r/azurerm_linux_virtual_machine and r/azurerm_linux_virtual_machine_scale_set - secure_boot_enabled, vtpm_enabled

[ms-henglu]

=== RUN   TestAccLinuxVirtualMachine_otherUefi
=== PAUSE TestAccLinuxVirtualMachine_otherUefi
=== CONT  TestAccLinuxVirtualMachine_otherUefi
--- PASS: TestAccLinuxVirtualMachine_otherUefi (863.74s)

=== RUN   TestAccLinuxVirtualMachineScaleSet_otherUefi
=== PAUSE TestAccLinuxVirtualMachineScaleSet_otherUefi
=== CONT  TestAccLinuxVirtualMachineScaleSet_otherUefi
--- PASS: TestAccLinuxVirtualMachineScaleSet_otherUefi (750.46s)


=== RUN   TestAccWindowsVirtualMachine_otherUefi
=== PAUSE TestAccWindowsVirtualMachine_otherUefi
=== CONT  TestAccWindowsVirtualMachine_otherUefi
--- PASS: TestAccWindowsVirtualMachine_otherUefi (813.99s)

=== RUN   TestAccWindowsVirtualMachineScaleSet_otherUefi
=== PAUSE TestAccWindowsVirtualMachineScaleSet_otherUefi
=== CONT  TestAccWindowsVirtualMachineScaleSet_otherUefi
--- PASS: TestAccWindowsVirtualMachineScaleSet_otherUefi (781.65s)
PASS

Process finished with exit code 0

Fixes #13039

[tombuildsstuff]

hey @ms-henglu

Thanks for this PR - although this looks to be a duplicate of #13713? Since we're flattening the properties in that PR - but this PR is also adding support for the Linux VM/VMSS resources, would you mind using the same approach for the Linux VM/VMSS (and reverting the Windows VM/VMSS changes here)?

Thanks!

[ms-henglu]

Hi @tombuildsstuff ,

Thanks for the information, I didn't notice there's an existing PR. And yes, I'll change it.

[ms-henglu]

Hi @tombuildsstuff ,

I checked that #13713, I think it may not align with rest api spec.
https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/create-or-update#securityprofile

1. security_type is not a computed property, if users use secure_boot_enabled or vtpm_enabled, then user should set security_type to TrustLaunch. And I think we don't need to expose this property.
2. secure_boot_enabled, vtpm_enabled should not be force new, actually only security_type needs to be force new. So I think the schema in this PR is better. Because when user add uefi block, it will force the resource to recreate, but changing secure_boot_enabled and v_tpm_enabled won't.

  uefi {
    secure_boot_enabled = true
    v_tpm_enabled = true
  }

What do you think?

[ms-henglu]

HI @tombuildsstuff , I've updated this PR to use same schema as 13713, please take another look, thanks!

[ms-henglu]

Hi @tombuildsstuff , I've updated this PR, would you please take another look? And would you please also remove the duplicate label? Thanks!

[tombuildsstuff]

hi @ms-henglu

Thanks for pushing those changes - I've taken a look through and left a few comments inline, if we can fix those up then this should otherwise be good to go 👍

Thanks!

[tombuildsstuff]

this is a machine with 4 cores and 14GB of ram.. an F1 will be more than sufficient here

[ms-henglu]

I tried F1, but got "The selected VM size 'Standard_F1' cannot boot Hypervisor Generation '2'"

[tombuildsstuff]

you'll need to use the Gen1 image too (see the other VM/VMSS tests for examples)

[ms-henglu]

It seems this feature can only be enabled in Gen2 image.

[tombuildsstuff]

in which case can we pick a smaller vm size then?

[ms-henglu]

I changed to Standard_B1ls, please take another look, thanks!

[ms-henglu]

Hi @tombuildsstuff ,

I've added a commit according to your suggestions, would you please take another look? thanks!

[ms-henglu]

Hi @tombuildsstuff ,

I changed them to use a smaller vm size, please take another look, thanks!

[tombuildsstuff]

LGTM - thanks for making those changes @ms-henglu

[github-actions]

This functionality has been released in v2.88.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.