private-cloud cmk-encryption commands, identity commands, and test ca…

…ses (#5151)
Azure · Aug 3, 2022 · e28b4cb · e28b4cb
1 parent 1305a7e
commit e28b4cb
Show file tree

Hide file tree

Showing 17 changed files with 533 additions and 178 deletions.
diff --git a/src/vmware/HISTORY.md b/src/vmware/HISTORY.md
@@ -1,5 +1,13 @@
 # Release History
 
+## 4.1.0 (2022-07)
+
+- Add `az vmware private-cloud enable-cmk-encryption`
+- Add `az vmware private-cloud disable-cmk-encryption`
+- Deprecate `az vmware private-cloud add-cmk-encryption`
+- Deprecate `az vmware private-cloud delete-cmk-encryption`
+- Add `--system-assigned` parameter to `az vmware private-cloud identity remove`
+
 ## 4.0.2 (2022-02)
 
 - Update `az vmware datastore disk-pool-volume create` to only accept one argument for --mount-option

diff --git a/src/vmware/azext_vmware/_help.py b/src/vmware/azext_vmware/_help.py
@@ -117,6 +117,16 @@
     short-summary: Delete a Customer Managed Keys Encryption from a private cloud.
 """
 
+helps['vmware private-cloud enable-cmk-encryption'] = """
+    type: command
+    short-summary: Enable a Customer Managed Keys Encryption to a private cloud.
+"""
+
+helps['vmware private-cloud disable-cmk-encryption'] = """
+    type: command
+    short-summary: Disable a Customer Managed Keys Encryption from a private cloud.
+"""
+
 helps['vmware private-cloud identity'] = """
     type: group
     short-summary: Commands for Managed Identity in a private cloud.

diff --git a/src/vmware/azext_vmware/_params.py b/src/vmware/azext_vmware/_params.py
@@ -60,7 +60,11 @@ def load_arguments(self, _):
         c.argument('secondary_zone', help='The secondary availability zone for the private cloud.')
 
     with self.argument_context('vmware private-cloud add-cmk-encryption') as c:
-        c.argument('enc_status', help='Status of customer managed encryption key. Possible values include "Enabled" and "Disabled".')
+        c.argument('enc_kv_key_name', help='The name of the encryption key vault key.')
+        c.argument('enc_kv_url', help='The URL of the encryption key vault.')
+        c.argument('enc_kv_key_version', help='The version of the encryption key vault key.')
+
+    with self.argument_context('vmware private-cloud enable-cmk-encryption') as c:
         c.argument('enc_kv_key_name', help='The name of the encryption key vault key.')
         c.argument('enc_kv_url', help='The URL of the encryption key vault.')
         c.argument('enc_kv_key_version', help='The version of the encryption key vault key.')
@@ -99,9 +103,12 @@ def load_arguments(self, _):
         c.argument('domain', help='The domain\'s dns name.')
         c.argument('name', options_list=['--name', '-n'], help='The name of the identity source.')
 
-    with self.argument_context('vmware private-cloud identity') as c:
+    with self.argument_context('vmware private-cloud identity assign') as c:
         c.argument('system_assigned', help='Enable a system assigned identity.')
 
+    with self.argument_context('vmware private-cloud identity remove') as c:
+        c.argument('system_assigned', help='Disable a system assigned identity.')
+
     with self.argument_context('vmware private-cloud update') as c:
         c.argument('name', options_list=['--name', '-n'], help='Name of the private cloud.')
 

diff --git a/src/vmware/azext_vmware/commands.py b/src/vmware/azext_vmware/commands.py
@@ -28,8 +28,10 @@ def load_command_table(self, _):
         g.custom_command('delete-identity-source', 'privatecloud_deleteidentitysource')
         g.custom_command('add-availability-zone', 'privatecloud_addavailabilityzone')
         g.custom_command('delete-availability-zone', 'privatecloud_deleteavailabilityzone')
-        g.custom_command('add-cmk-encryption', 'privatecloud_addcmkencryption')
-        g.custom_command('delete-cmk-encryption', 'privatecloud_deletecmkenryption')
+        g.custom_command('add-cmk-encryption', 'privatecloud_addcmkencryption', deprecate_info=g.deprecate(redirect='az vmware private-cloud enable-cmk-encryption', hide=True))
+        g.custom_command('delete-cmk-encryption', 'privatecloud_deletecmkenryption', deprecate_info=g.deprecate(redirect='az vmware private-cloud disable-cmk-encryption', hide=True))
+        g.custom_command('enable-cmk-encryption', 'privatecloud_addcmkencryption')
+        g.custom_command('disable-cmk-encryption', 'privatecloud_deletecmkenryption')
         g.custom_command('rotate-vcenter-password', 'privatecloud_rotate_vcenter_password')
         g.custom_command('rotate-nsxt-password', 'privatecloud_rotate_nsxt_password')
 

diff --git a/src/vmware/azext_vmware/custom.py b/src/vmware/azext_vmware/custom.py
@@ -56,14 +56,16 @@ def privatecloud_create(client: AVSClient, resource_group_name, name, sku, clust
         if not yes and not prompt_y_n(msg, default="n"):
             return None
 
