Trusted Launch for VM/VMSS #27260
Trusted Launch for VM/VMSS #27260
Conversation
grizzlytheodore
requested review from
bilaakpan-ms,
Sandido and
haagha
as code owners
| Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status. |
| @@ -20,6 +20,7 @@ | |||
| --> | |||
| ## Upcoming Release | |||
| * Updated `New-AzVM`, `New-AzVmss`, `Update-AzVM`, and `Update-AzVmss` to pass `Standard` as an input of `-SecurityType` parameter. | |||
There was a problem hiding this comment.
Where are the vmss tests? Those are needed.
| Start-AzVM -ResourceGroupName $rgname -Name $vmname2 | ||
| $updated_vm = Get-AzVM -ResourceGroupName $rgname -Name $vmname2; | ||
|
|
||
| Assert-Null $updated_vm.SecurityProfile.SecurityType; |
There was a problem hiding this comment.
part of Trusted launch headache - they want Standard to be passed in for security type, because it is a valid input now and SecurityType:null will default to TL now.
But passing in SecurityType:Standard will return with SecurityProfile: null
| @@ -108,7 +108,7 @@ internal static ResourceConfig<VirtualMachineScaleSet> CreateVirtualMachineScale | |||
| PlatformFaultDomainCount = platformFaultDomainCount, | |||
| VirtualMachineProfile = new VirtualMachineScaleSetVMProfile | |||
| { | |||
| SecurityProfile = ((encryptionAtHost == true || enableVtpm != null || enableSecureBoot != null || securityType != null) && (securityType?.ToLower() != ConstantValues.StandardSecurityType)) | |||
There was a problem hiding this comment.
so now Standard can have a security profile?
There was a problem hiding this comment.
yeah. Standard HAS to have security profile to pass SecurityProfile.SecurityType as Standard
| @@ -6895,7 +6905,7 @@ function Test-VirtualMachineSecurityTypeStandard | |||
| { | |||
There was a problem hiding this comment.
also re-record
Test-VirtualMachineSecurityType
Test-VMDefaultsToTrustedLaunch
Test-VMDefaultsToTrustedLaunchWithManagedDisk
Test-VMDefaultsToTrustedLaunchWithNullEncryptionAtHost
There was a problem hiding this comment.
VirtualMachineScaleSetDefaultImgWhenStandard
VirtualMachineScaleSetConfidentialVMSSSecurityType
There was a problem hiding this comment.
Looks like Test-VMDefaultsToTrustedLaunchWithManagedDisk was never a working test and there is no recording for it. I am not sure how it exists without causing CI failure
There was a problem hiding this comment.
Fails with " ErrorMessage: VM 'vmcrptestps4346' has not reported status for VM agent or extensions. Verify that the OS is up and healthy, the VM has a running VM agent, and that it can establish outbound connections to Azure storage. Please refer to https://aka.ms/vmextensionwindowstroubleshoot for additional VM agent troubleshooting information.
"
Description
addressing: https://github.com/Azure/azure-powershell-cmdlet-review-pr/issues/1477
Mandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.mdand reviewed the following information:ChangeLog.mdfile(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.## Upcoming Releaseheader in the past tense.ChangeLog.mdif no new release is required, such as fixing test case only.