Example 11 with DiskEncryptionSetInner
use of com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner in project cloudbreak by hortonworks.
the class AzureClient method createDiskEncryptionSet.
public DiskEncryptionSetInner createDiskEncryptionSet(String diskEncryptionSetName, String encryptionKeyUrl, String location, String resourceGroupName, String sourceVaultId, Map<String, String> tags) {
return handleAuthException(() -> {
// The Disk encryption set operations are not exposed in public API, so have to rely on underlying DiskEncryptionSetsInner
DiskEncryptionSetInner desIn = createDiskEncryptionSetInner(sourceVaultId, encryptionKeyUrl, location, tags);
DiskEncryptionSetsInner dSetsIn = computeManager.inner().diskEncryptionSets();
return dSetsIn.createOrUpdate(resourceGroupName, diskEncryptionSetName, desIn);
});
}
Also used :
DiskEncryptionSetsInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetsInner)
DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner)
Example 12 with DiskEncryptionSetInner
use of com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner in project cloudbreak by hortonworks.
the class DiskEncryptionSetCreationPoller method startPolling.
public DiskEncryptionSetInner startPolling(AuthenticatedContext authenticatedContext, DiskEncryptionSetCreationCheckerContext checkerContext, DiskEncryptionSetInner desInitial) {
try {
PollTask<DiskEncryptionSetInner> checkerTask = azurePollTaskFactory.diskEncryptionSetCreationCheckerTask(requireNonNull(authenticatedContext), requireNonNull(checkerContext));
String resourceGroupName = checkerContext.getResourceGroupName();
String diskEncryptionSetName = checkerContext.getDiskEncryptionSetName();
DiskEncryptionSetInner result = desInitial;
if (checkerTask.completed(result)) {
LOGGER.info("Creation of Disk Encryption Set \"{}\" in Resource Group \"{}\" has already completed.", diskEncryptionSetName, resourceGroupName);
} else {
LOGGER.info("Start polling the creation of Disk Encryption Set \"{}\" in Resource Group \"{}\".", diskEncryptionSetName, resourceGroupName);
result = syncPollingScheduler.schedule(checkerTask, creationCheckInterval, creationCheckMaxAttempt, maxTolerableFailureNumber);
LOGGER.info("Polling finished, creation of Disk Encryption Set \"{}\" in Resource Group \"{}\" is complete.", diskEncryptionSetName, resourceGroupName);
}
return result;
} catch (Exception e) {
LOGGER.error("Disk Encryption Set creation failed, context=" + checkerContext, e);
throw azureUtils.convertToCloudConnectorException(e, "Disk Encryption Set creation");
}
}
Also used :
DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner)
Example 13 with DiskEncryptionSetInner
use of com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testDeleteDiskEncryptionSetShouldThrowExceptionWhenVaultResourceGroupIsNotFound.
@Test
public void testDeleteDiskEncryptionSetShouldThrowExceptionWhenVaultResourceGroupIsNotFound() {
List<CloudResource> resources = getResources("/subscriptions/dummySubscriptionId/resourceGroups/dummyDesResourceGroup/providers/" + "Microsoft.Compute/diskEncryptionSets/dummyDesId");
DiskEncryptionSetDeletionRequest deletionRequest = new DiskEncryptionSetDeletionRequest.Builder().withCloudCredential(cloudCredential).withCloudContext(cloudContext).withCloudResources(resources).build();
initCloudResourceHelper(resources);
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("invaildSourceVault"))).withIdentity(identity).withLocation("dummyRegion");
when(azureClient.getDiskEncryptionSetByName(any(), any())).thenReturn(des);
when(azureClientService.getClient(cloudCredential)).thenReturn(azureClient);
initRetry();
initExceptionConversion();
initActionFailedExceptionConversion();
verifyActionFailedException(IllegalArgumentException.class, () -> underTest.deleteDiskEncryptionSet(deletionRequest), "Failed to deduce vault resource group name from source vault ID " + "\"invaildSourceVault\"");
}
Also used :
SourceVault(com.microsoft.azure.management.compute.SourceVault)
KeyForDiskEncryptionSet(com.microsoft.azure.management.compute.KeyForDiskEncryptionSet)
DiskEncryptionSetDeletionRequest(com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetDeletionRequest)
EncryptionSetIdentity(com.microsoft.azure.management.compute.EncryptionSetIdentity)
DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner)
CloudResource(com.sequenceiq.cloudbreak.cloud.model.CloudResource)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 14 with DiskEncryptionSetInner
use of com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetIfNotAlreadyExists.
