Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CLI - Add Standard as SecurityType Option for backward compatibility

See original GitHub issue

Related command

Resource Provider

Microsoft.Compute/virtualMachines

Description of Feature or Work Requested

Overview

For request #23450 and #23614, CLI will be switching defaults to Trusted Launch VMs. This request is to provide backward compatibility after defaults change such that:

CLI experience aligns with Azure Portal.
Allow users to create Non-Trusted Launch VMs for any corner scenarios after defaults are changed to TLVM.

This will allow users to deploy Non-Trusted Launch VMs similar to Azure Portal Experience:

NOTE: Default value of Security type in Azure Portal is planned to be “Trusted Launch” in December 2022.

Change Request

Add Standard as supported ENUM value for following command parameters:

az vm create & az vmss create

SecurityType Supported Values	Description
Standard	NEW Allow users to deploy Non-Trusted Launch VMs by using present CLI behavior, where user does not uses `--security-type` parameter.
TrustedLaunch	Used to deploy Trusted Launch VMs. Planned as default for PS & CLI during Build event 2023
ConfidentialVM	Used to deploy Confidential VMs.

az disk create

az disk create --name ‘diskname’ -g ‘diskrgname’ –security-type ‘Standard’

SecurityType Supported Values	Description
Standard	NEW Allow users to deploy Non-Trusted Launch VM OS Disk by using present CLI behavior, where user does not uses `--security-type` parameter.
ConfidentialVM_DiskEncryptedWithCustomerKey	Confidential VM with CMK disk encryption.
ConfidentialVM_DiskEncryptedWithPlatformKey	Confidential VM with PMK Disk encryption.
ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey	Confidential VM with VMGS PMK Encryption.
TrustedLaunch	Used to deploy Trusted Launch VMs. Planned as default for PS & CLI during Build event 2023

az sig image-definition create

az sig image-definition create –features SecurityType=Standard

SecurityType Supported Values	Description
Standard	NEW Allow users to deploy Non-Trusted Launch VM Image by using present CLI behavior, where user does not uses `--features SecurityType=TrustedLaunch` parameter.
TrustedLaunchSupported	Create image which will support Trusted Launch VM deployment.
TrustedLaunch	Create image which is enabled with Trusted Launch
ConfidentialVmSupported	Create image which will support Confidential VM deployment.
ConfidentialVM	Create image which is enabled with Confidential VM configuration.
TrustedLaunchAndConfidentialVmSupported	Create image which will support Confidential and Trusted Launch VM deployment.

Behavior

SecurityType = Standard will retain CLI’s present behavior when user does not pass --security-type parameter during VM, VMSS, Disk or image deployment.

After CLI changes defaults to Trusted Launch, if user passes parameter --security-type='Standard', API call made to Compute API will be for a Standard VM with no Trusted Launch (new defaults planned May 2023) or Confidential VM capabilities.

Minimum API Version Required

2021-12-01

Swagger PR link / SDK link

Request Example

Target Date

Build Event 2023 (May 2023) - Along with change in defaults to Trusted Launch VMs. #23450

Additional context

Allows for backward compatibility after CLI defaults are changed to Trusted Launch in May 2023.
HyperVGeneration will continue to default to V2 as per defaults change request, SecurityType=Standard will not change this default. HyperVGeneration will failback to V1 in case Image or VM Size provided by user does not supports Gen2.

Issue Analytics

State:
Created a year ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

zhoxing-mscommented, Oct 10, 2022

Please confirm this is ok from CLI. In the API request, CLI users will not see any reference of SecurityType=Standard being sent, instead CLI will omit the SecurityProfile block in API request. Hope this is ok?

@AjKundnani Yes, it is feasible~

1reaction

AjKundnanicommented, Oct 10, 2022

Allows for backward compatibility after CLI defaults are changed to Trusted Launch in May 2023.

@AjKundnani I’d like to ask is this feature also to be implemented in the next year’s Event Sprint (May 2023)? Therefore, after we modify the default value to enable Trusted Launch by default, users can pass in the --security-type 'Standard' to use Non-Trusted Launch VMs, right?

@zhoxing-ms - I am in agreement, we should implement this feature request along with defaults change in Build Event 2023 sprint (May 2023).

Top Results From Across the Web

ONTAP command reference - Product documentation - NetApp

The ONTAP manual pages explain how to use ONTAP CLI commands. Find the command reference for the version of ONTAP you are using....

Release notes & updates – Azure CLI - Microsoft Learn

Learn about the latest Azure Command-Line Interface (CLI) release notes and updates for both the current and beta versions of the CLI.

Xvnc - TigerVNC

Many of these are standard X server options, which are described in the Xserver(1) ... Always use protocol version 3.3 for backwards compatibility...

Cisco Wireless Controller Configuration Guide, Release 8.10

WPA1 is compatible with the IEEE 802.11i standard but was ... From the Security Type drop-down list, choose from the following options:.

The "vnc" URI Scheme RFC 7869 - IETF Datatracker

However, the lack of a standard method for specifying VNC client parameters ... will maintain backward compatibility with legacy URI formats and parameters....