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloud, Circuit, ManagementCluster, Sku, PrivateCloudIdentity
+    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloud, Circuit, ManagementCluster, Sku, PrivateCloudIdentity, ResourceIdentityType
     cloud = PrivateCloud(sku=Sku(name=sku), ciruit=Circuit(), management_cluster=ManagementCluster(cluster_size=cluster_size), network_block=network_block)
     if location is not None:
         cloud.location = location
     if tags is not None:
         cloud.tags = tags
     if mi_system_assigned:
-        cloud.identity = PrivateCloudIdentity(type='SystemAssigned')
+        cloud.identity = PrivateCloudIdentity(type=ResourceIdentityType.SYSTEM_ASSIGNED)
+    else:
+        cloud.identity = PrivateCloudIdentity(type=ResourceIdentityType.NONE)
     if internet is not None:
         cloud.internet = internet
     if vcenter_password is not None:
@@ -74,8 +76,8 @@ def privatecloud_create(client: AVSClient, resource_group_name, name, sku, clust
 
 
 def privatecloud_update(client: AVSClient, resource_group_name, name, cluster_size=None, internet=None, tags=None):
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudUpdate, ManagementCluster
-    private_cloud_update = PrivateCloudUpdate()
+    from azext_vmware.vendored_sdks.avs_client.models import ManagementCluster
+    private_cloud_update = client.private_clouds.get(resource_group_name, name)
     if tags is not None:
         private_cloud_update.tags = tags
     if cluster_size is not None:
@@ -122,8 +124,8 @@ def privatecloud_deleteidentitysource(client: AVSClient, resource_group_name, na
 
 
 def privatecloud_addavailabilityzone(client: AVSClient, resource_group_name, private_cloud, strategy=None, zone=None, secondary_zone=None):
-    from azext_vmware.vendored_sdks.avs_client.models import AvailabilityProperties, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
+    from azext_vmware.vendored_sdks.avs_client.models import AvailabilityProperties
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
     pc.availability = AvailabilityProperties(strategy=strategy, zone=zone, secondary_zone=secondary_zone)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
@@ -133,16 +135,15 @@ def privatecloud_deleteavailabilityzone(client: AVSClient, resource_group_name,
     msg = 'This will delete the availability zone. Are you sure?'
     if not yes and not prompt_y_n(msg, default="n"):
         return None
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
     pc.availability = None
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
-def privatecloud_addcmkencryption(client: AVSClient, resource_group_name, private_cloud, enc_status=None, enc_kv_key_name=None, enc_kv_key_version=None, enc_kv_url=None):
-    from azext_vmware.vendored_sdks.avs_client.models import Encryption, EncryptionKeyVaultProperties, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
-    pc.encryption = Encryption(status=enc_status, key_vault_properties=EncryptionKeyVaultProperties(key_name=enc_kv_key_name, key_version=enc_kv_key_version, key_vault_url=enc_kv_url))
+def privatecloud_addcmkencryption(client: AVSClient, resource_group_name, private_cloud, enc_kv_key_name=None, enc_kv_key_version=None, enc_kv_url=None):
+    from azext_vmware.vendored_sdks.avs_client.models import Encryption, EncryptionKeyVaultProperties, EncryptionState
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
+    pc.encryption = Encryption(status=EncryptionState.ENABLED, key_vault_properties=EncryptionKeyVaultProperties(key_name=enc_kv_key_name, key_version=enc_kv_key_version, key_vault_url=enc_kv_url))
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
@@ -151,24 +152,25 @@ def privatecloud_deletecmkenryption(client: AVSClient, resource_group_name, priv
     msg = 'This will delete the managed keys encryption. Are you sure?'
     if not yes and not prompt_y_n(msg, default="n"):
         return None
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
-    pc.encryption = None
+    from azext_vmware.vendored_sdks.avs_client.models import Encryption, EncryptionState
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
+    pc.encryption = Encryption(status=EncryptionState.DISABLED)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
 def privatecloud_identity_assign(client: AVSClient, resource_group_name, private_cloud, system_assigned=False):
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
+    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, ResourceIdentityType
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
     if system_assigned:
-        pc.identity = PrivateCloudIdentity(type="SystemAssigned")
+        pc.identity = PrivateCloudIdentity(type=ResourceIdentityType.SYSTEM_ASSIGNED)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
-def privatecloud_identity_remove(client: AVSClient, resource_group_name, private_cloud):
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
-    pc.identity = PrivateCloudIdentity(type="None")
+def privatecloud_identity_remove(client: AVSClient, resource_group_name, private_cloud, system_assigned=False):
+    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, ResourceIdentityType
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
+    if system_assigned:
+        pc.identity = PrivateCloudIdentity(type=ResourceIdentityType.NONE)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)