diff --git a/Modules/VMware.VMEncryption/README.md b/Modules/VMware.VMEncryption/README.md index 9e38900..d01c5fa 100644 --- a/Modules/VMware.VMEncryption/README.md +++ b/Modules/VMware.VMEncryption/README.md @@ -2,6 +2,31 @@ Prerequisites/Steps to use this module: 1. This module only works for vSphere products that support VM Encryption. E.g. vSphere 6.5 and later. 2. All the functions in this module only work for KMIP Servers. -3. Install the latest version of Powershell and PowerCLI(6.5). +3. Install the latest version of Powershell and PowerCLI. 4. Import this module by running: Import-Module -Name "location of this module" -5. Get-Command -Module "This module Name" to list all available functions. \ No newline at end of file +5. Get-Command -Module "This module Name" to list all available functions. + +Note: +Deprecating the below functions related to KMServer and KMSCluster from VMware.VMEncryption and using instead the ones from VMware.VimAutomation.Storage, + +1, VMware.VMEncryption\Get-DefaultKMSCluster, use instead +VMware.VimAutomation.Storage\Get-KmsCluster|where {$_.UseAsDefaultKeyProvider}|foreach {$_.id} + +2, VMware.VMEncryption\Get-KMSCluster, use instead +VMware.VimAutomation.Storage\Get-KmsCluster|select id + +3, VMware.VMEncryption\Get-KMSClusterInfo, use instead +VMware.VimAutomation.Storage\Get-KmsCluster|foreach {$_.extensiondata} + +4, VMware.VMEncryption\Get-KMServerInfo, use instead +VMware.VimAutomation.Storage\Get-KeyManagementServer|foreach {$_.extensiondata} + +5, VMware.VMEncryption\New-KMServer, use instead +VMware.VimAutomation.Storage\Add-KeyManagementServer + +6, VMware.VMEncryption\Remove-KMServer, use instead +VMware.VimAutomation.Storage\Remove-KeyManagementServer + +7, VMware.VMEncryption\Set-DefaultKMSCluster, use instead +VMware.VimAutomation.Storage\Set-KmsCluster -UseAsDefaultKeyProvider + diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 index d310632..95b678f 100644 Binary files a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 and b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 differ diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index 023087c..7752274 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -1,5 +1,5 @@ # Script Module : VMware.VMEncryption -# Version : 1.0 +# Version : 1.1 # Copyright © 2016 VMware, Inc. All Rights Reserved. @@ -56,8 +56,13 @@ New-VIProperty -Name EncryptionKeyId -ObjectType VirtualMachine -Value { New-VIProperty -Name Locked -ObjectType VirtualMachine -Value { Param ($VM) - ($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId) -} -BasedOnExtensionProperty 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null + if ($vm.ExtensionData.Runtime.CryptoState) { + $vm.ExtensionData.Runtime.CryptoState -eq "locked" + } + else { + ($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId) + } +} -BasedOnExtensionProperty 'Runtime.CryptoState', 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { Param ($VM) @@ -113,13 +118,6 @@ Function Enable-VMHostCryptoSafe { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -181,13 +179,6 @@ Function Set-VMHostCryptoKey { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -266,13 +257,6 @@ Function Set-vMotionEncryptionConfig { .NOTES Author : Brian Graf, Carrie Yang. Author email : grafb@vmware.com, yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -348,13 +332,6 @@ Function Enable-VMEncryption { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -508,13 +485,6 @@ Function Enable-VMDiskEncryption { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -660,13 +630,6 @@ Function Disable-VMEncryption { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -756,13 +719,6 @@ Function Disable-VMDiskEncryption { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -891,13 +847,6 @@ Function Set-VMEncryptionKey { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1047,13 +996,6 @@ Function Set-VMDiskEncryptionKey { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1170,13 +1112,6 @@ Function Get-VMEncryptionInfo { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1269,13 +1204,6 @@ Function Get-EntityByCryptoKey { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1394,13 +1322,6 @@ Function New-KMServer { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1435,6 +1356,7 @@ Function New-KMServer { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Add-KeyManagementServer instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1553,13 +1475,6 @@ Function Remove-KMServer { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1573,6 +1488,7 @@ Function Remove-KMServer { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Remove-KeyManagementServer instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1630,15 +1546,9 @@ Function Get-KMSCluster { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1668,14 +1578,6 @@ Function Get-KMSClusterInfo { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1686,6 +1588,7 @@ Function Get-KMSClusterInfo { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1721,13 +1624,6 @@ Function Get-KMServerInfo { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1738,6 +1634,7 @@ Function Get-KMServerInfo { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KeyManagementServer instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1782,13 +1679,6 @@ Function Get-KMServerStatus { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1853,15 +1743,9 @@ Function Get-DefaultKMSCluster { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1890,13 +1774,6 @@ Function Set-DefaultKMSCluster { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1906,6 +1783,7 @@ Function Set-DefaultKMSCluster { [String] $KMSClusterId ) + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Set-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1917,6 +1795,55 @@ Function Set-DefaultKMSCluster { $CM.MarkDefault($ProviderId) } +Function Set-VMCryptoUnlock { + <# + .SYNOPSIS + This cmdlet unlocks a locked vm + + .DESCRIPTION + This cmdlet unlocks a locked vm + + .PARAMETER VM + Specifies the VM you want to unlock + + .EXAMPLE + PS C:\> Get-VM |where {$_.locked}| Set-VMCryptoUnlock + + Unlock all locked vms + + .NOTES + Author : Fangying Zhang + Author email : fzhang@vmware.com + #> + + [CmdLetBinding()] + + param ( + [Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)] + [VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine[]]$VM + ) + + Begin { + # Confirm the connected VIServer is vCenter Server + ConfirmIsVCenter + } + + Process { + foreach ($thisvm in $vm) { + if (!$thisvm.encrypted) { + write-warning "$thisvm is not encrypted, will skip $thisvm" + continue + } + if (!$thisvm.Locked) { + write-warning "$thisvm may not be locked!" + # $thisvm.locked could be false on old 6.5.0 build (bug 1931370), so do not skip $thisvm + } + write-verbose "try to CryptoUnlock $thisvm" + $thisvm.ExtensionData.CryptoUnlock() + } + } +} + Function ConfirmIsVCenter{ <# .SYNOPSIS