Merge branch 'algamaes/add_guest_agent_profile' of ssh://github.com/algamaes/moc-sdk-for-go into merge_branch

2023-07-28 03:53:08 -07:00 · 2023-07-28 03:53:08 -07:00 · 065493fd9e
--- a/.pipelines/build.yaml
+++ b/.pipelines/build.yaml
@ -36,6 +36,48 @@ jobs:
    workingDirectory: '$(System.DefaultWorkingDirectory)'
    displayName: 'Build'

+  - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@2
+    displayName: 'Sign Files'
+    inputs:
+      ConnectedServiceName: 'akshci_esrp'
+      FolderPath: '$(System.DefaultWorkingDirectory)/bin'
+      Pattern: '*.dll'
+      signConfigType: inlineSignParams
+      inlineOperation: |
+        [
+          {
+            "keyCode": "CP-230012",
+            "operationSetCode": "SigntoolSign",
+            "parameters": [
+              {
+                "parameterName": "OpusName",
+                "parameterValue": "Microsoft"
+              },
+              {
+                "parameterName": "OpusInfo",
+                "parameterValue": "http://www.microsoft.com"
+              },
+              {
+                "parameterName": "PageHash",
+                "parameterValue": "/NPH"
+              },
+              {
+                "parameterName": "FileDigest",
+                "parameterValue": "/fd sha256"
+              },
+              {
+                "parameterName": "TimeStamp",
+                "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+              }
+            ],
+            "toolName": "signtool.exe",
+            "toolVersion": "6.2.9304.0"
+          }
+        ]
+      SessionTimeout: '60'
+      MaxConcurrency: '50'
+      MaxRetryAttempts: '5'
+
  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
    displayName: 'SBOM Generation'
    inputs:
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,7 @@ require (
 	github.com/Azure/go-autorest/autorest v0.9.0
 	github.com/Azure/go-autorest/autorest/date v0.2.0
 	github.com/google/uuid v1.3.0
-	github.com/microsoft/moc v0.11.0-alpha.4
+	github.com/microsoft/moc v0.11.0-alpha.14
 	google.golang.org/grpc v1.54.0
 	k8s.io/klog v1.0.0
 )
@ -16,13 +16,14 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/kr/pretty v0.3.0 // indirect
+	google.golang.org/protobuf v1.31.0
 )

 replace (
 	github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0
 	github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0
 	github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
-	github.com/microsoft/moc => github.com/algamaes/moc v0.0.6-dhavalpopat.0.20230523015656-33714455b97e
+	github.com/microsoft/moc => github.com/algamaes/moc v0.0.0-20230728052752-7f29e9f67791
 	github.com/miekg/dns => github.com/miekg/dns v1.1.25
 	golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c
 	golang.org/x/sys => golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24
--- a/go.sum
+++ b/go.sum
@ -404,8 +404,8 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/algamaes/moc v0.0.6-dhavalpopat.0.20230523015656-33714455b97e h1:4DOhOUsVgx1Dq/yH9wzI6RSGEPNvYqjG7pyeMFkbYg4=
-github.com/algamaes/moc v0.0.6-dhavalpopat.0.20230523015656-33714455b97e/go.mod h1:gvxuYApVO2jbL+mjOC1/gseLW5An2iDvm0lckLwBuLI=
+github.com/algamaes/moc v0.0.0-20230728052752-7f29e9f67791 h1:xGlYmwJS+4gTUkb1zPbG3HyJG1UUV92hrBk4IFGwqnQ=
+github.com/algamaes/moc v0.0.0-20230728052752-7f29e9f67791/go.mod h1:oWva5QnxchPzA+W9v5INDHjUksw/UKJPuNHnIwEpyEw=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@ -741,8 +741,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -1039,8 +1039,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
--- a/pkg/client/admin.go
+++ b/pkg/client/admin.go
@ -60,3 +60,13 @@ func GetValidationClient(serverAddress *string, authorizer auth.Authorizer) (cad

