Skip to content

[Compute] az vm create/update: Add new parameters --wire-server-mode --wire-server-access-control-profile-reference-id to support setting wireserver endpoint settings #31279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zhoxing-ms merged 2 commits into from
Apr 18, 2025
Merged

[Compute] az vm create/update: Add new parameters --wire-server-mode --wire-server-access-control-profile-reference-id to support setting wireserver endpoint settings #31279

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9f34000
metadata
Jing-song Apr 15, 2025
47ef258
Update custom.py
Jing-song Apr 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/azure-cli/azure/cli/command_modules/vm/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,7 @@ def load_arguments(self, _):
c.argument('enable_user_reboot_scheduled_events', options_list=['--enable-user-reboot-scheduled-events', '--enable-reboot'], arg_type=get_three_state_flag(), min_api='2024-07-01', help='The configuration parameter used while publishing scheduled events additional publishing targets.')
c.argument('enable_user_redeploy_scheduled_events', options_list=['--enable-user-redeploy-scheduled-events', '--enable-redeploy'], arg_type=get_three_state_flag(), min_api='2024-07-01', help='The configuration parameter used while creating user initiated redeploy scheduled event setting creation.')
c.argument('align_regional_disks_to_vm_zone', options_list=['--align-regional-disks-to-vm-zone', '--align-regional-disks'], arg_type=get_three_state_flag(), min_api='2024-11-01', help='Specify whether the regional disks should be aligned/moved to the VM zone. This is applicable only for VMs with placement property set. Please note that this change is irreversible.')
c.argument('key_incarnation_id', type=int, min_api='2024-11-01', help='Increase the value of this property allows user to reset the key used for securing communication channel between guest and host.')

with self.argument_context('vm create', arg_group='Storage') as c:
c.argument('attach_os_disk', help='Attach an existing OS disk to the VM. Can use the name or ID of a managed disk or the URI to an unmanaged disk VHD.')
Expand Down Expand Up @@ -1251,7 +1252,11 @@ def load_arguments(self, _):
c.argument('v_cpus_per_core', type=int, min_api='2021-11-01', help='Specify the ratio of vCPU to physical core. Setting this property to 1 also means that hyper-threading is disabled.')
c.argument('disk_controller_type', disk_controller_type)
c.argument('enable_proxy_agent', arg_type=get_three_state_flag(), min_api='2023-09-01', help='Specify whether proxy agent feature should be enabled on the virtual machine or virtual machine scale set.')
c.argument('proxy_agent_mode', arg_type=get_enum_type(self.get_models('Mode')), min_api='2023-09-01', help='Specify the mode that proxy agent will execute on if the feature is enabled.')
c.argument('proxy_agent_mode', deprecate_info=c.deprecate(target='--proxy-agent-mode', redirect='--wire-server-mode'), arg_type=get_enum_type(self.get_models('Mode')), min_api='2023-09-01', help='Specify the mode that proxy agent will execute on if the feature is enabled.')
c.argument('wire_server_mode', arg_type=get_enum_type(self.get_models('Mode')), min_api='2024-11-01', help='Specify the mode that proxy agent will execute on if the feature is enabled.')
c.argument('wire_server_access_control_profile_reference_id', options_list=['--wire-server-access-control-profile-reference-id', '--wire-server-profile-id'], min_api='2024-11-01', help='Specify the access control profile version resource id of wire server.')
c.argument('imds_mode', arg_type=get_enum_type(self.get_models('Mode')), min_api='2024-11-01', help='Specify the mode that proxy agent will execute on if the feature is enabled.')
c.argument('imds_access_control_profile_reference_id', options_list=['--imds-access-control-profile-reference-id', '--imds-profile-id'], min_api='2024-11-01', help='Specify the access control profile version resource id resource id of imds.')

with self.argument_context('vm update') as c:
c.argument('license_type', license_type)
Expand Down
43 changes: 41 additions & 2 deletions src/azure-cli/azure/cli/command_modules/vm/_template_builder.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,9 @@ def build_vm_resource( # pylint: disable=too-many-locals, too-many-statements,
os_disk_security_encryption_type=None, os_disk_secure_vm_disk_encryption_set=None, disk_controller_type=None,
enable_proxy_agent=None, proxy_agent_mode=None, additional_scheduled_events=None,
enable_user_reboot_scheduled_events=None, enable_user_redeploy_scheduled_events=None,
zone_placement_policy=None, include_zones=None, exclude_zones=None, align_regional_disks_to_vm_zone=None):
zone_placement_policy=None, include_zones=None, exclude_zones=None, align_regional_disks_to_vm_zone=None,
wire_server_mode=None, imds_mode=None, wire_server_access_control_profile_reference_id=None,
imds_access_control_profile_reference_id=None, key_incarnation_id=None):

os_caching = disk_info['os'].get('caching')

