From 0e0f1cbb3c3013906c7f188741ee3c54c5f13940 Mon Sep 17 00:00:00 2001 From: Abhishek Singh Date: Thu, 31 Aug 2023 21:32:58 +0530 Subject: [PATCH 1/5] Powershell changes for supporting CVM feature --- .../custom/New-AzMigrateServerReplication.ps1 | 99 ++++++++++++++++++- 1 file changed, 94 insertions(+), 5 deletions(-) diff --git a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 index c6f6a678cf43..8a13c2849eb0 100644 --- a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 +++ b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 @@ -185,6 +185,26 @@ function New-AzMigrateServerReplication { # Specifies the Operating System disk for the source server to be migrated. ${OSDiskID}, + [ValidateSet("Standard" , "ConfidentialVM")] + [ArgumentCompleter( { "Standard" , "ConfidentialVM" })] + [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] + [System.String] + # Specifies the security type for the Azure VM. + ${TargetSecurityType}, + + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] + [System.Management.Automation.SwitchParameter] + # Specifies whether the confidential encryption of OS disks needs to be enabled. + ${TargetVMConfidentialEncryptionEnabled}, + + [ValidateSet("true" , "false")] + [ArgumentCompleter( { "true" , "false" })] + [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] + [System.String] + # Specifies if secure boot needs to be enabled on target VM. + ${TargetVMSecureBootEnabled}, + [Parameter(ParameterSetName = 'ByIdDefaultUser')] [Parameter(ParameterSetName = 'ByInputObjectDefaultUser')] [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] @@ -261,6 +281,9 @@ function New-AzMigrateServerReplication { $HasResync = $PSBoundParameters.ContainsKey('PerformAutoResync') $HasDiskEncryptionSetID = $PSBoundParameters.ContainsKey('DiskEncryptionSetID') $HasTargetVMSize = $PSBoundParameters.ContainsKey('TargetVMSize') + $HasTargetSecurityType = $PSBoundParameters.ContainsKey('TargetSecurityType') + $HasTargetVMConfidentialEncryptionEnabled = $PSBoundParameters.ContainsKey('TargetVMConfidentialEncryptionEnabled') + $HasTargetVMSecureBootEnabled = $PSBoundParameters.ContainsKey('TargetVMSecureBootEnabled') $null = $PSBoundParameters.Remove('ReplicationContainerMapping') $null = $PSBoundParameters.Remove('VMWarerunasaccountID') @@ -286,6 +309,9 @@ function New-AzMigrateServerReplication { $null = $PSBoundParameters.Remove('SqlServerLicenseType') $null = $PSBoundParameters.Remove('LicenseType') $null = $PSBoundParameters.Remove('DiskEncryptionSetID') + $null = $PSBoundParameters.Remove('TargetSecurityType') + $null = $PSBoundParameters.Remove('TargetVMConfidentialEncryptionEnabled') + $null = $PSBoundParameters.Remove('TargetVMSecureBootEnabled') $null = $PSBoundParameters.Remove('MachineId') $null = $PSBoundParameters.Remove('InputObject') @@ -426,7 +452,7 @@ function New-AzMigrateServerReplication { if ($FabricName -eq "") { throw "Fabric not found for given resource group." } - + $null = $PSBoundParameters.Add('FabricName', $FabricName) $peContainers = Az.Migrate\Get-AzMigrateReplicationProtectionContainer @PSBoundParameters $ProtectionContainerName = "" @@ -539,6 +565,25 @@ public static int hashForArtifact(String artifact) $ProviderSpecificDetails.InstanceType = 'VMwareCbt' $ProviderSpecificDetails.LicenseType = $LicenseType $ProviderSpecificDetails.PerformAutoResync = $PerformAutoResync + if ($HasTargetVMConfidentialEncryptionEnabled) { + $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmconfidentialEncryptionEnabled = $TargetVMConfidentialEncryptionEnabled.IsPresent + } + if ($HasTargetVMSecureBootEnabled) { + $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmsecureBootEnabled = $TargetVMSecureBootEnabled + } + + if ($HasTargetSecurityType -and $TargetSecurityType -ne "Standard") { + $ProviderSpecificDetails.TargetVMSecurityProfileTargetVmsecurityType = $TargetSecurityType + $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmtpmEnabled = $true + + if ($TargetVMSecureBootEnabled -ne $true -and $HasTargetVMConfidentialEncryptionEnabled) { + throw "SecureBoot should be enabled