Azure · timmy-wright · Feb 16, 2025 · Feb 13, 2025 · Feb 13, 2025 · Feb 16, 2025
@@ -11,13 +11,25 @@
 
 #WindowsRegistryKeys: [...#WindowsRegistryKey]
 
+#WindowsPatch: {
+  id: string
+  url: string
+}
+
+#WindowsPatches: [...#WindowsPatch]
+
 #WindowsBaseVersion: {
+  comment?:           string
   os_disk_size?:      string
   base_image_sku:     string,
   base_image_version: string
   windows_image_name: string
+  patches_to_apply:   #WindowsPatches
 }
 
+#WindowsComments: [...string]
+
+
 #WindowsBaseVersions: {
   "2019": #WindowsBaseVersion
   "2019-containerd": #WindowsBaseVersion
@@ -27,7 +39,14 @@
   "23H2-gen2": #WindowsBaseVersion
 }
 
+#WindowsDefenderInfo: {
+  DefenderUpdateUrl:     string,
+  DefenderUpdateInfoUrl: string
+}
+
 #WindowsSettings: {
+  WindowsComments?:    #WindowsComments
+  WindowsDefenderInfo: #WindowsDefenderInfo
   WindowsRegistryKeys: #WindowsRegistryKeys
   WindowsBaseVersions: #WindowsBaseVersions
 }

@@ -202,4 +202,59 @@ function LogReleaseNotesForWindowsRegistryKeys
     }
 
     return $logLines
+}
+
+function GetPatchInfo
+{
+    Param(
+        [Parameter(Mandatory = $true)][Object]
+        $windowsSku,
+
+        [Parameter(Mandatory = $true)][Object]
+        $windowsSettingsContent
+    )
+
+    $output = New-Object System.Collections.ArrayList
+
+    $baseVersionBlock = $windowsSettingsContent.WindowsBaseVersions."$windowsSku";
+
+    if ($baseVersionBlock -eq $null) {
+        return $output
+    }
+
+    $patchData = $baseVersionBlock.patches_to_apply
+
+    # I'd much rather have two functions here - one to return the ids and one to return the urls. But annoyingly
+    # powershell converts an array of strings of size 1 into a string. Which is super dumb. And means we can't trust
+    # the return value of the function to be an array. It's OK for some of the functions above as they'll always be
+    # returning lots of items. But there is usually only one patch to apply.
+    return $patchData
+}
+
+function GetWindowsBaseVersions {
+    Param(
+        [Parameter(Mandatory = $true)][Object]
+        $windowsSettingsContent
+    )
+
+    return $windowsSettingsContent.WindowsBaseVersions.PSObject.Properties.Name
+}
+
+function GetDefenderUpdateUrl {
+    Param(
+        [Parameter(Mandatory = $true)][Object]
+        $windowsSettingsContent
+    )
+
+    return $windowsSettingsContent.WindowsDefenderInfo.DefenderUpdateUrl
+}
+
+
+function GetDefenderUpdateInfoUrl {
+    Param(
+        [Parameter(Mandatory = $true)][Object]
+        $windowsSettingsContent
+    )
+
+    return $windowsSettingsContent.WindowsDefenderInfo.DefenderUpdateInfoUrl
 }
@@ -3,6 +3,104 @@ BeforeAll {
     . $PSCommandPath.Replace('.tests.ps1', '.ps1')
 }
 
