diff --git a/src/aks-preview/azext_aks_preview/commands.py b/src/aks-preview/azext_aks_preview/commands.py index 125e2914eb7..213c18539aa 100644 --- a/src/aks-preview/azext_aks_preview/commands.py +++ b/src/aks-preview/azext_aks_preview/commands.py @@ -13,7 +13,7 @@ cf_nodepool_snapshots, cf_trustedaccess_role, cf_trustedaccess_role_binding, - cf_machines + cf_machines, ) from azext_aks_preview._format import ( aks_addon_list_available_table_format, @@ -50,7 +50,7 @@ def transform_mc_objects_with_custom_cas(result): def _patch_custom_cas_in_security_profile(security_profile): # modify custom_ca_trust_certificates in-place # security_profile shouldn't be None - custom_cas = getattr(security_profile, 'custom_ca_trust_certificates', None) + custom_cas = getattr(security_profile, "custom_ca_trust_certificates", None) if custom_cas: decoded_custom_cas = [] for custom_ca in custom_cas: @@ -71,275 +71,347 @@ def _patch_custom_cas_in_security_profile(security_profile): result = [result] for r in result: - if getattr(r, 'security_profile', None): + if getattr(r, "security_profile", None): # security_profile shouldn't be None _patch_custom_cas_in_security_profile(r.security_profile) return result[0] if singular else result +# pylint: disable=too-many-statements def load_command_table(self, _): - managed_clusters_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._managed_clusters_operations#ManagedClustersOperations.{}', - operation_group='managed_clusters', - client_factory=cf_managed_clusters + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._managed_clusters_operations#ManagedClustersOperations.{}", + operation_group="managed_clusters", + client_factory=cf_managed_clusters, ) agent_pools_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._agent_pools_operations#AgentPoolsOperations.{}', - client_factory=cf_managed_clusters + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._agent_pools_operations#AgentPoolsOperations.{}", + client_factory=cf_managed_clusters, ) machines_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._machine_operations#MachinesOperations.{}', - client_factory=cf_managed_clusters + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._machine_operations#MachinesOperations.{}", + client_factory=cf_managed_clusters, ) maintenance_configuration_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._maintenance_configurations_operations#MaintenanceConfigurationsOperations.{}', - client_factory=cf_maintenance_configurations + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._maintenance_configurations_operations#MaintenanceConfigurationsOperations.{}", + client_factory=cf_maintenance_configurations, ) nodepool_snapshot_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._snapshots_operations#SnapshotsOperations.{}', - client_factory=cf_nodepool_snapshots + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._snapshots_operations#SnapshotsOperations.{}", + client_factory=cf_nodepool_snapshots, ) mc_snapshot_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._managed_clusters_snapshots_operations#ManagedClusterSnapshotsOperations.{}', - client_factory=cf_mc_snapshots + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._managed_clusters_snapshots_operations#ManagedClusterSnapshotsOperations.{}", + client_factory=cf_mc_snapshots, ) trustedaccess_role_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._trusted_access_roles_operations#TrustedAccessRolesOperations.{}', - client_factory=cf_trustedaccess_role + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._trusted_access_roles_operations#TrustedAccessRolesOperations.{}", + client_factory=cf_trustedaccess_role, ) trustedaccess_role_binding_sdk = CliCommandType( - operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' - 'operations._trusted_access_role_bindings_operations#TrustedAccessRoleBindingsOperations.{}', - client_factory=cf_trustedaccess_role_binding + operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks." + "operations._trusted_access_role_bindings_operations#TrustedAccessRoleBindingsOperations.{}", + client_factory=cf_trustedaccess_role_binding, ) # AKS managed cluster commands - with self.command_group('aks', managed_clusters_sdk, client_factory=cf_managed_clusters, - transform=transform_mc_objects_with_custom_cas) as g: - g.custom_command('browse', 'aks_browse') - g.custom_command('create', 'aks_create', supports_no_wait=True) - g.custom_command('update', 'aks_update', supports_no_wait=True) - g.command('get-upgrades', 'get_upgrade_profile', table_transformer=aks_upgrades_table_format) - g.custom_command('upgrade', 'aks_upgrade', supports_no_wait=True) - g.custom_command('scale', 'aks_scale', supports_no_wait=True) - g.command('delete', 'begin_delete', supports_no_wait=True, confirmation=True) - g.custom_show_command('show', 'aks_show', table_transformer=aks_show_table_format) - g.custom_command('list', 'aks_list', table_transformer=aks_list_table_format) - g.custom_command('enable-addons', 'aks_enable_addons', supports_no_wait=True) - g.custom_command('disable-addons', 'aks_disable_addons', supports_no_wait=True) - g.custom_command('get-credentials', 'aks_get_credentials') - g.custom_command('rotate-certs', 'aks_rotate_certs', supports_no_wait=True, - confirmation='Kubernetes will be unavailable during certificate rotation process.\n' + - 'Are you sure you want to perform this operation?') - g.custom_command('stop', 'aks_stop', supports_no_wait=True) - g.command('start', 'begin_start', supports_no_wait=True) - g.wait_command('wait') - g.custom_command('get-versions', 'aks_get_versions', table_transformer=aks_versions_table_format) + with self.command_group( + "aks", + managed_clusters_sdk, + client_factory=cf_managed_clusters, + transform=transform_mc_objects_with_custom_cas, + ) as g: + g.custom_command("browse", "aks_browse") + g.custom_command("create", "aks_create", supports_no_wait=True) + g.custom_command("update", "aks_update", supports_no_wait=True) + g.command( + "get-upgrades", + "get_upgrade_profile", + table_transformer=aks_upgrades_table_format, + ) + g.custom_command("upgrade", "aks_upgrade", supports_no_wait=True) + g.custom_command("scale", "aks_scale", supports_no_wait=True) + g.command("delete", "begin_delete", supports_no_wait=True, confirmation=True) + g.custom_show_command( + "show", "aks_show", table_transformer=aks_show_table_format + ) + g.custom_command("list", "aks_list", table_transformer=aks_list_table_format) + g.custom_command("enable-addons", "aks_enable_addons", supports_no_wait=True) + g.custom_command("disable-addons", "aks_disable_addons", supports_no_wait=True) + g.custom_command("get-credentials", "aks_get_credentials") + g.custom_command( + "rotate-certs", + "aks_rotate_certs", + supports_no_wait=True, + confirmation="Kubernetes will be unavailable during certificate rotation process.\n" + + "Are you sure you want to perform this operation?", + ) + g.custom_command("stop", "aks_stop", supports_no_wait=True) + g.command("start", "begin_start", supports_no_wait=True) + g.wait_command("wait") + g.custom_command( + "get-versions", + "aks_get_versions", + table_transformer=aks_versions_table_format, + ) # aks-preview only - g.custom_command('kollect', 'aks_kollect') - g.custom_command('kanalyze', 'aks_kanalyze') - g.custom_command('get-os-options', 'aks_get_os_options') - g.custom_command('operation-abort', 'aks_operation_abort', supports_no_wait=True) + g.custom_command("kollect", "aks_kollect") + g.custom_command("kanalyze", "aks_kanalyze") + g.custom_command("get-os-options", "aks_get_os_options") + g.custom_command( + "operation-abort", "aks_operation_abort", supports_no_wait=True + ) # AKS maintenance configuration commands - with self.command_group('aks maintenanceconfiguration', maintenance_configuration_sdk, client_factory=cf_maintenance_configurations) as g: - g.custom_command('list', 'aks_maintenanceconfiguration_list') - g.custom_show_command('show', 'aks_maintenanceconfiguration_show') - g.custom_command('add', 'aks_maintenanceconfiguration_add') - g.custom_command('update', 'aks_maintenanceconfiguration_update') - g.custom_command('delete', 