Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disk Access changes #12673

Merged
merged 30 commits into from
Sep 4, 2020
Merged
Show file tree
Hide file tree
Changes from 24 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
40ed4e7
baseline work
grizzlytheodore Aug 11, 2020
ee8b1d3
New-AzDiskAccess Remove-AzDiskAccess
grizzlytheodore Aug 12, 2020
b58aed2
New cmdlets
grizzlytheodore Aug 13, 2020
f712d40
New disk config (#12665)
haagha Aug 13, 2020
5693f7f
new cmdlets
grizzlytheodore Aug 13, 2020
cf9a991
Merge branch 'DiskAccess' of https://github.com/Azure/azure-powershel…
grizzlytheodore Aug 13, 2020
64a8391
help docs
grizzlytheodore Aug 13, 2020
7c2bd90
help docs
grizzlytheodore Aug 13, 2020
1cf0903
fix errors
grizzlytheodore Aug 13, 2020
5ab9ff7
Merge branch 'master' into DiskAccess
haagha Aug 14, 2020
9afa4c7
update help
grizzlytheodore Aug 15, 2020
ff6e58e
Merge branch 'DiskAccess' of https://github.com/Azure/azure-powershel…
grizzlytheodore Aug 15, 2020
bfe92ac
Checking in SnapshotConfigTests
haagha Aug 17, 2020
017559c
Merge branch 'DiskAccess' of https://github.com/Azure/azure-powershel…
haagha Aug 17, 2020
fe66c23
remove Online: lines from help doc
grizzlytheodore Aug 17, 2020
17994f6
remove online line
grizzlytheodore Aug 17, 2020
dc37ba3
Merge branch 'DiskAccess' of https://github.com/Azure/azure-powershel…
grizzlytheodore Aug 17, 2020
c66980d
Disk access (#12713)
grizzlytheodore Aug 20, 2020
c359c08
clean up test
grizzlytheodore Aug 20, 2020
7c4f412
changelog.md
grizzlytheodore Aug 20, 2020
f4f79fa
adding parameters to New-AzDiskUpdateConfig
grizzlytheodore Aug 20, 2020
0a55bb0
Merge branch 'master' into DiskAccess
grizzlytheodore Aug 21, 2020
6f8d27b
Improving default testing of New-AzDiskEncryptionSetConfig Encryption…
Sandido Aug 25, 2020
2456cb9
Addressing review comments
haagha Aug 26, 2020
c8da3ed
Merge branch 'master' into DiskAccess
grizzlytheodore Aug 28, 2020
fc6e176
Update ChangeLog.md
grizzlytheodore Aug 28, 2020
eabfda7
Merge branch 'master' into DiskAccess
grizzlytheodore Aug 31, 2020
bc104be
Update New-AzDiskEncryptionSetConfig.md
grizzlytheodore Sep 1, 2020
bbced38
add argument completer
grizzlytheodore Sep 1, 2020
e12dcb6
Merge branch 'master' into DiskAccess
msJinLei Sep 3, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions src/Compute/Compute.Test/ScenarioTests/DiskRPTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -65,5 +65,34 @@ public void TestDiskEncryptionSet()
{
TestRunner.RunTestScript("Test-DiskEncryptionSet");
}

[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
public void TestDiskEncryptionSetConfigEncryptionType()
{
TestRunner.RunTestScript("Test-DiskEncryptionSetConfigEncryptionType");
}

[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
public void TestDiskAccessObject()
{
TestRunner.RunTestScript("Test-DiskAccessObject");
}

[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
public void TestDiskConfigDiskAccessNetworkAccess()
{
TestRunner.RunTestScript("Test-DiskConfigDiskAccessNetworkAccess");
}

[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
public void TestSnapshotConfigDiskAccessNetworkPolicy()
{
TestRunner.RunTestScript("Test-SnapshotConfigDiskAccessNetworkPolicy");
}

