compute.azure.com/v1api20220702
APIVersion
| Value | Description |
|---|---|
| “2022-07-02” |
DiskEncryptionSet
Generator information: - Generated from: /compute/resource-manager/Microsoft.Compute/DiskRP/stable/2022-07-02/diskEncryptionSet.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}
Used by: DiskEncryptionSetList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | DiskEncryptionSet_Spec Optional |
|
| status | DiskEncryptionSet_STATUS Optional |
DiskEncryptionSet_Spec
| Property | Description | Type |
|---|---|---|
| activeKey | The key vault key which is currently used by this disk encryption set. | KeyForDiskEncryptionSet Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| encryptionType | The type of key used to encrypt the data of the disk. | DiskEncryptionSetType Optional |
| federatedClientId | Multi-tenant application client id to access key vault in a different tenant. Setting the value to ‘None’ will clear the property. | string Optional |
| federatedClientIdFromConfig | Multi-tenant application client id to access key vault in a different tenant. Setting the value to ‘None’ will clear the property. | genruntime.ConfigMapReference Optional |
| identity | The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. | EncryptionSetIdentity Optional |
| location | Resource location | string Required |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | DiskEncryptionSetOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| rotationToLatestKeyVersionEnabled | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | bool Optional |
| tags | Resource tags | map[string]string Optional |
DiskEncryptionSet_STATUS
| Property | Description | Type |
|---|---|---|
| activeKey | The key vault key which is currently used by this disk encryption set. | KeyForDiskEncryptionSet_STATUS Optional |
| autoKeyRotationError | The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed. | ApiError_STATUS Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| encryptionType | The type of key used to encrypt the data of the disk. | DiskEncryptionSetType_STATUS Optional |
| federatedClientId | Multi-tenant application client id to access key vault in a different tenant. Setting the value to ‘None’ will clear the property. | string Optional |
| id | Resource Id | string Optional |
| identity | The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. | EncryptionSetIdentity_STATUS Optional |
| lastKeyRotationTimestamp | The time when the active key of this disk encryption set was updated. | string Optional |
| location | Resource location | string Optional |
| name | Resource name | string Optional |
| previousKeys | A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation. | KeyForDiskEncryptionSet_STATUS[] Optional |
| provisioningState | The disk encryption set provisioning state. | string Optional |
| rotationToLatestKeyVersionEnabled | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | bool Optional |
| tags | Resource tags | map[string]string Optional |
| type | Resource type | string Optional |
DiskEncryptionSetList
Generator information: - Generated from: /compute/resource-manager/Microsoft.Compute/DiskRP/stable/2022-07-02/diskEncryptionSet.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | DiskEncryptionSet[] Optional |
DiskEncryptionSet_Spec
Used by: DiskEncryptionSet.
| Property | Description | Type |
|---|---|---|
| activeKey | The key vault key which is currently used by this disk encryption set. | KeyForDiskEncryptionSet Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| encryptionType | The type of key used to encrypt the data of the disk. | DiskEncryptionSetType Optional |
| federatedClientId | Multi-tenant application client id to access key vault in a different tenant. Setting the value to ‘None’ will clear the property. | string Optional |
| federatedClientIdFromConfig | Multi-tenant application client id to access key vault in a different tenant. Setting the value to ‘None’ will clear the property. | genruntime.ConfigMapReference Optional |
| identity | The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. | EncryptionSetIdentity Optional |
| location | Resource location | string Required |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | DiskEncryptionSetOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| rotationToLatestKeyVersionEnabled | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | bool Optional |
| tags | Resource tags | map[string]string Optional |
DiskEncryptionSet_STATUS
disk encryption set resource.
Used by: DiskEncryptionSet.
| Property | Description | Type |
|---|---|---|
| activeKey | The key vault key which is currently used by this disk encryption set. | KeyForDiskEncryptionSet_STATUS Optional |
| autoKeyRotationError | The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed. | ApiError_STATUS Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| encryptionType | The type of key used to encrypt the data of the disk. | DiskEncryptionSetType_STATUS Optional |
| federatedClientId | Multi-tenant application client id to access key vault in a different tenant. Setting the value to ‘None’ will clear the property. | string Optional |
| id | Resource Id | string Optional |
| identity | The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. | EncryptionSetIdentity_STATUS Optional |
| lastKeyRotationTimestamp | The time when the active key of this disk encryption set was updated. | string Optional |
| location | Resource location | string Optional |
| name | Resource name | string Optional |
| previousKeys | A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation. | KeyForDiskEncryptionSet_STATUS[] Optional |
| provisioningState | The disk encryption set provisioning state. | string Optional |
| rotationToLatestKeyVersionEnabled | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | bool Optional |
| tags | Resource tags | map[string]string Optional |
| type | Resource type | string Optional |
ApiError_STATUS
Api error.
