diff --git a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs
index 3d774152d88f..f0bb10e63958 100644
--- a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs
+++ b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs
@@ -44,5 +44,12 @@ public void TestAzureKubernetesAddons()
{
TestController.NewInstance.RunPowerShellTest(_logger, "Test-NewAzAksAddons");
}
+
+ [Fact(Skip = "Updating service principal profile is not allowed on MSI cluster.")]
+ [Trait(Category.AcceptanceType, Category.CheckIn)]
+ public void TestResetAzureKubernetesServicePrincipal()
+ {
+ TestController.NewInstance.RunPowerShellTest(_logger, "Test-ResetAzureKubernetesServicePrincipal");
+ }
}
}
\ No newline at end of file
diff --git a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1 b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1
index 5a92f369b356..b48d69d576d7 100644
--- a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1
+++ b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1
@@ -46,7 +46,7 @@ function Test-NewAzAksWithAcr
New-AzResourceGroup -Name $resourceGroupName -Location $location
New-AzContainerRegistry -ResourceGroupName $resourceGroupName -Name $acrName -Sku Standard
-
+
$cred = $(createTestCredential "e65d50b0-0853-48a9-82d3-77d800f4a9bc" "V8-S-y6Er8jXy-.aM_WT95BF89N~X23lqb")
New-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName -NodeVmSize $nodeVmSize -ServicePrincipalIdAndSecret $cred -AcrNameToAttach $acrName
@@ -187,3 +187,32 @@ function Test-NewAzAksAddons
Remove-AzResourceGroup -Name $resourceGroupName -Force
}
}
+
+
+<#
+.SYNOPSIS
+Test Kubernetes stuff
+#>
+function Test-ResetAzureKubernetesServicePrincipal
+{
+ # Setup
+ $resourceGroupName = Get-RandomResourceGroupName
+ $kubeClusterName = Get-RandomClusterName
+ $location = Get-ProviderLocation "Microsoft.ContainerService/managedClusters"
+ $nodeVmSize = "Standard_D2_v2"
+
+ try
+ {
+ New-AzResourceGroup -Name $resourceGroupName -Location 'eastus'
+
+ $credObject = $(createTestCredential "e65d50b0-0853-48a9-82d3-77d800f4a9bc" "75_4.yHJFjkKaRUUb535aH2d.ty4RG~uax")
+ New-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName -NodeVmSize $nodeVmSize -ServicePrincipalIdAndSecret $credObject
+
+ $newCred = $(createTestCredential "6f277dd3-e481-4518-8aab-35c31662bad9" "XITofmnbbyU34uR_Yqx_4TI13OJ9--0C3m")
+ Set-AzAksClusterCredential -ResourceGroupName $resourceGroupName -Name $kubeClusterName -ServicePrincipalIdAndSecret $newCred -force
+ }
+ finally
+ {
+ Remove-AzResourceGroup -Name $resourceGroupName -Force
+ }
+}
\ No newline at end of file
diff --git a/src/Aks/Aks/Az.Aks.psd1 b/src/Aks/Aks/Az.Aks.psd1
index ee411956a577..dd6fb5902967 100644
--- a/src/Aks/Aks/Az.Aks.psd1
+++ b/src/Aks/Aks/Az.Aks.psd1
@@ -76,11 +76,11 @@ FunctionsToExport = @()
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = 'Get-AzAksCluster', 'New-AzAksCluster', 'Remove-AzAksCluster',
- 'Import-AzAksCredential', 'Start-AzAksDashboard',
+ 'Import-AzAksCredential', 'Start-AzAksDashboard',
'Stop-AzAksDashboard', 'Set-AzAksCluster', 'New-AzAksNodePool',
'Update-AzAksNodePool', 'Remove-AzAksNodePool', 'Get-AzAksNodePool',
'Install-AzAksKubectl', 'Get-AzAksVersion', 'Enable-AzAksAddOn',
- 'Disable-AzAksAddOn'
+ 'Disable-AzAksAddOn', 'Set-AzAksClusterCredential'
# Variables to export from this module
# VariablesToExport = @()
diff --git a/src/Aks/Aks/ChangeLog.md b/src/Aks/Aks/ChangeLog.md
index 598d0747eb1b..b64e1d6ab1c3 100644
--- a/src/Aks/Aks/ChangeLog.md
+++ b/src/Aks/Aks/ChangeLog.md
@@ -18,6 +18,7 @@
- Additional information about change #1
-->
## Upcoming Release
+* Add `Set-AzAksClusterCredential` to reset the ServicePrincipal of an existing AKS cluster.
