{Compute} az vmss encryption: Migrate to AAZ#31622
Merged
Conversation
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
cxznmhdcxz
force-pushed
the
vmss-encryption-migrate
branch
from
eb2fb0f to
a2bd755
Compare
cxznmhdcxz
changed the title
cxznmhdcxz
changed the title
az vmss encryption: Vmss encryption migrate
cxznmhdcxz
changed the title
az vmss encryption: Vmss encryption migrateaz vmss encryption: Migrate to AAZ
cxznmhdcxz
requested review from
jsntcy,
wangzelin007,
yanzhudd and
zhoxing-ms
as code owners
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR migrates virtual machine scale set (VMSS) disk encryption commands to the AAZ framework and updates related VMSS listing schemas to newer API versions and richer read-only metadata.
- Migrate
encrypt_vmss,decrypt_vmss, and identity updates to use AAZPatch/Updatecommands - Replace old model-based calls with AAZ operations and update key vault verification to AAZ-style dictionaries
- Bump API versions and add read-only flags in VMSS list-related schemas
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/azure-cli/azure/cli/command_modules/vm/disk_encryption.py | Migrate encryption and identity logic to AAZ Patch/Update classes |
| src/azure-cli/azure/cli/command_modules/vm/aaz/latest/vmss/_list_instances.py | Bump to 2024-11-01, switch to AAZIdentityObjectType, add read-only flags |
| src/azure-cli/azure/cli/command_modules/vm/aaz/latest/vmss/_list_instance_public_ips.py | Add flags={"read_only": True} to new schema properties |
| src/azure-cli/azure/cli/command_modules/vm/aaz/latest/vmss/_list.py | Replace AAZObjectType() with AAZIdentityObjectType() for identity |
| src/azure-cli/azure/cli/command_modules/vm/aaz/latest/vmss/_get_os_upgrade_history.py | Mark rollbackError as read-only |
| src/azure-cli/azure/cli/command_modules/vm/aaz/latest/vmss/init.py | Import new AAZ modules (_patch, _update, _wait) |
Comments suppressed due to low confidence (2)
src/azure-cli/azure/cli/command_modules/vm/disk_encryption.py:108
- New AAZ-based
Patchlogic for VMSS encryption should be covered by unit or functional tests to validate payload formation and long-running operation handling.
from .aaz.latest.vmss import Patch
src/azure-cli/azure/cli/command_modules/vm/disk_encryption.py:555
- Ensure that
import uuidis present at the top of this module; otherwise,uuidwill be undefined when generatingforce_update_tag.
'force_update_tag': str(uuid.uuid4())
| .user_assigned_identity_resource_id.lower() != encryption_identity: | ||
| vmss.virtual_machine_profile.security_profile.encryption_identity.user_assigned_identity_resource_id \ | ||
| = encryption_identity | ||
| if vmss['properties']['virtualMachineProfile'].get('securityProfile', {}).get('encryptionIdentity', {}).\ |
There was a problem hiding this comment.
Avoid using backslashes for line continuation. Wrap the entire condition in parentheses and use hanging indents for readability, e.g.:
if (
vmss['properties']['virtualMachineProfile']
.get('securityProfile', {})
.get('encryptionIdentity', {})
.get('userAssignedIdentityResourceId', '')
).lower() != encryption_identity.lower():
|
This pull request introduces several changes to the Azure CLI's Virtual Machine Scale Sets (VMSS) command module, focusing on schema updates, new imports, and refactoring. Key updates include adding new helper methods, marking fields as read-only, replacing object types with more specific ones, and updating the API version. Below is a breakdown of the most important changes: Schema Enhancements and Refactoring:
Read-Only Flag Additions:
API Version Updates:
New Imports:
Code Cleanup:
|
yanzhudd
reviewed
Jul 1, 2025
yanzhudd
approved these changes
Jul 1, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az vmss encryption enable/disable/showDescription
Migrate to AAZ code
aaz Azure/aaz#782
Testing Guide
History Notes
[Component Name 1] BREAKING CHANGE:
az command a: Make some customer-facing breaking change[Component Name 2]
az command b: Add some customer-facing featureThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.