Merge branch 'main' into reneel/mixed-sku-size

Author: FumingZhang

linter_exclusions.yml

@@ -2092,6 +2092,9 @@ network front-door waf-policy create:
     custom_block_response_status_code:
       rule_exclusions:
       - option_length_too_long
+    captcha_expiration_in_minutes:
+      rule_exclusions:
+      - option_length_too_long
 network front-door waf-policy update:
   parameters:
     custom_block_response_body:
@@ -2100,6 +2103,9 @@ network front-door waf-policy update:
     custom_block_response_status_code:
       rule_exclusions:
       - option_length_too_long
+    captcha_expiration_in_minutes:
+      rule_exclusions:
+      - option_length_too_long
 network manager connect-config create:
   parameters:
     delete_existing_peering:

src/aks-preview/HISTORY.rst

@@ -11,6 +11,11 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
+* Remove TrustedAccess commands from aks-preview extension as it is GA and exists in azure-cli for long time.
+
+14.0.0b7
+++++++++
+* Add `az aks create/update --enable-retina-flow-logs` and `az aks update --disable-retina-flow-logs` commands.
 
 15.0.0b1
 ++++++++

src/aks-preview/azext_aks_preview/_client_factory.py

@@ -63,14 +63,6 @@ def get_mc_snapshots_client(cli_ctx, subscription_id=None):
     return get_container_service_client(cli_ctx, subscription_id=subscription_id).managed_cluster_snapshots
 
 
-def cf_trustedaccess_role(cli_ctx, *_):
-    return get_container_service_client(cli_ctx).trusted_access_roles
-
-
-def cf_trustedaccess_role_binding(cli_ctx, *_):
-    return get_container_service_client(cli_ctx).trusted_access_role_bindings
-
-
 def get_compute_client(cli_ctx, *_):
     return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_COMPUTE)
 

src/aks-preview/azext_aks_preview/_help.py

@@ -231,6 +231,9 @@
         - name: --acns-advanced-networkpolicies
           type: string
           short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
+        - name: --enable-retina-flow-logs
+          type: bool
+          short-summary: Enable advanced network flow log collection functionalities on a cluster.
         - name: --no-ssh-key -x
           type: string
           short-summary: Do not use or create a local SSH key.
@@ -1220,6 +1223,12 @@
         - name: --acns-advanced-networkpolicies
           type: string
           short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
+        - name: --enable-retina-flow-logs
+          type: bool
+          short-summary: Enable advanced network flow log collection functionalities on a cluster.
+        - name: --disable-retina-flow-logs
+          type: bool
+          short-summary: Disable advanced network flow log collection functionalities on a cluster.
         - name: --enable-cost-analysis
           type: bool
           short-summary: Enable exporting Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. For more information see aka.ms/aks/docs/cost-analysis.
@@ -2754,80 +2763,6 @@
     short-summary: Delete a nodepool snapshot.
 """
 
-helps['aks trustedaccess'] = """
-    type: group
-    short-summary: Commands to manage trusted access security features.
-"""
-
-helps['aks trustedaccess role'] = """
-    type: group
-    short-summary: Commands to manage trusted access roles.
-"""
-
-helps['aks trustedaccess role list'] = """
-    type: command
-    short-summary: List trusted access roles.
-"""
-
-helps['aks trustedaccess rolebinding'] = """
-    type: group
-    short-summary: Commands to manage trusted access role bindings.
-"""
-
-helps['aks trustedaccess rolebinding list'] = """
-    type: command
-    short-summary: List all the trusted access role bindings.
-"""
-
-helps['aks trustedaccess rolebinding show'] = """
-    type: command
-    short-summary: Get the specific trusted access role binding according to binding name.
-    parameters:
-        - name: --name -n
-          type: string
-          short-summary: Specify the role binding name.
-"""
-
-helps['aks trustedaccess rolebinding create'] = """
-    type: command
-    short-summary: Create a new trusted access role binding.
-    parameters:
-        - name: --name -n
-          type: string
-          short-summary: Specify the role binding name.
-        - name: --roles
-          type: string
-          short-summary: Specify the space-separated roles.
-        - name: --source-resource-id
-          type: string
-          short-summary: Specify the source resource id of the binding.
-
-    examples:
-        - name: Create a new trusted access role binding
-          text: az aks trustedaccess rolebinding create -g myResourceGroup --cluster-name myCluster -n bindingName --source-resource-id /subscriptions/0000/resourceGroups/myResourceGroup/providers/Microsoft.Demo/samples --roles Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer
-"""
-
-helps['aks trustedaccess rolebinding update'] = """
-    type: command
-    short-summary: Update a trusted access role binding.
-    parameters:
-        - name: --name -n
-          type: string
-          short-summary: Specify the role binding name.
-        - name: --roles
-          type: string
-          short-summary: Specify the space-separated roles.
-"""
-
-helps['aks trustedaccess rolebinding delete'] = """
-    type: command
-    short-summary: Delete a trusted access role binding according to name.
-    parameters:
-        - name: --name -n
-          type: string
-          short-summary: Specify the role binding name.
-"""
-
 helps['aks draft'] = """
     type: group
     short-summary: Commands to build deployment files in a project directory and deploy to an AKS cluster.

