Fix bug with --exclude-default-fragments

src/aks-agent/HISTORY.rst

@@ -12,6 +12,11 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 
+1.0.0b4
++++++++
+* Fix the --aks-mcp flag to allow true/false values.
+* Bump aks-mcp version to v0.0.9
+
 1.0.0b3
 +++++++
 * Disable aks-mcp by default, offer --aks-mcp flag to enable it.

src/aks-agent/azext_aks_agent/_consts.py

@@ -13,6 +13,6 @@
 CONST_MCP_BINARY_NAME = "aks-mcp"
 CONST_MCP_DEFAULT_PORT = 8003
 CONST_MCP_DEFAULT_URL = "http://localhost:8003/sse"
-CONST_MCP_MIN_VERSION = "0.0.7"
+CONST_MCP_MIN_VERSION = "0.0.9"
 CONST_MCP_GITHUB_REPO = "Azure/aks-mcp"
 CONST_MCP_BINARY_DIR = "bin"

src/aks-agent/azext_aks_agent/_params.py

@@ -90,10 +90,7 @@ def load_arguments(self, _):
             "use_aks_mcp",
             options_list=["--aks-mcp"],
             default=False,
-            arg_type=get_three_state_flag(
-                positive_label="Enable AKS MCP integration",
-                negative_label="Disable AKS MCP integration",
-            ),
+            arg_type=get_three_state_flag(),
             help=(
                 "Enable AKS MCP integration for enhanced capabilities. "
                 "Traditional mode is the default. Use --aks-mcp to enable MCP mode, or "

src/aks-agent/setup.py

@@ -9,7 +9,7 @@
 
 from setuptools import find_packages, setup
 
-VERSION = "1.0.0b3"
+VERSION = "1.0.0b4"
 
 CLASSIFIERS = [
     "Development Status :: 4 - Beta",
@@ -43,7 +43,7 @@
     author_email="azpycli@microsoft.com",
     url="https://github.com/Azure/azure-cli-extensions/tree/main/src/aks-agent",
     classifiers=CLASSIFIERS,
-    packages=find_packages(exclude=["tests"]),
+    packages=find_packages(exclude=["*.tests", "*.tests.*"]),
     package_data={"azext_aks_agent": ["azext_metadata.json"]},
     install_requires=DEPENDENCIES,
 )

src/aks-preview/HISTORY.rst

@@ -11,6 +11,21 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
+* Fix `--localdns-config` parameter to handle null values in JSON configuration files gracefully, preventing crashes when DNS override sections are null.
+* Add jwtauthenticator commands `az aks jwtauthenticator add/update/show/list/delete` to manage JWT authenticators for a managed cluster.
+
+18.0.0b40
++++++++
+* Add option `Windows2025` to `--os-sku` for `az aks nodepool add`.
+* `az aks create`: Add new parameter `--container-storage-version` to enable the given version of Azure Container Storage.
+* `az aks update`: Add new parameter `--container-storage-version` to enable the given version of Azure Container Storage.
+* `az aks create`: Change behavior of `--enable-azure-container-storage` to enable latest Azure Container Storage by default.
+* `az aks update`: Change behavior of `--enable-azure-container-storage` to enable latest Azure Container Storage by default.
+* `az aks update`: Change behavior of `--disable-azure-container-storage` to handle disable based on the installed version.
+
+18.0.0b39
++++++++
+* Add option `AzureLinuxOSGuard` and `AzureLinux3OSGuard` to `--os-sku` for `az aks nodepool add` and `az aks nodepool update`.
 * Add machine command `az aks machine add` to add a machine to an existing machine pool.
 * Add blue-green upgrade strategy support for AKS node pools:
   - `az aks nodepool add/update/upgrade`: Add `--upgrade-strategy` parameter to switch between rolling and blue-green nodepool upgrades. 

src/aks-preview/azext_aks_preview/_client_factory.py

@@ -155,3 +155,7 @@ def get_keyvault_client(cli_ctx, subscription_id=None):
 
 def cf_load_balancers(cli_ctx, *_):
     return get_container_service_client(cli_ctx).load_balancers
+
+
+def cf_jwt_authenticators(cli_ctx, *_):
+    return get_container_service_client(cli_ctx).jwt_authenticators

src/aks-preview/azext_aks_preview/_consts.py

@@ -36,11 +36,14 @@
 CONST_OS_SKU_MARINER = "Mariner"
 CONST_OS_SKU_WINDOWS2019 = "Windows2019"
 CONST_OS_SKU_WINDOWS2022 = "Windows2022"
+CONST_OS_SKU_WINDOWS2025 = "Windows2025"
 CONST_OS_SKU_WINDOWSANNUAL = "WindowsAnnual"
 CONST_OS_SKU_AZURELINUX = "AzureLinux"
 CONST_OS_SKU_AZURELINUX3 = "AzureLinux3"
 CONST_OS_SKU_UBUNTU2204 = "Ubuntu2204"
 CONST_OS_SKU_UBUNTU2404 = "Ubuntu2404"
+CONST_OS_SKU_AZURELINUXOSGUARD = "AzureLinuxOSGuard"
+CONST_OS_SKU_AZURELINUX3OSGUARD = "AzureLinux3OSGuard"
 
 # vm set type
 CONST_VIRTUAL_MACHINE_SCALE_SETS = "VirtualMachineScaleSets"

src/aks-preview/azext_aks_preview/_format.py

@@ -486,3 +486,52 @@ def _get_extension_type_versions_table_row(result):
     return OrderedDict([
         ('versions', result['properties']['version'])
     ])
+
+
+def aks_jwtauthenticator_list_table_format(results):
+    """Format a list of JWT authenticators as summary results for display with "-o table". """
+    return [_get_jwtauthenticator_table_row(result) for result in results]
+
+
+def aks_jwtauthenticator_show_table_format(result):
+    """Format a JWT authenticator as summary results for display with "-o table". """
+    return _get_jwtauthenticator_table_row(result)
+
+
+def _get_jwtauthenticator_table_row(result):
+    """Extract information from a JWT authenticator for table display."""
+    properties = result.get('properties', {})
+    provisioningState = properties.get('provisioningState', '')
+    issuer = properties.get('issuer', {})
+
+    issuer_url = issuer.get('url', '') if issuer else ''
+    audiences = issuer.get('audiences', []) if issuer else []
+    audience_list = ', '.join(audiences) if audiences else ''
+
+    claim_mappings = properties.get('claimMappings', {})
+    has_claim_mappings = 'No'
+    if claim_mappings:
+        has_username = bool(claim_mappings.get('username'))
+        has_groups = bool(claim_mappings.get('groups'))
+        has_uid = bool(claim_mappings.get('uid'))
+        has_extra = (claim_mappings.get('extra') and
+                     isinstance(claim_mappings['extra'], list) and
+                     len(claim_mappings['extra']) > 0)
+
+        if has_username or has_groups or has_uid or has_extra:
+            has_claim_mappings = 'Yes'
+
+    claim_rules = properties.get('claimValidationRules', [])
+    user_rules = properties.get('userValidationRules', [])
+    has_claim_rules = 'Yes' if claim_rules else 'No'
+    has_user_rules = 'Yes' if user_rules else 'No'
+
+    return OrderedDict([
+        ('name', result.get('name', '')),
+        ('provisioningState', provisioningState),
+        ('issuerUrl', issuer_url),
+        ('audiences', audience_list),
+        ('hasClaimMappings', has_claim_mappings),
+        ('hasClaimRules', has_claim_rules),
+        ('hasUserRules', has_user_rules),
+    ])