## Version 2.0.2
* Refined error messages of cmdlet failure.
diff --git a/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs
new file mode 100644
index 000000000000..6b3f1d93ca4f
--- /dev/null
+++ b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs
@@ -0,0 +1,147 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+
+using Microsoft.Azure.Commands.Aks.Models;
+using Microsoft.Azure.Commands.Aks.Properties;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.ContainerService;
+using Microsoft.Azure.Management.ContainerService.Models;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using Microsoft.WindowsAzure.Commands.Common;
+
+using System;
+using System.Collections.Generic;
+using System.Management.Automation;
+using System.Text;
+
+namespace Microsoft.Azure.Commands.Aks
+{
+ [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzurePrefix + "AksClusterCredential", SupportsShouldProcess = true, DefaultParameterSetName = GroupNameParameterSet)]
+ [OutputType(typeof(bool))]
+ public class SetAzureRmAksCredential : KubeCmdletBase
+ {
+ private const string IdParameterSet = "IdParameterSet";
+ private const string GroupNameParameterSet = "GroupNameParameterSet";
+ private const string InputObjectParameterSet = "InputObjectParameterSet";
+
+ [Parameter(Mandatory = true,
+ ParameterSetName = InputObjectParameterSet,
+ ValueFromPipeline = true,
+ HelpMessage = "A PSKubernetesCluster object, normally passed through the pipeline.")]
+ [ValidateNotNullOrEmpty]
+ public PSKubernetesCluster InputObject { get; set; }
+
+ [Parameter(Mandatory = true,
+ ParameterSetName = IdParameterSet,
+ Position = 0,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Id of a managed Kubernetes cluster")]
+ [ValidateNotNullOrEmpty]
+ [Alias("ResourceId")]
+ public string Id { get; set; }
+
+ ///
+ /// Resource group name
+ ///
+ [Parameter(
+ Position = 0,
+ Mandatory = true,
+ ParameterSetName = GroupNameParameterSet,
+ HelpMessage = "Resource group name")]
+ [ResourceGroupCompleter()]
+ [ValidateNotNullOrEmpty]
+ public string ResourceGroupName { get; set; }
+
+ ///
+ /// Cluster name
+ ///
+ [Parameter(
+ Mandatory = true,
+ Position = 1,
+ ParameterSetName = GroupNameParameterSet,
+ HelpMessage = "Name of your managed Kubernetes cluster")]
+ [ValidateNotNullOrEmpty]
+ public string Name { get; set; }
+
+ [Parameter(
+ Mandatory = true,
+ ParameterSetName = InputObjectParameterSet,
+ HelpMessage = "The client id and client secret associated with the service principal.")]
+ [Parameter(
+ Mandatory = true,
+ ParameterSetName = GroupNameParameterSet,
+ HelpMessage = "The client id and client secret associated with the service principal.")]
+ [Parameter(
+ Mandatory = true,
+ ParameterSetName = IdParameterSet,
+ HelpMessage = "The client id and client secret associated with the service principal.")]
+ public PSCredential ServicePrincipalIdAndSecret { get; set; }
+
+ [Parameter(Mandatory = false)]
+ public SwitchParameter PassThru { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
+ public SwitchParameter AsJob { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "Remove managed Kubernetes cluster without prompt")]
+ public SwitchParameter Force { get; set; }
+
+ public override void ExecuteCmdlet()
+ {
+ base.ExecuteCmdlet();
+
+ switch (ParameterSetName)
+ {
+ case IdParameterSet:
+ {
+ var resource = new ResourceIdentifier(Id);
+ ResourceGroupName = resource.ResourceGroupName;
+ Name = resource.ResourceName;
+ break;
+ }
+ case InputObjectParameterSet:
+ {
+ var resource = new ResourceIdentifier(InputObject.Id);
+ ResourceGroupName = resource.ResourceGroupName;
+ Name = resource.ResourceName;
+ break;
+ }
+ }
+
+ var msg = $"{Name} in {ResourceGroupName}";
+
+ ConfirmAction(Force.IsPresent,
+ Resources.ResetTheCredentialOfAksCluster,
+ Resources.ResetingTheCredentialOfAksCluster,
+ msg,
+ () =>
+ {
+ RunCmdLet(() =>
+ {
+ ManagedClusterServicePrincipalProfile servicePrincipalProfile = new ManagedClusterServicePrincipalProfile()
+ {
+ ClientId = ServicePrincipalIdAndSecret.UserName,
+ Secret = ServicePrincipalIdAndSecret.Password.ConvertToString()
+ };
+ Client.ManagedClusters.ResetServicePrincipalProfile(ResourceGroupName, Name, servicePrincipalProfile);
+ if (PassThru)
+ {
+ WriteObject(true);
+ }
+ });
+ });
+ }
+ }
+}
diff --git a/src/Aks/Aks/Properties/Resources.Designer.cs b/src/Aks/Aks/Properties/Resources.Designer.cs
index 48c456ea7650..81bd3b495ee5 100644
--- a/src/Aks/Aks/Properties/Resources.Designer.cs
+++ b/src/Aks/Aks/Properties/Resources.Designer.cs
@@ -609,6 +609,24 @@ internal static string RemovingTheManagedKubernetesCluster {
}
}
+ ///
+ /// Looks up a localized string similar to Reseting the credential of the aks cluster..
+ ///
+ internal static string ResetingTheCredentialOfAksCluster {
+ get {
+ return ResourceManager.GetString("ResetingTheCredentialOfAksCluster", resourceCulture);
+ }
+ }
+
+ ///
+ /// Looks up a localized string similar to Do you want to reset the credential of the aks cluster?.
