2025 01 02 typespec pr1 (#35215)

* update tsp

* add examples to tsp folder

* add "Added"

* fix examples in tsp folder

* updated swagger files

---------

Co-authored-by: Jiao Di (MSFT) <[email protected]>

Author: grizzlytheodore

specification/compute/Disk.Management/examples/2025-01-02/diskExamples/Disk_BeginGetAccess_WithVMGuestStateAndVMMetadata.json

@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "subscriptionId": "{subscription-id}",
+    "resourceGroupName": "myResourceGroup",
+    "diskName": "myDisk",
+    "api-version": "2025-01-02",
+    "grantAccessData": {
+      "access": "Read",
+      "durationInSeconds": 300,
+      "getSecureVMGuestStateSAS": true
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "accessSAS": "https://md-gpvmcxzlzxgd.partition.blob.storage.azure.net/xx3cqcx53f0v/abcd?sv=2014-02-14&sr=b&sk=key1&sig=XXX&st=2025-05-29T18:02:34Z&se=2025-05-29T18:19:14Z&sp=r",
+        "securityDataAccessSAS": "https://md-gpvmcxzlzxgd.partition.blob.storage.azure.net/xx3cqcx53f0v/b9bf5824-6122-49e0-ba22-042f76ccd8a1_vmgs?sv=2014-02-14&sr=b&sk=key1&sig=XXX&st=2025-05-29T18:02:34Z&se=2025-05-29T18:19:14Z&sp=r",
+        "securityMetadataAccessSAS": "https://md-gpvmcxzlzxgd.partition.blob.storage.azure.net/ghm3kwd5jzbn/2be55b76-f471-4f6b-bff0-4dcea6cbca7f_vmmd?sv=2014-02-14&sr=b&sk=key1&sig=XXX&st=2025-05-29T18:02:34Z&se=2025-05-29T18:19:14Z&sp=r"
+      }
+    },
+    "202": {
+      "headers": {
+        "Location": "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/locations/{location}/operations/{operationId}&monitor=true&api-version=2025-01-02"
+      }
+    }
+  },
+  "operationId": "Disks_GrantAccess",
+  "title": "get sas on managed disk, VM guest state and VM metadata for Confidential VM."
+}

specification/compute/Disk.Management/examples/2025-01-02/diskExamples/Disk_Create_FromImportSecure_WithVMMetadata.json

@@ -0,0 +1,70 @@
+{
+  "parameters": {
+    "subscriptionId": "{subscription-id}",
+    "resourceGroupName": "myResourceGroup",
+    "api-version": "2025-01-02",
+    "diskName": "myDisk",
+    "disk": {
+      "location": "West US",
+      "properties": {
+        "osType": "Windows",
+        "securityProfile": {
+          "securityType": "ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey"
+        },
+        "creationData": {
+          "createOption": "ImportSecure",
+          "storageAccountId": "subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/myStorageAccount",
+          "sourceUri": "https://mystorageaccount.blob.core.windows.net/osimages/osimage.vhd",
+          "securityDataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmgs.vhd",
+          "securityMetadataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmmd.vhd"
+        }
+      }
+    }
+  },
+  "responses": {
+    "202": {
+      "body": {
+        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/disks/myDisk",
+        "name": "myDisk",
+        "location": "West US",
+        "properties": {
+          "provisioningState": "Updating",
+          "osType": "Windows",
+          "securityProfile": {
+            "securityType": "ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey"
+          },
+          "creationData": {
+            "createOption": "ImportSecure",
+            "storageAccountId": "subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/myStorageAccount",
+            "sourceUri": "https://mystorageaccount.blob.core.windows.net/osimages/osimage.vhd",
+            "securityDataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmgs.vhd",
+            "securityMetadataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmmd.vhd"
+          }
+        }
+      }
+    },
+    "200": {
+      "body": {
+        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/disks/myDisk",
+        "name": "myDisk",
+        "location": "West US",
+        "properties": {
+          "provisioningState": "Succeeded",
+          "osType": "Windows",
+          "securityProfile": {
+            "securityType": "ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey"
+          },
+          "creationData": {
+            "createOption": "ImportSecure",
+            "storageAccountId": "subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/myStorageAccount",
+            "sourceUri": "https://mystorageaccount.blob.core.windows.net/osimages/osimage.vhd",
+            "securityDataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmgs.vhd",
+            "securityMetadataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmmd.vhd"
+          }
+        }
+      }
+    }
+  },
+  "operationId": "Disks_CreateOrUpdate",
+  "title": "create a managed disk from ImportSecure create option with metadata URI for Confidential VM."
+}

specification/compute/Disk.Management/models.tsp

@@ -123,12 +123,12 @@ union DiskCreateOption {
   CopyStart: "CopyStart",
 
   /**
-   * Similar to Import create option. Create a new Trusted Launch VM or Confidential VM supported disk by importing additional blob for VM guest state specified by securityDataUri in storage account specified by storageAccountId
+   * Similar to Import create option. Create a new Trusted Launch VM or Confidential VM supported disk by importing additional blobs for VM guest state specified by securityDataUri and VM metadata specified by securityMetadataUri in storage account specified by storageAccountId. The VM metadata is optional and only required for certain Confidential VM configurations and not required for Trusted Launch VM.
    */
   ImportSecure: "ImportSecure",
 
