Update securityPostureReference in VMScaleSet API (Azure#28891)

martinezdylan · Dylan Martinez · msyyc · web-flow · commit 491e00d17f24 · 2024-06-05T15:03:47.000-07:00
* update securityPostureRef properties in VMScaleSet spec

* add securityPostureReference to UpdateVMProfile definition and fix min version

* add prettier changes

* remove unsupported 'major.*' from spec

* add optional fields in security posture example

* add required fields

* correct minimum api version

* add prettier fixes

* remove extensionsSettings property

* create new Update model for security posture reference &amp; update

* fix validation issue

* Create sdk-suppressions.yaml

* add azure-sdk-for-go suppression

* Update sdk-suppressions.yaml

---------

Co-authored-by: Dylan Martinez &lt;dymartinez@microsoft.com&gt;
Co-authored-by: Yuchao Yan &lt;yuchaoyan@microsoft.com&gt;
Co-authored-by: Alancere &lt;804873052@qq.com&gt;
Co-authored-by: kazrael2119 &lt;98569699+kazrael2119@users.noreply.github.com&gt;
diff --git a/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/examples/virtualMachineScaleSetExamples/VirtualMachineScaleSet_Create_WithSecurityPostureReference.json b/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/examples/virtualMachineScaleSetExamples/VirtualMachineScaleSet_Create_WithSecurityPostureReference.json
@@ -15,7 +15,11 @@
         "overprovision": true,
         "virtualMachineProfile": {
           "securityPostureReference": {
-            "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+            "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest",
+            "excludeExtensions": [
+              "{securityPostureVMExtensionName}"
+            ],
+            "isOverridable": true
           },
           "storageProfile": {
             "imageReference": {
@@ -81,7 +85,11 @@
           "uniqueId": "d12ccb3d-ab15-4794-9836-c4196392e9f2",
           "virtualMachineProfile": {
             "securityPostureReference": {
-              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest",
+              "excludeExtensions": [
+                "{securityPostureVMExtensionName}"
+              ],
+              "isOverridable": true
             },
             "storageProfile": {
               "imageReference": {
@@ -159,7 +167,11 @@
           "uniqueId": "d12ccb3d-ab15-4794-9836-c4196392e9f2",
           "virtualMachineProfile": {
             "securityPostureReference": {
-              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest",
+              "excludeExtensions": [
+                "{securityPostureVMExtensionName}"
+              ],
+              "isOverridable": true
             },
             "storageProfile": {
               "imageReference": {
diff --git a/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/virtualMachineScaleSet.json b/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/virtualMachineScaleSet.json
@@ -5181,7 +5181,7 @@
         },
         "securityPostureReference": {
           "$ref": "#/definitions/SecurityPostureReference",
-          "description": "Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01"
+          "description": "Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01"
         },
         "timeCreated": {
           "readOnly": true,
@@ -5206,6 +5206,10 @@
           "$ref": "#/definitions/VirtualMachineScaleSetUpdateNetworkProfile",
           "description": "The virtual machine scale set network profile."
         },
+        "securityPostureReference": {
+          "$ref": "#/definitions/SecurityPostureReferenceUpdate",
+          "description": "The virtual machine scale set security posture reference."
+        },
         "securityProfile": {
           "$ref": "./computeRPCommon.json#/definitions/SecurityProfile",
           "description": "The virtual machine scale set Security profile"
@@ -6336,17 +6340,45 @@
       "properties": {
         "id": {
           "type": "string",
-          "description": "The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+          "description": "The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest"
         },
         "excludeExtensions": {
           "type": "array",
           "items": {
-            "$ref": "./virtualMachine.json#/definitions/VirtualMachineExtension"
+            "type": "string"
           },
-          "description": "List of virtual machine extensions to exclude when applying the Security Posture."
+          "description": "The list of virtual machine extension names to exclude when applying the security posture."
+        },
+        "isOverridable": {
+          "type": "boolean",
+          "description": "Whether the security posture can be overridden by the user."
+        }
+      },
+      "description": "Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01",
+      "required": [
+        "id"
+      ]
+    },
+    "SecurityPostureReferenceUpdate": {
+      "type": "object",
+      "properties": {
+        "id": {
+          "type": "string",
+          "description": "The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest"
+        },
+        "excludeExtensions": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "The list of virtual machine extension names to exclude when applying the security posture."
+        },
+        "isOverridable": {
+          "type": "boolean",
+          "description": "Whether the security posture can be overridden by the user."
         }
       },
-      "description": "Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01"
+      "description": "Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01"
     }
   }
 }
diff --git a/specification/compute/resource-manager/sdk-suppressions.yaml b/specification/compute/resource-manager/sdk-suppressions.yaml
@@ -0,0 +1,14 @@
+suppressions:
+  azure-sdk-for-python:
+    - package: azure-mgmt-compute
+      breaking-changes:
+        - Parameter id of model SecurityPostureReference is now required
+  azure-sdk-for-go:
+    - package: sdk/resourcemanager/compute/armcompute
+      breaking-changes:
+        - Type of `SecurityPostureReference.ExcludeExtensions` has been changed from `[]*VirtualMachineExtension` to `[]*string`
+  azure-sdk-for-js:
+    - package: "@azure/arm-compute"
+      breaking-changes:
+        - Parameter id of interface SecurityPostureReference is now required
+        - Type of parameter excludeExtensions of interface SecurityPostureReference is changed from VirtualMachineExtension[] to string[]
