Skip to content

{Compute} Add config for disabling NSG rule when creating VM#22149

Draft
zhoxing-ms wants to merge 1 commit intoAzure:devfrom
zhoxing-ms:add_az_config_to_disable_nsg_rule
Draft

{Compute} Add config for disabling NSG rule when creating VM#22149
zhoxing-ms wants to merge 1 commit intoAzure:devfrom
zhoxing-ms:add_az_config_to_disable_nsg_rule

Conversation

@zhoxing-ms
Copy link
Copy Markdown
Contributor

@zhoxing-ms zhoxing-ms commented Apr 22, 2022
edited
Loading

Description

At present, we have a security scan to scan out the high-risk ports, such as 22 and 3389.
When we create a VM, the NSG rule default-allow-ssh will be created by default to allow access to port 22, which leads to the warning of security scanning and triggers the Sev 2 ICM.

Therefore, when we create the test resources of VM, we need to add --nsg-rule NONE parameter or use az config set vm.disable_nsg_rule=False command to disable default NSG rule to avoid security scanning alarm and Sev 2 ICM.
In addition, if it is not for testing NSG rule, please add the --nsg-rule NONE parameter to the az vm create command in the scenario test

Testing Guide

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

This checklist is used to make sure that common guidelines for a pull request are followed.

@ghost ghost requested a review from yonzhan April 22, 2022 04:06
@ghost ghost added the Auto-Assign Auto assign by bot label Apr 22, 2022
@ghost ghost assigned zhoxing-ms Apr 22, 2022
@ghost ghost added the Compute az vm/vmss/image/disk/snapshot label Apr 22, 2022
@zhoxing-ms zhoxing-ms requested a review from jiasli April 22, 2022 04:21
@yonzhan
Copy link
Copy Markdown
Collaborator

yonzhan commented Apr 22, 2022

Compute

@zhoxing-ms zhoxing-ms force-pushed the add_az_config_to_disable_nsg_rule branch from b51338c to 11570aa Compare April 22, 2022 06:05
@wangzelin007
Copy link
Copy Markdown
Member

wangzelin007 commented May 17, 2022

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines bot commented May 17, 2022

Azure Pipelines successfully started running 2 pipeline(s).

@zhoxing-ms zhoxing-ms marked this pull request as draft May 17, 2022 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wangzelin007 wangzelin007 wangzelin007 approved these changes

@jsntcy jsntcy Awaiting requested review from jsntcy

@yonzhan yonzhan Awaiting requested review from yonzhan

@jiasli jiasli Awaiting requested review from jiasli

@NoriZC NoriZC Awaiting requested review from NoriZC NoriZC will be requested when the pull request is marked ready for review NoriZC is a code owner

@yanzhudd yanzhudd Awaiting requested review from yanzhudd yanzhudd will be requested when the pull request is marked ready for review yanzhudd is a code owner

@teresaritorto teresaritorto Awaiting requested review from teresaritorto teresaritorto will be requested when the pull request is marked ready for review teresaritorto is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@zhoxing-ms zhoxing-ms

Labels

act-observability-squad Auto-Assign Auto assign by bot Compute az vm/vmss/image/disk/snapshot

Projects

None yet

Milestone

Backlog

Development

Successfully merging this pull request may close these issues.

4 participants

@zhoxing-ms @yonzhan @wangzelin007 @a0x1ab