+Describe 'GetWindowsDefenderInfo' {
+    BeforeEach {
+        $testString = '{
+   "WindowsDefenderInfo": {
+    "DefenderUpdateUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64",
+    "DefenderUpdateInfoUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info"
+  },
+}'
+        $windowsSettings = echo $testString | ConvertFrom-Json
+    }
+
+    it 'returns the right info for GetDefenderUpdateUrl' {
+        GetDefenderUpdateUrl $windowsSettings | Should -Be "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64"
+    }
+
+    it 'returns the right info for GetDefenderUpdateInfoUrl' {
+        GetDefenderUpdateInfoUrl $windowsSettings | Should -Be "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info"
+    }
+
+}
+
+Describe 'GetWindowsBaseVersions' {
+    BeforeEach {
+        $testString = '{
+  "WindowsBaseVersions": {
+    "2019": {
+      "base_image_sku": "2019-Datacenter-Core-smalldisk",
+      "windows_image_name": "windows-2019",
+      "base_image_version": "17763.6893.250210",
+      "patches_to_apply": [{"id": "patchid", "url": "patch_url"}]
+    },
+     "23H2-gen2": {
+      "base_image_sku": "2019-Datacenter-Core-smalldisk",
+      "windows_image_name": "windows-2019",
+      "base_image_version": "17763.6893.250210",
+      "patches_to_apply": [{"id": "patchid", "url": "patch_url"}]
+    }
+  }
+}'
+        $windowsSettings = echo $testString | ConvertFrom-Json
+    }
+
+    it "returns the bsae versions" {
+        $baseVersions = GetWindowsBaseVersions $windowsSettings
+        $baseVersions.Length | Should -Be 2
+        $baseVersions | Should -Contain "2019"
+        $baseVersions | Should -Contain "23H2-gen2"
+    }
+}
+
+Describe 'WindowsBaseVersions' {
+    BeforeEach {
+        $testString = '{
+  "WindowsBaseVersions": {
+    "2019": {
+      "base_image_sku": "2019-Datacenter-Core-smalldisk",
+      "windows_image_name": "windows-2019",
+      "base_image_version": "17763.6893.250210",
+      "patches_to_apply": [{"id": "patchid", "url": "patch_url"}]
+    }
+  }
+}'
+        $windowsSettings = echo $testString | ConvertFrom-Json
+    }
+
+    it "returns an empty array for an unknown windows sku" {
+        $patchurls = GetPatchInfo "12345" $windowsSettings
+        $patchurls.Length | Should -Be 0
+    }
+
+    it "can extract patch urls for windows 2019" {
+        $patchurls = GetPatchInfo "2019" $windowsSettings
+        $patchurls[0].url | Should -Be "patch_url"
+        $patchurls[0].id | Should -Be "patchid"
+        $patchurls.Length | Should -Be 1
+    }
+
+    it "can extract two patch urls for windows 2019" {
+        $testString = '{
+  "WindowsBaseVersions": {
+    "2019": {
+      "base_image_sku": "2019-Datacenter-Core-smalldisk",
+      "windows_image_name": "windows-2019",
+      "base_image_version": "17763.6893.250210",
+      "patches_to_apply": [{"id": "patchid1", "url": "patch_url1"},{"id": "patchid2", "url": "patch_url2"}]
+    }
+  }
+}'
+        $windowsSettings = echo $testString | ConvertFrom-Json
+        $patchurls = GetPatchInfo "2019" $windowsSettings
+        $patchurls[0].url | Should -Be "patch_url1"
+        $patchurls[0].id | Should -Be "patchid1"
+        $patchurls[1].url | Should -Be "patch_url2"
+        $patchurls[1].id | Should -Be "patchid2"
+        $patchurls.Length | Should -Be 2
+    }
+}
+
 Describe 'LogReleaseNotesForWindowsRegistryKeys' {
     BeforeEach {
         $testString = '{

@@ -1,9 +1,8 @@
+# TODO - over time this file should contain less and less info, and really just source the json and helpers file. Then that logic can be moved into
+# the scripts that use this file and this file can be deleted.
+
+
 $global:windowsSKU = $env:WindowsSKU
-$validSKU = @("2019-containerd", "2022-containerd", "2022-containerd-gen2", "23H2", "23H2-gen2")
-if (-not ($validSKU -contains $windowsSKU))
-{
-    throw "Unsupported windows image SKU: $windowsSKU"
-}
 
 # We use the same temp dir for all temp tools that will be used for vhd build
 $global:aksTempDir = "c:\akstemp"
@@ -14,48 +13,6 @@ $global:aksToolsDir = "c:\aks-tools"
 # We need to guarantee that the node provisioning will not fail because the vhd is full before resize-osdisk is called in AKS Windows CSE script.
 $global:lowestFreeSpace = 1*1024*1024*1024 # 1GB
 
-$global:excludeHashComparisionListInAzureChinaCloud = @(
-    "calico-windows",
-    "azure-vnet-cni-singletenancy-windows-amd64",
-    "azure-vnet-cni-singletenancy-swift-windows-amd64",
-    "azure-vnet-cni-singletenancy-overlay-windows-amd64",
-    # We need upstream's help to republish this package. Before that, it does not impact functionality and 1.26 is only in public preview
-    # so we can ignore the different hash values.
-    "v1.26.0-1int.zip",
-    "azure-acr-credential-provider-windows-amd64-v1.29.2.tar.gz"
-)
-
-# Windows Server 2019 update history can be found at https://support.microsoft.com/en-us/help/4464619
-# Windows Server 2022 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-2022-update-history-e1caa597-00c5-4ab9-9f3e-8212fe80b2ee
-# Windows Server 23H2 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-version-23h2-update-history-68c851ff-825a-4dbc-857b-51c5aa0ab248
-# then you can get download links by searching for specific KBs at http://www.catalog.update.microsoft.com/home.aspx
-#
-# IMPORTANT NOTES: Please check the KB article before getting the KB links. For example, for 2021-4C:
-# You must install the April 22, 2021 servicing stack update (SSU) (KB5001407) before installing the latest cumulative update (LCU).
-# SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU.
-
-# defenderUpdateUrl refers to the latest windows defender platform update
-$global:defenderUpdateUrl = "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64"
-# defenderUpdateInfoUrl refers to the info of latest windows defender platform update
-$global:defenderUpdateInfoUrl = "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info"
-
-switch -Regex ($windowsSku)
-{
-    "2019-containerd" {
-        $global:patchUrls = @()
-        $global:patchIDs = @()
-    }
-    "2022-containerd*" {
-        $global:patchUrls = @()
-        $global:patchIDs = @()
-    }
-    "23H2*" {
-        $global:patchUrls = @()
-        $global:patchIDs = @()
-    }
-}
-
-
 $HelpersFile = "c:/k/components_json_helpers.ps1"
 $ComponentsJsonFile = "c:/k/components.json"
 $WindowsSettingsFile = "c:/k/windows_settings.json"
@@ -84,15 +41,42 @@ Write-Output "WindowsSettingsFile: $WindowsSettingsFile"
 
 $componentsJson = Get-Content $ComponentsJsonFile | Out-String | ConvertFrom-Json
 $windowsSettingsJson = Get-Content $WindowsSettingsFile | Out-String | ConvertFrom-Json
+$patch_data = GetPatchInfo $windowsSKU $windowsSettingsJson
+$global:patchUrls = $patch_data | % { $_.url }
+$global:patchIDs = $patch_data | % { $_.id }
 
 $global:imagesToPull = GetComponentsFromComponentsJson $componentsJson
 $global:keysToSet = GetRegKeysToApply $windowsSettingsJson
 $global:map = GetPackagesFromComponentsJson $componentsJson
 $global:releaseNotesToSet = GetKeyMapForReleaseNotes $windowsSettingsJson
 
