Skip to content

Commit

Permalink
{AKS} Replace Image Cleaner related functions in aks-preview with azu…
Browse files Browse the repository at this point in the history 
…re-cli ones (#6844)
  • Loading branch information
@jiashun0011
jiashun0011 authored Oct 10, 2023
1 parent 3ecbfcf commit b0c7f18
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 184 deletions.
4 changes: 4 additions & 0 deletions src/aks-preview/HISTORY.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ Pending
* `az aks trustedaccess rolebinding update`
* `az aks trustedaccess rolebinding delete`

0.5.162
+++++++
* Replace Image Cleaner related functions with stable version.

0.5.161
+++++++
* Support `premium` cluster sku tier in `az aks create` and `az aks update` commands
Expand Down
12 changes: 6 additions & 6 deletions src/aks-preview/azext_aks_preview/_params.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING,
)
from azure.cli.command_modules.acs._validators import (
validate_image_cleaner_enable_disable_mutually_exclusive,
validate_load_balancer_idle_timeout,
validate_load_balancer_outbound_ip_prefixes,
validate_load_balancer_outbound_ips,
Expand Down Expand Up @@ -125,7 +126,6 @@
validate_eviction_policy,
validate_grafanaresourceid,
validate_host_group_id,
validate_image_cleaner_enable_disable_mutually_exclusive,
validate_ip_ranges,
validate_k8s_version,
validate_linux_host_name,
Expand Down Expand Up @@ -415,12 +415,12 @@ def load_arguments(self, _):
c.argument('enable_pod_identity', action='store_true')
c.argument('enable_pod_identity_with_kubenet', action='store_true')
c.argument('enable_workload_identity', action='store_true', is_preview=True)
c.argument('enable_image_cleaner', action='store_true', is_preview=True)
c.argument('enable_image_cleaner', action='store_true')
c.argument('enable_azure_service_mesh',
options_list=["--enable-azure-service-mesh", "--enable-asm"],
action='store_true',
is_preview=True)
c.argument('image_cleaner_interval_hours', type=int, is_preview=True)
c.argument('image_cleaner_interval_hours', type=int)
c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True)
c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True)
c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True)
Expand Down Expand Up @@ -552,9 +552,9 @@ def load_arguments(self, _):
c.argument('disable_pod_identity', action='store_true')
c.argument('enable_workload_identity', action='store_true', is_preview=True)
c.argument('disable_workload_identity', action='store_true', is_preview=True)
c.argument('enable_image_cleaner', action='store_true', is_preview=True)
c.argument('disable_image_cleaner', action='store_true', validator=validate_image_cleaner_enable_disable_mutually_exclusive, is_preview=True)
c.argument('image_cleaner_interval_hours', type=int, is_preview=True)
c.argument('enable_image_cleaner', action='store_true')
c.argument('disable_image_cleaner', action='store_true', validator=validate_image_cleaner_enable_disable_mutually_exclusive)
c.argument('image_cleaner_interval_hours', type=int)
c.argument('disable_image_integrity', action='store_true', is_preview=True)
c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True)
c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True)
Expand Down
10 changes: 0 additions & 10 deletions src/aks-preview/azext_aks_preview/_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -642,16 +642,6 @@ def validate_azure_keyvault_kms_key_vault_resource_id(namespace):
raise InvalidArgumentValueError("--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.")


def validate_image_cleaner_enable_disable_mutually_exclusive(namespace):
enable_image_cleaner = namespace.enable_image_cleaner
disable_image_cleaner = namespace.disable_image_cleaner

if enable_image_cleaner and disable_image_cleaner:
raise MutuallyExclusiveArgumentError(
"Cannot specify --enable-image-cleaner and --disable-image-cleaner at the same time."
)


def validate_enable_custom_ca_trust(namespace):
"""Validates Custom CA Trust can only be used on Linux."""
if namespace.enable_custom_ca_trust:
Expand Down
144 changes: 0 additions & 144 deletions src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1029,86 +1029,6 @@ def get_workload_identity_profile(self) -> Optional[ManagedClusterSecurityProfil

