private-cloud cmk-encryption commands, identity commands, and test cases

src/vmware/HISTORY.md

@@ -1,5 +1,16 @@
 # Release History
 
+## 4.1.0 (2022-07)
+
+- Add new parameter `--identity` to `az vmware private-cloud create`
+- Add new parameter `--identity` to `az vmware private-cloud update`
+- Add `az vmware private-cloud enable-cmk-encryption`
+- Add `az vmware private-cloud disable-cmk-encryption`
+- Deprecate `az vmware private-cloud add-cmk-encryption`
+- Deprecate `az vmware private-cloud delete-cmk-encryption`
+- Deprecate `--mi-system-assigned` parameter from `az vmware private-cloud create`
+- Deprecate `az vmware private-cloud identity` command group
+
 ## 4.0.2 (2022-02)
 
 - Update `az vmware datastore disk-pool-volume create` to only accept one argument for --mount-option

src/vmware/azext_vmware/_help.py

@@ -117,6 +117,16 @@
     short-summary: Delete a Customer Managed Keys Encryption from a private cloud.
 """
 
+helps['vmware private-cloud enable-cmk-encryption'] = """
+    type: command
+    short-summary: Enable a Customer Managed Keys Encryption to a private cloud.
+"""
+
+helps['vmware private-cloud disable-cmk-encryption'] = """
+    type: command
+    short-summary: Disable a Customer Managed Keys Encryption from a private cloud.
+"""
+
 helps['vmware private-cloud identity'] = """
     type: group
     short-summary: Commands for Managed Identity in a private cloud.

src/vmware/azext_vmware/_params.py

@@ -9,11 +9,15 @@
 from azure.cli.core.commands.parameters import get_enum_type
 from ._validators import server_addresses_length
 
+def clean_help(helpText):
+    return ' '.join(helpText.split())
+
 
 def load_arguments(self, _):
 
     from azure.cli.core.commands.parameters import tags_type
     from azure.cli.core.commands.validators import get_default_location_from_resource_group
+    from azext_vmware.vendored_sdks.avs_client.models import ResourceIdentityType
 
     with self.argument_context('vmware') as c:
         c.argument('tags', tags_type)
@@ -24,6 +28,7 @@ def load_arguments(self, _):
         c.argument('cluster_size', help='Number of hosts for the default management cluster. Minimum of 3 and maximum of 16.')
         c.argument('internet', help='Connectivity to internet. Specify "Enabled" or "Disabled".')
         c.argument('yes', help='Delete without confirmation.')
+        c.argument('identity', help=clean_help(ResourceIdentityType.__doc__), arg_type=get_enum_type([identityType.value for identityType in ResourceIdentityType]))
 
     with self.argument_context('vmware cluster') as c:
         c.argument('name', options_list=['--name', '-n'], help='Name of the cluster.')
@@ -39,7 +44,7 @@ def load_arguments(self, _):
         c.argument('nsxt_password', help='NSX-T Manager password.')
         c.argument('accept_eula', help='Accept the end-user license agreement without prompting.')
         c.argument('network_block', help='A subnet at least of size /22. Make sure the CIDR format is conformed to (A.B.C.D/X) where A,B,C,D are between 0 and 255, and X is between 0 and 22.')
-        c.argument('mi_system_assigned', help='Enable a system assigned identity.')
+        c.argument('mi_system_assigned', help=clean_help(ResourceIdentityType.__doc__), arg_type=get_enum_type([identityType.value for identityType in ResourceIdentityType]), deprecate_info=c.deprecate(redirect='--identity', hide=True))
 
     with self.argument_context('vmware private-cloud show') as c:
         c.argument('name', options_list=['--name', '-n'], help='Name of the private cloud.')
@@ -60,7 +65,11 @@ def load_arguments(self, _):
         c.argument('secondary_zone', help='The secondary availability zone for the private cloud.')
 
     with self.argument_context('vmware private-cloud add-cmk-encryption') as c:
-        c.argument('enc_status', help='Status of customer managed encryption key. Possible values include "Enabled" and "Disabled".')
+        c.argument('enc_kv_key_name', help='The name of the encryption key vault key.')
+        c.argument('enc_kv_url', help='The URL of the encryption key vault.')
+        c.argument('enc_kv_key_version', help='The version of the encryption key vault key.')
+
+    with self.argument_context('vmware private-cloud enable-cmk-encryption') as c:
         c.argument('enc_kv_key_name', help='The name of the encryption key vault key.')
         c.argument('enc_kv_url', help='The URL of the encryption key vault.')
         c.argument('enc_kv_key_version', help='The version of the encryption key vault key.')
@@ -99,9 +108,6 @@ def load_arguments(self, _):
         c.argument('domain', help='The domain\'s dns name.')
         c.argument('name', options_list=['--name', '-n'], help='The name of the identity source.')
 
