diff --git a/linter_exclusions.yml b/linter_exclusions.yml index a7751da7841..3fcc6093709 100644 --- a/linter_exclusions.yml +++ b/linter_exclusions.yml @@ -103,6 +103,9 @@ aks create: node_public_ip_tags: rule_exclusions: - option_length_too_long + custom_ca_trust_certificates: + rule_exclusions: + - option_length_too_long aks addon enable: parameters: appgw_watch_namespace: @@ -218,6 +221,9 @@ aks update: ksm_metric_labels_allow_list: rule_exclusions: - option_length_too_long + custom_ca_trust_certificates: + rule_exclusions: + - option_length_too_long arcdata dc create: parameters: logs_ui_private_key_file: diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 1ba889cb365..5f30b377b35 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -14,6 +14,12 @@ Pending * Update the minimum required cli core version to `2.43.0`. +0.5.119 ++++++++ + +* Add `--custom-ca-trust-certificates` option for custom CA in aks create and aks update +* Bumped dependency on azure-cli-core + 0.5.118 +++++++ diff --git a/src/aks-preview/azext_aks_preview/_consts.py b/src/aks-preview/azext_aks_preview/_consts.py index 3201d9ef6aa..c2a83411077 100644 --- a/src/aks-preview/azext_aks_preview/_consts.py +++ b/src/aks-preview/azext_aks_preview/_consts.py @@ -196,3 +196,20 @@ # tag_name gives latest version released. # Moving away from 1:n release to avoid unwanted breaking changes with auto upgrades. CONST_DRAFT_CLI_VERSION = "v0.0.22" + +CONST_CUSTOM_CA_TEST_CERT = '-----BEGIN CERTIFICATE-----\n' \ + 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ + 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ + 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ + 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ + 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ + 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ + 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ + 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ + '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ + '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ + 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ + 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ + 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ + 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ + '-----END CERTIFICATE-----' diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 557cd882d1f..17f5044e6ba 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -477,6 +477,10 @@ - name: --enable-custom-ca-trust type: bool short-summary: Enable Custom CA Trust on agent node pool. + - name: --ca-certs --custom-ca-trust-certificates + type: string + short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. + long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. - name: --enable-keda type: bool short-summary: Enable KEDA workload auto-scaler. @@ -914,6 +918,10 @@ type: string short-summary: Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'. + - name: --ca-certs --custom-ca-trust-certificates + type: string + short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. + long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. examples: - name: Reconcile the cluster back to its current state. text: az aks update -g MyResourceGroup -n MyManagedCluster diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index a3f3f5f329b..5a895ff8594 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -123,6 +123,7 @@ validate_vm_set_type, validate_vnet_subnet_id, validate_enable_custom_ca_trust, + validate_custom_ca_trust_certificates, validate_defender_config_parameter, validate_defender_disable_and_enable_parameters, validate_azuremonitorworkspaceresourceid, @@ -348,6 +349,7 @@ def load_arguments(self, _): c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') + c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], is_preview=True, help="path to file containing list of new line separated CAs") c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True, help="allowed host ports for agentpool") c.argument('nodepool_asg_ids', validator=validate_application_security_groups, is_preview=True, help="application security groups for agentpool") @@ -459,6 +461,7 @@ def load_arguments(self, _): c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True, help="path to file containing list of new line separated CAs") with self.argument_context('aks upgrade') as c: c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index f68e4199c14..1fae5270b13 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -663,6 +663,14 @@ def validate_enable_custom_ca_trust(namespace): '--enable_custom_ca_trust can only be set for Linux nodepools') +def validate_custom_ca_trust_certificates(namespace): + """Validates Custom CA Trust Certificates can only be used on Linux.""" + if namespace.custom_ca_trust_certificates is not None and namespace.custom_ca_trust_certificates != "": + if hasattr(namespace, 'os_type') and