From d13e0386d95def2d71f504bf9e1a81d9994b88df Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 24 Apr 2023 13:42:11 -0400 Subject: [PATCH 01/31] Add options for users to specify guardrails --- .../configs/ext_matrix_default.json | 9 +- src/aks-preview/azext_aks_preview/_consts.py | 6 + src/aks-preview/azext_aks_preview/_help.py | 30 +- src/aks-preview/azext_aks_preview/_params.py | 440 ++++++++++++------ .../azext_aks_preview/_validators.py | 59 ++- src/aks-preview/azext_aks_preview/custom.py | 62 ++- .../managed_cluster_decorator.py | 207 ++++++-- .../tests/latest/test_aks_commands.py | 44 ++ .../latest/test_managed_cluster_decorator.py | 109 +++++ .../tests/latest/test_validators.py | 172 +++++-- src/aks-preview/setup.py | 2 +- 11 files changed, 866 insertions(+), 274 deletions(-) diff --git a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json index bb9aee8777d..b5050ea6cfc 100644 --- a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json +++ b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json @@ -22,7 +22,12 @@ "test_aks_create_with_csi_driver_v2", "test_aks_create_and_update_csi_driver_to_v2", "test_aks_nodepool_abort", - "test_aks_update_outbound_from_slb_to_natgateway" + "test_aks_update_outbound_from_slb_to_natgateway", + "" + ], + "missing feature registration and no OBO support": [ + "test_aks_update_with_guardrails", + "test_aks_create_with_guardrails" ], "missing namespace registration (AME)": [ "test_aks_update_with_azuremonitormetrics" @@ -41,4 +46,4 @@ "test_aks_nodepool_add_with_gpu_instance_profile" ] } -} +} \ No newline at end of file diff --git a/src/aks-preview/azext_aks_preview/_consts.py b/src/aks-preview/azext_aks_preview/_consts.py index c69dd54aa39..52d1269182b 100644 --- a/src/aks-preview/azext_aks_preview/_consts.py +++ b/src/aks-preview/azext_aks_preview/_consts.py @@ -240,3 +240,9 @@ CONST_DEFAULT_CONFIGURATION_NAME = "default" CONST_AUTOUPGRADE_CONFIGURATION_NAME = "aksManagedAutoUpgradeSchedule" CONST_NODEOSUPGRADE_CONFIGURATION_NAME = "aksManagedNodeOSUpgradeSchedule" + + +# Guardrails Level Consts +CONST_GUARDRAILSLEVEL_OFF = "Off" +CONST_GUARDRAILSLEVEL_WARNING = "Warning" +CONST_GUARDRAILSLEVEL_ENFORCEMENT = "Enforcement" diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 70bc9a48ef7..1008495f464 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -186,7 +186,7 @@ If monitoring addon is enabled --no-wait argument will have no effect virtual-node - enable AKS Virtual Node. Requires --aci-subnet-name to provide the name of an existing subnet for the Virtual Node to use. aci-subnet-name must be in the same vnet which is specified by --vnet-subnet-id (required as well). - azure-policy - enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. + azure-policy - enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. Required if enabling Guardrails Learn more at aka.ms/aks/policy. ingress-appgw - enable Application Gateway Ingress Controller addon (PREVIEW). confcom - enable confcom addon, this will enable SGX device plugin by default(PREVIEW). @@ -515,6 +515,15 @@ - name: --node-public-ip-tags type: string short-summary: The ipTags of the node public IPs. + - name: --guardrails-level + type: string + short-summary: The Guardrails Level. Accepted Values are [Off, Warning]. Requires azure policy addon to be enabled + - name: --guardrails-version + type: string + short-summary: The version of Guardrails to use. Default "v1.0.0" Use the ListGuardrailsVersions API to discover available versions + - name: --guardrails-excluded-namespaces + type: string + short-summary: Comma-separated list of Kubernetes namespaces to exclude from Guardrails examples: - name: Create a Kubernetes cluster with an existing SSH public key. text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey @@ -580,6 +589,10 @@ text: az aks create -g MyResourceGroup -n MyManagedCluster --network-plugin none - name: Create a kubernetes cluster with Custom CA Trust enabled. text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-custom-ca-trust + - name: Create a kubernetes cluster with guardrails set to "Warning" + text: az aks create -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --enable-addons azure-policy + - name: Create a kubernetes cluster with guardrails set to "Warning" and some namespaces excluded + text: az aks create -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --guardrails-excluded-namespaces ns1,ns2 --enable-addons azure-policy """.format(sp_cache=AKS_SERVICE_PRINCIPAL_CACHE) @@ -942,6 +955,15 @@ type: string short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. + - name: --guardrails-level + type: string + short-summary: The Guardrails Level. Accepted Values are [Off, Warning]. Requires azure policy addon to be enabled + - name: --guardrails-version + type: string + short-summary: The version of Guardrails to use. Default "v1.0.0" Use the ListGuardrailsVersions API to discover available versions + - name: --guardrails-excluded-namespaces + type: string + short-summary: Comma-separated list of Kubernetes namespaces to exclude from Guardrails. Use "[]" to clear a previously non-empty list examples: - name: Reconcile the cluster back to its current state. text: az aks update -g MyResourceGroup -n MyManagedCluster @@ -1001,6 +1023,12 @@ text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-windows-gmsa --gmsa-dns-server "10.240.0.4" --gmsa-root-domain-name "contoso.com" - name: Update a existing managed cluster to a managed cluster snapshot. text: az aks update -g MyResourceGroup -n MyManagedCluster --cluster-snapshot-id "/subscriptions/00000/resourceGroups/AnotherResourceGroup/providers/Microsoft.ContainerService/managedclustersnapshots/mysnapshot1" + - name: Update a kubernetes cluster with guardrails set to "Warning" + text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --enable-addons azure-policy + - name: Update a kubernetes cluster with guardrails set to "Warning" and some namespaces excluded + text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --guardrails-excluded-namespaces ns1,ns2 --enable-addons azure-policy + - name: Update a kubernetes cluster to clear any namespaces excluded from guardrails. Assumes azure policy addon is already enabled + text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-excluded-namespaces "[]" """ helps['aks kollect'] = """ diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 594be207080..2960500ef82 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -87,6 +87,9 @@ CONST_WEEKINDEX_THIRD, CONST_WEEKINDEX_FOURTH, CONST_WEEKINDEX_LAST, + CONST_GUARDRAILSLEVEL_OFF, + CONST_GUARDRAILSLEVEL_WARNING, + CONST_GUARDRAILSLEVEL_ENFORCEMENT ) from azext_aks_preview._validators import ( validate_acr, @@ -152,12 +155,15 @@ validate_utc_offset, validate_start_date, validate_start_time, + validate_guardrails_level ) # candidates for enumeration # consts for AgentPool -node_priorities = [CONST_SCALE_SET_PRIORITY_REGULAR, CONST_SCALE_SET_PRIORITY_SPOT] -node_eviction_policies = [CONST_SPOT_EVICTION_POLICY_DELETE, CONST_SPOT_EVICTION_POLICY_DEALLOCATE] +node_priorities = [CONST_SCALE_SET_PRIORITY_REGULAR, + CONST_SCALE_SET_PRIORITY_SPOT] +node_eviction_policies = [ + CONST_SPOT_EVICTION_POLICY_DELETE, CONST_SPOT_EVICTION_POLICY_DEALLOCATE] node_os_disk_types = [CONST_OS_DISK_TYPE_MANAGED, CONST_OS_DISK_TYPE_EPHEMERAL] node_mode_types = [CONST_NODEPOOL_MODE_SYSTEM, CONST_NODEPOOL_MODE_USER] node_os_skus = [ @@ -167,8 +173,10 @@ CONST_OS_SKU_WINDOWS2019, CONST_OS_SKU_WINDOWS2022, ] -scale_down_modes = [CONST_SCALE_DOWN_MODE_DELETE, CONST_SCALE_DOWN_MODE_DEALLOCATE] -workload_runtimes = [CONST_WORKLOAD_RUNTIME_OCI_CONTAINER, CONST_WORKLOAD_RUNTIME_WASM_WASI, CONST_WORKLOAD_RUNTIME_KATA_MSHV_VM_ISOLATION] +scale_down_modes = [CONST_SCALE_DOWN_MODE_DELETE, + CONST_SCALE_DOWN_MODE_DEALLOCATE] +workload_runtimes = [CONST_WORKLOAD_RUNTIME_OCI_CONTAINER, + CONST_WORKLOAD_RUNTIME_WASM_WASI, CONST_WORKLOAD_RUNTIME_KATA_MSHV_VM_ISOLATION] gpu_instance_profiles = [ CONST_GPU_INSTANCE_PROFILE_MIG1_G, CONST_GPU_INSTANCE_PROFILE_MIG2_G, @@ -178,8 +186,10 @@ ] # consts for ManagedCluster -load_balancer_skus = [CONST_LOAD_BALANCER_SKU_BASIC, CONST_LOAD_BALANCER_SKU_STANDARD] -network_plugins = [CONST_NETWORK_PLUGIN_KUBENET, CONST_NETWORK_PLUGIN_AZURE, CONST_NETWORK_PLUGIN_NONE] +load_balancer_skus = [CONST_LOAD_BALANCER_SKU_BASIC, + CONST_LOAD_BALANCER_SKU_STANDARD] +network_plugins = [CONST_NETWORK_PLUGIN_KUBENET, + CONST_NETWORK_PLUGIN_AZURE, CONST_NETWORK_PLUGIN_NONE] network_plugin_modes = [CONST_NETWORK_PLUGIN_MODE_OVERLAY] disk_driver_versions = [CONST_DISK_DRIVER_V1, CONST_DISK_DRIVER_V2] outbound_types = [ @@ -223,9 +233,18 @@ ] # consts for credential -credential_formats = [CONST_CREDENTIAL_FORMAT_AZURE, CONST_CREDENTIAL_FORMAT_EXEC] +credential_formats = [CONST_CREDENTIAL_FORMAT_AZURE, + CONST_CREDENTIAL_FORMAT_EXEC] -keyvault_network_access_types = [CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC, CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE] +keyvault_network_access_types = [ + CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC, CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE] + +# consts for guardrails level +guardrails_levels = [ + CONST_GUARDRAILSLEVEL_OFF, + CONST_GUARDRAILSLEVEL_WARNING, + CONST_GUARDRAILSLEVEL_ENFORCEMENT +] def load_arguments(self, _): @@ -249,12 +268,15 @@ def load_arguments(self, _): c.argument('kubernetes_version', completer=get_k8s_versions_completion_list) c.argument('dns_name_prefix', options_list=['--dns-name-prefix', '-p']) - c.argument('node_osdisk_diskencryptionset_id', options_list=['--node-osdisk-diskencryptionset-id', '-d']) + c.argument('node_osdisk_diskencryptionset_id', options_list=[ + '--node-osdisk-diskencryptionset-id', '-d']) c.argument('disable_local_accounts', action='store_true') c.argument('disable_rbac', action='store_true') c.argument('edge_zone', edge_zone_type) - c.argument('admin_username', options_list=['--admin-username', '-u'], default='azureuser') - c.argument('generate_ssh_keys', action='store_true', validator=validate_create_parameters) + c.argument('admin_username', options_list=[ + '--admin-username', '-u'], default='azureuser') + c.argument('generate_ssh_keys', action='store_true', + validator=validate_create_parameters) c.argument('ssh_key_value', required=False, type=file_type, default=os.path.join('~', '.ssh', 'id_rsa.pub'), completer=FilesCompleter(), validator=validate_ssh_key) c.argument('no_ssh_key', options_list=['--no-ssh-key', '-x']) @@ -262,28 +284,41 @@ def load_arguments(self, _): c.argument('docker_bridge_address') c.argument('pod_cidrs') c.argument('service_cidrs') - c.argument('load_balancer_sku', arg_type=get_enum_type(load_balancer_skus), validator=validate_load_balancer_sku) + c.argument('load_balancer_sku', arg_type=get_enum_type( + load_balancer_skus), validator=validate_load_balancer_sku) c.argument('load_balancer_managed_outbound_ip_count', type=int) - c.argument('load_balancer_outbound_ips', validator=validate_load_balancer_outbound_ips) - c.argument('load_balancer_outbound_ip_prefixes', validator=validate_load_balancer_outbound_ip_prefixes) - c.argument('load_balancer_outbound_ports', type=int, validator=validate_load_balancer_outbound_ports) - c.argument('load_balancer_idle_timeout', type=int, validator=validate_load_balancer_idle_timeout) - c.argument('load_balancer_backend_pool_type', validator=validate_load_balancer_backend_pool_type) - c.argument('nrg_lockdown_restriction_level', arg_type=get_enum_type(nrg_lockdown_restriction_levels)) - c.argument('nat_gateway_managed_outbound_ip_count', type=int, validator=validate_nat_gateway_managed_outbound_ip_count) - c.argument('nat_gateway_idle_timeout', type=int, validator=validate_nat_gateway_idle_timeout) + c.argument('load_balancer_outbound_ips', + validator=validate_load_balancer_outbound_ips) + c.argument('load_balancer_outbound_ip_prefixes', + validator=validate_load_balancer_outbound_ip_prefixes) + c.argument('load_balancer_outbound_ports', type=int, + validator=validate_load_balancer_outbound_ports) + c.argument('load_balancer_idle_timeout', type=int, + validator=validate_load_balancer_idle_timeout) + c.argument('load_balancer_backend_pool_type', + validator=validate_load_balancer_backend_pool_type) + c.argument('nrg_lockdown_restriction_level', + arg_type=get_enum_type(nrg_lockdown_restriction_levels)) + c.argument('nat_gateway_managed_outbound_ip_count', type=int, + validator=validate_nat_gateway_managed_outbound_ip_count) + c.argument('nat_gateway_idle_timeout', type=int, + validator=validate_nat_gateway_idle_timeout) c.argument('outbound_type', arg_type=get_enum_type(outbound_types)) c.argument('network_plugin', arg_type=get_enum_type(network_plugins)) - c.argument('network_plugin_mode', arg_type=get_enum_type(network_plugin_modes)) + c.argument('network_plugin_mode', + arg_type=get_enum_type(network_plugin_modes)) c.argument('network_policy') c.argument('kube_proxy_config') - c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels)) - c.argument('node_os_upgrade_channel', arg_type=get_enum_type(node_os_upgrade_channels)) + c.argument('auto_upgrade_channel', + arg_type=get_enum_type(auto_upgrade_channels)) + c.argument('node_os_upgrade_channel', + arg_type=get_enum_type(node_os_upgrade_channels)) c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"], help="Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.") c.argument('uptime_sla', action='store_true') c.argument('fqdn_subdomain') - c.argument('api_server_authorized_ip_ranges', validator=validate_ip_ranges) + c.argument('api_server_authorized_ip_ranges', + validator=validate_ip_ranges) c.argument('enable_private_cluster', action='store_true') c.argument('private_dns_zone') c.argument('disable_public_fqdn', action='store_true') @@ -291,12 +326,16 @@ def load_arguments(self, _): c.argument('client_secret') c.argument('enable_managed_identity', action='store_true') c.argument('assign_identity', validator=validate_assign_identity) - c.argument('assign_kubelet_identity', validator=validate_assign_kubelet_identity) + c.argument('assign_kubelet_identity', + validator=validate_assign_kubelet_identity) c.argument('enable_aad', action='store_true') c.argument('enable_azure_rbac', action='store_true') - c.argument('aad_client_app_id', deprecate_info=c.deprecate(target='--aad-client-app-id', hide=True)) - c.argument('aad_server_app_id', deprecate_info=c.deprecate(target='--aad-server-app-id', hide=True)) - c.argument('aad_server_app_secret', deprecate_info=c.deprecate(target='--aad-server-app-secret', hide=True)) + c.argument('aad_client_app_id', deprecate_info=c.deprecate( + target='--aad-client-app-id', hide=True)) + c.argument('aad_server_app_id', deprecate_info=c.deprecate( + target='--aad-server-app-id', hide=True)) + c.argument('aad_server_app_secret', deprecate_info=c.deprecate( + target='--aad-server-app-secret', hide=True)) c.argument('aad_tenant_id') c.argument('aad_admin_group_object_ids') c.argument('enable_oidc_issuer', action='store_true') @@ -310,22 +349,30 @@ def load_arguments(self, _): c.argument('skip_subnet_role_assignment', action='store_true') c.argument('node_resource_group') c.argument('enable_defender', action='store_true') - c.argument('defender_config', validator=validate_defender_config_parameter) - c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) + c.argument('defender_config', + validator=validate_defender_config_parameter) + c.argument('disk_driver_version', + arg_type=get_enum_type(disk_driver_versions)) c.argument('disable_disk_driver', action='store_true') c.argument('disable_file_driver', action='store_true') c.argument('enable_blob_driver', action='store_true') c.argument('disable_snapshot_controller', action='store_true') c.argument('enable_azure_keyvault_kms', action='store_true') - c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id) - c.argument('azure_keyvault_kms_key_vault_network_access', arg_type=get_enum_type(keyvault_network_access_types), default=CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC) - c.argument('azure_keyvault_kms_key_vault_resource_id', validator=validate_azure_keyvault_kms_key_vault_resource_id) + c.argument('azure_keyvault_kms_key_id', + validator=validate_azure_keyvault_kms_key_id) + c.argument('azure_keyvault_kms_key_vault_network_access', arg_type=get_enum_type( + keyvault_network_access_types), default=CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC) + c.argument('azure_keyvault_kms_key_vault_resource_id', + validator=validate_azure_keyvault_kms_key_vault_resource_id) c.argument('http_proxy_config') # addons - c.argument('enable_addons', options_list=['--enable-addons', '-a'], validator=validate_addons) + c.argument('enable_addons', options_list=[ + '--enable-addons', '-a'], validator=validate_addons) c.argument('workspace_resource_id') - c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_msi_auth_for_monitoring', + arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', + arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('aci_subnet_name') c.argument('appgw_name', arg_group='Application Gateway') @@ -339,7 +386,8 @@ def load_arguments(self, _): # nodepool paramerters c.argument('nodepool_name', default='nodepool1', help='Node pool name, upto 12 alphanumeric characters', validator=validate_nodepool_name) - c.argument('node_vm_size', options_list=['--node-vm-size', '-s'], completer=get_vm_size_completion_list) + c.argument('node_vm_size', options_list=[ + '--node-vm-size', '-s'], completer=get_vm_size_completion_list) c.argument('os_sku', arg_type=get_enum_type(node_os_skus)) c.argument('snapshot_id', validator=validate_snapshot_id) c.argument('vnet_subnet_id', validator=validate_vnet_subnet_id) @@ -353,12 +401,15 @@ def load_arguments(self, _): help='space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.') c.argument('nodepool_labels', nargs='*', validator=validate_nodepool_labels, help='space-separated labels: key[=value] [key[=value] ...]. See https://aka.ms/node-labels for syntax of labels.') - c.argument('node_osdisk_type', arg_type=get_enum_type(node_os_disk_types)) + c.argument('node_osdisk_type', + arg_type=get_enum_type(node_os_disk_types)) c.argument('node_osdisk_size', type=int) c.argument('max_pods', type=int, options_list=['--max-pods', '-m']) c.argument('vm_set_type', validator=validate_vm_set_type) - c.argument('enable_vmss', action='store_true', help='To be deprecated. Use vm_set_type instead.', deprecate_info=c.deprecate(redirect='--vm-set-type', hide=True)) - c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') + c.argument('enable_vmss', action='store_true', help='To be deprecated. Use vm_set_type instead.', + deprecate_info=c.deprecate(redirect='--vm-set-type', hide=True)) + c.argument('zones', zones_type, options_list=[ + '--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') c.argument('ppg') c.argument('enable_encryption_at_host', action='store_true') c.argument('enable_ultra_ssd', action='store_true') @@ -366,9 +417,11 @@ def load_arguments(self, _): c.argument('kubelet_config') c.argument('linux_os_config') c.argument('host_group_id', validator=validate_host_group_id) - c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) + c.argument('gpu_instance_profile', + arg_type=get_enum_type(gpu_instance_profiles)) # misc - c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=[ + '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') # extensions # managed cluster @@ -376,59 +429,90 @@ def load_arguments(self, _): c.argument('pod_cidrs') c.argument('service_cidrs') c.argument('load_balancer_managed_outbound_ipv6_count', type=int) - c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate(target='--enable-pod-security-policy', hide=True)) + c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate( + target='--enable-pod-security-policy', hide=True)) c.argument('enable_pod_identity', action='store_true') c.argument('enable_pod_identity_with_kubenet', action='store_true') - c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_image_cleaner', action='store_true', is_preview=True) + c.argument('enable_workload_identity', + arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_image_cleaner', + action='store_true', is_preview=True) c.argument('image_cleaner_interval_hours', type=int, is_preview=True) - c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) - c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) + c.argument('cluster_snapshot_id', + validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('enable_apiserver_vnet_integration', + action='store_true', is_preview=True) + c.argument('apiserver_subnet_id', + validator=validate_apiserver_subnet_id, is_preview=True) c.argument('dns_zone_resource_id') c.argument('enable_keda', action='store_true', is_preview=True) - c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") - c.argument('enable_node_restriction', action='store_true', is_preview=True, help="enable node restriction for cluster") - c.argument('enable_cilium_dataplane', action='store_true', is_preview=True) - c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], is_preview=True, help="path to file containing list of new line separated CAs") + c.argument('enable_vpa', action='store_true', is_preview=True, + help="enable vertical pod autoscaler for cluster") + c.argument('enable_node_restriction', action='store_true', + is_preview=True, help="enable node restriction for cluster") + c.argument('enable_cilium_dataplane', + action='store_true', is_preview=True) + c.argument('custom_ca_trust_certificates', options_list=[ + "--custom-ca-trust-certificates", "--ca-certs"], is_preview=True, help="path to file containing list of new line separated CAs") # nodepool c.argument('crg_id', validator=validate_crg_id, is_preview=True) # no validation for aks create because it already only supports Linux. c.argument('message_of_the_day') - c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) + c.argument('workload_runtime', arg_type=get_enum_type( + workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') - c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True, help="allowed host ports for agentpool") - c.argument('nodepool_asg_ids', validator=validate_application_security_groups, is_preview=True, help="application security groups for agentpool") + c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, + is_preview=True, help="allowed host ports for agentpool") + c.argument('nodepool_asg_ids', validator=validate_application_security_groups, + is_preview=True, help="application security groups for agentpool") c.argument('node_public_ip_tags', arg_type=tags_type, validator=validate_node_public_ip_tags, help='space-separated tags: key[=value] [key[=value] ...].') + c.argument('guardrails_level', validator=validate_guardrails_level, arg_type=get_enum_type(guardrails_levels), + help='The guardrails level, one of ["Off", "Warning", "Enforcement"]') + c.argument('guardrails_version', type=str, + help='The guardrails version') + c.argument('guardrails_excluded_namespaces', type=str, + help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list') with self.argument_context('aks update') as c: # managed cluster paramerters c.argument('disable_local_accounts', action='store_true') c.argument('enable_local_accounts', action='store_true') c.argument('load_balancer_managed_outbound_ip_count', type=int) - c.argument('load_balancer_outbound_ips', validator=validate_load_balancer_outbound_ips) - c.argument('load_balancer_outbound_ip_prefixes', validator=validate_load_balancer_outbound_ip_prefixes) - c.argument('load_balancer_outbound_ports', type=int, validator=validate_load_balancer_outbound_ports) - c.argument('load_balancer_idle_timeout', type=int, validator=validate_load_balancer_idle_timeout) - c.argument('load_balancer_backend_pool_type', validator=validate_load_balancer_backend_pool_type) - c.argument('nrg_lockdown_restriction_level', arg_type=get_enum_type(nrg_lockdown_restriction_levels)) - c.argument('nat_gateway_managed_outbound_ip_count', type=int, validator=validate_nat_gateway_managed_outbound_ip_count) - c.argument('nat_gateway_idle_timeout', type=int, validator=validate_nat_gateway_idle_timeout) + c.argument('load_balancer_outbound_ips', + validator=validate_load_balancer_outbound_ips) + c.argument('load_balancer_outbound_ip_prefixes', + validator=validate_load_balancer_outbound_ip_prefixes) + c.argument('load_balancer_outbound_ports', type=int, + validator=validate_load_balancer_outbound_ports) + c.argument('load_balancer_idle_timeout', type=int, + validator=validate_load_balancer_idle_timeout) + c.argument('load_balancer_backend_pool_type', + validator=validate_load_balancer_backend_pool_type) + c.argument('nrg_lockdown_restriction_level', + arg_type=get_enum_type(nrg_lockdown_restriction_levels)) + c.argument('nat_gateway_managed_outbound_ip_count', type=int, + validator=validate_nat_gateway_managed_outbound_ip_count) + c.argument('nat_gateway_idle_timeout', type=int, + validator=validate_nat_gateway_idle_timeout) c.argument('kube_proxy_config') - c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels)) - c.argument('node_os_upgrade_channel', arg_type=get_enum_type(node_os_upgrade_channels)) + c.argument('auto_upgrade_channel', + arg_type=get_enum_type(auto_upgrade_channels)) + c.argument('node_os_upgrade_channel', + arg_type=get_enum_type(node_os_upgrade_channels)) c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"], help="Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.") c.argument('uptime_sla', action='store_true') c.argument('no_uptime_sla', action='store_true') - c.argument('api_server_authorized_ip_ranges', validator=validate_ip_ranges) + c.argument('api_server_authorized_ip_ranges', + validator=validate_ip_ranges) c.argument('enable_public_fqdn', action='store_true') c.argument('disable_public_fqdn', action='store_true') c.argument('enable_managed_identity', action='store_true') c.argument('assign_identity', validator=validate_assign_identity) - c.argument('assign_kubelet_identity', validator=validate_assign_kubelet_identity) + c.argument('assign_kubelet_identity', + validator=validate_assign_kubelet_identity) c.argument('enable_aad', action='store_true') c.argument('enable_azure_rbac', action='store_true') c.argument('disable_azure_rbac', action='store_true') @@ -443,11 +527,14 @@ def load_arguments(self, _): c.argument('gmsa_root_domain_name') c.argument('attach_acr', acr_arg_type, validator=validate_acr) c.argument('detach_acr', acr_arg_type, validator=validate_acr) - c.argument('disable_defender', action='store_true', validator=validate_defender_disable_and_enable_parameters) + c.argument('disable_defender', action='store_true', + validator=validate_defender_disable_and_enable_parameters) c.argument('enable_defender', action='store_true') - c.argument('defender_config', validator=validate_defender_config_parameter) + c.argument('defender_config', + validator=validate_defender_config_parameter) c.argument('enable_disk_driver', action='store_true') - c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) + c.argument('disk_driver_version', + arg_type=get_enum_type(disk_driver_versions)) c.argument('disable_disk_driver', action='store_true') c.argument('enable_file_driver', action='store_true') c.argument('disable_file_driver', action='store_true') @@ -457,9 +544,12 @@ def load_arguments(self, _): c.argument('disable_snapshot_controller', action='store_true') c.argument('enable_azure_keyvault_kms', action='store_true') c.argument('disable_azure_keyvault_kms', action='store_true') - c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id) - c.argument('azure_keyvault_kms_key_vault_network_access', arg_type=get_enum_type(keyvault_network_access_types)) - c.argument('azure_keyvault_kms_key_vault_resource_id', validator=validate_azure_keyvault_kms_key_vault_resource_id) + c.argument('azure_keyvault_kms_key_id', + validator=validate_azure_keyvault_kms_key_id) + c.argument('azure_keyvault_kms_key_vault_network_access', + arg_type=get_enum_type(keyvault_network_access_types)) + c.argument('azure_keyvault_kms_key_vault_resource_id', + validator=validate_azure_keyvault_kms_key_vault_resource_id) c.argument('http_proxy_config') # addons c.argument('enable_secret_rotation', action='store_true') @@ -477,61 +567,98 @@ def load_arguments(self, _): c.argument('nodepool_labels', nargs='*', validator=validate_nodepool_labels, help='space-separated labels: key[=value] [key[=value] ...]. See https://aka.ms/node-labels for syntax of labels.') # misc - c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=[ + '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') # extensions # managed cluster - c.argument('ssh_key_value', type=file_type, completer=FilesCompleter(), validator=validate_ssh_key_for_update) + c.argument('ssh_key_value', type=file_type, completer=FilesCompleter( + ), validator=validate_ssh_key_for_update) c.argument('load_balancer_managed_outbound_ipv6_count', type=int) c.argument('outbound_type', arg_type=get_enum_type(outbound_types)) - c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate(target='--enable-pod-security-policy', hide=True)) - c.argument('disable_pod_security_policy', action='store_true', is_preview=True) + c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate( + target='--enable-pod-security-policy', hide=True)) + c.argument('disable_pod_security_policy', + action='store_true', is_preview=True) c.argument('enable_pod_identity', action='store_true') c.argument('enable_pod_identity_with_kubenet', action='store_true') c.argument('disable_pod_identity', action='store_true') - c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_image_cleaner', action='store_true', is_preview=True) - c.argument('disable_image_cleaner', action='store_true', validator=validate_image_cleaner_enable_disable_mutually_exclusive, is_preview=True) + c.argument('enable_workload_identity', + arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_image_cleaner', + action='store_true', is_preview=True) + c.argument('disable_image_cleaner', action='store_true', + validator=validate_image_cleaner_enable_disable_mutually_exclusive, is_preview=True) c.argument('image_cleaner_interval_hours', type=int, is_preview=True) - c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) - c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) + c.argument('enable_apiserver_vnet_integration', + action='store_true', is_preview=True) + c.argument('apiserver_subnet_id', + validator=validate_apiserver_subnet_id, is_preview=True) c.argument('enable_keda', action='store_true', is_preview=True) c.argument('disable_keda', action='store_true', is_preview=True) - c.argument('enable_node_restriction', action='store_true', is_preview=True, help="enable node restriction for cluster") - c.argument('disable_node_restriction', action='store_true', is_preview=True, help="disable node restriction for cluster") - c.argument('enable_private_cluster', action='store_true', is_preview=True, help='enable private cluster for apiserver vnet integration') - c.argument('disable_private_cluster', action='store_true', is_preview=True, help='disable private cluster for apiserver vnet integration') + c.argument('enable_node_restriction', action='store_true', + is_preview=True, help="enable node restriction for cluster") + c.argument('disable_node_restriction', action='store_true', + is_preview=True, help="disable node restriction for cluster") + c.argument('enable_private_cluster', action='store_true', is_preview=True, + help='enable private cluster for apiserver vnet integration') + c.argument('disable_private_cluster', action='store_true', is_preview=True, + help='disable private cluster for apiserver vnet integration') c.argument('private_dns_zone', is_preview=True) - c.argument('enable_azuremonitormetrics', action='store_true', is_preview=True) - c.argument('azure_monitor_workspace_resource_id', validator=validate_azuremonitorworkspaceresourceid, is_preview=True) - c.argument('ksm_metric_labels_allow_list', validator=validate_ksm_labels, is_preview=True) - c.argument('ksm_metric_annotations_allow_list', validator=validate_ksm_annotations, is_preview=True) - c.argument('grafana_resource_id', validator=validate_grafanaresourceid, is_preview=True) - c.argument('disable_azuremonitormetrics', action='store_true', is_preview=True) - c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") - c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") - c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True, help="path to file containing list of new line separated CAs") + c.argument('enable_azuremonitormetrics', + action='store_true', is_preview=True) + c.argument('azure_monitor_workspace_resource_id', + validator=validate_azuremonitorworkspaceresourceid, is_preview=True) + c.argument('ksm_metric_labels_allow_list', + validator=validate_ksm_labels, is_preview=True) + c.argument('ksm_metric_annotations_allow_list', + validator=validate_ksm_annotations, is_preview=True) + c.argument('grafana_resource_id', + validator=validate_grafanaresourceid, is_preview=True) + c.argument('disable_azuremonitormetrics', + action='store_true', is_preview=True) + c.argument('enable_vpa', action='store_true', is_preview=True, + help="enable vertical pod autoscaler for cluster") + c.argument('disable_vpa', action='store_true', is_preview=True, + help="disable vertical pod autoscaler for cluster") + c.argument('cluster_snapshot_id', + validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], + validator=validate_custom_ca_trust_certificates, is_preview=True, help="path to file containing list of new line separated CAs") + c.argument('guardrails_level', validator=validate_guardrails_level, arg_type=get_enum_type(guardrails_levels), + help='The guardrails level, one of ["Off", "Warning", "Enforcement"]') + c.argument('guardrails_version', type=str, + help='The guardrails version') + c.argument('guardrails_excluded_namespaces', type=str, + help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list') with self.argument_context('aks upgrade') as c: - c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) - c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('kubernetes_version', + completer=get_k8s_upgrades_completion_list) + c.argument('cluster_snapshot_id', + validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('yes', options_list=[ + '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('aks scale') as c: - c.argument('nodepool_name', help='Node pool name, upto 12 alphanumeric characters', validator=validate_nodepool_name) + c.argument('nodepool_name', help='Node pool name, upto 12 alphanumeric characters', + validator=validate_nodepool_name) with self.argument_context('aks nodepool') as c: c.argument('cluster_name', help='The cluster name.') - c.argument('nodepool_name', options_list=['--nodepool-name', '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') + c.argument('nodepool_name', options_list=[ + '--nodepool-name', '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') with self.argument_context('aks nodepool wait') as c: - c.argument('resource_name', options_list=['--cluster-name'], help='The cluster name.') + c.argument('resource_name', options_list=[ + '--cluster-name'], help='The cluster name.') # the option name '--agent-pool-name' is depracated, left for compatibility only - c.argument('agent_pool_name', options_list=['--nodepool-name', '--name', '-n', c.deprecate(target='--agent-pool-name', redirect='--nodepool-name', hide=True)], validator=validate_agent_pool_name, help='The node pool name.') + c.argument('agent_pool_name', options_list=['--nodepool-name', '--name', '-n', c.deprecate( + target='--agent-pool-name', redirect='--nodepool-name', hide=True)], validator=validate_agent_pool_name, help='The node pool name.') with self.argument_context('aks nodepool add') as c: - c.argument('node_vm_size', options_list=['--node-vm-size', '-s'], completer=get_vm_size_completion_list) + c.argument('node_vm_size', options_list=[ + '--node-vm-size', '-s'], completer=get_vm_size_completion_list) c.argument('os_type') c.argument('os_sku', arg_type=get_enum_type(node_os_skus)) c.argument('snapshot_id', validator=validate_snapshot_id) @@ -539,22 +666,28 @@ def load_arguments(self, _): c.argument('pod_subnet_id', validator=validate_pod_subnet_id) c.argument('enable_node_public_ip', action='store_true') c.argument('node_public_ip_prefix_id') - c.argument('enable_cluster_autoscaler', options_list=["--enable-cluster-autoscaler", "-e"], action='store_true') + c.argument('enable_cluster_autoscaler', options_list=[ + "--enable-cluster-autoscaler", "-e"], action='store_true') c.argument('min_count', type=int, validator=validate_nodes_count) c.argument('max_count', type=int, validator=validate_nodes_count) - c.argument('priority', arg_type=get_enum_type(node_priorities), validator=validate_priority) - c.argument('eviction_policy', arg_type=get_enum_type(node_eviction_policies), validator=validate_eviction_policy) - c.argument('spot_max_price', type=float, validator=validate_spot_max_price) + c.argument('priority', arg_type=get_enum_type( + node_priorities), validator=validate_priority) + c.argument('eviction_policy', arg_type=get_enum_type( + node_eviction_policies), validator=validate_eviction_policy) + c.argument('spot_max_price', type=float, + validator=validate_spot_max_price) c.argument('labels', nargs='*', validator=validate_nodepool_labels) c.argument('tags', tags_type) c.argument('node_taints', validator=validate_taints) - c.argument('node_osdisk_type', arg_type=get_enum_type(node_os_disk_types)) + c.argument('node_osdisk_type', + arg_type=get_enum_type(node_os_disk_types)) c.argument('node_osdisk_size', type=int) c.argument('max_surge', validator=validate_max_surge) c.argument('mode', arg_type=get_enum_type(node_mode_types)) c.argument('scale_down_mode', arg_type=get_enum_type(scale_down_modes)) c.argument('max_pods', type=int, options_list=['--max-pods', '-m']) - c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') + c.argument('zones', zones_type, options_list=[ + '--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') c.argument('ppg') c.argument('enable_encryption_at_host', action='store_true') c.argument('enable_ultra_ssd', action='store_true') @@ -562,17 +695,23 @@ def load_arguments(self, _): c.argument('kubelet_config') c.argument('linux_os_config') c.argument('host_group_id', validator=validate_host_group_id) - c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) + c.argument('gpu_instance_profile', + arg_type=get_enum_type(gpu_instance_profiles)) # misc c.argument('aks_custom_headers') # extensions c.argument('crg_id', validator=validate_crg_id, is_preview=True) c.argument('message_of_the_day', validator=validate_message_of_the_day) - c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) - c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust) - c.argument('disable_windows_outbound_nat', action='store_true', validator=validate_disable_windows_outbound_nat) - c.argument('allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True) - c.argument('asg_ids', validator=validate_application_security_groups, is_preview=True) + c.argument('workload_runtime', arg_type=get_enum_type( + workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) + c.argument('enable_custom_ca_trust', action='store_true', + validator=validate_enable_custom_ca_trust) + c.argument('disable_windows_outbound_nat', action='store_true', + validator=validate_disable_windows_outbound_nat) + c.argument('allowed_host_ports', + validator=validate_allowed_host_ports, is_preview=True) + c.argument( + 'asg_ids', validator=validate_application_security_groups, is_preview=True) c.argument('node_public_ip_tags', arg_type=tags_type, validator=validate_node_public_ip_tags, help='space-separated tags: key[=value] [key[=value] ...].') @@ -592,15 +731,20 @@ def load_arguments(self, _): c.argument('mode', arg_type=get_enum_type(node_mode_types)) c.argument('scale_down_mode', arg_type=get_enum_type(scale_down_modes)) # extensions - c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust) - c.argument('disable_custom_ca_trust', options_list=['--disable-custom-ca-trust', '--dcat'], action='store_true') - c.argument('allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True) - c.argument('asg_ids', validator=validate_application_security_groups, is_preview=True) + c.argument('enable_custom_ca_trust', action='store_true', + validator=validate_enable_custom_ca_trust) + c.argument('disable_custom_ca_trust', options_list=[ + '--disable-custom-ca-trust', '--dcat'], action='store_true') + c.argument('allowed_host_ports', + validator=validate_allowed_host_ports, is_preview=True) + c.argument( + 'asg_ids', validator=validate_application_security_groups, is_preview=True) with self.argument_context('aks nodepool upgrade') as c: c.argument('max_surge', validator=validate_max_surge) c.argument('snapshot_id', validator=validate_snapshot_id) - c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=[ + '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') with self.argument_context('aks nodepool delete') as c: @@ -616,15 +760,22 @@ def load_arguments(self, _): c.argument('config_name', options_list=[ '--name', '-n'], help='The config name.') c.argument('config_file', help='The config json file.') - c.argument('weekday', help='Weekday on which maintenance can happen. e.g. Monday') - c.argument('start_hour', type=int, help='Maintenance start hour of 1 hour window on the weekday. e.g. 1 means 1:00am - 2:00am') + c.argument( + 'weekday', help='Weekday on which maintenance can happen. e.g. Monday') + c.argument('start_hour', type=int, + help='Maintenance start hour of 1 hour window on the weekday. e.g. 1 means 1:00am - 2:00am') c.argument('schedule_type', arg_type=get_enum_type(schedule_types), help='Schedule type for non-default maintenance configuration.') - c.argument('interval_days', type=int, help='The number of days between each set of occurrences for Daily schedule.') - c.argument('interval_weeks', type=int, help='The number of weeks between each set of occurrences for Weekly schedule.') - c.argument('interval_months', type=int, help='The number of months between each set of occurrences for AbsoluteMonthly or RelativeMonthly schedule.') - c.argument('day_of_week', help='Specify on which day of the week the maintenance occurs for Weekly or RelativeMonthly schedule.') - c.argument('day_of_month', help='Specify on which date of the month the maintenance occurs for AbsoluteMonthly schedule.') + c.argument('interval_days', type=int, + help='The number of days between each set of occurrences for Daily schedule.') + c.argument('interval_weeks', type=int, + help='The number of weeks between each set of occurrences for Weekly schedule.') + c.argument('interval_months', type=int, + help='The number of months between each set of occurrences for AbsoluteMonthly or RelativeMonthly schedule.') + c.argument( + 'day_of_week', help='Specify on which day of the week the maintenance occurs for Weekly or RelativeMonthly schedule.') + c.argument( + 'day_of_month', help='Specify on which date of the month the maintenance occurs for AbsoluteMonthly schedule.') c.argument('week_index', arg_type=get_enum_type(week_indexes), help='Specify on which instance of the weekday specified in --day-of-week the maintenance occurs for RelativeMonthly schedule.') c.argument('duration_hours', options_list=['--duration'], type=int, @@ -668,7 +819,8 @@ def load_arguments(self, _): c.argument('workspace_resource_id') c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', + arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('dns-zone-resource-id') @@ -699,20 +851,24 @@ def load_arguments(self, _): c.argument('workspace_resource_id') c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', + arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('dns-zone-resource-id') with self.argument_context('aks disable-addons') as c: - c.argument('addons', options_list=['--addons', '-a'], validator=validate_addons) + c.argument('addons', options_list=[ + '--addons', '-a'], validator=validate_addons) with self.argument_context('aks enable-addons') as c: - c.argument('addons', options_list=['--addons', '-a'], validator=validate_addons) + c.argument('addons', options_list=[ + '--addons', '-a'], validator=validate_addons) c.argument('subnet_name', options_list=['--subnet-name', '-s']) c.argument('enable_sgxquotehelper', action='store_true') c.argument('osm_mesh_name') c.argument('appgw_name', arg_group='Application Gateway') - c.argument('appgw_subnet_prefix', arg_group='Application Gateway', deprecate_info=c.deprecate(redirect='--appgw-subnet-cidr', hide=True)) + c.argument('appgw_subnet_prefix', arg_group='Application Gateway', + deprecate_info=c.deprecate(redirect='--appgw-subnet-cidr', hide=True)) c.argument('appgw_subnet_cidr', arg_group='Application Gateway') c.argument('appgw_id', arg_group='Application Gateway') c.argument('appgw_subnet_id', arg_group='Application Gateway') @@ -720,8 +876,10 @@ def load_arguments(self, _): c.argument('enable_secret_rotation', action='store_true') c.argument('rotation_poll_interval') c.argument('workspace_resource_id') - c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_msi_auth_for_monitoring', + arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', + arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('dns-zone-resource-id') @@ -734,7 +892,8 @@ def load_arguments(self, _): c.argument('path', options_list=['--file', '-f'], type=file_type, completer=FilesCompleter(), default=os.path.join(os.path.expanduser('~'), '.kube', 'config')) c.argument('public_fqdn', default=False, action='store_true') - c.argument('credential_format', options_list=['--format'], arg_type=get_enum_type(credential_formats)) + c.argument('credential_format', options_list=[ + '--format'], arg_type=get_enum_type(credential_formats)) with self.argument_context('aks pod-identity') as c: c.argument('cluster_name', help='The cluster name.') @@ -829,11 +988,14 @@ def load_arguments(self, _): '--name', '-n'], required=True, help='The role binding name.') with self.argument_context('aks trustedaccess rolebinding create') as c: - c.argument('roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...') - c.argument('source_resource_id', options_list=['--source-resource-id', '-s'], help='The source resource id of the binding') + c.argument( + 'roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...') + c.argument('source_resource_id', options_list=[ + '--source-resource-id', '-s'], help='The source resource id of the binding') with self.argument_context('aks trustedaccess rolebinding update') as c: - c.argument('roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...') + c.argument( + 'roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...') def _get_default_install_location(exe_name): diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index c44538a2db1..661e793262f 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -78,7 +78,8 @@ def validate_ssh_key_for_update(namespace): with open(string_or_file, 'r') as f: content = f.read() elif not keys.is_valid_ssh_rsa_public_key(content): - raise InvalidArgumentValueError('An RSA key file or key value must be supplied to SSH Key Value') + raise InvalidArgumentValueError( + 'An RSA key file or key value must be supplied to SSH Key Value') namespace.ssh_key_value = content @@ -165,9 +166,11 @@ def _validate_nodepool_name(nodepool_name): """Validates a nodepool name to be at most 12 characters, alphanumeric only.""" if nodepool_name != "": if len(nodepool_name) > 12: - raise InvalidArgumentValueError('--nodepool-name can contain at most 12 characters') + raise InvalidArgumentValueError( + '--nodepool-name can contain at most 12 characters') if not nodepool_name.isalnum(): - raise InvalidArgumentValueError('--nodepool-name should contain only alphanumeric characters') + raise InvalidArgumentValueError( + '--nodepool-name should contain only alphanumeric characters') def validate_nodepool_name(namespace): @@ -646,7 +649,8 @@ def validate_azure_keyvault_kms_key_vault_resource_id(namespace): return from msrestazure.tools import is_valid_resource_id if not is_valid_resource_id(key_vault_resource_id): - raise InvalidArgumentValueError("--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.") + raise InvalidArgumentValueError( + "--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.") def validate_image_cleaner_enable_disable_mutually_exclusive(namespace): @@ -690,7 +694,8 @@ def validate_defender_config_parameter(namespace): def validate_defender_disable_and_enable_parameters(namespace): if namespace.disable_defender and namespace.enable_defender: - raise ArgumentUsageError('Providing both --disable-defender and --enable-defender flags is invalid') + raise ArgumentUsageError( + 'Providing both --disable-defender and --enable-defender flags is invalid') def sanitize_resource_id(resource_id): @@ -708,7 +713,8 @@ def validate_azuremonitorworkspaceresourceid(namespace): return resource_id = sanitize_resource_id(resource_id) if (bool(re.match(r'/subscriptions/.*/resourcegroups/.*/providers/microsoft.monitor/accounts/.*', resource_id))) is False: - raise ArgumentUsageError("--azure-monitor-workspace-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.monitor/accounts/`") + raise ArgumentUsageError( + "--azure-monitor-workspace-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.monitor/accounts/`") def validate_grafanaresourceid(namespace): @@ -717,7 +723,8 @@ def validate_grafanaresourceid(namespace): return resource_id = sanitize_resource_id(resource_id) if (bool(re.match(r'/subscriptions/.*/resourcegroups/.*/providers/microsoft.dashboard/grafana/.*', resource_id))) is False: - raise ArgumentUsageError("--grafana-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.dashboard/grafana/`") + raise ArgumentUsageError( + "--grafana-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.dashboard/grafana/`") def validate_ksm_parameter(ksmparam): @@ -738,31 +745,36 @@ def validate_ksm_parameter(ksmparam): previous = v if v == "=": if previous == ord(",") or next != ord("["): - raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") + raise InvalidArgumentValueError( + "Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") name = ksmparam[firstWordPos:i] labelValueMap[name] = [] firstWordPos = i + 1 elif v == "[": if previous != ord("="): - raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") + raise InvalidArgumentValueError( + "Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") firstWordPos = i + 1 elif v == "]": # if after metric group, has char not comma or end. if next != EOF and next != ord(","): - raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") + raise InvalidArgumentValueError( + "Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") if previous != ord("["): labelValueMap[name].append(ksmparam[firstWordPos:i]) firstWordPos = i + 1 elif v == ",": # if starts or ends with comma if previous == v or next == EOF or next == ord("]"): - raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") + raise InvalidArgumentValueError( + "Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") if previous != ord("]"): labelValueMap[name].append(ksmparam[firstWordPos:i]) firstWordPos = i + 1 for label in labelValueMap: if (bool(re.match(r'^[a-zA-Z_][A-Za-z0-9_]+$', label))) is False: - raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") + raise InvalidArgumentValueError( + "Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"") def validate_ksm_labels(namespace): @@ -806,7 +818,8 @@ def validate_application_security_groups(namespace): from msrestazure.tools import is_valid_resource_id for asg in asg_ids.split(","): if not is_valid_resource_id(asg): - raise InvalidArgumentValueError(asg + " is not a valid Azure resource ID.") + raise InvalidArgumentValueError( + asg + " is not a valid Azure resource ID.") def validate_utc_offset(namespace): @@ -816,7 +829,8 @@ def validate_utc_offset(namespace): utc_offset_regex = re.compile(r'^[+-]\d{2}:\d{2}$') found = utc_offset_regex.findall(namespace.utc_offset) if not found: - raise InvalidArgumentValueError('--utc-offset must be in format: "+/-HH:mm". For example, "+05:30" and "-12:00".') + raise InvalidArgumentValueError( + '--utc-offset must be in format: "+/-HH:mm". For example, "+05:30" and "-12:00".') def validate_start_date(namespace): @@ -826,7 +840,8 @@ def validate_start_date(namespace): start_dt_regex = re.compile(r'^\d{4}-\d{2}-\d{2}$') found = start_dt_regex.findall(namespace.start_date) if not found: - raise InvalidArgumentValueError('--start-date must be in format: "yyyy-MM-dd". For example, "2023-01-01".') + raise InvalidArgumentValueError( + '--start-date must be in format: "yyyy-MM-dd". For example, "2023-01-01".') def validate_start_time(namespace): @@ -836,4 +851,16 @@ def validate_start_time(namespace): start_time_regex = re.compile(r'^\d{2}:\d{2}$') found = start_time_regex.findall(namespace.start_time) if not found: - raise InvalidArgumentValueError('--start-time must be in format "HH:mm". For example, "09:30" and "17:00".') + raise InvalidArgumentValueError( + '--start-time must be in format "HH:mm". For example, "09:30" and "17:00".') + + +def validate_guardrails_level(guardrails_level: str): + """Validates --guardrails-level for aks guardrailsProfile updates""" + if guardrails_level is None: + return + # Allowed 3 values: Off, Warning, Enforcement + + if guardrails_level not in ["Off", "Warning", "Enforcement"]: + raise InvalidArgumentValueError( + '--guardrails-level must be in these values: ["Off", "Warning", "Enforcement"].') diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index e0b3d81f171..14ac3fc9a72 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -716,6 +716,10 @@ def aks_create( nodepool_allowed_host_ports=None, nodepool_asg_ids=None, node_public_ip_tags=None, + # guardrails parameters + guardrails_level=None, + guardrails_version=None, + guardrails_excluded_namespaces=None, ): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() @@ -850,6 +854,10 @@ def aks_update( disable_vpa=False, cluster_snapshot_id=None, custom_ca_trust_certificates=None, + # guardrails parameters + guardrails_level=None, + guardrails_version=None, + guardrails_excluded_namespaces=None, ): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() @@ -934,7 +942,8 @@ def aks_get_credentials(cmd, # pylint: disable=unused-argument if credential_format: credential_format = credential_format.lower() if admin: - raise InvalidArgumentValueError("--format can only be specified when requesting clusterUser credential.") + raise InvalidArgumentValueError( + "--format can only be specified when requesting clusterUser credential.") if admin: credentialResults = client.list_cluster_admin_credentials( resource_group_name, name, serverType) @@ -1041,7 +1050,8 @@ def aks_upgrade(cmd, # pylint: disable=unused-argument, too-many-return-state instance.creation_data = CreationData( source_resource_id=cluster_snapshot_id ) - mcsnapshot = get_cluster_snapshot_by_snapshot_id(cmd.cli_ctx, cluster_snapshot_id) + mcsnapshot = get_cluster_snapshot_by_snapshot_id( + cmd.cli_ctx, cluster_snapshot_id) kubernetes_version = mcsnapshot.managed_cluster_properties_read_only.kubernetes_version if instance.kubernetes_version == kubernetes_version: @@ -1365,7 +1375,8 @@ def aks_agentpool_upgrade(cmd, creationData = None if snapshot_id: - snapshot = get_nodepool_snapshot_by_snapshot_id(cmd.cli_ctx, snapshot_id) + snapshot = get_nodepool_snapshot_by_snapshot_id( + cmd.cli_ctx, snapshot_id) if not kubernetes_version and not node_image_only: kubernetes_version = snapshot.kubernetes_version @@ -1378,9 +1389,11 @@ def aks_agentpool_upgrade(cmd, if kubernetes_version != '' or instance.orchestrator_version == kubernetes_version: msg = "The new kubernetes version is the same as the current kubernetes version." if instance.provisioning_state == "Succeeded": - msg = "The cluster is already on version {} and is not in a failed state. No operations will occur when upgrading to the same version if the cluster is not in a failed state.".format(instance.orchestrator_version) + msg = "The cluster is already on version {} and is not in a failed state. No operations will occur when upgrading to the same version if the cluster is not in a failed state.".format( + instance.orchestrator_version) elif instance.provisioning_state == "Failed": - msg = "Cluster currently in failed state. Proceeding with upgrade to existing version {} to attempt resolution of failed cluster state.".format(instance.orchestrator_version) + msg = "Cluster currently in failed state. Proceeding with upgrade to existing version {} to attempt resolution of failed cluster state.".format( + instance.orchestrator_version) if not yes and not prompt_y_n(msg): return None @@ -1546,7 +1559,8 @@ def aks_operation_abort(cmd, # pylint: disable=unused-argument instance = client.get(resource_group_name, name) power_state = PowerState(code="Running") if instance is None: - raise InvalidArgumentValueError("Cluster {} doesnt exist, use 'aks list' to get current cluster list".format(name)) + raise InvalidArgumentValueError( + "Cluster {} doesnt exist, use 'aks list' to get current cluster list".format(name)) instance.power_state = power_state headers = get_aks_custom_headers(aks_custom_headers) return sdk_no_wait(no_wait, client.begin_abort_latest_operation, resource_group_name, name, headers=headers) @@ -1605,7 +1619,8 @@ def aks_addon_show(cmd, client, resource_group_name, name, addon): # web_application_routing is a special case, the configuration is stored in a separate profile if addon == "web_application_routing": if not mc.ingress_profile and not mc.ingress_profile.web_app_routing and not mc.ingress_profile.web_app_routing.enabled: - raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError( + f'Addon "{addon}" is not enabled in this cluster.') return { "name": addon, "api_key": addon_key, @@ -1614,7 +1629,8 @@ def aks_addon_show(cmd, client, resource_group_name, name, addon): # normal addons if not mc.addon_profiles or addon_key not in mc.addon_profiles or not mc.addon_profiles[addon_key].enabled: - raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError( + f'Addon "{addon}" is not enabled in this cluster.') return { "name": addon, "api_key": addon_key, @@ -1654,11 +1670,13 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re if addon == "web_application_routing": if (instance.ingress_profile is None) or (instance.ingress_profile.web_app_routing is None) or not instance.ingress_profile.web_app_routing.enabled: - raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError( + f'Addon "{addon}" is not enabled in this cluster.') else: addon_key = ADDONS[addon] if not addon_profiles or addon_key not in addon_profiles or not addon_profiles[addon_key].enabled: - raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError( + f'Addon "{addon}" is not enabled in this cluster.') return enable_addons(cmd, client, resource_group_name, name, addon, check_enabled=False, workspace_resource_id=workspace_resource_id, @@ -1756,7 +1774,8 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_ raise ArgumentUsageError( "--enable-syslog can not be used without MSI auth.") if data_collection_settings is not None: - raise ArgumentUsageError("--data-collection-settings can not be used without MSI auth.") + raise ArgumentUsageError( + "--data-collection-settings can not be used without MSI auth.") ensure_container_insights_for_monitoring( cmd, instance.addon_profiles[CONST_MONITORING_ADDON_NAME], @@ -2022,7 +2041,8 @@ def aks_draft_create(destination='.', dockerfile_only=None, deployment_only=None, path=None): - aks_draft_cmd_create(destination, app, language, create_config, dockerfile_only, deployment_only, path) + aks_draft_cmd_create(destination, app, language, + create_config, dockerfile_only, deployment_only, path) def aks_draft_setup_gh(app=None, @@ -2031,7 +2051,8 @@ def aks_draft_setup_gh(app=None, provider="azure", gh_repo=None, path=None): - aks_draft_cmd_setup_gh(app, subscription_id, resource_group, provider, gh_repo, path) + aks_draft_cmd_setup_gh(app, subscription_id, + resource_group, provider, gh_repo, path) def aks_draft_generate_workflow(cluster_name=None, @@ -2438,15 +2459,18 @@ def aks_trustedaccess_role_binding_create(cmd, client, resource_group_name, clus ) existedBinding = None try: - existedBinding = client.get(resource_group_name, cluster_name, role_binding_name) + existedBinding = client.get( + resource_group_name, cluster_name, role_binding_name) except ResourceNotFoundError: pass if existedBinding: - raise Exception("TrustedAccess RoleBinding " + role_binding_name + " already existed, please use 'az aks trustedaccess rolebinding update' command to update!") + raise Exception("TrustedAccess RoleBinding " + role_binding_name + + " already existed, please use 'az aks trustedaccess rolebinding update' command to update!") roleList = roles.split(',') - roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roleList) + roleBinding = TrustedAccessRoleBinding( + source_resource_id=source_resource_id, roles=roleList) return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding) @@ -2456,10 +2480,12 @@ def aks_trustedaccess_role_binding_update(cmd, client, resource_group_name, clus resource_type=CUSTOM_MGMT_AKS_PREVIEW, operation_group="trusted_access_role_bindings", ) - existedBinding = client.get(resource_group_name, cluster_name, role_binding_name) + existedBinding = client.get( + resource_group_name, cluster_name, role_binding_name) roleList = roles.split(',') - roleBinding = TrustedAccessRoleBinding(source_resource_id=existedBinding.source_resource_id, roles=roleList) + roleBinding = TrustedAccessRoleBinding( + source_resource_id=existedBinding.source_resource_id, roles=roleList) return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index d64860bfc87..b33c22cb3f4 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -82,23 +82,34 @@ # type variables ContainerServiceClient = TypeVar("ContainerServiceClient") -ContainerServiceNetworkProfileKubeProxyConfig = TypeVar("ContainerServiceNetworkProfileKubeProxyConfig") +ContainerServiceNetworkProfileKubeProxyConfig = TypeVar( + "ContainerServiceNetworkProfileKubeProxyConfig") ManagedCluster = TypeVar("ManagedCluster") ManagedClusterAddonProfile = TypeVar("ManagedClusterAddonProfile") ManagedClusterHTTPProxyConfig = TypeVar("ManagedClusterHTTPProxyConfig") -ManagedClusterSecurityProfileWorkloadIdentity = TypeVar("ManagedClusterSecurityProfileWorkloadIdentity") +ManagedClusterSecurityProfileWorkloadIdentity = TypeVar( + "ManagedClusterSecurityProfileWorkloadIdentity") ManagedClusterOIDCIssuerProfile = TypeVar("ManagedClusterOIDCIssuerProfile") ManagedClusterSnapshot = TypeVar("ManagedClusterSnapshot") ManagedClusterStorageProfile = TypeVar('ManagedClusterStorageProfile') -ManagedClusterStorageProfileDiskCSIDriver = TypeVar('ManagedClusterStorageProfileDiskCSIDriver') -ManagedClusterStorageProfileFileCSIDriver = TypeVar('ManagedClusterStorageProfileFileCSIDriver') -ManagedClusterStorageProfileBlobCSIDriver = TypeVar('ManagedClusterStorageProfileBlobCSIDriver') -ManagedClusterStorageProfileSnapshotController = TypeVar('ManagedClusterStorageProfileSnapshotController') -ManagedClusterIngressProfileWebAppRouting = TypeVar("ManagedClusterIngressProfileWebAppRouting") -ManagedClusterSecurityProfileDefender = TypeVar("ManagedClusterSecurityProfileDefender") -ManagedClusterSecurityProfileNodeRestriction = TypeVar("ManagedClusterSecurityProfileNodeRestriction") -ManagedClusterWorkloadProfileVerticalPodAutoscaler = TypeVar("ManagedClusterWorkloadProfileVerticalPodAutoscaler") -ManagedClusterLoadBalancerProfile = TypeVar("ManagedClusterLoadBalancerProfile") +ManagedClusterStorageProfileDiskCSIDriver = TypeVar( + 'ManagedClusterStorageProfileDiskCSIDriver') +ManagedClusterStorageProfileFileCSIDriver = TypeVar( + 'ManagedClusterStorageProfileFileCSIDriver') +ManagedClusterStorageProfileBlobCSIDriver = TypeVar( + 'ManagedClusterStorageProfileBlobCSIDriver') +ManagedClusterStorageProfileSnapshotController = TypeVar( + 'ManagedClusterStorageProfileSnapshotController') +ManagedClusterIngressProfileWebAppRouting = TypeVar( + "ManagedClusterIngressProfileWebAppRouting") +ManagedClusterSecurityProfileDefender = TypeVar( + "ManagedClusterSecurityProfileDefender") +ManagedClusterSecurityProfileNodeRestriction = TypeVar( + "ManagedClusterSecurityProfileNodeRestriction") +ManagedClusterWorkloadProfileVerticalPodAutoscaler = TypeVar( + "ManagedClusterWorkloadProfileVerticalPodAutoscaler") +ManagedClusterLoadBalancerProfile = TypeVar( + "ManagedClusterLoadBalancerProfile") # pylint: disable=too-few-public-methods @@ -107,6 +118,7 @@ class AKSPreviewManagedClusterModels(AKSManagedClusterModels): The api version of the class corresponding to a model is determined by resource_type. """ + def __init__(self, cmd: AzCommandsLoader, resource_type: ResourceType): super().__init__(cmd, resource_type) # holder for pod identity related models @@ -149,7 +161,17 @@ def external_functions(self) -> SimpleNamespace: self.__external_functions = SimpleNamespace(**external_functions) return self.__external_functions + def get_guardrails_level(self) -> Union[str, None]: + return self.raw_param.get("guardrails_level") + + def get_guardrails_excluded_namespaces(self) -> Union[str, None]: + return self.raw_param.get("guardrails_excluded_namespaces") + + def get_guardails_version(self) -> Union[str, None]: + return self.raw_param.get("guardrails_version") + # pylint: disable=no-self-use + def __validate_pod_identity_with_kubenet(self, mc, enable_pod_identity, enable_pod_identity_with_kubenet): """Helper function to check the validity of serveral pod identity related parameters. @@ -200,7 +222,8 @@ def get_pod_cidrs(self) -> Union[List[str], None]: # read the original value passed by the command pod_cidrs = self.raw_param.get("pod_cidrs") # normalize - pod_cidrs = extract_comma_separated_string(pod_cidrs, keep_none=True, default_value=[]) + pod_cidrs = extract_comma_separated_string( + pod_cidrs, keep_none=True, default_value=[]) # try to read the property value corresponding to the parameter from the `mc` object if self.mc and self.mc.network_profile and self.mc.network_profile.pod_cidrs is not None: pod_cidrs = self.mc.network_profile.pod_cidrs @@ -217,7 +240,8 @@ def get_service_cidrs(self) -> Union[List[str], None]: # read the original value passed by the command service_cidrs = self.raw_param.get("service_cidrs") # normalize - service_cidrs = extract_comma_separated_string(service_cidrs, keep_none=True, default_value=[]) + service_cidrs = extract_comma_separated_string( + service_cidrs, keep_none=True, default_value=[]) # try to read the property value corresponding to the parameter from the `mc` object if self.mc and self.mc.network_profile and self.mc.network_profile.service_cidrs is not None: service_cidrs = self.mc.network_profile.service_cidrs @@ -234,7 +258,8 @@ def get_ip_families(self) -> Union[List[str], None]: # read the original value passed by the command ip_families = self.raw_param.get("ip_families") # normalize - ip_families = extract_comma_separated_string(ip_families, keep_none=True, default_value=[]) + ip_families = extract_comma_separated_string( + ip_families, keep_none=True, default_value=[]) # try to read the property value corresponding to the parameter from the `mc` object if self.mc and self.mc.network_profile and self.mc.network_profile.ip_families is not None: ip_families = self.mc.network_profile.ip_families @@ -496,7 +521,8 @@ def get_load_balancer_managed_outbound_ipv6_count(self) -> Union[int, None]: :return: int or None """ - count_ipv6 = self.raw_param.get('load_balancer_managed_outbound_ipv6_count') + count_ipv6 = self.raw_param.get( + 'load_balancer_managed_outbound_ipv6_count') if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -547,7 +573,8 @@ def get_nrg_lockdown_restriction_level(self) -> Union[str, None]: :return: string or None """ # read the original value passed by the command - nrg_lockdown_restriction_level = self.raw_param.get("nrg_lockdown_restriction_level") + nrg_lockdown_restriction_level = self.raw_param.get( + "nrg_lockdown_restriction_level") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: @@ -624,7 +651,8 @@ def _get_enable_pod_security_policy(self, enable_validation: bool = False) -> bo :return: bool """ # read the original value passed by the command - enable_pod_security_policy = self.raw_param.get("enable_pod_security_policy") + enable_pod_security_policy = self.raw_param.get( + "enable_pod_security_policy") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -662,7 +690,8 @@ def _get_disable_pod_security_policy(self, enable_validation: bool = False) -> b :return: bool """ # read the original value passed by the command - disable_pod_security_policy = self.raw_param.get("disable_pod_security_policy") + disable_pod_security_policy = self.raw_param.get( + "disable_pod_security_policy") # We do not support this option in create mode, therefore we do not read the value from `mc`. # this parameter does not need dynamic completion @@ -698,7 +727,8 @@ def _get_enable_managed_identity( :return: bool """ - enable_managed_identity = super()._get_enable_managed_identity(enable_validation, read_only) + enable_managed_identity = super()._get_enable_managed_identity( + enable_validation, read_only) # additional validation if enable_validation: if self.decorator_mode == DecoratorMode.CREATE: @@ -861,7 +891,8 @@ def get_workload_identity_profile(self) -> Optional[ManagedClusterSecurityProfil # - True: sets by user, to enable the workload identity feature # - False: sets by user, to disable the workload identity feature # - None: user unspecified, don't set the profile and let server side to backfill - enable_workload_identity = self.raw_param.get("enable_workload_identity") + enable_workload_identity = self.raw_param.get( + "enable_workload_identity") if enable_workload_identity is None: return None @@ -928,7 +959,8 @@ def _get_image_cleaner_interval_hours(self, enable_validation: bool = False) -> :return: int or None """ # read the original value passed by the command - image_cleaner_interval_hours = self.raw_param.get("image_cleaner_interval_hours") + image_cleaner_interval_hours = self.raw_param.get( + "image_cleaner_interval_hours") if image_cleaner_interval_hours is not None and enable_validation: @@ -968,7 +1000,8 @@ def get_image_cleaner_interval_hours(self) -> Union[int, None]: :return: int or None """ - interval_hours = self._get_image_cleaner_interval_hours(enable_validation=True) + interval_hours = self._get_image_cleaner_interval_hours( + enable_validation=True) return interval_hours @@ -1012,8 +1045,10 @@ def get_cluster_snapshot(self) -> Union[ManagedClusterSnapshot, None]: snapshot_id = self.get_cluster_snapshot_id() if snapshot_id: - snapshot = self.external_functions.get_cluster_snapshot_by_snapshot_id(self.cmd.cli_ctx, snapshot_id) - self.set_intermediate("managedclustersnapshot", snapshot, overwrite_exists=True) + snapshot = self.external_functions.get_cluster_snapshot_by_snapshot_id( + self.cmd.cli_ctx, snapshot_id) + self.set_intermediate("managedclustersnapshot", + snapshot, overwrite_exists=True) return snapshot def _get_kubernetes_version(self, read_only: bool = False) -> str: @@ -1133,7 +1168,8 @@ def _get_enable_apiserver_vnet_integration(self, enable_validation: bool = False :return: bool """ # read the original value passed by the command - enable_apiserver_vnet_integration = self.raw_param.get("enable_apiserver_vnet_integration") + enable_apiserver_vnet_integration = self.raw_param.get( + "enable_apiserver_vnet_integration") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -1147,7 +1183,8 @@ def _get_enable_apiserver_vnet_integration(self, enable_validation: bool = False # validation if enable_validation: if self.decorator_mode == DecoratorMode.UPDATE: - is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster(self.mc) + is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster( + self.mc) if enable_apiserver_vnet_integration and not is_apiserver_vnet_integration_cluster: if self._get_apiserver_subnet_id(enable_validation=False) is None: raise RequiredArgumentMissingError( @@ -1231,7 +1268,8 @@ def _get_enable_private_cluster(self, enable_validation: bool = False) -> bool: :return: bool """ # read the original value passed by the command - enable_apiserver_vnet_integration = self.raw_param.get("enable_apiserver_vnet_integration") + enable_apiserver_vnet_integration = self.raw_param.get( + "enable_apiserver_vnet_integration") enable_private_cluster = self.raw_param.get("enable_private_cluster") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. @@ -1273,7 +1311,8 @@ def _get_enable_private_cluster(self, enable_validation: bool = False) -> bool: if self.decorator_mode == DecoratorMode.UPDATE: # copy logic from cli core is_private_cluster = check_is_private_cluster(self.mc) - is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster(self.mc) + is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster( + self.mc) if is_private_cluster or enable_private_cluster: if self._get_api_server_authorized_ip_ranges(enable_validation=False): @@ -1317,7 +1356,8 @@ def _get_disable_private_cluster(self, enable_validation: bool = False) -> bool: :return: bool """ # read the original value passed by the command - enable_apiserver_vnet_integration = self.raw_param.get("enable_apiserver_vnet_integration") + enable_apiserver_vnet_integration = self.raw_param.get( + "enable_apiserver_vnet_integration") disable_private_cluster = self.raw_param.get("disable_private_cluster") # this parameter does not need dynamic completion @@ -1391,7 +1431,8 @@ def _get_disable_public_fqdn(self, enable_validation: bool = False) -> bool: ) if ( safe_lower(self._get_private_dns_zone(enable_validation=False)) == CONST_PRIVATE_DNS_ZONE_NONE or - safe_lower(self.mc.api_server_access_profile.private_dns_zone) == CONST_PRIVATE_DNS_ZONE_NONE + safe_lower( + self.mc.api_server_access_profile.private_dns_zone) == CONST_PRIVATE_DNS_ZONE_NONE ): raise InvalidArgumentValueError( "--disable-public-fqdn cannot be applied for none mode private dns zone cluster" @@ -1683,7 +1724,8 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: :return: List[str] or None """ - custom_ca_certs_file_path = self.raw_param.get("custom_ca_trust_certificates") + custom_ca_certs_file_path = self.raw_param.get( + "custom_ca_trust_certificates") if not custom_ca_certs_file_path: return None if not os.path.isfile(custom_ca_certs_file_path): @@ -1693,7 +1735,8 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: ) ) # CAs are supposed to be separated with a new line, we filter out empty strings (e.g. some stray new line). We only allow up to 10 CAs - file_content = read_file_content(custom_ca_certs_file_path).split(os.linesep + os.linesep) + file_content = read_file_content( + custom_ca_certs_file_path).split(os.linesep + os.linesep) certs = [str.encode(x) for x in file_content if len(x) > 1] if len(certs) > 10: raise InvalidArgumentValueError( @@ -1731,7 +1774,8 @@ def _get_enable_azure_monitor_metrics(self, enable_validation: bool = False) -> """ # print("_get_enable_azure_monitor_metrics being called...") # Read the original value passed by the command. - enable_azure_monitor_metrics = self.raw_param.get("enable_azuremonitormetrics") + enable_azure_monitor_metrics = self.raw_param.get( + "enable_azuremonitormetrics") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -1767,9 +1811,11 @@ def _get_disable_azure_monitor_metrics(self, enable_validation: bool = False) -> :return: bool """ # Read the original value passed by the command. - disable_azure_monitor_metrics = self.raw_param.get("disable_azuremonitormetrics") + disable_azure_monitor_metrics = self.raw_param.get( + "disable_azuremonitormetrics") if disable_azure_monitor_metrics and self._get_enable_azure_monitor_metrics(False): - raise MutuallyExclusiveArgumentError("Cannot specify --enable-azuremonitormetrics and --disable-azuremonitormetrics at the same time.") + raise MutuallyExclusiveArgumentError( + "Cannot specify --enable-azuremonitormetrics and --disable-azuremonitormetrics at the same time.") return disable_azure_monitor_metrics def get_disable_azure_monitor_metrics(self) -> bool: @@ -1799,7 +1845,8 @@ def _get_disable_node_restriction(self, enable_validation: bool = False) -> bool :return: bool """ # Read the original value passed by the command. - disable_node_restriction = self.raw_param.get("disable_node_restriction") + disable_node_restriction = self.raw_param.get( + "disable_node_restriction") # This option is not supported in create mode, hence we do not read the property value from the `mc` object. # This parameter does not need dynamic completion. @@ -1910,7 +1957,8 @@ def init_models(self) -> None: :return: None """ - self.models = AKSPreviewManagedClusterModels(self.cmd, self.resource_type) + self.models = AKSPreviewManagedClusterModels( + self.cmd, self.resource_type) def init_context(self) -> None: """Initialize an AKSPreviewManagedClusterContext object to store the context in the process of assemble the @@ -2168,7 +2216,8 @@ def set_up_workload_auto_scaler_profile(self, mc: ManagedCluster) -> ManagedClus if self.context.get_enable_keda(): if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() - mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda(enabled=True) + mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda( + enabled=True) return mc @@ -2215,7 +2264,8 @@ def set_up_vpa(self, mc: ManagedCluster) -> ManagedCluster: if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() if mc.workload_auto_scaler_profile.vertical_pod_autoscaler is None: - mc.workload_auto_scaler_profile.vertical_pod_autoscaler = self.models.