when confidential encryption is enabled." + } + } + elseif ($HasTargetVMConfidentialEncryptionEnabled -or $HasTargetVMSecureBootEnabled) { + throw "SecureBoot and Confidential encryption is supported only when security type is confidential virtual machines." + } + if ($HasTargetAVSet) { $ProviderSpecificDetails.TargetAvailabilitySetId = $TargetAvailabilitySet } @@ -639,6 +684,7 @@ public static int hashForArtifact(String artifact) } Import-Module Az.Resources + Import-Module Az.Compute $vmId = $ProviderSpecificDetails.TargetResourceGroupId + "/providers/Microsoft.Compute/virtualMachines/" + $TargetVMName $VMNamePresentinRg = Get-AzResource -ResourceId $vmId -ErrorVariable notPresent -ErrorAction SilentlyContinue if ($VMNamePresentinRg) { @@ -664,7 +710,7 @@ public static int hashForArtifact(String artifact) $DiskObject.IsOSDisk = "false" $DiskObject.LogStorageAccountSasSecretName = $LogStorageAccountSas $DiskObject.LogStorageAccountId = $LogStorageAccountID - if ($HasDiskEncryptionSetID) { + if (!$HasTargetVMConfidentialEncryptionEnabled -and $HasDiskEncryptionSetID) { $DiskObject.DiskEncryptionSetId = $DiskEncryptionSetID } $DiskToInclude += $DiskObject @@ -678,16 +724,61 @@ public static int hashForArtifact(String artifact) $DiskObject.LogStorageAccountId = $LogStorageAccountID if ($HasDiskEncryptionSetID) { $DiskObject.DiskEncryptionSetId = $DiskEncryptionSetID + + if ($TargetSecurityType -eq "ConfidentialVM") + { + $TargetSubscriptionId = $TargetResourceGroupId.Split('/')[2]; + $SourceSubscriptionId = (Get-AzContext -ErrorVariable notPresent -ErrorAction SilentlyContinue).Subscription.Id + $context = Set-AzContext -SubscriptionId $TargetSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue + $DiskEncryptionSetName = $DiskEncryptionSetID.Split("/")[-1]; + $DiskEncryptionSetRg = $DiskEncryptionSetID.Split("/")[-5]; + $DiskEncryptionSet = Get-AzDiskEncryptionSet -ResourceGroupName $DiskEncryptionSetRg -Name $DiskEncryptionSetName + + if ($DiskEncryptionSet.EncryptionType -ne $null -and $HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -ne "ConfidentialVmEncryptedWithCustomerKey") { + throw "Disk encryption set should be of type ConfidentialVmEncryptedWithCustomerKey when confidential encryption is enabled." + } + elseif (!$HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -eq "ConfidentialVmEncryptedWithCustomerKey") { + throw "Disk encryption set should be of type ConfidentialVmEncryptedWithCustomerKey when confidential encryption is disabled." + } + $context = Set-AzContext -SubscriptionId $SourceSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue + } } $DiskToInclude += $DiskObject $ProviderSpecificDetails.DisksToInclude = $DiskToInclude } else { + $TargetSubscriptionId = $TargetResourceGroupId.Split('/')[2]; + $SourceSubscriptionId = (Get-AzContext -ErrorVariable notPresent -ErrorAction SilentlyContinue).Subscription.Id + $context = Set-AzContext -SubscriptionId $TargetSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue + $DiskEncryptionSetHashset = New-Object System.Collections.Generic.HashSet[string] foreach ($DiskObject in $DiskToInclude) { $DiskObject.LogStorageAccountSasSecretName = $LogStorageAccountSas $DiskObject.LogStorageAccountId = $LogStorageAccountID + if (![string]::IsNullOrEmpty($DiskObject.DiskEncryptionSetId) -and $TargetSecurityType -eq "ConfidentialVM") { + $DiskEncryptionSetName = $DiskObject.DiskEncryptionSetId.Split("/")[-1]; + $DiskEncryptionSetRg = $DiskObject.DiskEncryptionSetId.Split("/")[-5]; + if ($DiskObject.IsOSDisk -eq "true") { + $DiskEncryptionSet = Get-AzDiskEncryptionSet -ResourceGroupName $DiskEncryptionSetRg -Name $DiskEncryptionSetName + if ($HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -ne $null -and $DiskEncryptionSet.EncryptionType -ne "ConfidentialVmEncryptedWithCustomerKey") { + throw "Disk encryption set should be of type ConfidentialVmEncryptedWithCustomerKey when confidential encryption is enabled." + } + elseif (!$HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -eq "ConfidentialVmEncryptedWithCustomerKey") { + throw "Disk encryption set should be of type EncryptionAtRestWithCustomerKey when confidential encryption is disabled." + } + } + else { + if (!