From 10abbe7250993d56627840ceb42f4ebf332fd06f Mon Sep 17 00:00:00 2001 From: OJDUDE Date: Fri, 7 Aug 2015 22:50:22 -0700 Subject: [PATCH 1/3] SQL Server Virtual Machine Azure Key Vault Integration The files in this change implement two changes: 1. The AutoBackup feature includes private settings in the public settings section. The fix was to add a public settings class that is used to manage the AutoBackup settings in the set and get command. The change does not impact the cmdlet interface or the objects used to configure AutoBackup. The change is internal to the feature implementation. The AutoBackup syntax command is still the same. Here is an example: $storageaccount = "nobrooklyninfrawe" $storageaccountkey = (Get-AzureStorageKey -StorageAccountName $storageaccount).Primary $storagecontext = New-AzureStorageContext -StorageAccountName $storageaccount -StorageAccountKey $storageaccountkey $password = "P@ssw0rd" $encryptionpassword = $password | ConvertTo-SecureString -AsPlainText -Force $autobackupconfig = New-AzureVMSqlServerAutoBackupConfig -StorageContext $storagecontext -Enable -RetentionPeriod 10 -EnableEncryption -CertificatePassword $encryptionpassword Get-AzureVM -ServiceName $serviceName -Name $vmName | Set-AzureVMSqlServerExtension -AutoBackupSettings $autobackupconfig | Update-AzureVM 2. SQL VM Azure key Vault Integration This is a new feature is added to configure SQL Connector to access Azure Key Vault on a SQL IaaS VM. The feature is only available for SQL Server 2012 and higher version. A new set of classes is added to manage Collecting the Azure Key Vault settings and new SQL credential settings. The user would provide the key vault url, principal name and secret and the SQL credential name. The user can enable \ disable the feature Using the Enable switch option. By default the feature is disabled. The following is an example to enable the feature: $akvsecret = "3j432j4lj32lk4j32lk4jlk32j4l32j4lj32lj4l32j4lk" $secureakv = $akvsecret | ConvertTo-SecureString -AsPlainText -Force $akvs = New-AzureVMSqlServerKeyVaultCredentialConfig -Enable -CredentialName mycredzz11 -AzureKeyVaultUrl "http://afSqlKVT.vault.azure.net" -ServicePrincipalName "jljlj3l-s4d4c-9d2d-42428ed7" -ServicePrincipalSecret $secureakv Get-AzureVM -ServiceName $serviceName -Name $vmName | Set-AzureVMSqlServerExtension -KeyVaultCredentialSettings $akvs | Update-AzureVM The change also update the extension status. The status output now includes the KeyVaultSettings object Get-AzureVM -ServiceName $serviceName -Name $vmName | Get-AzureVMSqlServerExtension The following is a sample output of the get command ExtensionName : SqlIaaSAgent Publisher : Microsoft.SqlServer.Management Version : 1.* State : Enable RoleName : afexttest AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings KeyVaultCredentialSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings --- setup/azurecmdfiles.wxi | 1308 ----------------- ....ResourceManagement.Automation.Test.csproj | 2 +- .../Commands.ServiceManagement.csproj | 5 + ...reVMSqlServerKeyVaultCredentialSettings.cs | 58 + ...ServerPrivateKeyVaultCredentialSettings.cs | 48 + .../AzureVMSqlServerPrivateSettings.cs | 6 + ...zureVMSqlServerPublicAutoBackupSettings.cs | 39 + ...lServerPublicKeyVaultCredentialSettings.cs | 34 + .../AzureVMSqlServerPublicSettings.cs | 7 +- .../SqlServer/GetAzureVMSqlServerExtension.cs | 59 +- ...zureVMSqlServerKeyVaultCredentialConfig.cs | 116 ++ .../SqlServer/SetAzureVMSqlServerExtension.cs | 15 +- ...tualMachineSqlServerExtensionCmdletBase.cs | 34 +- ...VirtualMachineSqlServerExtensionContext.cs | 5 + ...e.Commands.ServiceManagement.format.ps1xml | 4 + 15 files changed, 416 insertions(+), 1324 deletions(-) create mode 100644 src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerKeyVaultCredentialSettings.cs create mode 100644 src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateKeyVaultCredentialSettings.cs create mode 100644 src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicAutoBackupSettings.cs create mode 100644 src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicKeyVaultCredentialSettings.cs create mode 100644 src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/NewAzureVMSqlServerKeyVaultCredentialConfig.cs diff --git a/setup/azurecmdfiles.wxi b/setup/azurecmdfiles.wxi index 65648b9eb13e..3b558a870375 100644 --- a/setup/azurecmdfiles.wxi +++ b/setup/azurecmdfiles.wxi @@ -102,130 +102,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -826,258 +702,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1188,148 +812,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1493,83 +975,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1769,92 +1174,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1944,162 +1263,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3149,89 +2312,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3916,74 +2996,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4096,46 +3108,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4324,88 +3296,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4442,52 +3332,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4541,31 +3385,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4631,34 +3450,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4688,56 +3479,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5071,33 +3812,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5314,28 +4028,6 @@ - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/ResourceManager/Automation/Commands.Automation.Test/Commands.ResourceManagement.Automation.Test.csproj b/src/ResourceManager/Automation/Commands.Automation.Test/Commands.ResourceManagement.Automation.Test.csproj index 