'aks_maintenanceconfiguration_delete') + with self.command_group( + "aks maintenanceconfiguration", + maintenance_configuration_sdk, + client_factory=cf_maintenance_configurations, + ) as g: + g.custom_command("list", "aks_maintenanceconfiguration_list") + g.custom_show_command("show", "aks_maintenanceconfiguration_show") + g.custom_command("add", "aks_maintenanceconfiguration_add") + g.custom_command("update", "aks_maintenanceconfiguration_update") + g.custom_command("delete", "aks_maintenanceconfiguration_delete") # AKS addon commands - with self.command_group('aks addon', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command('list-available', 'aks_addon_list_available', - table_transformer=aks_addon_list_available_table_format) - g.custom_command('list', 'aks_addon_list', - table_transformer=aks_addon_list_table_format) - g.custom_show_command('show', 'aks_addon_show', - table_transformer=aks_addon_show_table_format) - g.custom_command('enable', 'aks_addon_enable', supports_no_wait=True) - g.custom_command('disable', 'aks_addon_disable', supports_no_wait=True) - g.custom_command('update', 'aks_addon_update', supports_no_wait=True) + with self.command_group( + "aks addon", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command( + "list-available", + "aks_addon_list_available", + table_transformer=aks_addon_list_available_table_format, + ) + g.custom_command( + "list", "aks_addon_list", table_transformer=aks_addon_list_table_format + ) + g.custom_show_command( + "show", "aks_addon_show", table_transformer=aks_addon_show_table_format + ) + g.custom_command("enable", "aks_addon_enable", supports_no_wait=True) + g.custom_command("disable", "aks_addon_disable", supports_no_wait=True) + g.custom_command("update", "aks_addon_update", supports_no_wait=True) # AKS agent pool commands - with self.command_group('aks nodepool', agent_pools_sdk, client_factory=cf_agent_pools) as g: - g.custom_command('list', 'aks_agentpool_list', - table_transformer=aks_agentpool_list_table_format) - g.custom_show_command('show', 'aks_agentpool_show', - table_transformer=aks_agentpool_show_table_format) - g.custom_command('add', 'aks_agentpool_add', supports_no_wait=True) - g.custom_command('scale', 'aks_agentpool_scale', supports_no_wait=True) - g.custom_command('upgrade', 'aks_agentpool_upgrade', - supports_no_wait=True) - g.custom_command('update', 'aks_agentpool_update', - supports_no_wait=True) - g.custom_command('delete', 'aks_agentpool_delete', - supports_no_wait=True) - g.custom_command('get-upgrades', 'aks_agentpool_get_upgrade_profile') - g.custom_command('stop', 'aks_agentpool_stop', supports_no_wait=True) - g.custom_command('start', 'aks_agentpool_start', supports_no_wait=True) - g.custom_command('operation-abort', 'aks_agentpool_operation_abort', supports_no_wait=True) - - with self.command_group('aks machine', machines_sdk, client_factory=cf_machines) as g: - g.custom_command('list', 'aks_machine_list', - table_transformer=aks_machine_list_table_format) - g.custom_show_command('show', 'aks_machine_show', - table_transformer=aks_machine_show_table_format) + with self.command_group( + "aks nodepool", agent_pools_sdk, client_factory=cf_agent_pools + ) as g: + g.custom_command( + "list", + "aks_agentpool_list", + table_transformer=aks_agentpool_list_table_format, + ) + g.custom_show_command( + "show", + "aks_agentpool_show", + table_transformer=aks_agentpool_show_table_format, + ) + g.custom_command("add", "aks_agentpool_add", supports_no_wait=True) + g.custom_command("scale", "aks_agentpool_scale", supports_no_wait=True) + g.custom_command("upgrade", "aks_agentpool_upgrade", supports_no_wait=True) + g.custom_command("update", "aks_agentpool_update", supports_no_wait=True) + g.custom_command("delete", "aks_agentpool_delete", supports_no_wait=True) + g.custom_command("get-upgrades", "aks_agentpool_get_upgrade_profile") + g.custom_command("stop", "aks_agentpool_stop", supports_no_wait=True) + g.custom_command("start", "aks_agentpool_start", supports_no_wait=True) + g.custom_command( + "operation-abort", "aks_agentpool_operation_abort", supports_no_wait=True + ) + + with self.command_group( + "aks machine", machines_sdk, client_factory=cf_machines + ) as g: + g.custom_command( + "list", "aks_machine_list", table_transformer=aks_machine_list_table_format + ) + g.custom_show_command( + "show", "aks_machine_show", table_transformer=aks_machine_show_table_format + ) # AKS draft commands - with self.command_group('aks draft', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command('create', 'aks_draft_create') - g.custom_command('setup-gh', 'aks_draft_setup_gh') - g.custom_command('generate-workflow', 'aks_draft_generate_workflow') - g.custom_command('up', 'aks_draft_up') - g.custom_command('update', 'aks_draft_update') + with self.command_group( + "aks draft", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command("create", "aks_draft_create") + g.custom_command("setup-gh", "aks_draft_setup_gh") + g.custom_command("generate-workflow", "aks_draft_generate_workflow") + g.custom_command("up", "aks_draft_up") + g.custom_command("update", "aks_draft_update") # AKS pod identity commands - with self.command_group('aks pod-identity', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command('add', 'aks_pod_identity_add') - g.custom_command('delete', 'aks_pod_identity_delete') - g.custom_command('list', 'aks_pod_identity_list', - table_transformer=aks_pod_identities_table_format) + with self.command_group( + "aks pod-identity", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command("add", "aks_pod_identity_add") + g.custom_command("delete", "aks_pod_identity_delete") + g.custom_command( + "list", + "aks_pod_identity_list", + table_transformer=aks_pod_identities_table_format, + ) # AKS pod identity exception commands - with self.command_group('aks pod-identity exception', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command('add', 'aks_pod_identity_exception_add') - g.custom_command('delete', 'aks_pod_identity_exception_delete') - g.custom_command('update', 'aks_pod_identity_exception_update') - g.custom_command('list', 'aks_pod_identity_exception_list', - table_transformer=aks_pod_identity_exceptions_table_format) + with self.command_group( + "aks pod-identity exception", + managed_clusters_sdk, + client_factory=cf_managed_clusters, + ) as g: + g.custom_command("add", "aks_pod_identity_exception_add") + g.custom_command("delete", "aks_pod_identity_exception_delete") + g.custom_command("update", "aks_pod_identity_exception_update") + g.custom_command( + "list", + "aks_pod_identity_exception_list", + table_transformer=aks_pod_identity_exceptions_table_format, + ) # AKS egress commands - with self.command_group('aks egress-endpoints', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command('list', 'aks_egress_endpoints_list') + with self.command_group( + "aks egress-endpoints", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command("list", "aks_egress_endpoints_list") # AKS nodepool snapshot commands - with self.command_group('aks nodepool snapshot', nodepool_snapshot_sdk, client_factory=cf_nodepool_snapshots) as g: - g.custom_command('list', 'aks_nodepool_snapshot_list', - table_transformer=aks_list_nodepool_snapshot_table_format) - g.custom_show_command('show', 'aks_nodepool_snapshot_show', - table_transformer=aks_show_nodepool_snapshot_table_format) - g.custom_command('create', 'aks_nodepool_snapshot_create', - supports_no_wait=True) - g.custom_command('update', 'aks_nodepool_snapshot_update') - g.custom_command('delete', 'aks_nodepool_snapshot_delete', - supports_no_wait=True) + with self.command_group( + "aks nodepool snapshot", + nodepool_snapshot_sdk, + client_factory=cf_nodepool_snapshots, + ) as g: + g.custom_command( + "list", + "aks_nodepool_snapshot_list", + table_transformer=aks_list_nodepool_snapshot_table_format, + ) + g.custom_show_command( + "show", + "aks_nodepool_snapshot_show", + table_transformer=aks_show_nodepool_snapshot_table_format, + ) + g.custom_command( + "create", "aks_nodepool_snapshot_create", supports_no_wait=True + ) + g.custom_command("update", "aks_nodepool_snapshot_update") + g.custom_command( + "delete", "aks_nodepool_snapshot_delete", supports_no_wait=True + ) # AKS mc snapshot commands - with self.command_group('aks snapshot', mc_snapshot_sdk, client_factory=cf_mc_snapshots) as g: - g.custom_command('list', 'aks_snapshot_list', - table_transformer=aks_list_snapshot_table_format) - g.custom_show_command('show', 'aks_snapshot_show', - table_transformer=aks_show_snapshot_table_format) - g.custom_command('create', 'aks_snapshot_create', - supports_no_wait=True) - g.custom_command('delete', 'aks_snapshot_delete', - supports_no_wait=True) + with self.command_group( + "aks snapshot", mc_snapshot_sdk, client_factory=cf_mc_snapshots + ) as g: + g.custom_command( + "list", + "aks_snapshot_list", + table_transformer=aks_list_snapshot_table_format, + ) + g.custom_show_command( + "show", + "aks_snapshot_show", + table_transformer=aks_show_snapshot_table_format, + ) + g.custom_command("create", "aks_snapshot_create", supports_no_wait=True) + g.custom_command("delete", "aks_snapshot_delete", supports_no_wait=True) # AKS trusted access role commands - with self.command_group('aks trustedaccess role', trustedaccess_role_sdk, client_factory=cf_trustedaccess_role) as g: - g.custom_command('list', 'aks_trustedaccess_role_list') + with self.command_group( + "aks trustedaccess role", + trustedaccess_role_sdk, + client_factory=cf_trustedaccess_role, + ) as g: + g.custom_command("list", "aks_trustedaccess_role_list") # AKS trusted access rolebinding commands - with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g: - g.custom_command('list', 'aks_trustedaccess_role_binding_list') - g.custom_show_command('show', 'aks_trustedaccess_role_binding_get') - g.custom_command('create', 'aks_trustedaccess_role_binding_create') - g.custom_command('update', 'aks_trustedaccess_role_binding_update') - g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', confirmation=True) + with self.command_group( + "aks trustedaccess rolebinding", + trustedaccess_role_binding_sdk, + client_factory=cf_trustedaccess_role_binding, + ) as g: + g.custom_command("list", "aks_trustedaccess_role_binding_list") + g.custom_show_command("show", "aks_trustedaccess_role_binding_get") + g.custom_command("create", "aks_trustedaccess_role_binding_create") + g.custom_command("update", "aks_trustedaccess_role_binding_update") + g.custom_command( + "delete", "aks_trustedaccess_role_binding_delete", confirmation=True + ) # AKS mesh commands - with self.command_group('aks mesh', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: + with self.command_group( + "aks mesh", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command("enable", "aks_mesh_enable", supports_no_wait=True) g.custom_command( - 'enable', - 'aks_mesh_enable', - supports_no_wait=True) + "disable", "aks_mesh_disable", supports_no_wait=True, confirmation=True + ) g.custom_command( - 'disable', - 'aks_mesh_disable', + "enable-ingress-gateway", + "aks_mesh_enable_ingress_gateway", supports_no_wait=True, - confirmation=True) - g.custom_command( - 'enable-ingress-gateway', - 'aks_mesh_enable_ingress_gateway', - supports_no_wait=True) + ) g.custom_command( - 'enable-egress-gateway', - 'aks_mesh_enable_egress_gateway', - supports_no_wait=True) + "enable-egress-gateway", + "aks_mesh_enable_egress_gateway", + supports_no_wait=True, + ) g.custom_command( - 'disable-ingress-gateway', - 'aks_mesh_disable_ingress_gateway', + "disable-ingress-gateway", + "aks_mesh_disable_ingress_gateway", supports_no_wait=True, - confirmation=True) + confirmation=True, + ) g.custom_command( - 'disable-egress-gateway', - 'aks_mesh_disable_egress_gateway', + "disable-egress-gateway", + "aks_mesh_disable_egress_gateway", supports_no_wait=True, - confirmation=True) + confirmation=True, + ) g.custom_command( - 'get-revisions', - 'aks_mesh_get_revisions', - table_transformer=aks_mesh_revisions_table_format) + "get-revisions", + "aks_mesh_get_revisions", + table_transformer=aks_mesh_revisions_table_format, + ) g.custom_command( - 'get-upgrades', - 'aks_mesh_get_upgrades', - table_transformer=aks_mesh_upgrades_table_format) + "get-upgrades", + "aks_mesh_get_upgrades", + table_transformer=aks_mesh_upgrades_table_format, + ) # AKS mesh upgrade commands - with self.command_group('aks mesh upgrade', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command( - 'start', - 'aks_mesh_upgrade_start', - supports_no_wait=True) - g.custom_command( - 'complete', - 'aks_mesh_upgrade_complete', - supports_no_wait=True) - g.custom_command( - 'rollback', - 'aks_mesh_upgrade_rollback', - supports_no_wait=True) + with self.command_group( + "aks mesh upgrade", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command("start", "aks_mesh_upgrade_start", supports_no_wait=True) + g.custom_command("complete", "aks_mesh_upgrade_complete", supports_no_wait=True) + g.custom_command("rollback", "aks_mesh_upgrade_rollback", supports_no_wait=True) # AKS approuting commands - with self.command_group('aks approuting', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command( - 'enable', - 'aks_approuting_enable') - g.custom_command( - 'disable', - 'aks_approuting_disable', confirmation=True) - g.custom_command( - 'update', - 'aks_approuting_update') + with self.command_group( + "aks approuting", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command("enable", "aks_approuting_enable") + g.custom_command("disable", "aks_approuting_disable", confirmation=True) + g.custom_command("update", "aks_approuting_update") # AKS approuting dns-zone commands - with self.command_group('aks approuting zone', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: - g.custom_command( - 'add', - 'aks_approuting_zone_add') - g.custom_command( - 'delete', - 'aks_approuting_zone_delete', confirmation=True) - g.custom_command( - 'update', - 'aks_approuting_zone_update') - g.custom_command( - 'list', - 'aks_approuting_zone_list') + with self.command_group( + "aks approuting zone", managed_clusters_sdk, client_factory=cf_managed_clusters + ) as g: + g.custom_command("add", "aks_approuting_zone_add") + g.custom_command("delete", "aks_approuting_zone_delete", confirmation=True) + g.custom_command("update", "aks_approuting_zone_update") + g.custom_command("list", "aks_approuting_zone_list") diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 638b743f056..9ee5b8915c5 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1,9 +1,9 @@ # -------------------------------------------------------------------------------------------- -# -------------------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. See License.txt in the project root for license information. # -------------------------------------------------------------------------------------------- +# pylint: disable=too-many-lines import datetime import json import os @@ -22,7 +22,6 @@ cf_agent_pools, get_graph_rbac_management_client, get_msi_client, - cf_machines ) from azext_aks_preview._consts import ( ADDONS, @@ -49,7 +48,6 @@ CONST_SPOT_EVICTION_POLICY_DELETE, CONST_VIRTUAL_NODE_ADDON_NAME, CONST_VIRTUAL_NODE_SUBNET_NAME, - CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME, CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_START, CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_COMPLETE, CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_ROLLBACK, @@ -130,10 +128,10 @@ def wait_then_open(url): """ for _ in range(1, 10): try: - urlopen(url, context=_ssl_context()) + with urlopen(url, context=_ssl_context()): + break except URLError: time.sleep(1) - break webbrowser.open_new_tab(url) @@ -141,7 +139,7 @@ def wait_then_open_async(url): """ Spawns a thread that waits for a bit then opens a URL. """ - t = threading.Thread(target=wait_then_open, args=({url})) + t = threading.Thread(target=wait_then_open, args=url) t.daemon = True t.start() @@ -216,8 +214,10 @@ def create_application(client, display_name, homepage, identifier_uris, except GraphErrorException as ex: if 'insufficient privileges' in str(ex).lower(): link = 'https://docs.microsoft.com/azure/azure-resource-manager/resource-group-create-service-principal-portal' # pylint: disable=line-too-long - raise