Skip to content

Commit

Permalink
Merge github.com:Azure/azure-cli-extensions into dev/sanmishra/Update…
Browse files Browse the repository at this point in the history
…ConnectedvmwareExtensionForPublicPreview
  • Loading branch information
sanmishra18 committed Oct 20, 2021
2 parents dde3256 + 6c78cac commit ba160f9
Show file tree
Hide file tree
Showing 115 changed files with 30,071 additions and 30,442 deletions.
8 changes: 8 additions & 0 deletions src/aks-preview/HISTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

Release History
===============
0.5.37
+++++
* Add Windows gMSA v2 support. Add parameters `--enable-windows-gmsa`, `--gmsa-dns-server` and `--gmsa-root-domain-name`

0.5.36
+++++
* Update to use 2021-09-01 api-version

0.5.35
+++++
* Add support for multi-instance GPU configuration (`--gpu_instance_profile`) in `az aks create`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,9 @@
"test_aks_create_and_update_with_managed_nat_gateway_outbound",
"test_aks_create_with_http_proxy_config",
"test_aks_nodepool_add_with_workload_runtime",
"test_aks_nodepool_add_with_gpu_instance_profile"
"test_aks_nodepool_add_with_gpu_instance_profile",
"test_aks_create_with_windows_gmsa",
"test_aks_update_with_windows_gmsa"
]
}
}
2 changes: 1 addition & 1 deletion src/aks-preview/azext_aks_preview/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ def register_aks_preview_resource_type():
register_resource_type(
"latest",
CUSTOM_MGMT_AKS_PREVIEW,
SDKProfile("2021-08-01", {"container_services": "2017-07-01"}),
SDKProfile("2021-09-01", {"container_services": "2017-07-01"}),
)


Expand Down
2 changes: 1 addition & 1 deletion src/aks-preview/azext_aks_preview/_completers.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from azure.cli.core.decorators import Completer

# pylint: disable=line-too-long
from azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ContainerServiceVMSizeTypes
from azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ContainerServiceVMSizeTypes


@Completer
Expand Down
38 changes: 38 additions & 0 deletions src/aks-preview/azext_aks_preview/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,21 @@
- name: --gpu-instance-profile
type: string
short-summary: GPU instance profile to partition multi-gpu Nvidia GPUs.
- name: --enable-windows-gmsa
type: bool
short-summary: Enable Windows gmsa.
- name: --gmsa-dns-server
type: string
short-summary: Specify DNS server for Windows gmsa for this cluster.
long-summary: |-
You do not need to set this if you have set DNS server in the VNET used by the cluster.
You must set or not set --gmsa-dns-server and --gmsa-root-domain-name at the same time when setting --enable-windows-gmsa.
- name: --gmsa-root-domain-name
type: string
short-summary: Specify root domain name for Windows gmsa for this cluster.
long-summary: |-
You do not need to set this if you have set DNS server in the VNET used by the cluster.
You must set or not set --gmsa-dns-server and --gmsa-root-domain-name at the same time when setting --enable-windows-gmsa.
examples:
- name: Create a Kubernetes cluster with an existing SSH public key.
text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey
Expand Down Expand Up @@ -407,6 +422,10 @@
text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad --enable-azure-rbac
- name: Create a kubernetes cluster with a specific os-sku
text: az aks create -g MyResourceGroup -n MyManagedCluster --os-sku Ubuntu
- name: Create a kubernetes cluster with enabling Windows gmsa and with setting DNS server in the vnet used by the cluster.
text: az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$' --enable-windows-gmsa
- name: Create a kubernetes cluster with enabling Windows gmsa but without setting DNS server in the vnet used by the cluster.
text: az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$' --enable-windows-gmsa --gmsa-dns-server "10.240.0.4" --gmsa-root-domain-name "contoso.com"
""".format(sp_cache=AKS_SERVICE_PRINCIPAL_CACHE)

