How can we create an Azure VM with trusted launch enabled with Azure Java SDK?

Question

Like the title suggests, I've spent some time reading sdk documents and testing but had no luck so far finding a method under AzureResourceManager.virtualMachine would allow me to explicitly set the VM to enable trusted launch feature at creation.

It is possible to specify SecurityProfile with VirtualMachineInner class but I have no clues at all passing the object to call the create() method under AzureResourceManager.virtualMachine.

Here's a short snippet I came up with so far.

SecurityProfile securityProfile = new SecurityProfile()
            .withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
            .withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
            .withEncryptionAtHost(true);
VirtualMachineInner vmi = new VirtualMachineInner();
vmi.withSecurityProfile(securityProfile);

Thanks in advance.

Answer 1

VirtualMachineInner class represents the internal properties of the VM and is not to be used directly for creating or managing virtual machines using the Azure Java SDK.

• Use the fluent builder pattern provided by the VirtualMachine.DefinitionStages.WithCreate interface that define and it creates the virtual machine, then configure Trusted Launch settings separately after the virtual machine is created.

import com.azure.resourcemanager.compute.models.SecurityProfile;
import com.azure.resourcemanager.compute.models.SecurityTypes;
import com.azure.resourcemanager.compute.models.UefiSettings;
import com.azure.resourcemanager.compute.models.VirtualMachine;
import com.azure.resourcemanager.compute.models.VirtualMachineSizeTypes;

// Create a SecurityProfile with Trusted Launch settings
SecurityProfile securityProfile = new SecurityProfile()
        .withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
        .withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
        .withEncryptionAtHost(true);

// Create the virtual machine using the Azure Java SDK
VirtualMachine virtualMachine = azureResourceManager.virtualMachines()
        .define(vmName)
        .withRegion(Region.US_EAST)
        .withExistingResourceGroup(resourceGroupName)
        .withNewPrimaryNetwork(network)
        .withPrimaryPrivateIPAddressDynamic()
        .withNewPublicIPAddress()
        .withPopularLinuxImage(knownLinuxImage)
        .withRootUsername(vmUsername)
        .withSsh(publicKey)
        .withSize(VirtualMachineSizeTypes.STANDARD_D2_V2)
        .withOSDiskStorageAccountType(StorageAccountTypes.PREMIUM_LRS)
        .create();

// Configure Trusted Launch settings separately for the virtual machine
azureResourceManager.virtualMachines()
        .manager()
        .virtualMachineExtensionImages()
        .register("Microsoft.Compute", "TrustedLaunchExtension", "1.0")
        .beginCreateOrUpdate(
                resourceGroupName,
                virtualMachine.name(),
                "TrustedLaunchExtension",
                new VirtualMachineExtensionInner()
                        .withLocation(virtualMachine.regionName())
                        .withPublisher("Microsoft.Compute")
                        .withType("TrustedLaunchExtension")
                        .withVirtualMachineExtensionType("TrustedLaunchExtension")
                        .withAutoUpgradeMinorVersion(true)
                        .withSettings(securityProfile)
        )
        .waitForCompletion();

I tried using the VirtualMachine.DefinitionStages.WithCreate.withTrustedLaunch() method to enable Trusted Launch. but unable to do it.

• withTrustedLaunch() method is not available in the Azure Java SDK for enabling Trusted Launch during the creation of a virtual machine.

There is a statement quoting that we can set secure boot parameter by SDK after VM creation.

Here is the output: