Skip to content

Commit

Permalink
SQL Server Virtual Machine Azure Key Vault Integration
Browse files Browse the repository at this point in the history 
The files in this change implement two changes:

1. The AutoBackup feature includes private settings in the public
settings section.  The fix was to add a public settings class that is
used to manage the AutoBackup settings in the set and get command.
The change does not impact the cmdlet interface or the objects used to
configure AutoBackup. The change is internal to the feature
implementation.

The AutoBackup syntax command is still the same. Here is an example:
$storageaccount = "nobrooklyninfrawe"
$storageaccountkey = (Get-AzureStorageKey -StorageAccountName
$storageaccount).Primary
$storagecontext = New-AzureStorageContext -StorageAccountName
$storageaccount -StorageAccountKey $storageaccountkey
$password = "P@ssw0rd"
$encryptionpassword = $password | ConvertTo-SecureString -AsPlainText
-Force
$autobackupconfig = New-AzureVMSqlServerAutoBackupConfig -StorageContext
$storagecontext -Enable -RetentionPeriod 10 -EnableEncryption
-CertificatePassword $encryptionpassword

Get-AzureVM -ServiceName $serviceName -Name $vmName |
Set-AzureVMSqlServerExtension -AutoBackupSettings $autobackupconfig |
Update-AzureVM

2. SQL VM Azure key Vault Integration
This is a new feature is added to configure SQL Connector to access
Azure Key Vault on a SQL IaaS VM. The feature is only available for SQL
Server 2012 and higher version. A new set of classes is added to manage
Collecting the Azure Key Vault settings and new SQL credential settings.
The user would provide the key vault url, principal name and secret and
the SQL credential name. The user can enable \ disable the feature
Using the Enable switch option. By default the feature is disabled. The
following is an example to enable the feature:

$akvsecret = "3j432j4lj32lk4j32lk4jlk32j4l32j4lj32lj4l32j4lk"
$secureakv =  $akvsecret | ConvertTo-SecureString -AsPlainText -Force
$akvs = New-AzureVMSqlServerKeyVaultCredentialConfig -Enable
-CredentialName mycredzz11 -AzureKeyVaultUrl
"http://afSqlKVT.vault.azure.net" -ServicePrincipalName
"jljlj3l-s4d4c-9d2d-42428ed7" -ServicePrincipalSecret $secureakv

Get-AzureVM -ServiceName $serviceName -Name $vmName |
Set-AzureVMSqlServerExtension -KeyVaultCredentialSettings $akvs |
Update-AzureVM

The change also update the extension status. The status output now
includes the KeyVaultSettings object
Get-AzureVM -ServiceName $serviceName -Name $vmName |
Get-AzureVMSqlServerExtension

The following is a sample output of the get command
ExtensionName              : SqlIaaSAgent
Publisher                  : Microsoft.SqlServer.Management
Version                    : 1.*
State                      : Enable
RoleName                   : afexttest
AutoPatchingSettings       :
Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings
AutoBackupSettings         :
Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings
KeyVaultCredentialSettings :
Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings
  • Loading branch information
OJDUDE committed Aug 8, 2015
1 parent 6d9ac2c commit 10abbe7
Show file tree
Hide file tree
Showing 15 changed files with 416 additions and 1,324 deletions.
1,308 changes: 0 additions & 1,308 deletions setup/azurecmdfiles.wxi
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion ...er/Automation/Commands.Automation.Test/Commands.ResourceManagement.Automation.Test.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<ProductVersion>
</ProductVersion>
<SchemaVersion>2.0</SchemaVersion>
<ProjectGuid>{127D0D51-FDEA-4E1A-8CD8-34DEB5C2F7F6}</ProjectGuid>
<ProjectGuid>{59D1B5DC-9175-43EC-90C6-CBA601B3565F}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>Microsoft.Azure.Commands.ResourceManager.Automation.Test</RootNamespace>
Expand Down
5 changes: 5 additions & 0 deletions src/ServiceManagement/Compute/Commands.ServiceManagement/Commands.ServiceManagement.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,11 @@
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="IaaS\Extensions\SqlServer\AzureVMSqlServerPublicAutoBackupSettings.cs" />
<Compile Include="IaaS\Extensions\SqlServer\AzureVMSqlServerPublicKeyVaultCredentialSettings.cs" />
<Compile Include="IaaS\Extensions\SqlServer\AzureVMSqlServerPrivateKeyVaultCredentialSettings.cs" />
<Compile Include="IaaS\Extensions\SqlServer\AzureVMSqlServerKeyVaultCredentialSettings.cs" />
<Compile Include="IaaS\Extensions\SqlServer\NewAzureVMSqlServerKeyVaultCredentialConfig.cs" />
<Compile Include="IaaS\Network\AddAzureVirtualIP.cs" />
<Compile Include="AffinityGroups\GetAzureAffinityGroup.cs" />
<Compile Include="AffinityGroups\NewAzureAffinityGroup.cs" />
Expand Down
58 changes: 58 additions & 0 deletions ...ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerKeyVaultCredentialSettings.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
// ----------------------------------------------------------------------------------
//
// Copyright Microsoft Corporation
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------------

