Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@Jing-song
Jing-song committed Jul 13, 2023
1 parent 4396dc8 commit 213908a
Show file tree
Hide file tree
Showing 6 changed files with 82 additions and 84 deletions.
4 changes: 2 additions & 2 deletions src/azure-cli/azure/cli/command_modules/vm/_params.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1003,10 +1003,10 @@ def load_arguments(self, _):
c.ignore('aux_subscriptions')
c.argument('edge_zone', edge_zone_type)
c.argument('accept_term', action='store_true', help="Accept the license agreement and privacy statement.")
c.argument('disable_integrity_monitoring_autoupgrade', action='store_true', min_api='2020-12-01', help='Disable the default behavior of installing guest attestation extension and enabling System Assigned Identity for Trusted Launch enabled VMs and VMSS.')
c.argument('disable_integrity_monitoring', action='store_true', min_api='2020-12-01', help='Disable the default behavior of installing guest attestation extension and enabling System Assigned Identity for Trusted Launch enabled VMs and VMSS.')
c.argument('os_disk_security_encryption_type', arg_type=get_enum_type(self.get_models('SecurityEncryptionTypes')), min_api='2021-11-01', help='Specify the encryption type of the OS managed disk.')
c.argument('os_disk_secure_vm_disk_encryption_set', min_api='2021-11-01', help='Specify the customer managed disk encryption set resource ID or name for the managed disk that is used for customer managed key encrypted Confidential VM OS disk and VM guest blob.')
c.argument('disable_extension_autoupgrade', action='store_true', min_api='2020-12-01', help='Disable the default behavior of installing guest attestation extension autoupgrade for Trusted Launch enabled VMs and VMSS.')
c.argument('disable_integrity_monitoring_autoupgrade', action='store_true', min_api='2020-12-01', help='Disable the default behavior of installing guest attestation extension autoupgrade for Trusted Launch enabled VMs and VMSS.')

with self.argument_context(scope, arg_group='Authentication') as c:
c.argument('generate_ssh_keys', action='store_true', help='Generate SSH public and private key files if missing. The keys will be stored in the ~/.ssh directory')
Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/azure/cli/command_modules/vm/_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1307,7 +1307,7 @@ def _enable_msi_for_trusted_launch(namespace):
# Enable system assigned msi by default when Trusted Launch configuration is met
is_trusted_launch = namespace.security_type and namespace.security_type.lower() == 'trustedlaunch' \
and namespace.enable_vtpm and namespace.enable_secure_boot
if is_trusted_launch and not namespace.disable_integrity_monitoring_autoupgrade:
if is_trusted_launch and not namespace.disable_integrity_monitoring:
from ._vm_utils import MSI_LOCAL_ID
logger.info('The MSI is enabled by default when Trusted Launch configuration is met')
if namespace.assign_identity is None:
Expand Down
26 changes: 12 additions & 14 deletions src/azure-cli/azure/cli/command_modules/vm/custom.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -893,10 +893,9 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_
enable_hotpatching=None, platform_fault_domain=None, security_type=None, enable_secure_boot=None,
enable_vtpm=None, count=None, edge_zone=None, nic_delete_option=None, os_disk_delete_option=None,
data_disk_delete_option=None, user_data=None, capacity_reservation_group=None, enable_hibernation=None,
v_cpus_available=None, v_cpus_per_core=None, accept_term=None,
disable_integrity_monitoring_autoupgrade=False, os_disk_security_encryption_type=None,
os_disk_secure_vm_disk_encryption_set=None, disk_controller_type=None,
disable_extension_autoupgrade=False):
v_cpus_available=None, v_cpus_per_core=None, accept_term=None, disable_integrity_monitoring=False,
os_disk_security_encryption_type=None, os_disk_secure_vm_disk_encryption_set=None,
disk_controller_type=None, disable_integrity_monitoring_autoupgrade=False):

