From ce12275e8ec3db9062eaa108712a8342fe106855 Mon Sep 17 00:00:00 2001 From: Yan Zhu Date: Wed, 22 Jan 2025 10:21:16 +0800 Subject: [PATCH 1/2] add support for confidentialvm --- src/azure-cli/azure/cli/command_modules/vm/custom.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/vm/custom.py b/src/azure-cli/azure/cli/command_modules/vm/custom.py index 539e4799316..74e69160064 100644 --- a/src/azure-cli/azure/cli/command_modules/vm/custom.py +++ b/src/azure-cli/azure/cli/command_modules/vm/custom.py @@ -1141,7 +1141,8 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_ # Guest Attestation Extension and enable System Assigned MSI by default is_trusted_launch = security_type and security_type.lower() == 'trustedlaunch' and\ enable_vtpm and enable_secure_boot - if is_trusted_launch and enable_integrity_monitoring: + is_confidential_vm = security_type and security_type.lower() == 'confidentialvm' + if (is_trusted_launch or is_confidential_vm) and enable_integrity_monitoring: vm = get_vm(cmd, resource_group_name, vm_name, 'instanceView') client = _compute_client_factory(cmd.cli_ctx) if vm.storage_profile.os_disk.os_type == 'Linux': @@ -3618,7 +3619,8 @@ def _get_public_ip_address_allocation(value, sku): # Guest Attestation Extension and enable System Assigned MSI by default is_trusted_launch = security_type and security_type.lower() == 'trustedlaunch' and\ enable_vtpm and enable_secure_boot - if is_trusted_launch and enable_integrity_monitoring: + is_confidential_vm = security_type and security_type.lower() == 'confidentialvm' + if (is_trusted_launch or is_confidential_vm) and enable_integrity_monitoring: client = _compute_client_factory(cmd.cli_ctx) vmss = client.virtual_machine_scale_sets.get(resource_group_name, vmss_name) vmss.virtual_machine_profile.storage_profile.image_reference = None From a09d9c0c5384df84fca806bb5ed397db476d6a8b Mon Sep 17 00:00:00 2001 From: Yan Zhu Date: Wed, 22 Jan 2025 17:23:19 +0800 Subject: [PATCH 2/2] refine error message --- src/azure-cli/azure/cli/command_modules/vm/custom.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/vm/custom.py b/src/azure-cli/azure/cli/command_modules/vm/custom.py index 74e69160064..e52153cf435 100644 --- a/src/azure-cli/azure/cli/command_modules/vm/custom.py +++ b/src/azure-cli/azure/cli/command_modules/vm/custom.py @@ -1165,7 +1165,8 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_ logger.info('Guest Attestation Extension has been successfully installed by default ' 'when Trusted Launch configuration is met') except Exception as e: - logger.error('Failed to install Guest Attestation Extension for Trusted Launch. %s', e) + error_type = "Trusted Launch" if is_trusted_launch else "Confidential VM" + logger.error('Failed to install Guest Attestation Extension for %s. %s', error_type, e) if count: vm_names = [vm_name + str(i) for i in range(count)] else: @@ -3653,7 +3654,8 @@ def _get_public_ip_address_allocation(value, sku): LongRunningOperation(cmd.cli_ctx)(client.virtual_machine_scale_sets.begin_update_instances( resource_group_name, vmss_name, instance_ids)) except Exception as e: - logger.error('Failed to install Guest Attestation Extension for Trusted Launch. %s', e) + error_type = "Trusted Launch" if is_trusted_launch else "Confidential VM" + logger.error('Failed to install Guest Attestation Extension for %s. %s', error_type, e) return deployment_result