github-actions[bot]
commented
2 months ago This issue is related to security. Please pay attention.
Open MoChilia opened 2 months ago
github-actions[bot]
commented
2 months ago This issue is related to security. Please pay attention.
Preconditions
Need to release Python SDK support 2024-07-01
Related command
Please see v1 https://github.com/Azure/azure-cli/issues/27729 , this v2 involves deleting a parameter (proxy-agent-mode) from the v1 version and add a couple new
az vm create [--enable-proxy-agent {false, true}] [--wireServer-mode {Audit, Enforce, Disabled}] [--wireServer-InVMAccessControlProfileReferenceId "" ] [--imds-mode {Audit, Enforce, Disabled}] [--imds-InVMAccessControlProfileReferenceId "" ] [--keyIncarnationId integer] az vm update az vmss create az vmss update
Resource Provider
Microsoft.Compute
Description of Feature or Work Requested
PM doc: https://microsoft.sharepoint.com/:w:/r/teams/CPlat-PM/_layouts/15/Doc.aspx?sourcedoc=%7BDD02825F-7D23-4C67-B21C-6352733A8858%7D&file=Wire-Server%20Endpoint%20Security%20PM%20Spec.docx&action=default&mobileredirect=true&share=IQFfggLdI31nTLIcY1JzOohYAV82cMdRnCluKCTcaCyt91E
User can opt-in the Azure metadata security protocol for their VM by specifying the newly introduced VM or VMSS property, thus their VM can be protected from SSRF and Scorpin heart attack to IMDS and WireServer endpoints.
Need to support for vm create, vm update, vmss create, vmss update.
Minimum API Version Required
2024-03-01
Swagger PR link / SDK link
https://github.com/Azure/azure-rest-api-specs/pull/29402
Request Example
VM: https://github.com/Azure/azure-rest-api-specs/blob/c9d9a0180149e72541752672790ed642a439adfa/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2023-09-01/examples/virtualMachineExamples/VirtualMachine_Create_WithProxyAgentSettings.json
VMSS: https://github.com/Azure/azure-rest-api-specs/blob/c9d9a0180149e72541752672790ed642a439adfa/specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/2023-09-01/examples/virtualMachineScaleSetExamples/VirtualMachineScaleSet_Create_WithProxyAgentSettings.json
Target Date
08-06-2024
PM Contact
minnielahoti@microsoft.com
Engineer Contact
huiya@microsoft.com
Additional context
No response
copy from https://github.com/Azure/azure-cli/issues/29279