Class: Fog::Hyperv::Compute::Security

Inherits:

Model

• Object
• Model
• Model
• Fog::Hyperv::Compute::Security

Defined in:

lib/fog/hyperv/compute/models/security.rb

Overview

Security settings for a generation 2 (UEFI) VM

See Also:

• WMI definitions

Instance Attribute Summary

• #bind_to_host_tpm ⇒ Boolean readonly

  If the VM is bound to the host TPM.

• #encrypt_state_and_vm_migration_traffic ⇒ Boolean

  If VM state and migration traffic should be encrypted.

• #key_protector ⇒ String, null readonly

  The key protector encryption key.

• #ksd_enabled ⇒ Boolean readonly

  If a key storage device is enabled for the VM.

• #shielded ⇒ Boolean readonly

  If the VM is shielded.

• #tpm_enabled ⇒ Boolean

  If a vTPM is enabled for the VM.

• #virtualization_based_security_opt_out ⇒ Boolean

  If virtualization-based securty should be opted out of for the VM.

• #vm ⇒ Server readonly

  The VM this security configuration is attached to.

Instance Method Summary

• #change_key_protector(protector) ⇒ String

  Change the key protector for a VM.

• #reload ⇒ Object
• #update ⇒ Object

Methods inherited from Model

#initialize

Methods included from ModelExtends

#collection

Methods included from ModelIncludes

#cluster, #computer, #dirty, #dirty?

Constructor Details

This class inherits a constructor from Fog::Hyperv::Model

Instance Attribute Details

#bind_to_host_tpm ⇒ Boolean (readonly)

Returns if the VM is bound to the host TPM.

Returns:

• (Boolean) —

  if the VM is bound to the host TPM

# File 'lib/fog/hyperv/compute/models/security.rb', line 25

attribute :bind_to_host_tpm, type: :boolean

#encrypt_state_and_vm_migration_traffic ⇒ Boolean

Returns if VM state and migration traffic should be encrypted.

Returns:

• (Boolean) —

  if VM state and migration traffic should be encrypted

# File 'lib/fog/hyperv/compute/models/security.rb', line 19

attribute :encrypt_state_and_vm_migration_traffic, type: :boolean

#key_protector ⇒ String, null (readonly)

Returns the key protector encryption key.

Returns:

• (String, null) —

  the key protector encryption key

See Also:

• #change_key_protector

# File 'lib/fog/hyperv/compute/models/security.rb', line 36

def key_protector
  requires :vm

  @key_protector ||= service.get_vm_key_protector(
    computer_name: vm.computer_name,
    vm_id: vm.id
  )[:value]
end

#ksd_enabled ⇒ Boolean (readonly)

Returns if a key storage device is enabled for the VM.

Returns:

• (Boolean) —

  if a key storage device is enabled for the VM

# File 'lib/fog/hyperv/compute/models/security.rb', line 13

attribute :ksd_enabled, type: :boolean

#shielded ⇒ Boolean (readonly)

Returns if the VM is shielded.

Returns:

• (Boolean) —

  if the VM is shielded

# File 'lib/fog/hyperv/compute/models/security.rb', line 16

attribute :shielded, type: :boolean

#tpm_enabled ⇒ Boolean

Returns if a vTPM is enabled for the VM.

Returns:

• (Boolean) —

  if a vTPM is enabled for the VM

# File 'lib/fog/hyperv/compute/models/security.rb', line 10

attribute :tpm_enabled, type: :boolean

#virtualization_based_security_opt_out ⇒ Boolean

Returns if virtualization-based securty should be opted out of for the VM.

Returns:

• (Boolean) —

  if virtualization-based securty should be opted out of for the VM

# File 'lib/fog/hyperv/compute/models/security.rb', line 22

attribute :virtualization_based_security_opt_out, type: :boolean

#vm ⇒ Server (readonly)

Returns the VM this security configuration is attached to.

Returns:

• (Server) —

  the VM this security configuration is attached to

# File 'lib/fog/hyperv/compute/models/security.rb', line 29

has_one :vm, :servers

Instance Method Details

#change_key_protector(protector) ⇒ String

Note:

a VM key protector can not be removed once set, only changed

Change the key protector for a VM

Parameters:

• protector (:new, :local, :last, String) —

  the key protector to set. :new/:local will generate a new host-local encryption key, :last will restore the last successfully used encryption key

Returns:

• (String) —

  the binary key protector that was set

# File 'lib/fog/hyperv/compute/models/security.rb', line 51

def change_key_protector(protector)
  requires :vm

  protector = case protector
              when :new, :local
                { new_local_key_protector: true }
              when :last
                { restore_last_known_good_key_protector: true }
              else
                { key_protector: protector }
              end

  service.set_vm_key_protector(
    computer_name: vm.computer_name,
    vm_id: vm.id,

    **protector
  )
  @key_protector = nil
  true
end

#reload ⇒ Object

# File 'lib/fog/hyperv/compute/models/security.rb', line 99

def reload
  requires :vm

  data = service.get_vm_security(
    computer_name: vm.computer_name,
    vm_id: vm.id,

    _return_fields: self.class.attributes
  )
  return unless data

  merge_attributes(data)
end

#update ⇒ Object

# File 'lib/fog/hyperv/compute/models/security.rb', line 73

def update
  requires :vm

  if tpm_enabled != old.tpm_enabled
    meth = tpm_enabled ? :enable_vm_tpm : :disable_vm_tpm
    service.public_send(meth, vm_id: vm.id)
  end

  changes = {
    encrypt_state_and_vm_migration_traffic: changed!(:encrypt_state_and_vm_migration_traffic),
    virtualization_based_security_opt_out: changed!(:virtualization_based_security_opt_out)
  }.compact
  return self unless changes.any?

  merge_attributes(
    service.set_vm_security(
      computer_name: old.vm.computer_name,
      vm_id: old.vm.id,

      **changes,

      _return_fields: self.class.attributes
    )
  )
end