From 357e6ce79f29b7abca9380cb35f60617adcf4e19 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 17 Nov 2022 17:24:02 -0800 Subject: [PATCH 01/30] Add custom ca certs to CLI --- src/aks-preview/azext_aks_preview/_help.py | 8 +++ src/aks-preview/azext_aks_preview/_params.py | 3 + .../azext_aks_preview/_validators.py | 7 ++ src/aks-preview/azext_aks_preview/custom.py | 2 + .../managed_cluster_decorator.py | 56 +++++++++++++++ .../tests/latest/data/certs.txt | 1 + .../latest/test_managed_cluster_decorator.py | 70 +++++++++++++++++++ .../tests/latest/test_validators.py | 21 ++++++ 8 files changed, 168 insertions(+) create mode 100644 src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 557cd882d1f..1040f00c666 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -477,6 +477,10 @@ - name: --enable-custom-ca-trust type: bool short-summary: Enable Custom CA Trust on agent node pool. + - name: --custom-ca-trust-certificates + type: string + short-summary: Path to a file containing up to 10 base64 encoded certificates. Only valid for linux nodes. + long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. - name: --enable-keda type: bool short-summary: Enable KEDA workload auto-scaler. @@ -914,6 +918,10 @@ type: string short-summary: Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'. + - name: --custom-ca-trust-certificates + type: string + short-summary: Path to a file containing up to 10 base64 encoded certificates. Only valid for linux nodes. + long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. examples: - name: Reconcile the cluster back to its current state. text: az aks update -g MyResourceGroup -n MyManagedCluster diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index a3f3f5f329b..4d319f9ef39 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -123,6 +123,7 @@ validate_vm_set_type, validate_vnet_subnet_id, validate_enable_custom_ca_trust, + validate_custom_ca_trust_certificates, validate_defender_config_parameter, validate_defender_disable_and_enable_parameters, validate_azuremonitorworkspaceresourceid, @@ -348,6 +349,7 @@ def load_arguments(self, _): c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') + c.argument('custom_ca_trust_certificates', is_preview=True, help="path to file containing list of base64 encoded CAs") c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True, help="allowed host ports for agentpool") c.argument('nodepool_asg_ids', validator=validate_application_security_groups, is_preview=True, help="application security groups for agentpool") @@ -459,6 +461,7 @@ def load_arguments(self, _): c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('custom_ca_trust_certificates', validator=validate_custom_ca_trust_certificates, is_preview=True) with self.argument_context('aks upgrade') as c: c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index f68e4199c14..5d813644c1e 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -662,6 +662,13 @@ def validate_enable_custom_ca_trust(namespace): raise ArgumentUsageError( '--enable_custom_ca_trust can only be set for Linux nodepools') +def validate_custom_ca_trust_certificates(namespace): + """Validates Custom CA Trust Certificates can only be used on Linux.""" + if namespace.custom_ca_trust_certificates is not None and namespace.custom_ca_trust_certificates != "": + if hasattr(namespace, 'os_type') and namespace.os_type != "Linux": + raise ArgumentUsageError( + '--custom-ca-trust-certificates can only be set for linux nodepools') + def validate_disable_windows_outbound_nat(namespace): """Validates disable_windows_outbound_nat can only be used on Windows.""" diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 1793aabdd5c..812d78cdee1 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -680,6 +680,7 @@ def aks_create( enable_node_restriction=False, enable_vpa=False, enable_cilium_dataplane=False, + custom_ca_trust_certificates=None, # nodepool host_group_id=None, crg_id=None, @@ -819,6 +820,7 @@ def aks_update( disable_vpa=False, cluster_snapshot_id=None, ssh_key_value=None, + custom_ca_trust_certificates=None ): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 5254e147b4d..46fcc0fa517 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -41,6 +41,7 @@ from azure.cli.core.commands import AzCliCommand from azure.cli.core.profiles import ResourceType from azure.cli.core.util import get_file_json +from azure.cli.core.util import read_file_content from knack.log import get_logger from knack.prompting import prompt_y_n @@ -1979,6 +1980,25 @@ def get_disable_keda(self) -> bool: """ return self._get_disable_keda(enable_validation=True) + def get_custom_ca_trust_certificates(self) -> Union[List[str], None]: + """Obtain the value of custom ca trust certificates. + + :return: List[str] or None + """ + custom_ca_certs_file_path = self.raw_param.get("custom_ca_trust_certificates") + if not custom_ca_certs_file_path: + return None + if not os.path.isfile(custom_ca_certs_file_path): + raise InvalidArgumentValueError( + "{} is not valid file, or not accessible.".format( + custom_ca_certs_file_path + ) + ) + custom_ca_certs = read_file_content(custom_ca_certs_file_path) + # TODO - read certs here and parse them to a proper array? + return [custom_ca_certs] + + def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: """Obtain the value of defender. @@ -2559,6 +2579,22 @@ def set_up_defender(self, mc: ManagedCluster) -> ManagedCluster: return mc + def set_up_custom_ca_trust_certificates(self, mc: ManagedCluster) -> ManagedCluster: + """Set up Custom CA Trust Certificates for the ManagedCluster object. + + :return: the ManagedCluster object + """ + self._ensure_mc(mc) + + ca_certs = self.context.get_custom_ca_trust_certificates() + if ca_certs: + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + + mc.security_profile.custom_ca_trust_certificates = ca_certs + + return mc + def set_up_node_restriction(self, mc: ManagedCluster) -> ManagedCluster: """Set up security profile nodeRestriction for the ManagedCluster object. @@ -2645,6 +2681,8 @@ def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) -> mc = self.set_up_vpa(mc) # set up kube-proxy config mc = self.set_up_kube_proxy_config(mc) + # set up custom ca trust certificates + mc = self.set_up_custom_ca_trust_certificates(mc) # DO NOT MOVE: keep this at the bottom, restore defaults mc = self._restore_defaults_in_mc(mc) @@ -3069,6 +3107,22 @@ def update_defender(self, mc: ManagedCluster) -> ManagedCluster: return mc + def update_custom_ca_trust_certificates(self, mc: ManagedCluster) -> ManagedCluster: + """Update Custom CA Trust Certificates for the ManagedCluster object. + + :return: the ManagedCluster object + """ + self._ensure_mc(mc) + + ca_certs = self.context.get_custom_ca_trust_certificates() + if ca_certs: + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + + mc.security_profile.custom_ca_trust_certificates = ca_certs + + return mc + def update_azure_monitor_profile(self, mc: ManagedCluster) -> ManagedCluster: """Update azure monitor profile for the ManagedCluster object. :return: the ManagedCluster object @@ -3246,5 +3300,7 @@ def update_mc_profile_preview(self) -> ManagedCluster: mc = self.update_outbound_type_in_network_profile(mc) # update kube proxy config mc = self.update_kube_proxy_config(mc) + # update custom ca trust certificates + mc = self.update_custom_ca_trust_certificates(mc) return mc diff --git a/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt new file mode 100644 index 00000000000..af0c8c87eb0 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= \ No newline at end of file diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index ed0fce76eb7..db8618a6286 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -4000,6 +4000,22 @@ def test_set_up_storage_profile(self): ground_truth_mc_1 = self.models.ManagedCluster(location="test_location", storage_profile=storage_profile_1) self.assertEqual(dec_mc_1, ground_truth_mc_1) + def test_set_up_custom_ca_trust_certificates(self): + dec_1 = AKSPreviewManagedClusterCreateDecorator( + self.cmd, + self.client, + {"custom_ca_trust_certificates": get_test_data_file_path("certs.txt")}, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_1 = self.models.ManagedCluster(location="test_location") + dec_1.context.attach_mc(mc_1) + dec_mc_1 = dec_1.set_up_custom_ca_trust_certificates(mc_1) + sec_profile = self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="] + ) + ground_truth_mc_1 = self.models.ManagedCluster(location="test_location", security_profile=sec_profile) + self.assertEqual(dec_mc_1, ground_truth_mc_1) + def test_set_up_ingress_web_app_routing(self): dec_1 = AKSPreviewManagedClusterCreateDecorator( self.cmd, @@ -5667,6 +5683,60 @@ def test_update_defender(self): ) self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_update_custom_ca_certificates(self): + # set to non-empty + dec_1 = AKSPreviewManagedClusterUpdateDecorator( + self.cmd, + self.client, + { + "custom_ca_trust_certificates": get_test_data_file_path("certs.txt"), + }, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_1 = self.models.ManagedCluster(location="test_location") + dec_1.context.attach_mc(mc_1) + dec_1.context.set_intermediate( + "subscription_id", "test_subscription_id" + ) + + dec_mc_1 = dec_1.update_custom_ca_trust_certificates(mc_1) + + ground_truth_mc_1 = self.models.ManagedCluster( + location="test_location", + security_profile=self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="] + ), + ) + self.assertEqual(dec_mc_1, ground_truth_mc_1) + + # set to empty + dec_2 = AKSPreviewManagedClusterUpdateDecorator( + self.cmd, + self.client, + {"custom_ca_trust_certificates": None}, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_2 = self.models.ManagedCluster( + location="test_location", + security_profile=self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=None + ), + ) + dec_2.context.attach_mc(mc_2) + dec_2.context.set_intermediate( + "subscription_id", "test_subscription_id" + ) + + dec_mc_2 = dec_2.update_custom_ca_trust_certificates(mc_2) + + ground_truth_mc_2 = self.models.ManagedCluster( + location="test_location", + security_profile=self.models.ManagedClusterSecurityProfile( + custom_ca_trust_certificates=None + ), + ) + self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_update_node_restriction(self): dec_1 = AKSPreviewManagedClusterUpdateDecorator( self.cmd, diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py index 8baf3c3ff4e..989e0077a35 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py @@ -114,6 +114,10 @@ def __init__(self, os_type, enable_custom_ca_trust): self.os_type = os_type self.enable_custom_ca_trust = enable_custom_ca_trust +class CustomCATrustCertificatesNamespace: + def __init__(self, os_type, custom_ca_trust_certificates): + self.os_type = os_type + self.custom_ca_trust_certificates = custom_ca_trust_certificates class DisableWindowsOutboundNatNamespace: def __init__(self, os_type, disable_windows_outbound_nat): @@ -197,6 +201,23 @@ def test_fail_if_os_type_invalid(self): self.assertTrue('--enable_custom_ca_trust can only be set for Linux nodepools' in str(cm.exception), msg=str(cm.exception)) +class TestCustomCATrustCertificates(unittest.TestCase): + def test_valid_cases(self): + valid = ["foo", ""] + for v in valid: + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Linux", v)) + + def test_fail_if_os_type_windows(self): + with self.assertRaises(CLIError) as cm: + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("Windows", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + + def test_fail_if_os_type_invalid(self): + with self.assertRaises(CLIError) as cm: + validators.validate_custom_ca_trust_certificates(CustomCATrustCertificatesNamespace("invalid", "foo")) + self.assertTrue('--custom-ca-trust-certificates can only be set for linux nodepools' in str(cm.exception), msg=str(cm.exception)) + + class TestDisableWindowsOutboundNAT(unittest.TestCase): def test_pass_if_os_type_windows(self): validators.validate_disable_windows_outbound_nat(DisableWindowsOutboundNatNamespace("Windows", True)) From ac01260f6861293d757c2220adfa3393a28fff4f Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 17 Nov 2022 23:21:32 -0800 Subject: [PATCH 02/30] Try with json string instead... --- .../azext_aks_preview/managed_cluster_decorator.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 46fcc0fa517..4caef251c3c 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -4,6 +4,7 @@ # -------------------------------------------------------------------------------------------- import os +import json from types import SimpleNamespace from typing import Dict, List, Optional, Tuple, TypeVar, Union @@ -1980,7 +1981,7 @@ def get_disable_keda(self) -> bool: """ return self._get_disable_keda(enable_validation=True) - def get_custom_ca_trust_certificates(self) -> Union[List[str], None]: + def get_custom_ca_trust_certificates(self) -> Union[str, None]: """Obtain the value of custom ca trust certificates. :return: List[str] or None @@ -1996,7 +1997,7 @@ def get_custom_ca_trust_certificates(self) -> Union[List[str], None]: ) custom_ca_certs = read_file_content(custom_ca_certs_file_path) # TODO - read certs here and parse them to a proper array? - return [custom_ca_certs] + return json.dumps([custom_ca_certs]) def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: From ce4faadafaa1a33847484446463f54a06fe606ab Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 17 Nov 2022 23:53:55 -0800 Subject: [PATCH 03/30] Revert "Try with json string instead..." This reverts commit 490990694d38d8eb8d33e75d7a7b5c8f4d65727f. --- .../azext_aks_preview/managed_cluster_decorator.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 4caef251c3c..46fcc0fa517 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -4,7 +4,6 @@ # -------------------------------------------------------------------------------------------- import os -import json from types import SimpleNamespace from typing import Dict, List, Optional, Tuple, TypeVar, Union @@ -1981,7 +1980,7 @@ def get_disable_keda(self) -> bool: """ return self._get_disable_keda(enable_validation=True) - def get_custom_ca_trust_certificates(self) -> Union[str, None]: + def get_custom_ca_trust_certificates(self) -> Union[List[str], None]: """Obtain the value of custom ca trust certificates. :return: List[str] or None @@ -1997,7 +1996,7 @@ def get_custom_ca_trust_certificates(self) -> Union[str, None]: ) custom_ca_certs = read_file_content(custom_ca_certs_file_path) # TODO - read certs here and parse them to a proper array? - return json.dumps([custom_ca_certs]) + return [custom_ca_certs] def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: From 6e7dcfae192f2b0dd685bd72a8d122aa06db1bac Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Mon, 21 Nov 2022 23:06:30 -0800 Subject: [PATCH 04/30] Try running correctly encoded certs --- .../azext_aks_preview/managed_cluster_decorator.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 46fcc0fa517..52de07a736f 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -1980,7 +1980,7 @@ def get_disable_keda(self) -> bool: """ return self._get_disable_keda(enable_validation=True) - def get_custom_ca_trust_certificates(self) -> Union[List[str], None]: + def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: """Obtain the value of custom ca trust certificates. :return: List[str] or None @@ -1994,7 +1994,7 @@ def get_custom_ca_trust_certificates(self) -> Union[List[str], None]: custom_ca_certs_file_path ) ) - custom_ca_certs = read_file_content(custom_ca_certs_file_path) + custom_ca_certs = str.encode(read_file_content(custom_ca_certs_file_path)) # TODO - read certs here and parse them to a proper array? return [custom_ca_certs] From 41453dc962fe55f449b7d25eef03839026f6e87a Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Mon, 21 Nov 2022 23:15:58 -0800 Subject: [PATCH 05/30] Use normal cert --- .../tests/latest/data/certs.txt | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt index af0c8c87eb0..c8d02f87cf7 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt +++ b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt @@ -1 +1,16 @@ -LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= \ No newline at end of file +-----BEGIN CERTIFICATE----- +MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ +TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX +KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b +OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH +yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc +p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC +dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu +5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB +/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu +RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt +SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h +tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg +Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS +-----END CERTIFICATE----- From 1ead95ca816dfb749a6dcb55f75166b4d3ac6975 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Wed, 23 Nov 2022 15:53:23 -0800 Subject: [PATCH 06/30] handle multiple CAs getting passed --- .../managed_cluster_decorator.py | 13 ++++++++++--- .../tests/latest/data/certs.txt | 17 +++++++++++++++++ .../latest/test_managed_cluster_decorator.py | 6 ++++-- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 52de07a736f..8c07197d230 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -4,6 +4,7 @@ # -------------------------------------------------------------------------------------------- import os +from base64 import b64encode from types import SimpleNamespace from typing import Dict, List, Optional, Tuple, TypeVar, Union @@ -1994,9 +1995,15 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: custom_ca_certs_file_path ) ) - custom_ca_certs = str.encode(read_file_content(custom_ca_certs_file_path)) - # TODO - read certs here and parse them to a proper array? - return [custom_ca_certs] + # CAs are supposed to be separated with a new line, we filter out empty strings (e.g. some stray new line). We only allow up to 10 CAs + file_content = read_file_content(custom_ca_certs_file_path).split(os.linesep + os.linesep) + if len(file_content) > 10: + raise InvalidArgumentValueError( + "Only up to 10 new-line separated CAs can be passed, got {} instead.".format( + len(file_content) + ) + ) + return [b64encode((x + "\n").encode()) for x in file_content if len(x) > 1] def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: diff --git a/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt index c8d02f87cf7..db522f2a767 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt +++ b/src/aks-preview/azext_aks_preview/tests/latest/data/certs.txt @@ -14,3 +14,20 @@ SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS -----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ +TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX +KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b +OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH +yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc +p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC +dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu +5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB +/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu +RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt +SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h +tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg +Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index db8618a6286..0849e0cf956 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -4010,8 +4010,9 @@ def test_set_up_custom_ca_trust_certificates(self): mc_1 = self.models.ManagedCluster(location="test_location") dec_1.context.attach_mc(mc_1) dec_mc_1 = dec_1.set_up_custom_ca_trust_certificates(mc_1) + test_cert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" sec_profile = self.models.ManagedClusterSecurityProfile( - custom_ca_trust_certificates=["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="] + custom_ca_trust_certificates=[str.encode(test_cert) for _ in range(2)] ) ground_truth_mc_1 = self.models.ManagedCluster(location="test_location", security_profile=sec_profile) self.assertEqual(dec_mc_1, ground_truth_mc_1) @@ -5701,10 +5702,11 @@ def test_update_custom_ca_certificates(self): dec_mc_1 = dec_1.update_custom_ca_trust_certificates(mc_1) + test_cert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" ground_truth_mc_1 = self.models.ManagedCluster( location="test_location", security_profile=self.models.ManagedClusterSecurityProfile( - custom_ca_trust_certificates=["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="] + custom_ca_trust_certificates=[str.encode(test_cert) for _ in range(2)] ), ) self.assertEqual(dec_mc_1, ground_truth_mc_1) From 08faaa273628a7d6da3b85ef3cbe77062e473fb5 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Wed, 23 Nov 2022 16:04:13 -0800 Subject: [PATCH 07/30] try different encoding for read certs --- src/aks-preview/azext_aks_preview/managed_cluster_decorator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 8c07197d230..f03ab060b3e 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -2003,7 +2003,7 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: len(file_content) ) ) - return [b64encode((x + "\n").encode()) for x in file_content if len(x) > 1] + return [str.encode((x + "\n")) for x in file_content if len(x) > 1] def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: From 7870b712fdf890dedbeddafafb05a05b41331ece Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Mon, 28 Nov 2022 10:32:45 -0800 Subject: [PATCH 08/30] use correct test certs in decorator tests --- .../latest/test_managed_cluster_decorator.py | 40 +++++++++++++++++-- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 0849e0cf956..84642887dee 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -73,6 +73,8 @@ UnknownError, ) +from azure.cli.core.util import read_file_content + class AKSPreviewManagedClusterModelsTestCase(unittest.TestCase): def setUp(self): @@ -4010,9 +4012,24 @@ def test_set_up_custom_ca_trust_certificates(self): mc_1 = self.models.ManagedCluster(location="test_location") dec_1.context.attach_mc(mc_1) dec_mc_1 = dec_1.set_up_custom_ca_trust_certificates(mc_1) - test_cert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + test_cert_string = '-----BEGIN CERTIFICATE-----\n' \ + 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ + 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ + 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ + 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ + 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ + 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ + 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ + 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ + '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ + '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ + 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ + 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ + 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ + 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ + '-----END CERTIFICATE-----\n' sec_profile = self.models.ManagedClusterSecurityProfile( - custom_ca_trust_certificates=[str.encode(test_cert) for _ in range(2)] + custom_ca_trust_certificates=[str.encode(test_cert_string) for _ in range(2)] ) ground_truth_mc_1 = self.models.ManagedCluster(location="test_location", security_profile=sec_profile) self.assertEqual(dec_mc_1, ground_truth_mc_1) @@ -5702,11 +5719,26 @@ def test_update_custom_ca_certificates(self): dec_mc_1 = dec_1.update_custom_ca_trust_certificates(mc_1) - test_cert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + test_cert_string = '-----BEGIN CERTIFICATE-----\n' \ + 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ + 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ + 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ + 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ + 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ + 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ + 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ + 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ + '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ + '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ + 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ + 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ + 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ + 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ + '-----END CERTIFICATE-----\n' ground_truth_mc_1 = self.models.ManagedCluster( location="test_location", security_profile=self.models.ManagedClusterSecurityProfile( - custom_ca_trust_certificates=[str.encode(test_cert) for _ in range(2)] + custom_ca_trust_certificates=[str.encode(test_cert_string) for _ in range(2)] ), ) self.assertEqual(dec_mc_1, ground_truth_mc_1) From 9ec9e4f518b77641566ba4a5c37a0bad4b6e36a8 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Mon, 28 Nov 2022 20:51:49 -0800 Subject: [PATCH 09/30] add missing test --- .../tests/latest/test_aks_commands.py | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index a793f62fef0..d43bc83e364 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1684,6 +1684,35 @@ def test_aks_custom_ca_trust_flow(self, resource_group, resource_group_location) # delete self.cmd('aks delete -g {resource_group} -n {name} --yes --no-wait', checks=[self.is_empty()]) + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='eastus') + def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resource_group, resource_group_location): + aks_name = self.create_random_name('cliakstest', 16) + node_pool_name = self.create_random_name('c', 6) + node_pool_name_second = self.create_random_name('c', 6) + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'node_pool_name': node_pool_name, + 'node_pool_name_second': node_pool_name_second, + 'ssh_key_value': self.generate_ssh_keys(), + 'custom_ca_trust_certificates': _get_test_data_file("certs.txt") + }) + + # 1. create + create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ + '--nodepool-name {node_pool_name} -c 1 ' \ + '--ssh-key-value={ssh_key_value} ' \ + '--custom-ca-trust-certificates={custom_ca_trust_certificates}' + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('securityProfile.customCaTrustCertificates', '[foo]'), + ]) + + # delete + self.cmd( + 'aks delete -g {resource_group} -n {name} --yes --no-wait', checks=[self.is_empty()]) + @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap') def test_aks_nodepool_stop_and_start(self, resource_group, resource_group_location): From 2f5a449fdf8a6072115f597d70d339c55a60f044 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Mon, 28 Nov 2022 21:04:32 -0800 Subject: [PATCH 10/30] add registered feature --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index d43bc83e364..a080649f136 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1703,6 +1703,7 @@ def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resourc create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ '--nodepool-name {node_pool_name} -c 1 ' \ '--ssh-key-value={ssh_key_value} ' \ + '--aks-custom-headers=AKSHTTPCustomFeatures=Microsoft.ContainerService/CustomCATrustPreview' \ '--custom-ca-trust-certificates={custom_ca_trust_certificates}' self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), From 4302cffde0e15874d3789fe60ae5c26d3bcb3b6e Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Mon, 28 Nov 2022 21:15:37 -0800 Subject: [PATCH 11/30] add missing trailing space --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index a080649f136..1fa750e5229 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1703,7 +1703,7 @@ def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resourc create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ '--nodepool-name {node_pool_name} -c 1 ' \ '--ssh-key-value={ssh_key_value} ' \ - '--aks-custom-headers=AKSHTTPCustomFeatures=Microsoft.ContainerService/CustomCATrustPreview' \ + '--aks-custom-headers=AKSHTTPCustomFeatures=Microsoft.ContainerService/CustomCATrustPreview ' \ '--custom-ca-trust-certificates={custom_ca_trust_certificates}' self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), From edb55f935e233976496d33f3824997ac9ed2eac3 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Mon, 28 Nov 2022 21:28:07 -0800 Subject: [PATCH 12/30] add short option --- src/aks-preview/azext_aks_preview/_params.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 4d319f9ef39..2c8358420c3 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -349,7 +349,7 @@ def load_arguments(self, _): c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') - c.argument('custom_ca_trust_certificates', is_preview=True, help="path to file containing list of base64 encoded CAs") + c.argument('custom_ca_trust_certificates', options_list=["--custom_ca_trust_certificates", "--ca-certs"], is_preview=True, help="path to file containing list of base64 encoded CAs") c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True, help="allowed host ports for agentpool") c.argument('nodepool_asg_ids', validator=validate_application_security_groups, is_preview=True, help="application security groups for agentpool") @@ -461,7 +461,7 @@ def load_arguments(self, _): c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('custom_ca_trust_certificates', validator=validate_custom_ca_trust_certificates, is_preview=True) + c.argument('custom_ca_trust_certificates', options_list=["--custom_ca_trust_certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True) with self.argument_context('aks upgrade') as c: c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) From 279ec503e0d9eccc4ae97c7b8099456388285cfa Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Tue, 29 Nov 2022 17:09:38 -0800 Subject: [PATCH 13/30] update help instructions --- src/aks-preview/azext_aks_preview/_help.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 1040f00c666..4ea9745138f 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -479,7 +479,7 @@ short-summary: Enable Custom CA Trust on agent node pool. - name: --custom-ca-trust-certificates type: string - short-summary: Path to a file containing up to 10 base64 encoded certificates. Only valid for linux nodes. + short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. - name: --enable-keda type: bool @@ -920,7 +920,7 @@ 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'. - name: --custom-ca-trust-certificates type: string - short-summary: Path to a file containing up to 10 base64 encoded certificates. Only valid for linux nodes. + short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. examples: - name: Reconcile the cluster back to its current state. From be320e5b4eb1a5163c1a111d363f64b9b3e214a4 Mon Sep 17 00:00:00 2001 From: FumingZhang <81607949+FumingZhang@users.noreply.github.com> Date: Thu, 1 Dec 2022 16:55:06 +0800 Subject: [PATCH 14/30] Update src/aks-preview/azext_aks_preview/_params.py --- src/aks-preview/azext_aks_preview/_params.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 2c8358420c3..d6bd2210520 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -349,7 +349,7 @@ def load_arguments(self, _): c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') - c.argument('custom_ca_trust_certificates', options_list=["--custom_ca_trust_certificates", "--ca-certs"], is_preview=True, help="path to file containing list of base64 encoded CAs") + c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], is_preview=True, help="path to file containing list of base64 encoded CAs") c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True, help="allowed host ports for agentpool") c.argument('nodepool_asg_ids', validator=validate_application_security_groups, is_preview=True, help="application security groups for agentpool") From d3bc6d438208fc42b95e326c4cfa82e3ef6ed0b0 Mon Sep 17 00:00:00 2001 From: FumingZhang <81607949+FumingZhang@users.noreply.github.com> Date: Thu, 1 Dec 2022 16:55:15 +0800 Subject: [PATCH 15/30] Update src/aks-preview/azext_aks_preview/_params.py --- src/aks-preview/azext_aks_preview/_params.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index d6bd2210520..c68359d894d 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -461,7 +461,7 @@ def load_arguments(self, _): c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('custom_ca_trust_certificates', options_list=["--custom_ca_trust_certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True) + c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True) with self.argument_context('aks upgrade') as c: c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) From cb488c220349b0bd01d7f71e5457b08bdc6d4d5d Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Tue, 6 Dec 2022 13:10:36 -0800 Subject: [PATCH 16/30] remove unneeded new line indicator --- .../azext_aks_preview/managed_cluster_decorator.py | 2 +- .../tests/latest/test_managed_cluster_decorator.