PowerShell Support for ResiliencyPolicy (including ResilientVMCreationPolicy, ResilientVMDeletionPolicy) on VMSS #25928
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
haagha
requested review from
bilaakpan-ms,
Sandido and
grizzlytheodore
as code owners
️✔️Az.Accounts
|
| Type | Cmdlet | Example | Line | RuleName | Description | Extent | Remediation |
|---|---|---|---|---|---|---|---|
| New-AzVmssConfig | 1 | 1 | Unassigned_Variable | New-AzVmssConfig -Location $Loc is a null-valued parameter value. | -Location | Assign value for $Loc. | |
| New-AzVmssConfig | 1 | 1 | Unassigned_Variable | New-AzVmssConfig -NetworkInterfaceConfiguration $NetCfg is a null-valued parameter value. | -NetworkInterfaceConfiguration | Assign value for $NetCfg. | |
| New-AzVmssConfig | 1 | 2 | Unassigned_Variable | Add-AzVmssNetworkInterfaceConfiguration -IPConfiguration $IPCfg is a null-valued parameter value. | -IPConfiguration | Assign value for $IPCfg. | |
| New-AzVmssConfig | 1 | 3 | Unassigned_Variable | Set-AzVmssOsProfile -AdminUsername $adminUsername is a null-valued parameter value. | -AdminUsername | Assign value for $adminUsername. | |
| New-AzVmssConfig | 1 | 3 | Unassigned_Variable | Set-AzVmssOsProfile -AdminPassword $AdminPassword is a null-valued parameter value. | -AdminPassword | Assign value for $AdminPassword. | |
| New-AzVmssConfig | 1 | 5 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferenceOffer $ImgRef.Offer is a null-valued parameter value. | -ImageReferenceOffer | Assign value for $ImgRef.Offer. | |
| New-AzVmssConfig | 1 | 5 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferenceSku $ImgRef.Skus is a null-valued parameter value. | -ImageReferenceSku | Assign value for $ImgRef.Skus. | |
| New-AzVmssConfig | 1 | 5 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferenceVersion $ImgRef.Version is a null-valued parameter value. | -ImageReferenceVersion | Assign value for $ImgRef.Version. | |
| New-AzVmssConfig | 1 | 6 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferencePublisher $ImgRef.PublisherName is a null-valued parameter value. | -ImageReferencePublisher | Assign value for $ImgRef.PublisherName. | |
| New-AzVmssConfig | 1 | 6 | Unassigned_Variable | Set-AzVmssStorageProfile -VhdContainer $VHDContainer is a null-valued parameter value. | -VhdContainer | Assign value for $VHDContainer. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -ComponentName $AUCComponentName is a null-valued parameter value. | -ComponentName | Assign value for $AUCComponentName. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -Content $AUCContent is a null-valued parameter value. | -Content | Assign value for $AUCContent. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -PassName $AUCPassName is a null-valued parameter value. | -PassName | Assign value for $AUCPassName. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -SettingName $AUCSetting is a null-valued parameter value. | -SettingName | Assign value for $AUCSetting. | |
| New-AzVmssConfig | 1 | 9 | Unassigned_Variable | New-AzVmss -ResourceGroupName $RGName is a null-valued parameter value. | -ResourceGroupName | Assign value for $RGName. | |
| New-AzVmssConfig | 1 | 9 | Unassigned_Variable | New-AzVmss -Name $VMSSName is a null-valued parameter value. | -Name | Assign value for $VMSSName. | |
| New-AzVmssConfig | 4 | 18 | Unassigned_Variable | New-AzStorageAccount -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 18 | Unassigned_Variable | New-AzStorageAccount -Location $loc is a null-valued parameter value. | -Location | Assign value for $loc. | |
| New-AzVmssConfig | 4 | 19 | Unassigned_Variable | Get-AzStorageAccount -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 23 | Unassigned_Variable | New-AzVirtualNetwork -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 23 | Unassigned_Variable | New-AzVirtualNetwork -Location $loc is a null-valued parameter value. | -Location | Assign value for $loc. | |
| New-AzVmssConfig | 4 | 24 | Unassigned_Variable | Get-AzVirtualNetwork -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 30 | Unassigned_Variable | New-AzVmssConfig -Location $loc is a null-valued parameter value. | -Location | Assign value for $loc. | |