src/aks-preview/azext_aks_preview/_params.py

@@ -838,6 +838,10 @@ def load_arguments(self, _):
             is_preview=True,
             arg_type=get_enum_type(advanced_networkpolicies),
         )
+        c.argument(
+            "enable_retina_flow_logs",
+            action="store_true",
+        )
         c.argument(
             "custom_ca_trust_certificates",
             options_list=["--custom-ca-trust-certificates", "--ca-certs"],
@@ -1321,6 +1325,14 @@ def load_arguments(self, _):
             is_preview=True,
             arg_type=get_enum_type(advanced_networkpolicies),
         )
+        c.argument(
+            "enable_retina_flow_logs",
+            action="store_true",
+        )
+        c.argument(
+            "disable_retina_flow_logs",
+            action="store_true",
+        )
         c.argument("enable_cost_analysis", action="store_true")
         c.argument("disable_cost_analysis", action="store_true")
         c.argument('enable_ai_toolchain_operator', is_preview=True, action='store_true')
@@ -2201,39 +2213,6 @@ def load_arguments(self, _):
                 action="store_true",
             )
 
-    with self.argument_context("aks trustedaccess rolebinding") as c:
-        c.argument("cluster_name", help="The cluster name.")
-
-    for scope in [
-        "aks trustedaccess rolebinding show",
-        "aks trustedaccess rolebinding create",
-        "aks trustedaccess rolebinding update",
-        "aks trustedaccess rolebinding delete",
-    ]:
-        with self.argument_context(scope) as c:
-            c.argument(
-                "role_binding_name",
-                options_list=["--name", "-n"],
-                required=True,
-                help="The role binding name.",
-            )
-
-    with self.argument_context("aks trustedaccess rolebinding create") as c:
-        c.argument(
-            "roles",
-            help="comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...",
-        )
-        c.argument(
-            "source_resource_id",
-            help="The source resource id of the binding",
-        )
-
-    with self.argument_context("aks trustedaccess rolebinding update") as c:
-        c.argument(
-            "roles",
-            help="comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...",
-        )
-
     with self.argument_context("aks mesh enable-ingress-gateway") as c:
         c.argument(
             "ingress_gateway_type", arg_type=get_enum_type(ingress_gateway_types)

src/aks-preview/azext_aks_preview/addonconfiguration.py

@@ -14,6 +14,7 @@
     sanitize_loganalytics_ws_resource_id,
     ensure_default_log_analytics_workspace_for_monitoring
 )
+import azure.cli.command_modules.acs.addonconfiguration
 from azext_aks_preview._helpers import (
     check_is_monitoring_addon_enabled,
 )
@@ -44,6 +45,22 @@
 
 logger = get_logger(__name__)
 
+azure.cli.command_modules.acs.addonconfiguration.ContainerInsightsStreams = [
+    "Microsoft-ContainerLog",
+    "Microsoft-ContainerLogV2-HighScale",
+    "Microsoft-KubeEvents",
+    "Microsoft-KubePodInventory",
+    "Microsoft-KubeNodeInventory",
+    "Microsoft-KubePVInventory",
+    "Microsoft-KubeServices",
+    "Microsoft-KubeMonAgentEvents",
+    "Microsoft-InsightsMetrics",
+    "Microsoft-ContainerInventory",
+    "Microsoft-ContainerNodeInventory",
+    "Microsoft-Perf",
+    "Microsoft-RetinaNetworkFlowLogs",
+]
+
 
 # pylint: disable=too-many-locals
 def enable_addons(

src/aks-preview/azext_aks_preview/commands.py

@@ -11,8 +11,6 @@
     cf_managed_clusters,
     cf_mc_snapshots,
     cf_nodepool_snapshots,
-    cf_trustedaccess_role,
-    cf_trustedaccess_role_binding,
     cf_machines,
     cf_operations,
     cf_load_balancers,
@@ -126,18 +124,6 @@ def load_command_table(self, _):
         client_factory=cf_mc_snapshots,
     )
 
