mgmt, add convenience code for DiskEncryptionSet (Azure#28936)

* disk encryption set api

* implementation

* session records

* checkstyle

* changelog

* Update ComputeManagementTest.java

revert unnecessary changes

* remove used imports

* Update sdk/resourcemanager/azure-resourcemanager-compute/CHANGELOG.md

Co-authored-by: Weidong Xu <weidxu@microsoft.com>

* change name of rbac grant methods, add javadoc

* session-records

* fix compilation

* rename withRBACBasedAccess to withRoleBasedAccess

Co-authored-by: Weidong Xu <weidxu@microsoft.com>

Author: XiaofeiCao

sdk/resourcemanager/azure-resourcemanager-compute/CHANGELOG.md

@@ -4,9 +4,7 @@
 
 ### Features Added
 
-### Breaking Changes
-
-### Bugs Fixed
+- Supported `DiskEncryptionSet` for disk encryption set.
 
 ### Other Changes
 

sdk/resourcemanager/azure-resourcemanager-compute/pom.xml

@@ -44,6 +44,7 @@
       --add-exports com.azure.resourcemanager.resources/com.azure.resourcemanager.resources.fluentcore.arm.implementation=ALL-UNNAMED
       --add-exports com.azure.resourcemanager.resources/com.azure.resourcemanager.resources.fluentcore.arm.collection.implementation=ALL-UNNAMED
       --add-exports com.azure.resourcemanager.resources/com.azure.resourcemanager.resources.fluentcore.arm.models.implementation=ALL-UNNAMED
+      --add-exports com.azure.resourcemanager.resources/com.azure.resourcemanager.resources.fluentcore.model.implementation=ALL-UNNAMED
 
       --add-opens com.azure.resourcemanager.authorization/com.azure.resourcemanager.authorization=ALL-UNNAMED
       --add-opens com.azure.resourcemanager.msi/com.azure.resourcemanager.msi=ALL-UNNAMED

sdk/resourcemanager/azure-resourcemanager-compute/src/main/java/com/azure/resourcemanager/compute/ComputeManager.java

@@ -5,11 +5,14 @@
 
 import com.azure.core.credential.TokenCredential;
 import com.azure.core.http.HttpPipeline;
+import com.azure.core.management.profile.AzureProfile;
+import com.azure.resourcemanager.authorization.AuthorizationManager;
 import com.azure.resourcemanager.compute.fluent.ComputeManagementClient;
-import com.azure.resourcemanager.compute.implementation.ComputeManagementClientBuilder;
 import com.azure.resourcemanager.compute.implementation.AvailabilitySetsImpl;
+import com.azure.resourcemanager.compute.implementation.ComputeManagementClientBuilder;
 import com.azure.resourcemanager.compute.implementation.ComputeSkusImpl;
 import com.azure.resourcemanager.compute.implementation.ComputeUsagesImpl;
+import com.azure.resourcemanager.compute.implementation.DiskEncryptionSetsImpl;
 import com.azure.resourcemanager.compute.implementation.DisksImpl;
 import com.azure.resourcemanager.compute.implementation.GalleriesImpl;
 import com.azure.resourcemanager.compute.implementation.GalleryImageVersionsImpl;
@@ -24,6 +27,7 @@
 import com.azure.resourcemanager.compute.models.AvailabilitySets;
 import com.azure.resourcemanager.compute.models.ComputeSkus;
 import com.azure.resourcemanager.compute.models.ComputeUsages;
+import com.azure.resourcemanager.compute.models.DiskEncryptionSets;
 import com.azure.resourcemanager.compute.models.Disks;
 import com.azure.resourcemanager.compute.models.Galleries;
 import com.azure.resourcemanager.compute.models.GalleryImageVersions;
@@ -34,11 +38,9 @@
 import com.azure.resourcemanager.compute.models.VirtualMachineImages;
 import com.azure.resourcemanager.compute.models.VirtualMachineScaleSets;
 import com.azure.resourcemanager.compute.models.VirtualMachines;
-import com.azure.resourcemanager.authorization.AuthorizationManager;
 import com.azure.resourcemanager.network.NetworkManager;
 import com.azure.resourcemanager.resources.fluentcore.arm.AzureConfigurable;
 import com.azure.resourcemanager.resources.fluentcore.arm.Manager;
-import com.azure.core.management.profile.AzureProfile;
 import com.azure.resourcemanager.resources.fluentcore.arm.implementation.AzureConfigurableImpl;
 import com.azure.resourcemanager.resources.fluentcore.utils.HttpPipelineProvider;
 import com.azure.resourcemanager.storage.StorageManager;
@@ -66,6 +68,7 @@ public final class ComputeManager extends Manager<ComputeManagementClient> {
     private Galleries galleries;
     private GalleryImages galleryImages;
     private GalleryImageVersions galleryImageVersions;
+    private DiskEncryptionSets diskEncryptionSets;
 
