[ContainerApp] az containerapp env: --infrastructure-resource-group

.github/policies/resourceManagement.yml

@@ -2525,6 +2525,9 @@ configuration:
         - titleContains:
             pattern: '\b(aks|Aks|AKS|acs|Acs|ACS|openshift|Openshift|OPENSHIFT)\b'
             isRegex: True
+        - bodyContains:
+            pattern: az \b(aks|acs|openshift)\b
+            isRegex: True
       then:
       - requestReview:
           reviewer: zhoxing-ms
@@ -2533,6 +2536,7 @@ configuration:
       - assignTo:
           users:
           - zhoxing-ms
+          - yanzhudd
       - addLabel:
           label: Auto-Assign
       - requestReview:
@@ -4234,7 +4238,7 @@ configuration:
       - addLabel:
           label: Auto-Assign
       - requestReview:
-          reviewer: wangzelin007
+          reviewer: yanzhudd
       - assignTo:
           users:
           - zhoxing-ms
@@ -5070,12 +5074,36 @@ configuration:
           label: Auto-Assign
       - requestReview:
           reviewer: zhoxing-ms
+      - requestReview:
+          reviewer: bavneetsingh16
       - assignTo:
           users:
           - zhoxing-ms
-      - requestReview:
-          reviewer: wangzelin007
       description: '[k8s-extension] Auto assign labels and reviewers based on PR title/description.'
+    - if:
+      - payloadType: Pull_Request
+      - isAction:
+          action: Opened
+      - or:
+        - titleContains:
+            pattern: k8s-configuration
+            isRegex: True
+        - bodyContains:
+            pattern: k8s-configuration
+            isRegex: True
+      then:
+      - requestReview:
+          reviewer: yonzhan
+      - addLabel:
+          label: Auto-Assign
+      - requestReview:
+          reviewer: zhoxing-ms
+      - requestReview:
+          reviewer: bavneetsingh16
+      - assignTo:
+          users:
+          - zhoxing-ms
+      description: '[k8s-configuration] Auto assign labels and reviewers based on PR title/description.'
     - if:
       - payloadType: Issues
       - or:
@@ -5350,6 +5378,9 @@ configuration:
       - isAction:
           action: Opened
       - or:
+        - titleContains:
+            pattern: '[Spring]'
+            isRegex: False
         - titleContains:
             pattern: az \b(spring)\b
             isRegex: True
@@ -5537,5 +5568,49 @@ configuration:
           users:
           - kairu-ms
       description: '[Arc Appliance] Auto assign labels and reviewers based on PR title/description.'
+    - if:
+      - payloadType: Pull_Request
+      - isAction:
+          action: Opened
+      - or:
+        - titleContains:
+            pattern: '\b([Ss]ervice ?[Cc]onnector)\b'
+            isRegex: True
+        - bodyContains:
+            pattern: '\b([Ss]ervice ?[Cc]onnector)\b'
+            isRegex: True
+      then:
+      - requestReview:
+          reviewer: kairu-ms
+      - requestReview:
+          reviewer: jsntcy
+      - addLabel:
+          label: Auto-Assign
+      - assignTo:
+          users:
+          - kairu-ms
+      description: '[Service Connector] Auto assign labels and reviewers based on PR title/description.'
+    - if:
+      - payloadType: Pull_Request
+      - isAction:
+          action: Opened
+      - or:
+        - titleContains:
+            pattern: '\b([Cc]onnected ?[Vv]mware)\b'
+            isRegex: True
+        - bodyContains:
+            pattern: '\b([Cc]onnected ?[Vv]mware)\b'
+            isRegex: True
+      then:
+      - requestReview:
+          reviewer: kairu-ms
+      - requestReview:
+          reviewer: jsntcy
+      - addLabel:
+          label: Auto-Assign
+      - assignTo:
+          users:
+          - kairu-ms
+      description: '[Connected Vmware] Auto assign labels and reviewers based on PR title/description.'
 onFailure: 
 onSuccess: 