$DiskEncryptionSetHashset.Contains($DiskObject.DiskEncryptionSetId)) { + $DiskEncryptionSet = Get-AzDiskEncryptionSet -ResourceGroupName $DiskEncryptionSetRg -Name $DiskEncryptionSetName + if ($DiskEncryptionSet.EncryptionType -eq "ConfidentialVmEncryptedWithCustomerKey") { + throw "Disk encryption set should be of type EncryptionAtRestWithCustomerKey for data disks." + } + $var =$DiskEncryptionSetHashset.Add($DiskObject.DiskEncryptionSetId) + } + } + } } + $context = Set-AzContext -SubscriptionId $SourceSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue $ProviderSpecificDetails.DisksToInclude = $DiskToInclude } @@ -719,7 +810,5 @@ public static int hashForArtifact(String artifact) $null = $PSBoundParameters.Add('ResourceGroupName', $ResourceGroupName) return Az.Migrate.internal\Get-AzMigrateReplicationJob @PSBoundParameters - } - -} \ No newline at end of file +} \ No newline at end of file From a948c2363ddbc0e203e52c918268d8cdc7592c8f Mon Sep 17 00:00:00 2001 From: shivamverma-ms Date: Mon, 26 Feb 2024 11:30:18 +0530 Subject: [PATCH 2/5] changes for triggering tvm --- .../custom/New-AzMigrateServerReplication.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 index 8a13c2849eb0..1c5cf682495c 100644 --- a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 +++ b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 @@ -185,8 +185,8 @@ function New-AzMigrateServerReplication { # Specifies the Operating System disk for the source server to be migrated. ${OSDiskID}, - [ValidateSet("Standard" , "ConfidentialVM")] - [ArgumentCompleter( { "Standard" , "ConfidentialVM" })] + [ValidateSet("Standard" , "ConfidentialVM", "TrustedLaunch")] + [ArgumentCompleter( { "Standard" , "ConfidentialVM", "TrustedLaunch" })] [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] [System.String] # Specifies the security type for the Azure VM. From 7d5f2e0d2e3ac6dced913f71737b796041a7c149 Mon Sep 17 00:00:00 2001 From: shivamverma-ms Date: Mon, 1 Apr 2024 11:31:52 +0530 Subject: [PATCH 3/5] removing changes forCVM --- .../custom/New-AzMigrateServerReplication.ps1 | 74 ++----------------- 1 file changed, 5 insertions(+), 69 deletions(-) diff --git a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 index 1c5cf682495c..afde7d4a9a83 100644 --- a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 +++ b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 @@ -185,19 +185,13 @@ function New-AzMigrateServerReplication { # Specifies the Operating System disk for the source server to be migrated. ${OSDiskID}, - [ValidateSet("Standard" , "ConfidentialVM", "TrustedLaunch")] - [ArgumentCompleter( { "Standard" , "ConfidentialVM", "TrustedLaunch" })] + [ValidateSet("Standard" , "TrustedLaunch")] + [ArgumentCompleter( { "Standard" , "TrustedLaunch" })] [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] [System.String] # Specifies the security type for the Azure VM. ${TargetSecurityType}, - [Parameter()] - [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] - [System.Management.Automation.SwitchParameter] - # Specifies whether the confidential encryption of OS disks needs to be enabled. - ${TargetVMConfidentialEncryptionEnabled}, - [ValidateSet("true" , "false")] [ArgumentCompleter( { "true" , "false" })] [Microsoft.Azure.PowerShell.Cmdlets.Migrate.Category('Path')] @@ -282,7 +276,6 @@ function New-AzMigrateServerReplication { $HasDiskEncryptionSetID = $PSBoundParameters.ContainsKey('DiskEncryptionSetID') $HasTargetVMSize = $PSBoundParameters.ContainsKey('TargetVMSize') $HasTargetSecurityType = $PSBoundParameters.ContainsKey('TargetSecurityType') - $HasTargetVMConfidentialEncryptionEnabled = $PSBoundParameters.ContainsKey('TargetVMConfidentialEncryptionEnabled') $HasTargetVMSecureBootEnabled = $PSBoundParameters.ContainsKey('TargetVMSecureBootEnabled') $null = $PSBoundParameters.Remove('ReplicationContainerMapping') @@ -310,7 +303,6 @@ function New-AzMigrateServerReplication { $null = $PSBoundParameters.Remove('LicenseType') $null = $PSBoundParameters.Remove('DiskEncryptionSetID') $null = $PSBoundParameters.Remove('TargetSecurityType') - $null = $PSBoundParameters.Remove('TargetVMConfidentialEncryptionEnabled') $null = $PSBoundParameters.Remove('TargetVMSecureBootEnabled') $null = $PSBoundParameters.Remove('MachineId') @@ -565,9 +557,6 @@ public static int hashForArtifact(String artifact) $ProviderSpecificDetails.InstanceType = 'VMwareCbt' $ProviderSpecificDetails.LicenseType = $LicenseType $ProviderSpecificDetails.PerformAutoResync = $PerformAutoResync - if ($HasTargetVMConfidentialEncryptionEnabled) { - $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmconfidentialEncryptionEnabled = $TargetVMConfidentialEncryptionEnabled.IsPresent - } if ($HasTargetVMSecureBootEnabled) { $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmsecureBootEnabled = $TargetVMSecureBootEnabled } @@ -575,15 +564,10 @@ public static int hashForArtifact(String artifact) if ($HasTargetSecurityType -and $TargetSecurityType -ne "Standard") { $ProviderSpecificDetails.TargetVMSecurityProfileTargetVmsecurityType = $TargetSecurityType $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmtpmEnabled = $true - - if ($TargetVMSecureBootEnabled -ne $true -and $HasTargetVMConfidentialEncryptionEnabled) { - throw "SecureBoot should be enabled when confidential encryption is enabled." - } + } elseif($HasTargetVMSecureBootEnabled) { + throw "SecureBoot when security type is trusted launch virtual machine." } - elseif ($HasTargetVMConfidentialEncryptionEnabled -or $HasTargetVMSecureBootEnabled) { - throw "SecureBoot and Confidential encryption is supported only when security type is confidential virtual machines." - } - + if ($HasTargetAVSet) { $ProviderSpecificDetails.TargetAvailabilitySetId = $TargetAvailabilitySet } @@ -710,9 +694,6 @@ public static int hashForArtifact(String artifact) $DiskObject.IsOSDisk = "false" $DiskObject.LogStorageAccountSasSecretName = $LogStorageAccountSas $DiskObject.LogStorageAccountId = $LogStorageAccountID - if (!$HasTargetVMConfidentialEncryptionEnabled -and $HasDiskEncryptionSetID) { - $DiskObject.DiskEncryptionSetId = $DiskEncryptionSetID - } $DiskToInclude += $DiskObject } } @@ -724,61 +705,16 @@ public static int hashForArtifact(String artifact) $DiskObject.LogStorageAccountId = $LogStorageAccountID if ($HasDiskEncryptionSetID) { $DiskObject.DiskEncryptionSetId = $DiskEncryptionSetID - - if ($TargetSecurityType -eq "ConfidentialVM") - { - $TargetSubscriptionId = $TargetResourceGroupId.Split('/')[2]; - $SourceSubscriptionId = (Get-AzContext -ErrorVariable notPresent -ErrorAction SilentlyContinue).Subscription.Id - $context = Set-AzContext -SubscriptionId $TargetSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue - $DiskEncryptionSetName = $DiskEncryptionSetID.Split("/")[-1]; - $DiskEncryptionSetRg = $DiskEncryptionSetID.Split("/")[-5]; - $DiskEncryptionSet = Get-AzDiskEncryptionSet -ResourceGroupName $DiskEncryptionSetRg -Name $DiskEncryptionSetName - - if ($DiskEncryptionSet.EncryptionType -ne $null -and $HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -ne "ConfidentialVmEncryptedWithCustomerKey") { - throw "Disk encryption set should be of type ConfidentialVmEncryptedWithCustomerKey when confidential encryption is enabled." - } - elseif (!$HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -eq "ConfidentialVmEncryptedWithCustomerKey") { - throw "Disk encryption set should be of type ConfidentialVmEncryptedWithCustomerKey when confidential encryption is disabled." - } - $context = Set-AzContext -SubscriptionId $SourceSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue - } } $DiskToInclude += $DiskObject $ProviderSpecificDetails.DisksToInclude = $DiskToInclude } else { - $TargetSubscriptionId = $TargetResourceGroupId.Split('/')[2]; - $SourceSubscriptionId = (Get-AzContext -ErrorVariable notPresent -ErrorAction SilentlyContinue).Subscription.Id - $context = Set-AzContext -SubscriptionId $TargetSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue - $DiskEncryptionSetHashset = New-Object System.Collections.Generic.HashSet[string] foreach ($DiskObject in $DiskToInclude) { $DiskObject.LogStorageAccountSasSecretName = $LogStorageAccountSas $DiskObject.LogStorageAccountId = $LogStorageAccountID - if (![string]::IsNullOrEmpty($DiskObject.DiskEncryptionSetId) -and $TargetSecurityType -eq "ConfidentialVM") { - $DiskEncryptionSetName = $DiskObject.DiskEncryptionSetId.Split("/")[-1]; - $DiskEncryptionSetRg = $DiskObject.DiskEncryptionSetId.Split("/")[-5]; - if ($DiskObject.IsOSDisk -eq "true") { - $DiskEncryptionSet = Get-AzDiskEncryptionSet -ResourceGroupName $DiskEncryptionSetRg -Name $DiskEncryptionSetName - if ($HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -ne $null -and $DiskEncryptionSet.EncryptionType -ne "ConfidentialVmEncryptedWithCustomerKey") { - throw "Disk encryption set should be of type ConfidentialVmEncryptedWithCustomerKey when confidential encryption is enabled." - } - elseif (!$HasTargetVMConfidentialEncryptionEnabled -and $DiskEncryptionSet.EncryptionType -eq "ConfidentialVmEncryptedWithCustomerKey") { - throw "Disk encryption set should be of type EncryptionAtRestWithCustomerKey when confidential encryption is disabled." - } - } - else { - if (!$DiskEncryptionSetHashset.Contains($DiskObject.DiskEncryptionSetId)) { - $DiskEncryptionSet = Get-AzDiskEncryptionSet -ResourceGroupName $DiskEncryptionSetRg -Name $DiskEncryptionSetName - if ($DiskEncryptionSet.EncryptionType -eq "ConfidentialVmEncryptedWithCustomerKey") { - throw "Disk encryption set should be of type EncryptionAtRestWithCustomerKey for data disks." - } - $var =$DiskEncryptionSetHashset.Add($DiskObject.DiskEncryptionSetId) - } - } - } } - $context = Set-AzContext -SubscriptionId $SourceSubscriptionId -ErrorVariable notPresent -ErrorAction SilentlyContinue $ProviderSpecificDetails.DisksToInclude = $DiskToInclude } From ffe0b4ccdfc6e62457ed31d08b4128c8b497bff9 Mon Sep 17 00:00:00 2001 From: shivamverma-ms Date: Fri, 26 Jul 2024 12:10:14 +0530 Subject: [PATCH 4/5] Resolved comments --- .../custom/New-AzMigrateServerReplication.ps1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 index afde7d4a9a83..ce90fc206e6e 100644 --- a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 +++ b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 @@ -559,13 +559,15 @@ public static int hashForArtifact(String artifact) $ProviderSpecificDetails.PerformAutoResync = $PerformAutoResync if ($HasTargetVMSecureBootEnabled) { $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmsecureBootEnabled = $TargetVMSecureBootEnabled + } elseif ($TargetSecurityType -eq "TrustedLaunch") { + $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmsecureBootEnabled = $true } if ($HasTargetSecurityType -and $TargetSecurityType -ne "Standard") { $ProviderSpecificDetails.TargetVMSecurityProfileTargetVmsecurityType = $TargetSecurityType $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmtpmEnabled = $true - } elseif($HasTargetVMSecureBootEnabled) { - throw "SecureBoot when security type is trusted launch virtual machine." + } elseif ($HasTargetVMSecureBootEnabled) { + throw "SecureBoot is supported only when security type is trusted launch virtual machine." } if ($HasTargetAVSet) { From a49adc6bdab0d25bd895268c60edacfd5c982146 Mon Sep 17 00:00:00 2001 From: shivamverma-ms Date: Fri, 26 Jul 2024 12:15:55 +0530 Subject: [PATCH 5/5] type from bool to string --- .../Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 index ce90fc206e6e..c7f54c033d5d 100644 --- a/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 +++ b/src/Migrate/Migrate.Autorest/custom/New-AzMigrateServerReplication.ps1 @@ -560,7 +560,7 @@ public static int hashForArtifact(String artifact) if ($HasTargetVMSecureBootEnabled) { $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmsecureBootEnabled = $TargetVMSecureBootEnabled } elseif ($TargetSecurityType -eq "TrustedLaunch") { - $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmsecureBootEnabled = $true + $ProviderSpecificDetails.TargetVMSecurityProfileIsTargetVmsecureBootEnabled = "true" } if ($HasTargetSecurityType -and $TargetSecurityType -ne "Standard") {