/// <summary>
/// Initialize VMSS's identity property.
/// </summary>
/// <param name="identityType">The identity type to set.</param>
private void InitVMSSIdentity(ResourceIdentityType identityType)
{
if (!identityType.Equals(ResourceIdentityType.UserAssigned) &&
!identityType.Equals(ResourceIdentityType.SystemAssigned))
{
throw new ArgumentException("Invalid argument: " + identityType);
}
var scaleSetInner = this.scaleSet.Inner;
if (scaleSetInner.Identity == null)
{
scaleSetInner.Identity = new VirtualMachineScaleSetIdentity();
}
if (scaleSetInner.Identity.Type == null ||
scaleSetInner.Identity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.None), StringComparison.OrdinalIgnoreCase) ||
scaleSetInner.Identity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(identityType), StringComparison.OrdinalIgnoreCase))
{
scaleSetInner.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(identityType);
}
else
{
scaleSetInner.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.SystemAssignedUserAssigned);
}
}
private static void InitVMIdentity(VirtualMachineInner vmInner, ResourceIdentityType identityType)
{
if (!identityType.Equals(ResourceIdentityType.UserAssigned) &&
!identityType.Equals(ResourceIdentityType.SystemAssigned))
{
throw new ArgumentException("Invalid argument: " + identityType);
}
if (vmInner.Identity == null)
{
vmInner.Identity = new VirtualMachineIdentity();
}
ResourceIdentityType?parsedIdentityType = ResourceIdentityTypeEnumExtension.ParseResourceIdentityType(vmInner.Identity.Type);
if (parsedIdentityType == null ||
parsedIdentityType.Equals(ResourceIdentityType.None) ||
parsedIdentityType.Equals(identityType))
{
vmInner.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(identityType);
}
else
{
vmInner.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.SystemAssignedUserAssigned);
}
if (vmInner.Identity.IdentityIds == null)
{
if (identityType.Equals(ResourceIdentityType.UserAssigned) ||
identityType.Equals(ResourceIdentityType.SystemAssignedUserAssigned))
{
vmInner.Identity.IdentityIds = new List <string>();
}
}
}
/// <summary>
/// Gets the MSI identity type.
/// </summary>
/// <param name="inner">the virtual machine inner</param>
/// <returns>the MSI identity type</returns>
internal static ResourceIdentityType?ManagedServiceIdentityType(VirtualMachineInner inner)
{
if (inner.Identity != null)
{
return(ResourceIdentityTypeEnumExtension.ParseResourceIdentityType(inner.Identity.Type));
}
return(null);
}
/// <summary>
/// Gets the MSI identity type.
/// </summary>
/// <param name="inner">the virtual machine scale set inner</param>
/// <returns>the MSI identity type</returns>
internal static ResourceIdentityType?ManagedServiceIdentityType(VirtualMachineScaleSetInner inner)
{
if (inner.Identity != null)
{
//ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.SystemAssigned);
return(ResourceIdentityTypeEnumExtension.ParseResourceIdentityType(inner.Identity.Type));
}
return(null);
}
/// <summary>
/// Set user assigned identity ids to the given virtual machine inner model
/// </summary>
/// <param name="virtualMachineInner">the virtual machine inner model</param>
/// <param name="vmTaskGroup">the virtual machine task group</param>
internal void HandleUserAssignedIdentities(VirtualMachineInner virtualMachineInner, CreatorTaskGroup <IHasId> vmTaskGroup)
{
try
{
if (virtualMachineInner.Identity == null || virtualMachineInner.Identity.Type == null)
{
return;
}
ResourceIdentityType?parsedIdentityType = ResourceIdentityTypeEnumExtension.ParseResourceIdentityType(virtualMachineInner.Identity.Type);
if (parsedIdentityType.Equals(ResourceIdentityType.None) ||
parsedIdentityType.Equals(ResourceIdentityType.SystemAssigned))
{
return;
}
foreach (var key in this.userAssignedIdentityCreatableKeys)
{
var identity = (IIdentity)vmTaskGroup.CreatedResource(key);
if (!this.userAssignedIdentityIdsToAssociate.Contains(identity.Id))
{
this.userAssignedIdentityIdsToAssociate.Add(identity.Id);
}
}
if (virtualMachineInner.Identity.IdentityIds == null)
{
virtualMachineInner.Identity.IdentityIds = new List <string>();
}
foreach (var identityId in this.userAssignedIdentityIdsToAssociate)
{
if (!virtualMachineInner.Identity.IdentityIds.Contains(identityId))
{
virtualMachineInner.Identity.IdentityIds.Add(identityId);
}
}
foreach (var identityId in this.userAssignedIdentityIdsToRemove)
{
if (virtualMachineInner.Identity.IdentityIds.Contains(identityId))
{
virtualMachineInner.Identity.IdentityIds.Remove(identityId);
}
}
if (virtualMachineInner.Identity.IdentityIds.Any())
{
this.installExtensionIfNotInstalled = true;
}
}
finally
{
this.userAssignedIdentityCreatableKeys.Clear();
this.userAssignedIdentityIdsToAssociate.Clear();
this.userAssignedIdentityIdsToRemove.Clear();
}
}
/// <summary>
/// Checks system assigned identity is enabled for the virtual machine.
