Can't set ftcpt.ftEncryptionMode or migrate.encryptionMode in extra config

[jhg03a]

Describe the bug
When attempting to set ftcpt.ftEncryptionMode or migrate.encryptionMode in VM extra config on vSphere 8.0U3, the modify task says it completed successfully, but those properties are missing if you query the extra config immediately afterwards. Other made up properties can be set fine.

To Reproduce
Steps to reproduce the behavior:

1. govc vm.change -vm=/'DC West'/vm/vm.test.net -e ftcpt.ftEncryptionMode="ftEncryptionRequired" -e migrate.encryptionMode="required" -e foo="bar"
2. govc vm.info -e /'DC West'/vm/vm.test.net

Expected behavior
I expect to either have those configs set ideally or an error thrown if it's not possible to set them

Affected version
govc installed via brew on osx at latest available (0.38.0)

Screenshots/Debug Output

| => govc vm.change -debug=true -trace=true -verbose=true -dump=true -json=true -vm=/'DC West'/vm/vm.test.net -e ftcpt.ftEncryptionMode="ftEncryptionRequired" -e migrate.encryptionMode="required" -e foo="bar"
<snipped>
types.ReconfigVM_Task{
    This: types.ManagedObjectReference{Type:"VirtualMachine", Value:"vm-9039", ServerGUID:""},
    Spec: types.VirtualMachineConfigSpec{
        ChangeVersion:         "",
        Name:                  "",
        Version:               "",
        CreateDate:            (*time.Time)(nil),
        Uuid:                  "",
        InstanceUuid:          "",
        NpivNodeWorldWideName: nil,
        NpivPortWorldWideName: nil,
        NpivWorldWideNameType: "",
        NpivDesiredNodeWwns:   0,
        NpivDesiredPortWwns:   0,
        NpivTemporaryDisabled: (*bool)(nil),
        NpivOnNonRdmDisks:     (*bool)(nil),
        NpivWorldWideNameOp:   "",
        LocationId:            "",
        GuestId:               "",
        AlternateGuestName:    "",
        Annotation:            "",
        Files:                 (*types.VirtualMachineFileInfo)(nil),
        Tools:                 (*types.ToolsConfigInfo)(nil),
        Flags:                 (*types.VirtualMachineFlagInfo)(nil),
        ConsolePreferences:    (*types.VirtualMachineConsolePreferences)(nil),
        PowerOpInfo:           (*types.VirtualMachineDefaultPowerOpInfo)(nil),
        RebootPowerOff:        (*bool)(nil),
        NumCPUs:               0,
        VcpuConfig:            nil,
        NumCoresPerSocket:     0,
        MemoryMB:              0,
        MemoryHotAddEnabled:   (*bool)(nil),
        CpuHotAddEnabled:      (*bool)(nil),
        CpuHotRemoveEnabled:   (*bool)(nil),
        VirtualICH7MPresent:   (*bool)(nil),
        VirtualSMCPresent:     (*bool)(nil),
        DeviceChange:          nil,
        CpuAllocation:         (*types.ResourceAllocationInfo)(nil),
        MemoryAllocation:      (*types.ResourceAllocationInfo)(nil),
        LatencySensitivity:    (*types.LatencySensitivity)(nil),
        CpuAffinity:           (*types.VirtualMachineAffinityInfo)(nil),
        MemoryAffinity:        (*types.VirtualMachineAffinityInfo)(nil),
        NetworkShaper:         (*types.VirtualMachineNetworkShaperInfo)(nil),
        CpuFeatureMask:        nil,
        ExtraConfig:           []types.BaseOptionValue{
            &types.OptionValue{
                Key:   "ftcpt.ftEncryptionMode",
                Value: "ftEncryptionRequired",
            },
            &types.OptionValue{
                Key:   "migrate.encryptionMode",
                Value: "required",
            },
            &types.OptionValue{
                Key:   "foo",
                Value: "bar",
            },
        },
        SwapPlacement:                "",
        BootOptions:                  (*types.VirtualMachineBootOptions)(nil),
        VAppConfig:                   nil,
        FtInfo:                       nil,
        RepConfig:                    (*types.ReplicationConfigSpec)(nil),
        VAppConfigRemoved:            (*bool)(nil),
        VAssertsEnabled:              (*bool)(nil),
        ChangeTrackingEnabled:        (*bool)(nil),
        Firmware:                     "",
        MaxMksConnections:            0,
        GuestAutoLockEnabled:         (*bool)(nil),
        ManagedBy:                    (*types.ManagedByInfo)(nil),
        MemoryReservationLockedToMax: (*bool)(nil),
        NestedHVEnabled:              (*bool)(nil),
        VPMCEnabled:                  (*bool)(nil),
        ScheduledHardwareUpgradeInfo: (*types.ScheduledHardwareUpgradeInfo)(nil),
        VmProfile:                    nil,
        MessageBusTunnelEnabled:      (*bool)(nil),
        Crypto:                       nil,
        MigrateEncryption:            "",
        SgxInfo:                      (*types.VirtualMachineSgxInfo)(nil),
        FtEncryptionMode:             "",
        GuestMonitoringModeInfo:      (*types.VirtualMachineGuestMonitoringModeInfo)(nil),
        SevEnabled:                   (*bool)(nil),
        VirtualNuma:                  (*types.VirtualMachineVirtualNuma)(nil),
        MotherboardLayout:            "",
        PmemFailoverEnabled:          (*bool)(nil),
        VmxStatsCollectionEnabled:    (*bool)(nil),
        VmOpNotificationToAppEnabled: (*bool)(nil),
        VmOpNotificationTimeout:      0,
        DeviceSwap:                   (*types.VirtualMachineVirtualDeviceSwap)(nil),
