lisa
lisa copied to clipboard
microsoft
Enable Deployment of CVM
security_type can be TrustedLaunch or ConfidentialVm. secure_boot_enabled and v_tpm_enabled can both be True or False. These values can all be set through the runbook.
Hello @squirrelsc, I have gotten CVM deployment to work. I wanted to sync with you again about design choices. This enables all three CVM related settings to be set through the runbook. I tried to leave the functionality of the existing security_profile feature intact. I was not sure how to best handle when runbook settings and testcase settings conflict. As written, the runbook settings will overwrite any testcase settings for security_profile.
Hello @squirrelsc, I have gotten CVM deployment to work. I wanted to sync with you again about design choices. This enables all three CVM related settings to be set through the runbook. I tried to leave the functionality of the existing security_profile feature intact. I was not sure how to best handle when runbook settings and testcase settings conflict. As written, the runbook settings will overwrite any testcase settings for security_profile.
Overall, it's ok to me, except use less parameters. I think there is no test case conflict, because the secure_boot should be included in CVM. The parameter can be a NodeSpace, so the test case level can set it to secure boot or CVM. So the test case can be run on both settings.
@kamalca is any restriction for the VM sizes which support TVM? currently, if the size supports v2, then the SecurityProfile feature will be added. if there is the restriction, we need add similar code like below in platform.py.
elif name == "HyperVGenerations":
if "V2" in str(sku_capability.value):
node_space.features.add(
schema.FeatureSettings.create(features.SecurityProfile.name())
)
@squirrelsc I don't think this is quite right yet. I'd like your input on what I have so far. Thank you :)