 	return cadmin_pb.NewValidationAgentClient(conn), nil
 }
+
+// GetHealthClient returns the wssdcloudagent health information
+func GetHealthClient(serverAddress *string, authorizer auth.Authorizer) (cadmin_pb.HealthAgentClient, error) {
+	conn, err := getClientConnection(serverAddress, authorizer)
+	if err != nil {
+		log.Fatalf("Unable to get HealthClient. Failed to dial: %v", err)
+	}
+
+	return cadmin_pb.NewHealthAgentClient(conn), nil
+}
--- a/pkg/constant/constant.go
+++ b/pkg/constant/constant.go
@ -11,4 +11,5 @@ const (
 	DefaultServerContextTimeout          = 10 * time.Minute
 	CertificateValidityThreshold float64 = (30.0 / 100.0)
 	RenewalBackoff               float64 = (2.0 / 100.0)
+	OsRegistrationStatus         string  = "osRegistrationStatus"
 )
--- a/services/admin/health/client.go
+++ b/services/admin/health/client.go
@ -0,0 +1,57 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license
+
+package health
+
+import (
+	"context"
+
+	"github.com/microsoft/moc-sdk-for-go/services/admin/health/internal"
+	"github.com/microsoft/moc/pkg/auth"
+	"github.com/microsoft/moc/rpc/common"
+)
+
+// Service interfacetype Service interface {
+type Service interface {
+	CheckHealth(ctx context.Context, timeoutSeconds uint32) error
+	GetAgentInfo(context.Context) (*common.NodeInfo, error)
+	GetDeploymentId(ctx context.Context) (string, error)
+}
+
+// Client structure
+type HealthClient struct {
+	internal Service
+}
+
+// NewClient method returns new client
+func NewHealthClient(cloudFQDN string, authorizer auth.Authorizer) (*HealthClient, error) {
+	c, err := internal.NewHealthClient(cloudFQDN, authorizer)
+	return &HealthClient{c}, err
+}
+
+// CheckHealth
+func (c *HealthClient) CheckHealth(ctx context.Context, timeoutSeconds uint32) error {
+	return c.internal.CheckHealth(ctx, timeoutSeconds)
+}
+
+// GetAgentInfo
+func (c *HealthClient) GetAgentInfo(ctx context.Context) (*common.NodeInfo, error) {
+	return c.internal.GetAgentInfo(ctx)
+}
+
+var deploymentId = ""
+
+// GetDeploymentId
+func (c *HealthClient) GetDeploymentId(ctx context.Context) (string, error) {
+	//if deploymentId is cached, directly return it
+	if len(deploymentId) != 0 {
+		return deploymentId, nil
+	}
+	id, err := c.internal.GetDeploymentId(ctx)
+	if err != nil {
+		deploymentId = ""
+		return "", err
+	}
+	deploymentId = id
+	return id, err
+}
--- a/services/admin/health/internal/moc.go
+++ b/services/admin/health/internal/moc.go
@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license
+
+package internal
+
+import (
+	"context"
+
+	mocclient "github.com/microsoft/moc-sdk-for-go/pkg/client"
+	"github.com/microsoft/moc/pkg/auth"
+	"github.com/microsoft/moc/rpc/common"
+	mocadmin "github.com/microsoft/moc/rpc/common/admin"
+	"google.golang.org/protobuf/types/known/emptypb"
+)
+
+type client struct {
+	mocadmin.HealthAgentClient
+}
+
+// NewHealthClient - creates a client session with the backend moc agent
+func NewHealthClient(subID string, authorizer auth.Authorizer) (*client, error) {
+	c, err := mocclient.GetHealthClient(&subID, authorizer)
+	if err != nil {
+		return nil, err
+	}
+	return &client{c}, nil
+}
+
+func (c *client) CheckHealth(ctx context.Context, timeoutSeconds uint32) error {
+	request := mocadmin.HealthRequest{TimeoutSeconds: timeoutSeconds}
+	_, err := c.HealthAgentClient.CheckHealth(ctx, &request)
+	return err
+}
+
+// GetAgentInfo
+func (c *client) GetAgentInfo(ctx context.Context) (*common.NodeInfo, error) {
+	response, err := c.HealthAgentClient.GetAgentInfo(ctx, &emptypb.Empty{})
+	if err != nil {
+		return &common.NodeInfo{}, err
+	}
+	return response.Node, nil
+}
+
+// GetDeploymentId
+func (c *client) GetDeploymentId(ctx context.Context) (string, error) {
+	response, err := c.HealthAgentClient.GetAgentInfo(ctx, &emptypb.Empty{})
+	if err != nil {
+		return "", err
+	}
+	return response.DeploymentId, nil
+}
--- a/services/cloud/node/node.go
+++ b/services/cloud/node/node.go
@ -4,6 +4,9 @@
 package node

 import (
+	"strconv"
+
+	"github.com/microsoft/moc-sdk-for-go/pkg/constant"
 	"github.com/microsoft/moc-sdk-for-go/services/cloud"

 	"github.com/microsoft/moc/pkg/convert"
@ -65,6 +68,7 @@ func getNode(nd *wssdcloud.Node) *cloud.Node {
 			Statuses:       getNodeStatuses(nd),
 		},
 		Version: &nd.Status.Version.Number,
+		Tags:    generateNodeTags(nd),
 	}
 }

