Make TrustedLaunch default in for VM and VMSS creation (#22974)

* dev and test

* vmss dev and test

* initial disk play

* disk defaulting dev and test

* test play for new vm managed disk scenario

* tl disk testing trying

* clean

* disk clean test good

* vm rerecorded tests raw success

* clean

* test

* trying managed disk vm scenario, vmss stuff too

* stuff

* vmss and vm tests

* 2 rerecorded tests

* tests so far

* fixing most tests, enabling stnd

* all compute tests fixed i think

* compute tests mostly fixed

* clean

* recovery services tests

* examples and disk standard parts and recoveryservices test fix

* changelog

* guestattestation removal

* removed disableintegritymonitoring parameter

* changelog clean

* Update BreakingChangeIssues.csv

trying to resolve breaking change error with suppression

* Update BreakingChangeIssues.csv

* example fix

* added back in guest attestation logic

* Update BreakingChangeIssues.csv

undo this

* put back guest attestation, fixed tests for that.

* Update VirtualMachineScaleSetCreateOrUpdateMethod.cs

* Update New-AzVM.md

* Update New-AzVmss.md

* rerecord tests

* fix ssh test

* vm test cleanup

* cleanups and error safety

* simplify based on comments. Match VM images with vmss images

* cleanup mostly

Author: Sandido

src/Compute/Compute.Test/ScenarioTests/AEMExtensionTests.ps1

@@ -1278,7 +1278,8 @@ function Create-AdvancedVM($rgname, $vmname, $loc, $vmsize, $stotype, $nicCount,
     {
         $zoneparams.Add("Zone", $zone)  
     }
-    $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize @zoneparams;
+    $stnd = "Standard";
+    $p = New-AzVMConfig -SecurityType $stnd -VMName $vmname -VMSize $vmsize @zoneparams;
     $nul = Assert-AreEqual $p.HardwareProfile.VmSize $vmsize;
 
     Write-Verbose "Start Create-AdvancedVM - Config done"

src/Compute/Compute.Test/ScenarioTests/AvailabilitySetTests.ps1

@@ -149,7 +149,8 @@ function Test-AvailabilitySetVM
         # VM Profile & Hardware
         $vmsize = 'Standard_DS1_v2';
         $vmname = 'vm' + $rgname;
-        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -AvailabilitySetId $aset.Id;
+        $stnd = "Standard";
+        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -SecurityType $stnd -AvailabilitySetId $aset.Id;
         Assert-AreEqual $p.HardwareProfile.VmSize $vmsize;
 
         # NRP

src/Compute/Compute.Test/ScenarioTests/AvailabilityZoneTests.ps1

@@ -59,8 +59,9 @@ function Test-VirtualMachineZone
         $securePassword = ConvertTo-SecureString $password -AsPlainText -Force;
         $cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
         $computerName = 'test';
+        $stnd = "Standard";
 
-        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -Zone "1" `
+        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -Zone "1" -SecurityType $stnd `
              | Add-AzVMNetworkInterface -Id $nicId -Primary `
              | Set-AzVMOperatingSystem -Windows -ComputerName $computerName -Credential $cred;
 

src/Compute/Compute.Test/ScenarioTests/ChefExtensionTests.ps1

@@ -35,7 +35,8 @@ function Test-SetChefExtensionBasic
         # VM Profile & Hardware
         $vmsize = 'Standard_A2';
         $vmname = 'vm' + $rgname;
-        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize;
+        $stnd = "Standard";
+        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -SecurityType $stnd;
         Assert-AreEqual $p.HardwareProfile.VmSize $vmsize;
 
         # NRP

src/Compute/Compute.Test/ScenarioTests/ComputeTestCommon.ps1

@@ -161,7 +161,8 @@ function Create-VirtualMachine
 
     # VM Profile & Hardware
     $vmsize = 'Standard_A2';
-    $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize;
+    $stnd = "Standard";
+    $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -SecurityType $stnd;
     Assert-AreEqual $p.HardwareProfile.VmSize $vmsize;
 
     # NRP
@@ -267,7 +268,8 @@ function Create-VirtualMachineNoDataDisks
 
     # VM Profile & Hardware
     $vmsize = 'Standard_D2S_V3';
-    $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize;
+    $stnd = "Standard";
+    $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -SecurityType $stnd;
     Assert-AreEqual $p.HardwareProfile.VmSize $vmsize;
 
     # NRP

src/Compute/Compute.Test/ScenarioTests/DedicatedHostTests.ps1

@@ -148,14 +148,15 @@ function Test-DedicatedHostVirtualMachine
         # VM Profile & Hardware
         $vmsize = 'Standard_E2s_v3';
         $vmname0 = 'v' + $rgname;
+        $stnd = "Standard";
 
         # Creating a VM using simple parameter set
         $username = "admin01"
         $password = Get-PasswordForVM | ConvertTo-SecureString -AsPlainText -Force
         $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
         [string]$domainNameLabel = "$vmname0-$vmname0".tolower();
 
-        New-AzVM -ResourceGroupName $rgname -Name $vmname0 -Credential $cred -Zone "2" -Size $vmsize -HostId $dedicatedHostId -DomainNameLabel $domainNameLabel;
+        New-AzVM -ResourceGroupName $rgname -Name $vmname0 -Credential $cred -Zone "2" -Size $vmsize -HostId $dedicatedHostId -DomainNameLabel $domainNameLabel -SecurityType $stnd;
         $vm0 = Get-AzVM -ResourceGroupName $rgname -Name $vmname0;
         Assert-AreEqual $dedicatedHostId $vm0.Host.Id;
 
@@ -177,7 +178,7 @@ function Test-DedicatedHostVirtualMachine
         $cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
         $computerName = 'test';
 