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler(enabled=True) + mc.workload_auto_scaler_profile.vertical_pod_autoscaler = self.models.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler( + enabled=True) else: mc.workload_auto_scaler_profile.vertical_pod_autoscaler.enabled = True return mc @@ -2244,7 +2294,8 @@ def set_up_node_resource_group_profile(self, mc: ManagedCluster) -> ManagedClust node_resource_group_profile = None nrg_lockdown_restriction_level = self.context.get_nrg_lockdown_restriction_level() if nrg_lockdown_restriction_level: - node_resource_group_profile = self.models.ManagedClusterNodeResourceGroupProfile(restriction_level=nrg_lockdown_restriction_level) + node_resource_group_profile = self.models.ManagedClusterNodeResourceGroupProfile( + restriction_level=nrg_lockdown_restriction_level) mc.node_resource_group_profile = node_resource_group_profile return mc @@ -2261,6 +2312,24 @@ def set_up_auto_upgrade_profile(self, mc: ManagedCluster) -> ManagedCluster: mc.auto_upgrade_profile.node_os_upgrade_channel = node_os_upgrade_channel return mc + def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: + + excludedNamespaces = self.context.get_guardrails_excluded_namespaces() + version = self.context.get_guardrails_version() + level = self.context.get_guardrails_level() + # provided any value? + if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: + mc.guardrails_profile = self.models.GuardrailsProfile() + # replace values with provided values + if level is not None: + mc.guardrails_profile.level = level + if version is not None: + mc.guardrails_profile.version = version + if excludedNamespaces is not None: + mc.guardrails_profile.excluded_namespaces = excludedNamespaces.split(",") + + return mc + def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) -> ManagedCluster: """The overall controller used to construct the default ManagedCluster profile. @@ -2298,6 +2367,8 @@ def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) -> mc = self.set_up_node_resource_group_profile(mc) # set up auto upgrade profile mc = self.set_up_auto_upgrade_profile(mc) + # set up guardrails profile + mc = self.set_up_guardrails_profile(mc) # DO NOT MOVE: keep this at the bottom, restore defaults mc = self._restore_defaults_in_mc(mc) @@ -2316,7 +2387,8 @@ def init_models(self) -> None: :return: None """ - self.models = AKSPreviewManagedClusterModels(self.cmd, self.resource_type) + self.models = AKSPreviewManagedClusterModels( + self.cmd, self.resource_type) def init_context(self) -> None: """Initialize an AKSManagedClusterContext object to store the context in the process of assemble the @@ -2325,7 +2397,8 @@ def init_context(self) -> None: :return: None """ self.context = AKSPreviewManagedClusterContext( - self.cmd, AKSManagedClusterParamDict(self.__raw_parameters), self.models, DecoratorMode.UPDATE + self.cmd, AKSManagedClusterParamDict( + self.__raw_parameters), self.models, DecoratorMode.UPDATE ) def init_agentpool_decorator_context(self) -> None: @@ -2365,7 +2438,8 @@ def check_raw_parameters(self): excluded_keys = ("cmd", "client", "resource_group_name", "name") # check whether the remaining parameters are set # the default "falsy" value will be considered as not set (e.g., None, "", [], {}, 0) - is_changed = any(v for k, v in self.context.raw_param.items() if k not in excluded_keys) + is_changed = any( + v for k, v in self.context.raw_param.items() if k not in excluded_keys) # special cases # Some parameters support using "falsy" value to update/remove previously set values. @@ -2644,12 +2718,14 @@ def update_workload_auto_scaler_profile(self, mc: ManagedCluster) -> ManagedClus if self.context.get_enable_keda(): if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() - mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda(enabled=True) + mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda( + enabled=True) if self.context.get_disable_keda(): if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() - mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda(enabled=False) + mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda( + enabled=False) return mc @@ -2676,8 +2752,10 @@ def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: self._ensure_mc(mc) # read the original value passed by the command - ksm_metric_labels_allow_list = self.context.raw_param.get("ksm_metric_labels_allow_list") - ksm_metric_annotations_allow_list = self.context.raw_param.get("ksm_metric_annotations_allow_list") + ksm_metric_labels_allow_list = self.context.raw_param.get( + "ksm_metric_labels_allow_list") + ksm_metric_annotations_allow_list = self.context.raw_param.get( + "ksm_metric_annotations_allow_list") if ksm_metric_labels_allow_list is None: ksm_metric_labels_allow_list = "" @@ -2687,7 +2765,8 @@ def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: if self.context.get_enable_azure_monitor_metrics(): if mc.azure_monitor_profile is None: mc.azure_monitor_profile = self.models.ManagedClusterAzureMonitorProfile() - mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics(enabled=True) + mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics( + enabled=True) mc.azure_monitor_profile.metrics.kube_state_metrics = self.models.ManagedClusterAzureMonitorProfileKubeStateMetrics( metric_labels_allowlist=str(ksm_metric_labels_allow_list), metric_annotations_allow_list=str(ksm_metric_annotations_allow_list)) @@ -2695,7 +2774,8 @@ def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: if self.context.get_disable_azure_monitor_metrics(): if mc.azure_monitor_profile is None: mc.azure_monitor_profile = self.models.ManagedClusterAzureMonitorProfile() - mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics(enabled=False) + mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics( + enabled=False) if (self.context.raw_param.get("enable_azuremonitormetrics") or self.context.raw_param.get("disable_azuremonitormetrics")): ensure_azure_monitor_profile_prerequisites( @@ -2838,6 +2918,33 @@ def update_auto_upgrade_profile(self, mc: ManagedCluster) -> ManagedCluster: mc.auto_upgrade_profile = self.models.ManagedClusterAutoUpgradeProfile() mc.auto_upgrade_profile.node_os_upgrade_channel = node_os_upgrade_channel return mc + + def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: + """Update guardrails profile for the ManagedCluster object + :return: the ManagedCluster object + """ + + self._ensure_mc(mc) + + excludedNamespaces = self.context.get_guardrails_excluded_namespaces() + version = self.context.get_guardrails_version() + level = self.context.get_guardrails_level() + # provided any value? + if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: + mc.guardrails_profile = self.models.GuardrailsProfile() + # replace values with provided values + if level is not None: + mc.guardrails_profile.level = level + if version is not None: + mc.guardrails_profile.version = version + if excludedNamespaces is not None: + if excludedNamespaces == "[]": + mc.guardrails_profile.excluded_namespaces = list() + else: + mc.guardrails_profile.excluded_namespaces = excludedNamespaces.split( + ",") + + return mc def update_mc_profile_preview(self) -> ManagedCluster: """The overall controller used to update the preview ManagedCluster profile. @@ -2880,5 +2987,7 @@ def update_mc_profile_preview(self) -> ManagedCluster: mc = self.update_node_resource_group_profile(mc) # update auto upgrade profile mc = self.update_auto_upgrade_profile(mc) + # update guardrails_profile + mc = self.update_guardrails_profile(mc) return mc diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index fcc847aa005..88cd712ec73 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1389,6 +1389,50 @@ def test_aks_nodepool_abort(self, resource_group, resource_group_location): self.check('powerState.code', 'Running') ]) + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') + def test_aks_create_with_guardrails(self, resource_group, resource_group_location): + aks_name = self.create_random_name('cliakstest', 16) + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'ssh_key_value': self.generate_ssh_keys() + }) + + create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ + '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ + '--enable-addons azure-policy' + self.cmd(create_cmd, checks=[ + self.check('properties.provisioningState', 'Succeeded'), + self.check('properties.guardrailsProfile.level', 'Warning'), + self.check('properties.guardrailsProfile.version','v1.0.0') + ]) + + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') + def test_aks_update_with_guardrails(self, resource_group, resource_group_location): + aks_name = self.create_random_name('cliakstest', 16) + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'ssh_key_value': self.generate_ssh_keys() + }) + + create_cmd = 'aks create --resource-group={resource_group} --name={name} ' + self.cmd(create_cmd, checks=[ + self.check('properties.provisioningState', 'Succeeded') + ]) + + update_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ + '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ + '--enable-addons azure-policy' + + self.cmd(update_cmd, checks=[ + self.check('properties.provisioningState', 'Succeeded'), + self.check('properties.guardrailsProfile.level', 'Warning'), + self.check('properties.guardrailsProfile.version','v1.0.0') + ]) + @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_managed_disk(self, resource_group, resource_group_location): diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 85b55ad2239..96f9a299861 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -107,6 +107,12 @@ def test_models(self): getattr(module, "ManagedClusterPodIdentityException"), ) + # guardrails profile models + self.assertEqual( + models.pod_identity_models.ManagedClusterGuardrailsProfile, + getattr(module, "ManagedClusterGuardrailsProfile"), + ) + class AKSPreviewManagedClusterContextTestCase(unittest.TestCase): def setUp(self): @@ -225,6 +231,71 @@ def test_get_http_proxy_config(self): # fail on invalid file path with self.assertRaises(InvalidArgumentValueError): ctx_3.get_http_proxy_config() + + def test_get_guardrails_level(self): + ctx1 = AKSPreviewManagedClusterContext( + self.cmd, + AKSManagedClusterParamDict({"guardrails_level": None}), + self.models, + decorator_mode=DecoratorMode.CREATE + ) + self.assertEqual(ctx1.get_guardrails_level(), None) + + ctx2 = AKSPreviewManagedClusterContext( + self.cmd, + AKSManagedClusterParamDict({"guardrails_level": "Warning"}), + self.models, + decorator_mode=DecoratorMode.CREATE + ) + mc2 = self.models.ManagedCluster( + guardrails_profile=self.models.GuardrailsProfile(level="Warning") + ) + ctx2.attach_mc(mc2) + self.assertEqual(ctx2.get_guardrails_level(), "Warning") + + def test_get_guardrails_version(self): + ctx1 = AKSPreviewManagedClusterContext( + self.cmd, + AKSManagedClusterParamDict({"guardrails_version": None}), + self.models, + decorator_mode=DecoratorMode.CREATE + ) + self.assertEqual(ctx1.get_guardrails_version(), None) + + ctx2 = AKSPreviewManagedClusterContext( + self.cmd, + AKSManagedClusterParamDict({"guardrails_version": "v1.0.0"}), + self.models, + decorator_mode=DecoratorMode.CREATE + ) + + mc2 = self.models.ManagedCluster( + guardrails_profile=self.models.GuardrailsProfile(version="v1.0.0") + ) + ctx2.attach_mc(mc2) + self.assertEqual(ctx2.get_guardrails_version(), "v1.0.0") + + def test_get_guardrails_excluded_namespaces(self): + ctx1 = AKSPreviewManagedClusterContext( + self.cmd, + AKSManagedClusterParamDict({"guardrails_excluded_namespaces": None}), + self.models, + decorator_mode=DecoratorMode.CREATE + ) + self.assertEqual(ctx1.get_guardrails_excluded_namespaces(), None) + + ctx2 = AKSPreviewManagedClusterContext( + self.cmd, + AKSManagedClusterParamDict({"guardrails_excluded_namespaces": "ns1,ns2"}), + self.models, + decorator_mode=DecoratorMode.CREATE + ) + + mc2 = self.models.ManagedCluster( + guardrails_profile=self.models.GuardrailsProfile(excluded_namespaces="ns1,ns2") + ) + ctx2.attach_mc(mc2) + self.assertEqual(ctx2.get_guardrails_excluded_namespaces(), "v1.0.0") def test_get_kube_proxy_config(self): # default @@ -3146,6 +3217,44 @@ def setUp(self): self.models = AKSPreviewManagedClusterModels(self.cmd, CUSTOM_MGMT_AKS_PREVIEW) self.client = MockClient() + def test_set_up_guardrails_profile(self): + # Base case - no options specified, GuardrailsProfile should be None + dec_1 = AKSPreviewManagedClusterCreateDecorator( + self.cmd, + self.client, + {}, + CUSTOM_MGMT_AKS_PREVIEW + ) + + mc_1 = self.models.ManagedCluster(location="test_location") + dec_1.context.attach_mc(mc_1) + dec_mc_1 = dec_1.set_up_guardrails_profile(mc_1) + gt_mc_1 = self.models.ManagedCluster(location="test_location") + self.AssertEqual(dec_mc_1,gt_mc_1) + + # Make sure GuardrailsProfile is filled out appropriately + dec_2 = AKSPreviewManagedClusterCreateDecorator( + self.cmd, + self.client, + { + "guardrails_level": "Warning", + "guardrails_version": "v1.0.0", + "guardrails_excluded_namespaces": "ns1,ns2" + }, + CUSTOM_MGMT_AKS_PREVIEW + ) + + mc_2 = self.models.ManagedCluster(location="test_location") + dec_2.context.attach_mc(mc_2) + dec_mc_2 = dec_2.set_up_guardrails_profile(mc_2) + gt_mc_2 = self.models.ManagedCluster(location="test_location") + gt_mc_2.guardrails_profile = self.models.GuardrailsProfile( + level="Warning", + version="v1.0.0", + excluded_namespaces=["ns1","ns2"] + ) + self.AssertEqual(dec_mc_2,gt_mc_2) + def test_set_up_agentpool_profile(self): dec_1 = AKSPreviewManagedClusterCreateDecorator( self.cmd, diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index 3262e176905..290c7645628 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -78,7 +78,8 @@ def test_invalid_subnet_id(self): err = ("--vnet-subnet-id is not a valid Azure resource ID.") with self.assertRaises(CLIError) as cm: - validators._validate_subnet_id(invalid_vnet_subnet_id, "--vnet-subnet-id") + validators._validate_subnet_id( + invalid_vnet_subnet_id, "--vnet-subnet-id") self.assertEqual(str(cm.exception), err) def test_valid_vnet_subnet_id(self): @@ -114,16 +115,19 @@ def __init__(self, os_type, enable_custom_ca_trust): self.os_type = os_type self.enable_custom_ca_trust = enable_custom_ca_trust + class CustomCATrustCertificatesNamespace: def __init__(self, os_type, custom_ca_trust_certificates): self.os_type = os_type self.custom_ca_trust_certificates = custom_ca_trust_certificates + class DisableWindowsOutboundNatNamespace: def __init__(self, os_type, disable_windows_outbound_nat): self.os_type = os_type self.disable_windows_outbound_nat = disable_windows_outbound_nat + class TestMaxSurge(unittest.TestCase): def test_valid_cases(self): valid = ["5", "33%", "1", "100%"] @@ -133,7 +137,8 @@ def test_valid_cases(self): def test_throws_on_string(self): with self.assertRaises(CLIError) as cm: validators.validate_max_surge(MaxSurgeNamespace("foobar")) - self.assertTrue('int or percentage' in str(cm.exception), msg=str(cm.exception)) + self.assertTrue('int or percentage' in str( + cm.exception), msg=str(cm.exception)) def test_throws_on_negative(self): with self.assertRaises(CLIError) as cm: @@ -150,86 +155,111 @@ def test_valid_cases(self): def test_throws_if_more_than_5(self): with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(SpotMaxPriceNamespace(5.123456)) - self.assertTrue('--spot_max_price can only include up to 5 decimal places' in str(cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only include up to 5 decimal places' in str( + cm.exception), msg=str(cm.exception)) def test_throws_if_non_valid_negative(self): with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(SpotMaxPriceNamespace(-2)) - self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str(cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str( + cm.exception), msg=str(cm.exception)) with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(SpotMaxPriceNamespace(0)) - self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str(cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str( + cm.exception), msg=str(cm.exception)) def test_throws_if_input_max_price_for_regular(self): ns = SpotMaxPriceNamespace(2) ns.priority = "Regular" with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(ns) - self.assertTrue('--spot_max_price can only be set when --priority is Spot' in str(cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only be set when --priority is Spot' in str( + cm.exception), msg=str(cm.exception)) class TestMessageOfTheday(unittest.TestCase): def test_valid_cases(self): valid = ["foo", ""] for v in valid: - validators.validate_message_of_the_day(MessageOfTheDayNamespace(v, "Linux")) + validators.validate_message_of_the_day( + MessageOfTheDayNamespace(v, "Linux")) def test_fail_if_os_type_windows(self): with self.assertRaises(CLIError) as cm: - validators.validate_message_of_the_day(MessageOfTheDayNamespace("foo", "Windows")) - self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_message_of_the_day( + MessageOfTheDayNamespace("foo", "Windows")) + self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str( + cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_message_of_the_day(MessageOfTheDayNamespace("foo", "invalid")) - self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_message_of_the_day( + MessageOfTheDayNamespace("foo", "invalid")) + self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str( + cm.exception), msg=str(cm.exception)) class TestEnableCustomCATrust(unittest.TestCase): def test_pass_if_os_type_linux(self): - validators.validate_enable_custom_ca_trust(EnableCustomCATrustNamespace("Linux", True)) + validators.validate_enable_custom_ca_trust( + EnableCustomCATrustNamespace("Linux", True)) def test_fail_if_os_type_windows(self): with self.assertRaises(CLIError) as cm: - validators.validate_enable_custom_ca_trust(EnableCustomCATrustNamespace("Windows", True)) - self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_enable_custom_ca_trust( + EnableCustomCATrustNamespace("Windows", True)) + self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str( + cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_enable_custom_ca_trust(EnableCustomCATrustNamespace("invalid", True)) - self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_enable_custom_ca_trust( + EnableCustomCATrustNamespace("invalid", True)) + self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str( + cm.exception), msg=str(cm.exception)) class TestCustomCATrustCertificates(unittest.TestCase): def test_valid_cases(self): valid = ["foo", ""] for v in valid: - validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Linux", v)) + validators.validate_custom_ca_trust_certificates( + CustomCATrustCertificatesNamespace("Linux", v)) def test_fail_if_os_type_windows(self): with self.assertRaises(CLIError) as cm: - validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Windows", "foo")) - self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_custom_ca_trust_certificates( + CustomCATrustCertificatesNamespace("Windows", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str( + cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("invalid", "foo")) - self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_custom_ca_trust_certificates( + CustomCATrustCertificatesNamespace("invalid", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str( + cm.exception), msg=str(cm.exception)) class TestDisableWindowsOutboundNAT(unittest.TestCase): def test_pass_if_os_type_windows(self): - validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("Windows", True)) + validators.validate_disable_windows_outbound_nat( + DisableWindowsOutboundNatNamespace("Windows", True)) def test_fail_if_os_type_linux(self): with self.assertRaises(CLIError) as cm: - validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("Linux", True)) - self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_disable_windows_outbound_nat( + DisableWindowsOutboundNatNamespace("Linux", True)) + self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str( + cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("invalid", True)) - self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str(cm.exception), msg=str(cm.exception)) + validators.validate_disable_windows_outbound_nat( + DisableWindowsOutboundNatNamespace("invalid", True)) + self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str( + cm.exception), msg=str(cm.exception)) + class ValidateAddonsNamespace: def __init__(self, addons): @@ -304,12 +334,14 @@ def __init__(self, identity_name): class TestValidatePodIdentityResourceName(unittest.TestCase): def test_valid_required_resource_name(self): - validator = validators.validate_pod_identity_resource_name('identity_name', required=True) + validator = validators.validate_pod_identity_resource_name( + 'identity_name', required=True) namespace = PodIdentityNamespace('test-name') validator(namespace) def test_missing_required_resource_name(self): - validator = validators.validate_pod_identity_resource_name('identity_name', required=True) + validator = validators.validate_pod_identity_resource_name( + 'identity_name', required=True) namespace = PodIdentityNamespace(None) with self.assertRaises(CLIError) as cm: @@ -336,6 +368,7 @@ def test_missing_required_resource_name(self): validators.validate_pod_identity_resource_namespace(namespace) self.assertEqual(str(cm.exception), '--namespace is required') + class TestValidateKubernetesVersion(unittest.TestCase): def test_valid_full_kubernetes_version(self): @@ -375,11 +408,13 @@ def test_invalid_kubernetes_version(self): validators.validate_k8s_version(namespace) self.assertEqual(str(cm.exception), err) + class HostGroupIDNamespace: def __init__(self, host_group_id): self.host_group_id = host_group_id + class TestValidateHostGroupID(unittest.TestCase): def test_invalid_host_group_id(self): invalid_host_group_id = "dummy group id" @@ -390,15 +425,18 @@ def test_invalid_host_group_id(self): validators.validate_host_group_id(namespace) self.assertEqual(str(cm.exception), err) + class AzureKeyVaultKmsKeyIdNamespace: def __init__(self, azure_keyvault_kms_key_id): self.azure_keyvault_kms_key_id = azure_keyvault_kms_key_id + class TestValidateAzureKeyVaultKmsKeyId(unittest.TestCase): def test_invalid_azure_keyvault_kms_key_id_without_https(self): invalid_azure_keyvault_kms_key_id = "dummy key id" - namespace = AzureKeyVaultKmsKeyIdNamespace(azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) + namespace = AzureKeyVaultKmsKeyIdNamespace( + azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) err = '--azure-keyvault-kms-key-id is not a valid Key Vault key ID. ' \ 'See https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name' @@ -408,7 +446,8 @@ def test_invalid_azure_keyvault_kms_key_id_without_https(self): def test_invalid_azure_keyvault_kms_key_id_without_key_version(self): invalid_azure_keyvault_kms_key_id = "https://fakekeyvault.vault.azure.net/keys/fakekeyname" - namespace = AzureKeyVaultKmsKeyIdNamespace(azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) + namespace = AzureKeyVaultKmsKeyIdNamespace( + azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) err = '--azure-keyvault-kms-key-id is not a valid Key Vault key ID. ' \ 'See https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name' @@ -418,7 +457,8 @@ def test_invalid_azure_keyvault_kms_key_id_without_key_version(self): def test_invalid_azure_keyvault_kms_key_id_with_wrong_object_type(self): invalid_azure_keyvault_kms_key_id = "https://fakekeyvault.vault.azure.net/secrets/fakesecretname/fakesecretversion" - namespace = AzureKeyVaultKmsKeyIdNamespace(azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) + namespace = AzureKeyVaultKmsKeyIdNamespace( + azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) err = '--azure-keyvault-kms-key-id is not a valid Key Vault key ID. ' \ 'See https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name' @@ -426,6 +466,7 @@ def test_invalid_azure_keyvault_kms_key_id_with_wrong_object_type(self): validators.validate_azure_keyvault_kms_key_id(namespace) self.assertEqual(str(cm.exception), err) + class ImageCleanerNamespace: def __init__( self, @@ -433,9 +474,10 @@ def __init__( disable_image_cleaner=False, image_cleaner_interval_hours=None, ): - self.enable_image_cleaner = enable_image_cleaner - self.disable_image_cleaner = disable_image_cleaner - self.image_cleaner_interval_hours = image_cleaner_interval_hours + self.enable_image_cleaner = enable_image_cleaner + self.disable_image_cleaner = disable_image_cleaner + self.image_cleaner_interval_hours = image_cleaner_interval_hours + class TestValidateImageCleanerEnableDiasble(unittest.TestCase): def test_invalid_image_cleaner_enable_disable_not_existing_together(self): @@ -446,9 +488,11 @@ def test_invalid_image_cleaner_enable_disable_not_existing_together(self): err = 'Cannot specify --enable-image-cleaner and --disable-image-cleaner at the same time.' with self.assertRaises(CLIError) as cm: - validators.validate_image_cleaner_enable_disable_mutually_exclusive(namespace) + validators.validate_image_cleaner_enable_disable_mutually_exclusive( + namespace) self.assertEqual(str(cm.exception), err) + class AzureKeyVaultKmsKeyVaultResourceIdNamespace: def __init__(self, azure_keyvault_kms_key_vault_resource_id): @@ -458,16 +502,19 @@ def __init__(self, azure_keyvault_kms_key_vault_resource_id): class TestValidateAzureKeyVaultKmsKeyVaultResourceId(unittest.TestCase): def test_invalid_azure_keyvault_kms_key_vault_resource_id(self): invalid_azure_keyvault_kms_key_vault_resource_id = "invalid" - namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace(azure_keyvault_kms_key_vault_resource_id=invalid_azure_keyvault_kms_key_vault_resource_id) + namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace( + azure_keyvault_kms_key_vault_resource_id=invalid_azure_keyvault_kms_key_vault_resource_id) err = '--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.' with self.assertRaises(InvalidArgumentValueError) as cm: - validators.validate_azure_keyvault_kms_key_vault_resource_id(namespace) + validators.validate_azure_keyvault_kms_key_vault_resource_id( + namespace) self.assertEqual(str(cm.exception), err) def test_valid_azure_keyvault_kms_key_vault_resource_id(self): valid_azure_keyvault_kms_key_vault_resource_id = "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/foo/providers/Microsoft.KeyVault/vaults/foo" - namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace(azure_keyvault_kms_key_vault_resource_id=valid_azure_keyvault_kms_key_vault_resource_id) + namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace( + azure_keyvault_kms_key_vault_resource_id=valid_azure_keyvault_kms_key_vault_resource_id) validators.validate_azure_keyvault_kms_key_vault_resource_id(namespace) @@ -597,46 +644,75 @@ def test_multiple_application_security_groups(self): namespace ) + class MaintenanceWindowNameSpace: def __init__(self, utc_offset=None, start_date=None, start_time=None): self.utc_offset = utc_offset self.start_date = start_date self.start_time = start_time + class TestValidateMaintenanceWindow(unittest.TestCase): - def test_invalid_utc_offset(self): + def test_invalid_utc_offset(self): namespace = MaintenanceWindowNameSpace(utc_offset="5:00") err = '--utc-offset must be in format: "+/-HH:mm". For example, "+05:30" and "-12:00".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_utc_offset(namespace) self.assertEqual(str(cm.exception), err) - - def test_valid_utc_offset(self): + + def test_valid_utc_offset(self): namespace = MaintenanceWindowNameSpace(utc_offset="+05:00") validators.validate_utc_offset(namespace) - def test_invalid_start_date(self): + def test_invalid_start_date(self): namespace = MaintenanceWindowNameSpace(start_date="2023/01/01") err = '--start-date must be in format: "yyyy-MM-dd". For example, "2023-01-01".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_date(namespace) self.assertEqual(str(cm.exception), err) - - def test_valid_start_datet(self): + + def test_valid_start_datet(self): namespace = MaintenanceWindowNameSpace(start_date="2023-01-01") validators.validate_start_date(namespace) - - def test_invalid_start_time(self): + + def test_invalid_start_time(self): namespace = MaintenanceWindowNameSpace(start_time="3am") err = '--start-time must be in format "HH:mm". For example, "09:30" and "17:00".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_time(namespace) self.assertEqual(str(cm.exception), err) - - def test_valid_start_time(self): + + def test_valid_start_time(self): namespace = MaintenanceWindowNameSpace(start_date="00:30") validators.validate_start_time(namespace) +class TestGuardrailsLevel(unittest.TestCase): + def test_invalid_level_off(self): + with self.assertRaises(InvalidArgumentValueError) as cm: + validators.validate_guardrails_level("off") + + def test_invalid_level_warning(self): + with self.assertRaises(InvalidArgumentValueError) as cm: + validators.validate_guardrails_level("warning") + + def test_invalid_level_enforcement(self): + with self.assertRaises(InvalidArgumentValueError) as cm: + validators.validate_guardrails_level("enforcement") + + def test_valid_level_off(self): + validators.validate_guardrails_level("Off") + + def test_valid_level_warning(self): + validators.validate_guardrails_level("Warning") + + def test_valid_level_enforcement(self): + validators.validate_guardrails_level("Enforcement") + + def test_not_found(self): + with self.assertRaises(InvalidArgumentValueError) as cm: + validators.validate_guardrails_level("notfound") + + if __name__ == "__main__": unittest.main() diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index f139cafb58d..890331d11e5 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.131" +VERSION = "0.5.132" CLASSIFIERS = [ "Development Status :: 4 - Beta", From 9b56b8de21beff59d3ded5c8a45848e34738309b Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 24 Apr 2023 14:29:59 -0400 Subject: [PATCH 02/31] Fix lint errors, add to HISTORY.rst --- src/aks-preview/HISTORY.rst | 4 ++++ .../azext_aks_preview/managed_cluster_decorator.py | 7 +++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 797b628c8df..6598cb2f816 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -12,6 +12,10 @@ To release a new version, please select a new version number (usually plus 1 to Pending +++++++ +0.5.132 ++++++++ +* Allow options for specifying guardrails profile arguments + 0.5.131 +++++++ * Allow updating the ssh key value if cluster was created without ssh key diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index b33c22cb3f4..00ba45340c3 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -2313,13 +2313,12 @@ def set_up_auto_upgrade_profile(self, mc: ManagedCluster) -> ManagedCluster: return mc def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: - excludedNamespaces = self.context.get_guardrails_excluded_namespaces() version = self.context.get_guardrails_version() level = self.context.get_guardrails_level() # provided any value? if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile() + mc.guardrails_profile = self.models.GuardrailsProfile() # replace values with provided values if level is not None: mc.guardrails_profile.level = level @@ -2918,7 +2917,7 @@ def update_auto_upgrade_profile(self, mc: ManagedCluster) -> ManagedCluster: mc.auto_upgrade_profile = self.models.ManagedClusterAutoUpgradeProfile() mc.auto_upgrade_profile.node_os_upgrade_channel = node_os_upgrade_channel return mc - + def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: """Update guardrails profile for the ManagedCluster object :return: the ManagedCluster object @@ -2931,7 +2930,7 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: level = self.context.get_guardrails_level() # provided any value? if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile() + mc.guardrails_profile = self.models.GuardrailsProfile() # replace values with provided values if level is not None: mc.guardrails_profile.level = level From f9f0438fca6c919eb7f8a3c8bd1751ebd38f8d1c Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 24 Apr 2023 16:51:33 -0400 Subject: [PATCH 03/31] Fix unit tests again --- src/aks-preview/azext_aks_preview/_params.py | 21 +++++++---- .../azext_aks_preview/_validators.py | 11 ------ .../managed_cluster_decorator.py | 35 +++++++++++-------- .../latest/test_managed_cluster_decorator.py | 21 +++++------ .../tests/latest/test_validators.py | 28 --------------- 5 files changed, 43 insertions(+), 73 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index a7cf912bbc4..473136860ec 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -93,7 +93,7 @@ CONST_WEEKINDEX_LAST, CONST_GUARDRAILSLEVEL_OFF, CONST_GUARDRAILSLEVEL_WARNING, - CONST_GUARDRAILSLEVEL_ENFORCEMENT + CONST_GUARDRAILSLEVEL_ENFORCEMENT, CONST_AZURE_SERVICE_MESH_INGRESS_MODE_EXTERNAL, CONST_AZURE_SERVICE_MESH_INGRESS_MODE_INTERNAL, ) @@ -161,8 +161,7 @@ validate_application_security_groups, validate_utc_offset, validate_start_date, - validate_start_time, - validate_guardrails_level + validate_start_time ) # candidates for enumeration @@ -474,12 +473,13 @@ def load_arguments(self, _): is_preview=True, help="application security groups for agentpool") c.argument('node_public_ip_tags', arg_type=tags_type, validator=validate_node_public_ip_tags, help='space-separated tags: key[=value] [key[=value] ...].') - c.argument('guardrails_level', validator=validate_guardrails_level, arg_type=get_enum_type(guardrails_levels), - help='The guardrails level, one of ["Off", "Warning", "Enforcement"]') + c.argument('guardrails_level', arg_type=get_enum_type(guardrails_levels), + help='The guardrails level, one of ["Off", "Warning", "Enforcement"]', is_preview=True) c.argument('guardrails_version', type=str, - help='The guardrails version') + help='The guardrails version', is_preview=True) c.argument('guardrails_excluded_namespaces', type=str, - help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list') + help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list', + is_preview=True) with self.argument_context('aks update') as c: # managed cluster paramerters @@ -622,6 +622,13 @@ def load_arguments(self, _): c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True, help="path to file containing list of new line separated CAs") + c.argument('guardrails_level', arg_type=get_enum_type(guardrails_levels), + help='The guardrails level, one of ["Off", "Warning", "Enforcement"]', is_preview=True) + c.argument('guardrails_version', type=str, + help='The guardrails version', is_preview=True) + c.argument('guardrails_excluded_namespaces', type=str, + help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list', + is_preview=True) with self.argument_context('aks upgrade') as c: c.argument('kubernetes_version', diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index f9a5fc08761..0c5cae92fd0 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -862,14 +862,3 @@ def validate_start_time(namespace): if not found: raise InvalidArgumentValueError( '--start-time must be in format "HH:mm". For example, "09:30" and "17:00".') - - -def validate_guardrails_level(guardrails_level: str): - """Validates --guardrails-level for aks guardrailsProfile updates""" - if guardrails_level is None: - return - # Allowed 3 values: Off, Warning, Enforcement - - if guardrails_level not in ["Off", "Warning", "Enforcement"]: - raise InvalidArgumentValueError( - '--guardrails-level must be in these values: ["Off", "Warning", "Enforcement"].') diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 53fc9e0dadd..c097575e091 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -161,16 +161,24 @@ def external_functions(self) -> SimpleNamespace: external_functions["get_cluster_snapshot_by_snapshot_id"] = get_cluster_snapshot_by_snapshot_id self.