Used by: DiskEncryptionSet_STATUS.
| Property | Description | Type |
|---|---|---|
| code | The error code. | string Optional |
| details | The Api error details | ApiErrorBase_STATUS[] Optional |
| innererror | The Api inner error | InnerError_STATUS Optional |
| message | The error message. | string Optional |
| target | The target of the particular error. | string Optional |
DiskEncryptionSetOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: DiskEncryptionSet_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
DiskEncryptionSetType
The type of key used to encrypt the data of the disk.
Used by: DiskEncryptionSet_Spec.
| Value | Description |
|---|---|
| “ConfidentialVmEncryptedWithCustomerKey” | |
| “EncryptionAtRestWithCustomerKey” | |
| “EncryptionAtRestWithPlatformAndCustomerKeys” |
DiskEncryptionSetType_STATUS
The type of key used to encrypt the data of the disk.
Used by: DiskEncryptionSet_STATUS.
| Value | Description |
|---|---|
| “ConfidentialVmEncryptedWithCustomerKey” | |
| “EncryptionAtRestWithCustomerKey” | |
| “EncryptionAtRestWithPlatformAndCustomerKeys” |
EncryptionSetIdentity
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
Used by: DiskEncryptionSet_Spec.
| Property | Description | Type |
|---|---|---|
| type | The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. | EncryptionSetIdentity_Type Optional |
| userAssignedIdentities | The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’. | UserAssignedIdentityDetails[] Optional |
EncryptionSetIdentity_STATUS
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
Used by: DiskEncryptionSet_STATUS.
| Property | Description | Type |
|---|---|---|
| principalId | The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity | string Optional |
| tenantId | The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity | string Optional |
| type | The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. | EncryptionSetIdentity_Type_STATUS Optional |
| userAssignedIdentities | The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’. | map[string]EncryptionSetIdentity_UserAssignedIdentities_STATUS Optional |
KeyForDiskEncryptionSet
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
Used by: DiskEncryptionSet_Spec.
| Property | Description | Type |
|---|---|---|
| keyUrl | Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value. | string Optional |
| keyUrlFromConfig | Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value. | genruntime.ConfigMapReference Optional |
| sourceVault | Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. | SourceVault Optional |
KeyForDiskEncryptionSet_STATUS
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
Used by: DiskEncryptionSet_STATUS, and DiskEncryptionSet_STATUS.
| Property | Description | Type |
|---|---|---|
| keyUrl | Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value. | string Optional |
| sourceVault | Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. | SourceVault_STATUS Optional |
ApiErrorBase_STATUS
Api error base.
Used by: ApiError_STATUS.
| Property | Description | Type |
|---|---|---|
| code | The error code. | string Optional |
| message | The error message. | string Optional |
| target | The target of the particular error. | string Optional |
EncryptionSetIdentity_Type
Used by: EncryptionSetIdentity.
| Value | Description |
|---|---|
| “None” | |
| “SystemAssigned” | |
| “SystemAssigned, UserAssigned” | |
| “UserAssigned” |
EncryptionSetIdentity_Type_STATUS
Used by: EncryptionSetIdentity_STATUS.
| Value | Description |
|---|---|
| “None” | |
| “SystemAssigned” | |
| “SystemAssigned, UserAssigned” | |
| “UserAssigned” |
EncryptionSetIdentity_UserAssignedIdentities_STATUS
Used by: EncryptionSetIdentity_STATUS.
| Property | Description | Type |
|---|---|---|
| clientId | The client id of user assigned identity. | string Optional |
| principalId | The principal id of user assigned identity. | string Optional |
InnerError_STATUS
Inner error details.
Used by: ApiError_STATUS.
| Property | Description | Type |
|---|---|---|
| errordetail | The internal error message or exception dump. | string Optional |
| exceptiontype | The exception type. | string Optional |
SourceVault
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
Used by: KeyForDiskEncryptionSet.
| Property | Description | Type |
|---|---|---|
| reference | Resource Id | genruntime.ResourceReference Optional |
SourceVault_STATUS
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
Used by: KeyForDiskEncryptionSet_STATUS.
| Property | Description | Type |
|---|---|---|
| id | Resource Id | string Optional |
UserAssignedIdentityDetails
Information about the user assigned identity for the resource
Used by: EncryptionSetIdentity.
| Property | Description | Type |
|---|---|---|
| reference | genruntime.ResourceReference Optional |