protected DiskEncryptionSettings GetEncryptionSettings(bool addKek = false) { string testVaultId = @"/subscriptions/21466899-20b2-463c-8c30-b8fb28a43248/resourceGroups/RgTest1/providers/Microsoft.KeyVault/vaults/TestVault123"; string encryptionKeyFakeUri = @"https://testvault123.vault.azure.net/secrets/Test1/514ceb769c984379a7e0230bdd703272"; DiskEncryptionSettings diskEncryptionSettings = new DiskEncryptionSettings { DiskEncryptionKey = new KeyVaultSecretReference { SecretUrl = encryptionKeyFakeUri, SourceVault = new Microsoft.Azure.Management.Compute.Models.SubResource { Id = testVaultId } } }; if (addKek) { string nonExistentKekUri = @"https://testvault123.vault.azure.net/keys/TestKey/514ceb769c984379a7e0230bdd703272"; diskEncryptionSettings.KeyEncryptionKey = new KeyVaultKeyReference { KeyUrl = nonExistentKekUri, SourceVault = new Microsoft.Azure.Management.Compute.Models.SubResource { Id = testVaultId } }; } return(diskEncryptionSettings); }
///GENMHASH:D1037603B1F11C451DD830F07021E503:EE1AB39DC25D0E54E8D460F4A5A910E3 public EncryptionStatus OSDiskStatus() { if (!HasEncryptionDetails()) { return(EncryptionStatus.NotEncrypted); } if (encryptionExtension.ProvisioningState == null) { return(EncryptionStatus.NotEncrypted); } if (!encryptionExtension.ProvisioningState.Equals("Succeeded", System.StringComparison.OrdinalIgnoreCase)) { return(EncryptionStatus.NotEncrypted); } if (this.virtualMachine.StorageProfile == null || virtualMachine.StorageProfile.OsDisk == null || virtualMachine.StorageProfile.OsDisk.EncryptionSettings == null) { return(EncryptionStatus.NotEncrypted); } DiskEncryptionSettings encryptionSettings = virtualMachine .StorageProfile .OsDisk .EncryptionSettings; if (encryptionSettings.DiskEncryptionKey != null && encryptionSettings.DiskEncryptionKey.SecretUrl != null && encryptionSettings.Enabled.HasValue && encryptionSettings.Enabled == true) { return(EncryptionStatus.Encrypted); } return(EncryptionStatus.NotEncrypted); }
public override void ExecuteCmdlet() { base.ExecuteCmdlet(); ExecuteClientAction(() => { VirtualMachine vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(this.ResourceGroupName, this.VMName)); EncryptionStatus osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters); DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters); EncryptionStatus dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters); OSType osType = GetOSType(vmParameters); switch (osType) { case OSType.Windows: case OSType.Linux: AzureDiskEncryptionStatusContext encryptionStatus = new AzureDiskEncryptionStatusContext { OsVolumeEncrypted = osVolumeEncrypted, DataVolumesEncrypted = dataVolumesEncrypted, OsVolumeEncryptionSettings = osVolumeEncryptionSettings }; WriteObject(encryptionStatus); break; case OSType.Unknown: ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "OS type unknown.")), "InvalidResult", ErrorCategory.InvalidResult, null)); break; } }); }
private EncryptionStatus IsOsVolumeEncrypted(VirtualMachine vmParameters) { OSType osType = this.GetOSType(vmParameters); switch (osType) { case OSType.Windows: DiskEncryptionSettings osEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters); if (osEncryptionSettings != null && osEncryptionSettings.DiskEncryptionKey != null && !String.IsNullOrEmpty(osEncryptionSettings.DiskEncryptionKey.SecretUrl) && osEncryptionSettings.Enabled == true) { return(EncryptionStatus.Encrypted); } else { return(EncryptionStatus.NotEncrypted); } default: return(EncryptionStatus.Unknown); } }
///GENMHASH:861A97732A551A94F695C3B49DFAB96C:E348102753EC23A2170268E43AF0844B public override DiskEncryptionSettings StorageProfileEncryptionSettings() { KeyVaultKeyReference keyEncryptionKey = null; if (settings.KeyEncryptionKeyURL() != null) { keyEncryptionKey = new KeyVaultKeyReference() { KeyUrl = settings.KeyEncryptionKeyURL() }; if (settings.KeyEncryptionKeyVaultId() != null) { keyEncryptionKey.SourceVault = new ResourceManager.Fluent.SubResource() { Id = settings.KeyEncryptionKeyVaultId() }; } } DiskEncryptionSettings diskEncryptionSettings = new DiskEncryptionSettings() { Enabled = true, KeyEncryptionKey = keyEncryptionKey, DiskEncryptionKey = new KeyVaultSecretReference() { SourceVault = new ResourceManager.Fluent.SubResource() { Id = settings.KeyVaultId() } } }; return(diskEncryptionSettings); }
