[AKS] support parameter EnableOidcIssuer

src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs

@@ -198,5 +198,12 @@ public void TestPodSubnetID()
         {
             TestRunner.RunTestScript("Test-PodSubnetID");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestEnableOidcIssuer()
+        {
+            TestRunner.RunTestScript("Test-EnableOidcIssuer");
+        }
     }
 }

src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1

@@ -1161,4 +1161,42 @@ function Test-PodSubnetID {
     finally {
         Remove-AzResourceGroup -Name $resourceGroupName -Force
     }
+}
+
+function Test-EnableOidcIssuer {
+    # Setup
+    $resourceGroupName = Get-RandomResourceGroupName
+    $kubeClusterName1 = Get-RandomClusterName
+    $kubeClusterName2 = Get-RandomClusterName
+    $location = 'eastus'
+    $nodeVmSize = "Standard_D2_v2"
+
+    try {
+        New-AzResourceGroup -Name $resourceGroupName -Location $location
+
+        New-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName1 -NodeVmSize $nodeVmSize -NodeCount 1 -EnableOidcIssuer
+        $cluster1 = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName1
+        Assert-True {$cluster1.OidcIssuerProfile.Enabled}
+        Assert-True {$cluster1.OidcIssuerProfile.IssuerURL.StartsWith("https://eastus.oic.prod-aks.azure.com")}
+
+        # set EnableOidcIssuer=false should not work.
+        Set-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName1 -EnableOidcIssuer:$false
+        $cluster1 = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName1
+        Assert-True {$cluster1.OidcIssuerProfile.Enabled}
+        Assert-True {$cluster1.OidcIssuerProfile.IssuerURL.StartsWith("https://eastus.oic.prod-aks.azure.com")}
+
+        New-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName2 -NodeCount 1
+        $cluster2 = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName2
+        Assert-False {$cluster2.OidcIssuerProfile.Enabled}
+        Assert-Null $cluster2.OidcIssuerProfile.IssuerURL
+
+        Set-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName2 -EnableOidcIssuer
+        $cluster2 = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName2
+        Assert-True {$cluster2.OidcIssuerProfile.Enabled}
+        Assert-True {$cluster2.OidcIssuerProfile.IssuerURL.StartsWith("https://eastus.oic.prod-aks.azure.com")}
+
+    }
+    finally {
+        Remove-AzResourceGroup -Name $resourceGroupName -Force
+    }
 }

src/Aks/Aks/ChangeLog.md

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Added parameter `-EnableOidcIssuer` for `New-AzAksCluster` and `Set-AzAksCluster`
 * Added parameter `-NodePodSubnetID` for `New-AzAksCluster`, `-PodSubnetID` for `New-AzAksNodePool`
 
 ## Version 5.3.2

src/Aks/Aks/Commands/NewAzureRmAks.cs

@@ -179,6 +179,9 @@ public class NewAzureRmAks : CreateOrUpdateKubeBase
         [Parameter(Mandatory = false, HelpMessage = "The ID of the subnet which pods will join when launched.")]
         public string NodePodSubnetID { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Whether to enalbe OIDC issuer feature.")]
+        public SwitchParameter EnableOidcIssuer { get; set; }
+
         private AcsServicePrincipal acsServicePrincipal;
 
         public override void ExecuteCmdlet()
@@ -429,6 +432,11 @@ private ManagedCluster BuildNewCluster()
                 managedCluster.ExtendedLocation = new ExtendedLocation(name: EdgeZone, type: "EdgeZone");
             }
 
+            if (EnableOidcIssuer.IsPresent)
+            {
+                managedCluster.OidcIssuerProfile = new ManagedClusterOIDCIssuerProfile(enabled: true);
+            }
+
             return managedCluster;
         }
 

src/Aks/Aks/Commands/SetAzureRmAks.cs

@@ -80,6 +80,9 @@ public class SetAzureRmAks : CreateOrUpdateKubeBase
         [Parameter(Mandatory = false, HelpMessage = "Whether to use use Uptime SLA.")]
         public SwitchParameter EnableUptimeSLA { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Whether to enalbe OIDC issuer feature.")]
+        public SwitchParameter EnableOidcIssuer { get; set; }
+
         private ManagedCluster BuildNewCluster()
         {
             BeforeBuildNewCluster();
@@ -420,6 +423,10 @@ public override void ExecuteCmdlet()
                     {
                         cluster.AadProfile = AadProfile;
                     }
+                    if (EnableOidcIssuer.IsPresent)
+                    {
+                        cluster.OidcIssuerProfile = new ManagedClusterOIDCIssuerProfile(enabled: true);
+                    }
                     SetIdentity(cluster);
 
                     var kubeCluster = this.CreateOrUpdate(ResourceGroupName, Name, cluster);

