Skip to content

Commit

Permalink
UserAssignedIdentities (#18682)
Browse files Browse the repository at this point in the history
* update sdk to latest

* update add-azvm/vmss GalleryApplicationVersion

* update

* update

* changelog

Co-authored-by: Theodore Chang <[email protected]>
  • Loading branch information
grizzlytheodore and Theodore Chang authored Jun 23, 2022
1 parent 0e06eab commit 68efd12
Show file tree
Hide file tree
Showing 18 changed files with 335 additions and 42 deletions.
2 changes: 1 addition & 1 deletion src/Compute/Compute.Test/Compute.Test.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

<ItemGroup>
<PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.4.0-preview" />
<PackageReference Include="Microsoft.Azure.Management.Compute" Version="55.0.0" />
<PackageReference Include="Microsoft.Azure.Management.Compute" Version="56.0.0" />
<PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="4.0.0-preview.1" />
<PackageReference Include="Microsoft.Azure.Management.Network" Version="22.0.0" />
</ItemGroup>
Expand Down
4 changes: 4 additions & 0 deletions src/Compute/Compute/ChangeLog.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@
* An unresolved path can be passed in for '-LocalFilePath' for `Add-AzVhd`. The cmdlet with unresolve the path itself.
* Added `-DataAccessAuthMode` parameter to Add-AzVhd DirectUploadToManagedDisk parameter set.
* Added `-EnabldUltraSSD` parameter to New-AzHostGroup.
* Added `-UserAssignedIdentity` and `-FederatedClientId` to the following cmdlets:
- `New-AzDiskEncryptionSetConfig`
- `Update-AzDiskEncryptionSet`
* Added `-TreatFailureAsDeploymentFailure` to cmdlets `Add-AzVmGalleryApplication` and `Add-AzVmssGalleryApplication`

## Version 4.27.0
* Edited `New-AzVm` cmdlet internal logic to use the `PlatformFaultDomain` value in the `PSVirtualMachine` object passed to it in the new virtual machine.
Expand Down
2 changes: 1 addition & 1 deletion src/Compute/Compute/Compute.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

<ItemGroup>
<PackageReference Include="AutoMapper" Version="6.2.2" />
<PackageReference Include="Microsoft.Azure.Management.Compute" Version="55.0.0" />
<PackageReference Include="Microsoft.Azure.Management.Compute" Version="56.0.0" />
<PackageReference Include="System.Security.Permissions" Version="4.5.0" />
<PackageReference Include="System.ServiceModel.Primitives" Version="4.7.0" />
<PackageReference Include="WindowsAzure.Storage" Version="9.3.0" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,17 @@ public partial class NewAzureRmDiskEncryptionSetConfigCommand : Microsoft.Azure.
HelpMessage = "Gets or sets set this flag to true to enable auto-updating of this disk encryption")]
public bool? RotationToLatestKeyVersionEnabled { get; set; }

[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "Multi-tenant application client id to access key vault in a different tenant.")]
public string FederatedClientId { get; set; }

[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.")]
public Hashtable UserAssignedIdentity { get; set; }

protected override void ProcessRecord()
{
Expand Down Expand Up @@ -127,14 +138,41 @@ private void Run()
vActiveKey.KeyUrl = this.KeyUrl;
}

if (this.IsParameterBound(c => c.UserAssignedIdentity))
{
if (vIdentity == null)
{
vIdentity = new EncryptionSetIdentity();
}
if (vIdentity.UserAssignedIdentities == null)
{
vIdentity.UserAssignedIdentities = new Dictionary<string, EncryptionSetIdentityUserAssignedIdentitiesValue>();
}

foreach (DictionaryEntry de in this.UserAssignedIdentity)
{
if (((Hashtable)de.Value).Count == 0)
{
vIdentity.UserAssignedIdentities.Add(de.Key.ToString(), new EncryptionSetIdentityUserAssignedIdentitiesValue());
}
else
{
string principalId = ((Hashtable)de.Value)["principalId"]?.ToString();
string clientId = ((Hashtable)de.Value)["clientId"]?.ToString();
vIdentity.UserAssignedIdentities.Add(de.Key.ToString(), new EncryptionSetIdentityUserAssignedIdentitiesValue(principalId, clientId));
}
}
}

