{Compute} az vm/vmss create: Add warning log to recommend users to specify the --enable-secure-boot True and --enable-vtpm True when the --security-type used by the VM/VMSS creation is TrustedLaunch

src/azure-cli/azure/cli/command_modules/vm/_validators.py

@@ -1311,6 +1311,16 @@ def _enable_msi_for_trusted_launch(namespace):
             namespace.assign_identity.append(MSI_LOCAL_ID)
 
 
+def _validate_trusted_launch(namespace):
+    if not namespace.security_type:
+        return
+
+    if namespace.security_type.lower() == 'trustedlaunch' and \
+            (namespace.enable_vtpm is not True or namespace.enable_secure_boot is not True):
+        logger.warning('Please set --enable-secure-boot to True and --enable-vtpm to True in order to receive the full'
+                       ' suite of security features that comes with Trusted Launch.')
+
+
 def _validate_vm_vmss_set_applications(cmd, namespace):  # pylint: disable=unused-argument
     if namespace.application_configuration_overrides and \
        len(namespace.application_version_ids) != len(namespace.application_configuration_overrides):
@@ -1382,6 +1392,7 @@ def process_vm_create_namespace(cmd, namespace):
 
     if namespace.secrets:
         _validate_secrets(namespace.secrets, namespace.os_type)
+    _validate_trusted_launch(namespace)
     _validate_vm_vmss_msi(cmd, namespace)
     if namespace.boot_diagnostics_storage:
         namespace.boot_diagnostics_storage = get_storage_blob_uri(cmd.cli_ctx, namespace.boot_diagnostics_storage)
@@ -1675,6 +1686,7 @@ def process_vmss_create_namespace(cmd, namespace):
     _validate_vmss_create_nsg(cmd, namespace)
     _validate_vm_vmss_accelerated_networking(cmd.cli_ctx, namespace)
     _validate_vm_vmss_create_auth(namespace, cmd)
+    _validate_trusted_launch(namespace)
     _validate_vm_vmss_msi(cmd, namespace)
     _validate_proximity_placement_group(cmd, namespace)
     _validate_vmss_terminate_notification(cmd, namespace)