return profile

def get_enable_image_cleaner(self) -> bool:
"""Obtain the value of enable_image_cleaner.
:return: bool
"""
# read the original value passed by the command
enable_image_cleaner = self.raw_param.get("enable_image_cleaner")

return enable_image_cleaner

def get_disable_image_cleaner(self) -> bool:
"""Obtain the value of disable_image_cleaner.
This function supports the option of enable_validation. When enabled, if both enable_image_cleaner and
disable_image_cleaner are specified, raise a MutuallyExclusiveArgumentError.
:return: bool
"""
# read the original value passed by the command
disable_image_cleaner = self.raw_param.get("disable_image_cleaner")

return disable_image_cleaner

def _get_image_cleaner_interval_hours(self, enable_validation: bool = False) -> Union[int, None]:
"""Internal function to obtain the value of image_cleaner_interval_hours according to the context.
This function supports the option of enable_validation. When enabled
1. In Create mode
a. if image_cleaner_interval_hours is specified but enable_image_cleaner is missed, raise a RequiredArgumentMissingError.
2. In update mode
b. if image_cleaner_interval_hours is specified and image cleaner wat not enabled, raise a RequiredArgumentMissingError.
c. if image_cleaner_interval_hours is specified and disable_image_cleaner is specified, raise a MutuallyExclusiveArgumentError.
:return: int or None
"""
# read the original value passed by the command
image_cleaner_interval_hours = self.raw_param.get("image_cleaner_interval_hours")

if image_cleaner_interval_hours is not None and enable_validation:

enable_image_cleaner = self.get_enable_image_cleaner()
disable_image_cleaner = self.get_disable_image_cleaner()

if self.decorator_mode == DecoratorMode.CREATE:
if not enable_image_cleaner:
raise RequiredArgumentMissingError(
'"--image-cleaner-interval-hours" requires "--enable-image-cleaner" in create mode.')

elif self.decorator_mode == DecoratorMode.UPDATE:
if not enable_image_cleaner and (
not self.mc or
not self.mc.security_profile or
not self.mc.security_profile.image_cleaner or
not self.mc.security_profile.image_cleaner.enabled
):
raise RequiredArgumentMissingError(
'Update "--image-cleaner-interval-hours" requires specifying "--enable-image-cleaner" or ImageCleaner enabled on managed cluster.')

if disable_image_cleaner:
raise MutuallyExclusiveArgumentError(
'Cannot specify --image-cleaner-interval-hours and --disable-image-cleaner at the same time.')

return image_cleaner_interval_hours

def get_image_cleaner_interval_hours(self) -> Union[int, None]:
"""Obtain the value of image_cleaner_interval_hours.
This function supports the option of enable_validation. When enabled
1. In Create mode
a. if image_cleaner_interval_hours is specified but enable_image_cleaner is missed, raise a RequiredArgumentMissingError.
2. In update mode
b. if image_cleaner_interval_hours is specified and image cleaner wat not enabled, raise a RequiredArgumentMissingError.
c. if image_cleaner_interval_hours is specified and disable_image_cleaner is specified, raise a MutuallyExclusiveArgumentError.
:return: int or None
"""
interval_hours = self._get_image_cleaner_interval_hours(enable_validation=True)

return interval_hours

def get_disable_image_integrity(self) -> bool:
"""Obtain the value of disable_image_integrity.
Expand Down Expand Up @@ -2608,31 +2528,6 @@ def set_up_workload_identity_profile(self, mc: ManagedCluster) -> ManagedCluster

return mc

def set_up_image_cleaner(self, mc: ManagedCluster) -> ManagedCluster:
"""Set up security profile imageCleaner for the ManagedCluster object.
:return: the ManagedCluster object
"""
self._ensure_mc(mc)

interval_hours = self.context.get_image_cleaner_interval_hours()