/// <summary> /// Updates the virtual machine's OS Disk model with the encryption specific details. /// </summary> /// <param name="encryptConfig">The configuration specific to disabling the encryption.</param> /// <return>An observable that emits updated virtual machine.</return> ///GENMHASH:9E912268A5CDF429573A7112EC718690:63BF821D222D03E59BCD43264C3339D8 private async Task <Microsoft.Azure.Management.Compute.Fluent.IVirtualMachine> UpdateVMStorageProfileAsync(EnableDisableEncryptConfig encryptConfig, CancellationToken cancellationToken = default(CancellationToken)) { DiskEncryptionSettings diskEncryptionSettings = encryptConfig.StorageProfileEncryptionSettings(); return(await virtualMachine.Update() .WithOSDiskEncryptionSettings(diskEncryptionSettings) .ApplyAsync(cancellationToken)); }
internal RestorePointSourceVmosDisk(OperatingSystemType?osType, DiskEncryptionSettings encryptionSettings, string name, CachingTypes?caching, int?diskSizeGB, ManagedDiskParameters managedDisk, ApiEntityReference diskRestorePoint) { OsType = osType; EncryptionSettings = encryptionSettings; Name = name; Caching = caching; DiskSizeGB = diskSizeGB; ManagedDisk = managedDisk; DiskRestorePoint = diskRestorePoint; }
public override void ExecuteCmdlet() { base.ExecuteCmdlet(); ExecuteClientAction(() => { if (this.ShouldProcess(VMName, Properties.Resources.EnableDiskEncryptionAction) && (this.Force.IsPresent || this.ShouldContinue(Properties.Resources.EnableAzureDiskEncryptionConfirmation, Properties.Resources.EnableAzureDiskEncryptionCaption))) { VirtualMachine virtualMachineResponse = this.ComputeClient.ComputeManagementClient.VirtualMachines.GetWithInstanceView( this.ResourceGroupName, VMName).Body; currentOSType = virtualMachineResponse.StorageProfile.OsDisk.OsType; if (OperatingSystemTypes.Linux.Equals(currentOSType) && !SkipVmBackup) { CreateVMBackupForLinx(); } VirtualMachineExtension parameters = GetVmExtensionParameters(virtualMachineResponse); DiskEncryptionSettings encryptionSettingsBackup = virtualMachineResponse.StorageProfile.OsDisk.EncryptionSettings ?? new DiskEncryptionSettings { Enabled = false }; // The "1st pass". If this goes wrong, just bubble up the error and abort. AzureOperationResponse <VirtualMachineExtension> extensionPushResult = this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, this.VMName, this.Name, parameters).GetAwaiter().GetResult(); if (!extensionPushResult.Response.IsSuccessStatusCode) { ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "Installation failed for extension {0} with error {1}", parameters.VirtualMachineExtensionType, extensionPushResult.Response.Content.ReadAsStringAsync().GetAwaiter().GetResult())), "InvalidResult", ErrorCategory.InvalidResult, null)); } var op = UpdateVmEncryptionSettings(encryptionSettingsBackup); var result = Mapper.Map <PSAzureOperationResponse>(op); WriteObject(result); } }); }
internal OSDisk(OperatingSystemTypes?osType, DiskEncryptionSettings encryptionSettings, string name, VirtualHardDisk vhd, VirtualHardDisk image, CachingTypes?caching, bool?writeAcceleratorEnabled, DiffDiskSettings diffDiskSettings, DiskCreateOptionTypes createOption, int?diskSizeGB, ManagedDiskParameters managedDisk) { OsType = osType; EncryptionSettings = encryptionSettings; Name = name; Vhd = vhd; Image = image; Caching = caching; WriteAcceleratorEnabled = writeAcceleratorEnabled; DiffDiskSettings = diffDiskSettings; CreateOption = createOption; DiskSizeGB = diskSizeGB; ManagedDisk = managedDisk; }
