Microsoft Azure provider feature support for Intel Confidential Computing VMs for DCesv5-series and ECesv5-series

daveshrestha-intel commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Azure Provider v.v3.64.0 does not yet support TDX. Currently TDX VM in Azure can only be deployed (as part of private preview) with Azure ARM templates. When deploying TDX VM using current Azur Provider for Terraform you will get error indicating the VM is not supported indicating that the Azure Provider does not yet support TDX VM types: DCesV5 and ECesv5 instances.

New or Affected Resource(s)/Data Source(s)

azurerm_linux_virtual_machine.linux_vm:

Potential Terraform Configuration

resource "azurerm_linux_virtual_machine" "linux_vm" {
  name                            = var.vm_name
  resource_group_name             = var.azurerm_resource_group_name
  location                        = data.azurerm_resource_group.rg.location
  size                            = Standard_DCesv5
  admin_username                  = var.admin_username
  admin_password                  = var.admin_password
  tags                            = var.tags
  network_interface_ids           = [azurerm_network_interface.nic.id]
  max_bid_price                   = var.priority == "Spot" ? var.max_bid_price : null
  priority                        = var.priority
  eviction_policy                 = var.priority == "Spot" ? var.eviction_policy : null
  disable_password_authentication = var.disable_password_authentication

References

No response

lucasmelogithub commented 10 months ago

DCesv5 and ECesv5

Error:

│ Error: creating Linux Virtual Machine: (Name "vm1" / Resource Group "DS-TDX"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidParameter" Message="The value Standard_DCesv5 provided for the VM size is not valid.

kevinbleckmann commented 8 months ago

@daveshrestha-intel This has been addressed as of 12/1 now supported under version 3.83.0

kvietmeier commented 8 months ago

Is it sufficient to choose the instance type or do you also need to specify the "Security Type" as "Confidential Virtual Machines"?

I don't see this setting in the azurerm linux_virtual_machine docs and it is a setting in the portal. It is either "Trusted Launch" or "Confidential virtual machines". Is it just assumed?

hashicorp / terraform-provider-azurerm