src/aks-preview/azext_aks_preview/_help.py

@@ -181,19 +181,16 @@
           short-summary: Enable the Kubernetes addons in a comma-separated list.
           long-summary: |-
             These addons are available:
-                http_application_routing        - configure ingress with automatic public DNS name creation.
-                monitoring                      - turn on Log Analytics monitoring. Uses the Log Analytics Default Workspace if it exists, else creates one. Specify "--workspace-resource-id" to use an existing workspace.
-                                                  If monitoring addon is enabled --no-wait argument will have no effect
-                virtual-node                    - enable AKS Virtual Node. Requires --aci-subnet-name to provide the name of an existing subnet for the Virtual Node to use.
-                                                  aci-subnet-name must be in the same vnet which is specified by --vnet-subnet-id (required as well).
-                azure-policy                    - enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. Required if enabling Guardrails
-                                                  Learn more at aka.ms/aks/policy.
-                ingress-appgw                   - enable Application Gateway Ingress Controller addon (PREVIEW).
-                confcom                         - enable confcom addon, this will enable SGX device plugin by default(PREVIEW).
-                open-service-mesh               - enable Open Service Mesh addon (PREVIEW).
-                gitops                          - enable GitOps (PREVIEW).
-                azure-keyvault-secrets-provider - enable Azure Keyvault Secrets Provider addon.
-                web_application_routing         - enable Web Application Routing addon (PREVIEW). Specify "--dns-zone-resource-id" to configure DNS.
+            - http_application_routing        : configure ingress with automatic public DNS name creation.
+            - monitoring                      :  turn on Log Analytics monitoring. Uses the Log Analytics Default Workspace if it exists, else creates one. Specify "--workspace-resource-id" to use an existing workspace. If monitoring addon is enabled --no-wait argument will have no effect
+            - virtual-node                    : enable AKS Virtual Node. Requires --aci-subnet-name to provide the name of an existing subnet for the Virtual Node to use. aci-subnet-name must be in the same vnet which is specified by --vnet-subnet-id (required as well).
+            - azure-policy                    : enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. Required if enabling Guardrails. Learn more at aka.ms/aks/policy.
+            - ingress-appgw                   : enable Application Gateway Ingress Controller addon (PREVIEW).
+            - confcom                         : enable confcom addon, this will enable SGX device plugin by default(PREVIEW).
+            - open-service-mesh               : enable Open Service Mesh addon (PREVIEW).
+            - gitops                          : enable GitOps (PREVIEW).
+            - azure-keyvault-secrets-provider : enable Azure Keyvault Secrets Provider addon.
+            - web_application_routing         : enable Web Application Routing addon (PREVIEW). Specify "--dns-zone-resource-id" to configure DNS.
         - name: --disable-rbac
           type: bool
           short-summary: Disable Kubernetes Role-Based Access Control.
@@ -2607,7 +2604,7 @@
       - name: Enable Azure Service Mesh with selfsigned CA.
         text: az aks mesh enable --resource-group MyResourceGroup --name MyManagedCluster
       - name: Enable Azure Service Mesh with plugin CA.
-        text: az aks mesh enable --resource-group MyResourceGroup --name MyManagedCluster --key-vault-id my-akv-id --ca-cert-object-name my-ca-cert --ca-key-object-name my-ca-key --cert-chain-object-name my-cert-chain --root-cert-object-name my-root-cert
+        text: az aks mesh enable --resource-group MyResourceGroup --name MyManagedCluster --key-vault-id /subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/foo/providers/Microsoft.KeyVault/vaults/foo --ca-cert-object-name my-ca-cert --ca-key-object-name my-ca-key --cert-chain-object-name my-cert-chain --root-cert-object-name my-root-cert
 
 """
 

src/aks-preview/azext_aks_preview/managed_cluster_decorator.py

@@ -2162,6 +2162,12 @@ def update_azure_service_mesh_profile(self) -> ServiceMeshProfile:
             if cert_chain_object_name is None:
                 raise InvalidArgumentValueError('--cert-chain-object-name is required to use Azure Service Mesh plugin CA feature.')
 
+        if key_vault_id is not None and (
+                not is_valid_resource_id(key_vault_id) or "providers/Microsoft.KeyVault/vaults" not in key_vault_id):
+            raise InvalidArgumentValueError(
+                key_vault_id + " is not a valid Azure Keyvault resource ID."
+            )
+
         if enable_asm and all([key_vault_id, ca_cert_object_name, ca_key_object_name, root_cert_object_name, cert_chain_object_name]):
             if new_profile.istio.certificate_authority is None:
                 new_profile.istio.certificate_authority = self.models.IstioCertificateAuthority()