/// <summary> /// This function gets the VM model, fills in the OSDisk properties with encryptionSettings and does an UpdateVM /// </summary> private AzureOperationResponse <VirtualMachine> UpdateVmEncryptionSettings() { string statusMessage = GetExtensionStatusMessage(); var vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get( this.ResourceGroupName, this.VMName)); if ((vmParameters == null) || (vmParameters.StorageProfile == null) || (vmParameters.StorageProfile.OsDisk == null)) { //VM should have been created and have valid storageProfile and OSDisk by now ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "Set-AzureDiskEncryptionExtension can enable encryption only on a VM that was already created and has appropriate storageProfile and OS disk")), "InvalidResult", ErrorCategory.InvalidResult, null)); } DiskEncryptionSettings encryptionSettings = new DiskEncryptionSettings(); encryptionSettings.Enabled = true; encryptionSettings.DiskEncryptionKey = new KeyVaultSecretReference(); encryptionSettings.DiskEncryptionKey.SourceVault = new SubResource(this.DiskEncryptionKeyVaultId); encryptionSettings.DiskEncryptionKey.SecretUrl = statusMessage; if (this.KeyEncryptionKeyUrl != null) { encryptionSettings.KeyEncryptionKey = new KeyVaultKeyReference(); encryptionSettings.KeyEncryptionKey.SourceVault = new SubResource(this.KeyEncryptionKeyVaultId); encryptionSettings.KeyEncryptionKey.KeyUrl = this.KeyEncryptionKeyUrl; } vmParameters.StorageProfile.OsDisk.EncryptionSettings = encryptionSettings; var parameters = new VirtualMachine { DiagnosticsProfile = vmParameters.DiagnosticsProfile, HardwareProfile = vmParameters.HardwareProfile, StorageProfile = vmParameters.StorageProfile, NetworkProfile = vmParameters.NetworkProfile, OsProfile = vmParameters.OsProfile, Plan = vmParameters.Plan, AvailabilitySet = vmParameters.AvailabilitySet, Location = vmParameters.Location, Tags = vmParameters.Tags }; return(this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, vmParameters.Name, parameters).GetAwaiter().GetResult()); }
/// <summary> /// Validate if encryption settings are populated in DiskInstanceView as part of VM instance view /// </summary> protected void ValidateEncryptionSettingsInVMScaleSetVMInstanceView( VirtualMachineScaleSetVMInstanceView vmScaleSetVMInstanceView, bool hasManagedDisks) { Assert.True(hasManagedDisks); // VMSS disk encryption is supported only with managed disks Assert.NotNull(vmScaleSetVMInstanceView); Assert.NotNull(vmScaleSetVMInstanceView.Disks); Assert.True(vmScaleSetVMInstanceView.Disks.Any()); DiskInstanceView diskInstanceView = vmScaleSetVMInstanceView.Disks.First(); Assert.NotNull(diskInstanceView.EncryptionSettings); Assert.True(diskInstanceView.EncryptionSettings.Any()); DiskEncryptionSettings encryptionSettings = diskInstanceView.EncryptionSettings.First(); Assert.NotNull(encryptionSettings.Enabled); }
protected override void ProcessRecord() { base.ProcessRecord(); ExecuteClientAction(() => { VirtualMachine vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(this.ResourceGroupName, this.VMName)).VirtualMachine; bool osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters); DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters); bool dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters); AzureDiskEncryptionStatusContext encryptionStatus = new AzureDiskEncryptionStatusContext { OsVolumeEncrypted = osVolumeEncrypted, OsVolumeEncryptionSettings = osVolumeEncryptionSettings, DataVolumesEncrypted = dataVolumesEncrypted }; WriteObject(encryptionStatus); }); }
private EncryptionStatus IsWindowsOsVolumeEncryptedDualPass(VirtualMachine vmParameters) { switch (vmParameters.StorageProfile.OsDisk.OsType) { case OperatingSystemTypes.Windows: DiskEncryptionSettings osEncryptionSettings = GetOsVolumeEncryptionSettingsDualPass(vmParameters); if (osEncryptionSettings != null && osEncryptionSettings.DiskEncryptionKey != null && !string.IsNullOrEmpty(osEncryptionSettings.DiskEncryptionKey.SecretUrl) && osEncryptionSettings.Enabled == true) { return(EncryptionStatus.Encrypted); } else { return(EncryptionStatus.NotEncrypted); } default: return(EncryptionStatus.Unknown); } }