__external_functions = SimpleNamespace(**external_functions) return self.__external_functions - + + def get_guardrails_version(self) -> Union[str, None]: + """Helper function to get guardrails version specified in parameters + :return: str or None + """ + return self.raw_param.get("guardrails_version") def get_guardrails_level(self) -> Union[str, None]: + """Helper function to get guardrails level specified in parameters + :return: str or None + """ return self.raw_param.get("guardrails_level") def get_guardrails_excluded_namespaces(self) -> Union[str, None]: + """Helper function to get guardrails excluded namespaces specified in parameters + :return: str or None + """ return self.raw_param.get("guardrails_excluded_namespaces") - def get_guardails_version(self) -> Union[str, None]: - return self.raw_param.get("guardrails_version") - # pylint: disable=no-self-use def __validate_pod_identity_with_kubenet(self, mc, enable_pod_identity, enable_pod_identity_with_kubenet): @@ -2591,12 +2599,10 @@ def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: level = self.context.get_guardrails_level() # provided any value? if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile() - # replace values with provided values - if level is not None: - mc.guardrails_profile.level = level - if version is not None: - mc.guardrails_profile.version = version + mc.guardrails_profile = self.models.GuardrailsProfile( + level=level, + version=version + ) if excludedNamespaces is not None: mc.guardrails_profile.excluded_namespaces = excludedNamespaces.split(",") return mc @@ -3250,12 +3256,11 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: level = self.context.get_guardrails_level() # provided any value? if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile() + mc.guardrails_profile = self.models.GuardrailsProfile( + level=level, + version=version + ) # replace values with provided values - if level is not None: - mc.guardrails_profile.level = level - if version is not None: - mc.guardrails_profile.version = version if excludedNamespaces is not None: if excludedNamespaces == "[]": mc.guardrails_profile.excluded_namespaces = list() diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 80beea8ec82..b6c26b7be9f 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -109,12 +109,6 @@ def test_models(self): getattr(module, "ManagedClusterPodIdentityException"), ) - # guardrails profile models - self.assertEqual( - models.pod_identity_models.ManagedClusterGuardrailsProfile, - getattr(module, "ManagedClusterGuardrailsProfile"), - ) - class AKSPreviewManagedClusterContextTestCase(unittest.TestCase): def setUp(self): @@ -250,7 +244,8 @@ def test_get_guardrails_level(self): decorator_mode=DecoratorMode.CREATE ) mc2 = self.models.ManagedCluster( - guardrails_profile=self.models.GuardrailsProfile(level="Warning") + location="test_location", + guardrails_profile=self.models.GuardrailsProfile(level="Warning", excluded_namespaces=None, version="") ) ctx2.attach_mc(mc2) self.assertEqual(ctx2.get_guardrails_level(), "Warning") @@ -272,7 +267,8 @@ def test_get_guardrails_version(self): ) mc2 = self.models.ManagedCluster( - guardrails_profile=self.models.GuardrailsProfile(version="v1.0.0") + location="test_location", + guardrails_profile=self.models.GuardrailsProfile(version="v1.0.0", level=None, excluded_namespaces=None) ) ctx2.attach_mc(mc2) self.assertEqual(ctx2.get_guardrails_version(), "v1.0.0") @@ -294,10 +290,11 @@ def test_get_guardrails_excluded_namespaces(self): ) mc2 = self.models.ManagedCluster( - guardrails_profile=self.models.GuardrailsProfile(excluded_namespaces="ns1,ns2") + location="test_location", + guardrails_profile=self.models.GuardrailsProfile(excluded_namespaces=["ns1","ns2"], level=None, version=None) ) ctx2.attach_mc(mc2) - self.assertEqual(ctx2.get_guardrails_excluded_namespaces(), "v1.0.0") + self.assertEqual(ctx2.get_guardrails_excluded_namespaces(), "ns1,ns2") def test_get_kube_proxy_config(self): # default @@ -3368,7 +3365,7 @@ def test_set_up_guardrails_profile(self): dec_1.context.attach_mc(mc_1) dec_mc_1 = dec_1.set_up_guardrails_profile(mc_1) gt_mc_1 = self.models.ManagedCluster(location="test_location") - self.AssertEqual(dec_mc_1,gt_mc_1) + self.assertEqual(dec_mc_1,gt_mc_1) # Make sure GuardrailsProfile is filled out appropriately dec_2 = AKSPreviewManagedClusterCreateDecorator( @@ -3391,7 +3388,7 @@ def test_set_up_guardrails_profile(self): version="v1.0.0", excluded_namespaces=["ns1","ns2"] ) - self.AssertEqual(dec_mc_2,gt_mc_2) + self.assertEqual(dec_mc_2,gt_mc_2) def test_set_up_agentpool_profile(self): dec_1 = AKSPreviewManagedClusterCreateDecorator( diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index 290c7645628..4fa3e766fb5 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -686,33 +686,5 @@ def test_valid_start_time(self): namespace = MaintenanceWindowNameSpace(start_date="00:30") validators.validate_start_time(namespace) - -class TestGuardrailsLevel(unittest.TestCase): - def test_invalid_level_off(self): - with self.assertRaises(InvalidArgumentValueError) as cm: - validators.validate_guardrails_level("off") - - def test_invalid_level_warning(self): - with self.assertRaises(InvalidArgumentValueError) as cm: - validators.validate_guardrails_level("warning") - - def test_invalid_level_enforcement(self): - with self.assertRaises(InvalidArgumentValueError) as cm: - validators.validate_guardrails_level("enforcement") - - def test_valid_level_off(self): - validators.validate_guardrails_level("Off") - - def test_valid_level_warning(self): - validators.validate_guardrails_level("Warning") - - def test_valid_level_enforcement(self): - validators.validate_guardrails_level("Enforcement") - - def test_not_found(self): - with self.assertRaises(InvalidArgumentValueError) as cm: - validators.validate_guardrails_level("notfound") - - if __name__ == "__main__": unittest.main() From bf4b7048ed7c68f9a87480a03693e16a387fed33 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Tue, 25 Apr 2023 12:02:57 -0400 Subject: [PATCH 04/31] Fix lint errors --- src/aks-preview/azext_aks_preview/_help.py | 14 +++++----- src/aks-preview/azext_aks_preview/_params.py | 4 +-- src/aks-preview/azext_aks_preview/custom.py | 4 +-- .../managed_cluster_decorator.py | 28 ++++++++----------- .../latest/test_managed_cluster_decorator.py | 6 ++-- 5 files changed, 25 insertions(+), 31 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index df0f1d9c491..3a5f721c52b 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -531,7 +531,7 @@ - name: --guardrails-version type: string short-summary: The version of Guardrails to use. Default "v1.0.0" Use the ListGuardrailsVersions API to discover available versions - - name: --guardrails-excluded-namespaces + - name: --guardrails-excluded-ns type: string short-summary: Comma-separated list of Kubernetes namespaces to exclude from Guardrails - name: --enable-asm --enable-azure-service-mesh @@ -999,7 +999,7 @@ - name: --guardrails-version type: string short-summary: The version of Guardrails to use. Default "v1.0.0" Use the ListGuardrailsVersions API to discover available versions - - name: --guardrails-excluded-namespaces + - name: --guardrails-excluded-ns type: string short-summary: Comma-separated list of Kubernetes namespaces to exclude from Guardrails. Use "[]" to clear a previously non-empty list examples: @@ -1061,12 +1061,12 @@ text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-windows-gmsa --gmsa-dns-server "10.240.0.4" --gmsa-root-domain-name "contoso.com" - name: Update a existing managed cluster to a managed cluster snapshot. text: az aks update -g MyResourceGroup -n MyManagedCluster --cluster-snapshot-id "/subscriptions/00000/resourceGroups/AnotherResourceGroup/providers/Microsoft.ContainerService/managedclustersnapshots/mysnapshot1" - - name: Update a kubernetes cluster with guardrails set to "Warning" - text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --enable-addons azure-policy - - name: Update a kubernetes cluster with guardrails set to "Warning" and some namespaces excluded - text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --guardrails-excluded-namespaces ns1,ns2 --enable-addons azure-policy + - name: Update a kubernetes cluster with guardrails set to "Warning". Assumes azure policy addon is already enabled + text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning + - name: Update a kubernetes cluster with guardrails set to "Warning" and some namespaces excluded. Assumes azure policy addon is already enabled + text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --guardrails-excluded-ns ns1,ns2 - name: Update a kubernetes cluster to clear any namespaces excluded from guardrails. Assumes azure policy addon is already enabled - text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-excluded-namespaces "[]" + text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-excluded-ns "[]" """ helps['aks kollect'] = """ diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 473136860ec..d8c3d926f7c 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -477,7 +477,7 @@ def load_arguments(self, _): help='The guardrails level, one of ["Off", "Warning", "Enforcement"]', is_preview=True) c.argument('guardrails_version', type=str, help='The guardrails version', is_preview=True) - c.argument('guardrails_excluded_namespaces', type=str, + c.argument('guardrails_excluded_ns', type=str, help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list', is_preview=True) @@ -626,7 +626,7 @@ def load_arguments(self, _): help='The guardrails level, one of ["Off", "Warning", "Enforcement"]', is_preview=True) c.argument('guardrails_version', type=str, help='The guardrails version', is_preview=True) - c.argument('guardrails_excluded_namespaces', type=str, + c.argument('guardrails_excluded_ns', type=str, help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list', is_preview=True) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 3b67c3ac8f4..68da58165c2 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -576,7 +576,7 @@ def aks_create( # guardrails parameters guardrails_level=None, guardrails_version=None, - guardrails_excluded_namespaces=None, + guardrails_excluded_ns=None, # azure service mesh enable_azure_service_mesh=None, ): @@ -735,7 +735,7 @@ def aks_update( # guardrails parameters guardrails_level=None, guardrails_version=None, - guardrails_excluded_namespaces=None, + guardrails_excluded_ns=None, ): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index c097575e091..1b879958763 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -161,23 +161,15 @@ def external_functions(self) -> SimpleNamespace: external_functions["get_cluster_snapshot_by_snapshot_id"] = get_cluster_snapshot_by_snapshot_id self.__external_functions = SimpleNamespace(**external_functions) return self.__external_functions - - def get_guardrails_version(self) -> Union[str, None]: - """Helper function to get guardrails version specified in parameters - :return: str or None - """ - return self.raw_param.get("guardrails_version") + def get_guardrails_level(self) -> Union[str, None]: - """Helper function to get guardrails level specified in parameters - :return: str or None - """ return self.raw_param.get("guardrails_level") def get_guardrails_excluded_namespaces(self) -> Union[str, None]: - """Helper function to get guardrails excluded namespaces specified in parameters - :return: str or None - """ - return self.raw_param.get("guardrails_excluded_namespaces") + return self.raw_param.get("guardrails_excluded_ns") + + def get_guardrails_version(self) -> Union[str, None]: + return self.raw_param.get("guardrails_version") # pylint: disable=no-self-use @@ -2603,6 +2595,7 @@ def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: level=level, version=version ) + # replace values with provided values if excludedNamespaces is not None: mc.guardrails_profile.excluded_namespaces = excludedNamespaces.split(",") return mc @@ -3256,11 +3249,12 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: level = self.context.get_guardrails_level() # provided any value? if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile( - level=level, - version=version - ) + mc.guardrails_profile = self.models.GuardrailsProfile() # replace values with provided values + if level is not None: + mc.guardrails_profile.level = level + if version is not None: + mc.guardrails_profile.version = version if excludedNamespaces is not None: if excludedNamespaces == "[]": mc.guardrails_profile.excluded_namespaces = list() diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index b6c26b7be9f..f429071a8a0 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -276,7 +276,7 @@ def test_get_guardrails_version(self): def test_get_guardrails_excluded_namespaces(self): ctx1 = AKSPreviewManagedClusterContext( self.cmd, - AKSManagedClusterParamDict({"guardrails_excluded_namespaces": None}), + AKSManagedClusterParamDict({"guardrails_excluded_ns": None}), self.models, decorator_mode=DecoratorMode.CREATE ) @@ -284,7 +284,7 @@ def test_get_guardrails_excluded_namespaces(self): ctx2 = AKSPreviewManagedClusterContext( self.cmd, - AKSManagedClusterParamDict({"guardrails_excluded_namespaces": "ns1,ns2"}), + AKSManagedClusterParamDict({"guardrails_excluded_ns": "ns1,ns2"}), self.models, decorator_mode=DecoratorMode.CREATE ) @@ -3374,7 +3374,7 @@ def test_set_up_guardrails_profile(self): { "guardrails_level": "Warning", "guardrails_version": "v1.0.0", - "guardrails_excluded_namespaces": "ns1,ns2" + "guardrails_excluded_ns": "ns1,ns2" }, CUSTOM_MGMT_AKS_PREVIEW ) From 4369974b25d6b8846c0a48f6bd14f004a4164797 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Wed, 26 Apr 2023 10:16:40 -0400 Subject: [PATCH 05/31] Mark test as live only --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 1a8ac151c8e..08714b78389 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1385,6 +1385,7 @@ def test_aks_nodepool_abort(self, resource_group, resource_group_location): self.check('powerState.code', 'Running') ]) + @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_guardrails(self, resource_group, resource_group_location): From 54a2e35a7005aafd38c45cca5f28fd89c22bc2e4 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Wed, 26 Apr 2023 10:44:07 -0400 Subject: [PATCH 06/31] Add additional live_only annotation, fix help --- src/aks-preview/azext_aks_preview/_help.py | 2 +- .../azext_aks_preview/tests/latest/test_aks_commands.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 3a5f721c52b..195770102ab 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -605,7 +605,7 @@ - name: Create a kubernetes cluster with guardrails set to "Warning" text: az aks create -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --enable-addons azure-policy - name: Create a kubernetes cluster with guardrails set to "Warning" and some namespaces excluded - text: az aks create -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --guardrails-excluded-namespaces ns1,ns2 --enable-addons azure-policy + text: az aks create -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --guardrails-excluded-ns ns1,ns2 --enable-addons azure-policy - name: Create a kubernetes cluster with Azure Service Mesh enabled. text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-azure-service-mesh diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 08714b78389..606ee59e525 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1405,6 +1405,7 @@ def test_aks_create_with_guardrails(self, resource_group, resource_group_locatio self.check('properties.guardrailsProfile.version','v1.0.0') ]) + @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_update_with_guardrails(self, resource_group, resource_group_location): From 499ad8e7f612517ef371144ac6b0541fc84dd017 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 1 May 2023 10:29:53 -0400 Subject: [PATCH 07/31] Remove live only annotation, remove exclusions just for running the pipeline --- .../azcli_aks_live_test/configs/ext_matrix_default.json | 4 ---- .../azext_aks_preview/managed_cluster_decorator.py | 5 ++++- .../azext_aks_preview/tests/latest/test_aks_commands.py | 2 -- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json index 87dfaedd3ff..b8e5a0aaee5 100644 --- a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json +++ b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json @@ -20,10 +20,6 @@ "test_aks_enable_addon_with_gitops", "test_aks_disable_addon_gitops" ], - "missing feature registration and no OBO support": [ - "test_aks_update_with_guardrails", - "test_aks_create_with_guardrails" - ], "gpu, no quota": [ "test_aks_nodepool_add_with_gpu_instance_profile" ], diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 1b879958763..214af6d7603 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -3249,7 +3249,10 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: level = self.context.get_guardrails_level() # provided any value? if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile() + mc.guardrails_profile = self.models.GuardrailsProfile( + level=level, + version=version + ) # replace values with provided values if level is not None: mc.guardrails_profile.level = level diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 606ee59e525..1a8ac151c8e 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1385,7 +1385,6 @@ def test_aks_nodepool_abort(self, resource_group, resource_group_location): self.check('powerState.code', 'Running') ]) - @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_guardrails(self, resource_group, resource_group_location): @@ -1405,7 +1404,6 @@ def test_aks_create_with_guardrails(self, resource_group, resource_group_locatio self.check('properties.guardrailsProfile.version','v1.0.0') ]) - @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_update_with_guardrails(self, resource_group, resource_group_location): From 3e0f9e19d21a40d8e203c0992b39cbb2b62bdcbf Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 1 May 2023 13:54:25 -0400 Subject: [PATCH 08/31] Add missing ssh key value --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 1a8ac151c8e..69fab553f72 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1397,7 +1397,7 @@ def test_aks_create_with_guardrails(self, resource_group, resource_group_locatio create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ - '--enable-addons azure-policy' + '--enable-addons azure-policy --ssh-key-value={ssh_key_value} ' self.cmd(create_cmd, checks=[ self.check('properties.provisioningState', 'Succeeded'), self.check('properties.guardrailsProfile.level', 'Warning'), @@ -1421,7 +1421,7 @@ def test_aks_update_with_guardrails(self, resource_group, resource_group_locatio update_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ - '--enable-addons azure-policy' + '--enable-addons azure-policy --ssh-key-value={ssh_key_value} ' self.cmd(update_cmd, checks=[ self.check('properties.provisioningState', 'Succeeded'), From 03b0a201fb4f5b7556989625b7d7a28dce8c6997 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Tue, 2 May 2023 09:38:54 -0400 Subject: [PATCH 09/31] Fixed update command, fixed checks --- .../tests/latest/test_aks_commands.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 69fab553f72..071167e2aae 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1399,9 +1399,9 @@ def test_aks_create_with_guardrails(self, resource_group, resource_group_locatio '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ '--enable-addons azure-policy --ssh-key-value={ssh_key_value} ' self.cmd(create_cmd, checks=[ - self.check('properties.provisioningState', 'Succeeded'), - self.check('properties.guardrailsProfile.level', 'Warning'), - self.check('properties.guardrailsProfile.version','v1.0.0') + self.check('provisioningState', 'Succeeded'), + self.check('guardrailsProfile.level', 'Warning'), + self.check('guardrailsProfile.version','v1.0.0') ]) @AllowLargeResponse() @@ -1414,19 +1414,19 @@ def test_aks_update_with_guardrails(self, resource_group, resource_group_locatio 'ssh_key_value': self.generate_ssh_keys() }) - create_cmd = 'aks create --resource-group={resource_group} --name={name} ' + create_cmd = 'aks create --resource-group={resource_group} --name={name} --ssh-key-value={ssh_key_value} ' self.cmd(create_cmd, checks=[ - self.check('properties.provisioningState', 'Succeeded') + self.check('provisioningState', 'Succeeded') ]) update_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ - '--enable-addons azure-policy --ssh-key-value={ssh_key_value} ' + '--enable-addons azure-policy ' self.cmd(update_cmd, checks=[ - self.check('properties.provisioningState', 'Succeeded'), - self.check('properties.guardrailsProfile.level', 'Warning'), - self.check('properties.guardrailsProfile.version','v1.0.0') + self.check('provisioningState', 'Succeeded'), + self.check('guardrailsProfile.level', 'Warning'), + self.check('guardrailsProfile.version','v1.0.0') ]) @AllowLargeResponse() From 57119bf2e12c33dcdf26764bbc5b3bedba7090bc Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Thu, 4 May 2023 09:45:32 -0400 Subject: [PATCH 10/31] Update test command to enable policy addon in create --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 071167e2aae..206c5879c59 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1414,19 +1414,21 @@ def test_aks_update_with_guardrails(self, resource_group, resource_group_locatio 'ssh_key_value': self.generate_ssh_keys() }) - create_cmd = 'aks create --resource-group={resource_group} --name={name} --ssh-key-value={ssh_key_value} ' + create_cmd = 'aks create --resource-group={resource_group} --name={name} --ssh-key-value={ssh_key_value} ' \ + '--enable-addons azure-policy ' self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded') ]) update_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ - '--enable-addons azure-policy ' + '--guardrails-excluded-ns test-ns1' self.cmd(update_cmd, checks=[ self.check('provisioningState', 'Succeeded'), self.check('guardrailsProfile.level', 'Warning'), - self.check('guardrailsProfile.version','v1.0.0') + self.check('guardrailsProfile.version','v1.0.0'), + self.check('guardrailsProfile.excludedNamespaces[0]','test-ns1') ]) @AllowLargeResponse() From 3f69bbd3e055fb88f0c475ed07dd684b07a6f349 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Thu, 4 May 2023 10:41:49 -0400 Subject: [PATCH 11/31] Add guardrails create scenario recording --- .../test_aks_create_with_guardrails.yaml | 742 ++++++++++++++++++ 1 file changed, 742 insertions(+) create mode 100644 src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml new file mode 100644 index 00000000000..2eaab5f67b4 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml @@ -0,0 +1,742 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: '{"error":{"code":"ResourceNotFound","message":"The Resource ''Microsoft.ContainerService/managedClusters/cliakstest000002'' + under resource group ''clitest000001'' was not found. For more details please + go to https://aka.ms/ARMResourceNotFoundFix"}}' + headers: + cache-control: + - no-cache + content-length: + - '244' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 02 May 2023 14:30:26 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-failure-cause: + - gateway + status: + code: 404 + message: Not Found +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-resource/22.0.0 Python/3.8.10 (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2022-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","test":"test_aks_create_with_guardrails","date":"2023-05-02T14:30:26Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '346' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 02 May 2023 14:30:26 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestjibsiplbd-8ecadf", + "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": + 0, "workloadRuntime": "OCIContainer", "osType": "Linux", "enableAutoScaling": + false, "type": "VirtualMachineScaleSets", "mode": "System", "orchestratorVersion": + "", "upgradeSettings": {}, "enableNodePublicIP": false, "enableCustomCATrust": + false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": + -1.0, "nodeTaints": [], "enableEncryptionAtHost": false, "enableUltraSSD": false, + "enableFIPS": false, "networkProfile": {}, "name": "nodepool1"}], "linuxProfile": + {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDio9cgRdFlsZ3OjstNHRbmi+cm7hbXZfeCc64bXto2/YSDOUQ4XY0BZABEGI82haeSjqm7nDEG2elcbdY9UowMhh6I3eCDuOnAbE7Gvc0LHxdPOoqqp/f5pLWxC1op+M8TmDecBOCSib5Fw897SS8lbJ8Kmbleed5rUcKwFbT2ucrcLjF0qc8gvv3VSpuD1y4hnxXy4ysqFPzGFNU4y/244AL12qQGt6TlcQeb+PvfBlFzh7fNna8HYPLi46hlgkLhI8XVj7WMrYP0TOJLiKh1jX2JdBhqAGPn5/iCVoNprwiQrEEavT9mbjoF0MpMqFZYOa4LPnarERDU8ZX/Oldf + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {"azurepolicy": {"enabled": + true}}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": + {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": + "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false, + "storageProfile": {}, "guardrailsProfile": {"version": "v1.0.0", "level": "Warning"}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1676' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": + \"cliakstest-clitestjibsiplbd-8ecadf\",\n \"fqdn\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.25.6\",\n \"currentOrchestratorVersion\": \"1.25.6\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDio9cgRdFlsZ3OjstNHRbmi+cm7hbXZfeCc64bXto2/YSDOUQ4XY0BZABEGI82haeSjqm7nDEG2elcbdY9UowMhh6I3eCDuOnAbE7Gvc0LHxdPOoqqp/f5pLWxC1op+M8TmDecBOCSib5Fw897SS8lbJ8Kmbleed5rUcKwFbT2ucrcLjF0qc8gvv3VSpuD1y4hnxXy4ysqFPzGFNU4y/244AL12qQGt6TlcQeb+PvfBlFzh7fNna8HYPLi46hlgkLhI8XVj7WMrYP0TOJLiKh1jX2JdBhqAGPn5/iCVoNprwiQrEEavT9mbjoF0MpMqFZYOa4LPnarERDU8ZX/Oldf + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": + {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null\n + \ }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"enableLTS\": + \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"backendPoolType\": + \"nodeIPConfiguration\"\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": + {\n \"diskCSIDriver\": {\n \"enabled\": true,\n \"version\": \"v1\"\n + \ },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": + {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": + false\n },\n \"guardrailsProfile\": {\n \"level\": \"Warning\",\n \"version\": + \"v1.0.0\",\n \"systemExcludedNamespaces\": [\n \"kube-system\",\n + \ \"calico-system\",\n \"tigera-system\",\n \"gatekeeper-system\"\n + \ ]\n },\n \"workloadAutoScalerProfile\": {}\n },\n \"identity\": + {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3821' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:30:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1197' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:30:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:31:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:31:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:32:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:32:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:33:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:33:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:34:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\",\n \"endTime\": + \"2023-05-02T14:34:18.2143813Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:34:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": + \"cliakstest-clitestjibsiplbd-8ecadf\",\n \"fqdn\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.25.6\",\n \"currentOrchestratorVersion\": \"1.25.6\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDio9cgRdFlsZ3OjstNHRbmi+cm7hbXZfeCc64bXto2/YSDOUQ4XY0BZABEGI82haeSjqm7nDEG2elcbdY9UowMhh6I3eCDuOnAbE7Gvc0LHxdPOoqqp/f5pLWxC1op+M8TmDecBOCSib5Fw897SS8lbJ8Kmbleed5rUcKwFbT2ucrcLjF0qc8gvv3VSpuD1y4hnxXy4ysqFPzGFNU4y/244AL12qQGt6TlcQeb+PvfBlFzh7fNna8HYPLi46hlgkLhI8XVj7WMrYP0TOJLiKh1jX2JdBhqAGPn5/iCVoNprwiQrEEavT9mbjoF0MpMqFZYOa4LPnarERDU8ZX/Oldf + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": + {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n + \ \"identity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/azurepolicy-cliakstest000002\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"enableLTS\": + \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/7d176a80-2f28-4c69-9b72-2fda2e555fd4\"\n + \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n + \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n + \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n + \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": + [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"guardrailsProfile\": + {\n \"level\": \"Warning\",\n \"version\": \"v1.0.0\",\n \"systemExcludedNamespaces\": + [\n \"kube-system\",\n \"calico-system\",\n \"tigera-system\",\n + \ \"gatekeeper-system\"\n ]\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '4834' + content-type: + - application/json + date: + - Tue, 02 May 2023 14:34:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 From 5c447ba6c0bc5198786f100433937e23a49d34e1 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Wed, 17 May 2023 10:22:38 -0400 Subject: [PATCH 12/31] Add update recordings --- .../test_aks_update_with_guardrails.yaml | 1246 +++++++++++++++++ 1 file changed, 1246 insertions(+) create mode 100644 src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml new file mode 100644 index 00000000000..c38993f54c5 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml @@ -0,0 +1,1246 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: '{"error":{"code":"ResourceNotFound","message":"The Resource ''Microsoft.ContainerService/managedClusters/cliakstest000002'' + under resource group ''clitest000001'' was not found. For more details please + go to https://aka.ms/ARMResourceNotFoundFix"}}' + headers: + cache-control: + - no-cache + content-length: + - '244' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 16 May 2023 23:13:00 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-failure-cause: + - gateway + status: + code: 404 + message: Not Found +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-resource/22.0.0 Python/3.8.10 (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2022-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","test":"test_aks_update_with_guardrails","date":"2023-05-16T23:12:58Z","module":"aks-preview"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '369' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 16 May 2023 23:13:00 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestaemfx44ko-8ecadf", + "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": + 0, "workloadRuntime": "OCIContainer", "osType": "Linux", "enableAutoScaling": + false, "type": "VirtualMachineScaleSets", "mode": "System", "orchestratorVersion": + "", "upgradeSettings": {}, "enableNodePublicIP": false, "enableCustomCATrust": + false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": + -1.0, "nodeTaints": [], "enableEncryptionAtHost": false, "enableUltraSSD": false, + "enableFIPS": false, "networkProfile": {}, "name": "nodepool1"}], "linuxProfile": + {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {"azurepolicy": {"enabled": + true}}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": + {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": + "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false, + "storageProfile": {}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1612' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": + \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.25.6\",\n \"currentOrchestratorVersion\": \"1.25.6\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": + {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null\n + \ }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"supportPlan\": + \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"backendPoolType\": + \"nodeIPConfiguration\"\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": + {\n \"diskCSIDriver\": {\n \"enabled\": true,\n \"version\": \"v1\"\n + \ },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": + {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": + false\n },\n \"workloadAutoScalerProfile\": {}\n },\n \"identity\": + {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3613' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:13:06 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1197' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:13:07 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:13:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:14:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:14:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:15:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:15:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:16:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:16:39 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\",\n \"endTime\": + \"2023-05-16T23:16:48.0068199Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:17:09 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": + \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.25.6\",\n \"currentOrchestratorVersion\": \"1.25.6\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": + {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n + \ \"identity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/azurepolicy-cliakstest000002\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"supportPlan\": + \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n + \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n + \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n + \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": + [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '4626' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:17:10 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": + \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.25.6\",\n \"currentOrchestratorVersion\": \"1.25.6\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": + {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n + \ \"identity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/azurepolicy-cliakstest000002\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"supportPlan\": + \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n + \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n + \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n + \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": + [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '4626' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:17:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "sku": {"name": "Base", "tier": "Free"}, "identity": + {"type": "SystemAssigned"}, "properties": {"kubernetesVersion": "1.25.6", "dnsPrefix": + "cliakstest-clitestaemfx44ko-8ecadf", "agentPoolProfiles": [{"count": 3, "vmSize": + "Standard_DS2_v2", "osDiskSizeGB": 128, "osDiskType": "Managed", "kubeletDiskType": + "OS", "workloadRuntime": "OCIContainer", "maxPods": 110, "osType": "Linux", + "osSKU": "Ubuntu", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "orchestratorVersion": "1.25.6", "upgradeSettings": {}, "powerState": + {"code": "Running"}, "enableNodePublicIP": false, "enableCustomCATrust": false, + "enableEncryptionAtHost": false, "enableUltraSSD": false, "enableFIPS": false, + "networkProfile": {}, "name": "nodepool1"}], "linuxProfile": {"adminUsername": + "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + azcli_aks_live_test@example.com\n"}]}}, "servicePrincipalProfile": {"clientId":"00000000-0000-0000-0000-000000000001"}, + "addonProfiles": {"azurepolicy": {"enabled": true}}, "oidcIssuerProfile": {"enabled": + false}, "nodeResourceGroup": "MC_clitest000001_cliakstest000002_westus2", "enableRBAC": + true, "supportPlan": "KubernetesOfficial", "enablePodSecurityPolicy": false, + "networkProfile": {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": + "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", + "outboundType": "loadBalancer", "loadBalancerSku": "Standard", "loadBalancerProfile": + {"managedOutboundIPs": {"count": 1, "countIPv6": 0}, "effectiveOutboundIPs": + [{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda"}], + "backendPoolType": "nodeIPConfiguration"}, "podCidrs": ["10.244.0.0/16"], "serviceCidrs": + ["10.0.0.0/16"], "ipFamilies": ["IPv4"]}, "identityProfile": {"kubeletidentity": + {"resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool", + "clientId":"00000000-0000-0000-0000-000000000001", "objectId":"00000000-0000-0000-0000-000000000001"}}, + "disableLocalAccounts": false, "securityProfile": {}, "storageProfile": {}, + "workloadAutoScalerProfile": {}, "guardrailsProfile": {"version": "v1.0.0", + "level": "Warning", "excludedNamespaces": ["test-ns1"]}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + Content-Length: + - '2852' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Updating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": + \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Updating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.25.6\",\n \"currentOrchestratorVersion\": \"1.25.6\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": + {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null\n + \ }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"supportPlan\": + \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n + \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n + \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n + \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": + [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"guardrailsProfile\": + {\n \"level\": \"Warning\",\n \"excludedNamespaces\": [\n \"test-ns1\"\n + \ ],\n \"version\": \"v1.0.0\",\n \"systemExcludedNamespaces\": [\n + \ \"kube-system\",\n \"calico-system\",\n \"tigera-system\",\n + \ \"gatekeeper-system\"\n ]\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '4525' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:17:17 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:17:18 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:17:48 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:18:18 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:18:48 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\",\n \"endTime\": + \"2023-05-16T23:19:01.6933962Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:19:18 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + User-Agent: + - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 + (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": + \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.25.6\",\n \"currentOrchestratorVersion\": \"1.25.6\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": + {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n + \ \"identity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/azurepolicy-cliakstest000002\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"supportPlan\": + \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n + \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n + \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n + \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": + [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"guardrailsProfile\": + {\n \"level\": \"Warning\",\n \"excludedNamespaces\": [\n \"test-ns1\"\n + \ ],\n \"version\": \"v1.0.0\",\n \"systemExcludedNamespaces\": [\n + \ \"kube-system\",\n \"calico-system\",\n \"tigera-system\",\n + \ \"gatekeeper-system\"\n ]\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '4887' + content-type: + - application/json + date: + - Tue, 16 May 2023 23:19:18 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 From 50b3fd520bf1de3a7b6421b2699c83190e98a1b6 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:01:26 -0400 Subject: [PATCH 13/31] Update params, undo some formatting changes --- src/aks-preview/HISTORY.rst | 9 +- src/aks-preview/azext_aks_preview/_params.py | 340 ++++++------------ .../azext_aks_preview/_validators.py | 30 +- src/aks-preview/azext_aks_preview/custom.py | 48 +-- .../managed_cluster_decorator.py | 15 +- 5 files changed, 155 insertions(+), 287 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index cd3e03073af..a729eb99fa8 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -13,6 +13,11 @@ Pending +++++++ * Vendor new SDK and bump API version to 2023-03-02-preview. +0.5.140 ++++++++ +* Allow options for specifying guardrails profile arguments + + 0.5.137 +++++++ * Fix role assignment failure caused by the breaking change of default API version bump of the auth SDK @@ -43,10 +48,6 @@ Pending * Change the short name of option `--source-resource-id` in command `az aks trustedaccess rolebinding create` from `-s` to `-r`. * Add parameter to enable windows recording rules `--enable-windows-recording-rules` for the Azure Monitor Metrics addon -0.5.132 -+++++++ -* Allow options for specifying guardrails profile arguments - 0.5.131 +++++++ * Allow updating the ssh key value if cluster was created without ssh key diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index d8c3d926f7c..a8771db50b1 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -166,10 +166,8 @@ # candidates for enumeration # consts for AgentPool -node_priorities = [CONST_SCALE_SET_PRIORITY_REGULAR, - CONST_SCALE_SET_PRIORITY_SPOT] -node_eviction_policies = [ - CONST_SPOT_EVICTION_POLICY_DELETE, CONST_SPOT_EVICTION_POLICY_DEALLOCATE] +node_priorities = [CONST_SCALE_SET_PRIORITY_REGULAR, CONST_SCALE_SET_PRIORITY_SPOT] +node_eviction_policies = [CONST_SPOT_EVICTION_POLICY_DELETE, CONST_SPOT_EVICTION_POLICY_DEALLOCATE] node_os_disk_types = [CONST_OS_DISK_TYPE_MANAGED, CONST_OS_DISK_TYPE_EPHEMERAL] node_mode_types = [CONST_NODEPOOL_MODE_SYSTEM, CONST_NODEPOOL_MODE_USER] node_os_skus_create = [CONST_OS_SKU_UBUNTU, CONST_OS_SKU_CBLMARINER, CONST_OS_SKU_MARINER] @@ -233,11 +231,9 @@ ] # consts for credential -credential_formats = [CONST_CREDENTIAL_FORMAT_AZURE, - CONST_CREDENTIAL_FORMAT_EXEC] +credential_formats = [CONST_CREDENTIAL_FORMAT_AZURE, CONST_CREDENTIAL_FORMAT_EXEC] -keyvault_network_access_types = [ - CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC, CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE] +keyvault_network_access_types = [CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC, CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE] # consts for guardrails level guardrails_levels = [ @@ -274,15 +270,12 @@ def load_arguments(self, _): c.argument('kubernetes_version', completer=get_k8s_versions_completion_list) c.argument('dns_name_prefix', options_list=['--dns-name-prefix', '-p']) - c.argument('node_osdisk_diskencryptionset_id', options_list=[ - '--node-osdisk-diskencryptionset-id', '-d']) + c.argument('node_osdisk_diskencryptionset_id', options_list=['--node-osdisk-diskencryptionset-id', '-d']) c.argument('disable_local_accounts', action='store_true') c.argument('disable_rbac', action='store_true') c.argument('edge_zone', edge_zone_type) - c.argument('admin_username', options_list=[ - '--admin-username', '-u'], default='azureuser') - c.argument('generate_ssh_keys', action='store_true', - validator=validate_create_parameters) + c.argument('admin_username', options_list=['--admin-username', '-u'], default='azureuser') + c.argument('generate_ssh_keys', action='store_true', validator=validate_create_parameters) c.argument('ssh_key_value', required=False, type=file_type, default=os.path.join('~', '.ssh', 'id_rsa.pub'), completer=FilesCompleter(), validator=validate_ssh_key) c.argument('no_ssh_key', options_list=['--no-ssh-key', '-x']) @@ -290,43 +283,30 @@ def load_arguments(self, _): c.argument('docker_bridge_address') c.argument('pod_cidrs') c.argument('service_cidrs') - c.argument('load_balancer_sku', arg_type=get_enum_type( - load_balancer_skus), validator=validate_load_balancer_sku) + c.argument('load_balancer_sku', arg_type=get_enum_type(load_balancer_skus), validator=validate_load_balancer_sku) c.argument('load_balancer_managed_outbound_ip_count', type=int) - c.argument('load_balancer_outbound_ips', - validator=validate_load_balancer_outbound_ips) - c.argument('load_balancer_outbound_ip_prefixes', - validator=validate_load_balancer_outbound_ip_prefixes) - c.argument('load_balancer_outbound_ports', type=int, - validator=validate_load_balancer_outbound_ports) - c.argument('load_balancer_idle_timeout', type=int, - validator=validate_load_balancer_idle_timeout) - c.argument('load_balancer_backend_pool_type', - validator=validate_load_balancer_backend_pool_type) - c.argument('nrg_lockdown_restriction_level', - arg_type=get_enum_type(nrg_lockdown_restriction_levels)) - c.argument('nat_gateway_managed_outbound_ip_count', type=int, - validator=validate_nat_gateway_managed_outbound_ip_count) - c.argument('nat_gateway_idle_timeout', type=int, - validator=validate_nat_gateway_idle_timeout) + c.argument('load_balancer_outbound_ips', validator=validate_load_balancer_outbound_ips) + c.argument('load_balancer_outbound_ip_prefixes', validator=validate_load_balancer_outbound_ip_prefixes) + c.argument('load_balancer_outbound_ports', type=int, validator=validate_load_balancer_outbound_ports) + c.argument('load_balancer_idle_timeout', type=int, validator=validate_load_balancer_idle_timeout) + c.argument('load_balancer_backend_pool_type', validator=validate_load_balancer_backend_pool_type) + c.argument('nrg_lockdown_restriction_level', arg_type=get_enum_type(nrg_lockdown_restriction_levels)) + c.argument('nat_gateway_managed_outbound_ip_count', type=int, validator=validate_nat_gateway_managed_outbound_ip_count) + c.argument('nat_gateway_idle_timeout', type=int, validator=validate_nat_gateway_idle_timeout) c.argument('outbound_type', arg_type=get_enum_type(outbound_types)) c.argument('network_plugin', arg_type=get_enum_type(network_plugins)) - c.argument('network_plugin_mode', - arg_type=get_enum_type(network_plugin_modes)) + c.argument('network_plugin_mode', arg_type=get_enum_type(network_plugin_modes)) c.argument('network_policy') c.argument('network_dataplane', arg_type=get_enum_type(network_dataplanes)) c.argument('kube_proxy_config') - c.argument('auto_upgrade_channel', - arg_type=get_enum_type(auto_upgrade_channels)) - c.argument('node_os_upgrade_channel', - arg_type=get_enum_type(node_os_upgrade_channels)) + c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels)) + c.argument('node_os_upgrade_channel', arg_type=get_enum_type(node_os_upgrade_channels)) c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"], help="Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.") c.argument('uptime_sla', action='store_true', deprecate_info=c.deprecate(target='--uptime-sla', redirect='--tier', hide=True)) c.argument('tier', arg_type=get_enum_type(sku_tiers), validator=validate_sku_tier) c.argument('fqdn_subdomain') - c.argument('api_server_authorized_ip_ranges', - validator=validate_ip_ranges) + c.argument('api_server_authorized_ip_ranges', validator=validate_ip_ranges) c.argument('enable_private_cluster', action='store_true') c.argument('private_dns_zone') c.argument('disable_public_fqdn', action='store_true') @@ -334,16 +314,12 @@ def load_arguments(self, _): c.argument('client_secret') c.argument('enable_managed_identity', action='store_true') c.argument('assign_identity', validator=validate_assign_identity) - c.argument('assign_kubelet_identity', - validator=validate_assign_kubelet_identity) + c.argument('assign_kubelet_identity', validator=validate_assign_kubelet_identity) c.argument('enable_aad', action='store_true') c.argument('enable_azure_rbac', action='store_true') - c.argument('aad_client_app_id', deprecate_info=c.deprecate( - target='--aad-client-app-id', hide=True)) - c.argument('aad_server_app_id', deprecate_info=c.deprecate( - target='--aad-server-app-id', hide=True)) - c.argument('aad_server_app_secret', deprecate_info=c.deprecate( - target='--aad-server-app-secret', hide=True)) + c.argument('aad_client_app_id', deprecate_info=c.deprecate(target='--aad-client-app-id', hide=True)) + c.argument('aad_server_app_id', deprecate_info=c.deprecate(target='--aad-server-app-id', hide=True)) + c.argument('aad_server_app_secret', deprecate_info=c.deprecate(target='--aad-server-app-secret', hide=True)) c.argument('aad_tenant_id') c.argument('aad_admin_group_object_ids') c.argument('enable_oidc_issuer', action='store_true') @@ -357,30 +333,22 @@ def load_arguments(self, _): c.argument('skip_subnet_role_assignment', action='store_true') c.argument('node_resource_group') c.argument('enable_defender', action='store_true') - c.argument('defender_config', - validator=validate_defender_config_parameter) - c.argument('disk_driver_version', - arg_type=get_enum_type(disk_driver_versions)) + c.argument('defender_config', validator=validate_defender_config_parameter) + c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) c.argument('disable_disk_driver', action='store_true') c.argument('disable_file_driver', action='store_true') c.argument('enable_blob_driver', action='store_true') c.argument('disable_snapshot_controller', action='store_true') c.argument('enable_azure_keyvault_kms', action='store_true') - c.argument('azure_keyvault_kms_key_id', - validator=validate_azure_keyvault_kms_key_id) - c.argument('azure_keyvault_kms_key_vault_network_access', arg_type=get_enum_type( - keyvault_network_access_types), default=CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC) - c.argument('azure_keyvault_kms_key_vault_resource_id', - validator=validate_azure_keyvault_kms_key_vault_resource_id) + c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id) + c.argument('azure_keyvault_kms_key_vault_network_access', arg_type=get_enum_type(keyvault_network_access_types), default=CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC) + c.argument('azure_keyvault_kms_key_vault_resource_id', validator=validate_azure_keyvault_kms_key_vault_resource_id) c.argument('http_proxy_config') # addons - c.argument('enable_addons', options_list=[ - '--enable-addons', '-a'], validator=validate_addons) + c.argument('enable_addons', options_list=['--enable-addons', '-a'], validator=validate_addons) c.argument('workspace_resource_id') - c.argument('enable_msi_auth_for_monitoring', - arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', - arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('aci_subnet_name') c.argument('appgw_name', arg_group='Application Gateway') @@ -408,15 +376,12 @@ def load_arguments(self, _): help='space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.') c.argument('nodepool_labels', nargs='*', validator=validate_nodepool_labels, help='space-separated labels: key[=value] [key[=value] ...]. See https://aka.ms/node-labels for syntax of labels.') - c.argument('node_osdisk_type', - arg_type=get_enum_type(node_os_disk_types)) + c.argument('node_osdisk_type', arg_type=get_enum_type(node_os_disk_types)) c.argument('node_osdisk_size', type=int) c.argument('max_pods', type=int, options_list=['--max-pods', '-m']) c.argument('vm_set_type', validator=validate_vm_set_type) - c.argument('enable_vmss', action='store_true', help='To be deprecated. Use vm_set_type instead.', - deprecate_info=c.deprecate(redirect='--vm-set-type', hide=True)) - c.argument('zones', zones_type, options_list=[ - '--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') + c.argument('enable_vmss', action='store_true', help='To be deprecated. Use vm_set_type instead.', deprecate_info=c.deprecate(redirect='--vm-set-type', hide=True)) + c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') c.argument('ppg') c.argument('enable_encryption_at_host', action='store_true') c.argument('enable_ultra_ssd', action='store_true') @@ -427,8 +392,7 @@ def load_arguments(self, _): c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) # misc - c.argument('yes', options_list=[ - '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') # extensions # managed cluster @@ -436,8 +400,7 @@ def load_arguments(self, _): c.argument('pod_cidrs') c.argument('service_cidrs') c.argument('load_balancer_managed_outbound_ipv6_count', type=int) - c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate( - target='--enable-pod-security-policy', hide=True)) + c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate(target='--enable-pod-security-policy', hide=True)) c.argument('enable_pod_identity', action='store_true') c.argument('enable_pod_identity_with_kubenet', action='store_true') c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) @@ -447,12 +410,9 @@ def load_arguments(self, _): action='store_true', is_preview=True) c.argument('image_cleaner_interval_hours', type=int, is_preview=True) - c.argument('cluster_snapshot_id', - validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('enable_apiserver_vnet_integration', - action='store_true', is_preview=True) - c.argument('apiserver_subnet_id', - validator=validate_apiserver_subnet_id, is_preview=True) + c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) + c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) c.argument('dns_zone_resource_id') c.argument('enable_keda', action='store_true', is_preview=True) c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") @@ -463,45 +423,31 @@ def load_arguments(self, _): c.argument('crg_id', validator=validate_crg_id, is_preview=True) # no validation for aks create because it already only supports Linux. c.argument('message_of_the_day') - c.argument('workload_runtime', arg_type=get_enum_type( - workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) + c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') - c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, - is_preview=True, help="allowed host ports for agentpool") - c.argument('nodepool_asg_ids', validator=validate_application_security_groups, - is_preview=True, help="application security groups for agentpool") + c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True, help="allowed host ports for agentpool") + c.argument('nodepool_asg_ids', validator=validate_application_security_groups, is_preview=True, help="application security groups for agentpool") c.argument('node_public_ip_tags', arg_type=tags_type, validator=validate_node_public_ip_tags, help='space-separated tags: key[=value] [key[=value] ...].') - c.argument('guardrails_level', arg_type=get_enum_type(guardrails_levels), - help='The guardrails level, one of ["Off", "Warning", "Enforcement"]', is_preview=True) + c.argument('guardrails_level', arg_type=get_enum_type(guardrails_levels), is_preview=True) c.argument('guardrails_version', type=str, help='The guardrails version', is_preview=True) - c.argument('guardrails_excluded_ns', type=str, - help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list', - is_preview=True) + c.argument('guardrails_excluded_ns', type=str, is_preview=True) with self.argument_context('aks update') as c: # managed cluster paramerters c.argument('disable_local_accounts', action='store_true') c.argument('enable_local_accounts', action='store_true') c.argument('load_balancer_managed_outbound_ip_count', type=int) - c.argument('load_balancer_outbound_ips', - validator=validate_load_balancer_outbound_ips) - c.argument('load_balancer_outbound_ip_prefixes', - validator=validate_load_balancer_outbound_ip_prefixes) - c.argument('load_balancer_outbound_ports', type=int, - validator=validate_load_balancer_outbound_ports) - c.argument('load_balancer_idle_timeout', type=int, - validator=validate_load_balancer_idle_timeout) - c.argument('load_balancer_backend_pool_type', - validator=validate_load_balancer_backend_pool_type) - c.argument('nrg_lockdown_restriction_level', - arg_type=get_enum_type(nrg_lockdown_restriction_levels)) - c.argument('nat_gateway_managed_outbound_ip_count', type=int, - validator=validate_nat_gateway_managed_outbound_ip_count) - c.argument('nat_gateway_idle_timeout', type=int, - validator=validate_nat_gateway_idle_timeout) + c.argument('load_balancer_outbound_ips', validator=validate_load_balancer_outbound_ips) + c.argument('load_balancer_outbound_ip_prefixes', validator=validate_load_balancer_outbound_ip_prefixes) + c.argument('load_balancer_outbound_ports', type=int, validator=validate_load_balancer_outbound_ports) + c.argument('load_balancer_idle_timeout', type=int, validator=validate_load_balancer_idle_timeout) + c.argument('load_balancer_backend_pool_type', validator=validate_load_balancer_backend_pool_type) + c.argument('nrg_lockdown_restriction_level', arg_type=get_enum_type(nrg_lockdown_restriction_levels)) + c.argument('nat_gateway_managed_outbound_ip_count', type=int, validator=validate_nat_gateway_managed_outbound_ip_count) + c.argument('nat_gateway_idle_timeout', type=int, validator=validate_nat_gateway_idle_timeout) c.argument('kube_proxy_config') c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels)) c.argument('node_os_upgrade_channel', arg_type=get_enum_type(node_os_upgrade_channels)) @@ -517,8 +463,7 @@ def load_arguments(self, _): c.argument('disable_public_fqdn', action='store_true') c.argument('enable_managed_identity', action='store_true') c.argument('assign_identity', validator=validate_assign_identity) - c.argument('assign_kubelet_identity', - validator=validate_assign_kubelet_identity) + c.argument('assign_kubelet_identity', validator=validate_assign_kubelet_identity) c.argument('enable_aad', action='store_true') c.argument('enable_azure_rbac', action='store_true') c.argument('disable_azure_rbac', action='store_true') @@ -533,14 +478,11 @@ def load_arguments(self, _): c.argument('gmsa_root_domain_name') c.argument('attach_acr', acr_arg_type, validator=validate_acr) c.argument('detach_acr', acr_arg_type, validator=validate_acr) - c.argument('disable_defender', action='store_true', - validator=validate_defender_disable_and_enable_parameters) + c.argument('disable_defender', action='store_true', validator=validate_defender_disable_and_enable_parameters) c.argument('enable_defender', action='store_true') - c.argument('defender_config', - validator=validate_defender_config_parameter) + c.argument('defender_config', validator=validate_defender_config_parameter) c.argument('enable_disk_driver', action='store_true') - c.argument('disk_driver_version', - arg_type=get_enum_type(disk_driver_versions)) + c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) c.argument('disable_disk_driver', action='store_true') c.argument('enable_file_driver', action='store_true') c.argument('disable_file_driver', action='store_true') @@ -550,12 +492,9 @@ def load_arguments(self, _): c.argument('disable_snapshot_controller', action='store_true') c.argument('enable_azure_keyvault_kms', action='store_true') c.argument('disable_azure_keyvault_kms', action='store_true') - c.argument('azure_keyvault_kms_key_id', - validator=validate_azure_keyvault_kms_key_id) - c.argument('azure_keyvault_kms_key_vault_network_access', - arg_type=get_enum_type(keyvault_network_access_types)) - c.argument('azure_keyvault_kms_key_vault_resource_id', - validator=validate_azure_keyvault_kms_key_vault_resource_id) + c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id) + c.argument('azure_keyvault_kms_key_vault_network_access', arg_type=get_enum_type(keyvault_network_access_types)) + c.argument('azure_keyvault_kms_key_vault_resource_id', validator=validate_azure_keyvault_kms_key_vault_resource_id) c.argument('http_proxy_config') # addons c.argument('enable_secret_rotation', action='store_true') @@ -573,28 +512,21 @@ def load_arguments(self, _): c.argument('nodepool_labels', nargs='*', validator=validate_nodepool_labels, help='space-separated labels: key[=value] [key[=value] ...]. See https://aka.ms/node-labels for syntax of labels.') # misc - c.argument('yes', options_list=[ - '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') # extensions # managed cluster - c.argument('ssh_key_value', type=file_type, completer=FilesCompleter( - ), validator=validate_ssh_key_for_update) + c.argument('ssh_key_value', type=file_type, completer=FilesCompleter(), validator=validate_ssh_key_for_update) c.argument('load_balancer_managed_outbound_ipv6_count', type=int) c.argument('outbound_type', arg_type=get_enum_type(outbound_types)) - c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate( - target='--enable-pod-security-policy', hide=True)) - c.argument('disable_pod_security_policy', - action='store_true', is_preview=True) + c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate(target='--enable-pod-security-policy', hide=True)) + c.argument('disable_pod_security_policy',action='store_true', is_preview=True) c.argument('enable_pod_identity', action='store_true') c.argument('enable_pod_identity_with_kubenet', action='store_true') c.argument('disable_pod_identity', action='store_true') - c.argument('enable_workload_identity', - arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_image_cleaner', - action='store_true', is_preview=True) - c.argument('disable_image_cleaner', action='store_true', - validator=validate_image_cleaner_enable_disable_mutually_exclusive, is_preview=True) + c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_image_cleaner', action='store_true', is_preview=True) + c.argument('disable_image_cleaner', action='store_true', validator=validate_image_cleaner_enable_disable_mutually_exclusive, is_preview=True) c.argument('image_cleaner_interval_hours', type=int, is_preview=True) c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) @@ -602,14 +534,10 @@ def load_arguments(self, _): validator=validate_apiserver_subnet_id, is_preview=True) c.argument('enable_keda', action='store_true', is_preview=True) c.argument('disable_keda', action='store_true', is_preview=True) - c.argument('enable_node_restriction', action='store_true', - is_preview=True, help="enable node restriction for cluster") - c.argument('disable_node_restriction', action='store_true', - is_preview=True, help="disable node restriction for cluster") - c.argument('enable_private_cluster', action='store_true', is_preview=True, - help='enable private cluster for apiserver vnet integration') - c.argument('disable_private_cluster', action='store_true', is_preview=True, - help='disable private cluster for apiserver vnet integration') + c.argument('enable_node_restriction', action='store_true', is_preview=True, help="enable node restriction for cluster") + c.argument('disable_node_restriction', action='store_true', is_preview=True, help="disable node restriction for cluster") + c.argument('enable_private_cluster', action='store_true', is_preview=True, help='enable private cluster for apiserver vnet integration') + c.argument('disable_private_cluster', action='store_true', is_preview=True, help='disable private cluster for apiserver vnet integration') c.argument('private_dns_zone', is_preview=True) c.argument('enable_azuremonitormetrics', action='store_true', is_preview=True) c.argument('azure_monitor_workspace_resource_id', validator=validate_azuremonitorworkspaceresourceid, is_preview=True) @@ -622,41 +550,30 @@ def load_arguments(self, _): c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True, help="path to file containing list of new line separated CAs") - c.argument('guardrails_level', arg_type=get_enum_type(guardrails_levels), - help='The guardrails level, one of ["Off", "Warning", "Enforcement"]', is_preview=True) - c.argument('guardrails_version', type=str, + c.argument('guardrails_level', arg_type=get_enum_type(guardrails_levels), is_preview=True) + c.argument('guardrails_version', help='The guardrails version', is_preview=True) - c.argument('guardrails_excluded_ns', type=str, - help='The list of namespaces to exclude in guardrails. Must be in the format "ns1,ns2". Use "[]" to clear the list', - is_preview=True) + c.argument('guardrails_excluded_ns', is_preview=True) with self.argument_context('aks upgrade') as c: - c.argument('kubernetes_version', - completer=get_k8s_upgrades_completion_list) - c.argument('cluster_snapshot_id', - validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('yes', options_list=[ - '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) + c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') with self.argument_context('aks scale') as c: - c.argument('nodepool_name', help='Node pool name, upto 12 alphanumeric characters', - validator=validate_nodepool_name) + c.argument('nodepool_name', help='Node pool name, upto 12 alphanumeric characters', validator=validate_nodepool_name) with self.argument_context('aks nodepool') as c: c.argument('cluster_name', help='The cluster name.') - c.argument('nodepool_name', options_list=[ - '--nodepool-name', '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') + c.argument('nodepool_name', options_list=['--nodepool-name', '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') with self.argument_context('aks nodepool wait') as c: - c.argument('resource_name', options_list=[ - '--cluster-name'], help='The cluster name.') + c.argument('resource_name', options_list=['--cluster-name'], help='The cluster name.') # the option name '--agent-pool-name' is depracated, left for compatibility only - c.argument('agent_pool_name', options_list=['--nodepool-name', '--name', '-n', c.deprecate( - target='--agent-pool-name', redirect='--nodepool-name', hide=True)], validator=validate_agent_pool_name, help='The node pool name.') + c.argument('agent_pool_name', options_list=['--nodepool-name', '--name', '-n', c.deprecate(target='--agent-pool-name', redirect='--nodepool-name', hide=True)], validator=validate_agent_pool_name, help='The node pool name.') with self.argument_context('aks nodepool add') as c: - c.argument('node_vm_size', options_list=[ - '--node-vm-size', '-s'], completer=get_vm_size_completion_list) + c.argument('node_vm_size', options_list=['--node-vm-size', '-s'], completer=get_vm_size_completion_list) c.argument('os_type') c.argument('os_sku', arg_type=get_enum_type(node_os_skus)) c.argument('snapshot_id', validator=validate_snapshot_id) @@ -664,28 +581,22 @@ def load_arguments(self, _): c.argument('pod_subnet_id', validator=validate_pod_subnet_id) c.argument('enable_node_public_ip', action='store_true') c.argument('node_public_ip_prefix_id') - c.argument('enable_cluster_autoscaler', options_list=[ - "--enable-cluster-autoscaler", "-e"], action='store_true') + c.argument('enable_cluster_autoscaler', options_list=["--enable-cluster-autoscaler", "-e"], action='store_true') c.argument('min_count', type=int, validator=validate_nodes_count) c.argument('max_count', type=int, validator=validate_nodes_count) - c.argument('priority', arg_type=get_enum_type( - node_priorities), validator=validate_priority) - c.argument('eviction_policy', arg_type=get_enum_type( - node_eviction_policies), validator=validate_eviction_policy) - c.argument('spot_max_price', type=float, - validator=validate_spot_max_price) + c.argument('priority', arg_type=get_enum_type(node_priorities), validator=validate_priority) + c.argument('eviction_policy', arg_type=get_enum_type(node_eviction_policies), validator=validate_eviction_policy) + c.argument('spot_max_price', type=float, validator=validate_spot_max_price) c.argument('labels', nargs='*', validator=validate_nodepool_labels) c.argument('tags', tags_type) c.argument('node_taints', validator=validate_taints) - c.argument('node_osdisk_type', - arg_type=get_enum_type(node_os_disk_types)) + c.argument('node_osdisk_type', arg_type=get_enum_type(node_os_disk_types)) c.argument('node_osdisk_size', type=int) c.argument('max_surge', validator=validate_max_surge) c.argument('mode', arg_type=get_enum_type(node_mode_types)) c.argument('scale_down_mode', arg_type=get_enum_type(scale_down_modes)) c.argument('max_pods', type=int, options_list=['--max-pods', '-m']) - c.argument('zones', zones_type, options_list=[ - '--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') + c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') c.argument('ppg') c.argument('enable_encryption_at_host', action='store_true') c.argument('enable_ultra_ssd', action='store_true') @@ -693,23 +604,17 @@ def load_arguments(self, _): c.argument('kubelet_config') c.argument('linux_os_config') c.argument('host_group_id', validator=validate_host_group_id) - c.argument('gpu_instance_profile', - arg_type=get_enum_type(gpu_instance_profiles)) + c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) # misc c.argument('aks_custom_headers') # extensions c.argument('crg_id', validator=validate_crg_id, is_preview=True) c.argument('message_of_the_day', validator=validate_message_of_the_day) - c.argument('workload_runtime', arg_type=get_enum_type( - workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) - c.argument('enable_custom_ca_trust', action='store_true', - validator=validate_enable_custom_ca_trust) - c.argument('disable_windows_outbound_nat', action='store_true', - validator=validate_disable_windows_outbound_nat) - c.argument('allowed_host_ports', - validator=validate_allowed_host_ports, is_preview=True) - c.argument( - 'asg_ids', validator=validate_application_security_groups, is_preview=True) + c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) + c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust) + c.argument('disable_windows_outbound_nat', action='store_true', validator=validate_disable_windows_outbound_nat) + c.argument('allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True) + c.argument('asg_ids', validator=validate_application_security_groups, is_preview=True) c.argument('node_public_ip_tags', arg_type=tags_type, validator=validate_node_public_ip_tags, help='space-separated tags: key[=value] [key[=value] ...].') @@ -729,20 +634,15 @@ def load_arguments(self, _): c.argument('mode', arg_type=get_enum_type(node_mode_types)) c.argument('scale_down_mode', arg_type=get_enum_type(scale_down_modes)) # extensions - c.argument('enable_custom_ca_trust', action='store_true', - validator=validate_enable_custom_ca_trust) - c.argument('disable_custom_ca_trust', options_list=[ - '--disable-custom-ca-trust', '--dcat'], action='store_true') - c.argument('allowed_host_ports', - validator=validate_allowed_host_ports, is_preview=True) - c.argument( - 