var vDiskEncryptionSet = new PSDiskEncryptionSet
{
Location = this.IsParameterBound(c => c.Location) ? this.Location : null,
Tags = this.IsParameterBound(c => c.Tag) ? this.Tag.Cast<DictionaryEntry>().ToDictionary(ht => (string)ht.Key, ht => (string)ht.Value) : null,
EncryptionType = this.IsParameterBound(c => c.EncryptionType) ? this.EncryptionType : null,
Identity = vIdentity,
ActiveKey = vActiveKey,
RotationToLatestKeyVersionEnabled = this.IsParameterBound(c => c.RotationToLatestKeyVersionEnabled) ? this.RotationToLatestKeyVersionEnabled : null
RotationToLatestKeyVersionEnabled = this.IsParameterBound(c => c.RotationToLatestKeyVersionEnabled) ? this.RotationToLatestKeyVersionEnabled : null,
FederatedClientId = this.IsParameterBound(c => c.FederatedClientId) ? this.FederatedClientId : null
};

WriteObject(vDiskEncryptionSet);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -141,16 +141,29 @@ public override void ExecuteCmdlet()
[Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
public SwitchParameter AsJob { get; set; }

[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "Multi-tenant application client id to access key vault in a different tenant. Setting value to 'None' will clear the property.")]
public string FederatedClientId { get; set; }

[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.")]
public Hashtable UserAssignedIdentity { get; set; }

private DiskEncryptionSetUpdate DiskEncryptionSetUpdate { get; set; }

private void BuildPatchObject()
{
if (this.DiskEncryptionSetUpdate == null)
{
this.DiskEncryptionSetUpdate = new DiskEncryptionSetUpdate();
}

if (this.IsParameterBound(c => c.KeyUrl))
{
if (this.DiskEncryptionSetUpdate == null)
{
this.DiskEncryptionSetUpdate = new DiskEncryptionSetUpdate();
}
if (this.DiskEncryptionSetUpdate.ActiveKey == null)
{
//this.DiskEncryptionSetUpdate.ActiveKey = new KeyVaultAndKeyReference();
Expand All @@ -161,10 +174,6 @@ private void BuildPatchObject()

if (this.IsParameterBound(c => c.SourceVaultId))
{
if (this.DiskEncryptionSetUpdate == null)
{
this.DiskEncryptionSetUpdate = new DiskEncryptionSetUpdate();
}
if (this.DiskEncryptionSetUpdate.ActiveKey == null)
{
//this.DiskEncryptionSetUpdate.ActiveKey = new KeyVaultAndKeyReference();
Expand All @@ -179,20 +188,43 @@ private void BuildPatchObject()

if (this.IsParameterBound(c => c.Tag))
{
if (this.DiskEncryptionSetUpdate == null)
{
this.DiskEncryptionSetUpdate = new DiskEncryptionSetUpdate();
}
this.DiskEncryptionSetUpdate.Tags = this.Tag.Cast<DictionaryEntry>().ToDictionary(ht => (string)ht.Key, ht => (string)ht.Value);
}

if(this.IsParameterBound(c => c.RotationToLatestKeyVersionEnabled))
{
if (this.DiskEncryptionSetUpdate == null)
this.DiskEncryptionSetUpdate.RotationToLatestKeyVersionEnabled = this.RotationToLatestKeyVersionEnabled;
}

if(this.IsParameterBound(c => c.FederatedClientId))
{
this.DiskEncryptionSetUpdate.FederatedClientId = this.FederatedClientId;
}

if (this.IsParameterBound(c => c.UserAssignedIdentity))
{
if (this.DiskEncryptionSetUpdate.Identity == null)
{
this.DiskEncryptionSetUpdate = new DiskEncryptionSetUpdate();
this.DiskEncryptionSetUpdate.Identity = new EncryptionSetIdentity();
}
if (this.DiskEncryptionSetUpdate.Identity.UserAssignedIdentities == null)
{
this.DiskEncryptionSetUpdate.Identity.UserAssignedIdentities = new Dictionary<string, EncryptionSetIdentityUserAssignedIdentitiesValue>();
}

foreach (DictionaryEntry de in this.UserAssignedIdentity)
{
if (((Hashtable)de.Value).Count == 0)
{
this.DiskEncryptionSetUpdate.Identity.UserAssignedIdentities.Add(de.Key.ToString(), new EncryptionSetIdentityUserAssignedIdentitiesValue());
}
else
{
string principalId = ((Hashtable)de.Value)["principalId"]?.ToString();
string clientId = ((Hashtable)de.Value)["clientId"]?.ToString();
this.DiskEncryptionSetUpdate.Identity.UserAssignedIdentities.Add(de.Key.ToString(), new EncryptionSetIdentityUserAssignedIdentitiesValue(principalId, clientId));
}
}
this.DiskEncryptionSetUpdate.RotationToLatestKeyVersionEnabled = this.RotationToLatestKeyVersionEnabled;
}
}