/// <summary> /// This function gets the VM model, fills in the OSDisk properties with encryptionSettings and does an UpdateVM /// </summary> private AzureOperationResponse <VirtualMachine> UpdateVmEncryptionSettings(DiskEncryptionSettings encryptionSettingsBackup) { string statusMessage = GetExtensionStatusMessage(); var vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get( this.ResourceGroupName, this.VMName)); if ((vmParameters == null) || (vmParameters.StorageProfile == null) || (vmParameters.StorageProfile.OsDisk == null)) { //VM should have been created and have valid storageProfile and OSDisk by now ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "Set-AzDiskEncryptionExtension can enable encryption only on a VM that was already created and has appropriate storageProfile and OS disk")), "InvalidResult", ErrorCategory.InvalidResult, null)); } //encryption settings object to clear out encryption settings before updating DiskEncryptionSettings resetEncryptionSettings = new DiskEncryptionSettings(); resetEncryptionSettings.Enabled = false; resetEncryptionSettings.DiskEncryptionKey = null; resetEncryptionSettings.KeyEncryptionKey = null; DiskEncryptionSettings encryptionSettings = new DiskEncryptionSettings(); encryptionSettings.Enabled = true; encryptionSettings.DiskEncryptionKey = new KeyVaultSecretReference(); encryptionSettings.DiskEncryptionKey.SourceVault = new SubResource(this.DiskEncryptionKeyVaultId); encryptionSettings.DiskEncryptionKey.SecretUrl = statusMessage; if (this.KeyEncryptionKeyUrl != null) { encryptionSettings.KeyEncryptionKey = new KeyVaultKeyReference(); encryptionSettings.KeyEncryptionKey.SourceVault = new SubResource(this.KeyEncryptionKeyVaultId); encryptionSettings.KeyEncryptionKey.KeyUrl = this.KeyEncryptionKeyUrl; } vmParameters.StorageProfile.OsDisk.EncryptionSettings = encryptionSettings; var parameters = new VirtualMachine { DiagnosticsProfile = vmParameters.DiagnosticsProfile, HardwareProfile = vmParameters.HardwareProfile, StorageProfile = vmParameters.StorageProfile, NetworkProfile = vmParameters.NetworkProfile, OsProfile = vmParameters.OsProfile, Plan = vmParameters.Plan, AvailabilitySet = vmParameters.AvailabilitySet, Location = vmParameters.Location, Tags = vmParameters.Tags }; AzureOperationResponse <VirtualMachine> updateResult = null; // The 2nd pass. TODO: If something goes wrong here, try to revert to encryptionSettingsBackup. if (encryptionSettingsBackup.Enabled != true) { updateResult = this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, vmParameters.Name, parameters).GetAwaiter().GetResult(); } else { // stop-clear-update-start // stop vm this.ComputeClient.ComputeManagementClient.VirtualMachines .DeallocateWithHttpMessagesAsync(this.ResourceGroupName, this.VMName).GetAwaiter() .GetResult(); // first update vm call to clear encryption settings vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get( this.ResourceGroupName, this.VMName)); vmParameters.StorageProfile.OsDisk.EncryptionSettings = resetEncryptionSettings; parameters = new VirtualMachine { DiagnosticsProfile = vmParameters.DiagnosticsProfile, HardwareProfile = vmParameters.HardwareProfile, StorageProfile = vmParameters.StorageProfile, NetworkProfile = vmParameters.NetworkProfile, OsProfile = vmParameters.OsProfile, Plan = vmParameters.Plan, AvailabilitySet = vmParameters.AvailabilitySet, Location = vmParameters.Location, Tags = vmParameters.Tags }; updateResult = this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, vmParameters.Name, parameters).GetAwaiter().GetResult(); // second update vm call to set new encryption settings vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get( this.ResourceGroupName, this.VMName)); vmParameters.StorageProfile.OsDisk.EncryptionSettings = encryptionSettings; parameters = new VirtualMachine { DiagnosticsProfile = vmParameters.DiagnosticsProfile, HardwareProfile = vmParameters.HardwareProfile, StorageProfile = vmParameters.StorageProfile, NetworkProfile = vmParameters.NetworkProfile, OsProfile = vmParameters.OsProfile, Plan = vmParameters.Plan, AvailabilitySet = vmParameters.AvailabilitySet, Location = vmParameters.Location, Tags = vmParameters.Tags }; updateResult = this.ComputeClient.ComputeManagementClient.VirtualMachines.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, vmParameters.Name, parameters).GetAwaiter().GetResult(); // start vm this.ComputeClient.ComputeManagementClient.VirtualMachines .StartWithHttpMessagesAsync(ResourceGroupName, this.VMName).GetAwaiter().GetResult(); } return(updateResult); }