-    with self.argument_context('vmware private-cloud identity') as c:
-        c.argument('system_assigned', help='Enable a system assigned identity.')
-
     with self.argument_context('vmware private-cloud update') as c:
         c.argument('name', options_list=['--name', '-n'], help='Name of the private cloud.')
 

src/vmware/azext_vmware/commands.py

@@ -28,12 +28,14 @@ def load_command_table(self, _):
         g.custom_command('delete-identity-source', 'privatecloud_deleteidentitysource')
         g.custom_command('add-availability-zone', 'privatecloud_addavailabilityzone')
         g.custom_command('delete-availability-zone', 'privatecloud_deleteavailabilityzone')
-        g.custom_command('add-cmk-encryption', 'privatecloud_addcmkencryption')
-        g.custom_command('delete-cmk-encryption', 'privatecloud_deletecmkenryption')
+        g.custom_command('add-cmk-encryption', 'privatecloud_addcmkencryption', deprecate_info=g.deprecate(redirect='az vmware private-cloud enable-cmk-encryption', hide=True))
+        g.custom_command('delete-cmk-encryption', 'privatecloud_deletecmkenryption', deprecate_info=g.deprecate(redirect='az vmware private-cloud disable-cmk-encryption', hide=True))
+        g.custom_command('enable-cmk-encryption', 'privatecloud_addcmkencryption')
+        g.custom_command('disable-cmk-encryption', 'privatecloud_deletecmkenryption')
         g.custom_command('rotate-vcenter-password', 'privatecloud_rotate_vcenter_password')
         g.custom_command('rotate-nsxt-password', 'privatecloud_rotate_nsxt_password')
 
-    with self.command_group('vmware private-cloud identity', vmware_sdk, client_factory=cf_vmware) as g:
+    with self.command_group('vmware private-cloud identity', vmware_sdk, client_factory=cf_vmware, deprecate_info=self.deprecate(redirect='az vmware private cloud update', hide=True)) as g:
         g.custom_command('assign', 'privatecloud_identity_assign')
         g.custom_command('remove', 'privatecloud_identity_remove')
         g.custom_show_command('show', 'privatecloud_identity_get')

src/vmware/azext_vmware/custom.py

@@ -48,7 +48,7 @@ def privatecloud_show(client: AVSClient, resource_group_name, name):
     return client.private_clouds.get(resource_group_name, name)
 
 
-def privatecloud_create(client: AVSClient, resource_group_name, name, sku, cluster_size, network_block, location=None, internet=None, vcenter_password=None, nsxt_password=None, tags=None, accept_eula=False, mi_system_assigned=False, yes=False):
+def privatecloud_create(client: AVSClient, resource_group_name, name, sku, cluster_size, network_block, location=None, internet=None, vcenter_password=None, nsxt_password=None, tags=None, identity=None, mi_system_assigned=None, accept_eula=False, yes=False):
     from knack.prompting import prompt_y_n
     if not accept_eula:
         print(LEGAL_TERMS)
@@ -62,8 +62,10 @@ def privatecloud_create(client: AVSClient, resource_group_name, name, sku, clust
         cloud.location = location
     if tags is not None:
         cloud.tags = tags
-    if mi_system_assigned:
-        cloud.identity = PrivateCloudIdentity(type='SystemAssigned')
+    if identity is not None:
+        cloud.identity = PrivateCloudIdentity(type=identity)
+    elif mi_system_assigned is not None:
+        cloud.identity = PrivateCloudIdentity(type=mi_system_assigned)
     if internet is not None:
         cloud.internet = internet
     if vcenter_password is not None:
@@ -73,15 +75,17 @@ def privatecloud_create(client: AVSClient, resource_group_name, name, sku, clust
     return client.private_clouds.begin_create_or_update(resource_group_name, name, cloud)
 
