Search in sources :

Example 11 with EncryptionSetIdentity

use of com.microsoft.azure.management.compute.EncryptionSetIdentity in project cloudbreak by hortonworks.

the class AzureEncryptionResourcesTest method testDeleteDiskEncryptionSetShouldDeduceValidDiskEncryptionSetNameAndCheckAndDeleteResourceGroupWhenDesResourceGroupIsCreatedByCDP.

@Test
public void testDeleteDiskEncryptionSetShouldDeduceValidDiskEncryptionSetNameAndCheckAndDeleteResourceGroupWhenDesResourceGroupIsCreatedByCDP() {
    CloudResource desCloudResource = new CloudResource.Builder().name("Des").type(AZURE_DISK_ENCRYPTION_SET).reference("/subscriptions/dummySubscriptionId/resourceGroups/dummy-CDP_DES-ResourceGroup/providers/" + "Microsoft.Compute/diskEncryptionSets/dummyDesId").status(CREATED).build();
    CloudResource rgCloudResource = new CloudResource.Builder().name("dummy-CDP_DES-ResourceGroup").type(AZURE_RESOURCE_GROUP).reference("uniqueDummyId").status(CREATED).build();
    List<CloudResource> resources = List.of(desCloudResource, rgCloudResource);
    DiskEncryptionSetDeletionRequest deletionRequest = new DiskEncryptionSetDeletionRequest.Builder().withCloudCredential(cloudCredential).withCloudContext(cloudContext).withCloudResources(resources).build();
    EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
    ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
    DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyVaultResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion");
    when(cloudResourceHelper.getResourceTypeFromList(AZURE_DISK_ENCRYPTION_SET, resources)).thenReturn(resources.isEmpty() ? Optional.empty() : Optional.of(resources.get(0)));
    when(cloudResourceHelper.getResourceTypeFromList(AZURE_RESOURCE_GROUP, resources)).thenReturn(resources.isEmpty() ? Optional.empty() : Optional.of(resources.get(1)));
    when(azureClient.getDiskEncryptionSetByName(any(), any())).thenReturn(des);
    when(azureClientService.getClient(cloudCredential)).thenReturn(azureClient);
    when(azureClient.resourceGroupExists(eq("dummy-CDP_DES-ResourceGroup"))).thenReturn(Boolean.TRUE);
    when(azureClient.keyVaultExists("dummyVaultResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
    initRetry();
    underTest.deleteDiskEncryptionSet(deletionRequest);
    verify(azureClient).deleteDiskEncryptionSet("dummy-CDP_DES-ResourceGroup", "dummyDesId");
    verify(azureClient).removeKeyVaultAccessPolicyFromServicePrincipal("dummyVaultResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
    verify(azureClient).deleteResourceGroup("dummy-CDP_DES-ResourceGroup");
    verify(persistenceNotifier).notifyDeletion(deletionRequest.getCloudResources().get(0), deletionRequest.getCloudContext());
    verify(persistenceNotifier).notifyDeletion(deletionRequest.getCloudResources().get(1), deletionRequest.getCloudContext());
}
Also used : SourceVault(com.microsoft.azure.management.compute.SourceVault) KeyForDiskEncryptionSet(com.microsoft.azure.management.compute.KeyForDiskEncryptionSet) DiskEncryptionSetDeletionRequest(com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetDeletionRequest) EncryptionSetIdentity(com.microsoft.azure.management.compute.EncryptionSetIdentity) DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner) CloudResource(com.sequenceiq.cloudbreak.cloud.model.CloudResource) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 12 with EncryptionSetIdentity

use of com.microsoft.azure.management.compute.EncryptionSetIdentity in project cloudbreak by hortonworks.

the class AzureEncryptionResourcesTest method testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetIfNotAlreadyExistsAndGrantKeyVaultAccessPolicyError.

