-
Notifications
You must be signed in to change notification settings - Fork 3.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SQL Server Virtual Machine Azure Key Vault Integration
The files in this change implement two changes: 1. The AutoBackup feature includes private settings in the public settings section. The fix was to add a public settings class that is used to manage the AutoBackup settings in the set and get command. The change does not impact the cmdlet interface or the objects used to configure AutoBackup. The change is internal to the feature implementation. The AutoBackup syntax command is still the same. Here is an example: $storageaccount = "nobrooklyninfrawe" $storageaccountkey = (Get-AzureStorageKey -StorageAccountName $storageaccount).Primary $storagecontext = New-AzureStorageContext -StorageAccountName $storageaccount -StorageAccountKey $storageaccountkey $password = "P@ssw0rd" $encryptionpassword = $password | ConvertTo-SecureString -AsPlainText -Force $autobackupconfig = New-AzureVMSqlServerAutoBackupConfig -StorageContext $storagecontext -Enable -RetentionPeriod 10 -EnableEncryption -CertificatePassword $encryptionpassword Get-AzureVM -ServiceName $serviceName -Name $vmName | Set-AzureVMSqlServerExtension -AutoBackupSettings $autobackupconfig | Update-AzureVM 2. SQL VM Azure key Vault Integration This is a new feature is added to configure SQL Connector to access Azure Key Vault on a SQL IaaS VM. The feature is only available for SQL Server 2012 and higher version. A new set of classes is added to manage Collecting the Azure Key Vault settings and new SQL credential settings. The user would provide the key vault url, principal name and secret and the SQL credential name. The user can enable \ disable the feature Using the Enable switch option. By default the feature is disabled. The following is an example to enable the feature: $akvsecret = "3j432j4lj32lk4j32lk4jlk32j4l32j4lj32lj4l32j4lk" $secureakv = $akvsecret | ConvertTo-SecureString -AsPlainText -Force $akvs = New-AzureVMSqlServerKeyVaultCredentialConfig -Enable -CredentialName mycredzz11 -AzureKeyVaultUrl "http://afSqlKVT.vault.azure.net" -ServicePrincipalName "jljlj3l-s4d4c-9d2d-42428ed7" -ServicePrincipalSecret $secureakv Get-AzureVM -ServiceName $serviceName -Name $vmName | Set-AzureVMSqlServerExtension -KeyVaultCredentialSettings $akvs | Update-AzureVM The change also update the extension status. The status output now includes the KeyVaultSettings object Get-AzureVM -ServiceName $serviceName -Name $vmName | Get-AzureVMSqlServerExtension The following is a sample output of the get command ExtensionName : SqlIaaSAgent Publisher : Microsoft.SqlServer.Management Version : 1.* State : Enable RoleName : afexttest AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings KeyVaultCredentialSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings
- Loading branch information
OJDUDE
committed
Aug 8, 2015
1 parent
6d9ac2c
commit 10abbe7
Showing
15 changed files
with
416 additions
and
1,324 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
...ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerKeyVaultCredentialSettings.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
// ---------------------------------------------------------------------------------- | ||
// | ||
// Copyright Microsoft Corporation | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// ---------------------------------------------------------------------------------- | ||
|
||
using System.Security; | ||
|
||
namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions | ||
{ | ||
/// <summary> | ||
/// Autobackup settings to configure managed backup on SQL VM | ||
/// </summary> | ||
public class KeyVaultCredentialSettings | ||
{ | ||
/// <summary> | ||
/// Defines if the Key Vault Credentails feature is enabled or disabled | ||
/// </summary> | ||
public bool Enable { get; set; } | ||
|
||
/// <summary> | ||
/// Key Vault credentails name | ||
/// </summary> | ||
public string CredentialName { get; set; } | ||
|
||
/// <summary> | ||
/// Gets the azure key vault URL. | ||
/// </summary> | ||
/// <value> | ||
/// The azure key vault URL for Credential Management. | ||
/// </value> | ||
public string AzureKeyVaultUrl { get; set; } | ||
|
||
/// <summary> | ||
/// Gets the name of the principal. | ||
/// </summary> | ||
/// <value> | ||
/// The name of the service principal to access the Azure Key Vault. | ||
/// </value> | ||
public string ServicePrincipalName { get; set; } | ||
|
||
/// <summary> | ||
/// Gets the principal secret. | ||
/// </summary> | ||
/// <value> | ||
/// The service principal secret to access the Azure Key Vault. | ||
/// </value> | ||
public string ServicePrincipalSecret { get; set; } | ||
} | ||
} |
48 changes: 48 additions & 0 deletions
48
...Management/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateKeyVaultCredentialSettings.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// ---------------------------------------------------------------------------------- | ||
// | ||
// Copyright Microsoft Corporation | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// ---------------------------------------------------------------------------------- | ||
|
||
using System.Security; | ||
|
||
namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions | ||
{ | ||
/// <summary> | ||
/// Autobackup settings to configure managed backup on SQL VM | ||
/// </summary> | ||
public class PrivateKeyVaultCredentialSettings | ||
{ | ||
/// <summary> | ||
/// Gets the azure key vault URL. | ||
/// </summary> | ||
/// <value> | ||
/// The azure key vault URL for Credential Management. | ||
/// </value> | ||
public string AzureKeyVaultUrl { get; set; } | ||
|
||
/// <summary> | ||
/// Gets the name of the principal. | ||
/// </summary> | ||
/// <value> | ||
/// The name of the service principal to access the Azure Key Vault. | ||
/// </value> | ||
public string ServicePrincipalName { get; set; } | ||
|
||
/// <summary> | ||
/// Gets the principal secret. | ||
/// </summary> | ||
/// <value> | ||
/// The service principal secret to access the Azure Key Vault. | ||
/// </value> | ||
public string ServicePrincipalSecret { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
...s.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicAutoBackupSettings.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
// ---------------------------------------------------------------------------------- | ||
// | ||
// Copyright Microsoft Corporation | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// ---------------------------------------------------------------------------------- | ||
|
||
using System.Security; | ||
|
||
namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions | ||
{ | ||
/// <summary> | ||
/// Autobackup public settings to configure managed backup on SQL VM | ||
/// </summary> | ||
public class PublicAutoBackupSettings | ||
{ | ||
/// <summary> | ||
/// Defines if the Auto-backup feature is enabled or disabled | ||
/// </summary> | ||
public bool Enable { get; set; } | ||
|
||
/// <summary> | ||
/// Defines if backups will be encrypted or not | ||
/// </summary> | ||
public bool EnableEncryption { get; set; } | ||
|
||
/// <summary> | ||
/// Defines the number of days to keep the backups | ||
/// </summary> | ||
public int RetentionPeriod { get; set; } | ||
} | ||
} |
34 changes: 34 additions & 0 deletions
34
...eManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicKeyVaultCredentialSettings.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
// ---------------------------------------------------------------------------------- | ||
// | ||
// Copyright Microsoft Corporation | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// ---------------------------------------------------------------------------------- | ||
|
||
using System.Security; | ||
|
||
namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions | ||
{ | ||
/// <summary> | ||
/// Key Vault public settings to manage SQL VM credentials on configure Azure Key Vault | ||
/// </summary> | ||
public class PublicKeyVaultCredentialSettings | ||
{ | ||
/// <summary> | ||
/// Defines if the Key Vault Credentails feature is enabled or disabled | ||
/// </summary> | ||
public bool Enable { get; set; } | ||
|
||
/// <summary> | ||
/// Key Vault credentails name | ||
/// </summary> | ||
public string CredentialName { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.