using System.Security;

namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions
{
/// <summary>
/// Autobackup settings to configure managed backup on SQL VM
/// </summary>
public class KeyVaultCredentialSettings
{
/// <summary>
/// Defines if the Key Vault Credentails feature is enabled or disabled
/// </summary>
public bool Enable { get; set; }

/// <summary>
/// Key Vault credentails name
/// </summary>
public string CredentialName { get; set; }

/// <summary>
/// Gets the azure key vault URL.
/// </summary>
/// <value>
/// The azure key vault URL for Credential Management.
/// </value>
public string AzureKeyVaultUrl { get; set; }

/// <summary>
/// Gets the name of the principal.
/// </summary>
/// <value>
/// The name of the service principal to access the Azure Key Vault.
/// </value>
public string ServicePrincipalName { get; set; }

/// <summary>
/// Gets the principal secret.
/// </summary>
/// <value>
/// The service principal secret to access the Azure Key Vault.
/// </value>
public string ServicePrincipalSecret { get; set; }
}
}
48 changes: 48 additions & 0 deletions ...Management/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateKeyVaultCredentialSettings.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
// ----------------------------------------------------------------------------------
//
// Copyright Microsoft Corporation
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------------

using System.Security;

namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions
{
/// <summary>
/// Autobackup settings to configure managed backup on SQL VM
/// </summary>
public class PrivateKeyVaultCredentialSettings
{
/// <summary>
/// Gets the azure key vault URL.
/// </summary>
/// <value>
/// The azure key vault URL for Credential Management.
/// </value>
public string AzureKeyVaultUrl { get; set; }

/// <summary>
/// Gets the name of the principal.
/// </summary>
/// <value>
/// The name of the service principal to access the Azure Key Vault.
/// </value>
public string ServicePrincipalName { get; set; }

/// <summary>
/// Gets the principal secret.
/// </summary>
/// <value>
/// The service principal secret to access the Azure Key Vault.
/// </value>
public string ServicePrincipalSecret { get; set; }
}
}
6 changes: 6 additions & 0 deletions ...e/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateSettings.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,11 @@ public class SqlServerPrivateSettings
/// Password required for certification when encryption is enabled
/// </summary>
public string Password;

/// <summary>
/// Azure Key Vault Credential settings
/// </summary>
public PrivateKeyVaultCredentialSettings PrivateKeyVaultCredentialSettings;

}
}
39 changes: 39 additions & 0 deletions ...s.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicAutoBackupSettings.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
// ----------------------------------------------------------------------------------
//
// Copyright Microsoft Corporation
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------------

using System.Security;

namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions
{
/// <summary>
/// Autobackup public settings to configure managed backup on SQL VM
/// </summary>
public class PublicAutoBackupSettings
{
/// <summary>
/// Defines if the Auto-backup feature is enabled or disabled
/// </summary>
public bool Enable { get; set; }

/// <summary>
/// Defines if backups will be encrypted or not
/// </summary>
public bool EnableEncryption { get; set; }

/// <summary>
/// Defines the number of days to keep the backups
/// </summary>
public int RetentionPeriod { get; set; }
}
}
34 changes: 34 additions & 0 deletions ...eManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicKeyVaultCredentialSettings.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
// ----------------------------------------------------------------------------------
//
// Copyright Microsoft Corporation
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------------

using System.Security;

namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions
{
/// <summary>
/// Key Vault public settings to manage SQL VM credentials on configure Azure Key Vault
/// </summary>
public class PublicKeyVaultCredentialSettings
{
/// <summary>
/// Defines if the Key Vault Credentails feature is enabled or disabled
/// </summary>
public bool Enable { get; set; }

/// <summary>
/// Key Vault credentails name
/// </summary>
public string CredentialName { get; set; }
}
}
7 changes: 6 additions & 1 deletion ...te/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicSettings.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,16 @@ public class SqlServerPublicSettings
/// <summary>
/// Auto-backup settings
/// </summary>
public AutoBackupSettings AutoBackupSettings { get; set; }
public PublicAutoBackupSettings AutoBackupSettings { get; set; }

