[PSCmdAssistant] New-AzVM and Vmss default image to Win2022AzureEdition when user explicitly sets SecurityType to Standard (#24773)

* generated code

* dev, test, and changelog

* simplifying to just feature ask

* fixed null errors

* cleanup

* remove brk msg

Author: Sandido

src/Compute/Compute.Test/ScenarioTests/VirtualMachineScaleSetTests.cs

@@ -416,5 +416,12 @@ public void TestVirtualMachineScaleSetSecurityTypeNoVMProfile()
         {
             TestRunner.RunTestScript("Test-VirtualMachineScaleSetSecurityTypeNoVMProfile");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestVirtualMachineScaleSetDefaultImgWhenStandard()
+        {
+            TestRunner.RunTestScript("Test-VirtualMachineScaleSetDefaultImgWhenStandard");
+        }
     }
 }

src/Compute/Compute.Test/ScenarioTests/VirtualMachineScaleSetTests.ps1

@@ -5271,4 +5271,45 @@ function Test-VirtualMachineScaleSetSecurityTypeAndFlexDefaults
         # Cleanup
         Clean-ResourceGroup $rgname;
     }
+}
+
+<#
+.SYNOPSIS
+Test Virtual Machine Scale Set with explicit Standard securityType.
+Ensures the SecurityProfile is null, and with no other img info,
+defaults to Win2022AE image.
+#>
+function Test-VirtualMachineScaleSetDefaultImgWhenStandard
+{
+    # Setup
+    $rgname = Get-ComputeTestResourceName;
+    $loc = Get-ComputeVMLocation;
+
+    try
+    {
+        # Common
+        New-AzResourceGroup -Name $rgname -Location $loc -Force;
+
+        $vmssName = 'vs' + $rgname;
+
+        $domainNameLabel1 = "d1" + $rgname;
+        $enable = $true;
+        $securityTypeST = "Standard";
+        $adminUsername = Get-ComputeTestResourceName;
+        $password = Get-PasswordForVM;
+        $adminPassword = $password | ConvertTo-SecureString -AsPlainText -Force;
+        $cred = New-Object System.Management.Automation.PSCredential ($adminUsername, $adminPassword);
+
+        # Requirements for the TrustedLaunch default behavior.
+        $vmss = New-AzVmss -ResourceGroupName $rgname -Credential $cred -VMScaleSetName $vmssName -SecurityType $securityTypeST -DomainNameLabel $domainNameLabel1;
+        
+        Assert-AreEqual $vmss.OrchestrationMode "Flexible";
+        Assert-Null $vmss.SecurityProfile;
+        Assert-AreEqual $vmss.VirtualMachineProfile.StorageProfile.ImageReference.Sku "2022-datacenter-azure-edition";
+    }
+    finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname;
+    }
 }

src/Compute/Compute.Test/ScenarioTests/VirtualMachineTests.cs

@@ -641,5 +641,12 @@ public void TestCapacityReservationSharingProfile()
             TestRunner.RunTestScript("Test-CapacityReservationSharingProfile");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.LiveOnly)]
+        public void TestVMDefaultsToTrustedLaunchImgWhenStnd()
+        {
+            TestRunner.RunTestScript("Test-VMDefaultsToTrustedLaunchImgWhenStnd");
+        }
+
     }
 }