@ -74,3 +78,19 @@ func getNodeStatuses(node *wssdcloud.Node) map[string]*string {
 	statuses["Info"] = convert.ToStringPtr(node.GetInfo().String())
 	return statuses
 }
+
+func generateNodeTags(node *wssdcloud.Node) map[string]*string {
+	tags := make(map[string]*string)
+	populateOsRegistrationStatusTag(tags, node)
+	if len(tags) > 0 {
+		return tags
+	}
+	return nil
+}
+
+func populateOsRegistrationStatusTag(tags map[string]*string, node *wssdcloud.Node) {
+	if node.Info != nil && node.Info.OsInfo != nil && node.Info.OsInfo.OsRegistrationStatus != nil {
+		osRegistrationStatus := strconv.Itoa(int(node.Info.OsInfo.OsRegistrationStatus.Status))
+		tags[constant.OsRegistrationStatus] = &osRegistrationStatus
+	}
+}
--- a/services/compute/compute.go
+++ b/services/compute/compute.go
@ -239,7 +239,7 @@ type InstanceViewStatus struct {
 	// Code - READ-ONLY; The status code, which only appears in the response.
 	Code string `json:"code,omitempty"`
 	// Level - READ-ONLY; The level code, which only appears in the response.
-	Level string `json:"level,omitempty"`
+	Level common.InstanceViewStatus_StatusLevelType `json:"level,omitempty"`
 	// DisplayStatus - READ-ONLY; The short localizable label for the status, which only appears in the response.
 	DisplayStatus string `json:"displayStatus,omitempty"`
 	// Message - READ-ONLY; The detailed status message, including for alerts and error messages, which only appears in the response.
@ -259,11 +259,21 @@ type UefiSettings struct {
 	// SecureBootEnabled - Specifies whether secure boot should be enabled on the virtual machine.
 	SecureBootEnabled *bool `json:"secureBootEnabled,omitempty"`
 }
+type SecurityTypes string
+
+// possible values of security type string
+const (
+	TrustedLaunch  SecurityTypes = "TrustedLaunch"
+	ConfidentialVM SecurityTypes = "ConfidentialVM"
+)

 type SecurityProfile struct {
 	EnableTPM *bool `json:"enableTPM,omitempty"`
 	//Security related configuration used while creating the virtual machine.
 	UefiSettings *UefiSettings `json:"uefiSettings,omitempty"`
+	// SecurityType - Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings.
+	// Default: UefiSettings will not be enabled unless this property is set. Possible values include: 'TrustedLaunch', 'ConfidentialVM'
+	SecurityType SecurityTypes `json:"securityType,omitempty"`
 }

 // Plan specifies information about the marketplace image used to create the virtual machine. This element
--- a/services/compute/virtualmachine/virtualmachine.go
+++ b/services/compute/virtualmachine/virtualmachine.go
@ -203,6 +203,7 @@ func (c *client) getWssdVirtualMachineSecurityConfiguration(vm *compute.VirtualM
 	enableTPM := false
 	var uefiSettings *wssdcloudcompute.UefiSettings
 	uefiSettings = nil
+	securityType := wssdcommon.SecurityType_NOTCONFIGURED
 	if vm.SecurityProfile != nil {
 		if vm.SecurityProfile.EnableTPM != nil {
 			enableTPM = *vm.SecurityProfile.EnableTPM
@ -212,11 +213,18 @@ func (c *client) getWssdVirtualMachineSecurityConfiguration(vm *compute.VirtualM
 				SecureBootEnabled: *vm.SecurityProfile.UefiSettings.SecureBootEnabled,
 			}
 		}
+		switch vm.SecurityProfile.SecurityType {
+		case compute.TrustedLaunch:
+			securityType = wssdcommon.SecurityType_TRUSTEDLAUNCH
+		case compute.ConfidentialVM:
+			securityType = wssdcommon.SecurityType_CONFIDENTIALVM
+		}
 	}

 	wssdsecurity := &wssdcloudcompute.SecurityConfiguration{
 		EnableTPM:    enableTPM,
 		UefiSettings: uefiSettings,
+		SecurityType: securityType,
 	}
 	return wssdsecurity, nil
 }
@ -396,8 +404,8 @@ func (c *client) getWssdVirtualMachineOSConfiguration(s *compute.OSProfile) (*ws
 	return &osconfig, nil
 }

-func (c *client) getWssdVirtualMachineGuestAgentConfiguration(s *compute.GuestAgentProfile) (*wssdcloudcompute.GuestAgentConfiguration, error) {
-	gac := &wssdcloudcompute.GuestAgentConfiguration{}
+func (c *client) getWssdVirtualMachineGuestAgentConfiguration(s *compute.GuestAgentProfile) (*wssdcommon.GuestAgentConfiguration, error) {
+	gac := &wssdcommon.GuestAgentConfiguration{}

 	if s == nil {
 		return gac, nil
@ -518,6 +526,8 @@ func (c *client) getVirtualMachineSecurityProfile(vm *wssdcloudcompute.VirtualMa
 	enableTPM := false
 	var uefiSettings *compute.UefiSettings
 	uefiSettings = nil
+	var securityType compute.SecurityTypes
+
 	if vm.Security != nil {
 		enableTPM = vm.Security.EnableTPM
 		if vm.Security.UefiSettings != nil {
@ -525,12 +535,20 @@ func (c *client) getVirtualMachineSecurityProfile(vm *wssdcloudcompute.VirtualMa
 				SecureBootEnabled: &vm.Security.UefiSettings.SecureBootEnabled,
 			}
 		}
+		switch vm.Security.SecurityType {
+		case wssdcommon.SecurityType_TRUSTEDLAUNCH:
+			securityType = compute.TrustedLaunch
+		case wssdcommon.SecurityType_CONFIDENTIALVM:
+			securityType = compute.ConfidentialVM
+		}
 	}

 	return &compute.SecurityProfile{
 		EnableTPM:    &enableTPM,
 		UefiSettings: uefiSettings,
+		SecurityType: securityType,
 	}
+
 }

 func (c *client) getVirtualMachineHostDescription(vm *wssdcloudcompute.VirtualMachine) *compute.SubResource {
@ -553,7 +571,7 @@ func (c *client) getVirtualMachineNetworkProfile(n *wssdcloudcompute.NetworkConf
 	return np
 }

