Skip to content
This repository was archived by the owner on May 13, 2025. It is now read-only.

bump k8s-extension version to 1.2.5 #149

Closed
bavneetsingh16 wants to merge 35 commits into from
Closed

bump k8s-extension version to 1.2.5 #149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
93cc360
{AKS-preview} Bump the AKS-preview extension version (#5089)
ganga1980 Jul 11, 2022
b02803b
{AzContainerApp} fixes Azure/azure-cli-extensions#5067 (#5085)
navba-MSFT Jul 11, 2022
afc93e6
[k8s-extension] Update extension CLI to v1.2.4 (#5095)
bavneetsingh16 Jul 12, 2022
4c6922a
[Release] Update index.json for extension [ aks-preview ] (#5097)
azclibot Jul 12, 2022
e0f35f5
Added v2.6.0 for ml extension (#5096)
nthandeMS Jul 12, 2022
81454d1
chore(arcdata): version bump to 1.4.3 (#5101)
swells Jul 12, 2022
839a154
AMG: fix a casing of the SKU name (#5110)
yugangw-msft Jul 13, 2022
503d796
[Release] Update index.json for extension [ k8s-extension ] (#5105)
azclibot Jul 13, 2022
fd006ce
[Release] Update index.json for extension [ amg ] (#5112)
azclibot Jul 13, 2022
b585fdb
{AKS} Fix enabled virtual node addon showing wrong status in `aks add…
navba-MSFT Jul 13, 2022
db42fa9
{AKS} Add test for virtual node addon in `aks addon list` (#5113)
FumingZhang Jul 13, 2022
e9801ef
[Release] Update index.json for extension [ aks-preview ] (#5114)
azclibot Jul 13, 2022
fc3a348
{AKS} Fix compatibility issue when enabling Microsoft Defender via ak…
FumingZhang Jul 13, 2022
b580fcd
resolve release conflict (#5119)
FumingZhang Jul 14, 2022
dea31e0
ArcAppliance July Release 0.2.25 (#5116)
saisankargochhayat Jul 14, 2022
d4270cc
release new version of aks-preview (#5118)
FumingZhang Jul 14, 2022
039561f
[Release] Update index.json for extension [ aks-preview ] (#5120)
azclibot Jul 14, 2022
080fe1d
Update the index.json (#5121)
diondrapeck Jul 15, 2022
69f8325
chore(arcdata): version bump to 1.4.4 (#5122)
swells Jul 15, 2022
15e5e89
Azure Arc Diagnostic (#5025)
svagadia Jul 15, 2022
50e3505
[storage-preview] Fix #22699: fixing typo (#5124)
RakeshMohanMSFT Jul 18, 2022
f4a9a46
[Release] Update index.json for extension [ connectedk8s ] (#5123)
azclibot Jul 18, 2022
3ff68f7
regenerate (#5127)
kairu-ms Jul 19, 2022
41d3825
{FunctionApp} Fix #16323: Fix minor typo (#5134)
RakeshMohanMSFT Jul 20, 2022
8cfca65
{AKS} Vendor 2022-06-02-preview for aks-preview (#5135)
FumingZhang Jul 20, 2022
845c87a
Increase the timeout of diagnoser job completion to 180 sec (#5136)
sirireddy12 Jul 20, 2022
1c76659
[Release] Update index.json for extension [ connectedk8s ] (#5137)
azclibot Jul 20, 2022
1a343bb
[IoT] IoT Extension Release v0.16.1 (#5140)
c-ryan-k Jul 20, 2022
cddccec
