Update securityPostureReference in VMScaleSet API (#28891)

* update securityPostureRef properties in VMScaleSet spec * add securityPostureReference to UpdateVMProfile definition and fix min version * add prettier changes * remove unsupported 'major.*' from spec * add optional fields in security posture example * add required fields * correct minimum api version * add prettier fixes * remove extensionsSettings property * create new Update model for security posture reference & update * fix validation issue * Create sdk-suppressions.yaml * add azure-sdk-for-go suppression * Update sdk-suppressions.yaml --------- Co-authored-by: Dylan Martinez <dymartinez@microsoft.com> Co-authored-by: Yuchao Yan <yuchaoyan@microsoft.com> Co-authored-by: Alancere <804873052@qq.com> Co-authored-by: kazrael2119 <98569699+kazrael2119@users.noreply.github.com>
Azure · Jun 5, 2024 · 491e00d · 491e00d
1 parent d9f06f3
commit 491e00d
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 8 deletions.
diff --git a/...alMachineScaleSetExamples/VirtualMachineScaleSet_Create_WithSecurityPostureReference.json b/...alMachineScaleSetExamples/VirtualMachineScaleSet_Create_WithSecurityPostureReference.json
@@ -15,7 +15,11 @@
         "overprovision": true,
         "virtualMachineProfile": {
           "securityPostureReference": {
-            "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+            "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest",
+            "excludeExtensions": [
+              "{securityPostureVMExtensionName}"
+            ],
+            "isOverridable": true
           },
           "storageProfile": {
             "imageReference": {
@@ -81,7 +85,11 @@
           "uniqueId": "d12ccb3d-ab15-4794-9836-c4196392e9f2",
           "virtualMachineProfile": {
             "securityPostureReference": {
-              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest",
+              "excludeExtensions": [
+                "{securityPostureVMExtensionName}"
+              ],
+              "isOverridable": true
             },
             "storageProfile": {
               "imageReference": {
@@ -159,7 +167,11 @@
           "uniqueId": "d12ccb3d-ab15-4794-9836-c4196392e9f2",
           "virtualMachineProfile": {
             "securityPostureReference": {
-              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+              "id": "/CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest",
+              "excludeExtensions": [
+                "{securityPostureVMExtensionName}"
+              ],
+              "isOverridable": true
             },
             "storageProfile": {
               "imageReference": {

diff --git a/...esource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/virtualMachineScaleSet.json b/...esource-manager/Microsoft.Compute/ComputeRP/stable/2024-03-01/virtualMachineScaleSet.json
@@ -5181,7 +5181,7 @@
         },
         "securityPostureReference": {
           "$ref": "#/definitions/SecurityPostureReference",
-          "description": "Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01"
+          "description": "Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01"
         },
         "timeCreated": {
           "readOnly": true,
@@ -5206,6 +5206,10 @@
           "$ref": "#/definitions/VirtualMachineScaleSetUpdateNetworkProfile",
           "description": "The virtual machine scale set network profile."
         },
+        "securityPostureReference": {
+          "$ref": "#/definitions/SecurityPostureReferenceUpdate",
+          "description": "The virtual machine scale set security posture reference."
+        },
         "securityProfile": {
           "$ref": "./computeRPCommon.json#/definitions/SecurityProfile",
           "description": "The virtual machine scale set Security profile"
@@ -6336,17 +6340,45 @@
       "properties": {
         "id": {
           "type": "string",
-          "description": "The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest"
+          "description": "The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest"
         },
         "excludeExtensions": {
           "type": "array",
           "items": {
-            "$ref": "./virtualMachine.json#/definitions/VirtualMachineExtension"
+            "type": "string"
           },
-          "description": "List of virtual machine extensions to exclude when applying the Security Posture."
+          "description": "The list of virtual machine extension names to exclude when applying the security posture."
+        },
+        "isOverridable": {
+          "type": "boolean",
+          "description": "Whether the security posture can be overridden by the user."
+        }
+      },
+      "description": "Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01",
+      "required": [
+        "id"
+      ]
+    },
+    "SecurityPostureReferenceUpdate": {
+      "type": "object",
+      "properties": {
+        "id": {
+          "type": "string",
+          "description": "The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest"
+        },
+        "excludeExtensions": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "The list of virtual machine extension names to exclude when applying the security posture."
+        },
+        "isOverridable": {
+          "type": "boolean",
+          "description": "Whether the security posture can be overridden by the user."
         }
       },
-      "description": "Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01"
+      "description": "Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01"
     }
   }
 }
diff --git a/specification/compute/resource-manager/sdk-suppressions.yaml b/specification/compute/resource-manager/sdk-suppressions.yaml
@@ -0,0 +1,14 @@
+suppressions:
+  azure-sdk-for-python:
+    - package: azure-mgmt-compute
+      breaking-changes:
+        - Parameter id of model SecurityPostureReference is now required
+  azure-sdk-for-go:
+    - package: sdk/resourcemanager/compute/armcompute
+      breaking-changes:
+        - Type of `SecurityPostureReference.ExcludeExtensions` has been changed from `[]*VirtualMachineExtension` to `[]*string`
+  azure-sdk-for-js:
+    - package: "@azure/arm-compute"
+      breaking-changes:
+        - Parameter id of interface SecurityPostureReference is now required
+        - Type of parameter excludeExtensions of interface SecurityPostureReference is changed from VirtualMachineExtension[] to string[]