-func (c *client) getVirtualMachineGuestAgentProfile(ga *wssdcloudcompute.GuestAgentConfiguration) *compute.GuestAgentProfile {
+func (c *client) getVirtualMachineGuestAgentProfile(ga *wssdcommon.GuestAgentConfiguration) *compute.GuestAgentProfile {
 	if ga == nil {
 		return nil
 	}
@ -574,7 +592,7 @@ func (c *client) getVirtualMachineGuestInstanceView(g *wssdcommon.VirtualMachine
 		AgentVersion: g.GetVmAgentVersion(),
 	}

-	for _, status := range g.Statuses {
+	for _, status := range g.GetStatuses() {
 		gapStatus := compute.InstanceViewStatus{
 			Code:          status.GetCode(),
 			Level:         status.GetLevel(),
--- a/services/compute/virtualmachinescaleset/virtualmachinescaleset.go
+++ b/services/compute/virtualmachinescaleset/virtualmachinescaleset.go
@ -55,18 +55,13 @@ func (c *client) getVirtualMachineScaleSetVMProfile(vm *wssdcloudcompute.Virtual
 	if err != nil {
 		return nil, errors.Wrapf(err, "Virtual Machine Scale Set OS Profile is invalid")
 	}
-	guestagent, err := c.getVirtualMachineScaleSetGuestAgentProfile(vm)
-	if err != nil {
-		return nil, errors.Wrapf(err, "Virtual Machine Scale Set GuestAgent Profile is invalid")
-	}

 	return &compute.VirtualMachineScaleSetVMProfile{
-		StorageProfile:    storage,
-		HardwareProfile:   hardware,
-		SecurityProfile:   security,
-		OsProfile:         os,
-		NetworkProfile:    net,
-		GuestAgentProfile: guestagent,
+		StorageProfile:  storage,
+		HardwareProfile: hardware,
+		SecurityProfile: security,
+		OsProfile:       os,
+		NetworkProfile:  net,
 	}, nil
 }

@ -139,18 +134,6 @@ func (c *client) getVirtualMachineScaleSetSecurityProfile(vm *wssdcloudcompute.V
 	return securityProfile, nil
 }

-func (c *client) getVirtualMachineScaleSetGuestAgentProfile(vm *wssdcloudcompute.VirtualMachineProfile) (*compute.GuestAgentProfile, error) {
-	if vm.GuestAgent == nil {
-		return nil, nil
-	}
-
-	guestAgentProfile := &compute.GuestAgentProfile{
-		Enabled: &vm.GuestAgent.Enabled,
-	}
-
-	return guestAgentProfile, nil
-}
-
 func (c *client) getVirtualMachineScaleSetNetworkProfile(n *wssdcloudcompute.NetworkConfigurationScaleSet) (*compute.VirtualMachineScaleSetNetworkProfile, error) {
 	np := &compute.VirtualMachineScaleSetNetworkProfile{
 		NetworkInterfaceConfigurations: &[]compute.VirtualMachineScaleSetNetworkConfiguration{},
@ -345,18 +328,13 @@ func (c *client) getWssdVirtualMachineScaleSetVMProfile(vmp *compute.VirtualMach
 	if err != nil {
 		return nil, errors.Wrapf(err, "Invalid VMSS VMProfile OS")
 	}
-	guestagent, err := c.getWssdVirtualMachineScaleSetGuestAgentConfiguration(vmp)
-	if err != nil {
-		return nil, errors.Wrapf(err, "Invalid VMSS VMProfile GuestAgent")
-	}

 	return &wssdcloudcompute.VirtualMachineProfile{
-		Storage:    storage,
-		Hardware:   hardware,
-		Security:   security,
-		Os:         os,
-		Network:    net,
-		GuestAgent: guestagent,
+		Storage:  storage,
+		Hardware: hardware,
+		Security: security,
+		Os:       os,
+		Network:  net,
 	}, nil

 }
@ -444,14 +422,6 @@ func (c *client) getWssdVirtualMachineScaleSetSecurityConfiguration(vmp *compute
 	return wssdsecurity, nil
 }

-func (c *client) getWssdVirtualMachineScaleSetGuestAgentConfiguration(vmp *compute.VirtualMachineScaleSetVMProfile) (*wssdcloudcompute.GuestAgentConfiguration, error) {
-	wssdguestagent := &wssdcloudcompute.GuestAgentConfiguration{}
-	if vmp.GuestAgentProfile != nil && vmp.GuestAgentProfile.Enabled != nil {
-		wssdguestagent.Enabled = *vmp.GuestAgentProfile.Enabled
-	}
-	return wssdguestagent, nil
-}
-
 func (c *client) getWssdVirtualMachineScaleSetNetworkConfiguration(s *compute.VirtualMachineScaleSetNetworkProfile) (*wssdcloudcompute.NetworkConfigurationScaleSet, error) {
 	if s == nil {
 		return nil, errors.Wrapf(errors.InvalidConfiguration, "VirtualMachineScaleSetNetworkProfile Input is missing")
--- a/services/network/networkinterface/networkinterface.go
+++ b/services/network/networkinterface/networkinterface.go
@ -126,6 +126,9 @@ func getWssdNetworkInterfaceIPConfig(ipConfig *network.InterfaceIPConfiguration)
 	if ipConfig.Gateway != nil {
 		wssdipconfig.Gateway = *ipConfig.Gateway
 	}
+	if ipConfig.Primary != nil {
+		wssdipconfig.Primary = *ipConfig.Primary
+	}
 	ipAllocationMethodSdkToProtobuf(ipConfig, wssdipconfig)