src/Aks/Aks/help/New-AzAksCluster.md

@@ -28,7 +28,7 @@ New-AzAksCluster [-NodeVmSetType <String>] [-NodeVnetSubnetID <String>] [-NodeMa
  [-NodeLinuxOSConfig <LinuxOSConfig>] [-NodeKubeletConfig <KubeletConfig>] [-NodeMaxSurge <String>]
  [-PPG <String>] [-EnableFIPS] [-AutoScalerProfile <ManagedClusterPropertiesAutoScalerProfile>]
  [-GpuInstanceProfile <String>] [-EnableUptimeSLA] [-EdgeZone <String>] [-NodeHostGroupID <String>]
- [-NodePodSubnetID <String>] [-ResourceGroupName] <String> [-Name] <String>
+ [-NodePodSubnetID <String>] [-EnableOidcIssuer] [-ResourceGroupName] <String> [-Name] <String>
  [[-ServicePrincipalIdAndSecret] <PSCredential>] [-Location <String>] [-LinuxProfileAdminUserName <String>]
  [-DnsNamePrefix <String>] [-KubernetesVersion <String>] [-NodeName <String>] [-NodeMinCount <Int32>]
  [-NodeMaxCount <Int32>] [-EnableNodeAutoScaling] [-NodeCount <Int32>] [-NodeOsDiskSize <Int32>]
@@ -501,6 +501,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -EnableOidcIssuer
+Whether to enalbe OIDC issuer feature.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EnableRbac
 Whether to enable Kubernetes Role-Based Access
 

src/Aks/Aks/help/Set-AzAksCluster.md

@@ -15,7 +15,7 @@ Update or create a managed Kubernetes cluster.
 ### defaultParameterSet (Default)
 ```
 Set-AzAksCluster [-NodePoolMode <String>] [-AcrNameToDetach <String>] [-NodeImageOnly] [-ControlPlaneOnly]
- [-AutoScalerProfile <ManagedClusterPropertiesAutoScalerProfile>] [-EnableUptimeSLA]
+ [-AutoScalerProfile <ManagedClusterPropertiesAutoScalerProfile>] [-EnableUptimeSLA] [-EnableOidcIssuer]
  [-ResourceGroupName] <String> [-Name] <String> [[-ServicePrincipalIdAndSecret] <PSCredential>]
  [-Location <String>] [-LinuxProfileAdminUserName <String>] [-DnsNamePrefix <String>]
  [-KubernetesVersion <String>] [-NodeName <String>] [-NodeMinCount <Int32>] [-NodeMaxCount <Int32>]
@@ -38,11 +38,11 @@ Set-AzAksCluster [-NodePoolMode <String>] [-AcrNameToDetach <String>] [-NodeImag
 ```
 Set-AzAksCluster -InputObject <PSKubernetesCluster> [-NodePoolMode <String>] [-AcrNameToDetach <String>]
  [-NodeImageOnly] [-ControlPlaneOnly] [-AutoScalerProfile <ManagedClusterPropertiesAutoScalerProfile>]
- [-EnableUptimeSLA] [-Location <String>] [-LinuxProfileAdminUserName <String>] [-DnsNamePrefix <String>]
- [-KubernetesVersion <String>] [-NodeName <String>] [-NodeMinCount <Int32>] [-NodeMaxCount <Int32>]
- [-EnableNodeAutoScaling] [-NodeCount <Int32>] [-NodeOsDiskSize <Int32>] [-NodeVmSize <String>]
- [-NodePoolLabel <Hashtable>] [-NodePoolTag <Hashtable>] [-SshKeyValue <String>] [-AcrNameToAttach <String>]
- [-AsJob] [-Tag <Hashtable>] [-LoadBalancerAllocatedOutboundPort <Int32>]
+ [-EnableUptimeSLA] [-EnableOidcIssuer] [-Location <String>] [-LinuxProfileAdminUserName <String>]
+ [-DnsNamePrefix <String>] [-KubernetesVersion <String>] [-NodeName <String>] [-NodeMinCount <Int32>]
+ [-NodeMaxCount <Int32>] [-EnableNodeAutoScaling] [-NodeCount <Int32>] [-NodeOsDiskSize <Int32>]
+ [-NodeVmSize <String>] [-NodePoolLabel <Hashtable>] [-NodePoolTag <Hashtable>] [-SshKeyValue <String>]
+ [-AcrNameToAttach <String>] [-AsJob] [-Tag <Hashtable>] [-LoadBalancerAllocatedOutboundPort <Int32>]
  [-LoadBalancerManagedOutboundIpCount <Int32>] [-LoadBalancerOutboundIp <String[]>]
  [-LoadBalancerOutboundIpPrefix <String[]>] [-LoadBalancerIdleTimeoutInMinute <Int32>]
  [-ApiServerAccessAuthorizedIpRange <String[]>] [-EnableApiServerAccessPrivateCluster]
@@ -59,7 +59,7 @@ Set-AzAksCluster -InputObject <PSKubernetesCluster> [-NodePoolMode <String>] [-A
 ```
 Set-AzAksCluster [-NodePoolMode <String>] [-AcrNameToDetach <String>] [-NodeImageOnly] [-ControlPlaneOnly]
  [-Id] <String> [-AutoScalerProfile <ManagedClusterPropertiesAutoScalerProfile>] [-EnableUptimeSLA]
- [-Location <String>] [-LinuxProfileAdminUserName <String>] [-DnsNamePrefix <String>]
+ [-EnableOidcIssuer] [-Location <String>] [-LinuxProfileAdminUserName <String>] [-DnsNamePrefix <String>]
  [-KubernetesVersion <String>] [-NodeName <String>] [-NodeMinCount <Int32>] [-NodeMaxCount <Int32>]
  [-EnableNodeAutoScaling] [-NodeCount <Int32>] [-NodeOsDiskSize <Int32>] [-NodeVmSize <String>]
  [-NodePoolLabel <Hashtable>] [-NodePoolTag <Hashtable>] [-SshKeyValue <String>] [-AcrNameToAttach <String>]
@@ -403,6 +403,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -EnableOidcIssuer
+Whether to enalbe OIDC issuer feature.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EnableUptimeSLA
 Whether to use use Uptime SLA.