-        $p = New-AzVMConfig -VMName $vmname1 -VMSize $vmsize -Zone "2" -HostId $dedicatedHostId `
+        $p = New-AzVMConfig -VMName $vmname1 -VMSize $vmsize -Zone "2" -HostId $dedicatedHostId -SecurityType $stnd `
              | Add-AzVMNetworkInterface -Id $nicId -Primary `
              | Set-AzVMOperatingSystem -Windows -ComputerName $computerName -Credential $cred;
 

src/Compute/Compute.Test/ScenarioTests/DiagnosticsExtensionTests.ps1

@@ -238,6 +238,7 @@ function Test-VmssDiagnosticsExtension
 
         $adminUsername = 'Foo12';
         $adminPassword = Get-PasswordForVM;
+        $stnd = "Standard";
 
         $imgRef = Get-DefaultCRPImage -loc $loc;
         $vhdContainer = "https://" + $stoname + ".blob.core.windows.net/" + $vmssName;
@@ -252,7 +253,7 @@ function Test-VmssDiagnosticsExtension
         New-AzStorageAccount -ResourceGroupName $rgname -Name $storagename -Location $loc -Type $storagetype;
 
         $ipCfg = New-AzVmssIPConfig -Name 'test' -SubnetId $subnetId;
-        $vmss = New-AzVmssConfig -Location $loc -SkuCapacity 2 -SkuName 'Standard_A1_v2' -UpgradePolicyMode 'automatic' -NetworkInterfaceConfiguration $netCfg `
+        $vmss = New-AzVmssConfig -Location $loc -SkuCapacity 2 -SkuName 'Standard_A1_v2' -UpgradePolicyMode 'automatic' -NetworkInterfaceConfiguration $netCfg -SecurityType $stnd `
             | Add-AzVmssNetworkInterfaceConfiguration -Name 'test' -Primary $true -IPConfiguration $ipCfg `
             | Set-AzVmssOSProfile -ComputerNamePrefix 'test' -AdminUsername $adminUsername -AdminPassword $adminPassword `
             | Set-AzVmssStorageProfile -Name 'test' -OsDiskCreateOption 'FromImage' -OsDiskCaching 'None' `

src/Compute/Compute.Test/ScenarioTests/DiskRPTests.cs

@@ -170,5 +170,12 @@ public void TestSecurityProfileStandard()
         {
             TestRunner.RunTestScript("Test-SecurityProfileStandard");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.LiveOnly)]
+        public void TestNewDiskSecurityTypeDefaulting()
+        {
+            TestRunner.RunTestScript("Test-NewDiskSecurityTypeDefaulting");
+        }
     }
 }

src/Compute/Compute.Test/ScenarioTests/DiskRPTests.ps1

@@ -1700,4 +1700,39 @@ function Test-DiskAcceleratedNetworkAndPublicNetworkAccess
 		# Cleanup
 		Clean-ResourceGroup $rgname;
 	}
+}
+
+<#
+.SYNOPSIS
+Disk creation defaults to TL when being created from an Image that is HyperVGeneration V2.
+Feature request 1248
+#>
+function Test-NewDiskSecurityTypeDefaulting
+{
+    $rgname = Get-ComputeTestResourceName;
+	$loc = 'eastus2';
+
+	try
+    {
+		New-AzResourceGroup -Name $rgname -Location $loc -Force;
+        
+        $diskname = "d" + $rgname;
+        $securityTypeTL = "TrustedLaunch";
+        $hyperVGen2 = "V2";
+        
+        $image = Get-AzVMImage -Skus 2022-datacenter-azure-edition -Offer WindowsServer -PublisherName MicrosoftWindowsServer -Location $loc -Version latest;
+        $diskconfig = New-AzDiskConfig -DiskSizeGB 127 -AccountType Premium_LRS -OsType Windows -CreateOption FromImage -Location $loc;
+
+        $diskconfig = Set-AzDiskImageReference -Disk $diskconfig -Id $image.Id;
+
+        $disk = New-AzDisk -ResourceGroupName $rgname -DiskName $diskname -Disk $diskconfig;
+        Assert-AreEqual $disk.SecurityProfile.securityType $securityTypeTL;
+        Assert-AreEqual $disk.HyperVGeneration $hyperVGen2;
+        
+	}
+    finally 
+    {
+		# Cleanup
+		Clean-ResourceGroup $rgname;
+	}
 }

src/Compute/Compute.Test/ScenarioTests/DscExtensionTests.ps1

@@ -20,7 +20,8 @@ function Test-GetAzureRmVMDscExtension
     # VM Profile & Hardware
     $vmsize = 'Standard_A2';
     $vmname = 'vm' + $rgname;
-    $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize;
+    $stnd = "Standard";
+    $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -SecurityType $stnd;
     Assert-AreEqual $p.HardwareProfile.VmSize $vmsize;
 
     # NRP
@@ -116,6 +117,7 @@ function Test-DSCExtensionVMPiping
         $vmsize = 'Standard_E2s_v3';
         $vmname = 'v' + $rgname;
         $domainNameLabel1 = "domain1" + $rgname;
+        $stnd = "Standard";
 
         # Common
         New-AzResourceGroup -Name $rgname -Location $loc -Force;
@@ -124,7 +126,7 @@ function Test-DSCExtensionVMPiping
         $password = Get-PasswordForVM | ConvertTo-SecureString -AsPlainText -Force;
         $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password;
 
-        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize;
+        $p = New-AzVMConfig -VMName $vmname -VMSize $vmsize -SecurityType $stnd;
 
         # NRP
         $subnet = New-AzVirtualNetworkSubnetConfig -Name ('subnet' + $rgname) -AddressPrefix "10.0.0.0/24";