Add AKS Safeguards commands with Pod Security Standards support into Preview CLI #9396
Conversation
- Generated AAZ commands from 2025-05-02-preview API - Added custom classes to support -g/-n argument pattern (matching official CLI) - Implemented Pod Security Standards (PSS) feature with --pss-level flag - Supports three PSS levels: Privileged, Baseline, Restricted - Added comprehensive test scenarios - Commands: create, show, update, delete, list, wait
ShantingLiu
requested review from
FumingZhang and
andyliuliming
as code owners
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| aks safeguards | sub group aks safeguards added |
|
Hi @ShantingLiu, |
ShantingLiu
changed the title
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
yanzhudd,
yonzhan and
zhoxing-ms
CodeGen Tools Feedback CollectionThank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey |
|
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for AKS Safeguards with Pod Security Standards to the Azure CLI aks-preview extension. The implementation includes CLI commands for managing deployment safeguards (create, show, update, delete, list, wait) with support for both full resource ID and resource group/name argument patterns.
- Adds new
aks safeguardscommand group with CRUD operations - Implements custom command classes to support both
-c/--managed-clusterand-g/-nargument patterns - Includes comprehensive test coverage for basic safeguards, PSS integration, and argument validation
- Updates minimum CLI core version to 2.75.0
Reviewed Changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
test_aks_safeguards.py |
New test suite covering basic safeguards, PSS features, and argument validation scenarios |
commands.py |
Registers custom safeguards command implementations |
azext_metadata.json |
Updates minimum CLI core version from 2.73.0 to 2.75.0 |
aks_safeguards_custom.py |
Custom command classes implementing argument validation and resource ID construction |
aaz/latest/aks/safeguards/*.py |
Auto-generated command implementations for safeguards CRUD operations |
__init__.py files |
Initializes aaz module and loads command tables |
src/aks-preview/azext_aks_preview/tests/latest/test_aks_safeguards.py
Outdated
Show resolved
Hide resolved
| "az configure --defaults group=<name>. You may provide either 'managed_cluster' " | ||
| "or both 'resource_group' and 'name', but not both.", | ||
| required=False, | ||
| ) | ||
| _args_schema.cluster_name = AAZStrArg( | ||
| options=["--name", "-n"], | ||
| help="The name of the Managed Cluster. You may provide either 'managed_cluster' " | ||
| "or both 'resource_group' and 'name', but not both.", |
There was a problem hiding this comment.
The help text refers to 'resource_group' and 'name' parameters, but should refer to the actual argument names that users will see: '--resource-group' (-g) and '--name' (-n). This would be clearer as 'You may provide either --managed-cluster or both --resource-group and --name, but not both.'
| "az configure --defaults group=<name>. You may provide either 'managed_cluster' " | |
| "or both 'resource_group' and 'name', but not both.", | |
| required=False, | |
| ) | |
| _args_schema.cluster_name = AAZStrArg( | |
| options=["--name", "-n"], | |
| help="The name of the Managed Cluster. You may provide either 'managed_cluster' " | |
| "or both 'resource_group' and 'name', but not both.", | |
| "az configure --defaults group=<name>. You may provide either --managed-cluster " | |
| "or both --resource-group (-g) and --name (-n), but not both.", | |
| required=False, | |
| ) | |
| _args_schema.cluster_name = AAZStrArg( | |
| options=["--name", "-n"], | |
| help="The name of the Managed Cluster. You may provide either --managed-cluster " | |
| "or both --resource-group (-g) and --name (-n), but not both.", |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
- Wrap <name> placeholder in backticks to fix HTML tag linter error - Add customer-facing description to HISTORY.rst under Pending section
- Add test_aks_deployment_safeguards_basic.yaml recording - Add test_aks_deployment_safeguards_with_pss.yaml recording - Add test_aks_deployment_safeguards_argument_validation.yaml recording - Fix test name prefixes to avoid randomness validation errors - Sanitized subscription IDs with nil UUID (00000000-0000-0000-0000-000000000000) - Revert azext_metadata.json minCliCoreVersion to 2.73.0
The az aks safeguards commands are already available in the official CLI. The aks-preview extension overrides them through custom commands in commands.py. No need to explicitly load AAZ commands here.
ShantingLiu
force-pushed
the
safeguards-pss-aaz
branch
from
3c0a304 to
a885d3a
Compare
1. Fix typo: 'workround' -> 'workaround' in test file 2. Fix resource ID construction: add missing '/subscriptions/' prefix 3. Fix help text: use CLI argument names (--managed-cluster, --resource-group, --name) instead of parameter names
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
|
||
| @AllowLargeResponse(size_kb=9999) | ||
| @ResourceGroupPreparer(name_prefix='cli-', random_name_length=8, location="westus2") | ||
| def test_aks_deployment_safeguards_basic(self): |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
github-actions
bot
added
the
release-version-block
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
github-actions
bot
removed
the
release-version-block
|
please submit a PR for the changes to aaz repo as well |
|
[Release] Update index.json for extension [ aks-preview-19.0.0b14 ] : https://dev.azure.com/msazure/One/_build/results?buildId=142991653&view=results |
Azure/aaz#897 Does this look correct? First time, thanks. @yanzhudd Changes include:
|
7 participants
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.