Added support for TrustedLaunch flag for agent deployments (#544)

src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java

@@ -306,6 +306,8 @@ public int hashCode() {
 
     private boolean installDocker;
 
+    private boolean trustedLaunch;
+
     private final String osType;
 
     private transient String agentLaunchMethod;
@@ -632,6 +634,15 @@ public void setSpotInstance(boolean spotInstance) {
         this.spotInstance = spotInstance;
     }
 
+    public boolean isTrustedLaunch() {
+        return trustedLaunch;
+    }
+
+    @DataBoundSetter
+    public void setTrustedLaunch(boolean trustedLaunch) {
+        this.trustedLaunch = trustedLaunch;
+    }
+
     public boolean isAcceleratedNetworking() {
         return acceleratedNetworking;
     }

src/main/java/com/microsoft/azure/vmagent/AzureVMManagementServiceDelegate.java

@@ -629,6 +629,10 @@ public AzureVMDeploymentInfo createDeployment(
             if (template.isSpotInstance()) {
                 addSpotInstance(tmp);
             }
+
+            if (template.isTrustedLaunch()) {
+                addTrustedLaunch(tmp);
+            }
 
             if (!(Boolean) properties.get("usePrivateIP")) {
                 addPublicIPResourceNode(tmp, tags);
@@ -739,6 +743,44 @@ private void addSpotInstance(JsonNode template) {
             }
         }
     }
+
+
+    private void addTrustedLaunch(JsonNode template) {
+    	ObjectNode parameterNode = (ObjectNode) template.get("parameters");
+    	ObjectNode securityTypeNode = MAPPER.createObjectNode();
+    	securityTypeNode.put("type", "string");
+    	securityTypeNode.put("defaultValue", "TrustedLaunch");
+    	ArrayNode allowedValuesNode = MAPPER.createArrayNode();
+    	allowedValuesNode.add("Standard");
+    	allowedValuesNode.add("TrustedLaunch");
+    	securityTypeNode.set("allowedValues", allowedValuesNode);
+    	ObjectNode metaDataNode = MAPPER.createObjectNode();
+    	metaDataNode.put("description", "Security Type of the Virtual Machine.");
+    	securityTypeNode.set("metadata", metaDataNode);
+    	parameterNode.set("securityType", securityTypeNode);
+
+    	ObjectNode variableNode = (ObjectNode) template.get("variables");
+    	ObjectNode profileNode = MAPPER.createObjectNode();    	
+    	ObjectNode settingsNode = MAPPER.createObjectNode();
+    	settingsNode.put("secureBootEnabled", true);
+    	settingsNode.put("vTpmEnabled", true);
+
+    	profileNode.set("uefiSettings", settingsNode);
+    	profileNode.put("securityType", "[parameters('securityType')]");
+
+    	variableNode.set("securityProfileJson", profileNode);
+
+
+
+        ArrayNode resources = (ArrayNode) template.get("resources");
+        for (JsonNode resource : resources) {
+            String type = resource.get("type").asText();
+            if (type.contains("virtualMachine")) {
+                ObjectNode properties = (ObjectNode) resource.get("properties");
+                properties.put("securityProfile", "[if(equals(parameters('securityType'), 'TrustedLaunch'), variables('securityProfileJson'), null())]");                
+            }
+        }
+    }
 
     private void addAcceleratedNetworking(JsonNode template) {
         ArrayNode resources = (ArrayNode) template.get("resources");

src/main/resources/com/microsoft/azure/vmagent/AzureVMAgentTemplate/config.jelly

@@ -130,6 +130,11 @@
     <f:entry title="${%Spot instance}" field="spotInstance">
       <f:checkbox/>
     </f:entry>
+
+    <f:entry title="${%Use Trusted Launch}" field="trustedLaunch">
+      <f:checkbox/>
+    </f:entry>
+
 
     <f:entry title="${%Enable_MSI}" field="enableMSI">
       <f:checkbox/>