From 220cfd0638942c04275d69fd485ceb2da02a96d3 Mon Sep 17 00:00:00 2001
From: kamusta-msft <56413142+kamusta-msft@users.noreply.github.com>
Date: Thu, 16 Dec 2021 10:56:37 -0800
Subject: [PATCH] Spec for ProtectedSettingsFromKeyVault and
AllowExtensionOperations (#16590)
* KV changes
* adding allowExtensionOperation
* fixing examples
---
.../stable/2021-07-01/compute.json | 21 +-
...eSetWithProtectedSettingsFromKeyVault.json | 293 ++++++++++++++++++
...ureEnabled.json => UpdateVMExtension.json} | 12 +
3 files changed, 325 insertions(+), 1 deletion(-)
create mode 100644 specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
rename specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/{UpdateVMExtensionWithSuppressFailureEnabled.json => UpdateVMExtension.json} (63%)
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json
index c0c702bf82a5..63bf03fa5e95 100644
--- a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/compute.json
@@ -1723,7 +1723,7 @@
"x-ms-long-running-operation": true,
"x-ms-examples": {
"Update VM extension.": {
- "$ref": "./examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json"
+ "$ref": "./examples/compute/UpdateVMExtension.json"
}
}
},
@@ -5425,6 +5425,9 @@
},
"Create a scale set with spot restore policy": {
"$ref": "./examples/compute/CreateAScaleSetWithSpotRestorePolicy.json"
+ },
+ "Create a VMSS with an extension with protectedSettingsFromKeyVault": {
+ "$ref": "./examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json"
}
}
},
@@ -9554,6 +9557,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
@@ -9595,6 +9602,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
@@ -12610,6 +12621,10 @@
"$ref": "#/definitions/VaultSecretGroup"
},
"description": "Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the [Azure Key Vault virtual machine extension for Linux](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-linux) or the [Azure Key Vault virtual machine extension for Windows](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-windows)."
+ },
+ "allowExtensionOperations": {
+ "type": "boolean",
+ "description": "Specifies whether extension operations should be allowed on the virtual machine scale set.
This may only be set to False when no extensions are present on the virtual machine scale set."
}
},
"description": "Describes a virtual machine scale set OS profile."
@@ -13380,6 +13395,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Scale Set Extension."
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
new file mode 100644
index 000000000000..a46730933b7e
--- /dev/null
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
@@ -0,0 +1,293 @@
+{
+ "parameters": {
+ "subscriptionId": "{subscription-id}",
+ "resourceGroupName": "myResourceGroup",
+ "vmScaleSetName": "{vmss-name}",
+ "api-version": "2021-07-01",
+ "parameters": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "location": "westus",
+ "properties": {
+ "overprovision": true,
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://{existing-storage-account-name}.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "adminPassword": "{your-password}"
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"
+ }
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "name": "{vmss-name}",
+ "properties": {
+ "singlePlacementGroup": true,
+ "overprovision": true,
+ "uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://nsgdiagnostic.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "secrets": [],
+ "windowsConfiguration": {
+ "provisionVMAgent": true,
+ "enableAutomaticUpdates": true
+ }
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "dnsSettings": {
+ "dnsServers": []
+ },
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
+ },
+ "privateIPAddressVersion": "IPv4"
+ }
+ }
+ ],
+ "enableAcceleratedNetworking": false
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "provisioningState": "Creating"
+ },
+ "location": "westus",
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
+ }
+ },
+ "201": {
+ "body": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "name": "{vmss-name}",
+ "properties": {
+ "singlePlacementGroup": true,
+ "overprovision": true,
+ "uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://nsgdiagnostic.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "secrets": [],
+ "windowsConfiguration": {
+ "provisionVMAgent": true,
+ "enableAutomaticUpdates": true
+ }
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "dnsSettings": {
+ "dnsServers": []
+ },
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
+ },
+ "privateIPAddressVersion": "IPv4"
+ }
+ }
+ ],
+ "enableAcceleratedNetworking": false
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "provisioningState": "Creating"
+ },
+ "location": "westus",
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
+ }
+ }
+ }
+}
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtension.json
similarity index 63%
rename from specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json
rename to specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtension.json
index 4c8b071f90b8..0d4bcf6ddcc1 100644
--- a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-07-01/examples/compute/UpdateVMExtension.json
@@ -14,6 +14,12 @@
"suppressFailures": true,
"settings": {
"UserName": "xyz@microsoft.com"
+ },
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
@@ -34,6 +40,12 @@
"suppressFailures": true,
"settings": {
"UserName": "xyz@microsoft.com"
+ },
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}