Skip to content

Commit

Permalink
Add encryption at host flag to the arm template
Browse files Browse the repository at this point in the history
  • Loading branch information
Kamil Piwowarski committed Jun 30, 2023
1 parent d6d1ec5 commit 1ee0bdf
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 19 deletions.
2 changes: 2 additions & 0 deletions builder/azure/arm/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -562,6 +562,8 @@ type Config struct {
LicenseType string `mapstructure:"license_type" required:"false"`
// Specifies if Secure Boot and Trusted Launch is enabled for the Virtual Machine.
SecureBootEnabled bool `mapstructure:"secure_boot_enabled" required:"false"`
// Specifies if Encryption at host is enabled for the Virtual Machine.
EncryptionAtHost bool `mapstructure:"encryption_at_host" required:"false"`

// Specifies if vTPM (virtual Trusted Platform Module) and Trusted Launch is enabled for the Virtual Machine.
VTpmEnabled bool `mapstructure:"vtpm_enabled" required:"false"`
Expand Down
2 changes: 2 additions & 0 deletions builder/azure/arm/config.hcl2spec.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions builder/azure/arm/template_factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,8 +233,8 @@ func GetVirtualMachineDeployment(config *Config) (*resources.Deployment, error)
}
}

if config.SecureBootEnabled || config.VTpmEnabled {
err = builder.SetSecurityProfile(config.SecureBootEnabled, config.VTpmEnabled)
if config.SecureBootEnabled || config.VTpmEnabled || config.EncryptionAtHost {
err = builder.SetSecurityProfile(config.SecureBootEnabled, config.VTpmEnabled, config.EncryptionAtHost)
if err != nil {
return nil, err
}
Expand Down
12 changes: 6 additions & 6 deletions builder/azure/chroot/shared_image_gallery_destination_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ func TestSharedImageGalleryDestination_Validate(t *testing.T) {
ImageName: "ImageName",
ImageVersion: "0.1.2",
TargetRegions: []TargetRegion{
TargetRegion{
{
Name: "region1",
ReplicaCount: 5,
StorageAccountType: "Standard_ZRS",
},
TargetRegion{
{
Name: "region2",
ReplicaCount: 3,
StorageAccountType: "Standard_LRS",
Expand All @@ -78,12 +78,12 @@ func TestSharedImageGalleryDestination_Validate(t *testing.T) {
ImageName: "ImageName",
ImageVersion: "0.1.2",
TargetRegions: []TargetRegion{
TargetRegion{
{
Name: "region1",
ReplicaCount: 5,
StorageAccountType: "Standard_ZRS",
},
TargetRegion{
{
Name: "region2",
ReplicaCount: 3,
StorageAccountType: "Standard_LRS",
Expand All @@ -104,12 +104,12 @@ func TestSharedImageGalleryDestination_Validate(t *testing.T) {
ImageName: "ImageName",
ImageVersion: "0.1.2alpha",
TargetRegions: []TargetRegion{
TargetRegion{
{
Name: "region1",
ReplicaCount: 5,
StorageAccountType: "Standard_ZRS",
},
TargetRegion{
{
Name: "region2",
ReplicaCount: 3,
StorageAccountType: "Standard_LRS",
Expand Down
20 changes: 10 additions & 10 deletions builder/azure/common/template/template.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,16 +54,16 @@ type ManagedDisk struct {
}

type OSDiskUnion struct {
OsType compute.OperatingSystemTypes `json:"osType,omitempty"`
OsState compute.OperatingSystemStateTypes `json:"osState,omitempty"`
BlobURI *string `json:"blobUri,omitempty"`
Name *string `json:"name,omitempty"`
Vhd *compute.VirtualHardDisk `json:"vhd,omitempty"`
Image *compute.VirtualHardDisk `json:"image,omitempty"`
Caching compute.CachingTypes `json:"caching,omitempty"`
CreateOption compute.DiskCreateOptionTypes `json:"createOption,omitempty"`
DiskSizeGB *int32 `json:"diskSizeGB,omitempty"`
ManagedDisk *ManagedDisk `json:"managedDisk,omitempty"`
OsType compute.OperatingSystemTypes `json:"osType,omitempty"`
OsState compute.OperatingSystemStateTypes `json:"osState,omitempty"`
BlobURI *string `json:"blobUri,omitempty"`
Name *string `json:"name,omitempty"`
Vhd *compute.VirtualHardDisk `json:"vhd,omitempty"`
Image *compute.VirtualHardDisk `json:"image,omitempty"`
Caching compute.CachingTypes `json:"caching,omitempty"`
CreateOption compute.DiskCreateOptionTypes `json:"createOption,omitempty"`
DiskSizeGB *int32 `json:"diskSizeGB,omitempty"`
ManagedDisk *ManagedDisk `json:"managedDisk,omitempty"`
}

type DataDiskUnion struct {
Expand Down
3 changes: 2 additions & 1 deletion builder/azure/common/template/template_builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -501,7 +501,7 @@ func (s *TemplateBuilder) SetLicenseType(licenseType string) error {
return nil
}

func (s *TemplateBuilder) SetSecurityProfile(secureBootEnabled bool, vtpmEnabled bool) error {
func (s *TemplateBuilder) SetSecurityProfile(secureBootEnabled bool, vtpmEnabled bool, encryptionAtHost bool) error {
s.setVariable("apiVersion", "2020-12-01") // Required for Trusted Launch
resource, err := s.getResourceByType(resourceVirtualMachine)
if err != nil {
Expand All @@ -513,6 +513,7 @@ func (s *TemplateBuilder) SetSecurityProfile(secureBootEnabled bool, vtpmEnabled
resource.Properties.SecurityProfile.SecurityType = compute.SecurityTypesTrustedLaunch
resource.Properties.SecurityProfile.UefiSettings.SecureBootEnabled = to.BoolPtr(secureBootEnabled)
resource.Properties.SecurityProfile.UefiSettings.VTpmEnabled = to.BoolPtr(vtpmEnabled)
resource.Properties.SecurityProfile.EncryptionAtHost = to.BoolPtr(encryptionAtHost)

return nil
}
Expand Down

0 comments on commit 1ee0bdf

Please sign in to comment.