-    trustedaccess_role_sdk = CliCommandType(
-        operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks."
-        "operations._trusted_access_roles_operations#TrustedAccessRolesOperations.{}",
-        client_factory=cf_trustedaccess_role,
-    )
-
-    trustedaccess_role_binding_sdk = CliCommandType(
-        operations_tmpl="azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks."
-        "operations._trusted_access_role_bindings_operations#TrustedAccessRoleBindingsOperations.{}",
-        client_factory=cf_trustedaccess_role_binding,
-    )
-
     # AKS managed cluster commands
     with self.command_group(
         "aks",
@@ -369,28 +355,6 @@ def load_command_table(self, _):
         g.custom_command("create", "aks_snapshot_create", supports_no_wait=True)
         g.custom_command("delete", "aks_snapshot_delete", supports_no_wait=True)
 
-    # AKS trusted access role commands
-    with self.command_group(
-        "aks trustedaccess role",
-        trustedaccess_role_sdk,
-        client_factory=cf_trustedaccess_role,
-    ) as g:
-        g.custom_command("list", "aks_trustedaccess_role_list")
-
-    # AKS trusted access rolebinding commands
-    with self.command_group(
-        "aks trustedaccess rolebinding",
-        trustedaccess_role_binding_sdk,
-        client_factory=cf_trustedaccess_role_binding,
-    ) as g:
-        g.custom_command("list", "aks_trustedaccess_role_binding_list")
-        g.custom_show_command("show", "aks_trustedaccess_role_binding_get")
-        g.custom_command("create", "aks_trustedaccess_role_binding_create")
-        g.custom_command("update", "aks_trustedaccess_role_binding_update")
-        g.custom_command(
-            "delete", "aks_trustedaccess_role_binding_delete", confirmation=True
-        )
-
     # AKS mesh commands
     with self.command_group(
         "aks mesh", managed_clusters_sdk, client_factory=cf_managed_clusters

src/aks-preview/azext_aks_preview/custom.py

@@ -494,6 +494,7 @@ def aks_create(
     disable_acns_observability=None,
     disable_acns_security=None,
     acns_advanced_networkpolicies=None,
+    enable_retina_flow_logs=None,
     # nodepool
     crg_id=None,
     message_of_the_day=None,
@@ -726,6 +727,8 @@ def aks_update(
     disable_acns_observability=None,
     disable_acns_security=None,
     acns_advanced_networkpolicies=None,
+    enable_retina_flow_logs=None,
+    disable_retina_flow_logs=None,
     # metrics profile
     enable_cost_analysis=False,
     disable_cost_analysis=False,
@@ -2975,60 +2978,6 @@ def aks_nodepool_snapshot_list(cmd, client, resource_group_name=None):  # pylint
     return client.list_by_resource_group(resource_group_name)
 
 
-def aks_trustedaccess_role_list(cmd, client, location):  # pylint: disable=unused-argument
-    return client.list(location)
-
-
-def aks_trustedaccess_role_binding_list(cmd, client, resource_group_name, cluster_name):   # pylint: disable=unused-argument
-    return client.list(resource_group_name, cluster_name)
-
-
-def aks_trustedaccess_role_binding_get(cmd, client, resource_group_name, cluster_name, role_binding_name):
-    return client.get(resource_group_name, cluster_name, role_binding_name)
-
-
-def aks_trustedaccess_role_binding_create(cmd, client, resource_group_name, cluster_name, role_binding_name,
-                                          source_resource_id, roles):
-    TrustedAccessRoleBinding = cmd.get_models(
-        "TrustedAccessRoleBinding",
-        resource_type=CUSTOM_MGMT_AKS_PREVIEW,
-        operation_group="trusted_access_role_bindings",
-    )
-    existedBinding = None
-    try:
-        existedBinding = client.get(resource_group_name, cluster_name, role_binding_name)
-    except ResourceNotFoundError:
-        pass
-
-    if existedBinding:
-        raise Exception(  # pylint: disable=broad-exception-raised
-            "TrustedAccess RoleBinding " +
-            role_binding_name +
-            " already existed, please use 'az aks trustedaccess rolebinding update' command to update!"
-        )
-
-    roleList = roles.split(',')
-    roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roleList)
-    return client.begin_create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)
-
-
-def aks_trustedaccess_role_binding_update(cmd, client, resource_group_name, cluster_name, role_binding_name, roles):
-    TrustedAccessRoleBinding = cmd.get_models(
-        "TrustedAccessRoleBinding",
-        resource_type=CUSTOM_MGMT_AKS_PREVIEW,
-        operation_group="trusted_access_role_bindings",
-    )
-    existedBinding = client.get(resource_group_name, cluster_name, role_binding_name)
-
-    roleList = roles.split(',')
-    roleBinding = TrustedAccessRoleBinding(source_resource_id=existedBinding.source_resource_id, roles=roleList)
-    return client.begin_create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)
-
-
-def aks_trustedaccess_role_binding_delete(cmd, client, resource_group_name, cluster_name, role_binding_name):
-    return client.begin_delete(resource_group_name, cluster_name, role_binding_name)
-
-
 def aks_mesh_enable(
     cmd,
     client,