namespace.os_type != "Linux": + raise ArgumentUsageError( + '--custom-ca-trust-certificates can only be set for linux nodepools') + + def validate_disable_windows_outbound_nat(namespace): """Validates disable_windows_outbound_nat can only be used on Windows.""" if namespace.disable_windows_outbound_nat: diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 1793aabdd5c..812d78cdee1 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -680,6 +680,7 @@ def aks_create( enable_node_restriction=False, enable_vpa=False, enable_cilium_dataplane=False, + custom_ca_trust_certificates=None, # nodepool host_group_id=None, crg_id=None, @@ -819,6 +820,7 @@ def aks_update( disable_vpa=False, cluster_snapshot_id=None, ssh_key_value=None, + custom_ca_trust_certificates=None ): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 5254e147b4d..9f2f276e5f5 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -4,6 +4,7 @@ # -------------------------------------------------------------------------------------------- import os +from base64 import b64encode from types import SimpleNamespace from typing import Dict, List, Optional, Tuple, TypeVar, Union @@ -41,6 +42,7 @@ from azure.cli.core.commands import AzCliCommand from azure.cli.core.profiles import ResourceType from azure.cli.core.util import get_file_json +from azure.cli.core.util import read_file_content from knack.log import get_logger from knack.prompting import prompt_y_n @@ -1979,6 +1981,31 @@ def get_disable_keda(self) -> bool: """ return self._get_disable_keda(enable_validation=True) + def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: + """Obtain the value of custom ca trust certificates. + + :return: List[str] or None + """ + custom_ca_certs_file_path = self.raw_param.get("custom_ca_trust_certificates") + if not custom_ca_certs_file_path: + return None + if not os.path.isfile(custom_ca_certs_file_path): + raise InvalidArgumentValueError( + "{} is not valid file, or not accessible.".format( + custom_ca_certs_file_path + ) + ) + # CAs are supposed to be separated with a new line, we filter out empty strings (e.g. some stray new line). We only allow up to 10 CAs + file_content = read_file_content(custom_ca_certs_file_path).split(os.linesep + os.linesep) + certs = [str.encode(x) for x in file_content if len(x) > 1] + if len(certs) > 10: + raise InvalidArgumentValueError( + "Only up to 10 new-line separated CAs can be passed, got {} instead.".format( + len(certs) + ) + ) + return certs + def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: """Obtain the value of defender. @@ -2559,6 +2586,22 @@ def set_up_defender(self, mc: ManagedCluster) -> ManagedCluster: return mc + def set_up_custom_ca_trust_certificates(self, mc: ManagedCluster) -> ManagedCluster: + """Set up Custom CA Trust Certificates for the ManagedCluster object. + + :return: the ManagedCluster object + """ + self._ensure_mc(mc) + + ca_certs = self.context.get_custom_ca_trust_certificates() + if ca_certs: + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + + mc.security_profile.custom_ca_trust_certificates = ca_certs + + return mc + def set_up_node_restriction(self, mc: ManagedCluster) -> ManagedCluster: """Set up security profile nodeRestriction for the ManagedCluster object. @@ -2645,6 +2688,8 @@ def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) -> mc = self.set_up_vpa(mc) # set up kube-proxy config mc = self.set_up_kube_proxy_config(mc) + # set up custom ca trust certificates + mc = self.set_up_custom_ca_trust_certificates(mc) # DO NOT MOVE: keep this at the bottom, restore defaults mc = self._restore_defaults_in_mc(mc) @@ -3069,6 +3114,22 @@ def update_defender(self, mc: ManagedCluster) -> ManagedCluster: return mc + def update_custom_ca_trust_certificates(self, mc: ManagedCluster) -> ManagedCluster: + """Update Custom CA Trust Certificates for the ManagedCluster object. + + :return: the ManagedCluster object + """ + self._ensure_mc(mc) + + ca_certs = self.context.get_custom_ca_trust_certificates() + if ca_certs: + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + + mc.security_profile.custom_ca_trust_certificates = ca_certs + + return mc + def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: """Update azure monitor profile for the ManagedCluster object. :return: the ManagedCluster object @@ -3246,5 +3307,7 @@ def update_mc_profile_preview(self) -> ManagedCluster: mc = self.update_outbound_type_in_network_profile(mc) # update kube proxy config mc = self.update_kube_proxy_config(mc) + # update custom ca trust certificates + mc = self.update_custom_ca_trust_certificates(mc) return mc diff --git a/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt new file mode 100644 index 00000000000..db522f2a767 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ +TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX +KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b +OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH +yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc +p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC +dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu +5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB +/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu +RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt +SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h +tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg +Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ +TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX +KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b +OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH +yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc +p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC +dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu +5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB +/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu +RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt +SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h +tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg +Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml new file mode 100644 index 00000000000..cc33699ebb2 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml @@ -0,0 +1,692 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-resource/21.1.0b1 Python/3.8.10 (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2021-04-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","date":"2022-12-08T20:03:56Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '305' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 08 Dec 2022 20:03:57 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitest4m5ik3cmw-79a739", + "agentPoolProfiles": [{"count": 1, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": + 0, "workloadRuntime": "OCIContainer", "osType": "Linux", "enableAutoScaling": + false, "type": "VirtualMachineScaleSets", "mode": "System", "orchestratorVersion": + "", "upgradeSettings": {}, "enableNodePublicIP": false, "enableCustomCATrust": + false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": + -1.0, "nodeTaints": [], "enableEncryptionAtHost": false, "enableUltraSSD": false, + "enableFIPS": false, "networkProfile": {}, "name": "c000003"}], "linuxProfile": + {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdacAwdRxlSQR4pjwAq5/pt3BHfUxVEZuE/38jIDyAP8cdzFbeqieXX46XutKBcE5fNd+z8g7PrVYbrRxikj7qRCH2W1KHmMP2zPQ8XfGlCvW6BYE1PbUH6F8ikK/67jZbeOJtRWICmS1umnjlRnhkwDe3zoVsixRdYhLCpskHh6sSFO0W5ZQ6aSQ0y5vUw7iY28RUnrijaElCq69fhSUch9ZdZ44Xq98F6COOicuv46LQ2Kz/AtlUzAPh6XVokPu4f9e6llZEaOOUuVSkzBADhldE/AC9zACcFS/WcZo6IOtzeFn5W8A2WVct9GfOpLeCpiZe6bQHuM0evIZuVhNz + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {}, "enableRBAC": true, + "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", "loadBalancerSku": + "standard"}, "disableLocalAccounts": false, "securityProfile": {"customCATrustCertificates": + ["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="]}, + "storageProfile": {}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/CustomCATrustPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '4190' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-10-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.23.12\",\n \"currentKubernetesVersion\": \"1.23.12\",\n \"dnsPrefix\": + \"cliakstest-clitest4m5ik3cmw-79a739\",\n \"fqdn\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"c000003\",\n \"count\": + 1,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.23.12\",\n \"currentOrchestratorVersion\": \"1.23.12\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.11.02\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdacAwdRxlSQR4pjwAq5/pt3BHfUxVEZuE/38jIDyAP8cdzFbeqieXX46XutKBcE5fNd+z8g7PrVYbrRxikj7qRCH2W1KHmMP2zPQ8XfGlCvW6BYE1PbUH6F8ikK/67jZbeOJtRWICmS1umnjlRnhkwDe3zoVsixRdYhLCpskHh6sSFO0W5ZQ6aSQ0y5vUw7iY28RUnrijaElCq69fhSUch9ZdZ44Xq98F6COOicuv46LQ2Kz/AtlUzAPh6XVokPu4f9e6llZEaOOUuVSkzBADhldE/AC9zACcFS/WcZo6IOtzeFn5W8A2WVct9GfOpLeCpiZe6bQHuM0evIZuVhNz + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000002_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"backendPoolType\": + \"nodeIPConfiguration\"\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {\n \"customCATrustCertificates\": + [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\",\n + \ \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\"\n + \ ]\n },\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '6092' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:04:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:04:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:05:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:05:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:06:02 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:06:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:07:02 