 
-def privatecloud_update(client: AVSClient, resource_group_name, name, cluster_size=None, internet=None, tags=None):
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudUpdate, ManagementCluster
-    private_cloud_update = PrivateCloudUpdate()
+def privatecloud_update(client: AVSClient, resource_group_name, name, cluster_size=None, internet=None, tags=None, identity=None):
+    from azext_vmware.vendored_sdks.avs_client.models import ManagementCluster, PrivateCloudIdentity
+    private_cloud_update = client.private_clouds.get(resource_group_name, name)
     if tags is not None:
         private_cloud_update.tags = tags
     if cluster_size is not None:
         private_cloud_update.management_cluster = ManagementCluster(cluster_size=cluster_size)
     if internet is not None:
         private_cloud_update.internet = internet
+    if identity is not None:
+        private_cloud_update.identity = PrivateCloudIdentity(type=identity)
     return client.private_clouds.begin_update(resource_group_name, name, private_cloud_update)
 
 
@@ -122,8 +126,8 @@ def privatecloud_deleteidentitysource(client: AVSClient, resource_group_name, na
 
 
 def privatecloud_addavailabilityzone(client: AVSClient, resource_group_name, private_cloud, strategy=None, zone=None, secondary_zone=None):
-    from azext_vmware.vendored_sdks.avs_client.models import AvailabilityProperties, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
+    from azext_vmware.vendored_sdks.avs_client.models import AvailabilityProperties
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
     pc.availability = AvailabilityProperties(strategy=strategy, zone=zone, secondary_zone=secondary_zone)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
@@ -133,16 +137,15 @@ def privatecloud_deleteavailabilityzone(client: AVSClient, resource_group_name,
     msg = 'This will delete the availability zone. Are you sure?'
     if not yes and not prompt_y_n(msg, default="n"):
         return None
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
     pc.availability = None
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
-def privatecloud_addcmkencryption(client: AVSClient, resource_group_name, private_cloud, enc_status=None, enc_kv_key_name=None, enc_kv_key_version=None, enc_kv_url=None):
-    from azext_vmware.vendored_sdks.avs_client.models import Encryption, EncryptionKeyVaultProperties, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
-    pc.encryption = Encryption(status=enc_status, key_vault_properties=EncryptionKeyVaultProperties(key_name=enc_kv_key_name, key_version=enc_kv_key_version, key_vault_url=enc_kv_url))
+def privatecloud_addcmkencryption(client: AVSClient, resource_group_name, private_cloud, enc_kv_key_name=None, enc_kv_key_version=None, enc_kv_url=None):
+    from azext_vmware.vendored_sdks.avs_client.models import Encryption, EncryptionKeyVaultProperties, EncryptionState
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
+    pc.encryption = Encryption(status=EncryptionState.ENABLED, key_vault_properties=EncryptionKeyVaultProperties(key_name=enc_kv_key_name, key_version=enc_kv_key_version, key_vault_url=enc_kv_url))
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
@@ -151,24 +154,23 @@ def privatecloud_deletecmkenryption(client: AVSClient, resource_group_name, priv
     msg = 'This will delete the managed keys encryption. Are you sure?'
     if not yes and not prompt_y_n(msg, default="n"):
         return None
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
-    pc.encryption = None
+    from azext_vmware.vendored_sdks.avs_client.models import Encryption, EncryptionState
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
+    pc.encryption = Encryption(status=EncryptionState.DISABLED)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
-def privatecloud_identity_assign(client: AVSClient, resource_group_name, private_cloud, system_assigned=False):
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
-    if system_assigned:
-        pc.identity = PrivateCloudIdentity(type="SystemAssigned")
+def privatecloud_identity_assign(client: AVSClient, resource_group_name, private_cloud):
+    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, ResourceIdentityType
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
+    pc.identity = PrivateCloudIdentity(type=ResourceIdentityType.SYSTEM_ASSIGNED)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)
 
 
 def privatecloud_identity_remove(client: AVSClient, resource_group_name, private_cloud):
-    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, PrivateCloudUpdate
-    pc = PrivateCloudUpdate()
-    pc.identity = PrivateCloudIdentity(type="None")
+    from azext_vmware.vendored_sdks.avs_client.models import PrivateCloudIdentity, ResourceIdentityType
+    pc = client.private_clouds.get(resource_group_name, private_cloud)
+    pc.identity = PrivateCloudIdentity(type=ResourceIdentityType.NONE)
     return client.private_clouds.begin_update(resource_group_name=resource_group_name, private_cloud_name=private_cloud, private_cloud_update=pc)