Merge branch 'main' of github.com:Azure/azure-cli-extensions into rel…
Jul 21, 2022
0386cea
bump version to 1.2.5
Jul 21, 2022
8aaa983
[CosmosDB] Adding support to retrieve and redistribute physical parti…
ravgill Jul 22, 2022
ca8d23c
{AKS} support disabling Azure KeyVault KMS (#5087)
bingosummer Jul 25, 2022
4161241
[Release] Update index.json for extension [ scheduled-query ] (#5128)
azclibot Jul 25, 2022
99dd4ab
{AKS} Refine tests for azurekeyvaultkms (#5100)
bingosummer Jul 25, 2022
5c7b82d
Merge branch 'Azure:main' into release-1.2.5
bavneetsingh16 Jul 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions linter_exclusions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,12 @@ sql mi-arc create:
sync_secondary_to_commit:
rule_exclusions:
- option_length_too_long
storage_class_orchestrator_logs:
rule_exclusions:
- option_length_too_long
volume_size_orchestrator_logs:
rule_exclusions:
- option_length_too_long
attestation policy set:
parameters:
new_attestation_policy:
Expand Down Expand Up @@ -688,6 +694,17 @@ dms project task create:
target_connection_json:
rule_exclusions:
- option_length_too_long
dt data-history connection create:
rule_exclusions:
- require_wait_command_if_no_wait
dt data-history connection create adx:
parameters:
adx_resource_group:
rule_exclusions:
- parameter_should_not_end_in_resource_group
eh_resource_group:
rule_exclusions:
- parameter_should_not_end_in_resource_group
dt endpoint create servicebus:
parameters:
servicebus_resource_group:
Expand Down Expand Up @@ -1085,6 +1102,22 @@ iot central export update:
central_dns_suffix:
rule_exclusions:
- no_parameter_defaults_for_update_commands
iot central device attestation update:
parameters:
api_version:
rule_exclusions:
- no_parameter_defaults_for_update_commands
central_dns_suffix:
rule_exclusions:
- no_parameter_defaults_for_update_commands
iot central device twin update:
parameters:
api_version:
rule_exclusions:
- no_parameter_defaults_for_update_commands
central_dns_suffix:
rule_exclusions:
- no_parameter_defaults_for_update_commands
iot central device update:
parameters:
api_version:
Expand All @@ -1093,6 +1126,14 @@ iot central device update:
central_dns_suffix:
rule_exclusions:
- no_parameter_defaults_for_update_commands
iot central device-group update:
parameters:
api_version:
rule_exclusions:
- no_parameter_defaults_for_update_commands
central_dns_suffix:
rule_exclusions:
- no_parameter_defaults_for_update_commands
iot central device-template update:
parameters:
api_version:
Expand Down
24 changes: 24 additions & 0 deletions src/aks-preview/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,30 @@ To release a new version, please select a new version number (usually plus 1 to
Pending
+++++++