CLIError("Directory permission is needed for the current user to register the application. " - "For how to configure, please refer '{}'. Original error: {}".format(link, ex)) + raise CLIError( + "Directory permission is needed for the current user to register the application. " + f"For how to configure, please refer '{link}'." + ) from ex raise @@ -260,10 +260,10 @@ def create_service_principal(cli_ctx, identifier, resolve_app=True, rbac_client= try: uuid.UUID(identifier) result = list(rbac_client.applications.list( - filter="appId eq '{}'".format(identifier))) + filter=f"appId eq '{identifier}'")) except ValueError: result = list(rbac_client.applications.list( - filter="identifierUris/any(s:s eq '{}')".format(identifier))) + filter=f"identifierUris/any(s:s eq '{identifier}')")) if not result: # assume we get an object id result = [rbac_client.applications.get(identifier)] @@ -292,11 +292,10 @@ def _get_user_assigned_identity(cli_ctx, resource_id): resource_name=identity_name) except CloudError as ex: if 'was not found' in ex.message: - raise CLIError("Identity {} not found.".format(resource_id)) - raise CLIError(ex.message) + raise CLIError(f"Identity {resource_id} not found.") from ex + raise ex return identity - raise CLIError( - "Cannot parse identity name from provided resource id {}.".format(resource_id)) + raise CLIError(f"Cannot parse identity name from provided resource id {resource_id}.") def aks_browse( @@ -323,7 +322,7 @@ def aks_browse( def aks_maintenanceconfiguration_list( - cmd, + cmd, # pylint: disable=unused-argument client, resource_group_name, cluster_name @@ -332,7 +331,7 @@ def aks_maintenanceconfiguration_list( def aks_maintenanceconfiguration_show( - cmd, + cmd, # pylint: disable=unused-argument client, resource_group_name, cluster_name, @@ -344,7 +343,7 @@ def aks_maintenanceconfiguration_show( def aks_maintenanceconfiguration_delete( - cmd, + cmd, # pylint: disable=unused-argument client, resource_group_name, cluster_name, @@ -355,6 +354,7 @@ def aks_maintenanceconfiguration_delete( return client.delete(resource_group_name, cluster_name, config_name) +# pylint: disable=unused-argument def aks_maintenanceconfiguration_add( cmd, client, @@ -379,8 +379,10 @@ def aks_maintenanceconfiguration_add( configs = client.list_by_managed_cluster(resource_group_name, cluster_name) for config in configs: if config.name == config_name: - raise CLIError("Maintenance configuration '{}' already exists, please try a different name, " - "use 'aks maintenanceconfiguration list' to get current list of maitenance configurations".format(config_name)) + raise CLIError( + f"Maintenance configuration '{config_name}' already exists, please try a different name, " + "use 'aks maintenanceconfiguration list' to get current list of maitenance configurations" + ) # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() return aks_maintenanceconfiguration_update_internal(cmd, client, raw_parameters) @@ -414,14 +416,16 @@ def aks_maintenanceconfiguration_update( found = True break if not found: - raise CLIError("Maintenance configuration '{}' doesn't exist." - "use 'aks maintenanceconfiguration list' to get current list of maitenance configurations".format(config_name)) + raise CLIError( + f"Maintenance configuration '{config_name}' doesn't exist." + "use 'aks maintenanceconfiguration list' to get current list of maitenance configurations" + ) # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() return aks_maintenanceconfiguration_update_internal(cmd, client, raw_parameters) -# pylint: disable=too-many-locals +# pylint: disable=too-many-locals, unused-argument def aks_create( cmd, client, @@ -505,7 +509,7 @@ def aks_create( azure_keyvault_kms_key_vault_resource_id=None, http_proxy_config=None, # addons - enable_addons=None, + enable_addons=None, # pylint: disable=redefined-outer-name workspace_resource_id=None, enable_msi_auth_for_monitoring=True, enable_syslog=False, @@ -646,7 +650,7 @@ def aks_create( return aks_create_decorator.create_mc(mc) -# pylint: disable=too-many-locals +# pylint: disable=too-many-locals, unused-argument def aks_update( cmd, client, @@ -822,13 +826,16 @@ def aks_show(cmd, client, resource_group_name, name, aks_custom_headers=None): return _remove_nulls([mc])[0] +# pylint: disable=unused-argument def aks_stop(cmd, client, resource_group_name, name, no_wait=False): instance = client.get(resource_group_name, name) # print warning when stopping a private cluster if check_is_private_link_cluster(instance): - logger.warning('Your private cluster apiserver IP might get changed when it\'s stopped and started.\n' - 'Any user provisioned private endpoints linked to this private cluster will need to be deleted and created again. ' - 'Any user managed DNS record also needs to be updated with the new IP.') + logger.warning( + "Your private cluster apiserver IP might get changed when it's stopped and started.\n" + "Any user provisioned private endpoints linked to this private cluster will need to be deleted and " + "created again. Any user managed DNS record also needs to be updated with the new IP." + ) return sdk_no_wait(no_wait, client.begin_stop, resource_group_name, name) @@ -922,8 +929,8 @@ def aks_get_credentials( encoding='UTF-8') print_or_merge_credentials( path, kubeconfig, overwrite_existing, context_name) - except (IndexError, ValueError): - raise CLIError("Fail to find kubeconfig file.") + except (IndexError, ValueError) as exc: + raise CLIError("Fail to find kubeconfig file.") from exc def aks_scale(cmd, # pylint: disable=unused-argument @@ -939,8 +946,10 @@ def aks_scale(cmd, # pylint: disable=unused-argument _fill_defaults_for_pod_identity_profile(instance.pod_identity_profile) if len(instance.agent_pool_profiles) > 1 and nodepool_name == "": - raise CLIError('There are more than one node pool in the cluster. ' - 'Please specify nodepool name or use az aks nodepool command to scale node pool') + raise CLIError( + "There are more than one node pool in the cluster. " + "Please specify nodepool name or use az aks nodepool command to scale node pool" + ) for agent_profile in instance.agent_pool_profiles: if agent_profile.name == nodepool_name or (nodepool_name == "" and len(instance.agent_pool_profiles) == 1): @@ -948,14 +957,22 @@ def aks_scale(cmd, # pylint: disable=unused-argument raise CLIError( "Cannot scale cluster autoscaler enabled node pool.") - agent_profile.count = int(node_count) # pylint: disable=no-member + agent_profile.count = int(node_count) # null out the SP profile because otherwise validation complains instance.service_principal_profile = None - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, name, instance, headers=headers) - raise CLIError('The nodepool "{}" was not found.'.format(nodepool_name)) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + name, + instance, + headers=headers, + ) + raise CLIError(f'The nodepool "{nodepool_name}" was not found.') -def aks_upgrade(cmd, # pylint: disable=unused-argument, too-many-return-statements +# pylint: disable=too-many-return-statements, too-many-branches +def aks_upgrade(cmd, client, resource_group_name, name, @@ -1028,21 +1045,27 @@ def aks_upgrade(cmd, # pylint: disable=unused-argument, too-many-return-state # for legacy clusters, we always upgrade node pools with CCP. if instance.max_agent_pools < 8 or vmas_cluster: if control_plane_only: - msg = ("Legacy clusters do not support control plane only upgrade. All node pools will be " - "upgraded to {} as well. Continue?").format(instance.kubernetes_version) + msg = ( + "Legacy clusters do not support control plane only upgrade. All node pools will be " + f"upgraded to {instance.kubernetes_version} as well. Continue?" + ) if not yes and not prompt_y_n(msg, default="n"): return None upgrade_all = True else: if not control_plane_only: - msg = ("Since control-plane-only argument is not specified, this will upgrade the control plane " - "AND all nodepools to version {}. Continue?").format(instance.kubernetes_version) + msg = ( + "Since control-plane-only argument is not specified, this will upgrade the control plane " + f"AND all nodepools to version {instance.kubernetes_version}. Continue?" + ) if not yes and not prompt_y_n(msg, default="n"): return None upgrade_all = True else: - msg = ("Since control-plane-only argument is specified, this will upgrade only the control plane to {}. " - "Node pool will not change. Continue?").format(instance.kubernetes_version) + msg = ( + "Since control-plane-only argument is specified, this will upgrade only the control plane to " + f"{instance.kubernetes_version}. Node pool will not change. Continue?" + ) if not yes and not prompt_y_n(msg, default="n"): return None @@ -1059,12 +1082,21 @@ def aks_upgrade(cmd, # pylint: disable=unused-argument, too-many-return-state return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, name, instance, headers=headers) -def _upgrade_single_nodepool_image_version(no_wait, client, resource_group_name, cluster_name, nodepool_name, snapshot_id=None): +def _upgrade_single_nodepool_image_version( + no_wait, client, resource_group_name, cluster_name, nodepool_name, snapshot_id=None +): headers = {} if snapshot_id: headers["AKSSnapshotId"] = snapshot_id - return sdk_no_wait(no_wait, client.begin_upgrade_node_image_version, resource_group_name, cluster_name, nodepool_name, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_upgrade_node_image_version, + resource_group_name, + cluster_name, + nodepool_name, + headers=headers, + ) def aks_agentpool_show(cmd, # pylint: disable=unused-argument @@ -1234,7 +1266,15 @@ def aks_agentpool_scale(cmd, # pylint: disable=unused-argument raise CLIError( "The new node count is the same as the current node count.") instance.count = new_node_count # pylint: disable=no-member - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + nodepool_name, + instance, + headers=headers, + ) def aks_agentpool_upgrade(cmd, @@ -1266,9 +1306,10 @@ def aks_agentpool_upgrade(cmd, # Note: we exclude this option because node image upgrade can't accept nodepool put fields like max surge if (max_surge or drain_timeout or node_soak_duration) and node_image_only: raise MutuallyExclusiveArgumentError( - 'Conflicting flags. Unable to specify max-surge/drain-timeout/node-soak-duration with node-image-only.' - 'If you want to use max-surge/drain-timeout/node-soak-duration with a node image upgrade, please first ' - 'update max-surge/drain-timeout/node-soak-duration using "az aks nodepool update --max-surge/--drain-timeout/--node-soak-duration".' + "Conflicting flags. Unable to specify max-surge/drain-timeout/node-soak-duration with node-image-only." + "If you want to use max-surge/drain-timeout/node-soak-duration with a node image upgrade, please first " + "update max-surge/drain-timeout/node-soak-duration using " + '"az aks nodepool update --max-surge/--drain-timeout/--node-soak-duration".' ) if node_image_only: @@ -1301,9 +1342,16 @@ def aks_agentpool_upgrade(cmd, if kubernetes_version != '' or instance.orchestrator_version == kubernetes_version: msg = "The new kubernetes version is the same as the current kubernetes version." if instance.provisioning_state == "Succeeded": - msg = "The cluster is already on version {} and is not in a failed state. No operations will occur when upgrading to the same version if the cluster is not in a failed state.".format(instance.orchestrator_version) + msg = ( + f"The cluster is already on version {instance.orchestrator_version} and is not in a failed state. " + "No operations will occur when upgrading to the same version if the cluster " + "is not in a failed state." + ) elif instance.provisioning_state == "Failed": - msg = "Cluster currently in failed state. Proceeding with upgrade to existing version {} to attempt resolution of failed cluster state.".format(instance.orchestrator_version) + msg = ( + "Cluster currently in failed state. Proceeding with upgrade to existing version " + f"{instance.orchestrator_version} to attempt resolution of failed cluster state." + ) if not yes and not prompt_y_n(msg): return None @@ -1370,13 +1418,22 @@ def aks_agentpool_stop(cmd, # pylint: disable=unused-argument if not agentpool_exists: raise InvalidArgumentValueError( - "Node pool {} doesnt exist, use 'aks nodepool list' to get current node pool list".format(nodepool_name)) + f"Node pool {nodepool_name} doesnt exist, use 'aks nodepool list' to get current node pool list" + ) instance = client.get(resource_group_name, cluster_name, nodepool_name) power_state = PowerState(code="Stopped") instance.power_state = power_state headers = get_aks_custom_headers(aks_custom_headers) - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + nodepool_name, + instance, + headers=headers, + ) def aks_agentpool_start(cmd, # pylint: disable=unused-argument @@ -1400,12 +1457,21 @@ def aks_agentpool_start(cmd, # pylint: disable=unused-argument break if not agentpool_exists: raise InvalidArgumentValueError( - "Node pool {} doesnt exist, use 'aks nodepool list' to get current node pool list".format(nodepool_name)) + f"Node pool {nodepool_name} doesnt exist, use 'aks nodepool list' to get current node pool list" + ) instance = client.get(resource_group_name, cluster_name, nodepool_name) power_state = PowerState(code="Running") instance.power_state = power_state headers = get_aks_custom_headers(aks_custom_headers) - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + nodepool_name, + instance, + headers=headers, + ) def aks_agentpool_delete(cmd, # pylint: disable=unused-argument @@ -1423,10 +1489,19 @@ def aks_agentpool_delete(cmd, # pylint: disable=unused-argument break if not agentpool_exists: - raise CLIError("Node pool {} doesnt exist, " - "use 'aks nodepool list' to get current node pool list".format(nodepool_name)) + raise CLIError( + f"Node pool {nodepool_name} doesnt exist, " + "use 'aks nodepool list' to get current node pool list" + ) - return sdk_no_wait(no_wait, client.begin_delete, resource_group_name, cluster_name, nodepool_name, ignore_pod_disruption_budget=ignore_pod_disruption_budget) + return sdk_no_wait( + no_wait, + client.begin_delete, + resource_group_name, + cluster_name, + nodepool_name, + ignore_pod_disruption_budget=ignore_pod_disruption_budget, + ) def aks_agentpool_operation_abort(cmd, # pylint: disable=unused-argument @@ -1450,12 +1525,19 @@ def aks_agentpool_operation_abort(cmd, # pylint: disable=unused-argument break if not agentpool_exists: raise InvalidArgumentValueError( - "Node pool {} doesnt exist, use 'aks nodepool list' to get current node pool list".format(nodepool_name)) + f"Node pool {nodepool_name} doesnt exist, use 'aks nodepool list' to get current node pool list") instance = client.get(resource_group_name, cluster_name, nodepool_name) power_state = PowerState(code="Running") instance.power_state = power_state headers = get_aks_custom_headers(aks_custom_headers) - return sdk_no_wait(no_wait, client.begin_abort_latest_operation, resource_group_name, cluster_name, nodepool_name, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_abort_latest_operation, + resource_group_name, + cluster_name, + nodepool_name, + headers=headers, + ) def aks_operation_abort(cmd, # pylint: disable=unused-argument @@ -1473,7 +1555,9 @@ def aks_operation_abort(cmd, # pylint: disable=unused-argument instance = client.get(resource_group_name, name) power_state = PowerState(code="Running") if instance is None: - raise InvalidArgumentValueError("Cluster {} doesnt exist, use 'aks list' to get current cluster list".format(name)) + raise InvalidArgumentValueError( + f"Cluster {name} doesnt exist, use 'aks list' to get current cluster list" + ) instance.power_state = power_state headers = get_aks_custom_headers(aks_custom_headers) return sdk_no_wait(no_wait, client.begin_abort_latest_operation, resource_group_name, name, headers=headers) @@ -1503,28 +1587,24 @@ def aks_addon_list(cmd, client, resource_group_name, name): current_addons = [] os_type = 'Linux' - for name, addon_key in ADDONS.items(): + for addon_name, addon_key in ADDONS.items(): # web_application_routing is a special case, the configuration is stored in a separate profile - if name == "web_application_routing": - enabled = ( - True - if mc.ingress_profile and + if addon_name == "web_application_routing": + enabled = bool( + mc.ingress_profile and mc.ingress_profile.web_app_routing and mc.ingress_profile.web_app_routing.enabled - else False ) else: - if name == "virtual-node": + if addon_name == "virtual-node": addon_key += os_type - enabled = ( - True - if mc.addon_profiles and + enabled = bool( + mc.addon_profiles and addon_key in mc.addon_profiles and mc.addon_profiles[addon_key].enabled - else False ) current_addons.append({ - "name": name, + "name": addon_name, "api_key": addon_key, "enabled": enabled }) @@ -1539,7 +1619,11 @@ def aks_addon_show(cmd, client, resource_group_name, name, addon): # web_application_routing is a special case, the configuration is stored in a separate profile if addon == "web_application_routing": - if not mc.ingress_profile and not mc.ingress_profile.web_app_routing and not mc.ingress_profile.web_app_routing.enabled: + if ( + not mc.ingress_profile and + not mc.ingress_profile.web_app_routing and + not mc.ingress_profile.web_app_routing.enabled + ): raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') return { "name": addon, @@ -1558,32 +1642,84 @@ def aks_addon_show(cmd, client, resource_group_name, name, addon): } -def aks_addon_enable(cmd, client, resource_group_name, name, addon, workspace_resource_id=None, - subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, - appgw_subnet_id=None, - appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, - no_wait=False, enable_msi_auth_for_monitoring=True, - dns_zone_resource_id=None, dns_zone_resource_ids=None, enable_syslog=False, data_collection_settings=None): - return enable_addons(cmd, client, resource_group_name, name, addon, workspace_resource_id=workspace_resource_id, - subnet_name=subnet_name, appgw_name=appgw_name, appgw_subnet_prefix=appgw_subnet_prefix, - appgw_subnet_cidr=appgw_subnet_cidr, appgw_id=appgw_id, appgw_subnet_id=appgw_subnet_id, - appgw_watch_namespace=appgw_watch_namespace, enable_sgxquotehelper=enable_sgxquotehelper, - enable_secret_rotation=enable_secret_rotation, rotation_poll_interval=rotation_poll_interval, no_wait=no_wait, - enable_msi_auth_for_monitoring=enable_msi_auth_for_monitoring, - dns_zone_resource_id=dns_zone_resource_id, dns_zone_resource_ids=dns_zone_resource_ids, enable_syslog=enable_syslog, - data_collection_settings=data_collection_settings) +def aks_addon_enable( + cmd, + client, + resource_group_name, + name, + addon, + workspace_resource_id=None, + subnet_name=None, + appgw_name=None, + appgw_subnet_prefix=None, + appgw_subnet_cidr=None, + appgw_id=None, + appgw_subnet_id=None, + appgw_watch_namespace=None, + enable_sgxquotehelper=False, + enable_secret_rotation=False, + rotation_poll_interval=None, + no_wait=False, + enable_msi_auth_for_monitoring=True, + dns_zone_resource_id=None, + dns_zone_resource_ids=None, + enable_syslog=False, + data_collection_settings=None, +): + return enable_addons( + cmd, + client, + resource_group_name, + name, + addon, + workspace_resource_id=workspace_resource_id, + subnet_name=subnet_name, + appgw_name=appgw_name, + appgw_subnet_prefix=appgw_subnet_prefix, + appgw_subnet_cidr=appgw_subnet_cidr, + appgw_id=appgw_id, + appgw_subnet_id=appgw_subnet_id, + appgw_watch_namespace=appgw_watch_namespace, + enable_sgxquotehelper=enable_sgxquotehelper, + enable_secret_rotation=enable_secret_rotation, + rotation_poll_interval=rotation_poll_interval, + no_wait=no_wait, + enable_msi_auth_for_monitoring=enable_msi_auth_for_monitoring, + dns_zone_resource_id=dns_zone_resource_id, + dns_zone_resource_ids=dns_zone_resource_ids, + enable_syslog=enable_syslog, + data_collection_settings=data_collection_settings, + ) def aks_addon_disable(cmd, client, resource_group_name, name, addon, no_wait=False): return aks_disable_addons(cmd, client, resource_group_name, name, addon, no_wait) -def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_resource_id=None, - subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, - appgw_subnet_id=None, - appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, - no_wait=False, enable_msi_auth_for_monitoring=None, - dns_zone_resource_id=None, dns_zone_resource_ids=None, enable_syslog=False, data_collection_settings=None): +def aks_addon_update( + cmd, + client, + resource_group_name, + name, + addon, + workspace_resource_id=None, + subnet_name=None, + appgw_name=None, + appgw_subnet_prefix=None, + appgw_subnet_cidr=None, + appgw_id=None, + appgw_subnet_id=None, + appgw_watch_namespace=None, + enable_sgxquotehelper=False, + enable_secret_rotation=False, + rotation_poll_interval=None, + no_wait=False, + enable_msi_auth_for_monitoring=None, + dns_zone_resource_id=None, + dns_zone_resource_ids=None, + enable_syslog=False, + data_collection_settings=None, +): instance = client.get(resource_group_name, name) addon_profiles = instance.addon_profiles @@ -1591,8 +1727,14 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re enable_msi_auth_for_monitoring = False if addon == "web_application_routing": - if (instance.ingress_profile is None) or (instance.ingress_profile.web_app_routing is None) or not instance.ingress_profile.web_app_routing.enabled: - raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') + if ( + (instance.ingress_profile is None) or + (instance.ingress_profile.web_app_routing is None) or + not instance.ingress_profile.web_app_routing.enabled + ): + raise InvalidArgumentValueError( + f'Addon "{addon}" is not enabled in this cluster.' + ) elif addon == "monitoring" and enable_msi_auth_for_monitoring is None: enable_msi_auth_for_monitoring = True @@ -1602,15 +1744,31 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re if not addon_profiles or addon_key not in addon_profiles or not addon_profiles[addon_key].enabled: raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') - return enable_addons(cmd, client, resource_group_name, name, addon, check_enabled=False, - workspace_resource_id=workspace_resource_id, - subnet_name=subnet_name, appgw_name=appgw_name, appgw_subnet_prefix=appgw_subnet_prefix, - appgw_subnet_cidr=appgw_subnet_cidr, appgw_id=appgw_id, appgw_subnet_id=appgw_subnet_id, - appgw_watch_namespace=appgw_watch_namespace, enable_sgxquotehelper=enable_sgxquotehelper, - enable_secret_rotation=enable_secret_rotation, rotation_poll_interval=rotation_poll_interval, no_wait=no_wait, - enable_msi_auth_for_monitoring=enable_msi_auth_for_monitoring, - dns_zone_resource_id=dns_zone_resource_id, dns_zone_resource_ids=dns_zone_resource_ids, - enable_syslog=enable_syslog, data_collection_settings=data_collection_settings) + return enable_addons( + cmd, + client, + resource_group_name, + name, + addon, + check_enabled=False, + workspace_resource_id=workspace_resource_id, + subnet_name=subnet_name, + appgw_name=appgw_name, + appgw_subnet_prefix=appgw_subnet_prefix, + appgw_subnet_cidr=appgw_subnet_cidr, + appgw_id=appgw_id, + appgw_subnet_id=appgw_subnet_id, + appgw_watch_namespace=appgw_watch_namespace, + enable_sgxquotehelper=enable_sgxquotehelper, + enable_secret_rotation=enable_secret_rotation, + rotation_poll_interval=rotation_poll_interval, + no_wait=no_wait, + enable_msi_auth_for_monitoring=enable_msi_auth_for_monitoring, + dns_zone_resource_id=dns_zone_resource_id, + dns_zone_resource_ids=dns_zone_resource_ids, + enable_syslog=enable_syslog, + data_collection_settings=data_collection_settings, + ) def aks_disable_addons(cmd, client, resource_group_name, name, addons, no_wait=False): @@ -1618,10 +1776,18 @@ def aks_disable_addons(cmd, client, resource_group_name, name, addons, no_wait=F subscription_id = get_subscription_id(cmd.cli_ctx) try: - if addons == "monitoring" and CONST_MONITORING_ADDON_NAME in instance.addon_profiles and \ - instance.addon_profiles[CONST_MONITORING_ADDON_NAME].enabled and \ - CONST_MONITORING_USING_AAD_MSI_AUTH in instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config and \ - str(instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config[CONST_MONITORING_USING_AAD_MSI_AUTH]).lower() == 'true': + if ( + addons == "monitoring" and + CONST_MONITORING_ADDON_NAME in instance.addon_profiles and + instance.addon_profiles[CONST_MONITORING_ADDON_NAME].enabled and + CONST_MONITORING_USING_AAD_MSI_AUTH in + instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config and + str( + instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config[ + CONST_MONITORING_USING_AAD_MSI_AUTH + ] + ).lower() == "true" + ): # remove the DCR association because otherwise the DCR can't be deleted ensure_container_insights_for_monitoring( cmd, @@ -1655,10 +1821,31 @@ def aks_disable_addons(cmd, client, resource_group_name, name, addons, no_wait=F return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, name, instance) -def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_resource_id=None, - subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, appgw_subnet_id=None, - appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, no_wait=False, enable_msi_auth_for_monitoring=True, - dns_zone_resource_id=None, dns_zone_resource_ids=None, enable_syslog=False, data_collection_settings=None, aks_custom_headers=None): +def aks_enable_addons( + cmd, + client, + resource_group_name, + name, + addons, + workspace_resource_id=None, + subnet_name=None, + appgw_name=None, + appgw_subnet_prefix=None, + appgw_subnet_cidr=None, + appgw_id=None, + appgw_subnet_id=None, + appgw_watch_namespace=None, + enable_sgxquotehelper=False, + enable_secret_rotation=False, + rotation_poll_interval=None, + no_wait=False, + enable_msi_auth_for_monitoring=True, + dns_zone_resource_id=None, + dns_zone_resource_ids=None, + enable_syslog=False, + data_collection_settings=None, + aks_custom_headers=None, +): headers = get_aks_custom_headers(aks_custom_headers) instance = client.get(resource_group_name, name) # this is overwritten by _update_addons(), so the value needs to be recorded here @@ -1669,33 +1856,62 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_ enable_msi_auth_for_monitoring = False subscription_id = get_subscription_id(cmd.cli_ctx) - instance = _update_addons(cmd, instance, subscription_id, resource_group_name, name, addons, enable=True, - workspace_resource_id=workspace_resource_id, enable_msi_auth_for_monitoring=enable_msi_auth_for_monitoring, subnet_name=subnet_name, - appgw_name=appgw_name, appgw_subnet_prefix=appgw_subnet_prefix, appgw_subnet_cidr=appgw_subnet_cidr, appgw_id=appgw_id, appgw_subnet_id=appgw_subnet_id, appgw_watch_namespace=appgw_watch_namespace, - enable_sgxquotehelper=enable_sgxquotehelper, enable_secret_rotation=enable_secret_rotation, rotation_poll_interval=rotation_poll_interval, no_wait=no_wait, - dns_zone_resource_id=dns_zone_resource_id, dns_zone_resource_ids=dns_zone_resource_ids, enable_syslog=enable_syslog, data_collection_settings=data_collection_settings) - - if CONST_MONITORING_ADDON_NAME in instance.addon_profiles and instance.addon_profiles[CONST_MONITORING_ADDON_NAME].enabled: - if CONST_MONITORING_USING_AAD_MSI_AUTH in instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config and \ - str(instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config[CONST_MONITORING_USING_AAD_MSI_AUTH]).lower() == 'true': + instance = _update_addons( + cmd, + instance, + subscription_id, + resource_group_name, + name, + addons, + enable=True, + workspace_resource_id=workspace_resource_id, + enable_msi_auth_for_monitoring=enable_msi_auth_for_monitoring, + subnet_name=subnet_name, + appgw_name=appgw_name, + appgw_subnet_prefix=appgw_subnet_prefix, + appgw_subnet_cidr=appgw_subnet_cidr, + appgw_id=appgw_id, + appgw_subnet_id=appgw_subnet_id, + appgw_watch_namespace=appgw_watch_namespace, + enable_sgxquotehelper=enable_sgxquotehelper, + enable_secret_rotation=enable_secret_rotation, + rotation_poll_interval=rotation_poll_interval, + no_wait=no_wait, + dns_zone_resource_id=dns_zone_resource_id, + dns_zone_resource_ids=dns_zone_resource_ids, + enable_syslog=enable_syslog, + data_collection_settings=data_collection_settings, + ) + if ( + CONST_MONITORING_ADDON_NAME in instance.addon_profiles and + instance.addon_profiles[CONST_MONITORING_ADDON_NAME].enabled + ): + if ( + CONST_MONITORING_USING_AAD_MSI_AUTH in + instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config and + str( + instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config[ + CONST_MONITORING_USING_AAD_MSI_AUTH + ] + ).lower() == "true" + ): if not msi_auth: raise ArgumentUsageError( "--enable-msi-auth-for-monitoring can not be used on clusters with service principal auth.") - else: - # create a Data Collection Rule (DCR) and associate it with the cluster - ensure_container_insights_for_monitoring( - cmd, - instance.addon_profiles[CONST_MONITORING_ADDON_NAME], - subscription_id, - resource_group_name, - name, - instance.location, - aad_route=True, - create_dcr=True, - create_dcra=True, - enable_syslog=enable_syslog, - data_collection_settings=data_collection_settings, - ) + # create a Data Collection Rule (DCR) and associate it with the cluster + ensure_container_insights_for_monitoring( + cmd, + instance.addon_profiles[CONST_MONITORING_ADDON_NAME], + subscription_id, + resource_group_name, + name, + instance.location, + aad_route=True, + create_dcr=True, + create_dcra=True, + enable_syslog=enable_syslog, + data_collection_settings=data_collection_settings, + ) else: # monitoring addon will use legacy path if enable_syslog: @@ -1826,7 +2042,7 @@ def _update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements continue if addon_arg not in ADDONS: - raise CLIError("Invalid addon name: {}.".format(addon_arg)) + raise CLIError(f"Invalid addon name: {addon_arg}.") addon = ADDONS[addon_arg] if addon == CONST_VIRTUAL_NODE_ADDON_NAME: # only linux is supported for now, in the future this will be a user flag @@ -1858,13 +2074,23 @@ def _update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements cloud_name = cmd.cli_ctx.cloud.name if enable_msi_auth_for_monitoring and (cloud_name.lower() == 'ussec' or cloud_name.lower() == 'usnat'): - if instance.identity is not None and instance.identity.type is not None and instance.identity.type == "userassigned": - logger.warning("--enable_msi_auth_for_monitoring is not supported in %s cloud and continuing monitoring enablement without this flag.", cloud_name) + if ( + instance.identity is not None and + instance.identity.type is not None and + instance.identity.type == "userassigned" + ): + logger.warning( + "--enable_msi_auth_for_monitoring is not supported in %s cloud and continuing " + "monitoring enablement without this flag.", + cloud_name, + ) enable_msi_auth_for_monitoring = False addon_profile.config = { logAnalyticsConstName: workspace_resource_id} - addon_profile.config[CONST_MONITORING_USING_AAD_MSI_AUTH] = "true" if enable_msi_auth_for_monitoring else "false" + addon_profile.config[CONST_MONITORING_USING_AAD_MSI_AUTH] = ( + "true" if enable_msi_auth_for_monitoring else "false" + ) elif addon == (CONST_VIRTUAL_NODE_ADDON_NAME + os_type): if addon_profile.enabled: raise CLIError('The virtual-node addon is already enabled for this managed cluster.\n' @@ -1916,10 +2142,12 @@ def _update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements addon_profile.config[CONST_ACC_SGX_QUOTE_HELPER_ENABLED] = "true" elif addon == CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME: if addon_profile.enabled: - raise CLIError('The azure-keyvault-secrets-provider addon is already enabled for this managed cluster.\n' - 'To change azure-keyvault-secrets-provider configuration, run ' - f'"az aks disable-addons -a azure-keyvault-secrets-provider -n {name} -g {resource_group_name}" ' - 'before enabling it again.') + raise CLIError( + "The azure-keyvault-secrets-provider addon is already enabled for this managed cluster.