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index f03ab060b3e..4927493d46f 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -2003,7 +2003,7 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: len(file_content) ) ) - return [str.encode((x + "\n")) for x in file_content if len(x) > 1] + return [str.encode(x) for x in file_content if len(x) > 1] def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 84642887dee..6ea06f4b778 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -4027,7 +4027,7 @@ def test_set_up_custom_ca_trust_certificates(self): 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ - '-----END CERTIFICATE-----\n' + '-----END CERTIFICATE-----' sec_profile = self.models.ManagedClusterSecurityProfile( custom_ca_trust_certificates=[str.encode(test_cert_string) for _ in range(2)] ) @@ -5734,7 +5734,7 @@ def test_update_custom_ca_certificates(self): 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ - '-----END CERTIFICATE-----\n' + '-----END CERTIFICATE-----' ground_truth_mc_1 = self.models.ManagedCluster( location="test_location", security_profile=self.models.ManagedClusterSecurityProfile( From 418232d924788677e0c019ab9b92e3b402e3bf90 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Tue, 6 Dec 2022 13:32:32 -0800 Subject: [PATCH 17/30] use correct value for expected certs in create CMD --- .../tests/latest/test_aks_commands.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 1fa750e5229..eefaa5176e6 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -1687,6 +1687,22 @@ def test_aks_custom_ca_trust_flow(self, resource_group, resource_group_location) @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='eastus') def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resource_group, resource_group_location): + test_cert_string = '-----BEGIN CERTIFICATE-----\n' \ + 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ + 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ + 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ + 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ + 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ + 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ + 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ + 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ + '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ + '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ + 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ + 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ + 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ + 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ + '-----END CERTIFICATE-----' aks_name = self.create_random_name('cliakstest', 16) node_pool_name = self.create_random_name('c', 6) node_pool_name_second = self.create_random_name('c', 6) @@ -1707,7 +1723,7 @@ def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resourc '--custom-ca-trust-certificates={custom_ca_trust_certificates}' self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), - self.check('securityProfile.customCaTrustCertificates', '[foo]'), + self.check('securityProfile.customCaTrustCertificates', [test_cert_string for _ in range(2)]), ]) # delete From 1e86430e5b85b7f2d2ecd3e66f3a0637a3634a5d Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Tue, 6 Dec 2022 14:58:20 -0800 Subject: [PATCH 18/30] Add live test recording --- ...ool_with_custom_ca_trust_certificates.yaml | 625 ++++++++++++++++++ 1 file changed, 625 insertions(+) create mode 100644 src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml new file mode 100644 index 00000000000..39d750734bf --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml @@ -0,0 +1,625 @@ + + +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-resource/21.1.0b1 Python/3.9.6 (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2021-04-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"eastus","tags":{"product":"azurecli","cause":"automation","date":"2022-11-17T23:13:05Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '304' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 17 Nov 2022 23:13:07 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "eastus", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitest5kc5nzdov-8ecadf", + "agentPoolProfiles": [{"count": 1, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": + 0, "workloadRuntime": "OCIContainer", "osType": "Linux", "enableAutoScaling": + false, "type": "VirtualMachineScaleSets", "mode": "System", "orchestratorVersion": + "", "upgradeSettings": {}, "enableNodePublicIP": false, "enableCustomCATrust": + false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": + -1.0, "nodeTaints": [], "enableEncryptionAtHost": false, "enableUltraSSD": false, + "enableFIPS": false, "networkProfile": {}, "name": "c000003"}], "linuxProfile": + {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ== + test@example.com\n"}]}}, "addonProfiles": {}, "enableRBAC": true, "enablePodSecurityPolicy": + false, "networkProfile": {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": + "172.17.0.1/16", "outboundType": "loadBalancer", "loadBalancerSku": "standard"}, + "disableLocalAccounts": false, "storageProfile": {}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1906' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-09-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"eastus\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.23.12\",\n \"currentKubernetesVersion\": \"1.23.12\",\n \"dnsPrefix\": + \"cliakstest-clitest5kc5nzdov-8ecadf\",\n \"fqdn\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.hcp.eastus.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.portal.hcp.eastus.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"c000003\",\n \"count\": + 1,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.23.12\",\n \"currentOrchestratorVersion\": \"1.23.12\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.10.24\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ== + test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000002_eastus\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"backendPoolType\": + \"nodeIPConfiguration\"\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": + {\n \"diskCSIDriver\": {\n \"enabled\": true,\n \"version\": \"v1\"\n + \ },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": + {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": + false\n },\n \"workloadAutoScalerProfile\": {}\n },\n \"identity\": + {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + cache-control: + - no-cache + content-length: + - '3803' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:13:13 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:13:44 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:14:15 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:14:44 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:15:15 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:15:45 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:16:15 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:16:45 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + response: + body: + string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\",\n \"endTime\": + \"2022-11-17T23:16:59.3162346Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '169' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:17:15 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + User-Agent: + - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 + (macOS-13.0.1-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-09-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n + \ \"location\": \"eastus\",\n \"name\": \"cliakstest000002\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.23.12\",\n \"currentKubernetesVersion\": \"1.23.12\",\n \"dnsPrefix\": + \"cliakstest-clitest5kc5nzdov-8ecadf\",\n \"fqdn\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.hcp.eastus.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.portal.hcp.eastus.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"c000003\",\n \"count\": + 1,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": + \"1.23.12\",\n \"currentOrchestratorVersion\": \"1.23.12\",\n \"enableNodePublicIP\": + false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.10.24\",\n \"upgradeSettings\": {},\n + \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": + {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ== + test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000002_eastus\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_eastus/providers/Microsoft.Network/publicIPAddresses/3acc3182-3b39-4f3d-8735-a9867b407b38\"\n + \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n + \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n + \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n + \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n + \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": + [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_eastus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '4454' + content-type: + - application/json + date: + - Thu, 17 Nov 2022 23:17:16 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 From 2345a40dd280226a96e98c5b908e3261479eb7f3 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 8 Dec 2022 11:27:15 -0800 Subject: [PATCH 19/30] Add new version information --- src/aks-preview/HISTORY.