src/Compute/Compute.Test/ScenarioTests/VirtualMachineTests.ps1

@@ -7488,3 +7488,48 @@ function Test-CapacityReservationSharingProfile
         Clean-ResourceGroup $rgname;
     }
 }
+
+<#
+.SYNOPSIS
+Test Virtual Machines with explicit Standard securityType.
+Ensures the SecurityProfile is null, and with no other img info,
+defaults to Win2022AE image.
+#>
+function Test-VMDefaultsToTrustedLaunchImgWhenStnd
+{
+    # Setup
+    $rgname = Get-ComputeTestResourceName;
+    $loc = Get-ComputeVMLocation;
+
+    try
+    {
+        New-AzResourceGroup -Name $rgname -Location $loc -Force;
+        # SimpleParameterSet, no config, scenario.
+        # create credential 
+        $password = Get-PasswordForVM;
+        $user = Get-ComputeTestResourceName;
+        $securePassword = $password | ConvertTo-SecureString -AsPlainText -Force;  
+        $cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
+
+        # Add one VM from creation 
+        $vmname = 'vm' + $rgname;
+        $domainNameLabel = "d1" + $rgname;
+        $securityTypeST = "Standard";
+        $SKU = "2022-datacenter-azure-edition";
+        $disable = $false;
+        $enable = $true;
+
+        $vm = New-AzVM -ResourceGroupName $rgname -Name $vmname -Credential $cred -SecurityType $securityTypeST -DomainNameLabel $domainNameLabel; 
+
+        $vm = Get-AzVm -ResourceGroupName $rgname -Name $vmname;
+
+        # Validate
+        Assert-AreEqual $vm.StorageProfile.ImageReference.Sku $SKU;
+        Assert-Null $vm.SecurityProfile;
+    }
+    finally 
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname;
+    }
+}

src/Compute/Compute.Test/SessionRecords/Microsoft.Azure.Commands.Compute.Test.ScenarioTests.VirtualMachineScaleSetTests/TestVirtualMachineScaleSetDefaultImgWhenStandard.json

@@ -25,10 +25,13 @@
 * Added `Etag` property to PSVirtualMachine and PSVirtualMachineScaleSet objects.   
 * Added parameters `-IfMatch` and `-IfNoneMatch` to `Update-AzVM`, `Update-AzVmss`, `New-AzVm`, `New-AzVmss`, `New-AzVmConfig`, and `New-AzVmssConfig` cmdlets.
 * Resolved the bug with `New-AzVMConfig` for `-CommunityGalleryImageId` and `-SharedGalleryImageId` parameters.
+* [Breaking Change] Added ValidateNotNullOrEmpty for `-ResourceGroupName` and `-VMScaleSetName` parameters to `Get-AzVmss` cmdlet. [#20095]
+* [Breaking Change] Added new business logic to `New-AzVmss` and `New-AzVM` cmdlets. When the user explicitly sets the `SecurityType` to `Standard`, the Image alias defaults to `Win2022AzureEdition` to make future migrations to Trusted Launch easier.
 
 ## Version 7.3.0
 * Added cmdlet `Invoke-AzSpotPlacementRecommender`.
 * Fixed `Update-AzCapacityReservationGroup` to remove Subscriptions from SharingProfile.
+* Added new optional parameter `SecureVMGuestStateSAS` to cmdlet `Grant-AzDiskAccess`.
 
 ## Version 7.2.0
 * Added parameters `-scriptUriManagedIdentity`, `-outputBlobManagedIdentity`, `-errorBlobMangedIdentity`, and `-TreatFailureAsDeploymentFailure` to cmdlets `Set-AzVmRunCommand` and `Set-AzVmssRunCommand`. 

src/Compute/Compute.Test/SessionRecords/Microsoft.Azure.Commands.Compute.Test.ScenarioTests.VirtualMachineTests/TestVMDefaultsToTrustedLaunchImgWhenStnd.json