}
}
247 changes: 247 additions & 0 deletions src/Compute/Compute.Test/ScenarioTests/DiskRPTests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -921,3 +921,250 @@ function Test-DiskEncryptionSet
$encSet | Remove-AzDiskEncryptionSet -Force;
}
}

<#
.SYNOPSIS
Testing the EncryptionType parameter passed to the Config obejct is inherited by an associated DiskEncryptionSet object.
#>
function Test-DiskEncryptionSetConfigEncryptionType
{
# Setup
$loc = 'centraluseuap';
$rgname = 'adamGroupDES7';
$encryptionName = "enc" + $rgname;

$vaultName1 = 'kv15' + $rgname ;
$vaultName2 = 'kv16' + $rgname ;

try
{
<#
#
# Note: In order to record this test, you need to run the following commands to create KeyValut key and KeyVault secret in a separate Powershell window.
#
Note: In order to record this test, you need to run the following commands to create KeyValut key and KeyVault secret in a separate Powershell window.
$vaultName1 = 'kv15' + $rgname ;
$kekName1 = 'kek15' + $rgname;
$secretname1 = 'mysecret15';
$secretdata1 = 'mysecretvalue15';
$securestring1 = ConvertTo-SecureString $secretdata1 -Force -AsPlainText;

$vaultName2 = 'kv16' + $rgname;
$kekName2 = 'kek15' + $rgname; #not a typo
$secretname2 = 'mysecret16';
$secretdata2 = 'mysecretvalue16';
$securestring2 = ConvertTo-SecureString $secretdata1 -Force -AsPlainText;

New-AzResourceGroup -Name $rgname -Location $loc -Force;
$vault1 = New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgname -Location $loc -Sku Standard;
$vault2 = New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgname -Location $loc -Sku Standard;
$mocksourcevault1 = $vault1.ResourceId;
$mocksourcevault2 = $vault2.ResourceId;
$userPrincipalName = (Get-AzContext).Account.Id;
Set-AzKeyVaultAccessPolicy -VaultName $vaultName1 -ResourceGroupName $rgname -EnabledForDiskEncryption;
Set-AzKeyVaultAccessPolicy -VaultName $vaultName2 -ResourceGroupName $rgname -EnabledForDiskEncryption;
$kek1 = Add-AzKeyVaultKey -VaultName $vaultName1 -Name $kekName1 -Destination "Software";
$kek2 = Add-AzKeyVaultKey -VaultName $vaultName2 -Name $kekName2 -Destination "Software";
$secret1 = Set-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretname1 -SecretValue $securestring1;
$secret2 = Set-AzKeyVaultSecret -VaultName $vaultName2 -Name $secretname2 -SecretValue $securestring2;
$mockkey1 = $kek1.Id
$mockkey2 = $kek2.Id
#>

$mockkey1 = "https://kv15adamgroupdes7.vault.azure.net/keys/kek15adamGroupDES7/74332f302a0e48999415f6f9bbf7430c";
$mockkey2 = "https://kv16adamgroupdes7.vault.azure.net/keys/kek15adamGroupDES7/84412eaa63f344bf8a1b15612f2b36cb";
$subId = Get-SubscriptionIdFromResourceGroup $rgname;
$mocksourcevault1 = '/subscriptions/' + $subId + '/resourceGroups/' + $rgname + '/providers/Microsoft.KeyVault/vaults/' + $vaultName1;
$mocksourcevault2 = '/subscriptions/' + $subId + '/resourceGroups/' + $rgname + '/providers/Microsoft.KeyVault/vaults/' + $vaultName2;

$encryptionType = "EncryptionAtRestWithPlatformAndCustomerKeys";

$encSetConfig = New-AzDiskEncryptionSetConfig -Location $loc -EncryptionType $encryptionType;

$encSetConfigValues = New-AzDiskEncryptionSetConfig -Location $loc -KeyUrl $mockkey1 -SourceVaultId $mocksourcevault1 -EncryptionType $encryptionType -IdentityType "SystemAssigned" `