'asg_ids', validator=validate_application_security_groups, is_preview=True) + c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust) + c.argument('disable_custom_ca_trust', options_list=['--disable-custom-ca-trust', '--dcat'], action='store_true') + c.argument('allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True) + c.argument('asg_ids', validator=validate_application_security_groups, is_preview=True) with self.argument_context('aks nodepool upgrade') as c: c.argument('max_surge', validator=validate_max_surge) c.argument('snapshot_id', validator=validate_snapshot_id) - c.argument('yes', options_list=[ - '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') with self.argument_context('aks nodepool delete') as c: @@ -758,22 +658,15 @@ def load_arguments(self, _): c.argument('config_name', options_list=[ '--name', '-n'], help='The config name.') c.argument('config_file', help='The config json file.') - c.argument( - 'weekday', help='Weekday on which maintenance can happen. e.g. Monday') - c.argument('start_hour', type=int, - help='Maintenance start hour of 1 hour window on the weekday. e.g. 1 means 1:00am - 2:00am') + c.argument('weekday', help='Weekday on which maintenance can happen. e.g. Monday') + c.argument('start_hour', type=int, help='Maintenance start hour of 1 hour window on the weekday. e.g. 1 means 1:00am - 2:00am') c.argument('schedule_type', arg_type=get_enum_type(schedule_types), help='Schedule type for non-default maintenance configuration.') - c.argument('interval_days', type=int, - help='The number of days between each set of occurrences for Daily schedule.') - c.argument('interval_weeks', type=int, - help='The number of weeks between each set of occurrences for Weekly schedule.') - c.argument('interval_months', type=int, - help='The number of months between each set of occurrences for AbsoluteMonthly or RelativeMonthly schedule.') - c.argument( - 'day_of_week', help='Specify on which day of the week the maintenance occurs for Weekly or RelativeMonthly schedule.') - c.argument( - 'day_of_month', help='Specify on which date of the month the maintenance occurs for AbsoluteMonthly schedule.') + c.argument('interval_days', type=int, help='The number of days between each set of occurrences for Daily schedule.') + c.argument('interval_weeks', type=int, help='The number of weeks between each set of occurrences for Weekly schedule.') + c.argument('interval_months', type=int, help='The number of months between each set of occurrences for AbsoluteMonthly or RelativeMonthly schedule.') + c.argument('day_of_week', help='Specify on which day of the week the maintenance occurs for Weekly or RelativeMonthly schedule.') + c.argument('day_of_month', help='Specify on which date of the month the maintenance occurs for AbsoluteMonthly schedule.') c.argument('week_index', arg_type=get_enum_type(week_indexes), help='Specify on which instance of the weekday specified in --day-of-week the maintenance occurs for RelativeMonthly schedule.') c.argument('duration_hours', options_list=['--duration'], type=int, @@ -817,8 +710,7 @@ def load_arguments(self, _): c.argument('workspace_resource_id') c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', - arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('dns-zone-resource-id') @@ -855,12 +747,10 @@ def load_arguments(self, _): c.argument('dns-zone-resource-id') with self.argument_context('aks disable-addons') as c: - c.argument('addons', options_list=[ - '--addons', '-a'], validator=validate_addons) + c.argument('addons', options_list=['--addons', '-a'], validator=validate_addons) with self.argument_context('aks enable-addons') as c: - c.argument('addons', options_list=[ - '--addons', '-a'], validator=validate_addons) + c.argument('addons', options_list=['--addons', '-a'], validator=validate_addons) c.argument('subnet_name', options_list=['--subnet-name', '-s']) c.argument('enable_sgxquotehelper', action='store_true') c.argument('osm_mesh_name') @@ -874,10 +764,8 @@ def load_arguments(self, _): c.argument('enable_secret_rotation', action='store_true') c.argument('rotation_poll_interval') c.argument('workspace_resource_id') - c.argument('enable_msi_auth_for_monitoring', - arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', - arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('dns-zone-resource-id') @@ -890,8 +778,7 @@ def load_arguments(self, _): c.argument('path', options_list=['--file', '-f'], type=file_type, completer=FilesCompleter(), default=os.path.join(os.path.expanduser('~'), '.kube', 'config')) c.argument('public_fqdn', default=False, action='store_true') - c.argument('credential_format', options_list=[ - '--format'], arg_type=get_enum_type(credential_formats)) + c.argument('credential_format', options_list=['--format'], arg_type=get_enum_type(credential_formats)) with self.argument_context('aks pod-identity') as c: c.argument('cluster_name', help='The cluster name.') @@ -991,8 +878,7 @@ def load_arguments(self, _): c.argument('source_resource_id', options_list=['--source-resource-id', '-r', c.deprecate(target='-s', redirect='--source-resource-id', hide=True)], help='The source resource id of the binding') with self.argument_context('aks trustedaccess rolebinding update') as c: - c.argument( - 'roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...') + c.argument('roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...') with self.argument_context('aks mesh enable-ingress-gateway') as c: c.argument('ingress_gateway_type', diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index 0c5cae92fd0..f36e8fe4ae3 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -78,8 +78,7 @@ def validate_ssh_key_for_update(namespace): with open(string_or_file, 'r') as f: content = f.read() elif not keys.is_valid_ssh_rsa_public_key(content): - raise InvalidArgumentValueError( - 'An RSA key file or key value must be supplied to SSH Key Value') + raise InvalidArgumentValueError('An RSA key file or key value must be supplied to SSH Key Value') namespace.ssh_key_value = content @@ -166,11 +165,9 @@ def _validate_nodepool_name(nodepool_name): """Validates a nodepool name to be at most 12 characters, alphanumeric only.""" if nodepool_name != "": if len(nodepool_name) > 12: - raise InvalidArgumentValueError( - '--nodepool-name can contain at most 12 characters') + raise InvalidArgumentValueError('--nodepool-name can contain at most 12 characters') if not nodepool_name.isalnum(): - raise InvalidArgumentValueError( - '--nodepool-name should contain only alphanumeric characters') + raise InvalidArgumentValueError('--nodepool-name should contain only alphanumeric characters') def validate_nodepool_name(namespace): @@ -658,8 +655,7 @@ def validate_azure_keyvault_kms_key_vault_resource_id(namespace): return from msrestazure.tools import is_valid_resource_id if not is_valid_resource_id(key_vault_resource_id): - raise InvalidArgumentValueError( - "--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.") + raise InvalidArgumentValueError("--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.") def validate_image_cleaner_enable_disable_mutually_exclusive(namespace): @@ -703,8 +699,7 @@ def validate_defender_config_parameter(namespace): def validate_defender_disable_and_enable_parameters(namespace): if namespace.disable_defender and namespace.enable_defender: - raise ArgumentUsageError( - 'Providing both --disable-defender and --enable-defender flags is invalid') + raise ArgumentUsageError('Providing both --disable-defender and --enable-defender flags is invalid') def sanitize_resource_id(resource_id): @@ -722,8 +717,7 @@ def validate_azuremonitorworkspaceresourceid(namespace): return resource_id = sanitize_resource_id(resource_id) if (bool(re.match(r'/subscriptions/.*/resourcegroups/.*/providers/microsoft.monitor/accounts/.*', resource_id))) is False: - raise ArgumentUsageError( - "--azure-monitor-workspace-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.monitor/accounts/`") + raise ArgumentUsageError("--azure-monitor-workspace-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.monitor/accounts/`") def validate_grafanaresourceid(namespace): @@ -732,8 +726,7 @@ def validate_grafanaresourceid(namespace): return resource_id = sanitize_resource_id(resource_id) if (bool(re.match(r'/subscriptions/.*/resourcegroups/.*/providers/microsoft.dashboard/grafana/.*', resource_id))) is False: - raise ArgumentUsageError( - "--grafana-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.dashboard/grafana/`") + raise ArgumentUsageError("--grafana-resource-id not in the correct format. It should match `/subscriptions//resourceGroups//providers/microsoft.dashboard/grafana/`") def validate_ksm_parameter(ksmparam): @@ -827,8 +820,7 @@ def validate_application_security_groups(namespace): from msrestazure.tools import is_valid_resource_id for asg in asg_ids.split(","): if not is_valid_resource_id(asg): - raise InvalidArgumentValueError( - asg + " is not a valid Azure resource ID.") + raise InvalidArgumentValueError(asg + " is not a valid Azure resource ID.") def validate_utc_offset(namespace): @@ -838,8 +830,7 @@ def validate_utc_offset(namespace): utc_offset_regex = re.compile(r'^[+-]\d{2}:\d{2}$') found = utc_offset_regex.findall(namespace.utc_offset) if not found: - raise InvalidArgumentValueError( - '--utc-offset must be in format: "+/-HH:mm". For example, "+05:30" and "-12:00".') + raise InvalidArgumentValueError('--utc-offset must be in format: "+/-HH:mm". For example, "+05:30" and "-12:00".') def validate_start_date(namespace): @@ -849,8 +840,7 @@ def validate_start_date(namespace): start_dt_regex = re.compile(r'^\d{4}-\d{2}-\d{2}$') found = start_dt_regex.findall(namespace.start_date) if not found: - raise InvalidArgumentValueError( - '--start-date must be in format: "yyyy-MM-dd". For example, "2023-01-01".') + raise InvalidArgumentValueError('--start-date must be in format: "yyyy-MM-dd". For example, "2023-01-01".') def validate_start_time(namespace): diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 68da58165c2..219d4ab7f69 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -820,8 +820,7 @@ def aks_get_credentials(cmd, # pylint: disable=unused-argument if credential_format: credential_format = credential_format.lower() if admin: - raise InvalidArgumentValueError( - "--format can only be specified when requesting clusterUser credential.") + raise InvalidArgumentValueError("--format can only be specified when requesting clusterUser credential.") if admin: credentialResults = client.list_cluster_admin_credentials( resource_group_name, name, serverType) @@ -928,8 +927,7 @@ def aks_upgrade(cmd, # pylint: disable=unused-argument, too-many-return-state instance.creation_data = CreationData( source_resource_id=cluster_snapshot_id ) - mcsnapshot = get_cluster_snapshot_by_snapshot_id( - cmd.cli_ctx, cluster_snapshot_id) + mcsnapshot = get_cluster_snapshot_by_snapshot_id(cmd.cli_ctx, cluster_snapshot_id) kubernetes_version = mcsnapshot.managed_cluster_properties_read_only.kubernetes_version if instance.kubernetes_version == kubernetes_version: @@ -1195,8 +1193,7 @@ def aks_agentpool_upgrade(cmd, creationData = None if snapshot_id: - snapshot = get_nodepool_snapshot_by_snapshot_id( - cmd.cli_ctx, snapshot_id) + snapshot = get_nodepool_snapshot_by_snapshot_id(cmd.cli_ctx, snapshot_id) if not kubernetes_version and not node_image_only: kubernetes_version = snapshot.kubernetes_version @@ -1209,11 +1206,9 @@ def aks_agentpool_upgrade(cmd, if kubernetes_version != '' or instance.orchestrator_version == kubernetes_version: msg = "The new kubernetes version is the same as the current kubernetes version." if instance.provisioning_state == "Succeeded": - msg = "The cluster is already on version {} and is not in a failed state. No operations will occur when upgrading to the same version if the cluster is not in a failed state.".format( - instance.orchestrator_version) + msg = "The cluster is already on version {} and is not in a failed state. No operations will occur when upgrading to the same version if the cluster is not in a failed state.".format(instance.orchestrator_version) elif instance.provisioning_state == "Failed": - msg = "Cluster currently in failed state. Proceeding with upgrade to existing version {} to attempt resolution of failed cluster state.".format( - instance.orchestrator_version) + msg = "Cluster currently in failed state. Proceeding with upgrade to existing version {} to attempt resolution of failed cluster state.".format(instance.orchestrator_version) if not yes and not prompt_y_n(msg): return None @@ -1379,8 +1374,7 @@ def aks_operation_abort(cmd, # pylint: disable=unused-argument instance = client.get(resource_group_name, name) power_state = PowerState(code="Running") if instance is None: - raise InvalidArgumentValueError( - "Cluster {} doesnt exist, use 'aks list' to get current cluster list".format(name)) + raise InvalidArgumentValueError("Cluster {} doesnt exist, use 'aks list' to get current cluster list".format(name)) instance.power_state = power_state headers = get_aks_custom_headers(aks_custom_headers) return sdk_no_wait(no_wait, client.begin_abort_latest_operation, resource_group_name, name, headers=headers) @@ -1490,13 +1484,11 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re if addon == "web_application_routing": if (instance.ingress_profile is None) or (instance.ingress_profile.web_app_routing is None) or not instance.ingress_profile.web_app_routing.enabled: - raise InvalidArgumentValueError( - f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') else: addon_key = ADDONS[addon] if not addon_profiles or addon_key not in addon_profiles or not addon_profiles[addon_key].enabled: - raise InvalidArgumentValueError( - f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') return enable_addons(cmd, client, resource_group_name, name, addon, check_enabled=False, workspace_resource_id=workspace_resource_id, @@ -1594,8 +1586,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_ raise ArgumentUsageError( "--enable-syslog can not be used without MSI auth.") if data_collection_settings is not None: - raise ArgumentUsageError( - "--data-collection-settings can not be used without MSI auth.") + raise ArgumentUsageError("--data-collection-settings can not be used without MSI auth.") ensure_container_insights_for_monitoring( cmd, instance.addon_profiles[CONST_MONITORING_ADDON_NAME], @@ -1861,8 +1852,7 @@ def aks_draft_create(destination='.', dockerfile_only=None, deployment_only=None, path=None): - aks_draft_cmd_create(destination, app, language, - create_config, dockerfile_only, deployment_only, path) + aks_draft_cmd_create(destination, app, language, create_config, dockerfile_only, deployment_only, path) def aks_draft_setup_gh(app=None, @@ -1871,8 +1861,7 @@ def aks_draft_setup_gh(app=None, provider="azure", gh_repo=None, path=None): - aks_draft_cmd_setup_gh(app, subscription_id, - resource_group, provider, gh_repo, path) + aks_draft_cmd_setup_gh(app, subscription_id, resource_group, provider, gh_repo, path) def aks_draft_generate_workflow(cluster_name=None, @@ -2325,18 +2314,15 @@ def aks_trustedaccess_role_binding_create(cmd, client, resource_group_name, clus ) existedBinding = None try: - existedBinding = client.get( - resource_group_name, cluster_name, role_binding_name) + existedBinding = client.get(resource_group_name, cluster_name, role_binding_name) except ResourceNotFoundError: pass if existedBinding: - raise Exception("TrustedAccess RoleBinding " + role_binding_name + - " already existed, please use 'az aks trustedaccess rolebinding update' command to update!") + raise Exception("TrustedAccess RoleBinding " + role_binding_name + " already existed, please use 'az aks trustedaccess rolebinding update' command to update!") roleList = roles.split(',') - roleBinding = TrustedAccessRoleBinding( - source_resource_id=source_resource_id, roles=roleList) + roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roleList) return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding) @@ -2346,12 +2332,10 @@ def aks_trustedaccess_role_binding_update(cmd, client, resource_group_name, clus resource_type=CUSTOM_MGMT_AKS_PREVIEW, operation_group="trusted_access_role_bindings", ) - existedBinding = client.get( - resource_group_name, cluster_name, role_binding_name) + existedBinding = client.get(resource_group_name, cluster_name, role_binding_name) roleList = roles.split(',') - roleBinding = TrustedAccessRoleBinding( - source_resource_id=existedBinding.source_resource_id, roles=roleList) + roleBinding = TrustedAccessRoleBinding(source_resource_id=existedBinding.source_resource_id, roles=roleList) return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 214af6d7603..9cc2982e41b 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -2597,7 +2597,11 @@ def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: ) # replace values with provided values if excludedNamespaces is not None: - mc.guardrails_profile.excluded_namespaces = excludedNamespaces.split(",") + # split and trim the provided namespaces + exclNsList = excludedNamespaces.split(",") + for i in range(len(exclNsList)): + exclNsList[i] = exclNsList[i].strip() + mc.guardrails_profile.excluded_namespaces = exclNsList return mc def set_up_azure_service_mesh_profile(self, mc: ManagedCluster) -> ManagedCluster: @@ -3259,11 +3263,14 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: if version is not None: mc.guardrails_profile.version = version if excludedNamespaces is not None: - if excludedNamespaces == "[]": + if excludedNamespaces == "": mc.guardrails_profile.excluded_namespaces = list() else: - mc.guardrails_profile.excluded_namespaces = excludedNamespaces.split( - ",") + # split and trim the provided namespaces + exclNsList = excludedNamespaces.split(",") + for i in range(len(exclNsList)): + exclNsList[i] = exclNsList[i].strip() + mc.guardrails_profile.excluded_namespaces = exclNsList return mc def update_azure_service_mesh_profile(self, mc: ManagedCluster) -> ManagedCluster: From 49f77b735dcdf50dc48c12ef69840e95d99a82f5 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:04:10 -0400 Subject: [PATCH 14/31] Fixed help message --- src/aks-preview/azext_aks_preview/_help.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index c6462b74d07..7290d473a8d 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -1021,7 +1021,7 @@ short-summary: The version of Guardrails to use. Default "v1.0.0" Use the ListGuardrailsVersions API to discover available versions - name: --guardrails-excluded-ns type: string - short-summary: Comma-separated list of Kubernetes namespaces to exclude from Guardrails. Use "[]" to clear a previously non-empty list + short-summary: Comma-separated list of Kubernetes namespaces to exclude from Guardrails. Use "" to clear a previously non-empty list examples: - name: Reconcile the cluster back to its current state. text: az aks update -g MyResourceGroup -n MyManagedCluster @@ -1086,7 +1086,7 @@ - name: Update a kubernetes cluster with guardrails set to "Warning" and some namespaces excluded. Assumes azure policy addon is already enabled text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-level Warning --guardrails-excluded-ns ns1,ns2 - name: Update a kubernetes cluster to clear any namespaces excluded from guardrails. Assumes azure policy addon is already enabled - text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-excluded-ns "[]" + text: az aks update -g MyResourceGroup -n MyManagedCluster --guardrails-excluded-ns "" """ helps['aks kollect'] = """ From 6964a539e6c0070421f6cb7d15323c723c2d2bd0 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:05:49 -0400 Subject: [PATCH 15/31] Fix formatting changes in params.py --- src/aks-preview/azext_aks_preview/_params.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 9872afd4561..4b15f7222dc 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -389,8 +389,7 @@ def load_arguments(self, _): c.argument('kubelet_config') c.argument('linux_os_config') c.argument('host_group_id', validator=validate_host_group_id) - c.argument('gpu_instance_profile', - arg_type=get_enum_type(gpu_instance_profiles)) + c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) # misc c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') @@ -535,8 +534,7 @@ def load_arguments(self, _): c.argument('enable_image_cleaner', action='store_true', is_preview=True) c.argument('disable_image_cleaner', action='store_true', validator=validate_image_cleaner_enable_disable_mutually_exclusive, is_preview=True) c.argument('image_cleaner_interval_hours', type=int, is_preview=True) - c.argument('enable_apiserver_vnet_integration', - action='store_true', is_preview=True) + c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) c.argument('enable_keda', action='store_true', is_preview=True) @@ -748,8 +746,7 @@ def load_arguments(self, _): c.argument('workspace_resource_id') c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) - c.argument('enable_syslog', - arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True) c.argument('data_collection_settings', is_preview=True) c.argument('dns-zone-resource-id') @@ -762,8 +759,7 @@ def load_arguments(self, _): c.argument('enable_sgxquotehelper', action='store_true') c.argument('osm_mesh_name') c.argument('appgw_name', arg_group='Application Gateway') - c.argument('appgw_subnet_prefix', arg_group='Application Gateway', - deprecate_info=c.deprecate(redirect='--appgw-subnet-cidr', hide=True)) + c.argument('appgw_subnet_prefix', arg_group='Application Gateway', deprecate_info=c.deprecate(redirect='--appgw-subnet-cidr', hide=True)) c.argument('appgw_subnet_cidr', arg_group='Application Gateway') c.argument('appgw_id', arg_group='Application Gateway') c.argument('appgw_subnet_id', arg_group='Application Gateway') From 40997d92084e24c40b8e1649a45a641ff3999ad0 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:06:44 -0400 Subject: [PATCH 16/31] Fix formatting changes in custom.py --- src/aks-preview/azext_aks_preview/custom.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 931c896e244..a2c10309aca 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1441,8 +1441,7 @@ def aks_addon_show(cmd, client, resource_group_name, name, addon): # web_application_routing is a special case, the configuration is stored in a separate profile if addon == "web_application_routing": if not mc.ingress_profile and not mc.ingress_profile.web_app_routing and not mc.ingress_profile.web_app_routing.enabled: - raise InvalidArgumentValueError( - f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') return { "name": addon, "api_key": addon_key, @@ -1451,8 +1450,7 @@ def aks_addon_show(cmd, client, resource_group_name, name, addon): # normal addons if not mc.addon_profiles or addon_key not in mc.addon_profiles or not mc.addon_profiles[addon_key].enabled: - raise InvalidArgumentValueError( - f'Addon "{addon}" is not enabled in this cluster.') + raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') return { "name": addon, "api_key": addon_key, From 75bae9257d79c6ccf355251204eaa47b58398a08 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:19:30 -0400 Subject: [PATCH 17/31] Fix formatting changes in mc decorator --- .../managed_cluster_decorator.py | 116 ++++++------------ 1 file changed, 38 insertions(+), 78 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 84895f68c69..648a2be1f02 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -91,13 +91,11 @@ # type variables ContainerServiceClient = TypeVar("ContainerServiceClient") -ContainerServiceNetworkProfileKubeProxyConfig = TypeVar( - "ContainerServiceNetworkProfileKubeProxyConfig") +ContainerServiceNetworkProfileKubeProxyConfig = TypeVar("ContainerServiceNetworkProfileKubeProxyConfig") ManagedCluster = TypeVar("ManagedCluster") ManagedClusterAddonProfile = TypeVar("ManagedClusterAddonProfile") ManagedClusterHTTPProxyConfig = TypeVar("ManagedClusterHTTPProxyConfig") -ManagedClusterSecurityProfileWorkloadIdentity = TypeVar( - "ManagedClusterSecurityProfileWorkloadIdentity") +ManagedClusterSecurityProfileWorkloadIdentity = TypeVar("ManagedClusterSecurityProfileWorkloadIdentity") ManagedClusterOIDCIssuerProfile = TypeVar("ManagedClusterOIDCIssuerProfile") ManagedClusterSnapshot = TypeVar("ManagedClusterSnapshot") ManagedClusterStorageProfile = TypeVar('ManagedClusterStorageProfile') @@ -119,7 +117,6 @@ class AKSPreviewManagedClusterModels(AKSManagedClusterModels): The api version of the class corresponding to a model is determined by resource_type. """ - def __init__(self, cmd: AzCommandsLoader, resource_type: ResourceType): super().__init__(cmd, resource_type) # holder for pod identity related models @@ -175,7 +172,6 @@ def get_guardrails_version(self) -> Union[str, None]: return self.raw_param.get("guardrails_version") # pylint: disable=no-self-use - def __validate_pod_identity_with_kubenet(self, mc, enable_pod_identity, enable_pod_identity_with_kubenet): """Helper function to check the validity of serveral pod identity related parameters. @@ -226,8 +222,7 @@ def get_pod_cidrs(self) -> Union[List[str], None]: # read the original value passed by the command pod_cidrs = self.raw_param.get("pod_cidrs") # normalize - pod_cidrs = extract_comma_separated_string( - pod_cidrs, keep_none=True, default_value=[]) + pod_cidrs = extract_comma_separated_string(pod_cidrs, keep_none=True, default_value=[]) # try to read the property value corresponding to the parameter from the `mc` object if self.mc and self.mc.network_profile and self.mc.network_profile.pod_cidrs is not None: pod_cidrs = self.mc.network_profile.pod_cidrs @@ -262,8 +257,7 @@ def get_ip_families(self) -> Union[List[str], None]: # read the original value passed by the command ip_families = self.raw_param.get("ip_families") # normalize - ip_families = extract_comma_separated_string( - ip_families, keep_none=True, default_value=[]) + ip_families = extract_comma_separated_string(ip_families, keep_none=True, default_value=[]) # try to read the property value corresponding to the parameter from the `mc` object if self.mc and self.mc.network_profile and self.mc.network_profile.ip_families is not None: ip_families = self.mc.network_profile.ip_families @@ -639,8 +633,7 @@ def get_load_balancer_managed_outbound_ipv6_count(self) -> Union[int, None]: :return: int or None """ - count_ipv6 = self.raw_param.get( - 'load_balancer_managed_outbound_ipv6_count') + count_ipv6 = self.raw_param.get('load_balancer_managed_outbound_ipv6_count') if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -691,8 +684,7 @@ def get_nrg_lockdown_restriction_level(self) -> Union[str, None]: :return: string or None """ # read the original value passed by the command - nrg_lockdown_restriction_level = self.raw_param.get( - "nrg_lockdown_restriction_level") + nrg_lockdown_restriction_level = self.raw_param.get("nrg_lockdown_restriction_level") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: @@ -812,8 +804,7 @@ def _get_enable_pod_security_policy(self, enable_validation: bool = False) -> bo :return: bool """ # read the original value passed by the command - enable_pod_security_policy = self.raw_param.get( - "enable_pod_security_policy") + enable_pod_security_policy = self.raw_param.get("enable_pod_security_policy") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -851,8 +842,7 @@ def _get_disable_pod_security_policy(self, enable_validation: bool = False) -> b :return: bool """ # read the original value passed by the command - disable_pod_security_policy = self.raw_param.get( - "disable_pod_security_policy") + disable_pod_security_policy = self.raw_param.get("disable_pod_security_policy") # We do not support this option in create mode, therefore we do not read the value from `mc`. # this parameter does not need dynamic completion @@ -888,8 +878,7 @@ def _get_enable_managed_identity( :return: bool """ - enable_managed_identity = super()._get_enable_managed_identity( - enable_validation, read_only) + enable_managed_identity = super()._get_enable_managed_identity(enable_validation, read_only) # additional validation if enable_validation: if self.decorator_mode == DecoratorMode.CREATE: @@ -1052,8 +1041,7 @@ def get_workload_identity_profile(self) -> Optional[ManagedClusterSecurityProfil # - True: sets by user, to enable the workload identity feature # - False: sets by user, to disable the workload identity feature # - None: user unspecified, don't set the profile and let server side to backfill - enable_workload_identity = self.raw_param.get( - "enable_workload_identity") + enable_workload_identity = self.raw_param.get("enable_workload_identity") if enable_workload_identity is None: return None @@ -1120,8 +1108,7 @@ def _get_image_cleaner_interval_hours(self, enable_validation: bool = False) -> :return: int or None """ # read the original value passed by the command - image_cleaner_interval_hours = self.raw_param.get( - "image_cleaner_interval_hours") + image_cleaner_interval_hours = self.raw_param.get("image_cleaner_interval_hours") if image_cleaner_interval_hours is not None and enable_validation: @@ -1161,8 +1148,7 @@ def get_image_cleaner_interval_hours(self) -> Union[int, None]: :return: int or None """ - interval_hours = self._get_image_cleaner_interval_hours( - enable_validation=True) + interval_hours = self._get_image_cleaner_interval_hours(enable_validation=True) return interval_hours @@ -1206,10 +1192,8 @@ def get_cluster_snapshot(self) -> Union[ManagedClusterSnapshot, None]: snapshot_id = self.get_cluster_snapshot_id() if snapshot_id: - snapshot = self.external_functions.get_cluster_snapshot_by_snapshot_id( - self.cmd.cli_ctx, snapshot_id) - self.set_intermediate("managedclustersnapshot", - snapshot, overwrite_exists=True) + snapshot = self.external_functions.get_cluster_snapshot_by_snapshot_id(self.cmd.cli_ctx, snapshot_id) + self.set_intermediate("managedclustersnapshot", snapshot, overwrite_exists=True) return snapshot def _get_kubernetes_version(self, read_only: bool = False) -> str: @@ -1329,8 +1313,7 @@ def _get_enable_apiserver_vnet_integration(self, enable_validation: bool = False :return: bool """ # read the original value passed by the command - enable_apiserver_vnet_integration = self.raw_param.get( - "enable_apiserver_vnet_integration") + enable_apiserver_vnet_integration = self.raw_param.get("enable_apiserver_vnet_integration") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -1344,8 +1327,7 @@ def _get_enable_apiserver_vnet_integration(self, enable_validation: bool = False # validation if enable_validation: if self.decorator_mode == DecoratorMode.UPDATE: - is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster( - self.mc) + is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster(self.mc) if enable_apiserver_vnet_integration and not is_apiserver_vnet_integration_cluster: if self._get_apiserver_subnet_id(enable_validation=False) is None: raise RequiredArgumentMissingError( @@ -1429,8 +1411,7 @@ def _get_enable_private_cluster(self, enable_validation: bool = False) -> bool: :return: bool """ # read the original value passed by the command - enable_apiserver_vnet_integration = self.raw_param.get( - "enable_apiserver_vnet_integration") + enable_apiserver_vnet_integration = self.raw_param.get("enable_apiserver_vnet_integration") enable_private_cluster = self.raw_param.get("enable_private_cluster") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. @@ -1472,8 +1453,7 @@ def _get_enable_private_cluster(self, enable_validation: bool = False) -> bool: if self.decorator_mode == DecoratorMode.UPDATE: # copy logic from cli core is_private_cluster = check_is_private_cluster(self.mc) - is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster( - self.mc) + is_apiserver_vnet_integration_cluster = check_is_apiserver_vnet_integration_cluster(self.mc) if is_private_cluster or enable_private_cluster: if self._get_api_server_authorized_ip_ranges(enable_validation=False): @@ -1517,8 +1497,7 @@ def _get_disable_private_cluster(self, enable_validation: bool = False) -> bool: :return: bool """ # read the original value passed by the command - enable_apiserver_vnet_integration = self.raw_param.get( - "enable_apiserver_vnet_integration") + enable_apiserver_vnet_integration = self.raw_param.get("enable_apiserver_vnet_integration") disable_private_cluster = self.raw_param.get("disable_private_cluster") # this parameter does not need dynamic completion @@ -1885,8 +1864,7 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: :return: List[str] or None """ - custom_ca_certs_file_path = self.raw_param.get( - "custom_ca_trust_certificates") + custom_ca_certs_file_path = self.raw_param.get("custom_ca_trust_certificates") if not custom_ca_certs_file_path: return None if not os.path.isfile(custom_ca_certs_file_path): @@ -1896,8 +1874,7 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: ) ) # CAs are supposed to be separated with a new line, we filter out empty strings (e.g. some stray new line). We only allow up to 10 CAs - file_content = read_file_content( - custom_ca_certs_file_path).split(os.linesep + os.linesep) + file_content = read_file_content(custom_ca_certs_file_path).split(os.linesep + os.linesep) certs = [str.encode(x) for x in file_content if len(x) > 1] if len(certs) > 10: raise InvalidArgumentValueError( @@ -1935,8 +1912,7 @@ def _get_enable_azure_monitor_metrics(self, enable_validation: bool = False) -> """ # print("_get_enable_azure_monitor_metrics being called...") # Read the original value passed by the command. - enable_azure_monitor_metrics = self.raw_param.get( - "enable_azuremonitormetrics") + enable_azure_monitor_metrics = self.raw_param.get("enable_azuremonitormetrics") # In create mode, try to read the property value corresponding to the parameter from the `mc` object. if self.decorator_mode == DecoratorMode.CREATE: if ( @@ -1972,11 +1948,9 @@ def _get_disable_azure_monitor_metrics(self, enable_validation: bool = False) -> :return: bool """ # Read the original value passed by the command. - disable_azure_monitor_metrics = self.raw_param.get( - "disable_azuremonitormetrics") + disable_azure_monitor_metrics = self.raw_param.get("disable_azuremonitormetrics") if disable_azure_monitor_metrics and self._get_enable_azure_monitor_metrics(False): - raise MutuallyExclusiveArgumentError( - "Cannot specify --enable-azuremonitormetrics and --disable-azuremonitormetrics at the same time.") + raise MutuallyExclusiveArgumentError("Cannot specify --enable-azuremonitormetrics and --disable-azuremonitormetrics at the same time.") return disable_azure_monitor_metrics def get_disable_azure_monitor_metrics(self) -> bool: @@ -2006,8 +1980,7 @@ def _get_disable_node_restriction(self, enable_validation: bool = False) -> bool :return: bool """ # Read the original value passed by the command. - disable_node_restriction = self.raw_param.get( - "disable_node_restriction") + disable_node_restriction = self.raw_param.get("disable_node_restriction") # This option is not supported in create mode, hence we do not read the property value from the `mc` object. # This parameter does not need dynamic completion. @@ -2310,8 +2283,7 @@ def init_models(self) -> None: :return: None """ - self.models = AKSPreviewManagedClusterModels( - self.cmd, self.resource_type) + self.models = AKSPreviewManagedClusterModels(self.cmd, self.resource_type) def init_context(self) -> None: """Initialize an AKSPreviewManagedClusterContext object to store the context in the process of assemble the @@ -2578,8 +2550,7 @@ def set_up_workload_auto_scaler_profile(self, mc: ManagedCluster) -> ManagedClus if self.context.get_enable_keda(): if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() - mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda( - enabled=True) + mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda(enabled=True) return mc @@ -2626,8 +2597,7 @@ def set_up_vpa(self, mc: ManagedCluster) -> ManagedCluster: if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() if mc.workload_auto_scaler_profile.vertical_pod_autoscaler is None: - mc.workload_auto_scaler_profile.vertical_pod_autoscaler = self.models.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler( - enabled=True) + mc.workload_auto_scaler_profile.vertical_pod_autoscaler = self.models.