private AzureDiskEncryptionStatusContext getStatusDualPass(VirtualMachine vm) { DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettingsDualPass(vm); AzureDiskEncryptionStatusContext encryptionStatus = null; switch (vm.StorageProfile.OsDisk.OsType) { case OperatingSystemTypes.Windows: EncryptionStatus osVolumeEncrypted = IsWindowsOsVolumeEncryptedDualPass(vm); EncryptionStatus dataVolumesEncrypted = AreWindowsDataVolumesEncryptedDualPass(vm); encryptionStatus = new AzureDiskEncryptionStatusContext { OsVolumeEncrypted = osVolumeEncrypted, DataVolumesEncrypted = dataVolumesEncrypted, OsVolumeEncryptionSettings = osVolumeEncryptionSettings, ProgressMessage = string.Format(CultureInfo.CurrentUICulture, "OsVolume: {0}, DataVolumes: {1}", osVolumeEncrypted, dataVolumesEncrypted) }; break; case OperatingSystemTypes.Linux: if (!this.IsExtensionInstalled(vm) && this.isVMRunning(vm)) { VirtualMachineExtension parameters = GetDualPassQueryVmExtensionParameters(vm); this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, this.VMName, this.Name, parameters).GetAwaiter().GetResult(); } Dictionary <string, string> encryptionStatusParsed = null; try { string encryptionStatusJson = GetExtensionStatusMessage(vm, returnSubstatusMessage: true); encryptionStatusParsed = JsonConvert.DeserializeObject <Dictionary <string, string> >(encryptionStatusJson); } catch (KeyNotFoundException) { encryptionStatusParsed = new Dictionary <string, string>() { { AzureDiskEncryptionExtensionConstants.encryptionResultOsKey, EncryptionStatus.Unknown.ToString() }, { AzureDiskEncryptionExtensionConstants.encryptionResultDataKey, EncryptionStatus.Unknown.ToString() } }; } string progressMessage = null; try { progressMessage = GetExtensionStatusMessage(vm); } catch (KeyNotFoundException) { progressMessage = string.Format(CultureInfo.CurrentUICulture, "Extension status not available on the VM"); } encryptionStatus = new AzureDiskEncryptionStatusContext { OsVolumeEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultOsKey]), DataVolumesEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultDataKey]), OsVolumeEncryptionSettings = osVolumeEncryptionSettings, ProgressMessage = progressMessage }; break; default: ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "OS type unknown.")), "InvalidResult", ErrorCategory.InvalidResult, null)); break; } return(encryptionStatus); }
public override void ExecuteCmdlet() { base.ExecuteCmdlet(); ExecuteClientAction(() => { VirtualMachine vmParameters = (this.ComputeClient.ComputeManagementClient.VirtualMachines.Get(this.ResourceGroupName, this.VMName)); EncryptionStatus osVolumeEncrypted = IsOsVolumeEncrypted(vmParameters); DiskEncryptionSettings osVolumeEncryptionSettings = GetOsVolumeEncryptionSettings(vmParameters); EncryptionStatus dataVolumesEncrypted = AreDataVolumesEncrypted(vmParameters); AzureDiskEncryptionStatusContext encryptionStatus = null; string progressMessage = null; OSType osType = GetOSType(vmParameters); switch (osType) { case OSType.Windows: encryptionStatus = new AzureDiskEncryptionStatusContext { OsVolumeEncrypted = osVolumeEncrypted, DataVolumesEncrypted = dataVolumesEncrypted, OsVolumeEncryptionSettings = osVolumeEncryptionSettings, ProgressMessage = string.Format(CultureInfo.CurrentUICulture, "OsVolume: {0}, DataVolumes: {1}", osVolumeEncrypted, dataVolumesEncrypted) }; WriteObject(encryptionStatus); break; case OSType.Linux: if (!IsExtensionInstalled(osType)) { VirtualMachine virtualMachineResponse = this.ComputeClient.ComputeManagementClient.VirtualMachines.GetWithInstanceView( this.ResourceGroupName, VMName).Body; VirtualMachineExtension parameters = GetVmExtensionParameters(virtualMachineResponse, osType); this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, this.VMName, this.Name, parameters).GetAwaiter().GetResult(); } Dictionary <string, string> encryptionStatusParsed = null; try { string encryptionStatusJson = GetExtensionStatusMessage(osType, returnSubstatusMessage: true); encryptionStatusParsed = JsonConvert.DeserializeObject <Dictionary <string, string> >(encryptionStatusJson); } catch (KeyNotFoundException) { encryptionStatusParsed = new Dictionary <string, string>() { { AzureDiskEncryptionExtensionConstants.encryptionResultOsKey, EncryptionStatus.Unknown.ToString() }, { AzureDiskEncryptionExtensionConstants.encryptionResultDataKey, EncryptionStatus.Unknown.ToString() } }; } try { progressMessage = GetExtensionStatusMessage(osType); } catch (KeyNotFoundException) { progressMessage = string.Format(CultureInfo.CurrentUICulture, "Extension status not available on the VM"); } encryptionStatus = new AzureDiskEncryptionStatusContext { OsVolumeEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultOsKey]), DataVolumesEncrypted = (EncryptionStatus)Enum.Parse(typeof(EncryptionStatus), encryptionStatusParsed[AzureDiskEncryptionExtensionConstants.encryptionResultDataKey]), OsVolumeEncryptionSettings = osVolumeEncryptionSettings, ProgressMessage = progressMessage }; WriteObject(encryptionStatus); break; case OSType.Unknown: ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "OS type unknown.")), "InvalidResult", ErrorCategory.InvalidResult, null)); break; } }); }
public override void ExecuteCmdlet() { base.ExecuteCmdlet(); ExecuteClientAction(() => { if (this.ShouldProcess(VMName, Properties.Resources.EnableDiskEncryptionAction) && (this.Force.IsPresent || this.ShouldContinue(Properties.Resources.EnableAzureDiskEncryptionConfirmation, Properties.Resources.EnableAzureDiskEncryptionCaption))) { VirtualMachine virtualMachineResponse = this.ComputeClient.ComputeManagementClient.VirtualMachines.GetWithInstanceView( this.ResourceGroupName, VMName).Body; currentOSType = virtualMachineResponse.StorageProfile.OsDisk.OsType; if (OperatingSystemTypes.Linux.Equals(currentOSType) && !SkipVmBackup) { CreateVMBackupForLinx(); } VirtualMachineExtension parameters = GetVmExtensionParameters(virtualMachineResponse); DiskEncryptionSettings encryptionSettingsBackup = virtualMachineResponse.StorageProfile.OsDisk.EncryptionSettings ?? new DiskEncryptionSettings { Enabled = false }; // Single Pass // newer model, supported by newer extension versions and host functionality // if SinglePassParameterSet is used, cmdlet will default to newer extension version // [first and only pass] // only one enable extension call will be issued from the cmdlet n // No AD identity information or protected settings will be passed to the extension // Host performs the necessary key vault operations and vm model updates // Dual Pass // older model, supported by older extension versions // if an AD ParameterSet is used, cmdlet will default to older extension version // [first pass] // AD identity information is passed into the VM via protected settings of the extension // VM uses the AD identity to authenticate and perform key vault operations // VM returns result of key vault operation to caller via the extension status message // [second pass] // powershell reads extension status message returned from first pass // updates VM model with encryption settings // updates VM // First Pass AzureOperationResponse <VirtualMachineExtension> firstPass = this.VirtualMachineExtensionClient.CreateOrUpdateWithHttpMessagesAsync( this.ResourceGroupName, this.VMName, this.Name, parameters).GetAwaiter().GetResult(); if (!firstPass.Response.IsSuccessStatusCode) { ThrowTerminatingError(new ErrorRecord(new ApplicationException(string.Format(CultureInfo.CurrentUICulture, "Installation failed for extension {0} with error {1}", parameters.VirtualMachineExtensionType, firstPass.Response.Content.ReadAsStringAsync().GetAwaiter().GetResult())), "InvalidResult", ErrorCategory.InvalidResult, null)); } if (this.ParameterSetName.Equals(AzureDiskEncryptionExtensionConstants.singlePassParameterSet)) { WriteObject(ComputeAutoMapperProfile.Mapper.Map <PSAzureOperationResponse>(firstPass)); } else { // Second pass var secondPass = UpdateVmEncryptionSettings(encryptionSettingsBackup); WriteObject(ComputeAutoMapperProfile.Mapper.Map <PSAzureOperationResponse>(secondPass)); } } }); }