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:07:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\",\n \"endTime\": + \"2022-12-08T20:07:50.2670365Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '169' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:08:02 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-10-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.23.12\",\n \"currentKubernetesVersion\": \"1.23.12\",\n \"dnsPrefix\": + \"cliakstest-clitest4m5ik3cmw-79a739\",\n \"fqdn\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"c000003\",\n \"count\": + 1,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.23.12\",\n \"currentOrchestratorVersion\": \"1.23.12\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.11.02\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdacAwdRxlSQR4pjwAq5/pt3BHfUxVEZuE/38jIDyAP8cdzFbeqieXX46XutKBcE5fNd+z8g7PrVYbrRxikj7qRCH2W1KHmMP2zPQ8XfGlCvW6BYE1PbUH6F8ikK/67jZbeOJtRWICmS1umnjlRnhkwDe3zoVsixRdYhLCpskHh6sSFO0W5ZQ6aSQ0y5vUw7iY28RUnrijaElCq69fhSUch9ZdZ44Xq98F6COOicuv46LQ2Kz/AtlUzAPh6XVokPu4f9e6llZEaOOUuVSkzBADhldE/AC9zACcFS/WcZo6IOtzeFn5W8A2WVct9GfOpLeCpiZe6bQHuM0evIZuVhNz + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000002_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/7e06d39f-0cc6-4040-8669-0b1fde8d856c\"\n + \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n + \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n + \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n + \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": + [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"customCATrustCertificates\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\",\n + \ \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\"\n + \ ]\n },\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '6745' + content-type: + - application/json + date: + - Thu, 08 Dec 2022 20:08:02 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks delete + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n --yes --no-wait + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: DELETE + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-10-02-preview + response: + body: + string: '' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/9cbe9f1f-afe9-4bdb-b132-11ca0c473e1f?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '0' + date: + - Thu, 08 Dec 2022 20:08:04 GMT + expires: + - '-1' + location: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operationresults/9cbe9f1f-afe9-4bdb-b132-11ca0c473e1f?api-version=2016-03-30 + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-deletes: + - '14999' + status: + code: 202 + message: Accepted +version: 1 diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index a793f62fef0..a80dfcf8887 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -12,6 +12,9 @@ from azext_aks_preview.tests.latest.custom_preparers import ( AKSCustomResourceGroupPreparer, ) +from azext_aks_preview._consts import ( + CONST_CUSTOM_CA_TEST_CERT, +) from azext_aks_preview.tests.latest.recording_processors import KeyReplacer from azure.cli.command_modules.acs._format import version_to_tuple from azure.cli.command_modules.acs.addonconfiguration import getRegionCodeForAzureRegion, sanitize_dcr_name @@ -1684,6 +1687,36 @@ def test_aks_custom_ca_trust_flow(self, resource_group, resource_group_location) # delete self.cmd('aks delete -g {resource_group} -n {name} --yes --no-wait', checks=[self.is_empty()]) + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='eastus') + def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resource_group, resource_group_location): + aks_name = self.create_random_name('cliakstest', 16) + node_pool_name = self.create_random_name('c', 6) + node_pool_name_second = self.create_random_name('c', 6) + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'node_pool_name': node_pool_name, + 'node_pool_name_second': node_pool_name_second, + 'ssh_key_value': self.generate_ssh_keys(), + 'custom_ca_trust_certificates': _get_test_data_file("certs.txt") + }) + + # 1. create + create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ + '--nodepool-name {node_pool_name} -c 1 ' \ + '--ssh-key-value={ssh_key_value} ' \ + '--aks-custom-headers=AKSHTTPCustomFeatures=Microsoft.ContainerService/CustomCATrustPreview ' \ + '--custom-ca-trust-certificates={custom_ca_trust_certificates}' + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('securityProfile.customCaTrustCertificates', [CONST_CUSTOM_CA_TEST_CERT for _ in range(2)]), + ]) + + # delete + self.cmd( + 'aks delete -g {resource_group} -n {name} --yes --no-wait', checks=[self.is_empty()]) + @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap') def test_aks_nodepool_stop_and_start(self, resource_group, resource_group_location): diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index ed0fce76eb7..65d455cf565 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -42,6 +42,7 @@ CONST_VIRTUAL_NODE_ADDON_NAME, CONST_VIRTUAL_NODE_SUBNET_NAME, CONST_WORKLOAD_RUNTIME_OCI_CONTAINER, + CONST_CUSTOM_CA_TEST_CERT, ) from azext_aks_preview.agentpool_decorator import AKSPreviewAgentPoolContext from azext_aks_preview.managed_cluster_decorator import ( @@ -73,6 +74,8 @@ UnknownError, ) +from azure.cli.core.util import read_file_content + class AKSPreviewManagedClusterModelsTestCase(unittest.TestCase): def setUp(self): @@ -4000,6 +4003,22 @@ def test_set_up_storage_profile(self): ground_truth_mc_1 = self.models.ManagedCluster(location="test_location", storage_profile=storage_profile_1) self.assertEqual(dec_mc_1, ground_truth_mc_1) + def test_set_up_custom_ca_trust_certificates(self): + dec_1 = AKSPreviewManagedClusterCreateDecorator( + self.cmd, + self.client, + {"custom_ca_trust_certificates": get_test_data_file_path("certs.txt")}, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_1 = self.models.ManagedCluster(location="test_location") + dec_1.context.attach_mc(mc_1) + dec_mc_1 = dec_1.set_up_custom_ca_trust_certificates(mc_1) + sec_profile = self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=[str.encode(CONST_CUSTOM_CA_TEST_CERT) for _ in range(2)] + ) + ground_truth_mc_1 = self.models.ManagedCluster(location="test_location", security_profile=sec_profile) + self.assertEqual(dec_mc_1, ground_truth_mc_1) + def test_set_up_ingress_web_app_routing(self): dec_1 = AKSPreviewManagedClusterCreateDecorator( self.cmd, @@ -5667,6 +5686,60 @@ def test_update_defender(self): ) self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_update_custom_ca_certificates(self): + # set to non-empty + dec_1 = AKSPreviewManagedClusterUpdateDecorator( + self.cmd, + self.client, + { + "custom_ca_trust_certificates": get_test_data_file_path("certs.txt"), + }, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_1 = self.models.ManagedCluster(location="test_location") + dec_1.context.attach_mc(mc_1) + dec_1.context.set_intermediate( + "subscription_id", "test_subscription_id" + ) + + dec_mc_1 = dec_1.update_custom_ca_trust_certificates(mc_1) + + ground_truth_mc_1 = self.models.ManagedCluster( + location="test_location", + security_profile=self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=[str.encode(CONST_CUSTOM_CA_TEST_CERT) for _ in range(2)] + ), + ) + self.assertEqual(dec_mc_1, ground_truth_mc_1) + + # set to empty + dec_2 = AKSPreviewManagedClusterUpdateDecorator( + self.cmd, + self.client, + {"custom_ca_trust_certificates": None}, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_2 = self.models.ManagedCluster( + location="test_location", + security_profile=self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=None + ), + ) + dec_2.context.attach_mc(mc_2) + dec_2.context.set_intermediate( + "subscription_id", "test_subscription_id" + ) + + dec_mc_2 = dec_2.update_custom_ca_trust_certificates(mc_2) + + ground_truth_mc_2 = self.models.ManagedCluster( + location="test_location", + security_profile=self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=None + ), + ) + self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_update_node_restriction(self): dec_1 = AKSPreviewManagedClusterUpdateDecorator( self.cmd, diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index 8baf3c3ff4e..989e0077a35 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -114,6 +114,10 @@ def __init__(self, os_type, enable_custom_ca_trust): self.os_type = os_type self.enable_custom_ca_trust = enable_custom_ca_trust +class CustomCATrustCertificatesNamespace: + def __init__(self, os_type, custom_ca_trust_certificates): + self.os_type = os_type + self.custom_ca_trust_certificates = custom_ca_trust_certificates class DisableWindowsOutboundNatNamespace: def __init__(self, os_type, disable_windows_outbound_nat): @@ -197,6 +201,23 @@ def test_fail_if_os_type_invalid(self): self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str(cm.exception), msg=str(cm.exception)) +class TestCustomCATrustCertificates(unittest.TestCase): + def test_valid_cases(self): + valid = ["foo", ""] + for v in valid: + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Linux", v)) + + def test_fail_if_os_type_windows(self): + with self.assertRaises(CLIError) as cm: + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Windows", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + + def test_fail_if_os_type_invalid(self): + with self.assertRaises(CLIError) as cm: + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("invalid", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + + class TestDisableWindowsOutboundNAT(unittest.TestCase): def test_pass_if_os_type_windows(self): validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("Windows", True)) diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 83c86d7cfaf..a17159f4a29 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.118" +VERSION = "0.5.119" CLASSIFIERS = [ "Development Status :: 4 - Beta",