367cce1034ff..7ec8839c45d3 100644 --- a/src/ResourceManager/Automation/Commands.Automation.Test/Commands.ResourceManagement.Automation.Test.csproj +++ b/src/ResourceManager/Automation/Commands.Automation.Test/Commands.ResourceManagement.Automation.Test.csproj @@ -6,7 +6,7 @@ 2.0 - {127D0D51-FDEA-4E1A-8CD8-34DEB5C2F7F6} + {59D1B5DC-9175-43EC-90C6-CBA601B3565F} Library Properties Microsoft.Azure.Commands.ResourceManager.Automation.Test diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/Commands.ServiceManagement.csproj b/src/ServiceManagement/Compute/Commands.ServiceManagement/Commands.ServiceManagement.csproj index 2751f356c1af..c9cf9a9762a5 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/Commands.ServiceManagement.csproj +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/Commands.ServiceManagement.csproj @@ -158,6 +158,11 @@ + + + + + diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerKeyVaultCredentialSettings.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerKeyVaultCredentialSettings.cs new file mode 100644 index 000000000000..e1de7a7f5349 --- /dev/null +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerKeyVaultCredentialSettings.cs @@ -0,0 +1,58 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using System.Security; + +namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions +{ + /// + /// Autobackup settings to configure managed backup on SQL VM + /// + public class KeyVaultCredentialSettings + { + /// + /// Defines if the Key Vault Credentails feature is enabled or disabled + /// + public bool Enable { get; set; } + + /// + /// Key Vault credentails name + /// + public string CredentialName { get; set; } + + /// + /// Gets the azure key vault URL. + /// + /// + /// The azure key vault URL for Credential Management. + /// + public string AzureKeyVaultUrl { get; set; } + + /// + /// Gets the name of the principal. + /// + /// + /// The name of the service principal to access the Azure Key Vault. + /// + public string ServicePrincipalName { get; set; } + + /// + /// Gets the principal secret. + /// + /// + /// The service principal secret to access the Azure Key Vault. + /// + public string ServicePrincipalSecret { get; set; } + } +} \ No newline at end of file diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateKeyVaultCredentialSettings.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateKeyVaultCredentialSettings.cs new file mode 100644 index 000000000000..09ea129a6c01 --- /dev/null +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateKeyVaultCredentialSettings.cs @@ -0,0 +1,48 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using System.Security; + +namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions +{ + /// + /// Autobackup settings to configure managed backup on SQL VM + /// + public class PrivateKeyVaultCredentialSettings + { + /// + /// Gets the azure key vault URL. + /// + /// + /// The azure key vault URL for Credential Management. + /// + public string AzureKeyVaultUrl { get; set; } + + /// + /// Gets the name of the principal. + /// + /// + /// The name of the service principal to access the Azure Key Vault. + /// + public string ServicePrincipalName { get; set; } + + /// + /// Gets the principal secret. + /// + /// + /// The service principal secret to access the Azure Key Vault. + /// + public string ServicePrincipalSecret { get; set; } + } +} diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateSettings.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateSettings.cs index 8d56d8669d59..86faf7c07656 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateSettings.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPrivateSettings.cs @@ -34,5 +34,11 @@ public class SqlServerPrivateSettings /// Password required for certification when encryption is enabled /// public string Password; + + /// + /// Azure Key Vault Credential settings + /// + public PrivateKeyVaultCredentialSettings PrivateKeyVaultCredentialSettings; + } } diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicAutoBackupSettings.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicAutoBackupSettings.cs new file mode 100644 index 000000000000..3c2f1c3c389e --- /dev/null +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicAutoBackupSettings.cs @@ -0,0 +1,39 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using System.Security; + +namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions +{ + /// + /// Autobackup public settings to configure managed backup on SQL VM + /// + public class PublicAutoBackupSettings + { + /// + /// Defines if the Auto-backup feature is enabled or disabled + /// + public bool Enable { get; set; } + + /// + /// Defines if backups will be encrypted or not + /// + public bool EnableEncryption { get; set; } + + /// + /// Defines the number of days to keep the backups + /// + public int RetentionPeriod { get; set; } + } +} diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicKeyVaultCredentialSettings.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicKeyVaultCredentialSettings.cs new file mode 100644 index 000000000000..1e710e2e42bd --- /dev/null +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicKeyVaultCredentialSettings.cs @@ -0,0 +1,34 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using System.Security; + +namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions +{ + /// + /// Key Vault public settings to manage SQL VM credentials on configure Azure Key Vault + /// + public class PublicKeyVaultCredentialSettings + { + /// + /// Defines if the Key Vault Credentails feature is enabled or disabled + /// + public bool Enable { get; set; } + + /// + /// Key Vault credentails name + /// + public string CredentialName { get; set; } + } +} \ No newline at end of file diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicSettings.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicSettings.cs index ab7c69677d64..d9ea4221e169 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicSettings.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/AzureVMSqlServerPublicSettings.cs @@ -27,11 +27,16 @@ public class SqlServerPublicSettings /// /// Auto-backup settings /// - public AutoBackupSettings AutoBackupSettings { get; set; } + public PublicAutoBackupSettings AutoBackupSettings { get; set; } /// /// Auto-telemetry settings /// public AutoTelemetrySettings AutoTelemetrySettings { get; set; } + + /// + /// Azure Key Vault SQL Credentials settings + /// + public PublicKeyVaultCredentialSettings KeyVaultCredentialSettings { get; set; } } } diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs index 0b595acded84..d01c337cb107 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs @@ -42,6 +42,7 @@ public class GetAzureVMSqlServerExtensionCommand : VirtualMachineSqlServerExtens protected const string GetSqlServerExtensionParamSetName = "GetSqlServerExtension"; protected const string AutoPatchingStatusMessageName = "Automated Patching"; protected const string AutoBackupStatusMessageName = "Automated Backup"; + protected const string KeyVaultCredentialStatusMessageName = "Key Vault Credential"; internal void ExecuteCommand() { @@ -54,12 +55,12 @@ internal void ExecuteCommand() return this.GetExtensionContext(r); }), true); - } + } protected override void ProcessRecord() { base.ProcessRecord(); - ExecuteCommand(); + this.ExecuteCommand(); } /// @@ -116,11 +117,14 @@ private VirtualMachineSqlServerExtensionContext GetExtensionContext(ResourceExte { context.AutoPatchingSettings = DeSerializeAutoPatchingSettings(status.Name, formattedMessage); } - - if (status.Name.Equals(AutoBackupStatusMessageName, System.StringComparison.InvariantCulture)) + else if (status.Name.Equals(AutoBackupStatusMessageName, System.StringComparison.InvariantCulture)) { context.AutoBackupSettings = DeSerializeAutoBackupSettings(status.Name, formattedMessage); } + else if (status.Name.Equals(KeyVaultCredentialStatusMessageName, System.StringComparison.InvariantCulture)) + { + context.KeyVaultCredentialSettings = DeSerializeKeyVaultCredentialSettings(status.Name, formattedMessage); + } statusMessageList.Add(formattedMessage); } @@ -212,13 +216,54 @@ private AutoPatchingSettings DeSerializeAutoPatchingSettings(string category, st private AutoBackupSettings DeSerializeAutoBackupSettings(string category, string input) { - AutoBackupSettings abs = new AutoBackupSettings(); + AutoBackupSettings autoBackupSettings = new AutoBackupSettings(); + + if (!string.IsNullOrEmpty(input)) + { + try + { + PublicAutoBackupSettings publicAutoBackupSettings = JsonConvert.DeserializeObject(input); + + if(publicAutoBackupSettings != null) + { + autoBackupSettings.Enable = publicAutoBackupSettings.Enable; + autoBackupSettings.EnableEncryption = publicAutoBackupSettings.EnableEncryption; + autoBackupSettings.RetentionPeriod = publicAutoBackupSettings.RetentionPeriod; + autoBackupSettings.StorageAccessKey = "***"; + autoBackupSettings.StorageUrl = "***"; + autoBackupSettings.Password = "***"; + } + } + catch (JsonReaderException jre) + { + WriteVerboseWithTimestamp("Category:" + category); + WriteVerboseWithTimestamp("Message:" + input); + WriteVerboseWithTimestamp(jre.ToString()); + } + } + + return autoBackupSettings; + } + + private KeyVaultCredentialSettings DeSerializeKeyVaultCredentialSettings(string category, string input) + { + KeyVaultCredentialSettings kvtSettings = new KeyVaultCredentialSettings(); if (!string.IsNullOrEmpty(input)) { try { - abs = JsonConvert.DeserializeObject(input); + // we only print the public settings + PublicKeyVaultCredentialSettings publicSettings = JsonConvert.DeserializeObject(input); + + if(publicSettings != null) + { + kvtSettings.CredentialName = publicSettings.CredentialName; + kvtSettings.Enable = publicSettings.Enable; + kvtSettings.ServicePrincipalName = "***"; + kvtSettings.ServicePrincipalSecret = "***"; + kvtSettings.AzureKeyVaultUrl = "***"; + } } catch (JsonReaderException jre) { @@ -228,7 +273,7 @@ private AutoBackupSettings DeSerializeAutoBackupSettings(string category, string } } - return abs; + return kvtSettings; } /// diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/NewAzureVMSqlServerKeyVaultCredentialConfig.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/NewAzureVMSqlServerKeyVaultCredentialConfig.cs new file mode 100644 index 000000000000..10b919f585c6 --- /dev/null +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/NewAzureVMSqlServerKeyVaultCredentialConfig.cs @@ -0,0 +1,116 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using System.Management.Automation; +using System.Security; +using Microsoft.WindowsAzure.Commands.Common.Storage; +using Microsoft.WindowsAzure.Commands.ServiceManagement.Model; +using Microsoft.WindowsAzure.Commands.ServiceManagement.Properties; +using Microsoft.WindowsAzure.Commands.Utilities.Common; +using Microsoft.WindowsAzure.Commands.ServiceManagement.Helpers; +using Microsoft.WindowsAzure.Management.Storage; + +namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions +{ + /// + /// Helper cmdlet to construct instance of SQL Credential AKV based settings class + /// + [Cmdlet( + VerbsCommon.New, + AzureVMSqlServerKeyVaultCredentialConfigNoun), + OutputType( + typeof(PublicKeyVaultCredentialSettings))] + public class NewAzureVMSqlServerKeyVaultCredentialConfigCommand : ServiceManagementBaseCmdlet + { + /// + /// Configuration object friendly name + /// + protected const string AzureVMSqlServerKeyVaultCredentialConfigNoun = "AzureVMSqlServerKeyVaultCredentialConfig"; + + [Parameter( + Mandatory = false, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Enable Key Vault Credential.")] + [ValidateNotNullOrEmpty] + public SwitchParameter Enable { get; set; } + + [Parameter( + Mandatory = false, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "SQL Server credential name to create.")] + [ValidateNotNullOrEmpty] + public string CredentialName { get; set; } + + [Parameter( + Mandatory = false, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Azure Key Vault service URL")] + [ValidateNotNullOrEmpty] + public string AzureKeyVaultUrl { get; set; } + + [Parameter( + Mandatory = false, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Principal user client identifier.")] + [ValidateNotNullOrEmpty] + public string ServicePrincipalName { get; set; } + + [Parameter( + Mandatory = false, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Principal user client secret.")] + [ValidateNotNullOrEmpty] + public SecureString ServicePrincipalSecret { get; set; } + + /// + /// Initialzies a new instance of the class. + /// + public NewAzureVMSqlServerKeyVaultCredentialConfigCommand() + { + } + + /// + /// Creates and returns object. + /// + protected override void ProcessRecord() + { + KeyVaultCredentialSettings settings = new KeyVaultCredentialSettings(); + + settings.Enable = (this.Enable.IsPresent) ? this.Enable.ToBool() : false; + + settings.CredentialName = (this.CredentialName == null) ? null : this.CredentialName; + + settings.ServicePrincipalName = (this.ServicePrincipalName == null) ? null : this.ServicePrincipalName; + + settings.ServicePrincipalSecret = (this.ServicePrincipalSecret == null) ? + null : + SecureStringHelper.ConvertToUnsecureString(this.ServicePrincipalSecret); + + settings.AzureKeyVaultUrl = (this.AzureKeyVaultUrl == null) ? null : this.AzureKeyVaultUrl; + + + WriteObject(settings); + } + } +} diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs index f9ed5f72e5ca..ec64468197a0 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs @@ -28,7 +28,7 @@ namespace Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions { /// /// Set-AzureVMSqlServerExtension implementation. - /// This cmdlet can be used to set AutoPatching / AutoBackup settings, disable, uninstalls Sql Extension + /// This cmdlet can be used to set AutoPatching / AutoBackup / Key Vault Credential settings, disable, uninstalls Sql Extension /// [Cmdlet( VerbsCommon.Set, @@ -91,11 +91,20 @@ public class SetAzureVMSqlServerExtensionCommand : VirtualMachineSqlServerExtens HelpMessage = "The Automatic Backup configuration.")] [ValidateNotNullOrEmpty] public override AutoBackupSettings AutoBackupSettings { get; set; } - + + [Parameter( + ParameterSetName = EnableExtensionParamSetName, + Mandatory = false, + Position = 5, + ValueFromPipelineByPropertyName = true, + HelpMessage = "The Azure Key Vault SQL Credentials configuration.")] + [ValidateNotNullOrEmpty] + public override KeyVaultCredentialSettings KeyVaultCredentialSettings { get; set; } + protected override void ProcessRecord() { base.ProcessRecord(); - ExecuteCommand(); + this.ExecuteCommand(); } internal void ExecuteCommand() diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs index dc20d5941623..a5ca651f78fa 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs @@ -50,6 +50,11 @@ public class VirtualMachineSqlServerExtensionCmdletBase : VirtualMachineExtensio /// public virtual AutoBackupSettings AutoBackupSettings { get; set; } + /// + /// Azure Key Vault SQL Credentials settings + /// + public virtual KeyVaultCredentialSettings KeyVaultCredentialSettings { get; set; } + /// /// value of Auto-telemetry settings object that can be set by derived classes /// @@ -74,8 +79,18 @@ protected string GetPublicConfiguration() new SqlServerPublicSettings { AutoPatchingSettings = this.AutoPatchingSettings, - AutoBackupSettings = this.AutoBackupSettings, - AutoTelemetrySettings = this.AutoTelemetrySettings + AutoTelemetrySettings = this.AutoTelemetrySettings, + AutoBackupSettings = new PublicAutoBackupSettings() + { + Enable = this.AutoBackupSettings == null ? false : this.AutoBackupSettings.Enable, + EnableEncryption = this.AutoBackupSettings == null ? false : this.AutoBackupSettings.EnableEncryption, + RetentionPeriod = this.AutoBackupSettings == null ? 0 : this.AutoBackupSettings.RetentionPeriod + }, + KeyVaultCredentialSettings = new PublicKeyVaultCredentialSettings() + { + Enable = this.KeyVaultCredentialSettings == null ? false : this.KeyVaultCredentialSettings.Enable, + CredentialName = this.KeyVaultCredentialSettings == null ? null : this.KeyVaultCredentialSettings.CredentialName + } })); } @@ -85,14 +100,25 @@ protected string GetPublicConfiguration() /// protected string GetPrivateConfiguration() { + + PrivateKeyVaultCredentialSettings akvPrivateSettings = null; + + if(this.KeyVaultCredentialSettings != null) + { + akvPrivateSettings = new PrivateKeyVaultCredentialSettings { AzureKeyVaultUrl = this.KeyVaultCredentialSettings.AzureKeyVaultUrl, + ServicePrincipalName = this.KeyVaultCredentialSettings.ServicePrincipalName, + ServicePrincipalSecret = this.KeyVaultCredentialSettings.ServicePrincipalSecret + }; + } + return JsonUtilities.TryFormatJson(JsonConvert.SerializeObject( new SqlServerPrivateSettings { StorageUrl = (this.AutoBackupSettings == null) ? string.Empty : this.AutoBackupSettings.StorageUrl, StorageAccessKey = (this.AutoBackupSettings == null) ? string.Empty : this.AutoBackupSettings.StorageAccessKey, - Password = (this.AutoBackupSettings == null) ? string.Empty : this.AutoBackupSettings.Password + Password = (this.AutoBackupSettings == null) ? string.Empty : this.AutoBackupSettings.Password, + PrivateKeyVaultCredentialSettings = (akvPrivateSettings == null) ? null : akvPrivateSettings })); - } } } diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionContext.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionContext.cs index 15e60bb4a39e..3362246ee9e7 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionContext.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionContext.cs @@ -33,6 +33,11 @@ public class VirtualMachineSqlServerExtensionContext : VirtualMachineExtensionCo /// public AutoBackupSettings AutoBackupSettings; + /// + /// Key Vault Credential settings + /// + public KeyVaultCredentialSettings KeyVaultCredentialSettings; + /// /// Status messages reported by extension /// diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.format.ps1xml b/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.format.ps1xml index 266d9459ab2e..253098efc97f 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.format.ps1xml +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.format.ps1xml @@ -605,6 +605,10 @@ AutoBackupSettings + + + KeyVaultCredentialSettings + From a0473e042bf33f16155b5554ca65716172195aa8 Mon Sep 17 00:00:00 2001 From: OJDUDE Date: Mon, 10 Aug 2015 17:30:34 -0700 Subject: [PATCH 2/3] Don't use default settings when settings are missing In the previous change, default settings were used for AKV and AutoBackup if the settings are not entered by the user. This is the wrong behavior as it would always update the VM with the default settings for feature that the user did not include in the set command. --- ...tualMachineSqlServerExtensionCmdletBase.cs | 38 +++++++++++++------ 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs index a5ca651f78fa..015de4470e24 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/VirtualMachineSqlServerExtensionCmdletBase.cs @@ -75,22 +75,38 @@ public VirtualMachineSqlServerExtensionCmdletBase() /// protected string GetPublicConfiguration() { + // Create auto backup settings if set + PublicAutoBackupSettings autoBackupSettings = null; + + if (this.AutoBackupSettings != null) + { + autoBackupSettings = new PublicAutoBackupSettings() + { + Enable = this.AutoBackupSettings.Enable, + EnableEncryption = this.AutoBackupSettings.EnableEncryption, + RetentionPeriod = this.AutoBackupSettings.RetentionPeriod + }; + } + + // Create Key vault settings if set + PublicKeyVaultCredentialSettings akvSettings = null; + + if(this.KeyVaultCredentialSettings != null) + { + akvSettings = new PublicKeyVaultCredentialSettings() + { + Enable = this.KeyVaultCredentialSettings == null ? false : this.KeyVaultCredentialSettings.Enable, + CredentialName = this.KeyVaultCredentialSettings == null ? null : this.KeyVaultCredentialSettings.CredentialName + }; + } + return JsonUtilities.TryFormatJson(JsonConvert.SerializeObject( new SqlServerPublicSettings { AutoPatchingSettings = this.AutoPatchingSettings, AutoTelemetrySettings = this.AutoTelemetrySettings, - AutoBackupSettings = new PublicAutoBackupSettings() - { - Enable = this.AutoBackupSettings == null ? false : this.AutoBackupSettings.Enable, - EnableEncryption = this.AutoBackupSettings == null ? false : this.AutoBackupSettings.EnableEncryption, - RetentionPeriod = this.AutoBackupSettings == null ? 0 : this.AutoBackupSettings.RetentionPeriod - }, - KeyVaultCredentialSettings = new PublicKeyVaultCredentialSettings() - { - Enable = this.KeyVaultCredentialSettings == null ? false : this.KeyVaultCredentialSettings.Enable, - CredentialName = this.KeyVaultCredentialSettings == null ? null : this.KeyVaultCredentialSettings.CredentialName - } + AutoBackupSettings = autoBackupSettings, + KeyVaultCredentialSettings = akvSettings })); } From c8658ea8ee86d3ca0b3b0286ec2a79355a8ca471 Mon Sep 17 00:00:00 2001 From: OJDUDE Date: Thu, 13 Aug 2015 20:04:09 -0700 Subject: [PATCH 3/3] SQL Server IaaS Extension cmdlets update 1. Don't print or attempt to print private settings from the Get. Instead print *** if the options are set. 2. Print a message to educate the user when disabling Azure key vault that existing credentials will not be removed but AKV status will not be reported. 3. Update the help file. 4. No new tests are required as the current tests already cover the changes in this changeset. --- .../SqlServer/GetAzureVMSqlServerExtension.cs | 26 +- .../SqlServer/SetAzureVMSqlServerExtension.cs | 6 + ...re.Commands.ServiceManagement.dll-Help.xml | 1295 ++++++++++------- 3 files changed, 821 insertions(+), 506 deletions(-) diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs index d01c337cb107..d1bcacc00785 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/GetAzureVMSqlServerExtension.cs @@ -55,7 +55,7 @@ internal void ExecuteCommand() return this.GetExtensionContext(r); }), true); - } + } protected override void ProcessRecord() { @@ -69,7 +69,7 @@ protected override void ProcessRecord() /// private VirtualMachineSqlServerExtensionContext GetExtensionContext(ResourceExtensionReference r) { - string extensionName= VirtualMachineSqlServerExtensionCmdletBase.ExtensionPublishedNamespace + "." + string extensionName = VirtualMachineSqlServerExtensionCmdletBase.ExtensionPublishedNamespace + "." + VirtualMachineSqlServerExtensionCmdletBase.ExtensionPublishedName; VirtualMachineSqlServerExtensionContext context = new VirtualMachineSqlServerExtensionContext @@ -162,7 +162,7 @@ private VirtualMachineSqlServerExtensionContext GetExtensionContext(ResourceExte NSM.DeploymentSlot.Production); } catch (CloudException e) - { + { if (e.Response.StatusCode != HttpStatusCode.NotFound) { throw; @@ -231,7 +231,11 @@ private AutoBackupSettings DeSerializeAutoBackupSettings(string category, string autoBackupSettings.RetentionPeriod = publicAutoBackupSettings.RetentionPeriod; autoBackupSettings.StorageAccessKey = "***"; autoBackupSettings.StorageUrl = "***"; - autoBackupSettings.Password = "***"; + + if (autoBackupSettings.EnableEncryption) + { + autoBackupSettings.Password = "***"; + } } } catch (JsonReaderException jre) @@ -246,7 +250,7 @@ private AutoBackupSettings DeSerializeAutoBackupSettings(string category, string } private KeyVaultCredentialSettings DeSerializeKeyVaultCredentialSettings(string category, string input) - { + { KeyVaultCredentialSettings kvtSettings = new KeyVaultCredentialSettings(); if (!string.IsNullOrEmpty(input)) @@ -256,13 +260,17 @@ private KeyVaultCredentialSettings DeSerializeKeyVaultCredentialSettings(string // we only print the public settings PublicKeyVaultCredentialSettings publicSettings = JsonConvert.DeserializeObject(input); - if(publicSettings != null) + if (publicSettings != null) { kvtSettings.CredentialName = publicSettings.CredentialName; kvtSettings.Enable = publicSettings.Enable; - kvtSettings.ServicePrincipalName = "***"; - kvtSettings.ServicePrincipalSecret = "***"; - kvtSettings.AzureKeyVaultUrl = "***"; + + if (kvtSettings.Enable) + { + kvtSettings.ServicePrincipalName = "***"; + kvtSettings.ServicePrincipalSecret = "***"; + kvtSettings.AzureKeyVaultUrl = "***"; + } } } catch (JsonReaderException jre) diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs index ec64468197a0..11feb83842a3 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/IaaS/Extensions/SqlServer/SetAzureVMSqlServerExtension.cs @@ -110,6 +110,12 @@ protected override void ProcessRecord() internal void ExecuteCommand() { ValidateParameters(); + + if ((this.KeyVaultCredentialSettings != null) && !this.KeyVaultCredentialSettings.Enable) + { + WriteVerboseWithTimestamp("SQL Server Azure key vault disabled. Previously configured credentials are not removed but no status will be reported"); + } + RemovePredicateExtensions(); AddResourceExtension(); WriteObject(VM); diff --git a/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.dll-Help.xml b/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.dll-Help.xml index 96a2e9516e98..24f0f6d1ecd6 100644 --- a/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.dll-Help.xml +++ b/src/ServiceManagement/Compute/Commands.ServiceManagement/Microsoft.WindowsAzure.Commands.ServiceManagement.dll-Help.xml @@ -34825,228 +34825,481 @@ PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name "Con - - - - Get-AzureVMSqlServerExtension - - - Gets the settings of the SQL Server IaaS Agent on a particular VM. - - - - - Get - AzureVMSqlServerExtension - - - - Gets the settings of the SQL Server IaaS Agent on a particular virtual machine. - - - - - Get-AzureVMSqlServerExtension - - VM - - The virtual machine to get the settings from. - - IPersistentVM - - - Version - - The specific version of the SQL Server IaaS Agent. - - string - - - - - - - Version - - The specific version of the SQL Server IaaS Agent. - - string - - string - - - - - - VM - - The virtual machine to get the settings from. - - IPersistentVM - - IPersistentVM - - - - - - - - - - - - - - - - + + + + + Get-AzureVMSqlServerExtension + + + Gets the settings of the SQL Server extension on a particular VM. + + + + + Get + AzureVMSqlServerExtension + + + + This cmdlet gets the settings of the SQL Server extension on a particular VM. + + + + + Get-AzureVMSqlServerExtension + + VM + + The virtual machine to get the settings from. + + IPersistentVM + + + Version + + The specific version of the Sql Server extension. + + string + + + + + + + Version + + The specific version of the Sql Server extension. + + + string + + string + + + + + + VM + + The virtual machine to get the settings from. + + + IPersistentVM + + IPersistentVM + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - + + + -------------------------- EXAMPLE 1 -------------------------- + + + C:\PS> + + +Get-AzureVM -ServiceName "service" -Name "vmname" | Get-AzureVMSqlServerExtension + +ExtensionName : SqlIaaSAgent +Publisher : Microsoft.SqlServer.Management +Version : 1.* +State : Enable +RoleName : afexttest +AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings +AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings +KeyVaultCredentialSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings + + Description + ----------- + Gets the settings of the Sql Server extension on a particular VM using piped input. + + + + + + + + + + + - - - - - - - - - - - - + + + -------------------------- EXAMPLE 2 -------------------------- + + + C:\PS> + + +Get-AzureVMSqlServerExtension-VM $vm + +ExtensionName : SqlIaaSAgent +Publisher : Microsoft.SqlServer.Management +Version : 1.0 +State : Enable +RoleName : vmname +AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings +AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings +KeyVaultCredentialSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings + + Description + ----------- + Gets the settings of the Sql Server extension on a particular VM. + + + + + + + + + + + - - - - - - - - + + + -------------------------- EXAMPLE 3 -------------------------- + + + C:\PS> + + +Get-AzureVMSqlServerExtension -VM $vm -Version "1.0" + +ExtensionName : SqlIaaSAgent +Publisher : Microsoft.SqlServer.Management +Version : 1.0 +State : Enable +RoleName : vmname +AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings +AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings +KeyVaultCredentialSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings + + Description + ----------- + Gets the settings of the particular version of Sql Server extension on a VM. + + + + + + + + + + + + + + + + + + + + - - - -------------------------- EXAMPLE 1 -------------------------- - - - - - - C:\PS> Get-AzureVMSqlServerExtension-VM $vm - - ExtensionName : SqlIaaSAgent - Publisher : Microsoft.SqlServer.Management - Version : 1.0 - State : Enable - RoleName : vmname - AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings - AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings - - - Gets the settings of the Sql Server extension on a particular virtual machine. - - - - - - - - - - - + + + + + New-AzureVMSqlServerKeyVaultCredentialConfig + + + Creates configuration object for SQL Server Azure Key Vault credential + + + + + New + AzureVMSqlServerKeyVaultCredentialConfig + + + + Creates configuration object for SQL Server Azure Key Vault credential + + + + + New-AzureVMSqlServerKeyVaultCredentialConfig + + Enable + + Enable is an optional value with a default value of false. If set to true, a SQL Server credential using Azure key vault is created when the configuration is used in Set-AzureVMSqlServerExtension. Otherwise, all SQL Server Azure key vault credential status reporting is disabled. Disabling this feature does not remove previously created SQL Server credential using Azure key vault. + + bool + + + CredentialName + + The name to use when creating the new SQL Server credential. If the operation succeeds, a new SQL Server credential with the given name is created. If a SQL Server credential with similar name already exists, then the operation will fail. + + string + + + AzureKeyVaultUrl + + Azure Key Vault absolute URL path to use when creating the SQL Server credential. The Azure key vault must be created before using to create a SQL Server credential. + + string + + + ServicePrincipalName + + Azure key vault client identifier given the principal user access to the Azure key vault set in AzureKeyVaultUrl. + + string + + + ServicePrincipalSecret + + Azure key vault principal access secret to the Azure key vault set in AzureKeyVaultUrl. + + SecureString + + + + + + + AzureKeyVaultUrl + + Azure Key Vault absolute URL path to use when creating the SQL Server credential. The Azure key vault must be created before using to create a SQL Server credential. + + + string + + string + + + + + + CredentialName + + The name to use when creating the new SQL Server credential. If the operation succeeds, a new SQL Server credential with the given name is created. If a SQL Server credential with similar name already exists, then the operation will fail. + + + string + + string + + + + + + Enable + + Enable is an optional value with a default value of false. If set to true, a SQL Server credential using Azure key vault is created when the configuration is used in Set-AzureVMSqlServerExtension. Otherwise, all SQL Server Azure key vault credential status reporting is disabled. Disabling this feature does not remove previously created SQL Server credential using Azure key vault. + + + bool + + bool + + + + + + ServicePrincipalName + + Azure key vault client identifier given the principal user access to the Azure key vault set in AzureKeyVaultUrl. + + + string + + string + + + + + + ServicePrincipalSecret + + Azure key vault principal access secret to the Azure key vault set in AzureKeyVaultUrl. + + + SecureString + + SecureString + + + + + + + + + + + + + + + + + + + + + + + + + KeyVaultCredentialSettings + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - -------------------------- EXAMPLE 2 -------------------------- - - - - - - C:\PS> Get-AzureVM -ServiceName "service" -Name "vmname" | Get-AzureVMSqlServerExtension - - ExtensionName : SqlIaaSAgent - Publisher : Microsoft.SqlServer.Management - Version : 1.0 - State : Enable - RoleName : vmname - AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings - AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings - - - Gets the settings of the SQL Server IaaS Agent on a particular virtual machine using piped input. - - - - - - - - - - - + + + -------------------------- EXAMPLE 1 -------------------------- + + + C:\PS> + + +$akvs = New-AzureVMSqlServerKeyVaultCredentialConfig -Enable -CredentialName sqlcredname -AzureKeyVaultUrl "http://myvaultsample.vault.azure.net" -ServicePrincipalName "myvaultsample-principal-client-identifier" -ServicePrincipalSecret $secureSecret - - - -------------------------- EXAMPLE 3 -------------------------- - - - - - - C:\PS> Get-AzureVMSqlServerExtension -VM $vm -Version "1.0" - - ExtensionName : SqlIaaSAgent - Publisher : Microsoft.SqlServer.Management - Version : 1.0 - State : Enable - RoleName : vmname - AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings - AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings - - - Gets the settings of the particular version of SQL Server IaaS Agent on a virtual machine. - - - - - - - - - - - - - - - - Set-AzureVMSqlServerExtension - - - - Remove-AzureVMSqlServerExtension - - - - +Enable : True +CredentialName : sqlcredname +AzureKeyVaultUrl : http://afSqlKVT.vault.azure.net +ServicePrincipalName : dsds-33dd-4d4c-9d2d-42428eeb1fd7 +ServicePrincipalSecret : LnT+7aXAdafy1VdSo3z8YnZ5pzGU1h3Y7prrwdlUDVc= + + Description + ----------- + Creates Azure key vault credential configuration object that can be used to enable and configure KeyVaultCredential using Set-AzureVMSqlServerExtension + + + + + + + + + + + + + + + -------------------------- EXAMPLE 2 -------------------------- + + + C:\PS> + + + $akvs = New-AzureVMSqlServerKeyVaultCredentialConfig + + Enable : False + CredentialName : + AzureKeyVaultUrl : + ServicePrincipalName : + ServicePrincipalSecret : + + Description + ----------- + Creates Azure key vault credential configuration object that can be used to disable KeyVaultCredential using Set-AzureVMSqlServerExtension + + + + + + + + + + + + + + + + + + + + @@ -35627,305 +35880,353 @@ RetentionPeriodInDays : 10 - - - - + + + + Set-AzureVMSqlServerExtension - - - Configure the Sql Server extension on a VM. - - - - - Set - AzureVMSqlServerExtension - - - - Configure the Sql Server extension on a VM. - - - - - Set-AzureVMSqlServerExtension - - VM - - The Virtual Machine to get the settings from. - - IPersistentVM - - - Version - - The specific version of the SQL Server extension that Get-AzureVMSqlServerExtension will get the settings from. - - string - - - AutoBackupSettings - - Automatic SQL Server backup settings - - AutoBackupSettings - - - AutoPatchingSetttings - - Automatic patching settings - - AutoPatchingSetttings - - - Confirm - - Prompts you for confirmation before executing the command. - - - - WhatIf - - Describes what would happen if you executed the command without actually executing the command. - - - - - - - - AutoBackupSettings - - Automatic SQL Server backup settings - - AutoBackupSettings - - AutoBackupSettings - - - - - - AutoPatchingSetttings - - Automatic patching settings - - AutoPatchingSetttings - - AutoPatchingSetttings - - - - - - Version - - The specific version of the SQL Server extension that Get-AzureVMSqlServerExtension will get the settings from. - - - string - - string - - - - - - VM - - The Virtual Machine to get the settings from. - - IPersistentVM - - IPersistentVM - - - - - - Confirm - - Prompts you for confirmation before executing the command. - - SwitchParameter - - SwitchParameter - - - - - - WhatIf - - Describes what would happen if you executed the command without actually executing the command. - - SwitchParameter - - SwitchParameter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + Configure the Sql Server extension on a VM. + + + + + Set + AzureVMSqlServerExtension + + + + Configure the Sql Server extension on a VM. + + + + + Set-AzureVMSqlServerExtension + + VM + + The Virtual Machine to get the settings from. + + IPersistentVM + + + Version + + The specific version of the SQL Server extension that Get-AzureVMSqlServerExtension will get the settings from. + + string + + + AutoBackupSettings + + Automatic SQL Server backup settings + + AutoBackupSettings + + + AutoPatchingSetttings + + Automatic patching settings + + AutoPatchingSetttings + + + KeyVaultCredentialSettings + + + + KeyVaultCredentialSettings + + + Confirm + + Prompts you for confirmation before executing the command. + + + + WhatIf + + Describes what would happen if you executed the command without actually executing the command. + + + + + + + + AutoBackupSettings + + Automatic SQL Server backup settings + + + AutoBackupSettings + + AutoBackupSettings + + + + + + AutoPatchingSetttings + + Automatic patching settings + + + AutoPatchingSetttings + + AutoPatchingSetttings + + + + + + KeyVaultCredentialSettings + + + + + KeyVaultCredentialSettings + + KeyVaultCredentialSettings + + + + + + Version + + The specific version of the SQL Server extension that Get-AzureVMSqlServerExtension will get the settings from. + + + string + + string + + + + + + VM + + The Virtual Machine to get the settings from. + + + IPersistentVM + + IPersistentVM + + + + + + Confirm + + Prompts you for confirmation before executing the command. + + SwitchParameter + + SwitchParameter + + + + + + WhatIf + + Describes what would happen if you executed the command without actually executing the command. + + SwitchParameter + + SwitchParameter + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - + + + + + + + - - - -------------------------- EXAMPLE 1 -------------------------- - - - C:\PS> - - + + + -------------------------- EXAMPLE 1 -------------------------- + + + C:\PS> + + Get-AzureVM -ServiceName serviceName -Name vmName | Set-AzureVMSqlServerExtension -AutoPatchingSettings $aps | Update-AzureVM - + Description ----------- - Sets auto-patching settings on Azure VM. - - - - - - - - - - - + Sets auto-patching settings on Azure VM. + + + + + + + + + + + - - - -------------------------- EXAMPLE 2 -------------------------- - - - C:\PS> - - + + + -------------------------- EXAMPLE 2 -------------------------- + + + C:\PS> + + Get-AzureVM -ServiceName serviceName -Name vmName | Set-AzureVMSqlServerExtension -AutoBackupSettings $abs | Update-AzureVM - + Description ----------- - Sets auto-backup settings on Azure VM. - - - - - - - - - - - + Sets auto-backup settings on Azure VM. + + + + + + + + + + + - - - -------------------------- EXAMPLE 3 -------------------------- - - - C:\PS> - - + + + -------------------------- EXAMPLE 3 -------------------------- + + + C:\PS> + + +Get-AzureVM -ServiceName $serviceName -Name $vmName | Set-AzureVMSqlServerExtension -KeyVaultCredentialSettings $akvs | Update-AzureVM + +Sets SQL Server credential Azure key vault settings + + Description + ----------- + + + + + + + + + + + + + + + + -------------------------- EXAMPLE 4 -------------------------- + + + C:\PS> + + Get-AzureVM -ServiceName service -Name vmName| Set-AzureVMSqlServerExtension -Disable - + Description ----------- - Disables SQL Server VM extension on a given VM - - - - - - - - - - - + Disables SQL Server VM extension on a given VM + + + + + + + + + + + - - - -------------------------- EXAMPLE 4 -------------------------- - - - C:\PS> - - - Get-AzureVM -ServiceName service -Name vmName| Set-AzureVMSqlServerExtension -Uninstall - - + + + -------------------------- EXAMPLE 5 -------------------------- + + + C:\PS> + + +Get-AzureVM -ServiceName service -Name vmName| Set-AzureVMSqlServerExtension -UnInstall + Description ----------- - Uninstalls SQL Server VM extension on a given VM - - - - - - - - - - - - - - - - - - - + Uninstalls SQL Server VM extension on a given VM + + + + + + + + + + + + + + + + + + + - \ No newline at end of file