Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADE MSI powershell support #26652

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

ADE MSI powershell support #26652

wants to merge 7 commits into from

Conversation

anshuljain26
Copy link

Description

Azure Disk Encryption (ADE) is adding support for using managed identity to authenticate to customer's keyvault.
As part of it, a new field (EncryptionIdentity) has been added to the VM model. By setting this field customer will be notifying ADE to use that managed identity for keyvault operations. The identity should also be explicitly assigned to the VM.

This PR adds a new parameter (EncryptionIdentity) to Set-AzVMDiskEncryptionExtension cmdlet. If the parameter is present then the cmdlet will ensure that identity is assigned to the VM and the EncryptionIdentity field is updated.

Mandatory Checklist

  • SHOULD update ChangeLog.md file(s) appropriately
    • For SDK-based development mode, update src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.
      • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header in the past tense.
    • For autorest-based development mode, include the changelog in the PR description.
    • Should not change ChangeLog.md if no new release is required, such as fixing test case only.
  • SHOULD regenerate markdown help files if there is cmdlet API change. Instruction
  • SHOULD have proper test coverage for changes in pull request.
  • SHOULD NOT adjust version of module manually in pull request

@azure-client-tools-bot-prd azure-client-tools-bot-prd
Copy link

Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status.

vimish
vimish reviewed Nov 30, 2024
View reviewed changes
src/Compute/Compute/Extension/AzureDiskEncryption/SetAzureDiskEncryptionExtension.cs
}
return false;
}
return false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The function should return true if encryption identity is already assigned. Can you validate this?

vimish
vimish reviewed Nov 30, 2024
View reviewed changes
src/Compute/Compute/VirtualMachine/Config/NewAzureVMConfigCommand.cs
@@ -247,6 +257,29 @@ public override void ExecuteCmdlet()
}
}

if (this.IsParameterBound(c => c.EncryptionIdentity))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this return error if encryption identity is not part of identity getting assigned to the VM?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vimish vimish vimish left review comments

@bilaakpan-ms bilaakpan-ms Awaiting requested review from bilaakpan-ms bilaakpan-ms will be requested when the pull request is marked ready for review bilaakpan-ms is a code owner

@Sandido Sandido Awaiting requested review from Sandido Sandido will be requested when the pull request is marked ready for review Sandido is a code owner

@haagha haagha Awaiting requested review from haagha haagha will be requested when the pull request is marked ready for review haagha is a code owner

@grizzlytheodore grizzlytheodore Awaiting requested review from grizzlytheodore grizzlytheodore will be requested when the pull request is marked ready for review grizzlytheodore is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anshuljain26 @vimish