helps['aks scale'] = """
Expand Down Expand Up @@ -587,6 +606,21 @@
- name: --disable-public-fqdn
type: bool
short-summary: Disable public fqdn feature for private cluster.
- name: --enable-windows-gmsa
type: bool
short-summary: Enable Windows gmsa on cluster.
- name: --gmsa-dns-server
type: string
short-summary: Specify DNS server for Windows gmsa on cluster.
long-summary: |-
You do not need to set this if you have set DNS server in the VNET used by the cluster.
You must set or not set --gmsa-dns-server and --gmsa-root-domain-name at the same time when setting --enable-windows-gmsa.
- name: --gmsa-root-domain-name
type: string
short-summary: Specify root domain name for Windows gmsa on cluster.
long-summary: |-
You do not need to set this if you have set DNS server in the VNET used by the cluster.
You must set or not set --gmsa-dns-server and --gmsa-root-domain-name at the same time when setting --enable-windows-gmsa.
examples:
- name: Enable cluster-autoscaler within node count range [1,5]
text: az aks update --enable-cluster-autoscaler --min-count 1 --max-count 5 -g MyResourceGroup -n MyManagedCluster
Expand Down Expand Up @@ -638,6 +672,10 @@
text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-azure-rbac
- name: Disable Azure RBAC in a managed AAD AKS cluster
text: az aks update -g MyResourceGroup -n MyManagedCluster --disable-azure-rbac
- name: Enable Windows gmsa for a kubernetes cluster with setting DNS server in the vnet used by the cluster.
text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-windows-gmsa
- name: Enable Windows gmsa for a kubernetes cluster without setting DNS server in the vnet used by the cluster.
text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-windows-gmsa --gmsa-dns-server "10.240.0.4" --gmsa-root-domain-name "contoso.com"
"""

helps['aks kollect'] = """
Expand Down
2 changes: 1 addition & 1 deletion src/aks-preview/azext_aks_preview/_helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
from azure.cli.core.azclierror import ArgumentUsageError

# pylint: disable=no-name-in-module,import-error
from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ManagedClusterAPIServerAccessProfile
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterAPIServerAccessProfile
from ._consts import CONST_CONTAINER_NAME_MAX_LENGTH
from ._consts import CONST_OUTBOUND_TYPE_LOAD_BALANCER, CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING, \
CONST_OUTBOUND_TYPE_MANAGED_NAT_GATEWAY, CONST_OUTBOUND_TYPE_USER_ASSIGNED_NAT_GATEWAY
Expand Down
10 changes: 5 additions & 5 deletions src/aks-preview/azext_aks_preview/_loadbalancer.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@
from distutils.version import StrictVersion # pylint: disable=no-name-in-module,import-error
from knack.log import get_logger

from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ManagedClusterLoadBalancerProfile
from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ManagedClusterLoadBalancerProfileManagedOutboundIPs
from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ManagedClusterLoadBalancerProfileOutboundIPPrefixes
from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ManagedClusterLoadBalancerProfileOutboundIPs
from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ResourceReference
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterLoadBalancerProfile
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterLoadBalancerProfileManagedOutboundIPs
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterLoadBalancerProfileOutboundIPPrefixes
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterLoadBalancerProfileOutboundIPs
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ResourceReference

logger = get_logger(__name__)

Expand Down
6 changes: 6 additions & 0 deletions src/aks-preview/azext_aks_preview/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,9 @@ def load_arguments(self, _):
c.argument('assign_kubelet_identity', type=str, validator=validate_assign_kubelet_identity)
c.argument('disable_local_accounts', action='store_true')
c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles))
c.argument('enable_windows_gmsa', action='store_true', options_list=['--enable-windows-gmsa'])
c.argument('gmsa_dns_server', options_list=['--gmsa-dns-server'])
c.argument('gmsa_root_domain_name', options_list=['--gmsa-root-domain-name'])
c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER)

Expand Down Expand Up @@ -183,6 +186,9 @@ def load_arguments(self, _):
c.argument('windows_admin_password', options_list=['--windows-admin-password'])
c.argument('disable_local_accounts', action='store_true')
c.argument('enable_local_accounts', action='store_true')
c.argument('enable_windows_gmsa', action='store_true', options_list=['--enable-windows-gmsa'])
c.argument('gmsa_dns_server', options_list=['--gmsa-dns-server'])
c.argument('gmsa_root_domain_name', options_list=['--gmsa-root-domain-name'])
c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')

with self.argument_context('aks scale') as c:
Expand Down
2 changes: 1 addition & 1 deletion src/aks-preview/azext_aks_preview/_validators.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
from azure.cli.core.util import CLIError
import azure.cli.core.keys as keys

from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ManagedClusterPropertiesAutoScalerProfile
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterPropertiesAutoScalerProfile

from ._helpers import (_fuzzy_match)

