[Compute] Adding Set-AzVmUefi, Set-AzVmssUefi, Set-AzVmSecurityType, Set-AzVmssSecurityType to support Trusted Launch (Azure#14479)

* Trusted Launch changes

* Adding help markdown and change log update

* Adding online version urls to Trusted Launch related cmdlets

* Adding TrustedLaunch cmdlets to SignatureIssues.csv

* Added the missing double quotes in SignatureIssues.csv

Co-authored-by: Yunchi Wang <[email protected]>

Author: sf-76

ChangeLog.md

@@ -24,6 +24,11 @@
     - 'Remove-AzContainerService'
     - 'Remove-AzContainerServiceAgentPoolProfile'
     - 'Update-AzContainerService'
+* Added new cmdlet `Set-AzVmUefi`
+* Added new cmdlet `Set-AzVmSecurityType`
+* Added new cmdlet `Set-AzVmssUefi`
+* Added new cmdlet `Set-AzVmssSecurityType`
+
 
 #### Az.ContainerRegistry
 * Fixed authentication for `Connect-AzContainerRegistry`

src/Accounts/Accounts/AzureRmAlias/Mappings.json

@@ -520,6 +520,8 @@
     "Remove-AzVmssDataDisk": "Remove-AzureRmVmssDataDisk",
     "Remove-AzVmssNetworkInterfaceConfiguration": "Remove-AzureRmVmssNetworkInterfaceConfiguration",
     "Set-AzVmssOsProfile": "Set-AzureRmVmssOsProfile",
+    "Set-AzVmssSecurityType": "Set-AzureRmVmssSecurityType",
+    "Set-AzVmssUefi": "Set-AzureRmVmssUefi",
     "Set-AzVmssStorageProfile": "Set-AzureRmVmssStorageProfile",
     "New-AzVmss": "New-AzureRmVmss",
     "Update-AzVmss": "Update-AzureRmVmss",

src/Compute/Compute.Test/ScenarioTests/VirtualMachineProfileTests.ps1

@@ -349,6 +349,26 @@ function Test-VirtualMachineProfileWithoutAUC
     Assert-AreEqual $p.StorageProfile.DataDisks[1].Lun 1;
     Assert-AreEqual $p.StorageProfile.DataDisks[1].Vhd.Uri $dataDiskVhdUri2;
 
+    # Verify Security Profile
+    Assert-Null $p.SecurityProfile.UefiSettings.VtpmEnabled;
+    Assert-Null $p.SecurityProfile.UefiSettings.SecureBootEnabled;
+
+    $p = Set-AzVmUefi -VM $p -EnableVtpm $true -EnableSecureBoot $true
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.VtpmEnabled $true;
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.SecureBootEnabled $true;
+
+    $p = Set-AzVmUefi -VM $p -EnableVtpm $true -EnableSecureBoot $false
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.VtpmEnabled $true;
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.SecureBootEnabled $false;
+
+    $p = Set-AzVmUefi -VM $p -EnableVtpm $false -EnableSecureBoot $true
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.VtpmEnabled $false;
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.SecureBootEnabled $true;
+
+    $p = Set-AzVmUefi -VM $p -EnableVtpm $false -EnableSecureBoot $false
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.VtpmEnabled $false;
+    Assert-AreEqual $p.SecurityProfile.UefiSettings.SecureBootEnabled $false;
+
     # Windows OS
     $user = "Foo12";
     $password = $PLACEHOLDER;

src/Compute/Compute.Test/ScenarioTests/VirtualMachineScaleSetProfileTests.ps1

@@ -112,6 +112,27 @@ function Test-VirtualMachineScaleSetProfile
     Assert-AreEqual 100 $vmss.VirtualMachineProfile.StorageProfile.DataDisks[0].DiskIOPSReadWrite;
     Assert-AreEqual 1000 $vmss.VirtualMachineProfile.StorageProfile.DataDisks[0].DiskMBpsReadWrite;
 
+    # Security Profile
+    Assert-Null $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.VtpmEnabled;
+    Assert-Null $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled;
+
+    $vmss = Set-AzVmssUefi -VirtualMachineScaleSet $vmss -EnableVtpm $true -EnableSecureBoot $true
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.VtpmEnabled $true;
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled $true;
+
+    $vmss = Set-AzVmssUefi -VirtualMachineScaleSet $vmss -EnableVtpm $true -EnableSecureBoot $false
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.VtpmEnabled $true;
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled $false;
+
+    $vmss = Set-AzVmssUefi -VirtualMachineScaleSet $vmss -EnableVtpm $false -EnableSecureBoot $true
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.VtpmEnabled $false;
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled $true;
+
+    $vmss = Set-AzVmssUefi -VirtualMachineScaleSet $vmss -EnableVtpm $false -EnableSecureBoot $false
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.VtpmEnabled $false;
+    Assert-AreEqual $vmss.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled $false;
+
+
     # Extension profile
     Assert-AreEqual $extname $vmss.VirtualMachineProfile.ExtensionProfile.Extensions[0].Name;
     Assert-AreEqual $publisher $vmss.VirtualMachineProfile.ExtensionProfile.Extensions[0].Publisher;