/// <summary>
/// Auto-telemetry settings
/// </summary>
public AutoTelemetrySettings AutoTelemetrySettings { get; set; }

/// <summary>
/// Azure Key Vault SQL Credentials settings
/// </summary>
public PublicKeyVaultCredentialSettings KeyVaultCredentialSettings { get; set; }
}
}
59 changes: 52 additions & 7 deletions ...pute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public class GetAzureVMSqlServerExtensionCommand : VirtualMachineSqlServerExtens
protected const string GetSqlServerExtensionParamSetName = "GetSqlServerExtension";
protected const string AutoPatchingStatusMessageName = "Automated Patching";
protected const string AutoBackupStatusMessageName = "Automated Backup";
protected const string KeyVaultCredentialStatusMessageName = "Key Vault Credential";

internal void ExecuteCommand()
{
Expand All @@ -54,12 +55,12 @@ internal void ExecuteCommand()
return this.GetExtensionContext(r);
}), true);
}
}

protected override void ProcessRecord()
{
base.ProcessRecord();
ExecuteCommand();
this.ExecuteCommand();
}

/// <summary>
Expand Down Expand Up @@ -116,11 +117,14 @@ private VirtualMachineSqlServerExtensionContext GetExtensionContext(ResourceExte
{
context.AutoPatchingSettings = DeSerializeAutoPatchingSettings(status.Name, formattedMessage);
}

if (status.Name.Equals(AutoBackupStatusMessageName, System.StringComparison.InvariantCulture))
else if (status.Name.Equals(AutoBackupStatusMessageName, System.StringComparison.InvariantCulture))
{
context.AutoBackupSettings = DeSerializeAutoBackupSettings(status.Name, formattedMessage);
}
else if (status.Name.Equals(KeyVaultCredentialStatusMessageName, System.StringComparison.InvariantCulture))
{
context.KeyVaultCredentialSettings = DeSerializeKeyVaultCredentialSettings(status.Name, formattedMessage);
}

statusMessageList.Add(formattedMessage);
}
Expand Down Expand Up @@ -212,13 +216,54 @@ private AutoPatchingSettings DeSerializeAutoPatchingSettings(string category, st

private AutoBackupSettings DeSerializeAutoBackupSettings(string category, string input)
{
AutoBackupSettings abs = new AutoBackupSettings();
AutoBackupSettings autoBackupSettings = new AutoBackupSettings();

if (!string.IsNullOrEmpty(input))
{
try
{
PublicAutoBackupSettings publicAutoBackupSettings = JsonConvert.DeserializeObject<PublicAutoBackupSettings>(input);

if(publicAutoBackupSettings != null)
{
autoBackupSettings.Enable = publicAutoBackupSettings.Enable;
autoBackupSettings.EnableEncryption = publicAutoBackupSettings.EnableEncryption;
autoBackupSettings.RetentionPeriod = publicAutoBackupSettings.RetentionPeriod;
autoBackupSettings.StorageAccessKey = "***";
autoBackupSettings.StorageUrl = "***";
autoBackupSettings.Password = "***";
}
}
catch (JsonReaderException jre)
{
WriteVerboseWithTimestamp("Category:" + category);
WriteVerboseWithTimestamp("Message:" + input);
WriteVerboseWithTimestamp(jre.ToString());
}
}

return autoBackupSettings;
}

private KeyVaultCredentialSettings DeSerializeKeyVaultCredentialSettings(string category, string input)
{
KeyVaultCredentialSettings kvtSettings = new KeyVaultCredentialSettings();

if (!string.IsNullOrEmpty(input))
{
try
{
abs = JsonConvert.DeserializeObject<AutoBackupSettings>(input);
// we only print the public settings
PublicKeyVaultCredentialSettings publicSettings = JsonConvert.DeserializeObject<PublicKeyVaultCredentialSettings>(input);

if(publicSettings != null)
{
kvtSettings.CredentialName = publicSettings.CredentialName;
kvtSettings.Enable = publicSettings.Enable;
kvtSettings.ServicePrincipalName = "***";
kvtSettings.ServicePrincipalSecret = "***";
kvtSettings.AzureKeyVaultUrl = "***";
}
}
catch (JsonReaderException jre)
{
Expand All @@ -228,7 +273,7 @@ private AutoBackupSettings DeSerializeAutoBackupSettings(string category, string
}
}

return abs;
return kvtSettings;
}

/// <summary>
Expand Down

0 comments on commit 10abbe7

Please sign in to comment.