[Compute] Add disk-encryption-set command group

src/azure-cli/HISTORY.rst

@@ -6,6 +6,7 @@ Release History
 **Compute**
 
 * vmss create/update: Add --scale-in-policy, which decides which virtual machines are chosen for removal when a VMSS is scaled-in
+* Add disk-encryption-set command group
 
 **Install**
 

src/azure-cli/azure/cli/command_modules/vm/_client_factory.py

@@ -135,3 +135,7 @@ def cf_log_analytics_data_plane(cli_ctx, _):
     cred, _, _ = profile.get_login_credentials(
         resource="https://api.loganalytics.io")
     return LogAnalyticsDataClient(cred)
+
+
+def cf_disk_encryption_set(cli_ctx, _):
+    return _compute_client_factory(cli_ctx).disk_encryption_sets

src/azure-cli/azure/cli/command_modules/vm/_help.py

@@ -100,6 +100,16 @@
     crafted: true
 """
 
+helps['disk-encryption-set'] = """
+type: group
+short-summary: Disk Encryption Set resource.
+"""
+
+helps['disk-encryption-set create'] = """
+type: command
+short-summary: Create a Disk Encryption Set.
+"""
+
 helps['image'] = """
 type: group
 short-summary: Manage custom virtual machine images.

src/azure-cli/azure/cli/command_modules/vm/_params.py

@@ -54,6 +54,7 @@ def load_arguments(self, _):
 
     extension_instance_name_type = CLIArgumentType(help="Name of extension instance, which can be customized. Default: name of the extension.")
     image_template_name_type = CLIArgumentType(overrides=name_arg_type, id_part='name')
+    disk_encryption_set_name = CLIArgumentType(overrides=name_arg_type, help='Name of disk encryption set.', id_part='name')
 
     # StorageAccountTypes renamed to DiskStorageAccountTypes in 2018_06_01 of azure-mgmt-compute
     DiskStorageAccountTypes = DiskStorageAccountTypes or StorageAccountTypes
@@ -838,3 +839,12 @@ def load_arguments(self, _):
         c.argument('analytics_query', options_list=['--analytics-query', '-q'], help="Query to execute over Log Analytics data.")
         c.argument('timespan', help="Timespan over which to query. Defaults to querying all available data.")
     # endregion
+
+    # region disk encryption set
+    with self.argument_context('disk-encryption-set') as c:
+        c.argument('disk_encryption_set_name', disk_encryption_set_name)
+        c.argument('key_url', help='URL pointing to a key or secret in KeyVault.')
+        c.argument('source_vault', help='Resource ID of the KeyVault containing the key or secret.')
+        c.argument('location', validator=get_default_location_from_resource_group)
+        c.argument('tags', tags_type)
+    # endregion

src/azure-cli/azure/cli/command_modules/vm/commands.py

@@ -13,7 +13,8 @@
                                                           cf_gallery_images, cf_gallery_image_versions,
                                                           cf_proximity_placement_groups,
                                                           cf_dedicated_hosts, cf_dedicated_host_groups,
-                                                          cf_log_analytics_data_plane)
+                                                          cf_log_analytics_data_plane,
+                                                          cf_disk_encryption_set)
 from azure.cli.command_modules.vm._format import (
     transform_ip_addresses, transform_vm, transform_vm_create_output, transform_vm_usage_list, transform_vm_list,
     transform_sku_for_table_output, transform_disk_show_table_output, transform_extension_show_table_output,
@@ -172,6 +173,11 @@ def load_command_table(self, _):
         client_factory=cf_log_analytics_data_plane,
     )
 
+    compute_disk_encryption_set_sdk = CliCommandType(
+        operations_tmpl='azure.mgmt.compute.operations#DiskEncryptionSetsOperations.{}',
+        client_factory=cf_disk_encryption_set
+    )
+
     with self.command_group('disk', compute_disk_sdk, operation_group='disks', min_api='2017-03-30') as g:
         g.custom_command('create', 'create_managed_disk', supports_no_wait=True, table_transformer=transform_disk_show_table_output, validator=process_disk_or_snapshot_create_namespace)
         g.command('delete', 'delete', supports_no_wait=True, confirmation=True)
@@ -182,6 +188,13 @@ def load_command_table(self, _):
         g.generic_update_command('update', custom_func_name='update_managed_disk', setter_arg_name='disk', supports_no_wait=True)
         g.wait_command('wait')
 
+    with self.command_group('disk-encryption-set', compute_disk_encryption_set_sdk, client_factory=cf_disk_encryption_set) as g:
+        g.custom_command('create', 'create_disk_encryption_set')
+        g.command('delete', 'delete')
+        # g.command('update', 'update')
+        g.show_command('show', 'get')
+        g.command('list', 'list')
+
     with self.command_group('image', compute_image_sdk, min_api='2016-04-30-preview') as g:
         g.custom_command('create', 'create_image', validator=process_image_create_namespace)
         g.custom_command('list', 'list_images')

src/azure-cli/azure/cli/command_modules/vm/custom.py

@@ -2933,3 +2933,22 @@ def execute_query_for_vm(cmd, client, resource_group_name, vm_name, analytics_qu
                        'Please check the status of log analytics workpsace.')
     return client.query(workspace, QueryBody(query=analytics_query, timespan=timespan))
 # endregion
+
+
+# disk encryption set
+def create_disk_encryption_set(cmd, client, resource_group_name, disk_encryption_set_name,
+                               key_url, source_vault, location=None, tags=None):
+    from msrestazure.tools import resource_id, is_valid_resource_id
+    DiskEncryptionSet, EncryptionSetIdentity, KeyVaultAndKeyReference, SourceVault = cmd.get_models(
+        'DiskEncryptionSet', 'EncryptionSetIdentity', 'KeyVaultAndKeyReference', 'SourceVault')
+    encryption_set_identity = EncryptionSetIdentity(type='SystemAssigned')
+    if not is_valid_resource_id(source_vault):
+        source_vault = resource_id(subscription=client.config.subscription_id, resource_group=resource_group_name,
+                                   namespace='Microsoft.KeyVault', type='vaults', name=source_vault)
+    source_vault = SourceVault(id=source_vault)
+    keyVault_and_key_reference = KeyVaultAndKeyReference(source_vault=source_vault, key_url=key_url)
+    disk_encryption_set = DiskEncryptionSet(location=location, tags=tags, identity=encryption_set_identity,
+                                            active_key=keyVault_and_key_reference)
+    return client.create_or_update(resource_group_name, disk_encryption_set_name, disk_encryption_set)
+
+# endregion