From 7a65a25fd00bbd9e1788bcc825879fd4204ba587 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 9 Oct 2025 21:03:16 +0000 Subject: [PATCH] feat: remove --enable-custom-ca-trust and --disable-custom-ca-trust options --- src/aks-preview/HISTORY.rst | 8 ++++- src/aks-preview/azext_aks_preview/_help.py | 14 -------- src/aks-preview/azext_aks_preview/_params.py | 18 ---------- .../azext_aks_preview/_validators.py | 8 ----- src/aks-preview/azext_aks_preview/custom.py | 4 --- .../latest/test_managed_cluster_decorator.py | 1 - .../test_update_agentpool_profile_preview.py | 2 -- .../tests/latest/test_validators.py | 35 ------------------- src/aks-preview/setup.py | 2 +- 9 files changed, 8 insertions(+), 84 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index c7e1f381631..4dca8359304 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -11,8 +11,14 @@ To release a new version, please select a new version number (usually plus 1 to Pending +++++++ + +19.0.0b1 ++++++++ +* [BREAKING CHANGE]: `az aks create`: remove `--enable-custom-ca-trust` and `--disable-custom-ca-trust` options +* [BREAKING CHANGE]: `az aks update`: remove `--enable-custom-ca-trust` and `--disable-custom-ca-trust` options +* [BREAKING CHANGE]: `az aks nodepool add`: remove `--enable-custom-ca-trust` and `--disable-custom-ca-trust` options +* [BREAKING CHANGE]: `az aks nodepool update`: remove `--enable-custom-ca-trust` and `--disable-custom-ca-trust` options * Vendor new SDK and bump API version to 2025-08-02-preview. -* Pre-deprecate `--enable-custom-ca-trust` and `--disable-custom-ca-trust` in `az aks create`, `az aks update` commands. 18.0.0b43 +++++++ diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 8201379d44e..cc86e4e3cc4 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -517,9 +517,6 @@ - name: --dns-zone-resource-ids type: string short-summary: A comma separated list of resource IDs of the DNS zone resource to use with the App Routing addon. - - name: --enable-custom-ca-trust - type: bool - short-summary: Enable Custom CA Trust on agent node pool. - name: --ca-certs --custom-ca-trust-certificates type: string short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. @@ -730,8 +727,6 @@ text: az aks create -g MyResourceGroup -n MyMC --kubernetes-version 1.20.13 --location westus2 --host-group-id /subscriptions/00000/resourceGroups/AnotherResourceGroup/providers/Microsoft.ContainerService/hostGroups/myHostGroup --node-vm-size VMSize --enable-managed-identity --assign-identity - name: Create a kubernetes cluster with no CNI installed. text: az aks create -g MyResourceGroup -n MyManagedCluster --network-plugin none - - name: Create a kubernetes cluster with Custom CA Trust enabled. - text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-custom-ca-trust - name: Create a kubernetes cluster with safeguards set to "Warning" text: az aks create -g MyResourceGroup -n MyManagedCluster --safeguards-level Warning --enable-addons azure-policy - name: Create a kubernetes cluster with safeguards set to "Warning" and some namespaces excluded @@ -2019,9 +2014,6 @@ - name: --message-of-the-day type: string short-summary: Path to a file containing the desired message of the day. Only valid for linux nodes. Will be written to /etc/motd. - - name: --enable-custom-ca-trust - type: bool - short-summary: Enable Custom CA Trust on agent node pool. - name: --disable-windows-outbound-nat type: bool short-summary: Disable Windows OutboundNAT on Windows agent node pool. Must use VMSS agent pool type. @@ -2241,12 +2233,6 @@ - name: --node-taints type: string short-summary: The node taints for the node pool. - - name: --enable-custom-ca-trust - type: bool - short-summary: Enable Custom CA Trust on agent node pool. - - name: --dcat --disable-custom-ca-trust - type: bool - short-summary: Disable Custom CA Trust on agent node pool. - name: --aks-custom-headers type: string short-summary: Send custom headers. When specified, format should be Key1=Value1,Key2=Value2 diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 5bb60278622..57dffbab92b 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -186,7 +186,6 @@ validate_defender_disable_and_enable_parameters, validate_disable_windows_outbound_nat, validate_asm_egress_name, - validate_enable_custom_ca_trust, validate_eviction_policy, validate_grafanaresourceid, validate_host_group_id, @@ -976,8 +975,6 @@ def load_arguments(self, _): arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER, ) - # no validation for aks create because it already only supports Linux. - c.argument("enable_custom_ca_trust", action="store_true") c.argument( "nodepool_allowed_host_ports", validator=validate_allowed_host_ports, @@ -1779,11 +1776,6 @@ def load_arguments(self, _): arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER, ) - c.argument( - "enable_custom_ca_trust", - action="store_true", - validator=validate_enable_custom_ca_trust, - ) c.argument( "disable_windows_outbound_nat", action="store_true", @@ -1898,16 +1890,6 @@ def load_arguments(self, _): c.argument("mode", arg_type=get_enum_type(node_mode_types)) c.argument("scale_down_mode", arg_type=get_enum_type(scale_down_modes)) # extensions - c.argument( - "enable_custom_ca_trust", - action="store_true", - validator=validate_enable_custom_ca_trust, - ) - c.argument( - "disable_custom_ca_trust", - options_list=["--disable-custom-ca-trust", "--dcat"], - action="store_true", - ) c.argument( "allowed_host_ports", validator=validate_allowed_host_ports, is_preview=True ) diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index 9c84f6a2efe..491e7326479 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -731,14 +731,6 @@ def validate_bootstrap_container_registry_resource_id(namespace): raise InvalidArgumentValueError("--bootstrap-container-registry-resource-id is not a valid Azure resource ID.") -def validate_enable_custom_ca_trust(namespace): - """Validates Custom CA Trust can only be used on Linux.""" - if namespace.enable_custom_ca_trust: - if hasattr(namespace, 'os_type') and namespace.os_type != "Linux": - raise ArgumentUsageError( - '--enable_custom_ca_trust can only be set for Linux nodepools') - - def validate_custom_ca_trust_certificates(namespace): """Validates Custom CA Trust Certificates can only be used on Linux.""" if namespace.custom_ca_trust_certificates is not None and namespace.custom_ca_trust_certificates != "": diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index f688ae51808..d27ce0f94eb 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -709,7 +709,6 @@ def aks_create( crg_id=None, message_of_the_day=None, workload_runtime=None, - enable_custom_ca_trust=False, nodepool_allowed_host_ports=None, nodepool_asg_ids=None, node_public_ip_tags=None, @@ -1439,7 +1438,6 @@ def aks_agentpool_add( crg_id=None, message_of_the_day=None, workload_runtime=None, - enable_custom_ca_trust=False, disable_windows_outbound_nat=False, allowed_host_ports=None, asg_ids=None, @@ -1516,8 +1514,6 @@ def aks_agentpool_update( no_wait=False, aks_custom_headers=None, # extensions - enable_custom_ca_trust=False, - disable_custom_ca_trust=False, allowed_host_ports=None, asg_ids=None, enable_artifact_streaming=False, diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 129c4ae99f6..fb858a9b558 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -5704,7 +5704,6 @@ def test_construct_mc_profile_preview(self): enable_fips=False, mode=CONST_NODEPOOL_MODE_SYSTEM, workload_runtime=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER, - enable_custom_ca_trust=False, network_profile=self.models.AgentPoolNetworkProfile(), security_profile=ground_truth_security_profile, ) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_update_agentpool_profile_preview.py b/src/aks-preview/azext_aks_preview/tests/latest/test_update_agentpool_profile_preview.py index b54836ccccc..3efb5b3be74 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_update_agentpool_profile_preview.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_update_agentpool_profile_preview.py @@ -227,7 +227,6 @@ def test_update_agentpool_profile_preview_managed_system_mode(self): mode=CONST_NODEPOOL_MODE_MANAGEDSYSTEM, vm_size="Standard_D2s_v3", count=5, - enable_custom_ca_trust=True, ) # Mock the update_agentpool_profile_default method @@ -319,7 +318,6 @@ def test_update_agentpool_profile_preview_system_mode_regular_flow(self): "resource_group_name": "test_rg", "cluster_name": "test_cluster", "nodepool_name": "test_nodepool", - "enable_custom_ca_trust": True, } decorator = AKSPreviewAgentPoolUpdateDecorator( diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index 8629e3c7540..27d5e99d4d0 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -137,12 +137,6 @@ def __init__(self, message_of_the_day, os_type): self.message_of_the_day = message_of_the_day -class EnableCustomCATrustNamespace: - def __init__(self, os_type, enable_custom_ca_trust): - self.os_type = os_type - self.enable_custom_ca_trust = enable_custom_ca_trust - - class CustomCATrustCertificatesNamespace: def __init__(self, os_type, custom_ca_trust_certificates): self.os_type = os_type @@ -331,35 +325,6 @@ def test_fail_if_os_type_invalid(self): ) -class TestEnableCustomCATrust(unittest.TestCase): - def test_pass_if_os_type_linux(self): - validators.validate_enable_custom_ca_trust( - EnableCustomCATrustNamespace("Linux", True) - ) - - def test_fail_if_os_type_windows(self): - with self.assertRaises(CLIError) as cm: - validators.validate_enable_custom_ca_trust( - EnableCustomCATrustNamespace("Windows", True) - ) - self.assertTrue( - "--enable_custom_ca_trust can only be set for Linux nodepools" - in str(cm.exception), - msg=str(cm.exception), - ) - - def test_fail_if_os_type_invalid(self): - with self.assertRaises(CLIError) as cm: - validators.validate_enable_custom_ca_trust( - EnableCustomCATrustNamespace("invalid", True) - ) - self.assertTrue( - "--enable_custom_ca_trust can only be set for Linux nodepools" - in str(cm.exception), - msg=str(cm.exception), - ) - - class TestCustomCATrustCertificates(unittest.TestCase): def test_valid_cases(self): valid = ["foo", ""] diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 8b1bcca941b..e8aad73d593 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import find_packages, setup -VERSION = "18.0.0b43" +VERSION = "19.0.0b1" CLASSIFIERS = [ "Development Status :: 4 - Beta",