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 1ba889cb365..ccb58f9660b 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -14,6 +14,11 @@ Pending * Update the minimum required cli core version to `2.43.0`. +0.5.119 ++++++++ + +* Add `--custom-ca-trust-certificates` option for custom CA in aks create and aks update + 0.5.118 +++++++ From 1aba5f46a192bfb4ad668fc5653c748e9310448a Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 8 Dec 2022 14:34:46 -0800 Subject: [PATCH 20/30] add new recording, change validation order --- .../managed_cluster_decorator.py | 7 +- ...ool_with_custom_ca_trust_certificates.yaml | 285 +++++++++++------- 2 files changed, 180 insertions(+), 112 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index 4927493d46f..b00016b64c9 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -1997,13 +1997,14 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: ) # CAs are supposed to be separated with a new line, we filter out empty strings (e.g. some stray new line). We only allow up to 10 CAs file_content = read_file_content(custom_ca_certs_file_path).split(os.linesep + os.linesep) - if len(file_content) > 10: + certs = [str.encode(x) for x in file_content if len(x) > 1] + if len(certs) > 10: raise InvalidArgumentValueError( "Only up to 10 new-line separated CAs can be passed, got {} instead.".format( - len(file_content) + len(certs) ) ) - return [str.encode(x) for x in file_content if len(x) > 1] + return certs def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml index 39d750734bf..cc33699ebb2 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_add_nodepool_with_custom_ca_trust_certificates.yaml @@ -1,5 +1,3 @@ - - interactions: - request: body: null @@ -13,23 +11,24 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-resource/21.1.0b1 Python/3.9.6 (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-resource/21.1.0b1 Python/3.8.10 (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2021-04-01 response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"eastus","tags":{"product":"azurecli","cause":"automation","date":"2022-11-17T23:13:05Z"},"properties":{"provisioningState":"Succeeded"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","date":"2022-12-08T20:03:56Z"},"properties":{"provisioningState":"Succeeded"}}' headers: cache-control: - no-cache content-length: - - '304' + - '305' content-type: - application/json; charset=utf-8 date: - - Thu, 17 Nov 2022 23:13:07 GMT + - Thu, 08 Dec 2022 20:03:57 GMT expires: - '-1' pragma: @@ -44,8 +43,8 @@ interactions: code: 200 message: OK - request: - body: '{"location": "eastus", "identity": {"type": "SystemAssigned"}, "properties": - {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitest5kc5nzdov-8ecadf", + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitest4m5ik3cmw-79a739", "agentPoolProfiles": [{"count": 1, "vmSize": "Standard_DS2_v2", "osDiskSizeGB": 0, "workloadRuntime": "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", "mode": "System", "orchestratorVersion": @@ -53,13 +52,18 @@ interactions: false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "nodeTaints": [], "enableEncryptionAtHost": false, "enableUltraSSD": false, "enableFIPS": false, "networkProfile": {}, "name": "c000003"}], "linuxProfile": - {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ== - test@example.com\n"}]}}, "addonProfiles": {}, "enableRBAC": true, "enablePodSecurityPolicy": - false, "networkProfile": {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", - "serviceCidr": "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": - "172.17.0.1/16", "outboundType": "loadBalancer", "loadBalancerSku": "standard"}, - "disableLocalAccounts": false, "storageProfile": {}}}' + {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdacAwdRxlSQR4pjwAq5/pt3BHfUxVEZuE/38jIDyAP8cdzFbeqieXX46XutKBcE5fNd+z8g7PrVYbrRxikj7qRCH2W1KHmMP2zPQ8XfGlCvW6BYE1PbUH6F8ikK/67jZbeOJtRWICmS1umnjlRnhkwDe3zoVsixRdYhLCpskHh6sSFO0W5ZQ6aSQ0y5vUw7iY28RUnrijaElCq69fhSUch9ZdZ44Xq98F6COOicuv46LQ2Kz/AtlUzAPh6XVokPu4f9e6llZEaOOUuVSkzBADhldE/AC9zACcFS/WcZo6IOtzeFn5W8A2WVct9GfOpLeCpiZe6bQHuM0evIZuVhNz + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {}, "enableRBAC": true, + "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", "loadBalancerSku": + "standard"}, "disableLocalAccounts": false, "securityProfile": {"customCATrustCertificates": + ["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="]}, + "storageProfile": {}}}' headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/CustomCATrustPreview Accept: - application/json Accept-Encoding: @@ -69,25 +73,26 @@ interactions: Connection: - keep-alive Content-Length: - - '1906' + - '4190' Content-Type: - application/json ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-09-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-10-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n - \ \"location\": \"eastus\",\n \"name\": \"cliakstest000002\",\n \"type\": + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.23.12\",\n \"currentKubernetesVersion\": \"1.23.12\",\n \"dnsPrefix\": - \"cliakstest-clitest5kc5nzdov-8ecadf\",\n \"fqdn\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.hcp.eastus.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.portal.hcp.eastus.azmk8s.io\",\n + \"cliakstest-clitest4m5ik3cmw-79a739\",\n \"fqdn\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"c000003\",\n \"count\": 1,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -98,13 +103,13 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-1804gen2containerd-2022.10.24\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-1804gen2containerd-2022.11.02\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ== - test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdacAwdRxlSQR4pjwAq5/pt3BHfUxVEZuE/38jIDyAP8cdzFbeqieXX46XutKBcE5fNd+z8g7PrVYbrRxikj7qRCH2W1KHmMP2zPQ8XfGlCvW6BYE1PbUH6F8ikK/67jZbeOJtRWICmS1umnjlRnhkwDe3zoVsixRdYhLCpskHh6sSFO0W5ZQ6aSQ0y5vUw7iY28RUnrijaElCq69fhSUch9ZdZ44Xq98F6COOicuv46LQ2Kz/AtlUzAPh6XVokPu4f9e6llZEaOOUuVSkzBADhldE/AC9zACcFS/WcZo6IOtzeFn5W8A2WVct9GfOpLeCpiZe6bQHuM0evIZuVhNz + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": - \"MC_clitest000001_cliakstest000002_eastus\",\n \"enableRBAC\": true,\n + \"MC_clitest000001_cliakstest000002_westus2\",\n \"enableRBAC\": true,\n \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"backendPoolType\": @@ -113,25 +118,27 @@ interactions: \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": - 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {},\n \"storageProfile\": - {\n \"diskCSIDriver\": {\n \"enabled\": true,\n \"version\": \"v1\"\n - \ },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": - {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": - false\n },\n \"workloadAutoScalerProfile\": {}\n },\n \"identity\": - {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": {\n \"customCATrustCertificates\": + [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\",\n + \ \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\"\n + \ ]\n },\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": + true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n + \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": + {}\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" headers: azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 cache-control: - no-cache content-length: - - '3803' + - '6092' content-type: - application/json date: - - Thu, 17 Nov 2022 23:13:13 GMT + - Thu, 08 Dec 2022 20:04:01 GMT expires: - '-1' pragma: @@ -159,16 +166,17 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" headers: cache-control: - no-cache @@ -177,7 +185,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:13:44 GMT + - Thu, 08 Dec 2022 20:04:31 GMT expires: - '-1' pragma: @@ -207,16 +215,17 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" headers: cache-control: - no-cache @@ -225,7 +234,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:14:15 GMT + - Thu, 08 Dec 2022 20:05:01 GMT expires: - '-1' pragma: @@ -255,16 +264,17 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" headers: cache-control: - no-cache @@ -273,7 +283,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:14:44 GMT + - Thu, 08 Dec 2022 20:05:31 GMT expires: - '-1' pragma: @@ -303,16 +313,17 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" headers: cache-control: - no-cache @@ -321,7 +332,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:15:15 GMT + - Thu, 08 Dec 2022 20:06:02 GMT expires: - '-1' pragma: @@ -351,16 +362,17 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" headers: cache-control: - no-cache @@ -369,7 +381,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:15:45 GMT + - Thu, 08 Dec 2022 20:06:32 GMT expires: - '-1' pragma: @@ -399,16 +411,17 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" headers: cache-control: - no-cache @@ -417,7 +430,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:16:15 GMT + - Thu, 08 Dec 2022 20:07:02 GMT expires: - '-1' pragma: @@ -447,16 +460,17 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\"\n }" headers: cache-control: - no-cache @@ -465,7 +479,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:16:45 GMT + - Thu, 08 Dec 2022 20:07:32 GMT expires: - '-1' pragma: @@ -495,17 +509,18 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/eastus/operations/f24a2d77-1185-49a1-b542-9d1347673181?api-version=2017-08-31 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/84e71073-8f15-4b53-91d7-c0d98c716826?api-version=2016-03-30 response: body: - string: "{\n \"name\": \"772d4af2-8511-a149-b542-9d1347673181\",\n \"status\": - \"Succeeded\",\n \"startTime\": \"2022-11-17T23:13:14.254744Z\",\n \"endTime\": - \"2022-11-17T23:16:59.3162346Z\"\n }" + string: "{\n \"name\": \"7310e784-158f-534b-91d7-c0d98c716826\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-12-08T20:04:01.762831Z\",\n \"endTime\": + \"2022-12-08T20:07:50.2670365Z\"\n }" headers: cache-control: - no-cache @@ -514,7 +529,7 @@ interactions: content-type: - application/json date: - - Thu, 17 Nov 2022 23:17:15 GMT + - Thu, 08 Dec 2022 20:08:02 GMT expires: - '-1' pragma: @@ -544,21 +559,22 @@ interactions: Connection: - keep-alive ParameterSetName: - - --resource-group --name --nodepool-name -c --ssh-key-value --custom-ca-trust-certificates + - --resource-group --name --nodepool-name -c --ssh-key-value --aks-custom-headers + --custom-ca-trust-certificates User-Agent: - - AZURECLI/2.42.0 azsdk-python-azure-mgmt-containerservice/20.4.0b Python/3.9.6 - (macOS-13.0.1-x86_64-i386-64bit) + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-09-02-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-10-02-preview response: body: string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n - \ \"location\": \"eastus\",\n \"name\": \"cliakstest000002\",\n \"type\": + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.23.12\",\n \"currentKubernetesVersion\": \"1.23.12\",\n \"dnsPrefix\": - \"cliakstest-clitest5kc5nzdov-8ecadf\",\n \"fqdn\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.hcp.eastus.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitest5kc5nzdov-8ecadf-c8089a03.portal.hcp.eastus.azmk8s.io\",\n + \"cliakstest-clitest4m5ik3cmw-79a739\",\n \"fqdn\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitest4m5ik3cmw-79a739-8a8cddb5.portal.hcp.westus2.azmk8s.io\",\n \ \"agentPoolProfiles\": [\n {\n \"name\": \"c000003\",\n \"count\": 1,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": @@ -569,27 +585,29 @@ interactions: false,\n \"enableCustomCATrust\": false,\n \"mode\": \"System\",\n \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": - \"AKSUbuntu-1804gen2containerd-2022.10.24\",\n \"upgradeSettings\": {},\n + \"AKSUbuntu-1804gen2containerd-2022.11.02\",\n \"upgradeSettings\": {},\n \ \"enableFIPS\": false,\n \"networkProfile\": {}\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\": - [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ== - test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdacAwdRxlSQR4pjwAq5/pt3BHfUxVEZuE/38jIDyAP8cdzFbeqieXX46XutKBcE5fNd+z8g7PrVYbrRxikj7qRCH2W1KHmMP2zPQ8XfGlCvW6BYE1PbUH6F8ikK/67jZbeOJtRWICmS1umnjlRnhkwDe3zoVsixRdYhLCpskHh6sSFO0W5ZQ6aSQ0y5vUw7iY28RUnrijaElCq69fhSUch9ZdZ44Xq98F6COOicuv46LQ2Kz/AtlUzAPh6XVokPu4f9e6llZEaOOUuVSkzBADhldE/AC9zACcFS/WcZo6IOtzeFn5W8A2WVct9GfOpLeCpiZe6bQHuM0evIZuVhNz + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": - \"MC_clitest000001_cliakstest000002_eastus\",\n \"enableRBAC\": true,\n + \"MC_clitest000001_cliakstest000002_westus2\",\n \"enableRBAC\": true,\n \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": - [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_eastus/providers/Microsoft.Network/publicIPAddresses/3acc3182-3b39-4f3d-8735-a9867b407b38\"\n + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/7e06d39f-0cc6-4040-8669-0b1fde8d856c\"\n \ }\n ],\n \"backendPoolType\": \"nodeIPConfiguration\"\n },\n \ \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n \ \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n \ \"outboundType\": \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n \ ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"identityProfile\": - {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_eastus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n + {\n \"kubeletidentity\": {\n \"resourceId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": - {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": + {\n \"customCATrustCertificates\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\",\n + \ \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQVg0Q0NRQzl6VUFncXFxcld6QU5CZ2txaGtpRzl3MEJBUXNGQURBTk1Rc3dDUVlEVlFRR0V3SlEKVERBZUZ3MHlNakE1TVRRd05qSXpNamRhRncweU1qQTVNVFV3TmpJek1qZGFNQTB4Q3pBSkJnTlZCQVlUQWxCTQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9wS05JSWJ2dmNQQ3c5ZmM0S0xYCktEdFJab2JwNUwrLzFoQ04rM09HaGs1TnZTVHBTVXJGaWZ4cWMwbzNJRjdZa08zSzFuMmpBdkNNWE8xNkJmOWIKT0FSN1ZrQ3J3R0ZWa1hOak00d3ZYQVg4Q05OdmpxZDF6RFBYU0tkRTdXZDhrM2ZUeng2bkdVTTBVZ2xqSVBoSAp5aDRhNFp1amQ1SWcyUC9aU1gwcEdKbTQ3SlR0TXU3TURGSFZNNXdSV2NDck4vSDBUQ1lQSXZFT3MwQjhBWnhjCnAzVEY3QTZ2ZVQ1VTlwVmhRM1hsOUpONkx2dkxxUHhHM2VhMTByZHY5RFl6YWlYbVNZM3VqSTNSaTFRMTF1V0MKZHRyRklwRnU1Y0hXMk9CVytqQlh4TDB2OHhRbWt4VExpazRCUi9QTENsMzB3eEtRTnNxM3BqRGd1MG11dEt1dQo1d0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZFQUlzL2hMd1RWQ3dwRVhkb1hSMjRMZWxOTnVCCi84cHRLNmx5akUxMVh3Zk1OM3l5N0Yyb0IxbHJBNHJJM2o5b2JwRHNIREpCTkIxM2JpL2xLZ3ZBY2JJbi9UeXUKUktUaHRVZFBneE5ucURVeXhuYjNPb2ZNRjNnQjhlUFR1K2pacGQzenJsRXV4ZGw0MEJ5QVRDU3lPZ1I2REhNdApTRGQram95cG5PSEZBZVNNK1YwQWFUZWxYU0NLOU9BV1NBcDVlNlM3NmE2bFJ4K0Q1WGwzaEJlZEJJMHRYNTloCnRFWU5FR1phUkVsRlU3OVdjRUYwY0grWlcwK2pKOTV4RTN0aFpmZlJ6NlFJNnlGNjNtOGFDOWw5YmJkSlMyemcKWXY4VytsQ1ppLy9PRGVPQlV1Z3IrK3o5dWordkdrNDdKRFNwVjBuNEpPdW4zQUxVREowZ3FtY1MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==\"\n + \ ]\n },\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": true,\n \"version\": \"v1\"\n },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": {\n \"enabled\": true\n }\n \ },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n },\n \"workloadAutoScalerProfile\": @@ -600,11 +618,11 @@ interactions: cache-control: - no-cache content-length: - - '4454' + - '6745' content-type: - application/json date: - - Thu, 17 Nov 2022 23:17:16 GMT + - Thu, 08 Dec 2022 20:08:02 GMT expires: - '-1' pragma: @@ -622,4 +640,53 @@ interactions: status: code: 200 message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks delete + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - -g -n --yes --no-wait + User-Agent: + - AZURECLI/2.43.0 azsdk-python-azure-mgmt-containerservice/20.7.0b Python/3.8.10 + (Linux-5.15.0-1023-azure-x86_64-with-glibc2.29) + method: DELETE + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-10-02-preview + response: + body: + string: '' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/9cbe9f1f-afe9-4bdb-b132-11ca0c473e1f?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '0' + date: + - Thu, 08 Dec 2022 20:08:04 GMT + expires: + - '-1' + location: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operationresults/9cbe9f1f-afe9-4bdb-b132-11ca0c473e1f?api-version=2016-03-30 + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-deletes: + - '14999' + status: + code: 202 + message: Accepted version: 1 From 4c00614fa83a62f3608f70da85126cf839fc75b8 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 8 Dec 2022 14:54:44 -0800 Subject: [PATCH 21/30] fix lint error --- src/aks-preview/azext_aks_preview/_validators.