 	if ipConfig.LoadBalancerBackendAddressPools != nil {
@ -182,6 +185,7 @@ func getNetworkIpConfig(wssdcloudipconfig *wssdcloudnetwork.IpConfiguration) *ne
 			Subnet:           &network.APIEntityReference{ID: &wssdcloudipconfig.Subnetid},
 			Gateway:          &wssdcloudipconfig.Gateway,
 			PrefixLength:     &wssdcloudipconfig.Prefixlength,
+			Primary:          &wssdcloudipconfig.Primary,
 		},
 	}

--- a/services/security/keyvault/key/key.go
+++ b/services/security/keyvault/key/key.go
@ -305,6 +305,10 @@ func GetMOCKeyWrappingAlgorithm(algo keyvault.KeyWrappingAlgorithm) (wrappingAlg
 	switch algo {
 	case keyvault.CKM_RSA_AES_KEY_WRAP:
 		wrappingAlgo = wssdcloudcommon.KeyWrappingAlgorithm_CKM_RSA_AES_KEY_WRAP
+	case keyvault.RSA_AES_KEY_WRAP_256:
+		wrappingAlgo = wssdcloudcommon.KeyWrappingAlgorithm_RSA_AES_KEY_WRAP_256
+	case keyvault.RSA_AES_KEY_WRAP_384:
+		wrappingAlgo = wssdcloudcommon.KeyWrappingAlgorithm_RSA_AES_KEY_WRAP_384
 	default:
 		err = errors.Wrapf(errors.InvalidInput, "Invalid Algorithm [%s]", algo)
 	}
@ -315,6 +319,10 @@ func GetKeyWrappingAlgorithm(algo wssdcloudcommon.KeyWrappingAlgorithm) (wrappin
 	switch algo {
 	case wssdcloudcommon.KeyWrappingAlgorithm_CKM_RSA_AES_KEY_WRAP:
 		wrappingAlgo = keyvault.CKM_RSA_AES_KEY_WRAP
+	case wssdcloudcommon.KeyWrappingAlgorithm_RSA_AES_KEY_WRAP_256:
+		wrappingAlgo = keyvault.RSA_AES_KEY_WRAP_256
+	case wssdcloudcommon.KeyWrappingAlgorithm_RSA_AES_KEY_WRAP_384:
+		wrappingAlgo = keyvault.RSA_AES_KEY_WRAP_384
 	default:
 		err = errors.Wrapf(errors.Failed, "Invalid Algorithm [%s]", algo)
 	}
--- a/services/security/keyvault/keyvault.go
+++ b/services/security/keyvault/keyvault.go
@ -208,6 +208,10 @@ type KeyWrappingAlgorithm string
 const (
 	// CKM_RSA_AES_KEY_WRAP
 	CKM_RSA_AES_KEY_WRAP KeyWrappingAlgorithm = "CKM_RSA_AES_KEY_WRAP"
+	//RSA_AES_KEY_WRAP_256
+	RSA_AES_KEY_WRAP_256 KeyWrappingAlgorithm = "RSA_AES_KEY_WRAP_256"
+	//RSA_AES_KEY_WRAP_384
+	RSA_AES_KEY_WRAP_384 KeyWrappingAlgorithm = "RSA_AES_KEY_WRAP_384"
 	// NO_KEY_WRAP
 	NO_KEY_WRAP KeyWrappingAlgorithm = "NO_KEY_WRAP"
 )
--- a/services/security/role/role.go
+++ b/services/security/role/role.go
@ -110,12 +110,182 @@ func getMocProviderAction(action *security.Action) (wssdcloudcommon.ProviderAcce
 	}