+ ///
+ internal static string ResetTheCredentialOfAksCluster {
+ get {
+ return ResourceManager.GetString("ResetTheCredentialOfAksCluster", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to Retry {0} for {1} after error: {2}.
///
diff --git a/src/Aks/Aks/Properties/Resources.resx b/src/Aks/Aks/Properties/Resources.resx
index 4bc3defb8399..036b135f2516 100644
--- a/src/Aks/Aks/Properties/Resources.resx
+++ b/src/Aks/Aks/Properties/Resources.resx
@@ -411,4 +411,10 @@
Could not assign subscription contributor permission to service principal just created. Please make sure you have permission to assign subscription contributor role, or you could use parameter -ClientIdAndSecret to specify one existing service principal id and secret.
+
+ Reseting the credential of the aks cluster.
+
+
+ Do you want to reset the credential of the aks cluster?
+
\ No newline at end of file
diff --git a/src/Aks/Aks/help/Az.Aks.md b/src/Aks/Aks/help/Az.Aks.md
index 71995c33a824..f6eb8c45a9b3 100644
--- a/src/Aks/Aks/help/Az.Aks.md
+++ b/src/Aks/Aks/help/Az.Aks.md
@@ -21,7 +21,7 @@ Enable the addons for aks.
List Kubernetes managed clusters.
### [Get-AzAksNodePool](Get-AzAksNodePool.md)
-Create node pool in specified cluster.
+List node pools in specified cluster.
### [Get-AzAksVersion](Get-AzAksVersion.md)
List available version for creating managed Kubernetes cluster.
@@ -47,6 +47,9 @@ Delete node pool from managed cluster.
### [Set-AzAksCluster](Set-AzAksCluster.md)
Update or create a managed Kubernetes cluster.
+### [Set-AzAksClusterCredential](Set-AzAksClusterCredential.md)
+Reset the ServicePrincipal of a existing aks cluster.
+
### [Start-AzAksDashboard](Start-AzAksDashboard.md)
Create a Kubectl SSH tunnel to the managed cluster's dashboard.
diff --git a/src/Aks/Aks/help/Set-AzAksClusterCredential.md b/src/Aks/Aks/help/Set-AzAksClusterCredential.md
new file mode 100644
index 000000000000..da2183b6694b
--- /dev/null
+++ b/src/Aks/Aks/help/Set-AzAksClusterCredential.md
@@ -0,0 +1,232 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.Aks.dll-Help.xml
+Module Name: Az.Aks
+online version: https://docs.microsoft.com/powershell/module/az.aks/set-azaksclustercredential
+schema: 2.0.0
+---
+
+# Set-AzAksClusterCredential
+
+## SYNOPSIS
+Reset the ServicePrincipal of an existing AKS cluster.
+
+## SYNTAX
+
+### GroupNameParameterSet (Default)
+```
+Set-AzAksClusterCredential [-ResourceGroupName] [-Name]
+ -ServicePrincipalIdAndSecret [-PassThru] [-AsJob] [-Force]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### InputObjectParameterSet
+```
+Set-AzAksClusterCredential -InputObject -ServicePrincipalIdAndSecret
+ [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm]
+ []
+```
+
+### IdParameterSet
+```
+Set-AzAksClusterCredential [-Id] -ServicePrincipalIdAndSecret [-PassThru] [-AsJob]
+ [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+## DESCRIPTION
+Reset the ServicePrincipal of an existing AKS cluster.
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> $SecPasswd = ConvertTo-SecureString $password -AsPlainText -Force
+PS C:\> $Credential = $(New-Object System.Management.Automation.PSCredential ('6f277dd3-e481-4518-8aab-35c31662bad9', $SecPasswd))
+PS C:\> Set-AzAksClusterCredential -ResourceGroupName $ResourceGroupName -Name $Name -ServicePrincipalIdAndSecret $Credential -force
+```
+
+Set the service principal of a existing kubernetes cluster with resource group name and cluster name.
+
+## PARAMETERS
+
+### -AsJob
+Run cmdlet in the background
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Force
+Remove managed Kubernetes cluster without prompt
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Id
+Id of a managed Kubernetes cluster
+
+```yaml
+Type: System.String
+Parameter Sets: IdParameterSet
+Aliases: ResourceId
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -InputObject
+A PSKubernetesCluster object, normally passed through the pipeline.
+
+```yaml
+Type: Microsoft.Azure.Commands.Aks.Models.PSKubernetesCluster
+Parameter Sets: InputObjectParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Name
+Name of your managed Kubernetes cluster
+
+```yaml
+Type: System.String
+Parameter Sets: GroupNameParameterSet
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PassThru
+Returns true if reset is successful.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Resource group name
+
+```yaml
+Type: System.String
+Parameter Sets: GroupNameParameterSet
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ServicePrincipalIdAndSecret
+The client id and client secret associated with the service principal.
+
+```yaml
+Type: System.Management.Automation.PSCredential
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### Microsoft.Azure.Commands.Aks.Models.PSKubernetesCluster
+
+### System.String
+
+## OUTPUTS
+
+### System.Boolean
+
+## NOTES
+
+## RELATED LINKS