src/Compute/Compute/Az.Compute.psd1

@@ -100,7 +100,7 @@ CmdletsToExport = 'Remove-AzAvailabilitySet', 'Get-AzAvailabilitySet',
                'Add-AzVMSshPublicKey', 'Add-AzVMSecret', 'Remove-AzVMSecret', 
                'Remove-AzVMNetworkInterface', 'Remove-AzVMDataDisk', 
                'Set-AzVMBootDiagnostic', 'Set-AzVMDataDisk', 'Set-AzVMPlan', 
-               'Set-AzVMSourceImage', 'Set-AzVMOSDisk', 
+               'Set-AzVMSourceImage', 'Set-AzVMOSDisk', 'Set-AzVmSecurityType', 'Set-AzVmUefi',
                'Get-AzVMBootDiagnosticsData', 'Get-AzVM', 'Update-AzVM', 
                'Restart-AzVM', 'New-AzVM', 'Start-AzVM', 'Stop-AzVM', 'Remove-AzVM', 
                'New-AzVMConfig', 'Set-AzVMOperatingSystem', 'Add-AzVMDataDisk', 
@@ -112,7 +112,7 @@ CmdletsToExport = 'Remove-AzAvailabilitySet', 'Get-AzAvailabilitySet',
                'New-AzVmssConfig', 'New-AzVmssIpConfig', 
                'New-AzVmssVaultCertificateConfig', 'Remove-AzVmssExtension', 
                'Remove-AzVmssDataDisk', 
-               'Remove-AzVmssNetworkInterfaceConfiguration', 'Set-AzVmssOsProfile', 
+               'Remove-AzVmssNetworkInterfaceConfiguration', 'Set-AzVmssOsProfile', 'Set-AzVmssSecurityType', 'Set-AzVmssUefi',
                'Set-AzVmssStorageProfile', 'New-AzVmss', 'Update-AzVmss', 
                'Stop-AzVmss', 'Remove-AzVmss', 'Get-AzVmss', 'Get-AzVmssSku', 
                'Set-AzVmss', 'Restart-AzVmss', 'Start-AzVmss', 'Update-AzVmssInstance', 

src/Compute/Compute/Generated/VirtualMachineScaleSet/Config/SetAzureRmVmssSecurityTypeCommand.cs

@@ -0,0 +1,72 @@
+//
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Warning: This code was generated by a tool.
+//
+// Changes to this file may cause incorrect behavior and will be lost if the
+// code is regenerated.
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Compute.Automation.Models;
+using Microsoft.Azure.Management.Compute.Models;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+
+namespace Microsoft.Azure.Commands.Compute.Automation
+{
+    [Cmdlet(VerbsCommon.Set, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VmssSecurityType")]
+    [OutputType(typeof(PSVirtualMachineScaleSet))]
+    public partial class SetAzureRmVmssSecurityTypeCommand : Microsoft.Azure.Commands.ResourceManager.Common.AzureRMCmdlet
+    {
+        [Parameter(
+        Mandatory = true,
+        Position = 0,
+        ValueFromPipeline = true,
+        ValueFromPipelineByPropertyName = true)]
+        public PSVirtualMachineScaleSet VirtualMachineScaleSet { get; set; }
+
+        [Parameter(
+            HelpMessage = "Parameter to toggle vTPM on the VMs of the scale set",
+            Mandatory = false,
+            Position = 1,
+            ValueFromPipelineByPropertyName = true)]
+        public SecurityTypes SecurityType { get; set; }
+
+        protected override void ProcessRecord()
+        {
+            Run();
+        }
+
+        private void Run()
+        {
+            if (this.IsParameterBound(c => c.SecurityType))
+            {
+                // Security Profile
+                if (this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile == null)
+                {
+                    this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile = new SecurityProfile();
+                }
+                this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile.SecurityType = SecurityType;
+            }
+
+            WriteObject(this.VirtualMachineScaleSet);
+        }
+
+    }
+}

src/Compute/Compute/Generated/VirtualMachineScaleSet/Config/SetAzureRmVmssUefiCommand.cs

