Skip to content

vm:fix distro check mechanism used by disk encryption #2511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yugangw-msft merged 1 commit into from
Mar 15, 2017
Merged

vm:fix distro check mechanism used by disk encryption #2511

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 11 additions & 8 deletions src/command_modules/azure-cli-vm/azure/cli/command_modules/vm/disk_encryption.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,9 @@ def enable(resource_group_name, vm_name, # pylint: disable=too-many-arguments,t
if is_linux:
image_reference = getattr(vm.storage_profile, 'image_reference', None)
if image_reference:
_check_encrypt_is_supported(image_reference, volume_type)
result, message = _check_encrypt_is_supported(image_reference, volume_type)
if not result:
logger.warning(message)

# sequence_version should be unique
sequence_version = uuid.uuid4()
Expand Down Expand Up @@ -310,7 +312,7 @@ def _check_encrypt_is_supported(image_reference, volume_type):

# custom image?
if not offer or not publisher or not sku:
return True
return (True, None)

supported = [
{
Expand Down Expand Up @@ -347,11 +349,12 @@ def _check_encrypt_is_supported(image_reference, volume_type):
},)

for image in supported:
if (image['publisher'] == publisher and
image['sku'] == sku and
image['offer'].lower().startswith(offer.lower())):
return True
if (image['publisher'].lower() == publisher.lower() and
sku.lower().startswith(image['sku'].lower()) and
offer.lower().startswith(image['offer'].lower())):
return (True, None)

sku_list = ['{} {}'.format(a['offer'], a['sku']) for a in supported]
message = "Encryption is not suppored for current VM. Supported are '{}'".format(sku_list)
raise CLIError(message)
# pylint: disable=line-too-long
message = "Encryption might fail as current VM uses a distro not in the known list, which are '{}'".format(sku_list)
return (False, message)
30 changes: 22 additions & 8 deletions src/command_modules/azure-cli-vm/tests/test_custom_vm_commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
_WINDOWS_ACCESS_EXT)
from azure.cli.command_modules.vm.custom import \
(attach_unmanaged_data_disk, detach_data_disk, get_vmss_instance_view)
from azure.cli.command_modules.vm.disk_encryption import enable, disable
from azure.cli.command_modules.vm.disk_encryption import enable, disable, _check_encrypt_is_supported
from azure.mgmt.compute.models import (NetworkProfile, StorageProfile, DataDisk, OSDisk,
OperatingSystemTypes, InstanceViewStatus,
VirtualMachineExtensionInstanceView,
Expand Down Expand Up @@ -234,13 +234,6 @@ def test_enable_encryption_error_cases_handling(self, mock_get_keyvault_key_url,

self.assertTrue("--aad-client-id or --aad-client-cert-thumbprint" in str(context.exception))

# throw when the linux image does not support encryptions
vm.storage_profile.image_reference = ImageReference(publisher='OpenLogic', offer='centos', sku='7.1')
with self.assertRaises(CLIError) as context:
enable('rg1', 'vm1', 'client_id', faked_keyvault, 'client_secret', volume_type='DATA')

self.assertTrue("Encryption is not suppored for current VM. Supported are" in str(context.exception))

@mock.patch('azure.cli.command_modules.vm.disk_encryption.set_vm', autospec=True)
@mock.patch('azure.cli.command_modules.vm.disk_encryption._compute_client_factory', autospec=True)
def test_disable_encryption_error_cases_handling(self, mock_compute_client_factory, mock_vm_set): # pylint: disable=unused-argument
Expand Down Expand Up @@ -274,6 +267,27 @@ def test_disable_encryption_error_cases_handling(self, mock_compute_client_facto
vm_extension.instance_view.substatuses[0].message = '{}'
disable('rg1', 'vm1', 'DATA')

def test_encryption_distro_check(self):
image = ImageReference(None, 'canonical', 'ubuntuserver', '16.04.0-LTS')
result, msg = _check_encrypt_is_supported(image, 'data')
self.assertTrue(result)
self.assertEqual(None, msg)

image = ImageReference(None, 'OpenLogic', 'CentOS', '7.2n')
result, msg = _check_encrypt_is_supported(image, 'data')
self.assertTrue(result)
self.assertEqual(None, msg)

image = ImageReference(None, 'OpenLogic', 'CentOS', '7.2')
result, msg = _check_encrypt_is_supported(image, 'all')
self.assertFalse(result)
self.assertEqual(msg,
"Encryption might fail as current VM uses a distro not in the known list, which are '['RHEL 7.2', 'RHEL 7.3', 'CentOS 7.2n', 'Ubuntu 14.04', 'Ubuntu 16.04']'")

image = ImageReference(None, 'OpenLogic', 'CentOS', '7.2')
result, msg = _check_encrypt_is_supported(image, 'data')
self.assertTrue(result)

def test_merge_secrets(self):
secret1 = [{
'sourceVault': {'id': '123'},
Expand Down