use of com.microsoft.azure.management.compute.SourceVault in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testDeleteDiskEncryptionSetShouldDeduceValidDiskEncryptionSetNameAndResourceGroupWhenDesAndVaultDoNotHaveSameResourceGroup.
@Test
public void testDeleteDiskEncryptionSetShouldDeduceValidDiskEncryptionSetNameAndResourceGroupWhenDesAndVaultDoNotHaveSameResourceGroup() {
List<CloudResource> resources = getResources("/subscriptions/dummySubscriptionId/resourceGroups/dummyDesResourceGroup/providers/" + "Microsoft.Compute/diskEncryptionSets/dummyDesId");
DiskEncryptionSetDeletionRequest deletionRequest = new DiskEncryptionSetDeletionRequest.Builder().withCloudCredential(cloudCredential).withCloudContext(cloudContext).withCloudResources(resources).build();
initCloudResourceHelper(resources);
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyVaultResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion");
when(azureClient.getDiskEncryptionSetByName(any(), any())).thenReturn(des);
when(azureClientService.getClient(cloudCredential)).thenReturn(azureClient);
when(azureClient.keyVaultExists("dummyVaultResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
initRetry();
underTest.deleteDiskEncryptionSet(deletionRequest);
verify(azureClient).deleteDiskEncryptionSet("dummyDesResourceGroup", "dummyDesId");
verify(azureClient).removeKeyVaultAccessPolicyFromServicePrincipal("dummyVaultResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verify(persistenceNotifier).notifyDeletion(deletionRequest.getCloudResources().iterator().next(), deletionRequest.getCloudContext());
}
use of com.microsoft.azure.management.compute.SourceVault in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetIfNotAlreadyExistsAndCreateNewResourceGroupWhenIsNotSingleResourceGroup.
@Test
public void testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetIfNotAlreadyExistsAndCreateNewResourceGroupWhenIsNotSingleResourceGroup() {
DiskEncryptionSetCreationRequest requestedSet = new DiskEncryptionSetCreationRequest.Builder().withId("uniqueId").withCloudContext(cloudContext).withCloudCredential(cloudCredential).withEncryptionKeyResourceGroupName("dummyResourceGroup").withDiskEncryptionSetResourceGroupName(null).withTags(new HashMap<>()).withEncryptionKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").build();
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion").withTags(new HashMap<>());
ResourceGroup resourceGroup = mock(ResourceGroup.class);
ReflectionTestUtils.setField(des, "id", DES_RESOURCE_ID);
Subscription subscription = mock(Subscription.class);
when(persistenceNotifier.notifyAllocation(any(CloudResource.class), eq(cloudContext))).thenReturn(new ResourcePersisted());
when(subscription.subscriptionId()).thenReturn("dummySubscriptionId");
when(azureUtils.generateDesNameByNameAndId(any(String.class), any(String.class))).thenReturn("dummyEnvName-DES-uniqueId");
when(azureClientService.createAuthenticatedContext(cloudContext, cloudCredential)).thenReturn(authenticatedContext);
when(authenticatedContext.getParameter(AzureClient.class)).thenReturn(azureClient);
when(azureClient.getCurrentSubscription()).thenReturn(subscription);
when(azureClient.getDiskEncryptionSetByName(any(String.class), any(String.class))).thenReturn(null);
when(azureUtils.generateResourceGroupNameByNameAndId(any(String.class), any(String.class))).thenReturn("envName-CDP_DES-uniqueId");
