(CommonData.ManagedIdentityName); // add managed identity to vault var requiredPermissions = new Permissions { Keys = new List <string>() { KeyPermissions.Get, KeyPermissions.WrapKey, KeyPermissions.UnwrapKey }, Secrets = new List <string>() { SecretPermissions.Get, SecretPermissions.Set, SecretPermissions.Delete } }; vault = SetVaultPermissions(vault, msi.PrincipalId.ToString(), requiredPermissions); Assert.NotNull(vault); // create key string keyName = TestUtilities.GenerateName("hdicsharpkey1"); var keyIdentifier = GenerateVaultKey(vault, keyName); // create HDInsight cluster with Kafka disk encryption string clusterName = TestUtilities.GenerateName("hdisdk-kafka-byok"); var createParams = CommonData.PrepareClusterCreateParamsForWasb(); createParams.Properties.ClusterDefinition.Kind = "Kafka"; var workerNode = createParams.Properties.ComputeProfile.Roles.First(role => role.Name == "workernode"); workerNode.DataDisksGroups = new List <DataDisksGroups> { new DataDisksGroups { DisksPerNode = 8 } }; createParams.Identity = new ClusterIdentity { Type = ResourceIdentityType.UserAssigned, UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity> { { msi.Id, new UserAssignedIdentity() } } }; createParams.Properties.DiskEncryptionProperties = new DiskEncryptionProperties { VaultUri = keyIdentifier.Vault, KeyName = keyIdentifier.Name, KeyVersion = keyIdentifier.Version, MsiResourceId = msi.Id }; var cluster = HDInsightClient.Clusters.Create(CommonData.ResourceGroupName, clusterName, createParams); ValidateCluster(clusterName, createParams, cluster); // check disk encryption properties var diskEncryptionProperties = cluster.Properties.DiskEncryptionProperties; var diskEncryptionPropertiesParams = createParams.Properties.DiskEncryptionProperties; Assert.NotNull(diskEncryptionProperties); Assert.Equal(diskEncryptionPropertiesParams.VaultUri, diskEncryptionProperties.VaultUri); Assert.Equal(diskEncryptionPropertiesParams.KeyName, diskEncryptionProperties.KeyName); Assert.Equal(diskEncryptionPropertiesParams.KeyVersion, diskEncryptionProperties.KeyVersion); Assert.Equal(msi.Id, diskEncryptionProperties.MsiResourceId, true); keyName = TestUtilities.GenerateName("hdicsharpkey2"); var secondKeyIdentifier = GenerateVaultKey(vault, keyName); // rotate cluster key var rotateParams = new ClusterDiskEncryptionParameters { VaultUri = secondKeyIdentifier.Vault, KeyName = secondKeyIdentifier.Name, KeyVersion = secondKeyIdentifier.Version }; HDInsightClient.Clusters.RotateDiskEncryptionKey(CommonData.ResourceGroupName, clusterName, rotateParams); cluster = HDInsightClient.Clusters.Get(CommonData.ResourceGroupName, clusterName); // check disk encryption properties diskEncryptionProperties = cluster.Properties.DiskEncryptionProperties; Assert.NotNull(diskEncryptionProperties); Assert.Equal(rotateParams.VaultUri, diskEncryptionProperties.VaultUri); Assert.Equal(rotateParams.KeyName, diskEncryptionProperties.KeyName); Assert.Equal(rotateParams.KeyVersion, diskEncryptionProperties.KeyVersion); Assert.Equal(msi.Id, diskEncryptionProperties.MsiResourceId, true); } finally { if (vault != null) { DeleteVault(vault); } } }
public virtual void RotateDiskEncryptionKey(string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters) { HdInsightManagementClient.Clusters.RotateDiskEncryptionKey(resourceGroupName, clusterName, parameters); }
/// <summary> /// Rotate disk encryption key of the specified HDInsight cluster. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='clusterName'> /// The name of the cluster. /// </param> /// <param name='parameters'> /// The parameters for the disk encryption operation. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task BeginRotateDiskEncryptionKeyAsync(this IClustersOperations operations, string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters, CancellationToken cancellationToken = default(CancellationToken)) { (await operations.BeginRotateDiskEncryptionKeyWithHttpMessagesAsync(resourceGroupName, clusterName, parameters, null, cancellationToken).ConfigureAwait(false)).Dispose(); }
/// <summary> /// Rotate disk encryption key of the specified HDInsight cluster. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='clusterName'> /// The name of the cluster. /// </param> /// <param name='parameters'> /// The parameters for the disk encryption operation. /// </param> public static void BeginRotateDiskEncryptionKey(this IClustersOperations operations, string resourceGroupName, string clusterName, ClusterDiskEncryptionParameters parameters) { operations.BeginRotateDiskEncryptionKeyAsync(resourceGroupName, clusterName, parameters).GetAwaiter().GetResult(); }