     /** @return the storage manager */
     public StorageManager storageManager() {
@@ -264,4 +267,12 @@ public GalleryImageVersions galleryImageVersions() {
         }
         return galleryImageVersions;
     }
+
+    /** @return the disk encryption set management entry point */
+    public DiskEncryptionSets diskEncryptionSets() {
+        if (diskEncryptionSets == null) {
+            diskEncryptionSets = new DiskEncryptionSetsImpl(this);
+        }
+        return diskEncryptionSets;
+    }
 }

sdk/resourcemanager/azure-resourcemanager-compute/src/main/java/com/azure/resourcemanager/compute/implementation/DiskEncryptionSetImpl.java

@@ -0,0 +1,220 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.resourcemanager.compute.implementation;
+
+import com.azure.resourcemanager.authorization.models.BuiltInRole;
+import com.azure.resourcemanager.authorization.utils.RoleAssignmentHelper;
+import com.azure.resourcemanager.compute.ComputeManager;
+import com.azure.resourcemanager.compute.fluent.models.DiskEncryptionSetInner;
+import com.azure.resourcemanager.compute.models.DiskEncryptionSet;
+import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
+import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
+import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
+import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
+import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
+import com.azure.resourcemanager.compute.models.SourceVault;
+import com.azure.resourcemanager.resources.fluentcore.arm.models.implementation.GroupableResourceImpl;
+import reactor.core.publisher.Mono;
+
+public class DiskEncryptionSetImpl
+    extends GroupableResourceImpl<DiskEncryptionSet, DiskEncryptionSetInner, DiskEncryptionSetImpl, ComputeManager>
+    implements DiskEncryptionSet,
+        DiskEncryptionSet.Definition,
+        DiskEncryptionSet.Update {
+    private DiskEncryptionSetUpdate patchToUpdate = new DiskEncryptionSetUpdate();
+    private boolean updated;
+    private final DiskEncryptionSetMsiHandler msiHandler;
+
+    protected DiskEncryptionSetImpl(String name, DiskEncryptionSetInner innerObject, ComputeManager manager) {
+        super(name, innerObject, manager);
+        this.msiHandler = new DiskEncryptionSetMsiHandler(manager.authorizationManager(), this);
+    }
+
+    @Override
+    public String keyVaultId() {
+        if (innerModel().activeKey() == null || innerModel().activeKey().sourceVault() == null) {
+            return null;
+        }
+        return innerModel().activeKey().sourceVault().id();
+    }
+
+    @Override
+    public String encryptionKeyId() {
+        if (innerModel().activeKey() == null) {
+            return null;
+        }
+        return innerModel().activeKey().keyUrl();
+    }
+
+    @Override
+    public String systemAssignedManagedServiceIdentityPrincipalId() {
+        if (innerModel().identity() == null || innerModel().identity().type() == DiskEncryptionSetIdentityType.NONE) {
+            return null;
+        }
+        return innerModel().identity().principalId();
+    }
+
+    @Override
+    public Boolean isAutomaticKeyRotationEnabled() {
+        return innerModel().rotationToLatestKeyVersionEnabled();
+    }
+
+    @Override
+    public DiskEncryptionSetType encryptionType() {
+        return innerModel().encryptionType();
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withAutomaticKeyRotation() {
+        innerModel().withRotationToLatestKeyVersionEnabled(true);
+        if (isInUpdateMode()) {
+            patchToUpdate.withRotationToLatestKeyVersionEnabled(true);
+            updated = true;
+        }
+        return this;
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withoutAutomaticKeyRotation() {
+        innerModel().withRotationToLatestKeyVersionEnabled(false);
+        if (isInUpdateMode()) {
+            patchToUpdate.withRotationToLatestKeyVersionEnabled(false);
+            updated = true;
+        }
+        return this;
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withSystemAssignedManagedServiceIdentity() {