+$validSKU = GetWindowsBaseVersions $windowsSettingsJson
+if (-not ($validSKU -contains $windowsSKU))
+{
+    throw "Unsupported windows image SKU: $windowsSKU"
+}
+
 # Different from other packages which are downloaded/cached and used later only during CSE, windows containerd is installed
 # during building the Windows VHD to cache container images.
 # We use the latest containerd package to start containerd then cache images, and the latest one is expected to be
 # specified by AKS PR for most of the cases. BUT as long as there's a new unpacked image version, we should keep the
 # versions synced.
 $global:defaultContainerdPackageUrl = GetDefaultContainerDFromComponentsJson $componentsJson
+
+# defenderUpdateUrl refers to the latest windows defender platform update
+$global:defenderUpdateUrl = GetDefenderUpdateUrl $windowsSettingsJson
+# defenderUpdateInfoUrl refers to the info of latest windows defender platform update
+$global:defenderUpdateInfoUrl = GetDefenderUpdateInfoUrl $windowsSettingsJson
+
+# The following items still need to be migrated into the windows_settings file.
+$global:excludeHashComparisionListInAzureChinaCloud = @(
+    "calico-windows",
+    "azure-vnet-cni-singletenancy-windows-amd64",
+    "azure-vnet-cni-singletenancy-swift-windows-amd64",
+    "azure-vnet-cni-singletenancy-overlay-windows-amd64",
+    # We need upstream's help to republish this package. Before that, it does not impact functionality and 1.26 is only in public preview
+    # so we can ignore the different hash values.
+    "v1.26.0-1int.zip",
+    "azure-acr-credential-provider-windows-amd64-v1.29.2.tar.gz"
+)
+
@@ -1,38 +1,58 @@
 {
+  "WindowsComments": [
+    "Windows Server 2019 update history can be found at https://support.microsoft.com/en-us/help/4464619",
+    "Windows Server 2022 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-2022-update-history-e1caa597-00c5-4ab9-9f3e-8212fe80b2ee",
+    "Windows Server 23H2 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-version-23h2-update-history-68c851ff-825a-4dbc-857b-51c5aa0ab248",
+    "Then you can get download links by searching for specific KBs at http://www.catalog.update.microsoft.com/home.aspx",
+    "",
+    "IMPORTANT NOTES: Please check the KB article before getting the KB links. For example, for 2021-4C:",
+    "You must install the April 22, 2021 servicing stack update (SSU) (KB5001407) before installing the latest cumulative update (LCU).",
+    "SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU."
+  ],
+  "WindowsDefenderInfo": {
+    "DefenderUpdateUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64",
+    "DefenderUpdateInfoUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info"
+  },
   "WindowsBaseVersions": {
     "2019": {
       "base_image_sku": "2019-Datacenter-Core-smalldisk",
       "windows_image_name": "windows-2019",
-      "base_image_version": "17763.6893.250210"
+      "base_image_version": "17763.6893.250210",
+      "patches_to_apply": []
     },
     "2019-containerd": {
       "base_image_sku": "2019-Datacenter-Core-smalldisk",
       "windows_image_name": "windows-2019-containerd",
-      "base_image_version": "17763.6893.250210"
+      "base_image_version": "17763.6893.250210",
+      "patches_to_apply": []
     },
     "2022-containerd": {
       "os_disk_size": "35",
       "base_image_sku": "2022-Datacenter-Core-smalldisk",
       "windows_image_name": "windows-2022-containerd",
-      "base_image_version": "20348.3207.250210"
+      "base_image_version": "20348.3207.250210",
+      "patches_to_apply": []
     },
     "2022-containerd-gen2": {
       "os_disk_size": "35",
       "base_image_sku": "2022-datacenter-core-smalldisk-g2",
       "windows_image_name": "windows-2022-containerd",
-      "base_image_version": "20348.3207.250210"
+      "base_image_version": "20348.3207.250210",
+      "patches_to_apply": []
     },
     "23H2": {
       "os_disk_size": "35",
       "base_image_sku": "23h2-datacenter-core",
       "windows_image_name": "windows-23H2",
-      "base_image_version": "25398.1425.250210"
+      "base_image_version": "25398.1425.250210",
+      "patches_to_apply": []
     },
     "23H2-gen2": {
       "os_disk_size": "35",
       "base_image_sku": "23h2-datacenter-core-g2",
       "windows_image_name": "windows-23H2",
-      "base_image_version": "25398.1425.250210"
+      "base_image_version": "25398.1425.250210",
+      "patches_to_apply": []
     }
   },
   "WindowsRegistryKeys": [