/// </summary>
/// <param name="virtualMachine">the virtual machine</param>
/// <returns>true if system assigned MSI is enabled, false otherwise</returns>
private static bool IsSystemAssignedMSIEnabled(IVirtualMachine virtualMachine)
{
VirtualMachineInner VMInner = virtualMachine.Inner;
if (VMInner.Identity == null)
{
return(false);
}
ResourceIdentityType?parsedIdentityType = ResourceIdentityTypeEnumExtension.ParseResourceIdentityType(VMInner.Identity.Type);
if (parsedIdentityType == null || parsedIdentityType.Equals(ResourceIdentityType.None))
{
return(false);
}
else
{
return(parsedIdentityType.Equals(ResourceIdentityType.SystemAssigned) || parsedIdentityType.Equals(ResourceIdentityType.SystemAssignedUserAssigned));
}
}
/// <summary>
/// Specifies that Local Managed Service Identity needs to be disabled in the virtual machine scale set.
/// </summary>
/// <return>VirtualMachineScaleSetMsiHandler.</return>
internal VirtualMachineScaleSetMsiHelper WithoutLocalManagedServiceIdentity()
{
if (this.scaleSet.Inner.Identity == null ||
this.scaleSet.Inner.Identity.Type == null ||
this.scaleSet.Inner.Identity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.None), StringComparison.OrdinalIgnoreCase) ||
this.scaleSet.Inner.Identity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.UserAssigned), StringComparison.OrdinalIgnoreCase))
{
return(this);
}
else if (this.scaleSet.Inner.Identity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.SystemAssigned), StringComparison.OrdinalIgnoreCase))
{
this.scaleSet.Inner.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.None);
}
else if (this.scaleSet.Inner.Identity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.SystemAssignedUserAssigned), StringComparison.OrdinalIgnoreCase))
{
this.scaleSet.Inner.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.UserAssigned);
}
return(this);
}
/// <summary>
/// Method that handle the case where user request indicates all it want to do is remove all identities associated
/// with the virtual machine.
/// </summary>
/// <param name="vmssUpdate">The vm update payload model.</param>
/// <return>True if user indented to remove all the identities.</return>
private bool HandleRemoveAllExternalIdentitiesCase(VirtualMachineScaleSetUpdate vmssUpdate)
{
if (this.userAssignedIdentities.Any())
{
int rmCount = 0;
foreach (var v in this.userAssignedIdentities.Values)
{
if (v == null)
{
rmCount++;
}
else
{
break;
}
}
bool containsRemoveOnly = rmCount > 0 && rmCount == this.userAssignedIdentities.Count;
// Check if user request contains only request for removal of identities.
if (containsRemoveOnly)
{
var currentIds = new HashSet <string>();
var currentIdentity = this.scaleSet.Inner.Identity;
if (currentIdentity != null && currentIdentity.UserAssignedIdentities != null)
{
foreach (var id in currentIdentity.UserAssignedIdentities.Keys)
{
currentIds.Add(id.ToLower());
}
}
var removeIds = new HashSet <string>();
foreach (var entrySet in this.userAssignedIdentities)
{
if (entrySet.Value == null)
{
removeIds.Add(entrySet.Key.ToLower());
}
}
// If so check user want to remove all the identities
bool removeAllCurrentIds = currentIds.Count == removeIds.Count && !removeIds.Any(id => !currentIds.Contains(id)); // Java part looks like this -> && currentIds.ContainsAll(removeIds);
if (removeAllCurrentIds)
{
// If so adjust the identity type [Setting type to SYSTEM_ASSIGNED orNONE will remove all the identities]
if (currentIdentity == null || currentIdentity.Type == null)
{
vmssUpdate.Identity = new VirtualMachineScaleSetIdentity {
Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.None)
};
}
else if (currentIdentity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.SystemAssignedUserAssigned), StringComparison.OrdinalIgnoreCase))
{
vmssUpdate.Identity = currentIdentity;
vmssUpdate.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.SystemAssigned);
}
else if (currentIdentity.Type.Equals(ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.UserAssigned), StringComparison.OrdinalIgnoreCase))
{
vmssUpdate.Identity = currentIdentity;
vmssUpdate.Identity.Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.None);
}
// and set identities property in the payload model to null so that it won't be sent
vmssUpdate.Identity.UserAssignedIdentities = null;
return(true);
}
else
{
// Check user is asking to remove identities though there is no identities currently associated
if (currentIds.Count == 0 && removeIds.Count != 0 && currentIdentity == null)
{
// If so we are in a invalid state but we want to send user input to service and let service
// handle it (ignore or error).
vmssUpdate.Identity = new VirtualMachineScaleSetIdentity {
Type = ResourceIdentityTypeEnumExtension.ToSerializedValue(ResourceIdentityType.None)
};
vmssUpdate.Identity.UserAssignedIdentities = null;
return(true);
}
}
}
}
return(false);
}
