[Compute] Add Managed Identity Support in Azure Disk Encryption for VMSS #30657
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anshuljain26
requested review from
zhoxing-ms,
jsntcy,
wangzelin007 and
yanzhudd
as code owners
️✔️AzureCLI-FullTest
|
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| vmss create | cmd vmss create added parameter encryption_identity |
||
| vmss encryption enable | cmd vmss encryption enable added parameter encryption_identity |
microsoft-github-policy-service
bot
added
the
Compute
|
@vimish Please review the PR |
|
Compute |
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
vimish
approved these changes
Jan 16, 2025
added 2 commits
January 17, 2025 11:36
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related command
Description
Azure Disk Encryption (ADE) is adding support for using managed identity to authenticate to customer's keyvault.
As part of it, a new field (EncryptionIdentity) has been added to the VMSS model. By setting this field customer will be notifying ADE to use that managed identity for keyvault operations. The identity should also be explicitly assigned to the VMSS.
This PR adds a new parameter (EncryptionIdentity) to az vmss encryption enable cmdlet. If the parameter is present then the cmdlet will update the EncryptionIdentity field.
Encryption Identity field is also updated during VMSS creation if the encryption identity is a part of the identities assigned to the vmss
Testing Guide
History Notes
[Compute]
az vmss create: Add--encryption-identityparameter to use that managed identity for Azure disk encryption[Compute]
az vmss encryption enable: Add--encryption-identityparameter to update or set encryption identity for Azure disk encryptionThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.