when(azureClient.resourceGroupExists(eq("envName-CDP_DES-uniqueId"))).thenReturn(Boolean.FALSE);
when(azureClient.createResourceGroup(eq("envName-CDP_DES-uniqueId"), eq("dummyRegion"), any(HashMap.class))).thenReturn(resourceGroup);
when(azureClient.createDiskEncryptionSet(any(String.class), any(String.class), any(String.class), any(String.class), any(String.class), any(Map.class))).thenReturn(des);
when(azureClient.keyVaultExists("dummyResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
when(azureClient.checkKeyVaultAccessPolicyForServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID)).thenReturn(true);
initRetry();
// Return the same DES instance to simulate that the poller checker task instantly completed
when(diskEncryptionSetCreationPoller.startPolling(eq(authenticatedContext), any(DiskEncryptionSetCreationCheckerContext.class), eq(des))).thenReturn(des);
CreatedDiskEncryptionSet createdDes = underTest.createDiskEncryptionSet(requestedSet);
assertEquals(createdDes.getDiskEncryptionSetLocation(), "dummyRegion");
assertEquals(createdDes.getDiskEncryptionSetResourceGroupName(), "envName-CDP_DES-uniqueId");
verify(azureClient).grantKeyVaultAccessPolicyToServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verify(azureClient).checkKeyVaultAccessPolicyForServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verify(azureClient).createResourceGroup(eq("envName-CDP_DES-uniqueId"), eq("dummyRegion"), any(HashMap.class));
verifyPersistedResourceGroupAndDiskEncryptionSetCloudResource(resourceGroup.id());
}
use of com.microsoft.azure.management.compute.SourceVault in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testDeleteDiskEncryptionSetShouldDeduceValidDiskEncryptionSetNameAndShouldNotDeleteResourceGroupWhenNotCreatedByCDP.
@Test
public void testDeleteDiskEncryptionSetShouldDeduceValidDiskEncryptionSetNameAndShouldNotDeleteResourceGroupWhenNotCreatedByCDP() {
List<CloudResource> resources = getResources("/subscriptions/dummySubscriptionId/resourceGroups/dummyResourceGroup/providers/" + "Microsoft.Compute/diskEncryptionSets/dummyDesId");
DiskEncryptionSetDeletionRequest deletionRequest = new DiskEncryptionSetDeletionRequest.Builder().withCloudCredential(cloudCredential).withCloudContext(cloudContext).withCloudResources(resources).build();
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyVaultResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion");
initCloudResourceHelper(resources);
when(azureClient.getDiskEncryptionSetByName(any(), any())).thenReturn(des);
when(azureClientService.getClient(cloudCredential)).thenReturn(azureClient);
when(azureClient.keyVaultExists("dummyVaultResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
initRetry();
underTest.deleteDiskEncryptionSet(deletionRequest);
verify(azureClient).deleteDiskEncryptionSet("dummyResourceGroup", "dummyDesId");
verify(azureClient, never()).deleteResourceGroup("dummyResourceGroup");
verify(azureClient).removeKeyVaultAccessPolicyFromServicePrincipal("dummyVaultResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verify(persistenceNotifier).notifyDeletion(deletionRequest.getCloudResources().get(0), deletionRequest.getCloudContext());
}
use of com.microsoft.azure.management.compute.SourceVault in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testCreateDiskEncryptionSetShouldThrowErrorWhenCheckKeyVaultAccessPolicyForServicePrincipalFails.