Expand Down Expand Up @@ -668,12 +670,31 @@ def _build_storage_profile():
vm_properties['securityProfile']['encryptionAtHost'] = encryption_at_host

proxy_agent_settings = {}
wire_server = {}
imds = {}
if enable_proxy_agent is not None:
proxy_agent_settings['enabled'] = enable_proxy_agent

if proxy_agent_mode is not None:
proxy_agent_settings['mode'] = proxy_agent_mode

if key_incarnation_id is not None:
proxy_agent_settings['keyIncarnationId'] = key_incarnation_id

if wire_server_mode is not None or wire_server_access_control_profile_reference_id is not None:
wire_server['mode'] = wire_server_mode
wire_server['inVMAccessControlProfileReferenceId'] = wire_server_access_control_profile_reference_id

if imds_mode is not None or imds_access_control_profile_reference_id is not None:
imds['mode'] = imds_mode
imds['inVMAccessControlProfileReferenceId'] = imds_access_control_profile_reference_id

if wire_server:
proxy_agent_settings['wireServer'] = wire_server

if imds:
proxy_agent_settings['imds'] = imds

if proxy_agent_settings:
vm_properties['securityProfile']['proxyAgentSettings'] = proxy_agent_settings

Expand Down Expand Up @@ -1019,7 +1040,9 @@ def build_vmss_resource(cmd, name, computer_name_prefix, location, tags, overpro
enable_resilient_vm_creation=None, enable_resilient_vm_deletion=None,
additional_scheduled_events=None, enable_user_reboot_scheduled_events=None,
enable_user_redeploy_scheduled_events=None, skuprofile_vmsizes=None, skuprofile_allostrat=None,
security_posture_reference_is_overridable=None, zone_balance=None):
security_posture_reference_is_overridable=None, zone_balance=None, wire_server_mode=None,
imds_mode=None, wire_server_access_control_profile_reference_id=None,
imds_access_control_profile_reference_id=None):

# Build IP configuration
ip_configuration = {}
Expand Down Expand Up @@ -1533,12 +1556,28 @@ def build_vmss_resource(cmd, name, computer_name_prefix, location, tags, overpro
}

proxy_agent_settings = {}
wire_server = {}
imds = {}
if enable_proxy_agent is not None:
proxy_agent_settings['enabled'] = enable_proxy_agent

if proxy_agent_mode is not None:
proxy_agent_settings['mode'] = proxy_agent_mode

if wire_server_mode is not None or wire_server_access_control_profile_reference_id is not None:
wire_server['mode'] = wire_server_mode
wire_server['inVMAccessControlProfileReferenceId'] = wire_server_access_control_profile_reference_id

if imds_mode is not None or imds_access_control_profile_reference_id is not None:
imds['mode'] = imds_mode
imds['inVMAccessControlProfileReferenceId'] = imds_access_control_profile_reference_id

if wire_server:
proxy_agent_settings['wireServer'] = wire_server

if imds:
proxy_agent_settings['imds'] = imds

if proxy_agent_settings:
security_profile['proxyAgentSettings'] = proxy_agent_settings

Expand Down
81 changes: 65 additions & 16 deletions src/azure-cli/azure/cli/command_modules/vm/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -826,7 +826,9 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_
source_disk_restore_point=None, source_disk_restore_point_size_gb=None, ssh_key_type=None,
additional_scheduled_events=None, enable_user_reboot_scheduled_events=None,
enable_user_redeploy_scheduled_events=None, zone_placement_policy=None, include_zones=None,
exclude_zones=None, align_regional_disks_to_vm_zone=None):
exclude_zones=None, align_regional_disks_to_vm_zone=None, wire_server_mode=None, imds_mode=None,
wire_server_access_control_profile_reference_id=None, imds_access_control_profile_reference_id=None,
key_incarnation_id=None):

from azure.cli.core.commands.client_factory import get_subscription_id
from azure.cli.core.util import random_string, hash_string
Expand Down Expand Up @@ -1052,7 +1054,11 @@ def create_vm(cmd, vm_name, resource_group_name, image=None, size='Standard_DS1_
enable_user_reboot_scheduled_events=enable_user_reboot_scheduled_events,
enable_user_redeploy_scheduled_events=enable_user_redeploy_scheduled_events,
zone_placement_policy=zone_placement_policy, include_zones=include_zones, exclude_zones=exclude_zones,
align_regional_disks_to_vm_zone=align_regional_disks_to_vm_zone)
align_regional_disks_to_vm_zone=align_regional_disks_to_vm_zone, wire_server_mode=wire_server_mode,
imds_mode=imds_mode,
wire_server_access_control_profile_reference_id=wire_server_access_control_profile_reference_id,
imds_access_control_profile_reference_id=imds_access_control_profile_reference_id,
key_incarnation_id=key_incarnation_id)

vm_resource['dependsOn'] = vm_dependencies

Expand Down Expand Up @@ -1581,7 +1587,9 @@ def update_vm(cmd, resource_group_name, vm_name, os_disk=None, disk_caching=None
enable_hibernation=None, v_cpus_available=None, v_cpus_per_core=None, disk_controller_type=None,
security_type=None, enable_proxy_agent=None, proxy_agent_mode=None, additional_scheduled_events=None,
enable_user_reboot_scheduled_events=None, enable_user_redeploy_scheduled_events=None,
align_regional_disks_to_vm_zone=None, **kwargs):
align_regional_disks_to_vm_zone=None, wire_server_mode=None, imds_mode=None,
wire_server_access_control_profile_reference_id=None, imds_access_control_profile_reference_id=None,
key_incarnation_id=None, **kwargs):
from azure.mgmt.core.tools import parse_resource_id, resource_id, is_valid_resource_id
from ._vm_utils import update_write_accelerator_settings, update_disk_caching
SecurityProfile, UefiSettings = cmd.get_models('SecurityProfile', 'UefiSettings')
Expand Down Expand Up @@ -1704,18 +1712,37 @@ def update_vm(cmd, resource_group_name, vm_name, os_disk=None, disk_caching=None
vm.security_profile.uefi_settings = UefiSettings(secure_boot_enabled=enable_secure_boot,
v_tpm_enabled=enable_vtpm)

if enable_proxy_agent is not None or proxy_agent_mode is not None:
proxy_agent_parameters = [
enable_proxy_agent, wire_server_mode, imds_mode, key_incarnation_id,
wire_server_access_control_profile_reference_id, imds_access_control_profile_reference_id
]
if any(parameter is not None for parameter in proxy_agent_parameters):
ProxyAgentSettings = cmd.get_models('ProxyAgentSettings')
HostEndpointSettings = cmd.get_models('HostEndpointSettings')
wire_server = HostEndpointSettings(
mode=wire_server_mode,
in_vm_access_control_profile_reference_id=wire_server_access_control_profile_reference_id
)
imds = HostEndpointSettings(
mode=imds_mode,
in_vm_access_control_profile_reference_id=imds_access_control_profile_reference_id
)
if vm.security_profile is None:
vm.security_profile = SecurityProfile()
vm.security_profile.proxy_agent_settings = ProxyAgentSettings(enabled=enable_proxy_agent,
mode=proxy_agent_mode)
vm.security_profile.proxy_agent_settings = ProxyAgentSettings(
enabled=enable_proxy_agent, key_incarnation_id=key_incarnation_id, wire_server=wire_server, imds=imds)
elif vm.security_profile.proxy_agent_settings is None:
vm.security_profile.proxy_agent_settings = ProxyAgentSettings(enabled=enable_proxy_agent,
mode=proxy_agent_mode)
vm.security_profile.proxy_agent_settings = ProxyAgentSettings(
enabled=enable_proxy_agent, key_incarnation_id=key_incarnation_id, wire_server=wire_server, imds=imds)
else:
vm.security_profile.proxy_agent_settings.enabled = enable_proxy_agent
vm.security_profile.proxy_agent_settings.mode = proxy_agent_mode
vm.security_profile.proxy_agent_settings.key_incarnation_id = key_incarnation_id
vm.security_profile.proxy_agent_settings.wire_server.mode = wire_server_mode
vm.security_profile.proxy_agent_settings.wire_server.in_vm_access_control_profile_reference_id = \
wire_server_access_control_profile_reference_id
vm.security_profile.proxy_agent_settings.imds.mode = imds_mode
vm.security_profile.proxy_agent_settings.imds.in_vm_access_control_profile_reference_id = \
imds_access_control_profile_reference_id