        SimultaneousThreads:          0,
        Pmem:                         (*types.VirtualMachineVirtualPMem)(nil),
        DeviceGroups:                 (*types.VirtualMachineVirtualDeviceGroups)(nil),
        FixedPassthruHotPlugEnabled:  (*bool)(nil),
    },
}
types.ReconfigVM_TaskResponse{
    Returnval: types.ManagedObjectReference{Type:"Task", Value:"task-19320", ServerGUID:""},
}
types.CreatePropertyCollector{
    This: types.ManagedObjectReference{Type:"PropertyCollector", Value:"propertyCollector", ServerGUID:""},
}
types.CreatePropertyCollectorResponse{
    Returnval: types.ManagedObjectReference{Type:"PropertyCollector", Value:"session[<session_guid>]52cc6f78-add9-3432-e23f-f828e84ecab0", ServerGUID:""},
}
types.CreateFilter{
    This: types.ManagedObjectReference{Type:"PropertyCollector", Value:"session[<session_guid>]52cc6f78-add9-3432-e23f-f828e84ecab0", ServerGUID:""},
    Spec: types.PropertyFilterSpec{
        PropSet: []types.PropertySpec{
            {
                Type:    "Task",
                All:     (*bool)(nil),
                PathSet: []string{"info"},
            },
        },
        ObjectSet: []types.ObjectSpec{
            {
                Obj:       types.ManagedObjectReference{Type:"Task", Value:"task-19320", ServerGUID:""},
                Skip:      (*bool)(nil),
                SelectSet: nil,
            },
        },
        ReportMissingObjectsInResults: (*bool)(nil),
    },
    PartialUpdates: false,
}
types.CreateFilterResponse{
    Returnval: types.ManagedObjectReference{Type:"PropertyFilter", Value:"session[<session_guid>]5209d3b6-68cd-103c-b743-9382dd57d25a", ServerGUID:""},
}
types.WaitForUpdatesEx{
    This:    types.ManagedObjectReference{Type:"PropertyCollector", Value:"session[<session_guid>]52cc6f78-add9-3432-e23f-f828e84ecab0", ServerGUID:""},
    Version: "",
    Options: (*types.WaitOptions)(nil),
}
types.WaitForUpdatesExResponse{
    Returnval: &types.UpdateSet{
        Version:   "1",
        FilterSet: []types.PropertyFilterUpdate{
            {
                Filter:    types.ManagedObjectReference{Type:"PropertyFilter", Value:"session[<session_guid>]5209d3b6-68cd-103c-b743-9382dd57d25a", ServerGUID:""},
                ObjectSet: []types.ObjectUpdate{
                    {
                        Kind:      "enter",
                        Obj:       types.ManagedObjectReference{Type:"Task", Value:"task-19320", ServerGUID:""},
                        ChangeSet: []types.PropertyChange{
                            {
                                Name: "info",
                                Op:   "assign",
                                Val:  types.TaskInfo{
                                    Key:             "task-19320",
                                    Task:            types.ManagedObjectReference{Type:"Task", Value:"task-19320", ServerGUID:""},
                                    Description:     (*types.LocalizableMessage)(nil),
                                    Name:            "ReconfigVM_Task",
                                    DescriptionId:   "VirtualMachine.reconfigure",
                                    Entity:          &types.ManagedObjectReference{Type:"VirtualMachine", Value:"vm-9039", ServerGUID:""},
                                    EntityName:      "vm.test.net",
                                    Locked:          nil,
                                    State:           "success",
                                    Cancelled:       false,
                                    Cancelable:      false,
                                    Error:           (*types.LocalizedMethodFault)(nil),
                                    Result:          nil,
                                    Progress:        0,
                                    ProgressDetails: nil,
                                    Reason:          &types.TaskReasonUser{
                                        TaskReason: types.TaskReason{},
                                        UserName:   "VSPHERE.LOCAL\\Administrator",
                                    },
                                    QueueTime:     time.Now(),
                                    StartTime:     types.NewTime(time.Now()),
                                    CompleteTime:  types.NewTime(time.Now()),
                                    EventChainId:  1157403,
                                    ChangeTag:     "",
                                    ParentTaskKey: "",
                                    RootTaskKey:   "",
                                    ActivationId:  "",
                                },
                            },
                        },
                        MissingSet: nil,
                    },
                },
                MissingSet: nil,
            },
        },
        Truncated: (*bool)(nil),
    },
}
types.DestroyPropertyFilter{
    This: types.ManagedObjectReference{Type:"PropertyFilter", Value:"session[<session_guid>]5209d3b6-68cd-103c-b743-9382dd57d25a", ServerGUID:""},
}
types.DestroyPropertyFilterResponse{}
types.DestroyPropertyCollector{
    This: types.ManagedObjectReference{Type:"PropertyCollector", Value:"session[<session_guid>]52cc6f78-add9-3432-e23f-f828e84ecab0", ServerGUID:""},
}
types.DestroyPropertyCollectorResponse{}