@@ -0,0 +1,102 @@
+//
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Warning: This code was generated by a tool.
+//
+// Changes to this file may cause incorrect behavior and will be lost if the
+// code is regenerated.
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Compute.Automation.Models;
+using Microsoft.Azure.Management.Compute.Models;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+
+namespace Microsoft.Azure.Commands.Compute.Automation
+{
+    [Cmdlet(VerbsCommon.Set, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VmssUefi")]
+    [OutputType(typeof(PSVirtualMachineScaleSet))]
+    public partial class SetAzureRmVmssUefiCommand : Microsoft.Azure.Commands.ResourceManager.Common.AzureRMCmdlet
+    {
+        [Parameter(
+        Mandatory = true,
+        Position = 0,
+        ValueFromPipeline = true,
+        ValueFromPipelineByPropertyName = true)]
+        public PSVirtualMachineScaleSet VirtualMachineScaleSet { get; set; }
+
+        [Parameter(
+            HelpMessage = "Parameter to toggle vTPM on the VMs of the scale set",
+            Mandatory = false,
+            Position = 1,
+            ValueFromPipelineByPropertyName = true)]
+        public bool EnableVtpm { get; set; }
+
+        [Parameter(
+            HelpMessage = "Parameter to toggle secure boot on the VMs of the scale set",
+            Mandatory = false,
+            Position = 2,
+            ValueFromPipelineByPropertyName = true)]
+        public bool EnableSecureBoot { get; set; }
+
+        protected override void ProcessRecord()
+        {
+            Run();
+        }
+
+        private void Run()
+        {
+            if (this.IsParameterBound(c => c.EnableVtpm))
+            {
+                // Security Profile
+                if (this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile == null)
+                {
+                    this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile = new SecurityProfile();
+                }
+
+                // Uefi Settings
+                if (this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile.UefiSettings == null)
+                {
+                    this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile.UefiSettings = new UefiSettings();
+                }
+
+                this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile.UefiSettings.VTpmEnabled = this.EnableVtpm;
+            }
+
+            if (this.IsParameterBound(c => c.EnableSecureBoot))
+            {
+                // Security Profile
+                if (this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile == null)
+                {
+                    this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile = new SecurityProfile();
+                }
+
+                // Uefi Settings
+                if (this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile.UefiSettings == null)
+                {
+                    this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile.UefiSettings = new UefiSettings();
+                }
+
+                this.VirtualMachineScaleSet.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled = this.EnableSecureBoot;
+            }
+
+            WriteObject(this.VirtualMachineScaleSet);
+        }
+    }
+}

src/Compute/Compute/VirtualMachine/Config/SetAzureVMSecurityType.cs

@@ -0,0 +1,57 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Compute.Common;
+using Microsoft.Azure.Commands.Compute.Models;
+using Microsoft.Azure.Management.Compute.Models;
+
+namespace Microsoft.Azure.Commands.Compute
+{
+    [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VMSecurityType"), OutputType(typeof(PSVirtualMachine))]
+    public class SetAzureVMSecurityType : Microsoft.Azure.Commands.ResourceManager.Common.AzureRMCmdlet
+    {
+        [Alias("VMProfile")]
+        [Parameter(
+            Mandatory = true,
+            Position = 0,
+            ValueFromPipeline = true,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMProfile)]
+        [ValidateNotNullOrEmpty]
+        public PSVirtualMachine VM { get; set; }
+
+        [Parameter(
+           Mandatory = false,
+           ValueFromPipelineByPropertyName = true)]
+        public SecurityTypes SecurityType { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            if(this.VM.SecurityProfile == null)
+            {
+                this.VM.SecurityProfile = new SecurityProfile();
+            }
+
+            this.VM.SecurityProfile.SecurityType = SecurityType;
+
+            WriteObject(this.VM);
+        }
+    }
+
+}

src/Compute/Compute/VirtualMachine/Config/SetAzureVMUefi.cs

@@ -0,0 +1,65 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.Compute.Common;
+using Microsoft.Azure.Commands.Compute.Models;
+using Microsoft.Azure.Management.Compute.Models;
+
+namespace Microsoft.Azure.Commands.Compute
+{
+    [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "VMUefi"), OutputType(typeof(PSVirtualMachine))]
+    public class SetAzureVMUefi : Microsoft.Azure.Commands.ResourceManager.Common.AzureRMCmdlet
+    {
+        [Alias("VMProfile")]
+        [Parameter(
+            Mandatory = true,
+            Position = 0,
+            ValueFromPipeline = true,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = HelpMessages.VMProfile)]
+        [ValidateNotNullOrEmpty]
+        public PSVirtualMachine VM { get; set; }
+
+        [Parameter(
+           Mandatory = false,
+           ValueFromPipelineByPropertyName = true)]
+        public bool EnableVtpm { get; set; }
+
+        [Parameter(
+           Mandatory = false,
+           ValueFromPipelineByPropertyName = true)]
+        public bool EnableSecureBoot { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            if(this.VM.SecurityProfile == null)
+            {
+                this.VM.SecurityProfile = new SecurityProfile();
+            }
+            this.VM.SecurityProfile.UefiSettings = new UefiSettings
+            {
+                VTpmEnabled = this.EnableVtpm,
+                SecureBootEnabled = this.EnableSecureBoot
+            };
+
+            WriteObject(this.VM);
+        }
+    }
+
+}