src/aks-preview/azext_aks_preview/_help.py

@@ -1928,7 +1928,7 @@
           short-summary: The OS Type. Linux or Windows. Windows not supported yet for "VirtualMachines" VM set type.
         - name: --os-sku
           type: string
-          short-summary: The os-sku of the agent node pool. Ubuntu, Ubuntu2204, Ubuntu2404, CBLMariner, AzureLinux or AzureLinux3 when os-type is Linux, default is Ubuntu if not set; Windows2019, Windows2022 or WindowsAnnual when os-type is Windows, the current default is Windows2022 if not set.
+          short-summary: The os-sku of the agent node pool. Ubuntu, Ubuntu2204, Ubuntu2404, CBLMariner, AzureLinux， AzureLinux3, AzureLinuxOSGuard, or AzureLinux3OSGuard when os-type is Linux, default is Ubuntu if not set; Windows2019, Windows2022, Windows2025, or WindowsAnnual when os-type is Windows, the current default is Windows2022 if not set.
         - name: --enable-fips-image
           type: bool
           short-summary: Use FIPS-enabled OS on agent nodes.
@@ -4082,3 +4082,109 @@
           type: string
           short-summary: Name of the identity binding to show.
 """
+
+helps['aks jwtauthenticator'] = """
+    type: group
+    short-summary: Commands to manage JWT authenticators in Azure Kubernetes Service.
+    long-summary: JWT authenticators enable external JWT token validation for Kubernetes authentication.
+                  For more information, see https://aka.ms/aks-external-issuers-docs.
+"""
+
+helps['aks jwtauthenticator add'] = """
+    type: command
+    short-summary: Add a JWT authenticator to a managed cluster.
+    long-summary: Adds a new JWT authenticator configuration to the managed cluster for external JWT validation.
+                  The configuration will be applied to the kube-apiserver to enable JWT token authentication.
+    parameters:
+        - name: --cluster-name
+          type: string
+          short-summary: Name of the managed cluster.
+        - name: --name -n
+          type: string
+          short-summary: Name of the JWT authenticator (must be unique within the cluster).
+        - name: --config-file
+          type: string
+          short-summary: Path to JSON file containing the JWT authenticator configuration.
+          long-summary: The JSON file should contain the properties schema for one JWT authenticator.
+                        For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation
+                        at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration.
+                        Please note that not all fields available in the Kubernetes documentation are supported by AKS.
+                        For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
+        - name: --aks-custom-headers
+          type: string
+          short-summary: Send custom headers. When specified, format should be Key1=Value1,Key2=Value2
+    examples:
+        - name: Add a JWT authenticator from a configuration file
+          text: az aks jwtauthenticator add -g MyResourceGroup --cluster-name MyCluster --name myjwt --config-file config.json
+"""
+
+helps['aks jwtauthenticator update'] = """
+    type: command
+    short-summary: Update a JWT authenticator in a managed cluster.
+    long-summary: Updates an existing JWT authenticator configuration. The entire configuration will be replaced
+                  with the configuration from the provided file.
+    parameters:
+        - name: --cluster-name
+          type: string
+          short-summary: Name of the managed cluster.
+        - name: --name -n
+          type: string
+          short-summary: Name of the JWT authenticator to update.
+        - name: --config-file
+          type: string
+          short-summary: Path to JSON file containing the updated JWT authenticator configuration.
+          long-summary: The JSON file should contain the properties schema for one JWT authenticator.
+                        For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation
+                        at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration.
+                        Please note that not all fields available in the Kubernetes documentation are supported by AKS.
+                        For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
+        - name: --aks-custom-headers
+          type: string
+          short-summary: Send custom headers. When specified, format should be Key1=Value1
+    examples:
+        - name: Update a JWT authenticator configuration
+          text: az aks jwtauthenticator update -g MyResourceGroup --cluster-name MyCluster --name myjwt --config-file updated-config.json
+"""
+
+helps['aks jwtauthenticator delete'] = """
+    type: command
+    short-summary: Delete a JWT authenticator from a managed cluster.
+    long-summary: Removes the JWT authenticator configuration from the managed cluster and updates the kube-apiserver.
+    parameters:
+        - name: --cluster-name
+          type: string
+          short-summary: Name of the managed cluster.
+        - name: --name -n
+          type: string
+          short-summary: Name of the JWT authenticator to delete.
+    examples:
+        - name: Delete a JWT authenticator
+          text: az aks jwtauthenticator delete -g MyResourceGroup --cluster-name MyCluster --name myjwt
+"""
+
+helps['aks jwtauthenticator list'] = """
+    type: command
+    short-summary: List all JWT authenticators in a managed cluster.
+    parameters:
+        - name: --cluster-name
+          type: string
+          short-summary: Name of the managed cluster.
+    examples:
+        - name: List all JWT authenticators in a cluster
+          text: az aks jwtauthenticator list -g MyResourceGroup --cluster-name MyCluster
+"""
+
+helps['aks jwtauthenticator show'] = """
+    type: command
+    short-summary: Show details of a JWT authenticator in a managed cluster.
+    parameters:
+        - name: --cluster-name
+          type: string
+          short-summary: Name of the managed cluster.
+        - name: --name -n
+          type: string
+          short-summary: Name of the JWT authenticator to show.
+    examples:
+        - name: Show a specific JWT authenticator configuration
+          text: az aks jwtauthenticator show -g MyResourceGroup --cluster-name MyCluster --name myjwt
+"""

src/aks-preview/azext_aks_preview/_helpers.py

@@ -448,3 +448,19 @@ def get_extension_in_allow_list(result):
     if _check_if_extension_type_is_in_allow_list(result.extension_type.lower()):
         return result
     return None
+
+
+def process_dns_overrides(overrides_dict, target_dict, build_override_func):
+    """Helper function to safely process DNS overrides with null checks.
+
+    Processes DNS override dictionaries from LocalDNS configuration,
+    filtering out null values and applying the build function to valid entries.
+
+    :param overrides_dict: Dictionary containing DNS overrides (can be None)
+    :param target_dict: Target dictionary to populate with processed overrides
+    :param build_override_func: Function to build override objects from dict values
+    """
+    if overrides_dict is not None:
+        for key, value in overrides_dict.items():
+            if value is not None:
+                target_dict[key] = build_override_func(value)