Skip to content

Commit

Permalink
Added CVM settings for version 2021-11-01 (#16622)
Browse files Browse the repository at this point in the history 
* Added CVM settings

* added examples

* Add CMK examples

* fixed typo

* fixed file name

* prettier check

* removed a br

* changed to VMDiskSecurityProfile

* type as object
  • Loading branch information
@ms-saypaul @grizzlytheodore
ms-saypaul authored and grizzlytheodore committed Jan 3, 2022
1 parent be9341a commit cedd64f
Show file tree
Hide file tree
Showing 4 changed files with 658 additions and 2 deletions.
44 changes: 42 additions & 2 deletions specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3455,6 +3455,12 @@
},
"Create a VM from a shared gallery image": {
"$ref": "./examples/compute/CreateAVmFromASharedGalleryImage.json"
},
"Create a VM with securityType ConfidentialVM with Platform Managed Keys": {
"$ref": "./examples/compute/CreateAVmWithSecurityTypeConfidentialVM.json"
},
"Create a VM with securityType ConfidentialVM with Customer Managed Keys": {
"$ref": "./examples/compute/CreateAVmWithSecurityTypeConfidentialVMWithCustomerManagedKeys.json"
}
}
},
Expand Down Expand Up @@ -5857,6 +5863,9 @@
},
"Create a scale set with spot restore policy": {
"$ref": "./examples/compute/CreateAScaleSetWithSpotRestorePolicy.json"
},
"Create a scale set with SecurityType as ConfidentialVM": {
"$ref": "./examples/compute/CreateAScaleSetWithSecurityTypeConfidentialVM.json"
}
}
},
Expand Down Expand Up @@ -11357,6 +11366,28 @@
],
"description": "Describes the parameter of customer managed disk encryption set resource id that can be specified for disk. <br><br> NOTE: The disk encryption set resource id can only be specified for managed disk. Please refer https://aka.ms/mdssewithcmkoverview for more details."
},
"VMDiskSecurityProfile": {
"type": "object",
"properties": {
"securityEncryptionType": {
"type": "string",
"description": "Specifies the EncryptionType of the managed disk. <br> It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, and VMGuestStateOnly for encryption of just the VMGuestState blob. <br><br> NOTE: It can be set for only Confidential VMs.",
"enum": [
"VMGuestStateOnly",
"DiskWithVMGuestState"
],
"x-ms-enum": {
"name": "securityEncryptionTypes",
"modelAsString": true
}
},
"diskEncryptionSet": {
"$ref": "#/definitions/DiskEncryptionSetParameters",
"description": "Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob."
}
},
"description": "Specifies the security profile settings for the managed disk. <br><br> NOTE: It can only be set for Confidential VMs"
},
"KeyVaultKeyReference": {
"properties": {
"keyUrl": {
Expand Down Expand Up @@ -11510,6 +11541,10 @@
"diskEncryptionSet": {
"$ref": "#/definitions/DiskEncryptionSetParameters",
"description": "Specifies the customer managed disk encryption set resource id for the managed disk."
},
"securityProfile": {
"$ref": "#/definitions/VMDiskSecurityProfile",
"description": "Specifies the security profile for the managed disk."
}
},
"allOf": [
Expand Down Expand Up @@ -11710,9 +11745,10 @@
},
"securityType": {
"type": "string",
"description": "Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. <br><br> Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch.",
"description": "Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. <br><br> Default: UefiSettings will not be enabled unless this property is set.",
"enum": [
"TrustedLaunch"
"TrustedLaunch",
"ConfidentialVM"
],
"x-ms-enum": {
"name": "SecurityTypes",
Expand Down Expand Up @@ -13351,6 +13387,10 @@
"diskEncryptionSet": {
"$ref": "#/definitions/DiskEncryptionSetParameters",
"description": "Specifies the customer managed disk encryption set resource id for the managed disk."
},
"securityProfile": {
"$ref": "#/definitions/VMDiskSecurityProfile",
"description": "Specifies the security profile for the managed disk."
}
},
"description": "Describes the parameters of a ScaleSet managed disk."
Expand Down
245 changes: 245 additions & 0 deletions ...ute/stable/2021-11-01/examples/compute/CreateAScaleSetWithSecurityTypeConfidentialVM.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,245 @@
{
"parameters": {
"subscriptionId": "{subscription-id}",
"resourceGroupName": "myResourceGroup",
"vmScaleSetName": "{vmss-name}",
"api-version": "2021-11-01",
"parameters": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_DC2as_v5"
},
"properties": {
"overprovision": true,
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "windows-cvm",
"publisher": "MicrosoftWindowsServer",
"version": "17763.2183.2109130127",
"offer": "2019-datacenter-cvm"
},
"osDisk": {
"caching": "ReadOnly",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"securityProfile": {
"securityEncryptionType": "VMGuestStateOnly"
}
},
"createOption": "FromImage"
}
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "ConfidentialVM"
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"adminPassword": "{your-password}"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"
}
}
}
]
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
}
},
"location": "westus"
}
},
"responses": {
"200": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_DC2as_v5"
},
"name": "{vmss-name}",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "b9e23088-6ffc-46e0-9e02-b0a6eeef47db",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "windows-cvm",
"publisher": "MicrosoftWindowsServer",
"version": "17763.2183.2109130127",
"offer": "2019-datacenter-cvm"
},
"osDisk": {
"caching": "ReadOnly",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"securityProfile": {
"securityEncryptionType": "VMGuestStateOnly"
}
},
"createOption": "FromImage"
}
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "ConfidentialVM"
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus"
}
},
"201": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_DC2as_v5"
},
"name": "{vmss-name}",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "b9e23088-6ffc-46e0-9e02-b0a6eeef47db",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "windows-cvm",
"publisher": "MicrosoftWindowsServer",
"version": "17763.2183.2109130127",
"offer": "2019-datacenter-cvm"
},
"osDisk": {
"caching": "ReadOnly",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"securityProfile": {
"securityEncryptionType": "VMGuestStateOnly"
}
},
"createOption": "FromImage"
}
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "ConfidentialVM"
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus"
}
}
}
}
Loading

0 comments on commit cedd64f

Please sign in to comment.