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler(enabled=True) else: mc.workload_auto_scaler_profile.vertical_pod_autoscaler.enabled = True return mc @@ -2656,8 +2626,7 @@ def set_up_node_resource_group_profile(self, mc: ManagedCluster) -> ManagedClust node_resource_group_profile = None nrg_lockdown_restriction_level = self.context.get_nrg_lockdown_restriction_level() if nrg_lockdown_restriction_level: - node_resource_group_profile = self.models.ManagedClusterNodeResourceGroupProfile( - restriction_level=nrg_lockdown_restriction_level) + node_resource_group_profile = self.models.ManagedClusterNodeResourceGroupProfile(restriction_level=nrg_lockdown_restriction_level) mc.node_resource_group_profile = node_resource_group_profile return mc @@ -2957,8 +2926,7 @@ def init_models(self) -> None: :return: None """ - self.models = AKSPreviewManagedClusterModels( - self.cmd, self.resource_type) + self.models = AKSPreviewManagedClusterModels(self.cmd, self.resource_type) def init_context(self) -> None: """Initialize an AKSManagedClusterContext object to store the context in the process of assemble the @@ -2967,8 +2935,7 @@ def init_context(self) -> None: :return: None """ self.context = AKSPreviewManagedClusterContext( - self.cmd, AKSManagedClusterParamDict( - self.__raw_parameters), self.models, DecoratorMode.UPDATE + self.cmd, AKSManagedClusterParamDict(self.__raw_parameters), self.models, DecoratorMode.UPDATE ) def init_agentpool_decorator_context(self) -> None: @@ -3009,8 +2976,7 @@ def check_raw_parameters(self): excluded_keys = ("cmd", "client", "resource_group_name", "name") # check whether the remaining parameters are set # the default "falsy" value will be considered as not set (e.g., None, "", [], {}, 0) - is_changed = any( - v for k, v in self.context.raw_param.items() if k not in excluded_keys) + is_changed = any(v for k, v in self.context.raw_param.items() if k not in excluded_keys) # special cases # Some parameters support using "falsy" value to update/remove previously set values. @@ -3308,14 +3274,12 @@ def update_workload_auto_scaler_profile(self, mc: ManagedCluster) -> ManagedClus if self.context.get_enable_keda(): if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() - mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda( - enabled=True) + mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda(enabled=True) if self.context.get_disable_keda(): if mc.workload_auto_scaler_profile is None: mc.workload_auto_scaler_profile = self.models.ManagedClusterWorkloadAutoScalerProfile() - mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda( - enabled=False) + mc.workload_auto_scaler_profile.keda = self.models.ManagedClusterWorkloadAutoScalerProfileKeda(enabled=False) return mc @@ -3342,10 +3306,8 @@ def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: self._ensure_mc(mc) # read the original value passed by the command - ksm_metric_labels_allow_list = self.context.raw_param.get( - "ksm_metric_labels_allow_list") - ksm_metric_annotations_allow_list = self.context.raw_param.get( - "ksm_metric_annotations_allow_list") + ksm_metric_labels_allow_list = self.context.raw_param.get("ksm_metric_labels_allow_list") + ksm_metric_annotations_allow_list = self.context.raw_param.get("ksm_metric_annotations_allow_list") if ksm_metric_labels_allow_list is None: ksm_metric_labels_allow_list = "" @@ -3355,8 +3317,7 @@ def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: if self.context.get_enable_azure_monitor_metrics(): if mc.azure_monitor_profile is None: mc.azure_monitor_profile = self.models.ManagedClusterAzureMonitorProfile() - mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics( - enabled=True) + mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics(enabled=True) mc.azure_monitor_profile.metrics.kube_state_metrics = self.models.ManagedClusterAzureMonitorProfileKubeStateMetrics( metric_labels_allowlist=str(ksm_metric_labels_allow_list), metric_annotations_allow_list=str(ksm_metric_annotations_allow_list)) @@ -3364,8 +3325,7 @@ def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: if self.context.get_disable_azure_monitor_metrics(): if mc.azure_monitor_profile is None: mc.azure_monitor_profile = self.models.ManagedClusterAzureMonitorProfile() - mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics( - enabled=False) + mc.azure_monitor_profile.metrics = self.models.ManagedClusterAzureMonitorProfileMetrics(enabled=False) if (self.context.raw_param.get("enable_azuremonitormetrics") or self.context.raw_param.get("disable_azuremonitormetrics")): ensure_azure_monitor_profile_prerequisites( From ddd86ef78009276604156f97d9a0e570dd84e20f Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:21:09 -0400 Subject: [PATCH 18/31] another formatting fix params.py --- src/aks-preview/azext_aks_preview/_params.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 4b15f7222dc..8b599b1c965 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -526,7 +526,7 @@ def load_arguments(self, _): c.argument('load_balancer_managed_outbound_ipv6_count', type=int) c.argument('outbound_type', arg_type=get_enum_type(outbound_types)) c.argument('enable_pod_security_policy', action='store_true', deprecate_info=c.deprecate(target='--enable-pod-security-policy', hide=True)) - c.argument('disable_pod_security_policy',action='store_true', is_preview=True) + c.argument('disable_pod_security_policy', action='store_true', is_preview=True) c.argument('enable_pod_identity', action='store_true') c.argument('enable_pod_identity_with_kubenet', action='store_true') c.argument('disable_pod_identity', action='store_true') @@ -535,8 +535,7 @@ def load_arguments(self, _): c.argument('disable_image_cleaner', action='store_true', validator=validate_image_cleaner_enable_disable_mutually_exclusive, is_preview=True) c.argument('image_cleaner_interval_hours', type=int, is_preview=True) c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) - c.argument('apiserver_subnet_id', - validator=validate_apiserver_subnet_id, is_preview=True) + c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) c.argument('enable_keda', action='store_true', is_preview=True) c.argument('disable_keda', action='store_true', is_preview=True) c.argument('enable_node_restriction', action='store_true', is_preview=True, help="enable node restriction for cluster") @@ -556,8 +555,7 @@ def load_arguments(self, _): c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True, help="path to file containing list of new line separated CAs") c.argument('guardrails_level', arg_type=get_enum_type(guardrails_levels), is_preview=True) - c.argument('guardrails_version', - help='The guardrails version', is_preview=True) + c.argument('guardrails_version', help='The guardrails version', is_preview=True) c.argument('guardrails_excluded_ns', is_preview=True) with self.argument_context('aks upgrade') as c: From 1d99c2dcf710e13e9ed2ca85f89881848c2e3d50 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:29:57 -0400 Subject: [PATCH 19/31] Last mc decorator formatting, fix formatting in test_validators --- .../managed_cluster_decorator.py | 6 +- .../tests/latest/test_validators.py | 133 ++++++------------ 2 files changed, 42 insertions(+), 97 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 648a2be1f02..a6788879f26 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -239,8 +239,7 @@ def get_service_cidrs(self) -> Union[List[str], None]: # read the original value passed by the command service_cidrs = self.raw_param.get("service_cidrs") # normalize - service_cidrs = extract_comma_separated_string( - service_cidrs, keep_none=True, default_value=[]) + service_cidrs = extract_comma_separated_string(service_cidrs, keep_none=True, default_value=[]) # try to read the property value corresponding to the parameter from the `mc` object if self.mc and self.mc.network_profile and self.mc.network_profile.service_cidrs is not None: service_cidrs = self.mc.network_profile.service_cidrs @@ -1571,8 +1570,7 @@ def _get_disable_public_fqdn(self, enable_validation: bool = False) -> bool: ) if ( safe_lower(self._get_private_dns_zone(enable_validation=False)) == CONST_PRIVATE_DNS_ZONE_NONE or - safe_lower( - self.mc.api_server_access_profile.private_dns_zone) == CONST_PRIVATE_DNS_ZONE_NONE + safe_lower(self.mc.api_server_access_profile.private_dns_zone) == CONST_PRIVATE_DNS_ZONE_NONE ): raise InvalidArgumentValueError( "--disable-public-fqdn cannot be applied for none mode private dns zone cluster" diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index 4fa3e766fb5..aab99ff9893 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -78,8 +78,7 @@ def test_invalid_subnet_id(self): err = ("--vnet-subnet-id is not a valid Azure resource ID.") with self.assertRaises(CLIError) as cm: - validators._validate_subnet_id( - invalid_vnet_subnet_id, "--vnet-subnet-id") + validators._validate_subnet_id(invalid_vnet_subnet_id, "--vnet-subnet-id") self.assertEqual(str(cm.exception), err) def test_valid_vnet_subnet_id(self): @@ -115,13 +114,11 @@ def __init__(self, os_type, enable_custom_ca_trust): self.os_type = os_type self.enable_custom_ca_trust = enable_custom_ca_trust - class CustomCATrustCertificatesNamespace: def __init__(self, os_type, custom_ca_trust_certificates): self.os_type = os_type self.custom_ca_trust_certificates = custom_ca_trust_certificates - class DisableWindowsOutboundNatNamespace: def __init__(self, os_type, disable_windows_outbound_nat): self.os_type = os_type @@ -137,8 +134,7 @@ def test_valid_cases(self): def test_throws_on_string(self): with self.assertRaises(CLIError) as cm: validators.validate_max_surge(MaxSurgeNamespace("foobar")) - self.assertTrue('int or percentage' in str( - cm.exception), msg=str(cm.exception)) + self.assertTrue('int or percentage' in str(cm.exception), msg=str(cm.exception)) def test_throws_on_negative(self): with self.assertRaises(CLIError) as cm: @@ -155,111 +151,86 @@ def test_valid_cases(self): def test_throws_if_more_than_5(self): with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(SpotMaxPriceNamespace(5.123456)) - self.assertTrue('--spot_max_price can only include up to 5 decimal places' in str( - cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only include up to 5 decimal places' in str(cm.exception), msg=str(cm.exception)) def test_throws_if_non_valid_negative(self): with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(SpotMaxPriceNamespace(-2)) - self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str( - cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str(cm.exception), msg=str(cm.exception)) with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(SpotMaxPriceNamespace(0)) - self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str( - cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only be any decimal value greater than zero, or -1 which indicates' in str(cm.exception), msg=str(cm.exception)) def test_throws_if_input_max_price_for_regular(self): ns = SpotMaxPriceNamespace(2) ns.priority = "Regular" with self.assertRaises(CLIError) as cm: validators.validate_spot_max_price(ns) - self.assertTrue('--spot_max_price can only be set when --priority is Spot' in str( - cm.exception), msg=str(cm.exception)) + self.assertTrue('--spot_max_price can only be set when --priority is Spot' in str(cm.exception), msg=str(cm.exception)) class TestMessageOfTheday(unittest.TestCase): def test_valid_cases(self): valid = ["foo", ""] for v in valid: - validators.validate_message_of_the_day( - MessageOfTheDayNamespace(v, "Linux")) + validators.validate_message_of_the_day(MessageOfTheDayNamespace(v, "Linux")) def test_fail_if_os_type_windows(self): with self.assertRaises(CLIError) as cm: - validators.validate_message_of_the_day( - MessageOfTheDayNamespace("foo", "Windows")) - self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str( - cm.exception), msg=str(cm.exception)) + validators.validate_message_of_the_day(MessageOfTheDayNamespace("foo", "Windows")) + self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_message_of_the_day( - MessageOfTheDayNamespace("foo", "invalid")) - self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str( - cm.exception), msg=str(cm.exception)) + validators.validate_message_of_the_day(MessageOfTheDayNamespace("foo", "invalid")) + self.assertTrue('--message-of-the-day can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) class TestEnableCustomCATrust(unittest.TestCase): def test_pass_if_os_type_linux(self): - validators.validate_enable_custom_ca_trust( - EnableCustomCATrustNamespace("Linux", True)) + validators.validate_enable_custom_ca_trust(EnableCustomCATrustNamespace("Linux", True)) def test_fail_if_os_type_windows(self): with self.assertRaises(CLIError) as cm: - validators.validate_enable_custom_ca_trust( - EnableCustomCATrustNamespace("Windows", True)) - self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str( - cm.exception), msg=str(cm.exception)) + validators.validate_enable_custom_ca_trust(EnableCustomCATrustNamespace("Windows", True)) + self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str(cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_enable_custom_ca_trust( - EnableCustomCATrustNamespace("invalid", True)) - self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str( - cm.exception), msg=str(cm.exception)) + validators.validate_enable_custom_ca_trust(EnableCustomCATrustNamespace("invalid", True)) + self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str(cm.exception), msg=str(cm.exception)) class TestCustomCATrustCertificates(unittest.TestCase): def test_valid_cases(self): valid = ["foo", ""] for v in valid: - validators.validate_custom_ca_trust_certificates( - CustomCATrustCertificatesNamespace("Linux", v)) + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Linux", v)) def test_fail_if_os_type_windows(self): with self.assertRaises(CLIError) as cm: - validators.validate_custom_ca_trust_certificates( - CustomCATrustCertificatesNamespace("Windows", "foo")) - self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str( - cm.exception), msg=str(cm.exception)) + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Windows", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_custom_ca_trust_certificates( - CustomCATrustCertificatesNamespace("invalid", "foo")) - self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str( - cm.exception), msg=str(cm.exception)) + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("invalid", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) class TestDisableWindowsOutboundNAT(unittest.TestCase): def test_pass_if_os_type_windows(self): - validators.validate_disable_windows_outbound_nat( - DisableWindowsOutboundNatNamespace("Windows", True)) + validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("Windows", True)) def test_fail_if_os_type_linux(self): with self.assertRaises(CLIError) as cm: - validators.validate_disable_windows_outbound_nat( - DisableWindowsOutboundNatNamespace("Linux", True)) - self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str( - cm.exception), msg=str(cm.exception)) + validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("Linux", True)) + self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str(cm.exception), msg=str(cm.exception)) def test_fail_if_os_type_invalid(self): with self.assertRaises(CLIError) as cm: - validators.validate_disable_windows_outbound_nat( - DisableWindowsOutboundNatNamespace("invalid", True)) - self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str( - cm.exception), msg=str(cm.exception)) - + validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("invalid", True)) + self.assertTrue('--disable-windows-outbound-nat can only be set for Windows nodepools' in str(cm.exception), msg=str(cm.exception)) class ValidateAddonsNamespace: def __init__(self, addons): @@ -334,14 +305,12 @@ def __init__(self, identity_name): class TestValidatePodIdentityResourceName(unittest.TestCase): def test_valid_required_resource_name(self): - validator = validators.validate_pod_identity_resource_name( - 'identity_name', required=True) + validator = validators.validate_pod_identity_resource_name('identity_name', required=True) namespace = PodIdentityNamespace('test-name') validator(namespace) def test_missing_required_resource_name(self): - validator = validators.validate_pod_identity_resource_name( - 'identity_name', required=True) + validator = validators.validate_pod_identity_resource_name('identity_name', required=True) namespace = PodIdentityNamespace(None) with self.assertRaises(CLIError) as cm: @@ -368,7 +337,6 @@ def test_missing_required_resource_name(self): validators.validate_pod_identity_resource_namespace(namespace) self.assertEqual(str(cm.exception), '--namespace is required') - class TestValidateKubernetesVersion(unittest.TestCase): def test_valid_full_kubernetes_version(self): @@ -408,13 +376,11 @@ def test_invalid_kubernetes_version(self): validators.validate_k8s_version(namespace) self.assertEqual(str(cm.exception), err) - class HostGroupIDNamespace: def __init__(self, host_group_id): self.host_group_id = host_group_id - class TestValidateHostGroupID(unittest.TestCase): def test_invalid_host_group_id(self): invalid_host_group_id = "dummy group id" @@ -425,18 +391,15 @@ def test_invalid_host_group_id(self): validators.validate_host_group_id(namespace) self.assertEqual(str(cm.exception), err) - class AzureKeyVaultKmsKeyIdNamespace: def __init__(self, azure_keyvault_kms_key_id): self.azure_keyvault_kms_key_id = azure_keyvault_kms_key_id - class TestValidateAzureKeyVaultKmsKeyId(unittest.TestCase): def test_invalid_azure_keyvault_kms_key_id_without_https(self): invalid_azure_keyvault_kms_key_id = "dummy key id" - namespace = AzureKeyVaultKmsKeyIdNamespace( - azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) + namespace = AzureKeyVaultKmsKeyIdNamespace(azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) err = '--azure-keyvault-kms-key-id is not a valid Key Vault key ID. ' \ 'See https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name' @@ -446,8 +409,7 @@ def test_invalid_azure_keyvault_kms_key_id_without_https(self): def test_invalid_azure_keyvault_kms_key_id_without_key_version(self): invalid_azure_keyvault_kms_key_id = "https://fakekeyvault.vault.azure.net/keys/fakekeyname" - namespace = AzureKeyVaultKmsKeyIdNamespace( - azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) + namespace = AzureKeyVaultKmsKeyIdNamespace(azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) err = '--azure-keyvault-kms-key-id is not a valid Key Vault key ID. ' \ 'See https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name' @@ -457,8 +419,7 @@ def test_invalid_azure_keyvault_kms_key_id_without_key_version(self): def test_invalid_azure_keyvault_kms_key_id_with_wrong_object_type(self): invalid_azure_keyvault_kms_key_id = "https://fakekeyvault.vault.azure.net/secrets/fakesecretname/fakesecretversion" - namespace = AzureKeyVaultKmsKeyIdNamespace( - azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) + namespace = AzureKeyVaultKmsKeyIdNamespace(azure_keyvault_kms_key_id=invalid_azure_keyvault_kms_key_id) err = '--azure-keyvault-kms-key-id is not a valid Key Vault key ID. ' \ 'See https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name' @@ -466,7 +427,6 @@ def test_invalid_azure_keyvault_kms_key_id_with_wrong_object_type(self): validators.validate_azure_keyvault_kms_key_id(namespace) self.assertEqual(str(cm.exception), err) - class ImageCleanerNamespace: def __init__( self, @@ -478,7 +438,6 @@ def __init__( self.disable_image_cleaner = disable_image_cleaner self.image_cleaner_interval_hours = image_cleaner_interval_hours - class TestValidateImageCleanerEnableDiasble(unittest.TestCase): def test_invalid_image_cleaner_enable_disable_not_existing_together(self): namespace = ImageCleanerNamespace( @@ -488,11 +447,9 @@ def test_invalid_image_cleaner_enable_disable_not_existing_together(self): err = 'Cannot specify --enable-image-cleaner and --disable-image-cleaner at the same time.' with self.assertRaises(CLIError) as cm: - validators.validate_image_cleaner_enable_disable_mutually_exclusive( - namespace) + validators.validate_image_cleaner_enable_disable_mutually_exclusive(namespace) self.assertEqual(str(cm.exception), err) - class AzureKeyVaultKmsKeyVaultResourceIdNamespace: def __init__(self, azure_keyvault_kms_key_vault_resource_id): @@ -502,19 +459,16 @@ def __init__(self, azure_keyvault_kms_key_vault_resource_id): class TestValidateAzureKeyVaultKmsKeyVaultResourceId(unittest.TestCase): def test_invalid_azure_keyvault_kms_key_vault_resource_id(self): invalid_azure_keyvault_kms_key_vault_resource_id = "invalid" - namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace( - azure_keyvault_kms_key_vault_resource_id=invalid_azure_keyvault_kms_key_vault_resource_id) + namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace(azure_keyvault_kms_key_vault_resource_id=invalid_azure_keyvault_kms_key_vault_resource_id) err = '--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.' with self.assertRaises(InvalidArgumentValueError) as cm: - validators.validate_azure_keyvault_kms_key_vault_resource_id( - namespace) + validators.validate_azure_keyvault_kms_key_vault_resource_id(namespace) self.assertEqual(str(cm.exception), err) def test_valid_azure_keyvault_kms_key_vault_resource_id(self): valid_azure_keyvault_kms_key_vault_resource_id = "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/foo/providers/Microsoft.KeyVault/vaults/foo" - namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace( - azure_keyvault_kms_key_vault_resource_id=valid_azure_keyvault_kms_key_vault_resource_id) + namespace = AzureKeyVaultKmsKeyVaultResourceIdNamespace(azure_keyvault_kms_key_vault_resource_id=valid_azure_keyvault_kms_key_vault_resource_id) validators.validate_azure_keyvault_kms_key_vault_resource_id(namespace) @@ -644,14 +598,12 @@ def test_multiple_application_security_groups(self): namespace ) - class MaintenanceWindowNameSpace: def __init__(self, utc_offset=None, start_date=None, start_time=None): self.utc_offset = utc_offset self.start_date = start_date self.start_time = start_time - class TestValidateMaintenanceWindow(unittest.TestCase): def test_invalid_utc_offset(self): namespace = MaintenanceWindowNameSpace(utc_offset="5:00") @@ -659,30 +611,25 @@ def test_invalid_utc_offset(self): with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_utc_offset(namespace) self.assertEqual(str(cm.exception), err) - - def test_valid_utc_offset(self): + def test_valid_utc_offset(self): namespace = MaintenanceWindowNameSpace(utc_offset="+05:00") validators.validate_utc_offset(namespace) - - def test_invalid_start_date(self): + def test_invalid_start_date(self): namespace = MaintenanceWindowNameSpace(start_date="2023/01/01") err = '--start-date must be in format: "yyyy-MM-dd". For example, "2023-01-01".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_date(namespace) self.assertEqual(str(cm.exception), err) - - def test_valid_start_datet(self): + def test_valid_start_datet(self): namespace = MaintenanceWindowNameSpace(start_date="2023-01-01") validators.validate_start_date(namespace) - - def test_invalid_start_time(self): + def test_invalid_start_time(self): namespace = MaintenanceWindowNameSpace(start_time="3am") err = '--start-time must be in format "HH:mm". For example, "09:30" and "17:00".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_time(namespace) self.assertEqual(str(cm.exception), err) - - def test_valid_start_time(self): + def test_valid_start_time(self): namespace = MaintenanceWindowNameSpace(start_date="00:30") validators.validate_start_time(namespace) From 4f007e0e367611c3ee1dba550629cbfe01f6e099 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:32:22 -0400 Subject: [PATCH 20/31] another test_validators --- .../tests/latest/test_validators.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index aab99ff9893..e2450703b61 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -124,7 +124,6 @@ def __init__(self, os_type, disable_windows_outbound_nat): self.os_type = os_type self.disable_windows_outbound_nat = disable_windows_outbound_nat - class TestMaxSurge(unittest.TestCase): def test_valid_cases(self): valid = ["5", "33%", "1", "100%"] @@ -434,9 +433,9 @@ def __init__( disable_image_cleaner=False, image_cleaner_interval_hours=None, ): - self.enable_image_cleaner = enable_image_cleaner - self.disable_image_cleaner = disable_image_cleaner - self.image_cleaner_interval_hours = image_cleaner_interval_hours + self.enable_image_cleaner = enable_image_cleaner + self.disable_image_cleaner = disable_image_cleaner + self.image_cleaner_interval_hours = image_cleaner_interval_hours class TestValidateImageCleanerEnableDiasble(unittest.TestCase): def test_invalid_image_cleaner_enable_disable_not_existing_together(self): @@ -605,33 +604,39 @@ def __init__(self, utc_offset=None, start_date=None, start_time=None): self.start_time = start_time class TestValidateMaintenanceWindow(unittest.TestCase): - def test_invalid_utc_offset(self): + def test_invalid_utc_offset(self): namespace = MaintenanceWindowNameSpace(utc_offset="5:00") err = '--utc-offset must be in format: "+/-HH:mm". For example, "+05:30" and "-12:00".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_utc_offset(namespace) self.assertEqual(str(cm.exception), err) + def test_valid_utc_offset(self): namespace = MaintenanceWindowNameSpace(utc_offset="+05:00") validators.validate_utc_offset(namespace) + def test_invalid_start_date(self): namespace = MaintenanceWindowNameSpace(start_date="2023/01/01") err = '--start-date must be in format: "yyyy-MM-dd". For example, "2023-01-01".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_date(namespace) self.assertEqual(str(cm.exception), err) + def test_valid_start_datet(self): namespace = MaintenanceWindowNameSpace(start_date="2023-01-01") validators.validate_start_date(namespace) + def test_invalid_start_time(self): namespace = MaintenanceWindowNameSpace(start_time="3am") err = '--start-time must be in format "HH:mm". For example, "09:30" and "17:00".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_time(namespace) self.assertEqual(str(cm.exception), err) + def test_valid_start_time(self): namespace = MaintenanceWindowNameSpace(start_date="00:30") validators.validate_start_time(namespace) + if __name__ == "__main__": unittest.main() From 771a34a437e8d0b6b3ee544ee0665287778d431f Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:33:24 -0400 Subject: [PATCH 21/31] Fix whitespace --- .../azext_aks_preview/tests/latest/test_validators.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index e2450703b61..3262e176905 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -610,7 +610,7 @@ def test_invalid_utc_offset(self): with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_utc_offset(namespace) self.assertEqual(str(cm.exception), err) - + def test_valid_utc_offset(self): namespace = MaintenanceWindowNameSpace(utc_offset="+05:00") validators.validate_utc_offset(namespace) @@ -621,18 +621,18 @@ def test_invalid_start_date(self): with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_date(namespace) self.assertEqual(str(cm.exception), err) - + def test_valid_start_datet(self): namespace = MaintenanceWindowNameSpace(start_date="2023-01-01") validators.validate_start_date(namespace) - + def test_invalid_start_time(self): namespace = MaintenanceWindowNameSpace(start_time="3am") err = '--start-time must be in format "HH:mm". For example, "09:30" and "17:00".' with self.assertRaises(InvalidArgumentValueError) as cm: validators.validate_start_time(namespace) self.assertEqual(str(cm.exception), err) - + def test_valid_start_time(self): namespace = MaintenanceWindowNameSpace(start_date="00:30") validators.validate_start_time(namespace) From 8659bf85cf53b8ed23946f20969d09dbf409d92c Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:38:00 -0400 Subject: [PATCH 22/31] use extract_comma_sepatated_string --- .../azext_aks_preview/managed_cluster_decorator.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index a6788879f26..70cd36daa55 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -2675,11 +2675,8 @@ def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: ) # replace values with provided values if excludedNamespaces is not None: - # split and trim the provided namespaces - exclNsList = excludedNamespaces.split(",") - for i in range(len(exclNsList)): - exclNsList[i] = exclNsList[i].strip() - mc.guardrails_profile.excluded_namespaces = exclNsList + mc.guardrails_profile.excluded_namespaces = extract_comma_separated_string( + excludedNamespaces, enable_strip=True, keep_none=True, default_value=[]) return mc def set_up_azure_service_mesh_profile(self, mc: ManagedCluster) -> ManagedCluster: @@ -3491,11 +3488,8 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: if excludedNamespaces == "": mc.guardrails_profile.excluded_namespaces = list() else: - # split and trim the provided namespaces - exclNsList = excludedNamespaces.split(",") - for i in range(len(exclNsList)): - exclNsList[i] = exclNsList[i].strip() - mc.guardrails_profile.excluded_namespaces = exclNsList + mc.guardrails_profile.excluded_namespaces = extract_comma_separated_string( + excludedNamespaces, enable_strip=True, keep_none=True, default_value=[]) return mc def update_azure_service_mesh_profile(self, mc: ManagedCluster) -> ManagedCluster: From dc094ab5389f92a1c9a8bdbb96c84ef9b5648cda Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Mon, 22 May 2023 12:42:21 -0400 Subject: [PATCH 23/31] Add back guardrails live tests to ignored because they require feature registration --- .../azcli_aks_live_test/configs/ext_matrix_default.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json index ed96cfefed1..18a1e124e48 100644 --- a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json +++ b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json @@ -43,6 +43,10 @@ ], "workload runtime, missing feature registration": [ "test_aks_nodepool_add_with_workload_runtime" + ], + "Guardrails, missing feature registration": [ + "test_aks_create_with_guardrails", + "test_aks_update_with_guardrails" ] } } \ No newline at end of file From 17c670dea1290c7ed232f8f8296d18c98d0fa09a Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Tue, 23 May 2023 10:46:36 -0400 Subject: [PATCH 24/31] Add live_only annotation back --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 9f86e8277b0..d59ce318ae3 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1388,6 +1388,7 @@ def test_aks_nodepool_abort(self, resource_group, resource_group_location): self.check('powerState.code', 'Running') ]) + @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_guardrails(self, resource_group, resource_group_location): @@ -1407,6 +1408,7 @@ def test_aks_create_with_guardrails(self, resource_group, resource_group_locatio self.check('guardrailsProfile.version','v1.0.0') ]) + @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_update_with_guardrails(self, resource_group, resource_group_location): From e8ef7c7c767cf4c40436fdccbd86d80fc4dfde0b Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Wed, 24 May 2023 11:45:49 -0400 Subject: [PATCH 25/31] Fix linter errors --- .../azext_aks_preview/managed_cluster_decorator.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 70cd36daa55..e6863835673 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -2676,9 +2676,9 @@ def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: # replace values with provided values if excludedNamespaces is not None: mc.guardrails_profile.excluded_namespaces = extract_comma_separated_string( - excludedNamespaces, enable_strip=True, keep_none=True, default_value=[]) + excludedNamespaces, enable_strip=True, keep_none=True, default_value=[]) return mc - + def set_up_azure_service_mesh_profile(self, mc: ManagedCluster) -> ManagedCluster: """Set up azure service mesh for the ManagedCluster object. From 232c5cfe9b39caef5fc7377f756969ae2781be3a Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Thu, 25 May 2023 11:40:27 -0400 Subject: [PATCH 26/31] Refactor common code into helper function --- src/aks-preview/azext_aks_preview/_helpers.py | 18 ++++++++++++ .../managed_cluster_decorator.py | 28 ++++--------------- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_helpers.py b/src/aks-preview/azext_aks_preview/_helpers.py index 321dc29b04b..3d6995ad24a 100644 --- a/src/aks-preview/azext_aks_preview/_helpers.py +++ b/src/aks-preview/azext_aks_preview/_helpers.py @@ -19,6 +19,10 @@ from azext_aks_preview._client_factory import get_nodepool_snapshots_client, get_mc_snapshots_client +from azure.cli.command_modules.acs._validators import ( + extract_comma_separated_string, +) + logger = get_logger(__name__) # type variables @@ -282,3 +286,17 @@ def check_is_apiserver_vnet_integration_cluster(mc: ManagedCluster) -> bool: if mc and mc.api_server_access_profile: return bool(mc.api_server_access_profile.enable_vnet_integration) return False + + +def setup_common_guardrails_profile(level, version, excludedNamespaces, mc: ManagedCluster, models) -> ManagedCluster: + if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: + mc.guardrails_profile = models.GuardrailsProfile( + level=level, + version=version + ) + # replace values with provided values + if excludedNamespaces is not None: + mc.guardrails_profile.excluded_namespaces = extract_comma_separated_string( + excludedNamespaces, enable_strip=True, keep_none=True, default_value=[]) + + return mc diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index e6863835673..08e8239a0f7 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -67,6 +67,7 @@ check_is_private_cluster, check_is_apiserver_vnet_integration_cluster, get_cluster_snapshot_by_snapshot_id, + setup_common_guardrails_profile ) from azext_aks_preview._loadbalancer import create_load_balancer_profile from azext_aks_preview._loadbalancer import ( @@ -2668,15 +2669,7 @@ def set_up_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: version = self.context.get_guardrails_version() level = self.context.get_guardrails_level() # provided any value? - if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile( - level=level, - version=version - ) - # replace values with provided values - if excludedNamespaces is not None: - mc.guardrails_profile.excluded_namespaces = extract_comma_separated_string( - excludedNamespaces, enable_strip=True, keep_none=True, default_value=[]) + mc = setup_common_guardrails_profile(level, version, excludedNamespaces, mc, self.models) return mc def set_up_azure_service_mesh_profile(self, mc: ManagedCluster) -> ManagedCluster: @@ -3473,23 +3466,14 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: excludedNamespaces = self.context.get_guardrails_excluded_namespaces() version = self.context.get_guardrails_version() level = self.context.get_guardrails_level() - # provided any value? - if (level is not None or version is not None or excludedNamespaces is not None) and mc.guardrails_profile is None: - mc.guardrails_profile = self.models.GuardrailsProfile( - level=level, - version=version - ) - # replace values with provided values + + mc = setup_common_guardrails_profile(level, version, excludedNamespaces, mc, self.models) + if level is not None: mc.guardrails_profile.level = level if version is not None: mc.guardrails_profile.version = version - if excludedNamespaces is not None: - if excludedNamespaces == "": - mc.guardrails_profile.excluded_namespaces = list() - else: - mc.guardrails_profile.excluded_namespaces = extract_comma_separated_string( - excludedNamespaces, enable_strip=True, keep_none=True, default_value=[]) + return mc def update_azure_service_mesh_profile(self, mc: ManagedCluster) -> ManagedCluster: From 04b848c3572579f28f724e394880c5481ab8ed5e Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Thu, 25 May 2023 13:28:14 -0400 Subject: [PATCH 27/31] Fix lint error --- src/aks-preview/azext_aks_preview/managed_cluster_decorator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 08e8239a0f7..b29d2e9a48a 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -3468,7 +3468,7 @@ def update_guardrails_profile(self, mc: ManagedCluster) -> ManagedCluster: level = self.context.get_guardrails_level() mc = setup_common_guardrails_profile(level, version, excludedNamespaces, mc, self.models) - + if level is not None: mc.guardrails_profile.level = level if version is not None: From ab288d7598b26e81ed8733e3b68d9b878252f75f Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Fri, 26 May 2023 09:39:48 -0400 Subject: [PATCH 28/31] Remove live_only annotation, move version to proper place --- src/aks-preview/HISTORY.rst | 9 ++++----- .../azext_aks_preview/tests/latest/test_aks_commands.py | 2 -- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index ec254035944..6717815ac2b 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -13,6 +13,10 @@ Pending +++++++ * Vendor new SDK and bump API version to 2023-04-02-preview. +0.5.140 ++++++++ +* Allow options for specifying guardrails profile arguments + 0.5.139 * `az aks create` and `az aks nodepool add`: Add warning message when specifying `--os-sku` to `Mariner` or `CBLMariner`. @@ -22,11 +26,6 @@ Pending * fix: don't use current kube_proxy_config on UPDATE * GA update for Azure Monitor Metrics Addon (managed prometheus metrics) for AKS -0.5.140 -+++++++ -* Allow options for specifying guardrails profile arguments - - 0.5.137 +++++++ * Fix role assignment failure caused by the breaking change of default API version bump of the auth SDK diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index d59ce318ae3..9f86e8277b0 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1388,7 +1388,6 @@ def test_aks_nodepool_abort(self, resource_group, resource_group_location): self.check('powerState.code', 'Running') ]) - @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_guardrails(self, resource_group, resource_group_location): @@ -1408,7 +1407,6 @@ def test_aks_create_with_guardrails(self, resource_group, resource_group_locatio self.check('guardrailsProfile.version','v1.0.0') ]) - @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_update_with_guardrails(self, resource_group, resource_group_location): From 9a8c719e018f7f03c0c952b4434ea3c25b159ef0 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Fri, 26 May 2023 10:05:40 -0400 Subject: [PATCH 29/31] Added cli flag to pass custom header through --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 9f86e8277b0..6df75d4a483 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1400,7 +1400,8 @@ def test_aks_create_with_guardrails(self, resource_group, resource_group_locatio create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ - '--enable-addons azure-policy --ssh-key-value={ssh_key_value} ' + '--enable-addons azure-policy --ssh-key-value={ssh_key_value} ' \ + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/GuardrailsPreview' self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), self.check('guardrailsProfile.level', 'Warning'), @@ -1425,7 +1426,8 @@ def test_aks_update_with_guardrails(self, resource_group, resource_group_locatio update_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ '--guardrails-level Warning --guardrails-version "v1.0.0" ' \ - '--guardrails-excluded-ns test-ns1' + '--guardrails-excluded-ns test-ns1 ' \ + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/GuardrailsPreview' self.cmd(update_cmd, checks=[ self.check('provisioningState', 'Succeeded'), From a6b4c216302f65b61e70cceac6eabe87527a8726 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Fri, 26 May 2023 10:06:09 -0400 Subject: [PATCH 30/31] Remove tests from exclude --- .../azcli_aks_live_test/configs/ext_matrix_default.