Expand Down
2 changes: 1 addition & 1 deletion src/aks-preview/azext_aks_preview/addonconfiguration.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
from azure.cli.core.commands import LongRunningOperation
from azure.cli.core.commands.client_factory import get_subscription_id, get_mgmt_service_client
from azure.cli.core.util import sdk_no_wait
from azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import ManagedClusterAddonProfile
from azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterAddonProfile
from ._client_factory import cf_resources, cf_resource_groups
from ._resourcegroup import get_rg_location
from ._roleassignments import add_role_assignment
Expand Down
82 changes: 71 additions & 11 deletions src/aks-preview/azext_aks_preview/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
ServicePrincipalCreateParameters,
GetObjectsParameters)
from azext_aks_preview._client_factory import CUSTOM_MGMT_AKS_PREVIEW
from .vendored_sdks.azure_mgmt_preview_aks.v2021_08_01.models import (ContainerServiceLinuxProfile,
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import (ContainerServiceLinuxProfile,
ManagedClusterWindowsProfile,
ContainerServiceNetworkProfile,
ManagedClusterServicePrincipalProfile,
Expand All @@ -80,7 +80,8 @@
ManagedClusterPodIdentityProfile,
ManagedClusterPodIdentity,
ManagedClusterPodIdentityException,
UserAssignedIdentity)
UserAssignedIdentity,
WindowsGmsaProfile)
from ._client_factory import cf_resource_groups
from ._client_factory import get_auth_management_client
from ._client_factory import get_graph_rbac_management_client
Expand Down Expand Up @@ -129,6 +130,15 @@
logger = get_logger(__name__)


def prepare_nat_gateway_models():
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterNATGatewayProfile
from .vendored_sdks.azure_mgmt_preview_aks.v2021_09_01.models import ManagedClusterManagedOutboundIPProfile
nat_gateway_models = {}
nat_gateway_models["ManagedClusterNATGatewayProfile"] = ManagedClusterNATGatewayProfile
nat_gateway_models["ManagedClusterManagedOutboundIPProfile"] = ManagedClusterManagedOutboundIPProfile
return nat_gateway_models


def which(binary):
path_var = os.getenv('PATH')
if platform.system() == 'Windows':
Expand Down Expand Up @@ -812,6 +822,9 @@ def aks_create(cmd, # pylint: disable=too-many-locals,too-many-statements,to
assign_kubelet_identity=None,
workload_runtime=None,
gpu_instance_profile=None,
enable_windows_gmsa=False,
gmsa_dns_server=None,
gmsa_root_domain_name=None,
yes=False):
if not no_ssh_key:
try:
Expand Down Expand Up @@ -916,10 +929,30 @@ def aks_create(cmd, # pylint: disable=too-many-locals,too-many-statements,to
windows_license_type = 'Windows_Server'

windows_profile = ManagedClusterWindowsProfile(
# [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="no secret in next line")]
admin_username=windows_admin_username,
admin_password=windows_admin_password,
license_type=windows_license_type)

if enable_windows_gmsa:
windows_profile.gmsa_profile = WindowsGmsaProfile(
enabled=True)
if gmsa_dns_server is not None and gmsa_root_domain_name is not None:
windows_profile.gmsa_profile.dns_server = gmsa_dns_server
windows_profile.gmsa_profile.root_domain_name = gmsa_root_domain_name
elif gmsa_dns_server is None and gmsa_root_domain_name is None:
msg = ('Please assure that you have set the DNS server in the vnet used by the cluster when not specifying --gmsa-dns-server and --gmsa-root-domain-name')
from knack.prompting import prompt_y_n
if not yes and not prompt_y_n(msg, default="n"):
return None
else:
raise ArgumentUsageError(
'You must set or not set --gmsa-dns-server and --gmsa-root-domain-name at the same time.')
else:
if gmsa_dns_server is not None or gmsa_root_domain_name is not None:
raise ArgumentUsageError(
'You only can set --gmsa-dns-server and --gmsa-root-domain-name when setting --enable-windows-gmsa.')

