Azure / azure-cli

Azure Command-Line Interface
MIT License
4.03k stars 3.01k forks source link

VM security type not set in ARM when specifying enable-secure-boot #30210

Open vanzod opened 3 weeks ago

vanzod commented 3 weeks ago

Describe the bug

In Azure CLI v2.65.0 (and previous versions as well) it is not possible to create a VM where the following two options are defined:

--security-type Standard --enable-secure-boot false

This is identical to the issue reported in https://github.com/Azure/azure-cli/issues/28397

Related command

az vm create --name myvm --resource-group myrg --location westus --image Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:22.04.202410020 --size Standard_ND96isr_MI300X_v5 --accelerated-networking true --nics myNIC --security-type Standard --enable-secure-boot false --admin-username vmadm --ssh-key-values .ssh/id_rsa.pub

Errors

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/XXXXXXXXXXXXXXXXXXXXXXXXX/resourceGroups/XXXXXXXX/providers/Microsoft.Resources/deployments/vm_deploy_CT7FgluRoxTA0XFr7KpJ0kMt8W9wnZZx","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"Use of UEFI settings is not supported when security type is ''."}]}}

Issue script & Debug output

None

Expected behavior

Successful creation of VM

Environment Summary

azure-cli 2.65.0

core 2.65.0 telemetry 1.1.0

Extensions: amg 2.4.0 bastion 1.3.1 ssh 2.0.6

Dependencies: msal 1.31.0 azure-mgmt-resource 23.1.1

Python location '/opt/az/bin/python3' Extensions directory '/home/davide/.azure/cliextensions'

Python (Linux) 3.11.8 (main, Sep 25 2024, 11:34:44) [GCC 12.2.0]

Additional context

No response

yonzhan commented 3 weeks ago

Thank you for opening this issue, we will look into it.

github-actions[bot] commented 3 weeks ago

Here are some similar issues that might help you. Please check if they can solve your problem.

vanzod commented 3 weeks ago

@yonzhan One thing is worth mentioning. The standard security type automatically implies that secure boot is disabled. Hence only specifying --security-type Standard is sufficient. That said, a better handling of the case where both options are specified would improve the user's experience.