| => govc vm.info -e /'DC West'/vm/vm.test.net
Name:           vm.test.net
  Path:         /DC West/vm/vm.test.net
  UUID:         4205fb31-48e8-190a-dc2a-52ffb4428b68
  Guest name:   Rocky Linux (64-bit)
  Memory:       8092MB
  CPU:          4 vCPU(s)
  Power state:  poweredOff
  Boot time:    <nil>
  IP address:
  Host:         vmhost.test.net
  ExtraConfig:
    nvram:                                     vm.test.net.nvram
    svga.present:                              TRUE
    pciBridge0.present:                        TRUE
    pciBridge4.present:                        TRUE
    pciBridge4.virtualDev:                     pcieRootPort
    pciBridge4.functions:                      8
    pciBridge5.present:                        TRUE
    pciBridge5.virtualDev:                     pcieRootPort
    pciBridge5.functions:                      8
    pciBridge6.present:                        TRUE
    pciBridge6.virtualDev:                     pcieRootPort
    pciBridge6.functions:                      8
    pciBridge7.present:                        TRUE
    pciBridge7.virtualDev:                     pcieRootPort
    pciBridge7.functions:                      8
    hpet0.present:                             TRUE
    isolation.tools.vmxDnDVersionGet.disable:  TRUE
    RemoteDisplay.maxConnections:              1
    log.rotateSize:                            2048000
    mks.enable3d:                              FALSE
    isolation.tools.copy.disable:              TRUE
    isolation.tools.setGUIOptions.enable:      FALSE
    isolation.device.connectable.disable:      TRUE
    isolation.tools.paste.disable:             TRUE
    isolation.tools.dnd.disable:               TRUE
    viv.moid:                                  <redacted>
    vmware.tools.internalversion:              2147483647
    vmware.tools.requiredversion:              12448
    migrate.hostLogState:                      none
    migrate.migrationId:                       0
    migrate.hostLog:                           vm.test.net-544fa868.hlog
    guestinfo.metadata:                        <redacted>
    guestinfo.metadata.encoding:               gzip+base64
    guestinfo.userdata:                        <redacted>
    guestinfo.userdata.encoding:               gzip+base64
    guestinfo.vendordata:                      <redacted>
    guestinfo.vendordata.encoding:             gzip+base64
    foo:                                       bar