+        innerModel().withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED));
+        if (isInUpdateMode()) {
+            patchToUpdate.withIdentity(innerModel().identity());
+            updated = true;
+        }
+        return this;
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withoutSystemAssignedManagedServiceIdentity() {
+        innerModel().withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.NONE));
+        if (isInUpdateMode()) {
+            patchToUpdate.withIdentity(innerModel().identity());
+            updated = true;
+        }
+        return this;
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withExistingKeyVault(String keyVaultId) {
+        ensureActiveKey();
+        innerModel().activeKey().withSourceVault(new SourceVault().withId(keyVaultId));
+        if (isInUpdateMode()) {
+            ensureActiveKey(patchToUpdate);
+            patchToUpdate.activeKey().withSourceVault(innerModel().activeKey().sourceVault());
+            updated = true;
+        }
+        return this;
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withRoleBasedAccessToCurrentKeyVault(BuiltInRole builtInRole) {
+        if (keyVaultId() != null) {
+            msiHandler.withAccessTo(keyVaultId(), builtInRole);
+        }
+        return this;
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withRoleBasedAccessToCurrentKeyVault() {
+        return withRoleBasedAccessToCurrentKeyVault(BuiltInRole.KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER);
+    }
+
+    @Override
+    public Mono<DiskEncryptionSet> createResourceAsync() {
+        return manager().serviceClient().getDiskEncryptionSets().createOrUpdateAsync(
+            resourceGroupName(), name(), innerModel()
+        ).map(inner -> {
+            setInner(inner);
+            return this;
+        });
+    }
+
+    @Override
+    public DiskEncryptionSetImpl update() {
+        this.patchToUpdate = new DiskEncryptionSetUpdate();
+        return this;
+    }
+
+    @Override
+    public Mono<DiskEncryptionSet> updateResourceAsync() {
+        if (!updated) {
+            return Mono.just(this);
+        }
+        return manager().serviceClient().getDiskEncryptionSets().updateAsync(
+            resourceGroupName(), name(), patchToUpdate
+        ).map(inner -> {
+            setInner(inner);
+            this.updated = false;
+            return this;
+        });
+    }
+
+    @Override
+    protected Mono<DiskEncryptionSetInner> getInnerAsync() {
+        return manager().serviceClient().getDiskEncryptionSets().getByResourceGroupAsync(
+            resourceGroupName(), name()
+        ).map(inner -> {
+            this.updated = false;
+            return inner;
+        });
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withExistingKey(String keyId) {
+        ensureActiveKey();
+        innerModel().activeKey().withKeyUrl(keyId);
+        if (isInUpdateMode()) {
+            ensureActiveKey(patchToUpdate);
+            patchToUpdate.activeKey().withKeyUrl(keyId);
+            updated = true;
+        }
+        return this;
+    }
+
+    @Override
+    public DiskEncryptionSetImpl withEncryptionType(DiskEncryptionSetType type) {
+        innerModel().withEncryptionType(type);
+        return this;
+    }
+
+    RoleAssignmentHelper.IdProvider idProvider() {
+        return new RoleAssignmentHelper.IdProvider() {
+            @Override
+            public String principalId() {
+                return systemAssignedManagedServiceIdentityPrincipalId();
+            }
+
+            @Override
+            public String resourceId() {
+                return id();
+            }
+        };
+    }
+
+    private void ensureActiveKey() {
+        if (innerModel().activeKey() == null) {
+            innerModel().withActiveKey(new KeyForDiskEncryptionSet());
+        }
+    }
+
+    private void ensureActiveKey(DiskEncryptionSetUpdate patchToUpdate) {
+        if (patchToUpdate.activeKey() == null) {
+            patchToUpdate.withActiveKey(new KeyForDiskEncryptionSet());
+        }
+    }
+
+    private boolean isInUpdateMode() {
+        return !isInCreateMode();
+    }
+}