@Test
public void testCreateDiskEncryptionSetShouldThrowErrorWhenCheckKeyVaultAccessPolicyForServicePrincipalFails() {
DiskEncryptionSetCreationRequest requestedSet = new DiskEncryptionSetCreationRequest.Builder().withId("uniqueId").withCloudContext(cloudContext).withCloudCredential(cloudCredential).withDiskEncryptionSetResourceGroupName("dummyResourceGroup").withEncryptionKeyResourceGroupName("dummyResourceGroup").withTags(new HashMap<>()).withEncryptionKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").build();
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion").withTags(new HashMap<>());
ReflectionTestUtils.setField(des, "id", DES_RESOURCE_ID);
Subscription subscription = mock(Subscription.class);
when(persistenceNotifier.notifyAllocation(any(CloudResource.class), eq(cloudContext))).thenReturn(new ResourcePersisted());
when(subscription.subscriptionId()).thenReturn("dummySubscriptionId");
when(azureUtils.generateDesNameByNameAndId(any(String.class), any(String.class))).thenReturn("dummyEnvName-DES-uniqueId");
when(azureClientService.createAuthenticatedContext(cloudContext, cloudCredential)).thenReturn(authenticatedContext);
when(authenticatedContext.getParameter(AzureClient.class)).thenReturn(azureClient);
when(azureClient.getCurrentSubscription()).thenReturn(subscription);
when(azureClient.getDiskEncryptionSetByName(any(String.class), any(String.class))).thenReturn(null);
when(azureClient.createDiskEncryptionSet(any(String.class), any(String.class), any(String.class), any(String.class), any(String.class), any(Map.class))).thenReturn(des);
when(azureClient.keyVaultExists("dummyResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
when(azureClient.checkKeyVaultAccessPolicyForServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID)).thenReturn(false);
initRetry();
// Return the same DES instance to simulate that the poller checker task instantly completed
when(diskEncryptionSetCreationPoller.startPolling(eq(authenticatedContext), any(DiskEncryptionSetCreationCheckerContext.class), eq(des))).thenReturn(des);
initExceptionConversion();
initActionFailedExceptionConversion();
verifyActionFailedException(CloudConnectorException.class, () -> underTest.createDiskEncryptionSet(requestedSet), "Access policy has not been granted to object Id: desPrincipalId, Retrying ...");
verifyPersistedCloudResource();
}
use of com.microsoft.azure.management.compute.SourceVault in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetWhenDesAndVaultResourceGroupAreDifferentAndDesNotAlreadyExists.
@Test
public void testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetWhenDesAndVaultResourceGroupAreDifferentAndDesNotAlreadyExists() {
DiskEncryptionSetCreationRequest requestedSet = new DiskEncryptionSetCreationRequest.Builder().withId("uniqueId").withCloudContext(cloudContext).withCloudCredential(cloudCredential).withDiskEncryptionSetResourceGroupName("dummyResourceGroup").withEncryptionKeyResourceGroupName("dummyVaultResourceGroup").withTags(new HashMap<>()).withEncryptionKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").build();
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyVaultResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion").withTags(new HashMap<>());
ReflectionTestUtils.setField(des, "id", DES_RESOURCE_ID);
Subscription subscription = mock(Subscription.class);
when(persistenceNotifier.notifyAllocation(any(CloudResource.class), eq(cloudContext))).thenReturn(new ResourcePersisted());
when(subscription.subscriptionId()).thenReturn("dummySubscriptionId");
when(azureUtils.generateDesNameByNameAndId(any(String.class), any(String.class))).thenReturn("dummyEnvName-DES-uniqueId");
when(azureClientService.createAuthenticatedContext(cloudContext, cloudCredential)).thenReturn(authenticatedContext);
when(authenticatedContext.getParameter(AzureClient.class)).thenReturn(azureClient);
when(azureClient.getCurrentSubscription()).thenReturn(subscription);
when(azureClient.getDiskEncryptionSetByName(any(String.class), any(String.class))).thenReturn(null);
when(azureClient.createDiskEncryptionSet(any(String.class), any(String.class), any(String.class), any(String.class), any(String.class), any(Map.class))).thenReturn(des);
when(azureClient.checkKeyVaultAccessPolicyForServicePrincipal("dummyVaultResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID)).thenReturn(true);
initRetry();
// Return the same DES instance to simulate that the poller checker task instantly completed
when(diskEncryptionSetCreationPoller.startPolling(eq(authenticatedContext), any(DiskEncryptionSetCreationCheckerContext.class), eq(des))).thenReturn(des);
when(azureClient.keyVaultExists("dummyVaultResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
CreatedDiskEncryptionSet createdDes = underTest.createDiskEncryptionSet(requestedSet);
assertEquals(createdDes.getDiskEncryptionSetLocation(), "dummyRegion");
assertEquals(createdDes.getDiskEncryptionSetResourceGroupName(), "dummyResourceGroup");
verify(azureClient).grantKeyVaultAccessPolicyToServicePrincipal("dummyVaultResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verify(azureClient).checkKeyVaultAccessPolicyForServicePrincipal("dummyVaultResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verifyPersistedCloudResource();
}
Aggregations