Expand Down Expand Up @@ -230,6 +262,36 @@ private void BuildPutObject()
this.InputObject.RotationToLatestKeyVersionEnabled = this.RotationToLatestKeyVersionEnabled;
}

if (this.IsParameterBound(c => c.FederatedClientId))
{
this.InputObject.FederatedClientId = this.FederatedClientId;
}

if (this.IsParameterBound(c => c.UserAssignedIdentity))
{
if (this.InputObject.Identity == null)
{
this.InputObject.Identity = new EncryptionSetIdentity();
}
if (this.InputObject.Identity.UserAssignedIdentities == null)
{
this.InputObject.Identity.UserAssignedIdentities = new Dictionary<string, EncryptionSetIdentityUserAssignedIdentitiesValue>();
}

foreach (DictionaryEntry de in this.UserAssignedIdentity)
{
if (((Hashtable)de.Value).Count == 0)
{
this.InputObject.Identity.UserAssignedIdentities.Add(de.Key.ToString(), new EncryptionSetIdentityUserAssignedIdentitiesValue());
}
else
{
string principalId = ((Hashtable)de.Value)["principalId"]?.ToString();
string clientId = ((Hashtable)de.Value)["clientId"]?.ToString();
this.InputObject.Identity.UserAssignedIdentities.Add(de.Key.ToString(), new EncryptionSetIdentityUserAssignedIdentitiesValue(principalId, clientId));
}
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ public class AddAzureVmGalleryApplicationCommand : Microsoft.Azure.Commands.Reso
Mandatory = false)]
public int Order { get; set; }

[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "If true, any failure for any operation in the VmApplication will fail the deployment. Defaults to false if not specified.")]
public SwitchParameter TreatFailureAsDeploymentFailure { get; set; }

public override void ExecuteCmdlet()
{
if (VM.ApplicationProfile == null)
Expand All @@ -57,6 +63,11 @@ public override void ExecuteCmdlet()
GalleryApplication.Order = this.Order;
}

if (this.TreatFailureAsDeploymentFailure.IsPresent)
{
GalleryApplication.TreatFailureAsDeploymentFailure = true;
}

VM.ApplicationProfile.GalleryApplications.Add(GalleryApplication);

WriteObject(VM);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,12 @@ public class AddAzureVmssGalleryApplicationCommand : Microsoft.Azure.Commands.Re
HelpMessage = "VM Gallery Application Object.")]
public PSVMGalleryApplication GalleryApplication { get; set; }

[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "If true, any failure for any operation in the VmApplication will fail the deployment. Defaults to false if not specified.")]
public SwitchParameter TreatFailureAsDeploymentFailure { get; set; }

[Parameter(
Mandatory = false)]
public int Order { get; set; }
Expand All @@ -56,6 +62,11 @@ public override void ExecuteCmdlet()
GalleryApplication.Order = this.Order;
}

if (this.TreatFailureAsDeploymentFailure.IsPresent)
{
GalleryApplication.TreatFailureAsDeploymentFailure = true;
}

VirtualMachineScaleSetVM.ApplicationProfile.GalleryApplications.Add(GalleryApplication);

WriteObject(VirtualMachineScaleSetVM);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ public string ResourceGroupName
public IDictionary<string, string> Tags { get; set; }
public string EncryptionType { get; set; }
public bool? RotationToLatestKeyVersionEnabled { get; set; }
public string FederatedClientId { get; set; }

}
}
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ public partial class PSVMGalleryApplication
public int? Order { get; set; }
public string PackageReferenceId { get; set; }
public string ConfigurationReference { get; set; }
public bool? TreatFailureAsDeploymentFailure { get; set; }
public bool? EnableAutomaticUpgrade { get; set; }

}
}
Loading

0 comments on commit 68efd12

Please sign in to comment.