$encSet = New-AzDiskEncryptionSet -ResourceGroupName $rgname -Name $encryptionName -DiskEncryptionSet $encSetConfigValues;

Assert-NotNull $encSetConfig;
Assert-AreEqual $encSetConfig.EncryptionType $encryptionType;

Assert-NotNull $encSet;
Assert-AreEqual $encryptionType $encSet.EncryptionType;

# Test default EncryptionType value
$encSetConfigDefault = New-AzDiskEncryptionSetConfig -Location $loc -KeyUrl $mockkey2 -SourceVaultId $mocksourcevault2 -IdentityType "SystemAssigned";
Assert-NotNull $encSetConfigDefault;
Assert-AreEqual $encSetDefaultConfig.EncryptionType $null;

$encryptionNameDefault = $encryptionName + "Default";
$encryptionTypeDefault = "EncryptionAtRestWithCustomerKey";

$encSetDefault = New-AzDiskEncryptionSet -ResourceGroupName $rgname -Name $encryptionNameDefault -DiskEncryptionSet $encSetConfigDefault;
Assert-NotNull $encSetDefault;
Assert-AreEqual $encSetDefault.EncryptionType $encryptionTypeDefault;

}
finally
{
# Cleanup
$encSet | Remove-AzDiskEncryptionSet -Force;
$encSetDefault | Remove-AzDiskEncryptionSet -Force;
}
}

<#
.SYNOPSIS
Testing diskAssess object
#>
function Test-DiskAccessObject
{
$rgname = Get-ComputeTestResourceName;
$rgname2 = $rgname + '2';
$diskname1Rg1 = 'diskaccess1' + $rgname;
$diskName2Rg1 = 'diskAccess2' + $rgname;
$diskName3Rg2 = 'diskAccess1' + $rgname2;

try
{
# Common
$loc = "northcentralus";
New-AzResourceGroup -Name $rgname -Location $loc -Force;
New-AzResourceGroup -Name $rgname2 -Location $loc -Force;

#Create DiskAccess1 in ResourceGroup1
New-AzDiskAccess -ResourceGroupName $rgname -Name $diskname1Rg1 -location $loc

#Use Get-AzDiskAccess on DiskAccess1 using Default ParameterSet
$diskAccess1 = Get-AzDiskAccess -ResourceGroupName $rgname -Name $diskname1Rg1
#Use Get-AzDiskAccess on DiskAccess1 using resourceId
$diskAccess1check = Get-AzDiskAccess -resourceId $diskAccess1.id

#check if diskAccess1 is good
Assert-NotNull $diskAccess1
Assert-AreEqual $diskAccess1.Name $diskname1Rg1

#ASSERT check if diskaccess1 and diskaccess1check are same
Assert-AreEqual $diskAccess1.id $diskAccess1check.id

#Create DiskAccess2 in ResourceGroup1
New-AzDiskAccess -ResourceGroupName $rgname -Name $diskname2Rg1 -location $loc

#Use Get-AzDiskAccess by resourceGroupName
$rg1Result = Get-AzDiskAccess -ResourceGroupName $rgname

Assert-AreEqual $rg1Result.count 2

#add DiskAccess3 to ResourceGroup2
New-AzDiskAccess -ResourceGroupName $rgname2 -Name $diskname3Rg2 -location $loc

#use get-azdiskaccess with no parameters. count should be >= 3
$allResult = Get-AzDiskAccess

Assert-True {$allResult.Count -gt 2;}

#remove-AzDiskAccess to DiskAccess1 by resourceId
Remove-AzDiskAccess -resourceid $diskAccess1.id

#Remove-AzDiskAccess to DiskAccess2 by default parameter set
Remove-AzDiskAccess -ResourceGroupName $rgname -Name $diskname2Rg1

#Get-AzDiskAccess by resource group. Count should be 0
$allResult = Get-AzDiskAccess -ResourceGroupName $rgname

Assert-AreEqual $allResult.count 0

}
finally
{
# Cleanup
Clean-ResourceGroup $rgname
Clean-ResourceGroup $rgname2
}
}