* Support disabling Azure KeyVault KMS.

0.5.91
++++++

* Fix compatibility issue when enabling Microsoft Defender via aks-preview.
* az aks create
* az aks update

0.5.90 (NOT RELEASED)
+++++++++++++++++++++

* Skip this version due to conflict.

0.5.89
++++++

* Fix for the az aks addon list command to return enable:true, if virtual-node addon is enabled for the AKS cluster.

0.5.88
++++++

* AKS Monitoring MSI Auth related code imported from Azure CLI to reuse the code between aks-preview and Azure CLI.

0.5.87
++++++

Expand Down
2 changes: 1 addition & 1 deletion src/aks-preview/azext_aks_preview/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ def register_aks_preview_resource_type():
register_resource_type(
"latest",
CUSTOM_MGMT_AKS_PREVIEW,
SDKProfile("2022-05-02-preview", {"container_services": "2017-07-01"}),
SDKProfile("2022-06-02-preview", {"container_services": "2017-07-01"}),
)


Expand Down
3 changes: 3 additions & 0 deletions src/aks-preview/azext_aks_preview/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -771,6 +771,9 @@
- name: --enable-azure-keyvault-kms
type: bool
short-summary: Enable Azure KeyVault Key Management Service.
- name: --disable-azure-keyvault-kms
type: bool
short-summary: Disable Azure KeyVault Key Management Service.
- name: --azure-keyvault-kms-key-id
type: string
short-summary: Identifier of Azure Key Vault key.
Expand Down
1 change: 1 addition & 0 deletions src/aks-preview/azext_aks_preview/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,7 @@ def load_arguments(self, _):
c.argument('enable_workload_identity', arg_type=get_three_state_flag())
c.argument('enable_oidc_issuer', action='store_true', is_preview=True)
c.argument('enable_azure_keyvault_kms', action='store_true', is_preview=True)
c.argument('disable_azure_keyvault_kms', action='store_true', is_preview=True)
c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id, is_preview=True)
c.argument('azure_keyvault_kms_key_vault_network_access', arg_type=get_enum_type(keyvault_network_access_types), is_preview=True)
c.argument('azure_keyvault_kms_key_vault_resource_id', validator=validate_azure_keyvault_kms_key_vault_resource_id, is_preview=True)
Expand Down
4 changes: 4 additions & 0 deletions src/aks-preview/azext_aks_preview/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -766,6 +766,7 @@ def aks_update(
enable_workload_identity=None,
enable_oidc_issuer=False,
enable_azure_keyvault_kms=False,
disable_azure_keyvault_kms=False,
azure_keyvault_kms_key_id=None,
azure_keyvault_kms_key_vault_network_access=None,
azure_keyvault_kms_key_vault_resource_id=None,
Expand Down Expand Up @@ -1383,6 +1384,7 @@ def aks_addon_list_available():
def aks_addon_list(cmd, client, resource_group_name, name):
mc = client.get(resource_group_name, name)
current_addons = []
os_type = 'Linux'

for name, addon_key in ADDONS.items():
# web_application_routing is a special case, the configuration is stored in a separate profile
Expand All @@ -1395,6 +1397,8 @@ def aks_addon_list(cmd, client, resource_group_name, name):
else False
)
else:
if name == "virtual-node":
addon_key += os_type
enabled = (
True
if mc.addon_profiles and
Expand Down
127 changes: 127 additions & 0 deletions src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@
ManagedClusterStorageProfileBlobCSIDriver = TypeVar('ManagedClusterStorageProfileBlobCSIDriver')
ManagedClusterStorageProfileSnapshotController = TypeVar('ManagedClusterStorageProfileSnapshotController')
ManagedClusterIngressProfileWebAppRouting = TypeVar("ManagedClusterIngressProfileWebAppRouting")
ManagedClusterSecurityProfileDefender = TypeVar("ManagedClusterSecurityProfileDefender")


# pylint: disable=too-few-public-methods
Expand Down Expand Up @@ -679,6 +680,37 @@ def get_enable_azure_keyvault_kms(self) -> bool:
"""
return self._get_enable_azure_keyvault_kms(enable_validation=True)

def _get_disable_azure_keyvault_kms(self, enable_validation: bool = False) -> bool:
"""Internal function to obtain the value of disable_azure_keyvault_kms.

This function supports the option of enable_validation. When enabled, if both enable_azure_keyvault_kms and disable_azure_keyvault_kms are
specified, raise a MutuallyExclusiveArgumentError.

:return: bool
"""
# Read the original value passed by the command.
disable_azure_keyvault_kms = self.raw_param.get("disable_azure_keyvault_kms")

# This option is not supported in create mode, hence we do not read the property value from the `mc` object.
# This parameter does not need dynamic completion.
if enable_validation:
if disable_azure_keyvault_kms and self._get_enable_azure_keyvault_kms(enable_validation=False):
raise MutuallyExclusiveArgumentError(
"Cannot specify --enable-azure-keyvault-kms and --disable-azure-keyvault-kms at the same time."
)

return disable_azure_keyvault_kms

def get_disable_azure_keyvault_kms(self) -> bool:
"""Obtain the value of disable_azure_keyvault_kms.

This function will verify the parameter by default. If both enable_azure_keyvault_kms and disable_azure_keyvault_kms are specified, raise a
MutuallyExclusiveArgumentError.

:return: bool
"""
return self._get_disable_azure_keyvault_kms(enable_validation=True)

def _get_azure_keyvault_kms_key_id(self, enable_validation: bool = False) -> Union[str, None]:
"""Internal function to obtain the value of azure_keyvault_kms_key_id according to the context.

Expand Down Expand Up @@ -1333,6 +1365,53 @@ def get_disable_keda(self) -> bool:
"""
return self._get_disable_keda(enable_validation=True)

def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]:
"""Obtain the value of defender.