@Test
public void testCreateDiskEncryptionSetShouldReturnNewlyCreatedDiskEncryptionSetIfNotAlreadyExists() {
DiskEncryptionSetCreationRequest requestedSet = new DiskEncryptionSetCreationRequest.Builder().withId("uniqueId").withCloudContext(cloudContext).withCloudCredential(cloudCredential).withDiskEncryptionSetResourceGroupName("dummyResourceGroup").withEncryptionKeyResourceGroupName("dummyResourceGroup").withTags(new HashMap<>()).withEncryptionKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").build();
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion").withTags(new HashMap<>());
ReflectionTestUtils.setField(des, "id", DES_RESOURCE_ID);
Subscription subscription = mock(Subscription.class);
when(persistenceNotifier.notifyAllocation(any(CloudResource.class), eq(cloudContext))).thenReturn(new ResourcePersisted());
when(subscription.subscriptionId()).thenReturn("dummySubscriptionId");
when(azureUtils.generateDesNameByNameAndId(any(String.class), any(String.class))).thenReturn("dummyEnvName-DES-uniqueId");
when(azureClientService.createAuthenticatedContext(cloudContext, cloudCredential)).thenReturn(authenticatedContext);
when(authenticatedContext.getParameter(AzureClient.class)).thenReturn(azureClient);
when(azureClient.getCurrentSubscription()).thenReturn(subscription);
when(azureClient.getDiskEncryptionSetByName(any(String.class), any(String.class))).thenReturn(null);
when(azureClient.createDiskEncryptionSet(any(String.class), any(String.class), any(String.class), any(String.class), any(String.class), any(Map.class))).thenReturn(des);
when(azureClient.keyVaultExists("dummyResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
when(azureClient.checkKeyVaultAccessPolicyForServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID)).thenReturn(true);
initRetry();
// Return the same DES instance to simulate that the poller checker task instantly completed
when(diskEncryptionSetCreationPoller.startPolling(eq(authenticatedContext), any(DiskEncryptionSetCreationCheckerContext.class), eq(des))).thenReturn(des);
CreatedDiskEncryptionSet createdDes = underTest.createDiskEncryptionSet(requestedSet);
assertEquals(createdDes.getDiskEncryptionSetLocation(), "dummyRegion");
assertEquals(createdDes.getDiskEncryptionSetResourceGroupName(), "dummyResourceGroup");
verify(azureClient).grantKeyVaultAccessPolicyToServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verify(azureClient).checkKeyVaultAccessPolicyForServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verifyPersistedCloudResource();
}
Also used :
SourceVault(com.microsoft.azure.management.compute.SourceVault)
KeyForDiskEncryptionSet(com.microsoft.azure.management.compute.KeyForDiskEncryptionSet)
HashMap(java.util.HashMap)
ResourcePersisted(com.sequenceiq.cloudbreak.cloud.notification.model.ResourcePersisted)
CreatedDiskEncryptionSet(com.sequenceiq.cloudbreak.cloud.model.encryption.CreatedDiskEncryptionSet)
DiskEncryptionSetCreationCheckerContext(com.sequenceiq.cloudbreak.cloud.azure.task.diskencryptionset.DiskEncryptionSetCreationCheckerContext)
EncryptionSetIdentity(com.microsoft.azure.management.compute.EncryptionSetIdentity)
DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner)
CloudResource(com.sequenceiq.cloudbreak.cloud.model.CloudResource)
Subscription(com.microsoft.azure.management.resources.Subscription)
Map(java.util.Map)
HashMap(java.util.HashMap)
DiskEncryptionSetCreationRequest(com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetCreationRequest)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 15 with DiskEncryptionSetInner
use of com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner in project cloudbreak by hortonworks.
the class AzureEncryptionResourcesTest method testDeleteDiskEncryptionSetShouldDeduceValidResourceGroupAndDiskEncryptionSetNameWhenDesAndVaultHaveSameResourceGroup.