<#
.SYNOPSIS
Testing DiskConfig property NetworkAccessPolicy
#>
haagha marked this conversation as resolved.
Show resolved Hide resolved
function Test-DiskConfigDiskAccessNetworkAccess
{
# Setup
$rgname = Get-ComputeTestResourceName;
$diskname0 = 'disk0' + $rgname;

try
{
# Common
$loc = Get-ComputeVMLocation;
New-AzResourceGroup -Name $rgname -Location $loc -Force;

#Testing disk access
$diskAccess = New-AzDiskAccess -ResourceGroupName $rgname -Name "diskaccessname" -location $loc
$diskconfig = New-AzDiskConfig -Location $loc -SkuName 'Standard_LRS' -OsType 'Windows' `
-UploadSizeInBytes 35183298347520 -CreateOption 'Upload' -DiskAccessId $diskAccess.Id;
New-AzDisk -ResourceGroupName $rgname -DiskName $diskname0 -Disk $diskconfig;
$disk = Get-AzDisk -ResourceGroupName $rgname -DiskName $diskname0;

Assert-AreEqual $diskAccess.Id $disk.DiskAccessId;
grizzlytheodore marked this conversation as resolved.
Show resolved Hide resolved

Remove-AzDisk -ResourceGroupName $rgname -DiskName $diskname0 -Force;

$diskconfig2 = New-AzDiskConfig -Location $loc -SkuName 'Standard_LRS' -OsType 'Windows' `
-UploadSizeInBytes 35183298347520 -CreateOption 'Upload' -NetworkAccessPolicy "AllowAll";
New-AzDisk -ResourceGroupName $rgname -DiskName $diskname0 -Disk $diskconfig2;
$disk2 = Get-AzDisk -ResourceGroupName $rgname -DiskName $diskname0;
Assert-AreEqual "AllowAll" $disk2.NetworkAccessPolicy;

}
finally
{
# Cleanup
Clean-ResourceGroup $rgname
}
}

<#
.SYNOPSIS
Testing SnapshotConfig property NetworkAccessPolicy
#>
function Test-SnapshotConfigDiskAccessNetworkPolicy
{
# Setup
$rgname = Get-ComputeTestResourceName;
$snapshotname = 'snapshot' + $rgname;

try
{
# Common
$loc = Get-ComputeVMLocation;
New-AzResourceGroup -Name $rgname -Location $loc -Force;

grizzlytheodore marked this conversation as resolved.
Show resolved Hide resolved
# Config and create test
$diskAccess = New-AzDiskAccess -ResourceGroupName $rgname -Name "diskaccessname" -location $loc

$snapshotconfig = New-AzSnapshotConfig -Location $loc -DiskSizeGB 5 -AccountType Standard_LRS -OsType Windows -CreateOption Empty `
-EncryptionSettingsEnabled $true -HyperVGeneration "V2" -DiskAccessId $diskAccess.Id;

$snapshotconfig.EncryptionSettingsCollection.Enabled = $false;
$snapshotconfig.EncryptionSettingsCollection.EncryptionSettings = $null;
$snapshotconfig.CreationData.ImageReference = $null;
$job = New-AzSnapshot -ResourceGroupName $rgname -SnapshotName $snapshotname -Snapshot $snapshotconfig -AsJob;
$result = $job | Wait-Job;
Assert-AreEqual "Completed" $result.State;

$snapshot = Get-AzSnapshot -ResourceGroupName $rgname
Assert-AreEqual $diskAccess.Id $snapshot.DiskAccessId

# Remove test
$job = Remove-AzSnapshot -ResourceGroupName $rgname -SnapshotName $snapshotname -Force -AsJob;
$result = $job | Wait-Job;
Assert-AreEqual "Completed" $result.State;
$st = $job | Receive-Job;
Verify-PSOperationStatusResponse $st;
}
finally
{
# Cleanup
Clean-ResourceGroup $rgname
}
}
Loading