Note: Overwritten in aks-preview to adapt to v2 defender structure.

:return: ManagedClusterSecurityProfileDefender or None
"""
disable_defender = self.raw_param.get("disable_defender")
if disable_defender:
return self.models.ManagedClusterSecurityProfileDefender(
security_monitoring=self.models.ManagedClusterSecurityProfileDefenderSecurityMonitoring(
enabled=False
)
)

enable_defender = self.raw_param.get("enable_defender")

if not enable_defender:
return None

workspace = ""
config_file_path = self.raw_param.get("defender_config")
if config_file_path:
if not os.path.isfile(config_file_path):
raise InvalidArgumentValueError(
"{} is not valid file, or not accessable.".format(
config_file_path
)
)
defender_config = get_file_json(config_file_path)
if "logAnalyticsWorkspaceResourceId" in defender_config:
workspace = defender_config["logAnalyticsWorkspaceResourceId"]

if workspace == "":
workspace = self.external_functions.ensure_default_log_analytics_workspace_for_monitoring(
self.cmd,
self.get_subscription_id(),
self.get_resource_group_name())

azure_defender = self.models.ManagedClusterSecurityProfileDefender(
log_analytics_workspace_resource_id=workspace,
security_monitoring=self.models.ManagedClusterSecurityProfileDefenderSecurityMonitoring(
enabled=enable_defender
),
)
return azure_defender


class AKSPreviewManagedClusterCreateDecorator(AKSManagedClusterCreateDecorator):
def __init__(
Expand Down Expand Up @@ -1621,6 +1700,24 @@ def set_up_workload_auto_scaler_profile(self, mc: ManagedCluster) -> ManagedClus

return mc

def set_up_defender(self, mc: ManagedCluster) -> ManagedCluster:
"""Set up defender for the ManagedCluster object.

Note: Overwritten in aks-preview to adapt to v2 defender structure.

:return: the ManagedCluster object
"""
self._ensure_mc(mc)

defender = self.context.get_defender_config()
if defender:
if mc.security_profile is None:
mc.security_profile = self.models.ManagedClusterSecurityProfile()

mc.security_profile.defender = defender

return mc

def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) -> ManagedCluster:
"""The overall controller used to construct the default ManagedCluster profile.

Expand Down Expand Up @@ -1898,6 +1995,18 @@ def update_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster:
self.context.get_azure_keyvault_kms_key_vault_resource_id()
)

if self.context.get_disable_azure_keyvault_kms():
# get kms profile
if mc.security_profile is None:
mc.security_profile = self.models.ManagedClusterSecurityProfile()
azure_key_vault_kms_profile = mc.security_profile.azure_key_vault_kms
if azure_key_vault_kms_profile is None:
azure_key_vault_kms_profile = self.models.AzureKeyVaultKms()
mc.security_profile.azure_key_vault_kms = azure_key_vault_kms_profile

# set enabled to False
azure_key_vault_kms_profile.enabled = False

return mc

def update_storage_profile(self, mc: ManagedCluster) -> ManagedCluster:
Expand Down Expand Up @@ -1930,6 +2039,24 @@ def update_workload_auto_scaler_profile(self, mc: ManagedCluster) -> ManagedClus

return mc

def update_defender(self, mc: ManagedCluster) -> ManagedCluster:
"""Update defender for the ManagedCluster object.

Note: Overwritten in aks-preview to adapt to v2 defender structure.

:return: the ManagedCluster object
"""
self._ensure_mc(mc)

defender = self.context.get_defender_config()
if defender:
if mc.security_profile is None:
mc.security_profile = self.models.ManagedClusterSecurityProfile()

mc.security_profile.defender = defender

return mc

def update_mc_profile_preview(self) -> ManagedCluster:
"""The overall controller used to update the preview ManagedCluster profile.

Expand Down
3 changes: 3 additions & 0 deletions src/aks-preview/azext_aks_preview/tests/latest/data/defenderconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"logAnalyticsWorkspaceResourceId": "test_workspace_resource_id"
}
Loading