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json index 18a1e124e48..ed96cfefed1 100644 --- a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json +++ b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json @@ -43,10 +43,6 @@ ], "workload runtime, missing feature registration": [ "test_aks_nodepool_add_with_workload_runtime" - ], - "Guardrails, missing feature registration": [ - "test_aks_create_with_guardrails", - "test_aks_update_with_guardrails" ] } } \ No newline at end of file From 642eee2301090e43b33d597db47900071cf06b71 Mon Sep 17 00:00:00 2001 From: Nick Keller Date: Fri, 26 May 2023 11:41:29 -0400 Subject: [PATCH 31/31] Add httpcustomfeatures recordings --- .../test_aks_create_with_guardrails.yaml | 422 ++++++++----- .../test_aks_update_with_guardrails.yaml | 579 ++++++++++++------ 2 files changed, 644 insertions(+), 357 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml index 2eaab5f67b4..f44ba1102d3 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_guardrails.yaml @@ -12,12 +12,12 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: '{"error":{"code":"ResourceNotFound","message":"The Resource ''Microsoft.ContainerService/managedClusters/cliakstest000002'' @@ -31,7 +31,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 02 May 2023 14:30:26 GMT + - Fri, 26 May 2023 14:26:25 GMT expires: - '-1' pragma: @@ -58,23 +58,23 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-resource/22.0.0 Python/3.8.10 (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-resource/22.0.0 Python/3.8.10 (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2022-09-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","test":"test_aks_create_with_guardrails","date":"2023-05-02T14:30:26Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","test":"test_aks_create_with_guardrails","date":"2023-05-26T14:26:23Z","module":"aks-preview"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache content-length: - - '346' + - '369' content-type: - application/json; charset=utf-8 date: - - Tue, 02 May 2023 14:30:26 GMT + - Fri, 26 May 2023 14:26:25 GMT expires: - '-1' pragma: @@ -90,7 +90,7 @@ interactions: message: OK - request: body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": - {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestjibsiplbd-8ecadf", + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitest2kqp4yqvi-79a739", "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": 0, "workloadRuntime": "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", "mode": "System", "orchestratorVersion": @@ -98,14 +98,16 @@ interactions: false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "nodeTaints": [], "enableEncryptionAtHost": false, "enableUltraSSD": false, "enableFIPS": false, "networkProfile": {}, "name": "nodepool1"}], "linuxProfile": - {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDio9cgRdFlsZ3OjstNHRbmi+cm7hbXZfeCc64bXto2/YSDOUQ4XY0BZABEGI82haeSjqm7nDEG2elcbdY9UowMhh6I3eCDuOnAbE7Gvc0LHxdPOoqqp/f5pLWxC1op+M8TmDecBOCSib5Fw897SS8lbJ8Kmbleed5rUcKwFbT2ucrcLjF0qc8gvv3VSpuD1y4hnxXy4ysqFPzGFNU4y/244AL12qQGt6TlcQeb+PvfBlFzh7fNna8HYPLi46hlgkLhI8XVj7WMrYP0TOJLiKh1jX2JdBhqAGPn5/iCVoNprwiQrEEavT9mbjoF0MpMqFZYOa4LPnarERDU8ZX/Oldf + {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {"azurepolicy": {"enabled": true}}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", - "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": - "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false, - "storageProfile": {}, "guardrailsProfile": {"version": "v1.0.0", "level": "Warning"}}}' + "dnsServiceIP": "10.0.0.10", "outboundType": "loadBalancer", "loadBalancerSku": + "standard"}, "disableLocalAccounts": false, "storageProfile": {}, "guardrailsProfile": + {"version": "v1.0.0", "level": "Warning"}}}' headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/GuardrailsPreview Accept: - application/json Accept-Encoding: @@ -115,17 +117,17 @@ interactions: Connection: - keep-alive Content-Length: - - '1676' + - '1639' Content-Type: - application/json ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n @@ -133,8 +135,8 @@ interactions: \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": - \"cliakstest-clitestjibsiplbd-8ecadf\",\n \"fqdn\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.portal.hcp.westus2.azmk8s.io\",\n + \"cliakstest-clitest2kqp4yqvi-79a739\",\n \"fqdn\": \"cliakstest-clitest2kqp4yqvi-79a739-nducrbx4.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest2kqp4yqvi-79a739-nducrbx4.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -145,45 +147,44 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-2204gen2containerd-202305.15.0\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDio9cgRdFlsZ3OjstNHRbmi+cm7hbXZfeCc64bXto2/YSDOUQ4XY0BZABEGI82haeSjqm7nDEG2elcbdY9UowMhh6I3eCDuOnAbE7Gvc0LHxdPOoqqp/f5pLWxC1op+M8TmDecBOCSib5Fw897SS8lbJ8Kmbleed5rUcKwFbT2ucrcLjF0qc8gvv3VSpuD1y4hnxXy4ysqFPzGFNU4y/244AL12qQGt6TlcQeb+PvfBlFzh7fNna8HYPLi46hlgkLhI8XVj7WMrYP0TOJLiKh1jX2JdBhqAGPn5/iCVoNprwiQrEEavT9mbjoF0MpMqFZYOa4LPnarERDU8ZX/Oldf + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null\n \ }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n - \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"enableLTS\": + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"supportPlan\": \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": - \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": - \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": - [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n - \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": - 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": - {\n \"diskCSIDriver\": {\n \"enabled\": true,\n \"version\": \"v1\"\n - \ },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": - {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": - false\n },\n \"guardrailsProfile\": {\n \"level\": \"Warning\",\n \"version\": - \"v1.0.0\",\n \"systemExcludedNamespaces\": [\n \"kube-system\",\n - \ \"calico-system\",\n \"tigera-system\",\n \"gatekeeper-system\"\n - \ ]\n },\n \"workloadAutoScalerProfile\": {}\n },\n \"identity\": - {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"outboundType\": + \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"guardrailsProfile\": + {\n \"level\": \"Warning\",\n \"version\": \"v1.0.0\",\n \"systemExcludedNamespaces\": + [\n \"kube-system\",\n \"calico-system\",\n \"tigera-system\",\n + \ \"gatekeeper-system\"\n ]\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 cache-control: - no-cache content-length: - - '3821' + - '3782' content-type: - application/json date: - - Tue, 02 May 2023 14:30:31 GMT + - Fri, 26 May 2023 14:26:32 GMT expires: - '-1' pragma: @@ -195,7 +196,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1197' + - '1199' status: code: 201 message: Created @@ -212,16 +213,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -230,7 +231,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:30:31 GMT + - Fri, 26 May 2023 14:26:32 GMT expires: - '-1' pragma: @@ -239,10 +240,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -261,16 +258,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -279,7 +276,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:31:01 GMT + - Fri, 26 May 2023 14:27:02 GMT expires: - '-1' pragma: @@ -288,10 +285,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -310,16 +303,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -328,7 +321,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:31:31 GMT + - Fri, 26 May 2023 14:27:32 GMT expires: - '-1' pragma: @@ -337,10 +330,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -359,16 +348,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -377,7 +366,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:32:01 GMT + - Fri, 26 May 2023 14:28:02 GMT expires: - '-1' pragma: @@ -386,10 +375,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -408,16 +393,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -426,7 +411,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:32:31 GMT + - Fri, 26 May 2023 14:28:32 GMT expires: - '-1' pragma: @@ -435,10 +420,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -457,16 +438,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -475,7 +456,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:33:01 GMT + - Fri, 26 May 2023 14:29:02 GMT expires: - '-1' pragma: @@ -484,10 +465,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -506,16 +483,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -524,7 +501,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:33:31 GMT + - Fri, 26 May 2023 14:29:32 GMT expires: - '-1' pragma: @@ -533,10 +510,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -555,16 +528,16 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" headers: cache-control: - no-cache @@ -573,7 +546,97 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:34:01 GMT + - Fri, 26 May 2023 14:30:02 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Fri, 26 May 2023 14:30:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Fri, 26 May 2023 14:31:03 GMT expires: - '-1' pragma: @@ -582,10 +645,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -604,17 +663,62 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7c4f40e2-1e45-4a90-a79e-7a9e5357a69f?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"e2404f7c-451e-904a-a79e-7a9e5357a69f\",\n \"status\": - \"Succeeded\",\n \"startTime\": \"2023-05-02T14:30:31.7384768Z\",\n \"endTime\": - \"2023-05-02T14:34:18.2143813Z\"\n }" + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Fri, 26 May 2023 14:31:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --guardrails-level --guardrails-version --enable-addons + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/210e66ce-4ce5-4920-a3af-0b7dda9a127c?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"ce660e21-e54c-2049-a3af-0b7dda9a127c\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2023-05-26T14:26:31.8199948Z\",\n \"endTime\": + \"2023-05-26T14:31:58.6871185Z\"\n }" headers: cache-control: - no-cache @@ -623,7 +727,7 @@ interactions: content-type: - application/json date: - - Tue, 02 May 2023 14:34:31 GMT + - Fri, 26 May 2023 14:32:04 GMT expires: - '-1' pragma: @@ -632,10 +736,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: @@ -654,12 +754,12 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --enable-addons - --ssh-key-value + --ssh-key-value --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1033-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n @@ -667,8 +767,8 @@ interactions: \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": - \"cliakstest-clitestjibsiplbd-8ecadf\",\n \"fqdn\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestjibsiplbd-8ecadf-600kdw7a.portal.hcp.westus2.azmk8s.io\",\n + \"cliakstest-clitest2kqp4yqvi-79a739\",\n \"fqdn\": \"cliakstest-clitest2kqp4yqvi-79a739-nducrbx4.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest2kqp4yqvi-79a739-nducrbx4.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -679,28 +779,28 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-2204gen2containerd-202305.15.0\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDio9cgRdFlsZ3OjstNHRbmi+cm7hbXZfeCc64bXto2/YSDOUQ4XY0BZABEGI82haeSjqm7nDEG2elcbdY9UowMhh6I3eCDuOnAbE7Gvc0LHxdPOoqqp/f5pLWxC1op+M8TmDecBOCSib5Fw897SS8lbJ8Kmbleed5rUcKwFbT2ucrcLjF0qc8gvv3VSpuD1y4hnxXy4ysqFPzGFNU4y/244AL12qQGt6TlcQeb+PvfBlFzh7fNna8HYPLi46hlgkLhI8XVj7WMrYP0TOJLiKh1jX2JdBhqAGPn5/iCVoNprwiQrEEavT9mbjoF0MpMqFZYOa4LPnarERDU8ZX/Oldf + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n \ \"identity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/azurepolicy-cliakstest000002\",\n \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n \ }\n }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n - \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"enableLTS\": + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"supportPlan\": \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": - [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/7d176a80-2f28-4c69-9b72-2fda2e555fd4\"\n + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/4d01a4df-e4c3-4e9b-a584-af299c5c09ab\"\n \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n - \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n - \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n - \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": - [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": - {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"outboundType\": \"loadBalancer\",\n + \ \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"identityProfile\": {\n \"kubeletidentity\": + {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": @@ -717,11 +817,11 @@ interactions: cache-control: - no-cache content-length: - - '4834' + - '4795' content-type: - application/json date: - - Tue, 02 May 2023 14:34:32 GMT + - Fri, 26 May 2023 14:32:05 GMT expires: - '-1' pragma: @@ -730,10 +830,6 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding x-content-type-options: - nosniff status: diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml index c38993f54c5..511d9251c24 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_guardrails.yaml @@ -13,10 +13,10 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: '{"error":{"code":"ResourceNotFound","message":"The Resource ''Microsoft.ContainerService/managedClusters/cliakstest000002'' @@ -30,7 +30,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 16 May 2023 23:13:00 GMT + - Fri, 26 May 2023 14:26:24 GMT expires: - '-1' pragma: @@ -58,12 +58,12 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-resource/22.0.0 Python/3.8.10 (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-resource/22.0.0 Python/3.8.10 (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2022-09-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","test":"test_aks_update_with_guardrails","date":"2023-05-16T23:12:58Z","module":"aks-preview"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","test":"test_aks_update_with_guardrails","date":"2023-05-26T14:26:23Z","module":"aks-preview"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache @@ -72,7 +72,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 16 May 2023 23:13:00 GMT + - Fri, 26 May 2023 14:26:24 GMT expires: - '-1' pragma: @@ -88,7 +88,7 @@ interactions: message: OK - request: body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": - {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestaemfx44ko-8ecadf", + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitests6pffkuwq-79a739", "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": 0, "workloadRuntime": "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", "mode": "System", "orchestratorVersion": @@ -96,13 +96,12 @@ interactions: false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "nodeTaints": [], "enableEncryptionAtHost": false, "enableUltraSSD": false, "enableFIPS": false, "networkProfile": {}, "name": "nodepool1"}], "linuxProfile": - {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {"azurepolicy": {"enabled": true}}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", - "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": - "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false, - "storageProfile": {}}}' + "dnsServiceIP": "10.0.0.10", "outboundType": "loadBalancer", "loadBalancerSku": + "standard"}, "disableLocalAccounts": false, "storageProfile": {}}}' headers: Accept: - application/json @@ -113,16 +112,16 @@ interactions: Connection: - keep-alive Content-Length: - - '1612' + - '1575' Content-Type: - application/json ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n @@ -130,8 +129,8 @@ interactions: \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": - \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \"cliakstest-clitests6pffkuwq-79a739\",\n \"fqdn\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -142,10 +141,10 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-2204gen2containerd-202305.15.0\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null\n @@ -155,29 +154,28 @@ interactions: \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": - \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": - \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": - [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n - \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": - 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": - {\n \"diskCSIDriver\": {\n \"enabled\": true,\n \"version\": \"v1\"\n - \ },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": - {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": - false\n },\n \"workloadAutoScalerProfile\": {}\n },\n \"identity\": - {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"outboundType\": + \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 cache-control: - no-cache content-length: - - '3613' + - '3572' content-type: - application/json date: - - Tue, 16 May 2023 23:13:06 GMT + - Fri, 26 May 2023 14:26:31 GMT expires: - '-1' pragma: @@ -189,7 +187,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1197' + - '1199' status: code: 201 message: Created @@ -207,14 +205,158 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Fri, 26 May 2023 14:26:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Fri, 26 May 2023 14:27:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Fri, 26 May 2023 14:27:30 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --ssh-key-value --enable-addons + User-Agent: + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -223,7 +365,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:13:07 GMT + - Fri, 26 May 2023 14:28:01 GMT expires: - '-1' pragma: @@ -232,6 +374,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -251,14 +397,14 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -267,7 +413,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:13:38 GMT + - Fri, 26 May 2023 14:28:31 GMT expires: - '-1' pragma: @@ -276,6 +422,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -295,14 +445,14 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -311,7 +461,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:14:08 GMT + - Fri, 26 May 2023 14:29:01 GMT expires: - '-1' pragma: @@ -320,6 +470,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -339,14 +493,14 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -355,7 +509,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:14:38 GMT + - Fri, 26 May 2023 14:29:31 GMT expires: - '-1' pragma: @@ -364,6 +518,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -383,14 +541,14 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -399,7 +557,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:15:08 GMT + - Fri, 26 May 2023 14:30:01 GMT expires: - '-1' pragma: @@ -408,6 +566,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -427,14 +589,14 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -443,7 +605,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:15:38 GMT + - Fri, 26 May 2023 14:30:32 GMT expires: - '-1' pragma: @@ -452,6 +614,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -471,14 +637,14 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -487,7 +653,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:16:08 GMT + - Fri, 26 May 2023 14:31:02 GMT expires: - '-1' pragma: @@ -496,6 +662,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -515,14 +685,14 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\"\n }" headers: cache-control: - no-cache @@ -531,7 +701,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:16:39 GMT + - Fri, 26 May 2023 14:31:31 GMT expires: - '-1' pragma: @@ -540,6 +710,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -559,15 +733,15 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/7ef0a9cb-9daa-4383-91e7-02c41a4eea7d?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/b085bc67-5f13-4cd2-baa2-3c7b0d6bb506?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"cba9f07e-aa9d-8343-91e7-02c41a4eea7d\",\n \"status\": - \"Succeeded\",\n \"startTime\": \"2023-05-16T23:13:06.6368796Z\",\n \"endTime\": - \"2023-05-16T23:16:48.0068199Z\"\n }" + string: "{\n \"name\": \"67bc85b0-135f-d24c-baa2-3c7b0d6bb506\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2023-05-26T14:26:30.7574504Z\",\n \"endTime\": + \"2023-05-26T14:31:56.7799836Z\"\n }" headers: cache-control: - no-cache @@ -576,7 +750,7 @@ interactions: content-type: - application/json date: - - Tue, 16 May 2023 23:17:09 GMT + - Fri, 26 May 2023 14:32:02 GMT expires: - '-1' pragma: @@ -585,6 +759,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -604,10 +782,10 @@ interactions: ParameterSetName: - --resource-group --name --ssh-key-value --enable-addons User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n @@ -615,8 +793,8 @@ interactions: \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": - \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \"cliakstest-clitests6pffkuwq-79a739\",\n \"fqdn\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -627,10 +805,10 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-2204gen2containerd-202305.15.0\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n @@ -641,14 +819,14 @@ interactions: \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": - [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/ca43f9f7-b0ad-4156-85f6-1f249a86abd9\"\n \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n - \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n - \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n - \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": - [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": - {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"outboundType\": \"loadBalancer\",\n + \ \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"identityProfile\": {\n \"kubeletidentity\": + {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": @@ -662,11 +840,11 @@ interactions: cache-control: - no-cache content-length: - - '4626' + - '4585' content-type: - application/json date: - - Tue, 16 May 2023 23:17:10 GMT + - Fri, 26 May 2023 14:32:03 GMT expires: - '-1' pragma: @@ -675,6 +853,10 @@ interactions: - nginx strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding x-content-type-options: - nosniff status: @@ -693,11 +875,12 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n @@ -705,8 +888,8 @@ interactions: \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": - \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \"cliakstest-clitests6pffkuwq-79a739\",\n \"fqdn\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -717,10 +900,10 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-2204gen2containerd-202305.15.0\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n @@ -731,14 +914,14 @@ interactions: \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": - [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/ca43f9f7-b0ad-4156-85f6-1f249a86abd9\"\n \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n - \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n - \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n - \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": - [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": - {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"outboundType\": \"loadBalancer\",\n + \ \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"identityProfile\": {\n \"kubeletidentity\": + {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": @@ -752,11 +935,11 @@ interactions: cache-control: - no-cache content-length: - - '4626' + - '4585' content-type: - application/json date: - - Tue, 16 May 2023 23:17:12 GMT + - Fri, 26 May 2023 14:32:04 GMT expires: - '-1' pragma: @@ -777,7 +960,7 @@ interactions: - request: body: '{"location": "westus2", "sku": {"name": "Base", "tier": "Free"}, "identity": {"type": "SystemAssigned"}, "properties": {"kubernetesVersion": "1.25.6", "dnsPrefix": - "cliakstest-clitestaemfx44ko-8ecadf", "agentPoolProfiles": [{"count": 3, "vmSize": + "cliakstest-clitests6pffkuwq-79a739", "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": 128, "osDiskType": "Managed", "kubeletDiskType": "OS", "workloadRuntime": "OCIContainer", "maxPods": 110, "osType": "Linux", "osSKU": "Ubuntu", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", @@ -785,16 +968,15 @@ interactions: {"code": "Running"}, "enableNodePublicIP": false, "enableCustomCATrust": false, "enableEncryptionAtHost": false, "enableUltraSSD": false, "enableFIPS": false, "networkProfile": {}, "name": "nodepool1"}], "linuxProfile": {"adminUsername": - "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\n"}]}}, "servicePrincipalProfile": {"clientId":"00000000-0000-0000-0000-000000000001"}, "addonProfiles": {"azurepolicy": {"enabled": true}}, "oidcIssuerProfile": {"enabled": false}, "nodeResourceGroup": "MC_clitest000001_cliakstest000002_westus2", "enableRBAC": true, "supportPlan": "KubernetesOfficial", "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": - "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", - "outboundType": "loadBalancer", "loadBalancerSku": "Standard", "loadBalancerProfile": - {"managedOutboundIPs": {"count": 1, "countIPv6": 0}, "effectiveOutboundIPs": - [{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda"}], + "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", "outboundType": "loadBalancer", + "loadBalancerSku": "Standard", "loadBalancerProfile": {"managedOutboundIPs": + {"count": 1, "countIPv6": 0}, "effectiveOutboundIPs": [{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/ca43f9f7-b0ad-4156-85f6-1f249a86abd9"}], "backendPoolType": "nodeIPConfiguration"}, "podCidrs": ["10.244.0.0/16"], "serviceCidrs": ["10.0.0.0/16"], "ipFamilies": ["IPv4"]}, "identityProfile": {"kubeletidentity": {"resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool", @@ -803,6 +985,8 @@ interactions: "workloadAutoScalerProfile": {}, "guardrailsProfile": {"version": "v1.0.0", "level": "Warning", "excludedNamespaces": ["test-ns1"]}}}' headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/GuardrailsPreview Accept: - application/json Accept-Encoding: @@ -812,16 +996,17 @@ interactions: Connection: - keep-alive Content-Length: - - '2852' + - '2815' Content-Type: - application/json ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n @@ -829,8 +1014,8 @@ interactions: \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Updating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": - \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \"cliakstest-clitests6pffkuwq-79a739\",\n \"fqdn\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -841,10 +1026,10 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-2204gen2containerd-202305.15.0\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null\n @@ -853,14 +1038,14 @@ interactions: \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": - [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/ca43f9f7-b0ad-4156-85f6-1f249a86abd9\"\n \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n - \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n - \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n - \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": - [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": - {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"outboundType\": \"loadBalancer\",\n + \ \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"identityProfile\": {\n \"kubeletidentity\": + {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": @@ -876,15 +1061,15 @@ interactions: {\n \"name\": \"Base\",\n \"tier\": \"Free\"\n }\n }" headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/5d8a7b42-71f6-4145-b187-1ff8296b0ef9?api-version=2016-03-30 cache-control: - no-cache content-length: - - '4525' + - '4484' content-type: - application/json date: - - Tue, 16 May 2023 23:17:17 GMT + - Fri, 26 May 2023 14:32:10 GMT expires: - '-1' pragma: @@ -900,7 +1085,7 @@ interactions: x-content-type-options: - nosniff x-ms-ratelimit-remaining-subscription-writes: - - '1198' + - '1199' status: code: 200 message: OK @@ -917,24 +1102,25 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/5d8a7b42-71f6-4145-b187-1ff8296b0ef9?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + string: "{\n \"name\": \"427b8a5d-f671-4541-b187-1ff8296b0ef9\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:32:09.118945Z\"\n }" headers: cache-control: - no-cache content-length: - - '126' + - '125' content-type: - application/json date: - - Tue, 16 May 2023 23:17:18 GMT + - Fri, 26 May 2023 14:32:10 GMT expires: - '-1' pragma: @@ -965,24 +1151,25 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/5d8a7b42-71f6-4145-b187-1ff8296b0ef9?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + string: "{\n \"name\": \"427b8a5d-f671-4541-b187-1ff8296b0ef9\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:32:09.118945Z\"\n }" headers: cache-control: - no-cache content-length: - - '126' + - '125' content-type: - application/json date: - - Tue, 16 May 2023 23:17:48 GMT + - Fri, 26 May 2023 14:32:40 GMT expires: - '-1' pragma: @@ -1013,24 +1200,25 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/5d8a7b42-71f6-4145-b187-1ff8296b0ef9?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + string: "{\n \"name\": \"427b8a5d-f671-4541-b187-1ff8296b0ef9\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:32:09.118945Z\"\n }" headers: cache-control: - no-cache content-length: - - '126' + - '125' content-type: - application/json date: - - Tue, 16 May 2023 23:18:18 GMT + - Fri, 26 May 2023 14:33:10 GMT expires: - '-1' pragma: @@ -1061,24 +1249,25 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/5d8a7b42-71f6-4145-b187-1ff8296b0ef9?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\"\n }" + string: "{\n \"name\": \"427b8a5d-f671-4541-b187-1ff8296b0ef9\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2023-05-26T14:32:09.118945Z\"\n }" headers: cache-control: - no-cache content-length: - - '126' + - '125' content-type: - application/json date: - - Tue, 16 May 2023 23:18:48 GMT + - Fri, 26 May 2023 14:33:40 GMT expires: - '-1' pragma: @@ -1109,25 +1298,26 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/21086a62-08e1-4d74-8d46-d18306fa8f15?api-version=2016-03-30 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/5d8a7b42-71f6-4145-b187-1ff8296b0ef9?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"626a0821-e108-744d-8d46-d18306fa8f15\",\n \"status\": - \"Succeeded\",\n \"startTime\": \"2023-05-16T23:17:17.3584233Z\",\n \"endTime\": - \"2023-05-16T23:19:01.6933962Z\"\n }" + string: "{\n \"name\": \"427b8a5d-f671-4541-b187-1ff8296b0ef9\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2023-05-26T14:32:09.118945Z\",\n \"endTime\": + \"2023-05-26T14:33:56.3878094Z\"\n }" headers: cache-control: - no-cache content-length: - - '170' + - '169' content-type: - application/json date: - - Tue, 16 May 2023 23:19:18 GMT + - Fri, 26 May 2023 14:34:10 GMT expires: - '-1' pragma: @@ -1158,11 +1348,12 @@ interactions: - keep-alive ParameterSetName: - --resource-group --name --guardrails-level --guardrails-version --guardrails-excluded-ns + --aks-custom-headers User-Agent: - - AZURECLI/2.48.1 azsdk-python-azure-mgmt-containerservice/22.0.0b Python/3.8.10 - (Linux-5.15.0-1037-azure-x86_64-with-glibc2.29) + - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/22.1.0b Python/3.8.10 + (Linux-5.15.0-1038-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-03-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-04-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n @@ -1170,8 +1361,8 @@ interactions: \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.25.6\",\n \"currentKubernetesVersion\": \"1.25.6\",\n \"dnsPrefix\": - \"cliakstest-clitestaemfx44ko-8ecadf\",\n \"fqdn\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestaemfx44ko-8ecadf-lcjx1m0c.portal.hcp.westus2.azmk8s.io\",\n + \"cliakstest-clitests6pffkuwq-79a739\",\n \"fqdn\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitests6pffkuwq-79a739-utpuacan.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -1182,10 +1373,10 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-2204gen2containerd-202304.20.0\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-2204gen2containerd-202305.15.0\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGQa69iofJ6bgs4v4xwBiRxhkicpRpuGToNRLZVZIISLwBGTFVQFBU2Hsv7NxsE79tLzMjuDS4+Q1B6M+sBrsK+DKO/8br9F4hunwmqlT6InyYkqcQYu9L/IBe81l0PbVUGt9ej5ceY+hvGp8dCDEntrI7Pfa4CK23wmvV7u72A8v6k4Esr9MQCvqE8ubPVBLgckdgwRrVcCNsGekENOp/3VXOeXZhDP6fVadboTid5Am/Hu5tCMpjdKZcCGCbqIyzrRJowlONPJU2/JXIcBD1oWDidTno/EmrkpE2LAskGiq6ztqjgNDiZa0zawlPF6VxI1a4Tr/hOq7wPbhlTg1 + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf9g3FbYA7YtMBxMqO0yWh9pIzUTZb2cDLPjPnR+TrezzTiMk8OrEHQDZurqQtf+E5r/qmvqVJKrkSNU2g4OOgFOQd7JAiDfxzWL967E4tx0avDUd/TaekUsP981tYkLDSUWEh6p5oVjh3ce4ngo++6XDX9IDAT/S8wReNmlAsuKlB8jEUeeSr/6lhFddi3d0lCsAQ7hY7f2emMM7UTf+89ioNSUztW86qQXeEUwSNJVDofHY5gWBKnHQVJxrKXLzQWlYd2pbB6AxE/V3lJEBPhIwpn3PycAzFafNXW0OacNfoke5nSxQxzSgo0VxiB1RUwBq6wQMisMv/12MZqjoN azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": {\n \"azurepolicy\": {\n \"enabled\": true,\n \"config\": null,\n @@ -1196,14 +1387,14 @@ interactions: \"KubernetesOfficial\",\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": - [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/13b8a9d3-a8f6-4756-9794-5f16d3e76fda\"\n + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/ca43f9f7-b0ad-4156-85f6-1f249a86abd9\"\n \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n - \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n - \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n - \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": - [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": - {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"outboundType\": \"loadBalancer\",\n + \ \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"identityProfile\": {\n \"kubeletidentity\": + {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": @@ -1221,11 +1412,11 @@ interactions: cache-control: - no-cache content-length: - - '4887' + - '4846' content-type: - application/json date: - - Tue, 16 May 2023 23:19:18 GMT + - Fri, 26 May 2023 14:34:11 GMT expires: - '-1' pragma: