Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spec for ProtectedSettingsFromKeyVault and AllowExtensionOperations #16590

Merged
merged 3 commits into from
Dec 16, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -1723,7 +1723,7 @@
"x-ms-long-running-operation": true,
"x-ms-examples": {
"Update VM extension.": {
"$ref": "./examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json"
"$ref": "./examples/compute/UpdateVMExtension.json"
}
}
},
Expand Down Expand Up @@ -5425,6 +5425,9 @@
},
"Create a scale set with spot restore policy": {
"$ref": "./examples/compute/CreateAScaleSetWithSpotRestorePolicy.json"
},
"Create a VMSS with an extension with protectedSettingsFromKeyVault": {
"$ref": "./examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json"
}
}
},
Expand Down Expand Up @@ -9554,6 +9557,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
},
"protectedSettingsFromKeyVault": {
"type": "object",
"description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
Expand Down Expand Up @@ -9595,6 +9602,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
},
"protectedSettingsFromKeyVault": {
"type": "object",
"description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
Expand Down Expand Up @@ -12610,6 +12621,10 @@
"$ref": "#/definitions/VaultSecretGroup"
},
"description": "Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the [Azure Key Vault virtual machine extension for Linux](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-linux) or the [Azure Key Vault virtual machine extension for Windows](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-windows)."
},
"allowExtensionOperations": {
"type": "boolean",
"description": "Specifies whether extension operations should be allowed on the virtual machine scale set. <br><br>This may only be set to False when no extensions are present on the virtual machine scale set."
}
},
"description": "Describes a virtual machine scale set OS profile."
Expand Down Expand Up @@ -13380,6 +13395,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
},
"protectedSettingsFromKeyVault": {
"type": "object",
"description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Scale Set Extension."
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,293 @@
{
"parameters": {
"subscriptionId": "{subscription-id}",
"resourceGroupName": "myResourceGroup",
"vmScaleSetName": "{vmss-name}",
"api-version": "2021-07-01",
"parameters": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D1_v2"
},
"location": "westus",
"properties": {
"overprovision": true,
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "2016-Datacenter",
"publisher": "MicrosoftWindowsServer",
"version": "latest",
"offer": "WindowsServer"
},
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Standard_LRS"
},
"createOption": "FromImage"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"storageUri": "http://{existing-storage-account-name}.blob.core.windows.net",
"enabled": true
}
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"adminPassword": "{your-password}"
},
"extensionProfile": {
"extensions": [
{
"name": "{extension-name}",
"properties": {
"autoUpgradeMinorVersion": false,
"publisher": "{extension-Publisher}",
"type": "{extension-Type}",
"typeHandlerVersion": "{handler-version}",
"settings": {},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"
}
}
}
]
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
}
}
}
},
"responses": {
"200": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D1_v2"
},
"name": "{vmss-name}",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "2016-Datacenter",
"publisher": "MicrosoftWindowsServer",
"version": "latest",
"offer": "WindowsServer"
},
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Standard_LRS"
},
"createOption": "FromImage"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"storageUri": "http://nsgdiagnostic.blob.core.windows.net",
"enabled": true
}
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"extensionProfile": {
"extensions": [
{
"name": "{extension-name}",
"properties": {
"autoUpgradeMinorVersion": false,
"publisher": "{extension-Publisher}",
"type": "{extension-Type}",
"typeHandlerVersion": "{handler-version}",
"settings": {},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
}
},
"201": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D1_v2"
},
"name": "{vmss-name}",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "2016-Datacenter",
"publisher": "MicrosoftWindowsServer",
"version": "latest",
"offer": "WindowsServer"
},
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Standard_LRS"
},
"createOption": "FromImage"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"storageUri": "http://nsgdiagnostic.blob.core.windows.net",
"enabled": true
}
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"extensionProfile": {
"extensions": [
{
"name": "{extension-name}",
"properties": {
"autoUpgradeMinorVersion": false,
"publisher": "{extension-Publisher}",
"type": "{extension-Type}",
"typeHandlerVersion": "{handler-version}",
"settings": {},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@
"suppressFailures": true,
"settings": {
"UserName": "[email protected]"
},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
Expand All @@ -34,6 +40,12 @@
"suppressFailures": true,
"settings": {
"UserName": "[email protected]"
},
"protectedSettingsFromKeyVault": {
"sourceVault": {
"id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
},
"secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
Expand Down