From b6ac0c5c609c6e9bbf20c1479c4bdfcf5a14d898 Mon Sep 17 00:00:00 2001
From: kamusta-msft <56413142+kamusta-msft@users.noreply.github.com>
Date: Thu, 16 Dec 2021 10:56:37 -0800
Subject: [PATCH] Spec for ProtectedSettingsFromKeyVault and
AllowExtensionOperations (#16590)
* KV changes
* adding allowExtensionOperation
* fixing examples
---
.../stable/2021-07-01/compute.json | 21 +-
...eSetWithProtectedSettingsFromKeyVault.json | 293 ++++++++++++++++++
...ureEnabled.json => UpdateVMExtension.json} | 12 +
3 files changed, 325 insertions(+), 1 deletion(-)
create mode 100644 specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
rename specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/{UpdateVMExtensionWithSuppressFailureEnabled.json => UpdateVMExtension.json} (63%)
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json
index 981eeb6f69e0..72c20aea0672 100644
--- a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json
@@ -1723,7 +1723,7 @@
"x-ms-long-running-operation": true,
"x-ms-examples": {
"Update VM extension.": {
- "$ref": "./examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json"
+ "$ref": "./examples/compute/UpdateVMExtension.json"
}
}
},
@@ -5425,6 +5425,9 @@
},
"Create a scale set with spot restore policy": {
"$ref": "./examples/compute/CreateAScaleSetWithSpotRestorePolicy.json"
+ },
+ "Create a VMSS with an extension with protectedSettingsFromKeyVault": {
+ "$ref": "./examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json"
}
}
},
@@ -9530,6 +9533,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
@@ -9571,6 +9578,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
@@ -12586,6 +12597,10 @@
"$ref": "#/definitions/VaultSecretGroup"
},
"description": "Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the [Azure Key Vault virtual machine extension for Linux](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-linux) or the [Azure Key Vault virtual machine extension for Windows](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-windows)."
+ },
+ "allowExtensionOperations": {
+ "type": "boolean",
+ "description": "Specifies whether extension operations should be allowed on the virtual machine scale set.
This may only be set to False when no extensions are present on the virtual machine scale set."
}
},
"description": "Describes a virtual machine scale set OS profile."
@@ -13356,6 +13371,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Scale Set Extension."
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
new file mode 100644
index 000000000000..a46730933b7e
--- /dev/null
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
@@ -0,0 +1,293 @@
+{
+ "parameters": {
+ "subscriptionId": "{subscription-id}",
+ "resourceGroupName": "myResourceGroup",
+ "vmScaleSetName": "{vmss-name}",
+ "api-version": "2021-07-01",
+ "parameters": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "location": "westus",
+ "properties": {
+ "overprovision": true,
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://{existing-storage-account-name}.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "adminPassword": "{your-password}"
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"
+ }
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "name": "{vmss-name}",
+ "properties": {
+ "singlePlacementGroup": true,
+ "overprovision": true,
+ "uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://nsgdiagnostic.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "secrets": [],
+ "windowsConfiguration": {
+ "provisionVMAgent": true,
+ "enableAutomaticUpdates": true
+ }
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "dnsSettings": {
+ "dnsServers": []
+ },
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
+ },
+ "privateIPAddressVersion": "IPv4"
+ }
+ }
+ ],
+ "enableAcceleratedNetworking": false
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "provisioningState": "Creating"
+ },
+ "location": "westus",
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
+ }
+ },
+ "201": {
+ "body": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "name": "{vmss-name}",
+ "properties": {
+ "singlePlacementGroup": true,
+ "overprovision": true,
+ "uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://nsgdiagnostic.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "secrets": [],
+ "windowsConfiguration": {
+ "provisionVMAgent": true,
+ "enableAutomaticUpdates": true
+ }
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "dnsSettings": {
+ "dnsServers": []
+ },
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
+ },
+ "privateIPAddressVersion": "IPv4"
+ }
+ }
+ ],
+ "enableAcceleratedNetworking": false
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "provisioningState": "Creating"
+ },
+ "location": "westus",
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
+ }
+ }
+ }
+}
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtension.json
similarity index 63%
rename from specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json
rename to specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtension.json
index 4c8b071f90b8..0d4bcf6ddcc1 100644
--- a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtension.json
@@ -14,6 +14,12 @@
"suppressFailures": true,
"settings": {
"UserName": "xyz@microsoft.com"
+ },
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
@@ -34,6 +40,12 @@
"suppressFailures": true,
"settings": {
"UserName": "xyz@microsoft.com"
+ },
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}