pass vm size into fips helper script

mxj220 · mxj220 · commit f1073bc5893a · 2026-01-23T20:58:53.000Z
diff --git a/vhdbuilder/packer/fips-helper.sh b/vhdbuilder/packer/fips-helper.sh
@@ -99,22 +99,9 @@ EOF
 
 # Function to create FIPS-enabled VM using REST API
 create_fips_vm() {
+    local vm_size="$1"
     echo "Creating VM with FIPS 140-3 encryption using REST API..."
 
-    # Prepare VM creation parameters
-    local VM_SIZE="Standard_D8ds_v5"
-
-    # shellcheck disable=SC3010
-    if [[ "${ARCHITECTURE,,}" == "arm64" ]]; then
-        VM_SIZE="Standard_D8pds_v5"
-    fi
-
-    # GB200 specific VM options for scanning (uses standard ARM64 VM for now)
-    if [ "${OS_TYPE}" = "Linux" ] && grep -q "GB200" <<< "$FEATURE_FLAGS"; then
-        echo "GB200: Using standard ARM64 VM options for scanning"
-        # Additional GB200-specific VM options can be added here when GB200 SKUs are available
-    fi
-
     # Build the VM request body for FIPS scenario
     local VM_BODY=$(build_fips_vm_body \
         "$PACKER_BUILD_LOCATION" \
@@ -124,7 +111,7 @@ create_fips_vm() {
         "$VHD_IMAGE" \
         "$SCANNING_NIC_ID" \
         "$UMSI_RESOURCE_ID" \
-        "$VM_SIZE")
+        "$vm_size")
 
     # Create the VM using REST API
     az rest \
diff --git a/vhdbuilder/packer/vhd-scanning.sh b/vhdbuilder/packer/vhd-scanning.sh
@@ -74,19 +74,22 @@ function cleanup() {
 trap cleanup EXIT
 capture_benchmark "${SCRIPT_NAME}_set_variables_and_create_scan_resource_group"
 
-VM_OPTIONS="--size Standard_D8ds_v5"
+VM_SIZE="Standard_D8ds_v5"
+VM_OPTIONS="--size $VM_SIZE"
 # shellcheck disable=SC3010
 if [[ "${ARCHITECTURE,,}" == "arm64" ]]; then
-    VM_OPTIONS="--size Standard_D8pds_v5"
+    VM_SIZE="Standard_D8pds_v5"
+    VM_OPTIONS="--size $VM_SIZE"
 fi
 
 if [ "${OS_TYPE}" = "Linux" ] && [ "${ENABLE_TRUSTED_LAUNCH}" = "True" ]; then
     VM_OPTIONS+=" --security-type TrustedLaunch --enable-secure-boot true --enable-vtpm true"
 fi
 
 if [ "${OS_TYPE}" = "Linux" ] && grep -q "cvm" <<< "$FEATURE_FLAGS"; then
+    VM_SIZE="Standard_DC8ads_v5"
     # We completely re-assign the VM_OPTIONS string here to ensure that no artifacts from earlier conditionals are included
-    VM_OPTIONS="--size Standard_DC8ads_v5 --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true"
+    VM_OPTIONS="--size $VM_SIZE --security-type ConfidentialVM --enable-secure-boot true --enable-vtpm true --os-disk-security-encryption-type VMGuestStateOnly --specialized true"
 fi
 
 # GB200 specific VM options for scanning (uses standard ARM64 VM for now)
@@ -110,7 +113,7 @@ if [ "${OS_SKU}" = "Ubuntu" ] && [ "${OS_VERSION}" = "22.04" ] && [ "$(printf %s
 
     # Register FIPS feature and create VM using REST API
     ensure_fips_feature_registered
-    create_fips_vm
+    create_fips_vm "$VM_SIZE"
 else
     echo "Creating VM using standard az vm create command..."
 