from azure.cli.core.commands.client_factory import get_subscription_id
from azure.cli.core.util import random_string, hash_string
Expand Down Expand Up @@ -1199,7 +1198,7 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_
# Guest Attestation Extension and enable System Assigned MSI by default
is_trusted_launch = security_type and security_type.lower() == 'trustedlaunch' and\
enable_vtpm and enable_secure_boot
if is_trusted_launch and not disable_integrity_monitoring_autoupgrade:
if is_trusted_launch and not disable_integrity_monitoring:
vm = get_vm(cmd, resource_group_name, vm_name, 'instanceView')
client = _compute_client_factory(cmd.cli_ctx)
if vm.storage_profile.os_disk.os_type == 'Linux':
Expand All @@ -1215,7 +1214,7 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_
type_handler_version=version,
settings=None,
auto_upgrade_minor_version=True,
enable_automatic_upgrade=not disable_extension_autoupgrade)
enable_automatic_upgrade=not disable_integrity_monitoring_autoupgrade)
try:
LongRunningOperation(cmd.cli_ctx)(client.virtual_machine_extensions.begin_create_or_update(
resource_group_name, vm_name, 'GuestAttestation', ext))
Expand Down Expand Up @@ -3162,12 +3161,11 @@ def create_vmss(cmd, vmss_name, resource_group_name, image=None,
user_data=None, network_api_version=None, enable_spot_restore=None, spot_restore_timeout=None,
capacity_reservation_group=None, enable_auto_update=None, patch_mode=None, enable_agent=None,
security_type=None, enable_secure_boot=None, enable_vtpm=None, automatic_repairs_action=None,
v_cpus_available=None, v_cpus_per_core=None, accept_term=None,
disable_integrity_monitoring_autoupgrade=False, os_disk_security_encryption_type=None,
os_disk_secure_vm_disk_encryption_set=None, os_disk_delete_option=None, data_disk_delete_option=None,
regular_priority_count=None, regular_priority_percentage=None, disk_controller_type=None,
nat_rule_name=None, enable_osimage_notification=None, max_surge=None,
disable_extension_autoupgrade=False):
v_cpus_available=None, v_cpus_per_core=None, accept_term=None, disable_integrity_monitoring=False,
os_disk_security_encryption_type=None, os_disk_secure_vm_disk_encryption_set=None,
os_disk_delete_option=None, data_disk_delete_option=None, regular_priority_count=None,
regular_priority_percentage=None, disk_controller_type=None, nat_rule_name=None,
enable_osimage_notification=None, max_surge=None, disable_integrity_monitoring_autoupgrade=False):
from azure.cli.core.commands.client_factory import get_subscription_id
from azure.cli.core.util import random_string, hash_string
from azure.cli.core.commands.arm import ArmTemplateBuilder
Expand Down Expand Up @@ -3555,7 +3553,7 @@ def _get_public_ip_address_allocation(value, sku):
# Guest Attestation Extension and enable System Assigned MSI by default
is_trusted_launch = security_type and security_type.lower() == 'trustedlaunch' and\
enable_vtpm and enable_secure_boot
if is_trusted_launch and not disable_integrity_monitoring_autoupgrade:
if is_trusted_launch and not disable_integrity_monitoring:
client = _compute_client_factory(cmd.cli_ctx)
vmss = client.virtual_machine_scale_sets.get(resource_group_name, vmss_name)
vmss.virtual_machine_profile.storage_profile.image_reference = None
Expand All @@ -3574,7 +3572,7 @@ def _get_public_ip_address_allocation(value, sku):
settings=None,
auto_upgrade_minor_version=True,
provision_after_extensions=None,
enable_automatic_upgrade=not disable_extension_autoupgrade)
enable_automatic_upgrade=not disable_integrity_monitoring_autoupgrade)
if not vmss.virtual_machine_profile.extension_profile:
vmss.virtual_machine_profile.extension_profile = VirtualMachineScaleSetExtensionProfile(extensions=[])
vmss.virtual_machine_profile.extension_profile.extensions.append(ext)
Expand Down
8 changes: 4 additions & 4 deletions src/azure-cli/azure/cli/command_modules/vm/linter_exclusions.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ vmss create:
prioritize_unhealthy_instances:
rule_exclusions:
- option_length_too_long
disable_integrity_monitoring_autoupgrade:
disable_integrity_monitoring:
rule_exclusions:
- option_length_too_long
os_disk_security_encryption_type:
Expand All @@ -50,7 +50,7 @@ vmss create:
enable_osimage_notification:
rule_exclusions:
- option_length_too_long
disable_extension_autoupgrade:
disable_integrity_monitoring_autoupgrade:
rule_exclusions:
- option_length_too_long
vmss update:
Expand Down Expand Up @@ -94,7 +94,7 @@ vm create:
public_ip_address_allocation:
rule_exclusions:
- missing_parameter_help
disable_integrity_monitoring_autoupgrade:
disable_integrity_monitoring:
rule_exclusions:
- option_length_too_long
os_disk_security_encryption_type:
Expand All @@ -103,7 +103,7 @@ vm create:
os_disk_secure_vm_disk_encryption_set:
rule_exclusions:
- option_length_too_long
disable_extension_autoupgrade:
disable_integrity_monitoring_autoupgrade:
rule_exclusions:
- option_length_too_long
vm unmanaged-disk attach:
Expand Down
Loading

0 comments on commit 213908a

Please sign in to comment.