Skip to content

Commit 3155706

Browse files
authored
[Compute] az vm/vmss create: Install guest attestation extension when security type set to ConfidentialVM (#30690)
1 parent 5422d0f commit 3155706

File tree

1 file changed

+8
-4
lines changed
  • src/azure-cli/azure/cli/command_modules/vm

1 file changed

+8
-4
lines changed

src/azure-cli/azure/cli/command_modules/vm/custom.py

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1141,7 +1141,8 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_
11411141
# Guest Attestation Extension and enable System Assigned MSI by default
11421142
is_trusted_launch = security_type and security_type.lower() == 'trustedlaunch' and\
11431143
enable_vtpm and enable_secure_boot
1144-
if is_trusted_launch and enable_integrity_monitoring:
1144+
is_confidential_vm = security_type and security_type.lower() == 'confidentialvm'
1145+
if (is_trusted_launch or is_confidential_vm) and enable_integrity_monitoring:
11451146
vm = get_vm(cmd, resource_group_name, vm_name, 'instanceView')
11461147
client = _compute_client_factory(cmd.cli_ctx)
11471148
if vm.storage_profile.os_disk.os_type == 'Linux':
@@ -1164,7 +1165,8 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_
11641165
logger.info('Guest Attestation Extension has been successfully installed by default '
11651166
'when Trusted Launch configuration is met')
11661167
except Exception as e:
1167-
logger.error('Failed to install Guest Attestation Extension for Trusted Launch. %s', e)
1168+
error_type = "Trusted Launch" if is_trusted_launch else "Confidential VM"
1169+
logger.error('Failed to install Guest Attestation Extension for %s. %s', error_type, e)
11681170
if count:
11691171
vm_names = [vm_name + str(i) for i in range(count)]
11701172
else:
@@ -3619,7 +3621,8 @@ def _get_public_ip_address_allocation(value, sku):
36193621
# Guest Attestation Extension and enable System Assigned MSI by default
36203622
is_trusted_launch = security_type and security_type.lower() == 'trustedlaunch' and\
36213623
enable_vtpm and enable_secure_boot
3622-
if is_trusted_launch and enable_integrity_monitoring:
3624+
is_confidential_vm = security_type and security_type.lower() == 'confidentialvm'
3625+
if (is_trusted_launch or is_confidential_vm) and enable_integrity_monitoring:
36233626
client = _compute_client_factory(cmd.cli_ctx)
36243627
vmss = client.virtual_machine_scale_sets.get(resource_group_name, vmss_name)
36253628
vmss.virtual_machine_profile.storage_profile.image_reference = None
@@ -3652,7 +3655,8 @@ def _get_public_ip_address_allocation(value, sku):
36523655
LongRunningOperation(cmd.cli_ctx)(client.virtual_machine_scale_sets.begin_update_instances(
36533656
resource_group_name, vmss_name, instance_ids))
36543657
except Exception as e:
3655-
logger.error('Failed to install Guest Attestation Extension for Trusted Launch. %s', e)
3658+
error_type = "Trusted Launch" if is_trusted_launch else "Confidential VM"
3659+
logger.error('Failed to install Guest Attestation Extension for %s. %s', error_type, e)
36563660

36573661
return deployment_result
36583662

0 commit comments

Comments
 (0)