@@ -92,6 +92,7 @@ public static class ValidateSetValues
 
     public static class ConstantValues
     {
+        public const string DefaultVMandVMSSImage = "Win2016Datacenter";
         public const string StandardSecurityType = "standard";
         public const string TrustedLaunchSecurityType = "trustedlaunch";
         public const string ConfidentialVMSecurityType = "confidentialvm";

src/Compute/Compute/ChangeLog.md

@@ -74,16 +74,21 @@ public override void ExecuteCmdlet()
                             {
                                 // TL defaulting for default param set, config object.
                                 // if security type not set, 
-                                // if parameters.VirtualMachineProfile.StorageProfile.ImageReference.SharedGalleryImageId == null
-                                // if parameters.VirtualMachineProfile.StorageProfile.ImageReference.Id == null
-                                // if parameters.VirtualMachineProfile.StorageProfile.OsDisk == null
+
                                 if (this.VirtualMachineScaleSet.VirtualMachineProfile?.SecurityProfile?.SecurityType == null
                                     && this.VirtualMachineScaleSet.VirtualMachineProfile?.StorageProfile?.ImageReference == null
                                     && this.VirtualMachineScaleSet.VirtualMachineProfile?.StorageProfile?.OsDisk == null)
                                 {
                                     trustedLaunchDefaultingSecurityValues();
                                     trustedLaunchDefaultingImageValues();
                                 }
+                                // if securityType is Standard explicitly.
+                                else if (this.VirtualMachineScaleSet.VirtualMachineProfile?.SecurityProfile?.SecurityType?.ToLower() == ConstantValues.StandardSecurityType
+                                    && this.VirtualMachineScaleSet.VirtualMachineProfile?.StorageProfile?.ImageReference == null
+                                    && this.VirtualMachineScaleSet.VirtualMachineProfile?.StorageProfile?.OsDisk == null)
+                                {
+                                    this.ImageName = ConstantValues.TrustedLaunchDefaultImageAlias;
+                                }
 
                                 if (this.VirtualMachineScaleSet.VirtualMachineProfile?.SecurityProfile?.SecurityType == null
                                     //&& this.VirtualMachineScaleSet.VirtualMachineProfile?.StorageProfile?.OsDisk == null//had to remove this as it has the FromImage value from set-azvmssstorageprofile call
@@ -97,6 +102,7 @@ public override void ExecuteCmdlet()
                                     specificImageRespone = retrieveSpecificImageFromNotId();
                                     setHyperVGenForImageCheckAndTLDefaulting(specificImageRespone);
                                 }
+
                             }
 
                             string resourceGroupName = this.ResourceGroupName;
@@ -132,6 +138,7 @@ public override void ExecuteCmdlet()
                                 }
                             }
 
+
                             // For Cross-tenant RBAC sharing
                             Dictionary<string, List<string>> auxAuthHeader = null;
                             if (!string.IsNullOrEmpty(parameters.VirtualMachineProfile?.StorageProfile?.ImageReference?.Id))

src/Compute/Compute/Common/ConstantStringTypes.cs

@@ -34,7 +34,6 @@
 
 namespace Microsoft.Azure.Commands.Compute.Automation
 {
-    [GenericBreakingChangeWithVersionAttribute("Starting in May 2024 the \"New-AzVmss\" cmdlet will deploy with the image 'Windows Server 2022 Azure Edition' by default. This will make migrating to Trusted Launch easier in the future. To know more about Trusted Launch, please visit https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch", "12.0.0", "8.0.0")]
     public partial class NewAzureRmVmss : ComputeAutomationBaseCmdlet
     {
         private const string flexibleOrchestrationMode = "Flexible", uniformOrchestrationMode = "Uniform";
@@ -59,7 +58,7 @@ public partial class NewAzureRmVmss : ComputeAutomationBaseCmdlet
             "Win2012R2Datacenter", 
             "Win2012Datacenter")]
         [Alias("Image")]
-        public string ImageName { get; set; } = "Win2016Datacenter";
+        public string ImageName { get; set; } = ConstantValues.DefaultVMandVMSSImage;
 
