/// <summary>
/// Disables encryption on the given disk volume.
/// </summary>
/// <param name="volumeType">The disk volume.</param>
/// <return>An observable that emits the decryption status.</return>
///GENMHASH:B980B0A762D67885E3B127392FD42890:A65E5C07D8DA37A2AB5EC199276933B9
internal async Task <Microsoft.Azure.Management.Compute.Fluent.IDiskVolumeEncryptionMonitor> DisableEncryptionAsync(DiskVolumeType volumeType, CancellationToken cancellationToken = default(CancellationToken))
{
var encryptConfig = EncryptionSettings.CreateDisable(volumeType);
await ValidateBeforeDecryptAsync(volumeType, cancellationToken);
// Update the encryption extension if already installed
//
IVirtualMachineExtension extension = await GetEncryptionExtensionInstalledInVMAsync(cancellationToken);
IVirtualMachine virtualMachine = await UpdateEncryptionExtensionAsync(encryptConfig, extension, cancellationToken);
bool isNoAAD = EncryptionExtensionIdentifier.IsNoAADVersion(osType, extension.VersionName);
if (virtualMachine != null && !isNoAAD)
{
// Validate and retrieve the encryption extension status
//
string status = await RetrieveEncryptionExtensionStatusStringAsync(ERROR_ENCRYPTION_EXTENSION_STATUS_IS_EMPTY, cancellationToken);
// Update the VM's OS profile by marking encryption disabled
//
virtualMachine = await UpdateVMStorageProfileAsync(encryptConfig, cancellationToken);
}
// Gets the encryption status
//
return(await GetDiskVolumeEncryptDecryptStatusAsync(virtualMachine, isNoAAD, cancellationToken));
}
private async Task <IVirtualMachineExtension> GetEncryptionExtensionAsync(CancellationToken cancellationToken = default(CancellationToken))
{
var extensions = await this.virtualMachine.ListExtensionsAsync();
foreach (var extension in extensions)
{
if (EncryptionExtensionIdentifier.IsEncryptionPublisherName(extension.PublisherName) &&
EncryptionExtensionIdentifier.IsEncryptionTypeName(extension.TypeName, this.virtualMachine.OSType))
{
return(extension);
}
}
return(null);
}
public async Task <Microsoft.Azure.Management.Compute.Fluent.IDiskVolumeEncryptionMonitor> RefreshAsync(CancellationToken cancellationToken = default(CancellationToken))
{
this.virtualMachine = await RetrieveVirtualMachineAsync(cancellationToken);
if (virtualMachine.InstanceView != null && virtualMachine.InstanceView.Extensions != null)
{
foreach (var extension in virtualMachine.InstanceView.Extensions)
{
if (extension.Type != null && extension.Type.ToLower().StartsWith(EncryptionExtensionIdentifier.GetPublisherName().ToLower()) &&
extension.Name != null && EncryptionExtensionIdentifier.IsEncryptionTypeName(extension.Name, this.OSType()))
{
this.extensionInstanceView = extension;
break;
}
}
}
return(this);
}
///GENMHASH:5A2D79502EDA81E37A36694062AEDC65:061A846F0F7CA8B3F2DF8CA79A8D8B5A
public async Task <Microsoft.Azure.Management.Compute.Fluent.IDiskVolumeEncryptionMonitor> RefreshAsync(CancellationToken cancellationToken = default(CancellationToken))
{
// Refreshes the cached Windows virtual machine and installed encryption extension
//
var virtualMachine = await RetrieveVirtualMachineAsync(cancellationToken);
this.virtualMachine = virtualMachine;
if (virtualMachine.Resources != null)
{
foreach (var extension in virtualMachine.Resources)
{
if (EncryptionExtensionIdentifier.IsEncryptionPublisherName(extension.Publisher) &&
EncryptionExtensionIdentifier.IsEncryptionTypeName(extension.VirtualMachineExtensionType, OperatingSystemTypes.Windows))
{
this.encryptionExtension = extension;
break;
}
}
}
return(this);
}
public IDictionary <string, InstanceViewStatus> DiskInstanceViewEncryptionStatuses()
{
if (virtualMachine.InstanceView == null || virtualMachine.InstanceView.Disks == null)
{
return(new Dictionary <string, InstanceViewStatus>());
}
//
var div = new Dictionary <string, InstanceViewStatus>();
