Remove GuestAttestation logic #23338

Sandido · 2023-11-09T18:44:17Z

Description

Trusted Launch is now turned on by default: #22974
As part of this, the GuestAttestation extension is installed on the VM and Vmss by default and sets SystemAssignedIdentity to True. This feature specifically only occurred when the user explicitly set TrustedLaunch.
The GuestAttestation extension was removed from other clients due to perf concerns. It adds to our perf by increasing it by about 10%. Considering this needs to be done in a breaking change release, we would like to remove it now.

This PR also reverts logic that was added into the Vmss creation code to set SystemAssignedIdentity from True back to False if the vmss is a Flexible orchestration mode since SystemAssigned is not allowed and will cause the Vmss creation to fail (by default since Flex is also now turned on by default. This hotfix logic is not needed if the entire GuestAttestation logic is removed.

While this is an unannounced breaking change,

the perf impact to our customers,
as well as interfering with the new defaults of Vmss Flex,
and to bring us in parity with other clients where this was removed,
is worth the break.

Checklist

Check this box to confirm: I have read the Submitting Changes section of CONTRIBUTING.md and reviewed the following information:

SHOULD select appropriate branch. Cmdlets from Autorest.PowerShell should go to generation branch.
SHOULD make the title of PR clear and informative, and in the present imperative tense.
SHOULD update ChangeLog.md file(s) appropriately
- For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
- A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header in the past tense. Add changelog in description section if PR goes into generation branch.
- Should not change ChangeLog.md if no new release is required, such as fixing test case only.
SHOULD have approved design review for the changes in this repository (Microsoft internal only) with following situations
- Create new module from scratch
- Create new resource types which are not easy to conform to Azure PowerShell Design Guidelines
- Create new resource type which name doesn't use module name as prefix
- Have design question before implementation
SHOULD regenerate markdown help files if there is cmdlet API change. Instruction
SHOULD have proper test coverage for changes in pull request.
SHOULD NOT introduce breaking changes in Az minor release except preview version.
SHOULD NOT adjust version of module manually in pull request

azure-client-tools-bot-prd · 2023-11-09T18:44:21Z

️✔️Az.Accounts

️✔️Az.ApplicationInsights

️✔️Az.Compute

️✔️Az.EventHub

️✔️Az.KeyVault

️✔️Az.ManagedServiceIdentity

️✔️Az.Monitor

️✔️Az.Network

️✔️Az.OperationalInsights

️✔️Az.PrivateDns

️✔️Az.RecoveryServices

️✔️Az.Security

️✔️Az.Sql

️✔️Az.Ssh

️✔️Az.Storage

grizzlytheodore · 2023-11-09T20:38:27Z

let's add a test creating a VMSS defaulting in both TL and Flex, that was failing before, should pass here.

Also this seems to contain reverting #23297, which is good.
I know you are still working on this one but when we are done let's be over communicative in the description, what it contains, what it is addressing, why it is needed, why the change is little/no impacting, etc.
So the PowerShell team can merge overnight, without needing to ask questions

…wershell into adsandor/garemove

grizzlytheodore · 2023-11-10T01:00:54Z

LGTM thank you adam

remove guest attestation

a699aba

Sandido added 3 commits November 9, 2023 13:45

remove from vm

b4c9457

remove disableintegritymonitoring

8b53254

Update ChangeLog.md

98a0534

grizzlytheodore closed this Nov 9, 2023

grizzlytheodore reopened this Nov 9, 2023

Sandido added 4 commits November 9, 2023 15:55

missed a couple

54e0bcc

Create BreakingChangeIssues.csv

22ccefd

Merge branch 'adsandor/garemove' of https://github.com/Azure/azure-po…

e205538

…wershell into adsandor/garemove

remove param from md

ceb837f

Sandido added this to the Az 11.0.0 (November 2023, 2023-11-14)❗ Breaking change release ❗ milestone Nov 9, 2023

Sandido assigned VeryEarly Nov 9, 2023

Sandido marked this pull request as ready for review November 9, 2023 21:47

Sandido requested review from bilaakpan-ms, haagha and grizzlytheodore as code owners November 9, 2023 21:47

Sandido added 5 commits November 9, 2023 17:07

handle breaking change error and weird param set errors

9539f2d

Update BreakingChangeIssues.csv

38e45eb

test added

2461932

Merge branch 'adsandor/garemove' of https://github.com/Azure/azure-po…

2dda2c6

…wershell into adsandor/garemove

removed old test

af00b25

Merge branch 'release-2023-11-14' into adsandor/garemove

76b6d62

isra-fel merged commit b9817f1 into release-2023-11-14 Nov 10, 2023
10 of 12 checks passed

VeryEarly deleted the adsandor/garemove branch November 10, 2023 02:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove GuestAttestation logic #23338

Remove GuestAttestation logic #23338

Sandido commented Nov 9, 2023 •

edited

Loading

azure-client-tools-bot-prd bot commented Nov 9, 2023 •

edited

Loading

grizzlytheodore commented Nov 9, 2023 •

edited

Loading

grizzlytheodore commented Nov 10, 2023

Remove GuestAttestation logic #23338

Remove GuestAttestation logic #23338

Conversation

Sandido commented Nov 9, 2023 • edited Loading

Description

Checklist

azure-client-tools-bot-prd bot commented Nov 9, 2023 • edited Loading

grizzlytheodore commented Nov 9, 2023 • edited Loading

grizzlytheodore commented Nov 10, 2023

Sandido commented Nov 9, 2023 •

edited

Loading

azure-client-tools-bot-prd bot commented Nov 9, 2023 •

edited

Loading

grizzlytheodore commented Nov 9, 2023 •

edited

Loading