ip_service_tags

New security standard will require all IPs to be tagged. Please note this IP tagging system is different from general resource tagging.
microsoft · Oct 4, 2024 · c2b16f2 · c2b16f2
1 parent 02c80fc
commit c2b16f2
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 5 deletions.
diff --git a/lisa/sut_orchestrator/azure/arm_template.bicep b/lisa/sut_orchestrator/azure/arm_template.bicep
@@ -46,6 +46,9 @@ param data_disks array
 @description('whether to use ultra disk')
 param is_ultradisk bool = false
 
+@description('IP Service Tags')
+param ip_service_tags object
+
 var vnet_id = virtual_network_name_resource.id
 var node_count = length(nodes)
 var availability_set_name_value = 'lisa-availabilitySet'
@@ -59,6 +62,10 @@ var use_availability_zones = (availability_type == 'availability_zone')
 var availability_set_value = (use_availability_set ? getAvailabilitySetId(availability_set_name_value): null)
 var combined_vm_tags = union(tags, vm_tags)
 var combined_aset_tags = union(tags, availability_set_tags)
+var ip_tags = [for key in objectKeys(ip_service_tags): {
+  ipTagType: key
+  tag: ip_service_tags[key]
+}]
 
 func isCvm(node object) bool => bool((!empty(node.vhd)) && (!empty(node.vhd.vmgs_path)))
 
@@ -254,6 +261,7 @@ resource nodes_public_ip 'Microsoft.Network/publicIPAddresses@2020-05-01' = [for
   name: '${nodes[i].name}-public-ip'
   properties: {
     publicIPAllocationMethod: ((is_ultradisk || use_availability_zones) ? 'Static' : 'Dynamic')
+    ipTags: (empty(ip_tags) ? null : ip_tags)
   }
   sku: {
     name: ((is_ultradisk || use_availability_zones) ? 'Standard' : 'Basic')

diff --git a/lisa/sut_orchestrator/azure/autogen_arm_template.json b/lisa/sut_orchestrator/azure/autogen_arm_template.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "1630470125196944168"
+      "version": "0.30.23.60470",
+      "templateHash": "17909783643222378721"
     }
   },
   "functions": [
@@ -511,9 +511,25 @@
       "metadata": {
         "description": "whether to use ultra disk"
       }
+    },
+    "ip_service_tags": {
+      "type": "object",
+      "metadata": {
+        "description": "IP Service Tags"
+      }
     }
   },
   "variables": {
+    "copy": [
+      {
+        "name": "ip_tags",
+        "count": "[length(objectKeys(parameters('ip_service_tags')))]",
+        "input": {
+          "ipTagType": "[objectKeys(parameters('ip_service_tags'))[copyIndex('ip_tags')]]",
+          "tag": "[parameters('ip_service_tags')[objectKeys(parameters('ip_service_tags'))[copyIndex('ip_tags')]]]"
+        }
+      }
+    ],
     "vnet_id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtual_network_name'))]",
     "node_count": "[length(parameters('nodes'))]",
     "availability_set_name_value": "lisa-availabilitySet",
@@ -579,7 +595,8 @@
       "location": "[parameters('location')]",
       "tags": "[parameters('tags')]",
       "properties": {
-        "publicIPAllocationMethod": "[if(or(parameters('is_ultradisk'), variables('use_availability_zones')), 'Static', 'Dynamic')]"
+        "publicIPAllocationMethod": "[if(or(parameters('is_ultradisk'), variables('use_availability_zones')), 'Static', 'Dynamic')]",
+        "ipTags": "[if(empty(variables('ip_tags')), null(), variables('ip_tags'))]"
       },
       "sku": {
         "name": "[if(or(parameters('is_ultradisk'), variables('use_availability_zones')), 'Standard', 'Basic')]"
@@ -770,8 +787,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.28.1.47646",
-              "templateHash": "10740733774987815957"
+              "version": "0.30.23.60470",
+              "templateHash": "12249187708601787514"
             }
           },
           "functions": [

diff --git a/lisa/sut_orchestrator/azure/common.py b/lisa/sut_orchestrator/azure/common.py
@@ -1154,6 +1154,7 @@ class AzureArmParameter:
     data_disks: List[DataDiskSchema] = field(default_factory=list)
     vm_tags: Dict[str, Any] = field(default_factory=dict)
     tags: Dict[str, Any] = field(default_factory=dict)
+    ip_service_tags: Dict[str, str] = field(default_factory=dict)
 
     virtual_network_resource_group: str = ""
     virtual_network_name: str = AZURE_VIRTUAL_NETWORK_NAME

diff --git a/lisa/sut_orchestrator/azure/platform_.py b/lisa/sut_orchestrator/azure/platform_.py
@@ -279,6 +279,7 @@ class AzurePlatformSchema:
     vm_tags: Optional[Dict[str, Any]] = field(default=None)
     tags: Optional[Dict[str, Any]] = field(default=None)
     use_public_address: bool = field(default=True)
+    ip_service_tags: Optional[Dict[str, str]] = field(default=None)
 
     virtual_network_resource_group: str = field(default="")
     virtual_network_name: str = field(default=AZURE_VIRTUAL_NETWORK_NAME)
@@ -1058,6 +1059,7 @@ def _create_deployment_parameters(
         copied_fields = [
             "vm_tags",
             "tags",
+            "ip_service_tags",
         ]
         availability_copied_fields = [
             "availability_set_tags",