if workspace is not None:
workspace_id = _prepare_workspace(cmd, resource_group_name, workspace)
Expand Down Expand Up @@ -3193,7 +3220,9 @@ def create_vmss(cmd, vmss_name, resource_group_name, image=None,
enable_resilient_creation=None, enable_resilient_deletion=None,
additional_scheduled_events=None, enable_user_reboot_scheduled_events=None,
enable_user_redeploy_scheduled_events=None, skuprofile_vmsizes=None, skuprofile_allostrat=None,
security_posture_reference_is_overridable=None, zone_balance=None):
security_posture_reference_is_overridable=None, zone_balance=None, wire_server_mode=None,
imds_mode=None, wire_server_access_control_profile_reference_id=None,
imds_access_control_profile_reference_id=None):
from azure.cli.core.commands.client_factory import get_subscription_id
from azure.cli.core.util import random_string, hash_string
from azure.cli.core.commands.arm import ArmTemplateBuilder
Expand Down Expand Up @@ -3509,7 +3538,9 @@ def _get_public_ip_address_allocation(value, sku):
enable_user_redeploy_scheduled_events=enable_user_redeploy_scheduled_events,
skuprofile_vmsizes=skuprofile_vmsizes, skuprofile_allostrat=skuprofile_allostrat,
security_posture_reference_is_overridable=security_posture_reference_is_overridable,
zone_balance=zone_balance)
zone_balance=zone_balance, wire_server_mode=wire_server_mode, imds_mode=imds_mode,
wire_server_access_control_profile_reference_id=wire_server_access_control_profile_reference_id,
imds_access_control_profile_reference_id=imds_access_control_profile_reference_id)

vmss_resource['dependsOn'] = vmss_dependencies

Expand Down Expand Up @@ -3958,7 +3989,9 @@ def update_vmss(cmd, resource_group_name, name, license_type=None, no_wait=False
ephemeral_os_disk=None, ephemeral_os_disk_option=None, zones=None, additional_scheduled_events=None,
enable_user_reboot_scheduled_events=None, enable_user_redeploy_scheduled_events=None,
upgrade_policy_mode=None, enable_auto_os_upgrade=None, skuprofile_vmsizes=None,
skuprofile_allostrat=None, security_posture_reference_is_overridable=None, zone_balance=None, **kwargs):
skuprofile_allostrat=None, security_posture_reference_is_overridable=None, zone_balance=None,
wire_server_mode=None, imds_mode=None, wire_server_access_control_profile_reference_id=None,
imds_access_control_profile_reference_id=None, **kwargs):
vmss = kwargs['parameters']
aux_subscriptions = None
# pylint: disable=too-many-boolean-expressions
Expand Down Expand Up @@ -4121,19 +4154,35 @@ def update_vmss(cmd, resource_group_name, name, license_type=None, no_wait=False
'vTpmEnabled': enable_vtpm
}}

if enable_proxy_agent is not None or proxy_agent_mode is not None:
if enable_proxy_agent is not None or wire_server_mode is not None or imds_mode is not None or \
wire_server_access_control_profile_reference_id is not None or \
imds_access_control_profile_reference_id is not None:
SecurityProfile = cmd.get_models('SecurityProfile')
ProxyAgentSettings = cmd.get_models('ProxyAgentSettings')
HostEndpointSettings = cmd.get_models('HostEndpointSettings')
wire_server = HostEndpointSettings(
mode=wire_server_mode,
in_vm_access_control_profile_reference_id=wire_server_access_control_profile_reference_id
)
imds = HostEndpointSettings(
mode=imds_mode,
in_vm_access_control_profile_reference_id=imds_access_control_profile_reference_id
)
if vmss.virtual_machine_profile.security_profile is None:
vmss.virtual_machine_profile.security_profile = SecurityProfile()
vmss.virtual_machine_profile.security_profile.proxy_agent_settings = ProxyAgentSettings(
enabled=enable_proxy_agent, mode=proxy_agent_mode)
enabled=enable_proxy_agent, wire_server=wire_server, imds=imds)
elif vmss.virtual_machine_profile.security_profile.proxy_agent_settings is None:
vmss.virtual_machine_profile.security_profile.proxy_agent_settings = ProxyAgentSettings(
enabled=enable_proxy_agent, mode=proxy_agent_mode)
enabled=enable_proxy_agent, wire_server=wire_server, imds=imds)
else:
vmss.virtual_machine_profile.security_profile.proxy_agent_settings.enabled = enable_proxy_agent
vmss.virtual_machine_profile.security_profile.proxy_agent_settings.mode = proxy_agent_mode
vmss.virtual_machine_profile.security_profile.proxy_agent_settings.wire_server.mode = wire_server_mode
vmss.virtual_machine_profile.security_profile.proxy_agent_settings.wire_server. \
in_vm_access_control_profile_reference_id = wire_server_access_control_profile_reference_id
vmss.virtual_machine_profile.security_profile.proxy_agent_settings.imds.mode = imds_mode
vmss.virtual_machine_profile.security_profile.proxy_agent_settings.imds. \
in_vm_access_control_profile_reference_id = imds_access_control_profile_reference_id

if regular_priority_count is not None or regular_priority_percentage is not None:
if vmss.orchestration_mode != 'Flexible':
Expand Down
Loading