@Test
public void testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetIfNotAlreadyExistsAndGrantKeyVaultAccessPolicyError() {
    DiskEncryptionSetCreationRequest requestedSet = new DiskEncryptionSetCreationRequest.Builder().withId("uniqueId").withCloudContext(cloudContext).withCloudCredential(cloudCredential).withDiskEncryptionSetResourceGroupName("dummyResourceGroup").withEncryptionKeyResourceGroupName("dummyResourceGroup").withTags(new HashMap<>()).withEncryptionKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").build();
    EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
    ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
    DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion").withTags(new HashMap<>());
    ReflectionTestUtils.setField(des, "id", DES_RESOURCE_ID);
    Subscription subscription = mock(Subscription.class);
    when(persistenceNotifier.notifyAllocation(any(CloudResource.class), eq(cloudContext))).thenReturn(new ResourcePersisted());
    when(subscription.subscriptionId()).thenReturn("dummySubscriptionId");
    when(azureUtils.generateDesNameByNameAndId(any(String.class), any(String.class))).thenReturn("dummyEnvName-DES-uniqueId");
    when(azureClientService.createAuthenticatedContext(cloudContext, cloudCredential)).thenReturn(authenticatedContext);
    when(authenticatedContext.getParameter(AzureClient.class)).thenReturn(azureClient);
    when(azureClient.getCurrentSubscription()).thenReturn(subscription);
    when(azureClient.getDiskEncryptionSetByName(any(String.class), any(String.class))).thenReturn(null);
    when(azureClient.createDiskEncryptionSet(any(String.class), any(String.class), any(String.class), any(String.class), any(String.class), any(Map.class))).thenReturn(des);
    when(azureClient.keyVaultExists("dummyResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
    initRetry();
    // Return the same DES instance to simulate that the poller checker task instantly completed
    when(diskEncryptionSetCreationPoller.startPolling(eq(authenticatedContext), any(DiskEncryptionSetCreationCheckerContext.class), eq(des))).thenReturn(des);
    doThrow(new UnsupportedOperationException("Serious problem")).when(azureClient).grantKeyVaultAccessPolicyToServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
    initExceptionConversion();
    initActionFailedExceptionConversion();
    verifyActionFailedException(UnsupportedOperationException.class, () -> underTest.createDiskEncryptionSet(requestedSet), "Serious problem");
    verifyPersistedCloudResource();
}
Also used : SourceVault(com.microsoft.azure.management.compute.SourceVault) KeyForDiskEncryptionSet(com.microsoft.azure.management.compute.KeyForDiskEncryptionSet) HashMap(java.util.HashMap) ResourcePersisted(com.sequenceiq.cloudbreak.cloud.notification.model.ResourcePersisted) DiskEncryptionSetCreationCheckerContext(com.sequenceiq.cloudbreak.cloud.azure.task.diskencryptionset.DiskEncryptionSetCreationCheckerContext) EncryptionSetIdentity(com.microsoft.azure.management.compute.EncryptionSetIdentity) DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner) CloudResource(com.sequenceiq.cloudbreak.cloud.model.CloudResource) Subscription(com.microsoft.azure.management.resources.Subscription) Map(java.util.Map) HashMap(java.util.HashMap) DiskEncryptionSetCreationRequest(com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetCreationRequest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 13 with EncryptionSetIdentity

use of com.microsoft.azure.management.compute.EncryptionSetIdentity in project cloudbreak by hortonworks.

the class AzureEncryptionResourcesTest method testCreateDiskEncryptionSetShouldReturnExistingDiskEncryptionSetWithoutPolling.