foreach (DiskInstanceView diskInstanceView in virtualMachine.InstanceView.Disks)
{
foreach (InstanceViewStatus status in diskInstanceView.Statuses)
{
if (EncryptionExtensionIdentifier.GetEncryptionStatusFromCode(status.Code) != null)
{
div.Add(diskInstanceView.Name, status);
break;
}
}
}
return(div);
}
///GENMHASH:F5C4065BE678A5CA018C264CAFF7901A:1C7F0F2F318A44EF8EF32F689B1ABFB4
public async Task <Microsoft.Azure.Management.Compute.Fluent.IDiskVolumeEncryptionMonitor> GetMonitorAsync(CancellationToken cancellationToken = default(CancellationToken))
{
var extension = await GetEncryptionExtensionAsync(cancellationToken);
if (extension == null)
{
return(null);
}
bool isNoAAD = EncryptionExtensionIdentifier.IsNoAADVersion(this.virtualMachine.OSType, extension.VersionName);
IDiskVolumeEncryptionMonitor monitor = null;
if (this.virtualMachine.OSType == OperatingSystemTypes.Linux)
{
if (isNoAAD)
{
monitor = new LinuxDiskVolumeNoAADEncryptionMonitorImpl(virtualMachine.Id, virtualMachine.Manager);
}
else
{
monitor = new LinuxDiskVolumeLegacyEncryptionMonitorImpl(virtualMachine.Id, virtualMachine.Manager);
}
}
else
{
if (isNoAAD)
{
monitor = new WindowsVolumeNoAADEncryptionMonitorImpl(virtualMachine.Id, virtualMachine.Manager);
}
else
{
monitor = new WindowsVolumeLegacyEncryptionMonitorImpl(virtualMachine.Id, virtualMachine.Manager);
}
}
return(await monitor.RefreshAsync(cancellationToken));
}
public EncryptionStatus OSDiskStatus()
{
if (virtualMachine.InstanceView == null || virtualMachine.InstanceView.Disks == null)
{
return(EncryptionStatus.Unknown);
}
foreach (DiskInstanceView diskInstanceView in virtualMachine.InstanceView.Disks)
{
// encryptionSettings will be set only for OSDisk
if (diskInstanceView.EncryptionSettings != null)
{
foreach (InstanceViewStatus status in diskInstanceView.Statuses)
{
EncryptionStatus encryptionStatus = EncryptionExtensionIdentifier.GetEncryptionStatusFromCode(status.Code);
if (encryptionStatus != null)
{
return(encryptionStatus);
}
}
break;
}
}
return(EncryptionStatus.Unknown);
}
public EncryptionStatus DataDiskStatus()
{
if (virtualMachine.InstanceView == null || virtualMachine.InstanceView.Disks == null)
{
return(EncryptionStatus.Unknown);
}
var encryptStatuses = new HashSet <EncryptionStatus>();
foreach (DiskInstanceView diskInstanceView in virtualMachine.InstanceView.Disks)
{
// encryptionSettings will be null for data disks and non-null for os disk.
if (diskInstanceView.EncryptionSettings != null)
{
continue;
}
foreach (InstanceViewStatus status in diskInstanceView.Statuses)
{
EncryptionStatus encryptionStatus = EncryptionExtensionIdentifier.GetEncryptionStatusFromCode(status.Code);
if (encryptionStatus != null)
{
encryptStatuses.Add(encryptionStatus);
break;
}
}
}
// Derive an overall encryption status for all data disks.
// --------------
if (encryptStatuses.Count == 0)
{
// Zero disks or disks without encryption state status.
return(EncryptionStatus.Unknown);
}
else if (encryptStatuses.Count == 1)
{
// Single item indicate all disks are of the same encryption state.
//
return(encryptStatuses.First());
}
//
// More than one encryptStatuses indicates multiple disks with different encryption states.
// The precedence is UNKNOWN > NOT_MOUNTED > ENCRYPTION_INPROGRESS > VM_RESTART_PENDING
if (encryptStatuses.Contains(EncryptionStatus.Unknown))
{
return(EncryptionStatus.Unknown);
}
else if (encryptStatuses.Contains(EncryptionStatus.NotMounted))
{
return(EncryptionStatus.NotMounted);
}
else if (encryptStatuses.Contains(EncryptionStatus.EncryptionInProgress))
{
return(EncryptionStatus.EncryptionInProgress);
}
else if (encryptStatuses.Contains(EncryptionStatus.VMRestartPending))
{
return(EncryptionStatus.VMRestartPending);
}
else
{
return(EncryptionStatus.Unknown);
}
}