sdk/resourcemanager/azure-resourcemanager-compute/src/main/java/com/azure/resourcemanager/compute/implementation/DiskEncryptionSetMsiHandler.java

@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.resourcemanager.compute.implementation;
+
+import com.azure.resourcemanager.authorization.AuthorizationManager;
+import com.azure.resourcemanager.authorization.utils.RoleAssignmentHelper;
+
+/**
+ * Utility class to set Managed Service Identity (MSI) property on a disk encryption set,
+ * create role assignments for the service principal associated with the disk encryption set.
+ */
+class DiskEncryptionSetMsiHandler extends RoleAssignmentHelper {
+    /**
+     * Creates DiskEncryptionSetMsiHandler.
+     *
+     * @param authorizationManager the graph rbac manager
+     * @param diskEncryptionSet    disk encryption set
+     */
+    DiskEncryptionSetMsiHandler(AuthorizationManager authorizationManager, DiskEncryptionSetImpl diskEncryptionSet) {
+        super(authorizationManager, diskEncryptionSet.taskGroup(), diskEncryptionSet.idProvider());
+    }
+}

sdk/resourcemanager/azure-resourcemanager-compute/src/main/java/com/azure/resourcemanager/compute/implementation/DiskEncryptionSetsImpl.java

@@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.resourcemanager.compute.implementation;
+
+import com.azure.resourcemanager.compute.ComputeManager;
+import com.azure.resourcemanager.compute.fluent.DiskEncryptionSetsClient;
+import com.azure.resourcemanager.compute.fluent.models.DiskEncryptionSetInner;
+import com.azure.resourcemanager.compute.models.DiskEncryptionSet;
+import com.azure.resourcemanager.compute.models.DiskEncryptionSets;
+import com.azure.resourcemanager.resources.fluentcore.arm.collection.implementation.TopLevelModifiableResourcesImpl;
+
+public class DiskEncryptionSetsImpl
+    extends TopLevelModifiableResourcesImpl<
+        DiskEncryptionSet,
+        DiskEncryptionSetImpl,
+        DiskEncryptionSetInner,
+        DiskEncryptionSetsClient,
+        ComputeManager>
+    implements DiskEncryptionSets {
+    public DiskEncryptionSetsImpl(ComputeManager manager) {
+        super(manager.serviceClient().getDiskEncryptionSets(), manager);
+    }
+
+    @Override
+    public DiskEncryptionSet.DefinitionStages.Blank define(String name) {
+        return wrapModel(name);
+    }
+
+    @Override
+    protected DiskEncryptionSetImpl wrapModel(String name) {
+        DiskEncryptionSetInner inner = new DiskEncryptionSetInner();
+        return new DiskEncryptionSetImpl(name, inner, manager());
+    }
+
+    @Override
+    protected DiskEncryptionSetImpl wrapModel(DiskEncryptionSetInner inner) {
+        if (inner == null) {
+            return null;
+        }
+        return new DiskEncryptionSetImpl(inner.name(), inner, manager());
+    }
+}