\n" + 'To change azure-keyvault-secrets-provider configuration, run "az aks disable-addons ' + f'-a azure-keyvault-secrets-provider -n {name} -g {resource_group_name}" ' + "before enabling it again." + ) addon_profile = ManagedClusterAddonProfile( enabled=True, config={CONST_SECRET_ROTATION_ENABLED: "false", CONST_ROTATION_POLL_INTERVAL: "2m"}) if enable_secret_rotation: @@ -1936,8 +2164,7 @@ def _update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements addon_profiles[addon] = ManagedClusterAddonProfile( enabled=False) else: - raise CLIError( - "The addon {} is not installed.".format(addon)) + raise CLIError(f"The addon {addon} is not installed.") addon_profiles[addon].config = None addon_profiles[addon].enabled = enable @@ -2096,7 +2323,14 @@ def aks_pod_identity_add( headers = get_aks_custom_headers(aks_custom_headers) # send the managed cluster represeentation to update the pod identity addon - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + instance, + headers=headers + ) def aks_pod_identity_delete( @@ -2133,7 +2367,14 @@ def aks_pod_identity_delete( headers = get_aks_custom_headers(aks_custom_headers) # send the managed cluster represeentation to update the pod identity addon - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + instance, + headers=headers + ) def aks_pod_identity_list(cmd, client, resource_group_name, cluster_name): # pylint: disable=unused-argument @@ -2181,7 +2422,14 @@ def aks_pod_identity_exception_add( headers = get_aks_custom_headers(aks_custom_headers) # send the managed cluster represeentation to update the pod identity addon - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + instance, + headers=headers + ) def aks_pod_identity_exception_delete( @@ -2218,7 +2466,14 @@ def aks_pod_identity_exception_delete( headers = get_aks_custom_headers(aks_custom_headers) # send the managed cluster represeentation to update the pod identity addon - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + instance, + headers=headers + ) def aks_pod_identity_exception_update( @@ -2254,8 +2509,7 @@ def aks_pod_identity_exception_update( pod_identity_exceptions.append(exc) if not found_target: - raise CLIError( - 'pod identity exception {}/{} not found'.format(exc_namespace, exc_name)) + raise CLIError(f"pod identity exception {exc_namespace}/{exc_name} not found") from azext_aks_preview.managed_cluster_decorator import AKSPreviewManagedClusterModels # store all the models used by pod identity @@ -2270,7 +2524,14 @@ def aks_pod_identity_exception_update( headers = get_aks_custom_headers(aks_custom_headers) # send the managed cluster represeentation to update the pod identity addon - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, instance, headers=headers) + return sdk_no_wait( + no_wait, + client.begin_create_or_update, + resource_group_name, + cluster_name, + instance, + headers=headers, + ) def aks_pod_identity_exception_list(cmd, client, resource_group_name, cluster_name): @@ -2333,10 +2594,10 @@ def aks_snapshot_delete(cmd, # pylint: disable=unused-argument name, no_wait=False, yes=False): - - from knack.prompting import prompt_y_n - msg = 'This will delete the cluster snapshot "{}" in resource group "{}", Are you sure?'.format( - name, resource_group_name) + msg = ( + f'This will delete the cluster snapshot "{name}" in resource group "{resource_group_name}".\n' + "Are you sure?" + ) if not yes and not prompt_y_n(msg, default="n"): return None @@ -2414,10 +2675,10 @@ def aks_nodepool_snapshot_delete(cmd, # pylint: disable=unused-argument snapshot_name, no_wait=False, yes=False): - - from knack.prompting import prompt_y_n - msg = 'This will delete the nodepool snapshot "{}" in resource group "{}", Are you sure?'.format( - snapshot_name, resource_group_name) + msg = ( + f'This will delete the nodepool snapshot "{snapshot_name}" in resource group "{resource_group_name}".\n' + "Are you sure?" + ) if not yes and not prompt_y_n(msg, default="n"): return None @@ -2457,7 +2718,11 @@ def aks_trustedaccess_role_binding_create(cmd, client, resource_group_name, clus pass if existedBinding: - raise Exception("TrustedAccess RoleBinding " + role_binding_name + " already existed, please use 'az aks trustedaccess rolebinding update' command to update!") + raise Exception( # pylint: disable=broad-exception-raised + "TrustedAccess RoleBinding " + + role_binding_name + + " already existed, please use 'az aks trustedaccess rolebinding update' command to update!" + ) roleList = roles.split(',') roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roleList) @@ -2482,34 +2747,51 @@ def aks_trustedaccess_role_binding_delete(cmd, client, resource_group_name, clus def aks_mesh_enable( + cmd, + client, + resource_group_name, + name, + revision=None, + key_vault_id=None, + ca_cert_object_name=None, + ca_key_object_name=None, + root_cert_object_name=None, + cert_chain_object_name=None, +): + instance = client.get(resource_group_name, name) + addon_profiles = instance.addon_profiles + if ( + key_vault_id is not None and + ca_cert_object_name is not None and + ca_key_object_name is not None and + root_cert_object_name is not None and + cert_chain_object_name is not None + ): + if ( + not addon_profiles or + not addon_profiles[CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME] or + not addon_profiles[ + CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME + ].enabled + ): + raise CLIError( + "AzureKeyvaultSecretsProvider addon is required for Azure Service Mesh plugin " + "certificate authority feature." + ) + + return _aks_mesh_update( cmd, client, resource_group_name, name, - revision=None, - key_vault_id=None, - ca_cert_object_name=None, - ca_key_object_name=None, - root_cert_object_name=None, - cert_chain_object_name=None -): - instance = client.get(resource_group_name, name) - addon_profiles = instance.addon_profiles - if key_vault_id is not None and ca_cert_object_name is not None and ca_key_object_name is not None and root_cert_object_name is not None and cert_chain_object_name is not None: - if not addon_profiles or not addon_profiles[CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME] or not addon_profiles[CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME].enabled: - raise CLIError('AzureKeyvaultSecretsProvider addon is required for Azure Service Mesh plugin certificate authority feature.') - - return _aks_mesh_update(cmd, - client, - resource_group_name, - name, - key_vault_id, - ca_cert_object_name, - ca_key_object_name, - root_cert_object_name, - cert_chain_object_name, - revision=revision, - enable_azure_service_mesh=True) + key_vault_id, + ca_cert_object_name, + ca_key_object_name, + root_cert_object_name, + cert_chain_object_name, + revision=revision, + enable_azure_service_mesh=True, + ) def aks_mesh_disable( @@ -2599,8 +2881,7 @@ def aks_mesh_get_revisions( if revisions: return revisions[0].properties - else: - return None + return None def aks_mesh_get_upgrades( @@ -2619,8 +2900,7 @@ def aks_mesh_get_upgrades( if upgrades: return upgrades[0].properties - else: - return None + return None def aks_mesh_upgrade_start( @@ -2666,6 +2946,7 @@ def aks_mesh_upgrade_rollback( mesh_upgrade_command=CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_ROLLBACK) +# pylint: disable=unused-argument def _aks_mesh_update( cmd, client, @@ -2836,6 +3117,7 @@ def aks_approuting_zone_list( raise CLIError('App routing addon is not enabled') +# pylint: disable=unused-argument def _aks_approuting_update( cmd, client, @@ -2909,14 +3191,29 @@ def _keyvault_update( try: if keyvault.properties.enable_rbac_authorization: - if not add_role_assignment(cmd, 'Key Vault Secrets User', managed_identity_object_id, is_service_principal, scope=keyvault_id): + if not add_role_assignment( + cmd, + "Key Vault Secrets User", + managed_identity_object_id, + is_service_principal, + scope=keyvault_id, + ): logger.warning( - 'Could not create a role assignment for App Routing. ' - 'Are you an Owner on this subscription?') + "Could not create a role assignment for App Routing. " + "Are you an Owner on this subscription?" + ) else: - keyvault = set_policy(cmd, keyvault_client, keyvault_rg, keyvault_name, object_id=managed_identity_object_id, secret_permissions=['Get'], certificate_permissions=['Get']) + keyvault = set_policy( + cmd, + keyvault_client, + keyvault_rg, + keyvault_name, + object_id=managed_identity_object_id, + secret_permissions=["Get"], + certificate_permissions=["Get"], + ) except Exception as ex: - raise CLIError(f'Error in granting keyvault permissions to managed identity: {ex}\n') + raise CLIError('Error in granting keyvault permissions to managed identity.\n') from ex else: raise CLIError('App Routing is not enabled.\n')