| New-AzVmssConfig | 4 | 32 | Unassigned_Variable | Set-AzVmssOsProfile -AdminPassword $password is a null-valued parameter value. | -AdminPassword | Assign value for $password. | |
| New-AzVmssConfig | 4 | 37 | Unassigned_Variable | New-AzVmss -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 39 | Unassigned_Variable | Get-AzVmss -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 5 | 36 | Mismatched_Parameter_Value_Type | Set-AzVmssOsProfile -AdminPassword $adminPassword is not an expected parameter value type. | -AdminPassword | Use correct parameter value type. Expected Type is string. Now the type is securestring.(Command). | |
| Update-AzVmss | 1 | 1 | Unassigned_Variable | Update-AzVmss -VirtualMachineScaleSet $LocalVMSS is a null-valued parameter value. | -VirtualMachineScaleSet | Assign value for $LocalVMSS. |
⚠️ Windows PowerShell - Windows
| Type | Cmdlet | Example | Line | RuleName | Description | Extent | Remediation |
|---|---|---|---|---|---|---|---|
| New-AzVmssConfig | 1 | 1 | Unassigned_Variable | New-AzVmssConfig -Location $Loc is a null-valued parameter value. | -Location | Assign value for $Loc. | |
| New-AzVmssConfig | 1 | 1 | Unassigned_Variable | New-AzVmssConfig -NetworkInterfaceConfiguration $NetCfg is a null-valued parameter value. | -NetworkInterfaceConfiguration | Assign value for $NetCfg. | |
| New-AzVmssConfig | 1 | 2 | Unassigned_Variable | Add-AzVmssNetworkInterfaceConfiguration -IPConfiguration $IPCfg is a null-valued parameter value. | -IPConfiguration | Assign value for $IPCfg. | |
| New-AzVmssConfig | 1 | 3 | Unassigned_Variable | Set-AzVmssOsProfile -AdminUsername $adminUsername is a null-valued parameter value. | -AdminUsername | Assign value for $adminUsername. | |
| New-AzVmssConfig | 1 | 3 | Unassigned_Variable | Set-AzVmssOsProfile -AdminPassword $AdminPassword is a null-valued parameter value. | -AdminPassword | Assign value for $AdminPassword. | |
| New-AzVmssConfig | 1 | 5 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferenceOffer $ImgRef.Offer is a null-valued parameter value. | -ImageReferenceOffer | Assign value for $ImgRef.Offer. | |
| New-AzVmssConfig | 1 | 5 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferenceSku $ImgRef.Skus is a null-valued parameter value. | -ImageReferenceSku | Assign value for $ImgRef.Skus. | |
| New-AzVmssConfig | 1 | 5 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferenceVersion $ImgRef.Version is a null-valued parameter value. | -ImageReferenceVersion | Assign value for $ImgRef.Version. | |
| New-AzVmssConfig | 1 | 6 | Unassigned_Variable | Set-AzVmssStorageProfile -ImageReferencePublisher $ImgRef.PublisherName is a null-valued parameter value. | -ImageReferencePublisher | Assign value for $ImgRef.PublisherName. | |
| New-AzVmssConfig | 1 | 6 | Unassigned_Variable | Set-AzVmssStorageProfile -VhdContainer $VHDContainer is a null-valued parameter value. | -VhdContainer | Assign value for $VHDContainer. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -ComponentName $AUCComponentName is a null-valued parameter value. | -ComponentName | Assign value for $AUCComponentName. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -Content $AUCContent is a null-valued parameter value. | -Content | Assign value for $AUCContent. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -PassName $AUCPassName is a null-valued parameter value. | -PassName | Assign value for $AUCPassName. | |
| New-AzVmssConfig | 1 | 7 | Unassigned_Variable | Add-AzVmssAdditionalUnattendContent -SettingName $AUCSetting is a null-valued parameter value. | -SettingName | Assign value for $AUCSetting. | |
| New-AzVmssConfig | 1 | 9 | Unassigned_Variable | New-AzVmss -ResourceGroupName $RGName is a null-valued parameter value. | -ResourceGroupName | Assign value for $RGName. | |
| New-AzVmssConfig | 1 | 9 | Unassigned_Variable | New-AzVmss -Name $VMSSName is a null-valued parameter value. | -Name | Assign value for $VMSSName. | |
| New-AzVmssConfig | 4 | 18 | Unassigned_Variable | New-AzStorageAccount -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 18 | Unassigned_Variable | New-AzStorageAccount -Location $loc is a null-valued parameter value. | -Location | Assign value for $loc. | |