Additional context
These properties are settable via PowerCLI as follows:

$VMview = $TargetVM | Get-View 
$ConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$ConfigSpec.FtEncryptionMode = New-object VMware.Vim.VirtualMachineConfigSpecEncryptedFtModes
$ConfigSpec.FtEncryptionMode = "ftEncryptionRequired"
$ConfigSpec.MigrateEncryption = New-Object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes
$ConfigSpec.MigrateEncryption = "required"
$VMview.ReconfigVM_Task($ConfigSpec)

Separately I also noticed that it seems govc cannot deploy and OVF with these properties set as well which would have been ideal.

[github-actions]

Howdy 🖐   jhg03a ! Thank you for your interest in this project. We value your feedback and will respond soon.

If you want to contribute to this project, please make yourself familiar with the CONTRIBUTION guidelines.

[dougm]

Hmm, is there a doc that says you can use extraConfig to set these? I think we need to flags to set in the spec like so:

govc vm.change -vm $vm -ft-encryption-mode ftEncryptionRequired -migrate-encryption required

Can open a PR later, but patch below if you want to try it out.

diff --git a/govc/vm/change.go b/govc/vm/change.go
index a5a73b53..9bccb3fc 100644
--- a/govc/vm/change.go
+++ b/govc/vm/change.go
@@ -174,6 +174,9 @@ func (cmd *change) Register(ctx context.Context, f *flag.FlagSet) {
        f.Var(flags.NewOptionalBool(&cmd.Flags.VvtdEnabled), "iommu-enabled", "Enable IOMMU")
 
        f.StringVar(&cmd.hwUpgradePolicy, "scheduled-hw-upgrade-policy", "", fmt.Sprintf("Schedule hardware upgrade policy (%s)", strings.Join(hwUpgradePolicies, "|")))
+
+       f.StringVar(&cmd.FtEncryptionMode, "ft-encryption-mode", "", "Encrypted fault tolerance mode")
+       f.StringVar(&cmd.MigrateEncryption, "migrate-encryption", "", "Encrypted vMotion mode")
 }
 
 func (cmd *change) Description() string {

[jhg03a]

It's when you set them via extraconfig as you should be able to do, that there's no change but also a success message. You can see in the example above I also set a Foo key in the same transaction and it's fine.

[prziborowski]

I'm new to the govmomi project, but unless the go bindings are trying to go way beyond what the normal vSphere SOAP bindings do, "extraConfig" isn't where you set anything that has formal properties.

The documentation states:
"Configuration keys that would conflict with parameters that are explicitly configurable through other fields in the ConfigSpec object are silently ignored."

[dougm]

@jhg03a flags added to govc vm.change in #3614 , that uses the same fields + method as the PowerCLI snippet you included.

It's when you set them via extraconfig as you should be able to do

Do you have an doc pointers on this?
I found that ftcpt.ftEncryptionMode = "ftEncryptionRequired" works as you're expecting when adding it directly to the .vmx file, then powering on the VM. Not sure why the API (extraConfig) ignores it.