@Test
public void testDeleteDiskEncryptionSetShouldDeduceValidResourceGroupAndDiskEncryptionSetNameWhenDesAndVaultHaveSameResourceGroup() {
List<CloudResource> resources = getResources("/subscriptions/dummySubscriptionId/resourceGroups/dummyResourceGroup/providers/" + "Microsoft.Compute/diskEncryptionSets/dummyDesId");
DiskEncryptionSetDeletionRequest deletionRequest = new DiskEncryptionSetDeletionRequest.Builder().withCloudCredential(cloudCredential).withCloudContext(cloudContext).withCloudResources(resources).build();
initCloudResourceHelper(resources);
EncryptionSetIdentity identity = new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED);
ReflectionTestUtils.setField(identity, "principalId", DES_PRINCIPAL_ID);
DiskEncryptionSetInner des = (DiskEncryptionSetInner) new DiskEncryptionSetInner().withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY).withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("https://dummyVaultName.vault.azure.net/keys/dummyKeyName/dummyKeyVersion").withSourceVault(new SourceVault().withId("/subscriptions/dummySubs/resourceGroups/dummyResourceGroup/providers/Microsoft.KeyVault/vaults/dummyVaultName"))).withIdentity(identity).withLocation("dummyRegion");
when(azureClient.getDiskEncryptionSetByName(any(), any())).thenReturn(des);
when(azureClientService.getClient(cloudCredential)).thenReturn(azureClient);
when(azureClient.keyVaultExists("dummyResourceGroup", "dummyVaultName")).thenReturn(Boolean.TRUE);
initRetry();
underTest.deleteDiskEncryptionSet(deletionRequest);
verify(azureClient).deleteDiskEncryptionSet("dummyResourceGroup", "dummyDesId");
verify(azureClient).removeKeyVaultAccessPolicyFromServicePrincipal("dummyResourceGroup", "dummyVaultName", DES_PRINCIPAL_ID);
verify(persistenceNotifier).notifyDeletion(deletionRequest.getCloudResources().iterator().next(), deletionRequest.getCloudContext());
}
Also used :
SourceVault(com.microsoft.azure.management.compute.SourceVault)
KeyForDiskEncryptionSet(com.microsoft.azure.management.compute.KeyForDiskEncryptionSet)
DiskEncryptionSetDeletionRequest(com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetDeletionRequest)
EncryptionSetIdentity(com.microsoft.azure.management.compute.EncryptionSetIdentity)
DiskEncryptionSetInner(com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner)
CloudResource(com.sequenceiq.cloudbreak.cloud.model.CloudResource)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Aggregations
DiskEncryptionSetInner (com.microsoft.azure.management.compute.implementation.DiskEncryptionSetInner)23
Test (org.junit.jupiter.api.Test)17
EncryptionSetIdentity (com.microsoft.azure.management.compute.EncryptionSetIdentity)14
KeyForDiskEncryptionSet (com.microsoft.azure.management.compute.KeyForDiskEncryptionSet)13
SourceVault (com.microsoft.azure.management.compute.SourceVault)13
CloudResource (com.sequenceiq.cloudbreak.cloud.model.CloudResource)13
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)13
DiskEncryptionSetCreationCheckerContext (com.sequenceiq.cloudbreak.cloud.azure.task.diskencryptionset.DiskEncryptionSetCreationCheckerContext)9
Subscription (com.microsoft.azure.management.resources.Subscription)7
DiskEncryptionSetCreationRequest (com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetCreationRequest)7
ResourcePersisted (com.sequenceiq.cloudbreak.cloud.notification.model.ResourcePersisted)7
HashMap (java.util.HashMap)7
Map (java.util.Map)7
CreatedDiskEncryptionSet (com.sequenceiq.cloudbreak.cloud.model.encryption.CreatedDiskEncryptionSet)6
DiskEncryptionSetDeletionRequest (com.sequenceiq.cloudbreak.cloud.model.encryption.DiskEncryptionSetDeletionRequest)5
DiskEncryptionSetsInner (com.microsoft.azure.management.compute.implementation.DiskEncryptionSetsInner)1
ResourceGroup (com.microsoft.azure.management.resources.ResourceGroup)1
DiskEncryptionSetCreationCheckerTask (com.sequenceiq.cloudbreak.cloud.azure.task.diskencryptionset.DiskEncryptionSetCreationCheckerTask)1
CloudContext (com.sequenceiq.cloudbreak.cloud.context.CloudContext)1
CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)1
