Skip to content

Commit

Permalink
Spec for ProtectedSettingsFromKeyVault and AllowExtensionOperations (A…
Browse files Browse the repository at this point in the history
…zure#16590)

* KV changes

* adding allowExtensionOperation

* fixing examples
  • Loading branch information
kamusta-msft authored Dec 16, 2021
1 parent 8745de5 commit 220cfd0
Show file tree
Hide file tree
Showing 3 changed files with 325 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -1723,7 +1723,7 @@
"x-ms-long-running-operation": true,
"x-ms-examples": {
"Update VM extension.": {
"$ref": "./examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json"
"$ref": "./examples/compute/UpdateVMExtension.json"
}
}
},
Expand Down Expand Up @@ -5425,6 +5425,9 @@
},
"Create a scale set with spot restore policy": {
"$ref": "./examples/compute/CreateAScaleSetWithSpotRestorePolicy.json"
},
"Create a VMSS with an extension with protectedSettingsFromKeyVault": {
"$ref": "./examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json"
}
}
},
Expand Down Expand Up @@ -9554,6 +9557,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
},
"protectedSettingsFromKeyVault": {
"type": "object",
"description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
Expand Down Expand Up @@ -9595,6 +9602,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
},
"protectedSettingsFromKeyVault": {
"type": "object",
"description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
Expand Down Expand Up @@ -12610,6 +12621,10 @@
"$ref": "#/definitions/VaultSecretGroup"
},
"description": "Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the [Azure Key Vault virtual machine extension for Linux](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-linux) or the [Azure Key Vault virtual machine extension for Windows](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-windows)."
},
"allowExtensionOperations": {
"type": "boolean",
"description": "Specifies whether extension operations should be allowed on the virtual machine scale set. <br><br>This may only be set to False when no extensions are present on the virtual machine scale set."
}
},
"description": "Describes a virtual machine scale set OS profile."
Expand Down Expand Up @@ -13380,6 +13395,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
},
"protectedSettingsFromKeyVault": {
"type": "object",
"description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Scale Set Extension."
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,293 @@
{
"parameters": {
"subscriptionId": "{subscription-id}",
"resourceGroupName": "myResourceGroup",
"vmScaleSetName": "{vmss-name}",
"api-version": "2021-07-01",
"parameters": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D1_v2"
},
"location": "westus",
"properties": {
"overprovision": true,
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "2016-Datacenter",
"publisher": "MicrosoftWindowsServer",
"version": "latest",
"offer": "WindowsServer"
},
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Standard_LRS"
},
"createOption": "FromImage"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"storageUri": "http://{existing-storage-account-name}.blob.core.windows.net",
"enabled": true
}
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"adminPassword": "{your-password}"
},
"extensionProfile": {
"extensions": [
{
"name": "{extension-name}",
"properties": {
"autoUpgradeMinorVersion": false,
"publisher": "{extension-Publisher}",
"type": "{extension-Type}",
"typeHandlerVersion": "{handler-version}",
"settings": {},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"
}
}
}
]
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
}
}
}
},
"responses": {
"200": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D1_v2"
},
"name": "{vmss-name}",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "2016-Datacenter",
"publisher": "MicrosoftWindowsServer",
"version": "latest",
"offer": "WindowsServer"
},
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Standard_LRS"
},
"createOption": "FromImage"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"storageUri": "http://nsgdiagnostic.blob.core.windows.net",
"enabled": true
}
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"extensionProfile": {
"extensions": [
{
"name": "{extension-name}",
"properties": {
"autoUpgradeMinorVersion": false,
"publisher": "{extension-Publisher}",
"type": "{extension-Type}",
"typeHandlerVersion": "{handler-version}",
"settings": {},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
}
},
"201": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D1_v2"
},
"name": "{vmss-name}",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "2016-Datacenter",
"publisher": "MicrosoftWindowsServer",
"version": "latest",
"offer": "WindowsServer"
},
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Standard_LRS"
},
"createOption": "FromImage"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"storageUri": "http://nsgdiagnostic.blob.core.windows.net",
"enabled": true
}
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"extensionProfile": {
"extensions": [
{
"name": "{extension-name}",
"properties": {
"autoUpgradeMinorVersion": false,
"publisher": "{extension-Publisher}",
"type": "{extension-Type}",
"typeHandlerVersion": "{handler-version}",
"settings": {},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@
"suppressFailures": true,
"settings": {
"UserName": "[email protected]"
},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
Expand All @@ -34,6 +40,12 @@
"suppressFailures": true,
"settings": {
"UserName": "[email protected]"
},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
Expand Down

0 comments on commit 220cfd0

Please sign in to comment.