| New-AzVmssConfig | 4 | 19 | Unassigned_Variable | Get-AzStorageAccount -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 23 | Unassigned_Variable | New-AzVirtualNetwork -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 23 | Unassigned_Variable | New-AzVirtualNetwork -Location $loc is a null-valued parameter value. | -Location | Assign value for $loc. | |
| New-AzVmssConfig | 4 | 24 | Unassigned_Variable | Get-AzVirtualNetwork -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 30 | Unassigned_Variable | New-AzVmssConfig -Location $loc is a null-valued parameter value. | -Location | Assign value for $loc. | |
| New-AzVmssConfig | 4 | 32 | Unassigned_Variable | Set-AzVmssOsProfile -AdminPassword $password is a null-valued parameter value. | -AdminPassword | Assign value for $password. | |
| New-AzVmssConfig | 4 | 37 | Unassigned_Variable | New-AzVmss -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 4 | 39 | Unassigned_Variable | Get-AzVmss -ResourceGroupName $rgname is a null-valued parameter value. | -ResourceGroupName | Assign value for $rgname. | |
| New-AzVmssConfig | 5 | 36 | Mismatched_Parameter_Value_Type | Set-AzVmssOsProfile -AdminPassword $adminPassword is not an expected parameter value type. | -AdminPassword | Use correct parameter value type. Expected Type is string. Now the type is securestring.(Command). | |
| Update-AzVmss | 1 | 1 | Unassigned_Variable | Update-AzVmss -VirtualMachineScaleSet $LocalVMSS is a null-valued parameter value. | -VirtualMachineScaleSet | Assign value for $LocalVMSS. |
️✔️Help File Existence Check
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️File Change Check
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️UX Metadata Check
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️PowerShell Core - Linux
️✔️PowerShell Core - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.KeyVault
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.ManagedServiceIdentity
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Monitor
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Network
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️PowerShell Core - Linux
️✔️PowerShell Core - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.OperationalInsights
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.PrivateDns
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.RecoveryServices
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️PowerShell Core - Linux
️✔️PowerShell Core - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Security
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️PowerShell Core - Linux
️✔️PowerShell Core - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Sql
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Ssh
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️PowerShell Core - Linux
️✔️PowerShell Core - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Storage
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
src/Compute/Compute/ChangeLog.md
Outdated
| @@ -20,6 +20,7 @@ | |||
|
|
|||
| --> | |||
| ## Upcoming Release | |||
| * Introduced `EnableResilientVMCreate` and `EnableResilientVMDelete` parameters to `Update-AzVmss` and `New-AzVmssConfig` cmdlets for enhanced VM resilience options. | |||
There was a problem hiding this comment.
let's keep this consistent with other lines.
Ex: * Added parameter -ResourceIdsOnly to Get-AzCapacityReservationGroup cmdlet.
There was a problem hiding this comment.
This is AI generated, so I've marked it as improvements to make on ps cmd assistant. and also fixed this
| @@ -776,6 +806,21 @@ Accept pipeline input: False | |||
| Accept wildcard characters: False | |||
| ``` | |||
|
|
|||
| ### -ProgressAction | |||
| [Parameter( | ||
| Mandatory = false, | ||
| HelpMessage = "Enable or disable resilient VM creation.")] | ||
| public SwitchParameter EnableResilientVMCreate { get; set; } |
There was a problem hiding this comment.
should this be a bool as well?
There was a problem hiding this comment.
Addressed with design author and changed, Switch is for New-Azvmssconfig and Update is for Update-Azvmss
| [Parameter( | ||
| Mandatory = false, | ||
| HelpMessage = "Enable or disable resilient VM deletion.")] | ||
| public bool EnableResilientVMDelete { get; set; } |
There was a problem hiding this comment.
why is the other one Switch and this one bool ?
There was a problem hiding this comment.
