From 4f4fc4cf1ec1f5ec4d013acc671f817db4ba251f Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Wed, 17 Apr 2024 16:56:37 +0000 Subject: [PATCH] make trusted launch opt-in --- cmd/kola/options.go | 1 + platform/api/azure/instance.go | 11 +++++++---- platform/api/azure/options.go | 1 + 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/cmd/kola/options.go b/cmd/kola/options.go index 594832a77..43355dafc 100644 --- a/cmd/kola/options.go +++ b/cmd/kola/options.go @@ -126,6 +126,7 @@ func init() { sv(&kola.AzureOptions.DiskController, "azure-disk-controller", "default", "Use a specific disk-controller for storage (default \"default\", also \"nvme\" and \"scsi\")") sv(&kola.AzureOptions.ResourceGroup, "azure-resource-group", "", "Deploy resources in an existing resource group") sv(&kola.AzureOptions.AvailabilitySet, "azure-availability-set", "", "Deploy instances with an existing availibity set") + bv(&kola.AzureOptions.TrustedLaunch, "azure-trusted-launch", false, "Enable trusted launch for VMs (default \"false\")") // do-specific options sv(&kola.DOOptions.ConfigPath, "do-config-file", "", "DigitalOcean config file (default \"~/"+auth.DOConfigPath+"\")") diff --git a/platform/api/azure/instance.go b/platform/api/azure/instance.go index f0d19f273..3e7e198bb 100644 --- a/platform/api/azure/instance.go +++ b/platform/api/azure/instance.go @@ -21,7 +21,6 @@ import ( "io" "io/ioutil" "regexp" - "strings" "time" "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2022-08-01/compute" @@ -153,9 +152,13 @@ func (a *API) getVMParameters(name, userdata, sshkey, storageAccountURI string, }, } - if a.Opts.HyperVGeneration == string(compute.HyperVGenerationTypeV2) && - (a.Opts.UseGallery || strings.Contains(a.Opts.DiskURI, "galleries")) && - a.Opts.Board == "amd64-usr" { + if a.Opts.TrustedLaunch { + if a.Opts.HyperVGeneration != string(compute.HyperVGenerationTypeV2) { + plog.Warningf("TrustedLaunch is only supported for HyperVGeneration v2; ignoring") + } + if a.Opts.Board != "amd64-usr" { + plog.Warningf("TrustedLaunch is only supported for amd64-usr; ignoring") + } vm.SecurityProfile = &compute.SecurityProfile{ SecurityType: compute.SecurityTypesTrustedLaunch, UefiSettings: &compute.UefiSettings{ diff --git a/platform/api/azure/options.go b/platform/api/azure/options.go index f53f13595..105ad2155 100644 --- a/platform/api/azure/options.go +++ b/platform/api/azure/options.go @@ -39,6 +39,7 @@ type Options struct { UseGallery bool UseIdentity bool UsePrivateIPs bool + TrustedLaunch bool DiskController string