   /**
-   * Similar to Upload create option. Create a new Trusted Launch VM or Confidential VM supported disk and upload using write token in both disk and VM guest state
+   * Similar to Upload create option. Create a new Trusted Launch VM or Confidential VM supported disk and upload using write token in disk, VM guest state and VM metadata. The VM metadata is optional and only required for certain Confidential VM configurations and not required for Trusted Launch VM.
    */
   UploadPreparedSecure: "UploadPreparedSecure",
 
@@ -747,6 +747,10 @@ model CreationData {
    */
   securityDataUri?: string;
 
+  /** If createOption is ImportSecure, this is the URI of a blob to be imported into VM metadata for Confidential VM.*/
+  @added(Versions.v2025_01_02)
+  securityMetadataUri?: string;
+
   /**
    * Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled.
    */
@@ -1090,6 +1094,12 @@ model AccessUri {
   #suppress "@azure-tools/typespec-azure-core/casing-style" "Respecting name of the variable"
   @visibility(Lifecycle.Read)
   securityDataAccessSAS?: string;
+
+  /** A SAS uri for accessing a VM metadata.*/
+  #suppress "@azure-tools/typespec-azure-core/casing-style" "Respecting name of the variable"
+  @visibility(Lifecycle.Read)
+  @added(Versions.v2025_01_02)
+  securityMetadataAccessSAS?: string;
 }
 
 /**

specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/DiskRP.json

@@ -1349,6 +1349,9 @@
           "create a managed disk from ImportSecure create option": {
             "$ref": "./examples/diskExamples/Disk_Create_FromImportSecure.json"
           },
+          "create a managed disk from ImportSecure create option with metadata URI for Confidential VM.": {
+            "$ref": "./examples/diskExamples/Disk_Create_FromImportSecure_WithVMMetadata.json"
+          },
           "create a managed disk from UploadPreparedSecure create option": {
             "$ref": "./examples/diskExamples/Disk_Create_FromUploadPreparedSecure.json"
           },
@@ -1641,6 +1644,9 @@
           },
           "get sas on managed disk and VM guest state": {
             "$ref": "./examples/diskExamples/Disk_BeginGetAccess_WithVMGuestState.json"
+          },
+          "get sas on managed disk, VM guest state and VM metadata for Confidential VM.": {
+            "$ref": "./examples/diskExamples/Disk_BeginGetAccess_WithVMGuestStateAndVMMetadata.json"
           }
         },
         "x-ms-long-running-operation-options": {
@@ -2486,6 +2492,11 @@
           "type": "string",
           "description": "A SAS uri for accessing a VM guest state.",
           "readOnly": true
+        },
+        "securityMetadataAccessSAS": {
+          "type": "string",
+          "description": "A SAS uri for accessing a VM metadata.",
+          "readOnly": true
         }
       }
     },
@@ -2594,6 +2605,10 @@
           "type": "string",
           "description": "If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state."
         },
+        "securityMetadataUri": {
+          "type": "string",
+          "description": "If createOption is ImportSecure, this is the URI of a blob to be imported into VM metadata for Confidential VM."
+        },
         "performancePlus": {
           "type": "boolean",
           "description": "Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled."
@@ -2819,12 +2834,12 @@
           {
             "name": "ImportSecure",
             "value": "ImportSecure",
-            "description": "Similar to Import create option. Create a new Trusted Launch VM or Confidential VM supported disk by importing additional blob for VM guest state specified by securityDataUri in storage account specified by storageAccountId"
+            "description": "Similar to Import create option. Create a new Trusted Launch VM or Confidential VM supported disk by importing additional blobs for VM guest state specified by securityDataUri and VM metadata specified by securityMetadataUri in storage account specified by storageAccountId. The VM metadata is optional and only required for certain Confidential VM configurations and not required for Trusted Launch VM."
           },
           {
             "name": "UploadPreparedSecure",
             "value": "UploadPreparedSecure",
-            "description": "Similar to Upload create option. Create a new Trusted Launch VM or Confidential VM supported disk and upload using write token in both disk and VM guest state"
+            "description": "Similar to Upload create option. Create a new Trusted Launch VM or Confidential VM supported disk and upload using write token in disk, VM guest state and VM metadata. The VM metadata is optional and only required for certain Confidential VM configurations and not required for Trusted Launch VM."
           },
           {
             "name": "CopyFromSanSnapshot",

specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskExamples/Disk_BeginGetAccess_WithVMGuestStateAndVMMetadata.json

