Skip to content

[Compute] Disk encryption set: add --enable-auto-key-rotation #17577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
qwordy merged 10 commits into from
Apr 9, 2021
Merged

[Compute] Disk encryption set: add --enable-auto-key-rotation #17577

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4e44081
[Compute] Disk encryption set: add --enable-auto-key-rotation
qwordy Apr 6, 2021
f12554a
Merge branch 'dev' of https://github.com/Azure/azure-cli into 17064
qwordy Apr 8, 2021
4271085
compute 20.0.0, disk 2020-12-01
qwordy Apr 8, 2021
b3497d9
fix test
qwordy Apr 8, 2021
16b42fa
test
qwordy Apr 8, 2021
5fe8056
test_disk_access
qwordy Apr 8, 2021
323bf84
Merge branch 'dev' of https://github.com/Azure/azure-cli into 17064
qwordy Apr 8, 2021
e6de147
Merge branch 'dev' of https://github.com/Azure/azure-cli into 17064
qwordy Apr 8, 2021
87d274e
fix network
qwordy Apr 8, 2021
c4db032
merge
qwordy Apr 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/azure-cli-core/azure/cli/core/profiles/_shared.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,8 +139,8 @@ def default_api_version(self):
ResourceType.MGMT_NETWORK: '2020-11-01',
ResourceType.MGMT_COMPUTE: SDKProfile('2020-12-01', {
'resource_skus': '2019-04-01',
'disks': '2020-09-30',
'disk_encryption_sets': '2020-06-30',
'disks': '2020-12-01',

@yungezz yungezz Apr 7, 2021

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

re-recording tests?

@qwordy qwordy Apr 7, 2021

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No SDK now. I wrote this PR in advance.

'disk_encryption_sets': '2020-12-01',
'disk_accesses': '2020-05-01',
'snapshots': '2020-05-01',
'galleries': '2019-12-01',
Expand Down
518 changes: 307 additions & 211 deletions ...nd_modules/network/tests/latest/recordings/test_private_endpoint_connection_cosmosdb.yaml
View file
Open in desktop

Large diffs are not rendered by default.

111 changes: 79 additions & 32 deletions .../command_modules/network/tests/latest/recordings/test_private_link_resource_cosmosdb.yaml
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions src/azure-cli/azure/cli/command_modules/vm/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -987,6 +987,9 @@ def load_arguments(self, _):
help='The type of key used to encrypt the data of the disk. EncryptionAtRestWithPlatformKey: Disk is encrypted at rest with Platform managed key. It is the default encryption type. EncryptionAtRestWithCustomerKey: Disk is encrypted at rest with Customer managed key that can be changed and revoked by a customer. EncryptionAtRestWithPlatformAndCustomerKeys: Disk is encrypted at rest with 2 layers of encryption. One of the keys is Customer managed and the other key is Platform managed.')
c.argument('location', validator=get_default_location_from_resource_group)
c.argument('tags', tags_type)
c.argument('enable_auto_key_rotation', arg_type=get_three_state_flag(), min_api='2020-12-01',
options_list=['--enable-auto-key-rotation', '--auto-rotation'],
help='Enable automatic rotation of keys.')
# endregion

# region DiskAccess
Expand Down
15 changes: 10 additions & 5 deletions src/azure-cli/azure/cli/command_modules/vm/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3663,8 +3663,9 @@ def _set_log_analytics_workspace_extension(cmd, resource_group_name, vm, vm_name


# disk encryption set
def create_disk_encryption_set(cmd, client, resource_group_name, disk_encryption_set_name,
key_url, source_vault, encryption_type=None, location=None, tags=None, no_wait=False):
def create_disk_encryption_set(
cmd, client, resource_group_name, disk_encryption_set_name, key_url, source_vault, encryption_type=None,
location=None, tags=None, no_wait=False, enable_auto_key_rotation=None):
from msrestazure.tools import resource_id, is_valid_resource_id
from azure.cli.core.commands.client_factory import get_subscription_id
DiskEncryptionSet, EncryptionSetIdentity, KeyVaultAndKeyReference, SourceVault = cmd.get_models(
Expand All @@ -3674,9 +3675,10 @@ def create_disk_encryption_set(cmd, client, resource_group_name, disk_encryption
source_vault = resource_id(subscription=get_subscription_id(cmd.cli_ctx), resource_group=resource_group_name,
namespace='Microsoft.KeyVault', type='vaults', name=source_vault)
source_vault = SourceVault(id=source_vault)
keyVault_and_key_reference = KeyVaultAndKeyReference(source_vault=source_vault, key_url=key_url)
key_vault_and_key_reference = KeyVaultAndKeyReference(source_vault=source_vault, key_url=key_url)

@yungezz yungezz Apr 8, 2021

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor, but old name makes more sense

disk_encryption_set = DiskEncryptionSet(location=location, tags=tags, identity=encryption_set_identity,
active_key=keyVault_and_key_reference, encryption_type=encryption_type)
active_key=key_vault_and_key_reference, encryption_type=encryption_type,
rotation_to_latest_key_version_enabled=enable_auto_key_rotation)
return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, disk_encryption_set_name,
disk_encryption_set)

Expand All @@ -3687,7 +3689,8 @@ def list_disk_encryption_sets(cmd, client, resource_group_name=None):
return client.list()


def update_disk_encryption_set(cmd, instance, client, resource_group_name, key_url=None, source_vault=None):
def update_disk_encryption_set(cmd, instance, client, resource_group_name, key_url=None, source_vault=None,
enable_auto_key_rotation=None):
from msrestazure.tools import resource_id, is_valid_resource_id
from azure.cli.core.commands.client_factory import get_subscription_id
if not is_valid_resource_id(source_vault):
Expand All @@ -3697,6 +3700,8 @@ def update_disk_encryption_set(cmd, instance, client, resource_group_name, key_u
instance.active_key.key_url = key_url
if source_vault:
instance.active_key.source_vault.id = source_vault
if enable_auto_key_rotation is not None:
instance.rotation_to_latest_key_version_enabled = enable_auto_key_rotation
return instance

# endregion
Expand Down
Loading