@Test
public void testCreateDiskEncryptionSetShouldReturnExistingDiskEncryptionSetWithoutPolling() {
    DiskEncryptionSetCreationRequest requestedSet = new DiskEncryptionSetCreationRequest.Builder().withId("uniqueId").withCloudContext(cloudContext).withCloudCredential(cloudCredential).withDiskEncryptionSetResourceGroupName("dummyResourceGroup").withEncryptionKeyResourceGroupName("dummyResourceGroup").withTags(new HashMap<>()).withEncryptionKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").build();
    EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
    ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
    DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion").withTags(new HashMap<>());
    ReflectionTestUtils.setField(des, "id", DES_RESOURCE_ID);
    Subscription subscription = mock(Subscription.class);
    when(persistenceNotifier.notifyAllocation(any(CloudResource.class), eq(cloudContext))).thenReturn(new ResourcePersisted());
    when(subscription.subscriptionId()).thenReturn("dummySubscriptionId");
    when(azureUtils.generateDesNameByNameAndId(any(String.class), any(String.class))).thenReturn("dummyEnvName-DES-uniqueId");
    when(azureClientService.createAuthenticatedContext(cloudContext, cloudCredential)).thenReturn(authenticatedContext);
    when(authenticatedContext.getParameter(AzureClient.class)).thenReturn(azureClient);
    when(azureClient.getCurrentSubscription()).thenReturn(subscription);
    when(azureClient.getDiskEncryptionSetByName(any(String.class), any(String.class))).thenReturn(des);
    when(azureClient.keyVaultExists("dummyResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
    when(azureClient.checkKeyVaultAccessPolicyForServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID)).thenReturn(true);
    initRetry();
    // Return the same DES instance to simulate that the poller checker task instantly completed
    when(diskEncryptionSetCreationPoller.startPolling(eq(authenticatedContext), any(DiskEncryptionSetCreationCheckerContext.class), eq(des))).thenReturn(des);
    CreatedDiskEncryptionSet createdDes = underTest.createDiskEncryptionSet(requestedSet);
    assertEquals(createdDes.getDiskEncryptionSetLocation(), "dummyRegion");
    assertEquals(createdDes.getDiskEncryptionSetResourceGroupName(), "dummyResourceGroup");
    assertThat(createdDes.getDiskEncryptionSetId()).isEqualTo(DES_RESOURCE_ID);
    verify(azureClient, never()).createDiskEncryptionSet(any(String.class), any(String.class), any(String.class), any(String.class), any(String.class), any(Map.class));
    verify(azureClient).grantKeyVaultAccessPolicyToServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
    verify(azureClient).checkKeyVaultAccessPolicyForServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
    verifyPersistedCloudResource();
}
Also used : SourceVault(com.microsoft.azure.management.compute.SourceVault) KeyForDiskEncryptionSet(com.microsoft.azure.management.compute.KeyForDiskEncryptionSet) HashMap(java.util.HashMap) ResourcePersisted(com.sequenceiq.cloudbreak.cloud.notification.model.ResourcePersisted) CreatedDiskEncryptionSet(com.sequenceiq.cloudbreak.cloud.model.encryption.CreatedDiskEncryptionSet) DiskEncryptionSetCreationCheckerContext(com.sequenceiq.cloudbreak.cloud.azure.task.diskencryptionset.DiskEncryptionSetCreationCheckerContext) EncryptionSetIdentity(com.microsoft.azure.management.compute.EncryptionSetIdentity) DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner) CloudResource(com.sequenceiq.cloudbreak.cloud.model.CloudResource) Subscription(com.microsoft.azure.management.resources.Subscription) Map(java.util.Map) HashMap(java.util.HashMap) DiskEncryptionSetCreationRequest(com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetCreationRequest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 14 with EncryptionSetIdentity

use of com.microsoft.azure.management.compute.EncryptionSetIdentity in project cloudbreak by hortonworks.

the class DiskEncryptionSetCreationCheckerTaskTest method createDes.

private static DiskEncryptionSetInner createDes(String id, boolean withIdentity, String principalObjectId) {
    DiskEncryptionSetInner des = mock(DiskEncryptionSetInner.class);
    when(des.id()).thenReturn(id);
    if (withIdentity) {
        EncryptionSetIdentity identity = mock(EncryptionSetIdentity.class);
        when(des.identity()).thenReturn(identity);
        when(identity.principalId()).thenReturn(principalObjectId);
    }
    return des;
}
Also used : DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner) EncryptionSetIdentity(com.microsoft.azure.management.compute.EncryptionSetIdentity)

Aggregations

EncryptionSetIdentity (com.microsoft.azure.management.compute.EncryptionSetIdentity)14 DiskEncryptionSetInner (com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner)14 KeyForDiskEncryptionSet (com.microsoft.azure.management.compute.KeyForDiskEncryptionSet)13 SourceVault (com.microsoft.azure.management.compute.SourceVault)13 CloudResource (com.sequenceiq.cloudbreak.cloud.model.CloudResource)12 Test (org.junit.jupiter.api.Test)12 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)12 Subscription (com.microsoft.azure.management.resources.Subscription)7 DiskEncryptionSetCreationCheckerContext (com.sequenceiq.cloudbreak.cloud.azure.task.diskencryptionset.DiskEncryptionSetCreationCheckerContext)7 DiskEncryptionSetCreationRequest (com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetCreationRequest)7 ResourcePersisted (com.sequenceiq.cloudbreak.cloud.notification.model.ResourcePersisted)7 HashMap (java.util.HashMap)7 Map (java.util.Map)7 CreatedDiskEncryptionSet (com.sequenceiq.cloudbreak.cloud.model.encryption.CreatedDiskEncryptionSet)5 DiskEncryptionSetDeletionRequest (com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetDeletionRequest)5 ResourceGroup (com.microsoft.azure.management.resources.ResourceGroup)1