@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "subscriptionId": "{subscription-id}",
+    "resourceGroupName": "myResourceGroup",
+    "diskName": "myDisk",
+    "api-version": "2025-01-02",
+    "grantAccessData": {
+      "access": "Read",
+      "durationInSeconds": 300,
+      "getSecureVMGuestStateSAS": true
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "accessSAS": "https://md-gpvmcxzlzxgd.partition.blob.storage.azure.net/xx3cqcx53f0v/abcd?sv=2014-02-14&sr=b&sk=key1&sig=XXX&st=2025-05-29T18:02:34Z&se=2025-05-29T18:19:14Z&sp=r",
+        "securityDataAccessSAS": "https://md-gpvmcxzlzxgd.partition.blob.storage.azure.net/xx3cqcx53f0v/b9bf5824-6122-49e0-ba22-042f76ccd8a1_vmgs?sv=2014-02-14&sr=b&sk=key1&sig=XXX&st=2025-05-29T18:02:34Z&se=2025-05-29T18:19:14Z&sp=r",
+        "securityMetadataAccessSAS": "https://md-gpvmcxzlzxgd.partition.blob.storage.azure.net/ghm3kwd5jzbn/2be55b76-f471-4f6b-bff0-4dcea6cbca7f_vmmd?sv=2014-02-14&sr=b&sk=key1&sig=XXX&st=2025-05-29T18:02:34Z&se=2025-05-29T18:19:14Z&sp=r"
+      }
+    },
+    "202": {
+      "headers": {
+        "Location": "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/locations/{location}/operations/{operationId}&monitor=true&api-version=2025-01-02"
+      }
+    }
+  },
+  "operationId": "Disks_GrantAccess",
+  "title": "get sas on managed disk, VM guest state and VM metadata for Confidential VM."
+}

specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskExamples/Disk_Create_FromImportSecure_WithVMMetadata.json

@@ -0,0 +1,70 @@
+{
+  "parameters": {
+    "subscriptionId": "{subscription-id}",
+    "resourceGroupName": "myResourceGroup",
+    "api-version": "2025-01-02",
+    "diskName": "myDisk",
+    "disk": {
+      "location": "West US",
+      "properties": {
+        "osType": "Windows",
+        "securityProfile": {
+          "securityType": "ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey"
+        },
+        "creationData": {
+          "createOption": "ImportSecure",
+          "storageAccountId": "subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/myStorageAccount",
+          "sourceUri": "https://mystorageaccount.blob.core.windows.net/osimages/osimage.vhd",
+          "securityDataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmgs.vhd",
+          "securityMetadataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmmd.vhd"
+        }
+      }
+    }
+  },
+  "responses": {
+    "202": {
+      "body": {
+        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/disks/myDisk",
+        "name": "myDisk",
+        "location": "West US",
+        "properties": {
+          "provisioningState": "Updating",
+          "osType": "Windows",
+          "securityProfile": {
+            "securityType": "ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey"
+          },
+          "creationData": {
+            "createOption": "ImportSecure",
+            "storageAccountId": "subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/myStorageAccount",
+            "sourceUri": "https://mystorageaccount.blob.core.windows.net/osimages/osimage.vhd",
+            "securityDataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmgs.vhd",
+            "securityMetadataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmmd.vhd"
+          }
+        }
+      }
+    },
+    "200": {
+      "body": {
+        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/disks/myDisk",
+        "name": "myDisk",
+        "location": "West US",
+        "properties": {
+          "provisioningState": "Succeeded",
+          "osType": "Windows",
+          "securityProfile": {
+            "securityType": "ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey"
+          },
+          "creationData": {
+            "createOption": "ImportSecure",
+            "storageAccountId": "subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/myStorageAccount",
+            "sourceUri": "https://mystorageaccount.blob.core.windows.net/osimages/osimage.vhd",
+            "securityDataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmgs.vhd",
+            "securityMetadataUri": "https://mystorageaccount.blob.core.windows.net/osimages/vmmd.vhd"
+          }
+        }
+      }
+    }
+  },
+  "operationId": "Disks_CreateOrUpdate",
+  "title": "create a managed disk from ImportSecure create option with metadata URI for Confidential VM."
+}