 	switch action.ProviderOperation {
+	case security.Authentication_LoginAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Authentication_Login, nil
+	case security.Certificate_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Certificate_Create, nil
+	case security.Certificate_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Certificate_Update, nil
+	case security.Certificate_GetAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Certificate_Get, nil
+	case security.Certificate_DeleteAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Certificate_Delete, nil
+	case security.Certificate_SignAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Certificate_Sign, nil
+	case security.Certificate_RenewAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Certificate_Renew, nil
+	case security.Identity_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Identity_Create, nil
+	case security.Identity_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Identity_Update, nil
+	case security.Identity_RevokeAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Identity_Revoke, nil
+	case security.Identity_RotateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Identity_Rotate, nil
+	case security.IdentityCertificate_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_IdentityCertificate_Create, nil
+	case security.IdentityCertificate_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_IdentityCertificate_Update, nil
+	case security.IdentityCertificate_RenewAccess:
+		return wssdcloudcommon.ProviderAccessOperation_IdentityCertificate_Renew, nil
+	case security.Key_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_Create, nil
+	case security.Key_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_Update, nil
+	case security.Key_EncryptAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_Encrypt, nil
+	case security.Key_DecryptAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_Decrypt, nil
+	case security.Key_WrapKeyAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_WrapKey, nil
+	case security.Key_UnwrapKeyAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_UnwrapKey, nil
+	case security.Key_SignAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_Sign, nil
+	case security.Key_VerifyAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Key_Verify, nil
+	case security.VirtualMachine_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachine_Create, nil
+	case security.VirtualMachine_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachine_Update, nil
+	case security.VirtualMachine_DeleteAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachine_Delete, nil
+	case security.VirtualMachine_ValidateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachine_Validate, nil
 	case security.VirtualMachine_StartAccess:
 		return wssdcloudcommon.ProviderAccessOperation_VirtualMachine_Start, nil
 	case security.VirtualMachine_StopAccess:
 		return wssdcloudcommon.ProviderAccessOperation_VirtualMachine_Stop, nil
 	case security.VirtualMachine_ResetAccess:
 		return wssdcloudcommon.ProviderAccessOperation_VirtualMachine_Reset, nil
+	case security.Cluster_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Cluster_Create, nil
+	case security.Cluster_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Cluster_Update, nil
+	case security.Cluster_LoadClusterAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Cluster_LoadCluster, nil
+	case security.Cluster_UnloadClusterAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Cluster_UnloadCluster, nil
+	case security.Cluster_GetClusterAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Cluster_GetCluster, nil
+	case security.Cluster_GetNodesAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Cluster_GetNodes, nil
+	case security.Debug_DebugServerAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Debug_DebugServer, nil
+	case security.Debug_StackTraceAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Debug_StackTrace, nil
+	case security.BaremetalHost_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_BaremetalHost_Create, nil
+	case security.BaremetalHost_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_BaremetalHost_Update, nil
+	case security.BaremetalMachine_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_BaremetalMachine_Create, nil
+	case security.BaremetalMachine_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_BaremetalMachine_Update, nil
+	case security.ControlPlane_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_ControlPlane_Create, nil
+	case security.ControlPlane_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_ControlPlane_Update, nil
+	case security.EtcdCluster_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_EtcdCluster_Create, nil
+	case security.EtcdCluster_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_EtcdCluster_Update, nil
+	case security.EtcdServer_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_EtcdServer_Create, nil
+	case security.EtcdServer_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_EtcdServer_Update, nil
+	case security.GalleryImage_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_GalleryImage_Create, nil
+	case security.GalleryImage_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_GalleryImage_Update, nil
+	case security.Group_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Group_Create, nil
+	case security.Group_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Group_Update, nil
+	case security.KeyVault_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_KeyVault_Create, nil
+	case security.KeyVault_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_KeyVault_Update, nil
+	case security.Kubernetes_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Kubernetes_Create, nil
+	case security.Kubernetes_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Kubernetes_Update, nil
+	case security.LoadBalancer_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_LoadBalancer_Create, nil
+	case security.LoadBalancer_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_LoadBalancer_Update, nil
+	case security.Location_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Location_Create, nil
+	case security.Location_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Location_Update, nil
+	case security.Macpool_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Macpool_Create, nil
+	case security.Macpool_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Macpool_Update, nil
+	case security.NetworkInterface_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_NetworkInterface_Create, nil
+	case security.NetworkInterface_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_NetworkInterface_Update, nil
+	case security.Node_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Node_Create, nil
+	case security.Node_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Node_Update, nil
+	case security.Recovery_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Recovery_Create, nil
+	case security.Recovery_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Recovery_Update, nil
+	case security.Role_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Role_Create, nil
+	case security.Role_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Role_Update, nil
+	case security.RoleAssignment_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_RoleAssignment_Create, nil
+	case security.RoleAssignment_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_RoleAssignment_Update, nil
+	case security.Secret_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Secret_Create, nil
+	case security.Secret_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Secret_Update, nil
+	case security.StorageContainer_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_StorageContainer_Create, nil
+	case security.StorageContainer_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_StorageContainer_Update, nil
+	case security.Subscription_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Subscription_Create, nil
+	case security.Subscription_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Subscription_Update, nil
+	case security.Validation_ValidateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_Validation_Validate, nil
+	case security.VipPool_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VipPool_Create, nil
+	case security.VipPool_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VipPool_Update, nil
+	case security.VirtualHardDisk_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualHardDisk_Create, nil
+	case security.VirtualHardDisk_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualHardDisk_Update, nil
+	case security.VirtualMachineImage_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachineImage_Create, nil
+	case security.VirtualMachineImage_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachineImage_Update, nil
+	case security.VirtualMachineScaleSet_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachineScaleSet_Create, nil
+	case security.VirtualMachineScaleSet_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualMachineScaleSet_Update, nil
+	case security.VirtualNetwork_CreateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualNetwork_Create, nil
+	case security.VirtualNetwork_UpdateAccess:
+		return wssdcloudcommon.ProviderAccessOperation_VirtualNetwork_Update, nil
 	default:
 		return wssdcloudcommon.ProviderAccessOperation_Unspecified, errors.Wrapf(errors.InvalidInput, "([provideraction] Access: [%v]", action.ProviderOperation)
 	}
--- a/services/security/security.go
+++ b/services/security/security.go
@ -183,43 +183,130 @@ const (
 type ProviderAccessOperation string