         [Parameter(ParameterSetName = SimpleParameterSet, Mandatory = true)]
         public PSCredential Credential { get; set; }
@@ -542,15 +541,20 @@ private async Task<ResourceConfig<VirtualMachineScaleSet>> SimpleParameterSetOrc
                 {
                     if (_cmdlet.SecurityType?.ToLower() == ConstantValues.TrustedLaunchSecurityType || _cmdlet.SecurityType?.ToLower() == ConstantValues.ConfidentialVMSecurityType)
                     {
-                        _cmdlet.SecurityType = _cmdlet.SecurityType;
                         _cmdlet.EnableVtpm = _cmdlet.EnableVtpm ?? true;
                         _cmdlet.EnableSecureBoot = _cmdlet.EnableSecureBoot ?? true;
                     }
                     else if (_cmdlet.SecurityType?.ToLower() == ConstantValues.StandardSecurityType)
                     {
-                        _cmdlet.SecurityType = _cmdlet.SecurityType;
+                        // default the imagereference or image parameter to Win2022AzureEdition img.
+                        if (!_cmdlet.IsParameterBound(c => c.ImageName) && !_cmdlet.IsParameterBound(c => c.ImageReferenceId)
+                        && !_cmdlet.IsParameterBound(c => c.SharedGalleryImageId))
+                        {
+                            _cmdlet.ImageName = ConstantValues.TrustedLaunchDefaultImageAlias;
+                        }
                     }
                 }
+
                 _cmdlet.NatBackendPort = ImageAndOsType.UpdatePorts(_cmdlet.NatBackendPort);
 
                 var networkSecurityGroup = noZones
@@ -654,7 +658,8 @@ async Task SimpleParameterSetExecuteCmdlet(IAsyncCmdlet asyncCmdlet)
                 && !this.IsParameterBound(c => c.SharedGalleryImageId))
             {
                 this.SecurityType = ConstantValues.TrustedLaunchSecurityType;
-                if (!this.IsParameterBound(c => c.ImageName) && !this.IsParameterBound(c => c.ImageReferenceId) && !this.IsParameterBound(c => c.SharedGalleryImageId))
+                if (!this.IsParameterBound(c => c.ImageName) && !this.IsParameterBound(c => c.ImageReferenceId) 
+                    && !this.IsParameterBound(c => c.SharedGalleryImageId))
                 {
                     this.ImageName = ConstantValues.TrustedLaunchDefaultImageAlias;
                 }
@@ -667,11 +672,20 @@ async Task SimpleParameterSetExecuteCmdlet(IAsyncCmdlet asyncCmdlet)
                     this.EnableVtpm = true;
                 }
             }
-            
+            // default Win2022AzureEdition img for explicitly set Standard.
+            // handles when default img was set for ImageName parameter.
+            if (this.IsParameterBound(c => c.SecurityType)
+                && this.SecurityType?.ToLower() == ConstantValues.StandardSecurityType
+                && !this.IsParameterBound(c => c.ImageName)
+                && !this.IsParameterBound(c => c.ImageReferenceId)
+                && !this.IsParameterBound(c => c.SharedGalleryImageId))
+            {
+                this.ImageName = ConstantValues.TrustedLaunchDefaultImageAlias;
+            }
+
             // API does not currently support Standard securityType value, so need to null it out here. 
             if (this.IsParameterBound(c => c.SecurityType)
-                && this.SecurityType != null
-                && this.SecurityType.ToString().ToLower() == ConstantValues.StandardSecurityType)
+                && this.SecurityType?.ToLower() == ConstantValues.StandardSecurityType)
             {
                 this.SecurityType = null;
             }
@@ -681,7 +695,6 @@ async Task SimpleParameterSetExecuteCmdlet(IAsyncCmdlet asyncCmdlet)
             {
                 if (this.SecurityType?.ToLower() == ConstantValues.TrustedLaunchSecurityType || this.SecurityType?.ToLower() == ConstantValues.ConfidentialVMSecurityType)
                 {
-                    this.SecurityType = this.SecurityType;
                     this.EnableVtpm = this.EnableVtpm ?? true;
                     this.EnableSecureBoot = this.EnableSecureBoot ?? true;
                 }