if self.context.get_enable_image_cleaner():

if mc.security_profile is None:
mc.security_profile = self.models.ManagedClusterSecurityProfile()

if not interval_hours:
# default value for intervalHours - one week
interval_hours = 24 * 7

mc.security_profile.image_cleaner = self.models.ManagedClusterSecurityProfileImageCleaner(
enabled=True,
interval_hours=interval_hours,
)

return mc

def set_up_creationdata_of_cluster_snapshot(self, mc: ManagedCluster) -> ManagedCluster:
"""Set up creationData of cluster snapshot for the ManagedCluster object.
Expand Down Expand Up @@ -3399,45 +3294,6 @@ def update_k8s_support_plan(self, mc: ManagedCluster) -> ManagedCluster:
mc.support_plan = support_plan
return mc

def update_image_cleaner(self, mc: ManagedCluster) -> ManagedCluster:
"""Update security profile imageCleaner for the ManagedCluster object.
:return: the ManagedCluster object
"""
self._ensure_mc(mc)

enable_image_cleaner = self.context.get_enable_image_cleaner()
disable_image_cleaner = self.context.get_disable_image_cleaner()
interval_hours = self.context.get_image_cleaner_interval_hours()

# no image cleaner related changes
if not enable_image_cleaner and not disable_image_cleaner and interval_hours is None:
return mc

if mc.security_profile is None:
mc.security_profile = self.models.ManagedClusterSecurityProfile()

image_cleaner_profile = mc.security_profile.image_cleaner

if image_cleaner_profile is None:
image_cleaner_profile = self.models.ManagedClusterSecurityProfileImageCleaner()
mc.security_profile.image_cleaner = image_cleaner_profile

# init the image cleaner profile
image_cleaner_profile.enabled = False
image_cleaner_profile.interval_hours = 7 * 24

if enable_image_cleaner:
image_cleaner_profile.enabled = True

if disable_image_cleaner:
image_cleaner_profile.enabled = False

if interval_hours is not None:
image_cleaner_profile.interval_hours = interval_hours

return mc

def update_image_integrity(self, mc: ManagedCluster) -> ManagedCluster:
"""Update security profile imageIntegrity for the ManagedCluster object.
Expand Down
23 changes: 0 additions & 23 deletions src/aks-preview/azext_aks_preview/tests/latest/test_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,29 +426,6 @@ def test_invalid_azure_keyvault_kms_key_id_with_wrong_object_type(self):
validators.validate_azure_keyvault_kms_key_id(namespace)
self.assertEqual(str(cm.exception), err)

class ImageCleanerNamespace:
def __init__(
self,
enable_image_cleaner=False,
disable_image_cleaner=False,
image_cleaner_interval_hours=None,
):
self.enable_image_cleaner = enable_image_cleaner
self.disable_image_cleaner = disable_image_cleaner
self.image_cleaner_interval_hours = image_cleaner_interval_hours

class TestValidateImageCleanerEnableDiasble(unittest.TestCase):
def test_invalid_image_cleaner_enable_disable_not_existing_together(self):
namespace = ImageCleanerNamespace(
enable_image_cleaner=True,
disable_image_cleaner=True,
)
err = 'Cannot specify --enable-image-cleaner and --disable-image-cleaner at the same time.'

with self.assertRaises(CLIError) as cm:
validators.validate_image_cleaner_enable_disable_mutually_exclusive(namespace)
self.assertEqual(str(cm.exception), err)

class AzureKeyVaultKmsKeyVaultResourceIdNamespace:

def __init__(self, azure_keyvault_kms_key_vault_resource_id):
Expand Down
2 changes: 1 addition & 1 deletion src/aks-preview/setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

from setuptools import setup, find_packages

VERSION = "0.5.161"
VERSION = "0.5.162"

CLASSIFIERS = [
"Development Status :: 4 - Beta",
Expand Down

0 comments on commit b0c7f18

Please sign in to comment.