 const (
-	Unspecified_Access          ProviderAccessOperation = "unspecified"
-	Authentication_LoginAccess  ProviderAccessOperation = "authentication_login"
-	Certificate_GetAccess       ProviderAccessOperation = "certificate_get"
-	Certificate_DeleteAccess    ProviderAccessOperation = "certificate_delete"
-	Certificate_SignAccess      ProviderAccessOperation = "certificate_sign"
-	Certificate_RenewAccess     ProviderAccessOperation = "certificate_renew"
-	VirtualMachine_StartAccess  ProviderAccessOperation = "virtualmachine_start"
-	VirtualMachine_StopAccess   ProviderAccessOperation = "virtualmachine_stop"
-	VirtualMachine_ResetAccess  ProviderAccessOperation = "virtualmachine_reset"
+	Unspecified_Access ProviderAccessOperation = "unspecified"
+
+	Authentication_LoginAccess ProviderAccessOperation = "authentication_login"
+
+	Certificate_CreateAccess ProviderAccessOperation = "certificate_create"
+	Certificate_UpdateAccess ProviderAccessOperation = "certificate_update"
+	Certificate_GetAccess    ProviderAccessOperation = "certificate_get"
+	Certificate_DeleteAccess ProviderAccessOperation = "certificate_delete"
+	Certificate_SignAccess   ProviderAccessOperation = "certificate_sign"
+	Certificate_RenewAccess  ProviderAccessOperation = "certificate_renew"
+
+	Identity_CreateAccess ProviderAccessOperation = "identity_create"
+	Identity_UpdateAccess ProviderAccessOperation = "identity_update"
+	Identity_RevokeAccess ProviderAccessOperation = "identity_revoke"
+	Identity_RotateAccess ProviderAccessOperation = "identity_rotate"
+
+	IdentityCertificate_CreateAccess ProviderAccessOperation = "identitycertificate_create"
+	IdentityCertificate_UpdateAccess ProviderAccessOperation = "identitycertificate_update"
+	IdentityCertificate_RenewAccess  ProviderAccessOperation = "identitycertificate_renew"
+
+	Key_CreateAccess    ProviderAccessOperation = "key_create"
+	Key_UpdateAccess    ProviderAccessOperation = "key_update"
+	Key_EncryptAccess   ProviderAccessOperation = "key_encrypt"
+	Key_DecryptAccess   ProviderAccessOperation = "key_decrypt"
+	Key_WrapKeyAccess   ProviderAccessOperation = "key_wrapkey"
+	Key_UnwrapKeyAccess ProviderAccessOperation = "key_unwrapkey"
+	Key_SignAccess      ProviderAccessOperation = "key_sign"
+	Key_VerifyAccess    ProviderAccessOperation = "key_verify"
+
+	VirtualMachine_CreateAccess   ProviderAccessOperation = "virtualmachine_create"
+	VirtualMachine_UpdateAccess   ProviderAccessOperation = "virtualmachine_update"
+	VirtualMachine_DeleteAccess   ProviderAccessOperation = "virtualmachine_delete"
+	VirtualMachine_ValidateAccess ProviderAccessOperation = "virtualmachine_validate"
+	VirtualMachine_StartAccess    ProviderAccessOperation = "virtualmachine_start"
+	VirtualMachine_StopAccess     ProviderAccessOperation = "virtualmachine_stop"
+	VirtualMachine_ResetAccess    ProviderAccessOperation = "virtualmachine_reset"
+
+	Cluster_CreateAccess        ProviderAccessOperation = "cluster_create"
+	Cluster_UpdateAccess        ProviderAccessOperation = "cluster_update"
 	Cluster_LoadClusterAccess   ProviderAccessOperation = "cluster_loadcluster"
 	Cluster_UnloadClusterAccess ProviderAccessOperation = "cluster_unloadcluster"
 	Cluster_GetClusterAccess    ProviderAccessOperation = "cluster_getcluster"
 	Cluster_GetNodesAccess      ProviderAccessOperation = "cluster_getnodes"
-)