service_principal_profile = None
principal_obj = None
# If customer explicitly provides a service principal, disable managed identity.
Expand Down Expand Up @@ -988,9 +1021,11 @@ def aks_create(cmd, # pylint: disable=too-many-locals,too-many-statements,to
load_balancer_outbound_ports,
load_balancer_idle_timeout)

from azext_aks_preview.decorator import AKSPreviewModels
# store all the models used by nat gateway
nat_gateway_models = AKSPreviewModels(cmd, CUSTOM_MGMT_AKS_PREVIEW).nat_gateway_models
# TODO: uncomment the following after next cli release
# from azext_aks_preview.decorator import AKSPreviewModels
# # store all the models used by nat gateway
# nat_gateway_models = AKSPreviewModels(cmd, CUSTOM_MGMT_AKS_PREVIEW).nat_gateway_models
nat_gateway_models = prepare_nat_gateway_models()
nat_gateway_profile = create_nat_gateway_profile(
nat_gateway_managed_outbound_ip_count,
nat_gateway_idle_timeout,
Expand Down Expand Up @@ -1327,7 +1362,10 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches,
tags=None,
windows_admin_password=None,
enable_azure_rbac=False,
disable_azure_rbac=False):
disable_azure_rbac=False,
enable_windows_gmsa=False,
gmsa_dns_server=None,
gmsa_root_domain_name=None):
update_autoscaler = enable_cluster_autoscaler or disable_cluster_autoscaler or update_cluster_autoscaler
update_acr = attach_acr is not None or detach_acr is not None
update_pod_security = enable_pod_security_policy or disable_pod_security_policy
Expand Down Expand Up @@ -1366,7 +1404,8 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches,
not enable_local_accounts and \
not disable_local_accounts and \
not enable_public_fqdn and \
not disable_public_fqdn:
not disable_public_fqdn and \
not enable_windows_gmsa:
raise CLIError('Please specify "--enable-cluster-autoscaler" or '
'"--disable-cluster-autoscaler" or '
'"--update-cluster-autoscaler" or '
Expand Down Expand Up @@ -1401,7 +1440,8 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches,
'"--enable-local-accounts" or '
'"--disable-local-accounts" or '
'"--enable-public-fqdn" or '
'"--disable-public-fqdn"')
'"--disable-public-fqdn"'
'"--enble-windows-gmsa"')
instance = client.get(resource_group_name, name)

if update_autoscaler and len(instance.agent_pool_profiles) > 1:
Expand Down Expand Up @@ -1485,9 +1525,11 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches,
instance.network_profile.load_balancer_profile)

if update_natgw_profile:
from azext_aks_preview.decorator import AKSPreviewModels
# store all the models used by nat gateway
nat_gateway_models = AKSPreviewModels(cmd, CUSTOM_MGMT_AKS_PREVIEW).nat_gateway_models
# TODO: uncomment the following after next cli release
# from azext_aks_preview.decorator import AKSPreviewModels
# # store all the models used by nat gateway
# nat_gateway_models = AKSPreviewModels(cmd, CUSTOM_MGMT_AKS_PREVIEW).nat_gateway_models
nat_gateway_models = prepare_nat_gateway_models()
instance.network_profile.nat_gateway_profile = update_nat_gateway_profile(
nat_gateway_managed_outbound_ip_count,
nat_gateway_idle_timeout,
Expand Down Expand Up @@ -1688,6 +1730,24 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches,
if windows_admin_password:
instance.windows_profile.admin_password = windows_admin_password

if enable_windows_gmsa:
instance.windows_profile.gmsa_profile = WindowsGmsaProfile(enabled=True)
if gmsa_dns_server is not None and gmsa_root_domain_name is not None:
instance.windows_profile.gmsa_profile.dns_server = gmsa_dns_server
instance.windows_profile.gmsa_profile.root_domain_name = gmsa_root_domain_name
elif gmsa_dns_server is None and gmsa_root_domain_name is None:
msg = ('Please assure that you have set the DNS server in the vnet used by the cluster when not specifying --gmsa-dns-server and --gmsa-root-domain-name')
from knack.prompting import prompt_y_n
if not yes and not prompt_y_n(msg, default="n"):
return None
else:
raise ArgumentUsageError(
'You must set or not set --gmsa-dns-server and --gmsa-root-domain-name at the same time.')
else:
if gmsa_dns_server is not None or gmsa_root_domain_name is not None:
raise ArgumentUsageError(
'You only can set --gmsa-dns-server and --gmsa-root-domain-name when setting --enable-windows-gmsa.')

headers = get_aks_custom_headers(aks_custom_headers)

return _put_managed_cluster_ensuring_permission(cmd,
Expand Down
Loading

0 comments on commit ba160f9

Please sign in to comment.