diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json
index 7d1e3e025284..acaeec64b7dc 100644
--- a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json
@@ -1891,7 +1891,7 @@
"x-ms-long-running-operation": true,
"x-ms-examples": {
"Update VM extension.": {
- "$ref": "./examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json"
+ "$ref": "./examples/compute/UpdateVMExtension.json"
}
}
},
@@ -5884,6 +5884,9 @@
"Create a scale set with spot restore policy": {
"$ref": "./examples/compute/CreateAScaleSetWithSpotRestorePolicy.json"
},
+ "Create a VMSS with an extension with protectedSettingsFromKeyVault": {
+ "$ref": "./examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json"
+ },
"Create a scale set with vm size properties": {
"$ref": "./examples/compute/CreateOrUpdateAScaleSetWithVMSizeProperties.json"
},
@@ -10376,6 +10379,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
@@ -10417,6 +10424,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Extension."
@@ -13483,6 +13494,10 @@
"$ref": "#/definitions/VaultSecretGroup"
},
"description": "Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the [Azure Key Vault virtual machine extension for Linux](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-linux) or the [Azure Key Vault virtual machine extension for Windows](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-windows)."
+ },
+ "allowExtensionOperations": {
+ "type": "boolean",
+ "description": "Specifies whether extension operations should be allowed on the virtual machine scale set.
This may only be set to False when no extensions are present on the virtual machine scale set."
}
},
"description": "Describes a virtual machine scale set OS profile."
@@ -14261,6 +14276,10 @@
"suppressFailures": {
"type": "boolean",
"description": "Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ },
+ "protectedSettingsFromKeyVault": {
+ "type": "object",
+ "description": "The extensions protected settings that are passed by reference, and consumed from key vault"
}
},
"description": "Describes the properties of a Virtual Machine Scale Set Extension."
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
new file mode 100644
index 000000000000..caa6d448d73f
--- /dev/null
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAScaleSetWithProtectedSettingsFromKeyVault.json
@@ -0,0 +1,293 @@
+{
+ "parameters": {
+ "subscriptionId": "{subscription-id}",
+ "resourceGroupName": "myResourceGroup",
+ "vmScaleSetName": "{vmss-name}",
+ "api-version": "2021-11-01",
+ "parameters": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "location": "westus",
+ "properties": {
+ "overprovision": true,
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://{existing-storage-account-name}.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "adminPassword": "{your-password}"
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"
+ }
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "name": "{vmss-name}",
+ "properties": {
+ "singlePlacementGroup": true,
+ "overprovision": true,
+ "uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://nsgdiagnostic.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "secrets": [],
+ "windowsConfiguration": {
+ "provisionVMAgent": true,
+ "enableAutomaticUpdates": true
+ }
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "dnsSettings": {
+ "dnsServers": []
+ },
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
+ },
+ "privateIPAddressVersion": "IPv4"
+ }
+ }
+ ],
+ "enableAcceleratedNetworking": false
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "provisioningState": "Creating"
+ },
+ "location": "westus",
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
+ }
+ },
+ "201": {
+ "body": {
+ "sku": {
+ "tier": "Standard",
+ "capacity": 3,
+ "name": "Standard_D1_v2"
+ },
+ "name": "{vmss-name}",
+ "properties": {
+ "singlePlacementGroup": true,
+ "overprovision": true,
+ "uniqueId": "d053ec5a-8da6-495f-ab13-38216503c6d7",
+ "virtualMachineProfile": {
+ "storageProfile": {
+ "imageReference": {
+ "sku": "2016-Datacenter",
+ "publisher": "MicrosoftWindowsServer",
+ "version": "latest",
+ "offer": "WindowsServer"
+ },
+ "osDisk": {
+ "caching": "ReadWrite",
+ "managedDisk": {
+ "storageAccountType": "Standard_LRS"
+ },
+ "createOption": "FromImage"
+ }
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "storageUri": "http://nsgdiagnostic.blob.core.windows.net",
+ "enabled": true
+ }
+ },
+ "osProfile": {
+ "computerNamePrefix": "{vmss-name}",
+ "adminUsername": "{your-username}",
+ "secrets": [],
+ "windowsConfiguration": {
+ "provisionVMAgent": true,
+ "enableAutomaticUpdates": true
+ }
+ },
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "{extension-name}",
+ "properties": {
+ "autoUpgradeMinorVersion": false,
+ "publisher": "{extension-Publisher}",
+ "type": "{extension-Type}",
+ "typeHandlerVersion": "{handler-version}",
+ "settings": {},
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
+ }
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "dnsSettings": {
+ "dnsServers": []
+ },
+ "primary": true,
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "{vmss-name}",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
+ },
+ "privateIPAddressVersion": "IPv4"
+ }
+ }
+ ],
+ "enableAcceleratedNetworking": false
+ }
+ }
+ ]
+ }
+ },
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "provisioningState": "Creating"
+ },
+ "location": "westus",
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}"
+ }
+ }
+ }
+}
diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/UpdateVMExtension.json
similarity index 63%
rename from specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json
rename to specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/UpdateVMExtension.json
index 7e274f2e45cb..96ddb69ac42c 100644
--- a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/UpdateVMExtensionWithSuppressFailureEnabled.json
+++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/UpdateVMExtension.json
@@ -14,6 +14,12 @@
"suppressFailures": true,
"settings": {
"UserName": "xyz@microsoft.com"
+ },
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}
@@ -34,6 +40,12 @@
"suppressFailures": true,
"settings": {
"UserName": "xyz@microsoft.com"
+ },
+ "protectedSettingsFromKeyVault": {
+ "sourceVault": {
+ "id": "/subscriptions/a53f7094-a16c-47af-abe4-b05c05d0d79a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/kvName"
+ },
+ "secretUrl": "https://kvName.vault.azure.net/secrets/secretName/79b88b3a6f5440ffb2e73e44a0db712e"
}
}
}