Addressed with design author and changed, Switch is for New-Azvmssconfig and Update is for Update-Azvmss
Sandido
requested changes
Aug 23, 2024
| .SYNOPSIS | ||
| Create a VMSS | ||
| Test ResilientVMCreationPolicy |
| $vmssName = 'vmssResiliencyPolicy' + $rgname; | ||
|
|
||
| $adminUsername = 'Foo12'; |
There was a problem hiding this comment.
you could use Get-ComputeTestResourceName here instead. Might be better security wise.
There was a problem hiding this comment.
how is it better security wise? The resource will be deleted after the test is ran.
There was a problem hiding this comment.
then there's no established pattern or hardcoded string to learn our username from. The cleanup should happen, but this would further obfuscate the credentials and make them non-deterministic.
| { | ||
| vResiliencyPolicy = new ResiliencyPolicy(); | ||
| } | ||
| vResiliencyPolicy.ResilientVMCreationPolicy = new ResilientVMCreationPolicy(this.EnableResilientVMCreate.IsPresent); |
There was a problem hiding this comment.
we shouldn't use IsPResent even on SwitchParameters because users can pass switchParameters as false as -Parameter:$false. It's rare but it does happen so you should check to see if it is $true.
There was a problem hiding this comment.
I see interesting, corrected.
| { | ||
| this.VirtualMachineScaleSetUpdate.ResiliencyPolicy = new ResiliencyPolicy(); | ||
| } | ||
| this.VirtualMachineScaleSetUpdate.ResiliencyPolicy.ResilientVMCreationPolicy = new ResilientVMCreationPolicy(this.EnableResilientVMCreate.IsPresent); |
There was a problem hiding this comment.
same ispresent concern here as above.
| { | ||
| this.VirtualMachineScaleSet.ResiliencyPolicy = new ResiliencyPolicy(); | ||
| } | ||
| this.VirtualMachineScaleSet.ResiliencyPolicy.ResilientVMCreationPolicy = new ResilientVMCreationPolicy(this.EnableResilientVMCreate.IsPresent); |
src/Compute/Compute/Generated/VirtualMachineScaleSet/Config/NewAzureRmVmssConfigCommand.cs
Show resolved
Hide resolved
src/Compute/Compute/Generated/VirtualMachineScaleSet/Config/NewAzureRmVmssConfigCommand.cs
Show resolved
Hide resolved
grizzlytheodore
previously approved these changes
Aug 27, 2024
Sandido
requested changes
Aug 27, 2024
| $vmssName = 'vmssResiliencyPolicy' + $rgname; | ||
|
|
||
| $adminUsername = 'Foo12'; |
There was a problem hiding this comment.
then there's no established pattern or hardcoded string to learn our username from. The cleanup should happen, but this would further obfuscate the credentials and make them non-deterministic.
src/Compute/Compute.Test/ScenarioTests/VirtualMachineScaleSetTests.ps1
Outdated
Show resolved
Hide resolved
src/Compute/Compute/Generated/VirtualMachineScaleSet/VirtualMachineScaleSetUpdateMethod.cs
Show resolved
Hide resolved
Sandido
previously approved these changes
Aug 28, 2024
dolauli
approved these changes
Aug 30, 2024
github-actions bot
pushed a commit
that referenced
this pull request
Aug 30, 2024
…nPolicy, ResilientVMDeletionPolicy) on VMSS (#25928) * Autogen code * Update ChangeLog.md * fixing autogenerated changes * adding test and help * More changes * changing help * changes with help * fixed test case * Adding static analysis suppression --------- Co-authored-by: PSCmdAssistant <[email protected]> Co-authored-by: Xiaogang <[email protected]>
6 tasks
VeryEarly
added a commit
that referenced
this pull request
Sep 2, 2024
…nPolicy, ResilientVMDeletionPolicy) on VMSS (#25928) (#25987) * Autogen code * Update ChangeLog.md * fixing autogenerated changes * adding test and help * More changes * changing help * changes with help * fixed test case * Adding static analysis suppression --------- Co-authored-by: Haider Agha <[email protected]> Co-authored-by: PSCmdAssistant <[email protected]> Co-authored-by: Xiaogang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Introduced
EnableResilientVMCreateandEnableResilientVMDeleteparameters toUpdate-AzVmssandNew-AzVmssConfigcmdlets for enhanced VM resilience options.Mandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.mdand reviewed the following information:ChangeLog.mdfile(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.## Upcoming Releaseheader in the past tense.ChangeLog.mdif no new release is required, such as fixing test case only.