-// Unspecified = 0;
-// Authentication_Login = 1;
-// Certificate_Get = 2;
-// Certificate_Delete = 3;
-// Certificate_Sign = 4;
-// Certificate_Renew = 5;
-// Identity_Revoke = 6;
-// Identity_Rotate = 7;
-// Identity_OperateCertificates = 8;
-// Key_Encrypt = 9;
-// Key_Decrypt = 10;
-// Key_WrapKey = 11;
-// Key_UnwrapKey = 12;
-// Key_Sign = 13;
-// Key_Verify = 14;
-// VirtualMachine_Start = 15;
-// VirtualMachine_Stop= 16;
-// VirtualMachine_Reset = 17;
-// Cluster_LoadCluster = 18;
-// Cluster_UnloadCluster = 19;
-// Cluster_GetCluster = 20;
-// Cluster_GetNodes = 21;
+	Debug_DebugServerAccess ProviderAccessOperation = "debug_debugserver"
+	Debug_StackTraceAccess  ProviderAccessOperation = "debug_stacktrace"
+
+	BaremetalHost_CreateAccess ProviderAccessOperation = "baremetalhost_create"
+	BaremetalHost_UpdateAccess ProviderAccessOperation = "baremetalhost_update"
+
+	BaremetalMachine_CreateAccess ProviderAccessOperation = "baremetalmachine_create"
+	BaremetalMachine_UpdateAccess ProviderAccessOperation = "baremetalmachine_update"
+
+	ControlPlane_CreateAccess ProviderAccessOperation = "controlplane_create"
+	ControlPlane_UpdateAccess ProviderAccessOperation = "controlplane_update"
+
+	EtcdCluster_CreateAccess ProviderAccessOperation = "etcdcluster_create"
+	EtcdCluster_UpdateAccess ProviderAccessOperation = "etcdcluster_update"
+
+	EtcdServer_CreateAccess ProviderAccessOperation = "etcdserver_create"
+	EtcdServer_UpdateAccess ProviderAccessOperation = "etcdserver_update"
+
+	GalleryImage_CreateAccess ProviderAccessOperation = "galleryimage_create"
+	GalleryImage_UpdateAccess ProviderAccessOperation = "galleryimage_update"
+
+	Group_CreateAccess ProviderAccessOperation = "group_create"
+	Group_UpdateAccess ProviderAccessOperation = "group_update"
+
+	KeyVault_CreateAccess ProviderAccessOperation = "keyvault_create"
+	KeyVault_UpdateAccess ProviderAccessOperation = "keyvault_update"
+
+	Kubernetes_CreateAccess ProviderAccessOperation = "kubernetes_create"
+	Kubernetes_UpdateAccess ProviderAccessOperation = "kubernetes_update"
+
+	LoadBalancer_CreateAccess ProviderAccessOperation = "loadbalancer_create"
+	LoadBalancer_UpdateAccess ProviderAccessOperation = "loadbalancer_update"
+
+	Location_CreateAccess ProviderAccessOperation = "location_create"
+	Location_UpdateAccess ProviderAccessOperation = "location_update"
+
+	Macpool_CreateAccess ProviderAccessOperation = "macpool_create"
+	Macpool_UpdateAccess ProviderAccessOperation = "macpool_update"
+
+	NetworkInterface_CreateAccess ProviderAccessOperation = "networkinterface_create"
+	NetworkInterface_UpdateAccess ProviderAccessOperation = "networkinterface_update"
+
+	Node_CreateAccess ProviderAccessOperation = "node_create"
+	Node_UpdateAccess ProviderAccessOperation = "node_update"
+
+	Recovery_CreateAccess ProviderAccessOperation = "recovery_create"
+	Recovery_UpdateAccess ProviderAccessOperation = "recovery_update"
+
+	Role_CreateAccess ProviderAccessOperation = "role_create"
+	Role_UpdateAccess ProviderAccessOperation = "role_update"
+
+	RoleAssignment_CreateAccess ProviderAccessOperation = "roleassignment_create"
+	RoleAssignment_UpdateAccess ProviderAccessOperation = "roleassignment_update"
+
+	Secret_CreateAccess ProviderAccessOperation = "secret_create"
+	Secret_UpdateAccess ProviderAccessOperation = "secret_update"
+
+	StorageContainer_CreateAccess ProviderAccessOperation = "storagecontainer_create"
+	StorageContainer_UpdateAccess ProviderAccessOperation = "storagecontainer_update"
+
+	Subscription_CreateAccess ProviderAccessOperation = "subscription_create"
+	Subscription_UpdateAccess ProviderAccessOperation = "subscription_update"
+
+	Validation_ValidateAccess ProviderAccessOperation = "validation_validate"
+
+	VipPool_CreateAccess ProviderAccessOperation = "vippool_create"
+	VipPool_UpdateAccess ProviderAccessOperation = "vippool_update"
+
+	VirtualHardDisk_CreateAccess ProviderAccessOperation = "virtualharddisk_create"
+	VirtualHardDisk_UpdateAccess ProviderAccessOperation = "virtualharddisk_update"
+
+	VirtualMachineImage_CreateAccess ProviderAccessOperation = "virtualmachineimage_create"
+	VirtualMachineImage_UpdateAccess ProviderAccessOperation = "virtualmachineimage_update"
+
+	VirtualMachineScaleSet_CreateAccess ProviderAccessOperation = "virtualmachinescaleset_create"
+	VirtualMachineScaleSet_UpdateAccess ProviderAccessOperation = "virtualmachinescaleset_update"
+
+	VirtualNetwork_CreateAccess ProviderAccessOperation = "virtualnetwork_create"
+	VirtualNetwork_UpdateAccess ProviderAccessOperation = "virtualnetwork_update"
+)

 // Permissions permissions the identity has for keys, secrets, certificates and storage.
 type Permissions struct {