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index 5d813644c1e..1fae5270b13 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -662,6 +662,7 @@ def validate_enable_custom_ca_trust(namespace): raise ArgumentUsageError( '--enable_custom_ca_trust can only be set for Linux nodepools') + def validate_custom_ca_trust_certificates(namespace): """Validates Custom CA Trust Certificates can only be used on Linux.""" if namespace.custom_ca_trust_certificates is not None and namespace.custom_ca_trust_certificates != "": From ff0f839def1bc1d86045cbf46afb0a95d1b477d6 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 8 Dec 2022 15:53:01 -0800 Subject: [PATCH 22/30] add missing short names in help --- src/aks-preview/azext_aks_preview/_help.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 4ea9745138f..4bee517ba24 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -477,7 +477,7 @@ - name: --enable-custom-ca-trust type: bool short-summary: Enable Custom CA Trust on agent node pool. - - name: --custom-ca-trust-certificates + - name: --custom-ca-trust-certificates --ca-certs type: string short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. @@ -918,7 +918,7 @@ type: string short-summary: Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'. - - name: --custom-ca-trust-certificates + - name: --custom-ca-trust-certificates --ca-certs type: string short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. From 053360c8d5ac65288d77f7110aea9e57c90986a4 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 8 Dec 2022 17:45:59 -0800 Subject: [PATCH 23/30] lint fix blank line --- src/aks-preview/azext_aks_preview/managed_cluster_decorator.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index b00016b64c9..9f2f276e5f5 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -2006,7 +2006,6 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]: ) return certs - def get_defender_config(self) -> Union[ManagedClusterSecurityProfileDefender, None]: """Obtain the value of defender. From 1d83fc8c594d0574a6819a5228f52a1f1e2deb41 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 8 Dec 2022 22:09:39 -0800 Subject: [PATCH 24/30] add missing help, update version --- src/aks-preview/azext_aks_preview/_params.py | 4 ++-- src/aks-preview/setup.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index c68359d894d..5a895ff8594 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -349,7 +349,7 @@ def load_arguments(self, _): c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') - c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], is_preview=True, help="path to file containing list of base64 encoded CAs") + c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], is_preview=True, help="path to file containing list of new line separated CAs") c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('nodepool_allowed_host_ports', validator=validate_allowed_host_ports, is_preview=True, help="allowed host ports for agentpool") c.argument('nodepool_asg_ids', validator=validate_application_security_groups, is_preview=True, help="application security groups for agentpool") @@ -461,7 +461,7 @@ def load_arguments(self, _): c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster") c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster") c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) - c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True) + c.argument('custom_ca_trust_certificates', options_list=["--custom-ca-trust-certificates", "--ca-certs"], validator=validate_custom_ca_trust_certificates, is_preview=True, help="path to file containing list of new line separated CAs") with self.argument_context('aks upgrade') as c: c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 83c86d7cfaf..a17159f4a29 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.118" +VERSION = "0.5.119" CLASSIFIERS = [ "Development Status :: 4 - Beta", From 5fcbe99ef89b7b0910ece22c764fc29da26d73e9 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Thu, 8 Dec 2022 23:51:32 -0800 Subject: [PATCH 25/30] Add exclusion for custom ca certs option --- linter_exclusions.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/linter_exclusions.yml b/linter_exclusions.yml index a7751da7841..3fcc6093709 100644 --- a/linter_exclusions.yml +++ b/linter_exclusions.yml @@ -103,6 +103,9 @@ aks create: node_public_ip_tags: rule_exclusions: - option_length_too_long + custom_ca_trust_certificates: + rule_exclusions: + - option_length_too_long aks addon enable: parameters: appgw_watch_namespace: @@ -218,6 +221,9 @@ aks update: ksm_metric_labels_allow_list: rule_exclusions: - option_length_too_long + custom_ca_trust_certificates: + rule_exclusions: + - option_length_too_long arcdata dc create: parameters: logs_ui_private_key_file: From 943a90c0e1e20aa1f2bcb8897f24899975ba0ac8 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Fri, 9 Dec 2022 00:19:28 -0800 Subject: [PATCH 26/30] Change ordering in help prompt --- src/aks-preview/azext_aks_preview/_help.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 4bee517ba24..17f5044e6ba 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -477,7 +477,7 @@ - name: --enable-custom-ca-trust type: bool short-summary: Enable Custom CA Trust on agent node pool. - - name: --custom-ca-trust-certificates --ca-certs + - name: --ca-certs --custom-ca-trust-certificates type: string short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. @@ -918,7 +918,7 @@ type: string short-summary: Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'. - - name: --custom-ca-trust-certificates --ca-certs + - name: --ca-certs --custom-ca-trust-certificates type: string short-summary: Path to a file containing up to 10 blank line separated certificates. Only valid for linux nodes. long-summary: These certificates are used by Custom CA Trust features and will be added to trust stores of nodes. Requires Custom CA Trust to be enabled on the node. From 430f8e418398282b893c967bc4b9dbc3d1dcb457 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Fri, 9 Dec 2022 00:40:22 -0800 Subject: [PATCH 27/30] update history --- src/aks-preview/HISTORY.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index ccb58f9660b..5f30b377b35 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -18,6 +18,7 @@ Pending +++++++ * Add `--custom-ca-trust-certificates` option for custom CA in aks create and aks update +* Bumped dependency on azure-cli-core 0.5.118 +++++++ From cda029cf38b724c1e369f3a813d7e6afbefc2f90 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Fri, 9 Dec 2022 10:15:07 -0800 Subject: [PATCH 28/30] extract reused cert to const --- src/aks-preview/azext_aks_preview/_consts.py | 17 +++++++++ .../tests/latest/test_aks_commands.py | 21 ++--------- .../latest/test_managed_cluster_decorator.py | 37 ++----------------- 3 files changed, 24 insertions(+), 51 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_consts.py b/src/aks-preview/azext_aks_preview/_consts.py index 3201d9ef6aa..30610261d5d 100644 --- a/src/aks-preview/azext_aks_preview/_consts.py +++ b/src/aks-preview/azext_aks_preview/_consts.py @@ -196,3 +196,20 @@ # tag_name gives latest version released. # Moving away from 1:n release to avoid unwanted breaking changes with auto upgrades. CONST_DRAFT_CLI_VERSION = "v0.0.22" + +CONST_CUSTOM_CA_TEST_CERT = '-----BEGIN CERTIFICATE-----\n' \ + 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ + 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ + 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ + 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ + 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ + 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ + 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ + 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ + '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ + '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ + 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ + 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ + 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ + 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ + '-----END CERTIFICATE-----' \ No newline at end of file diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index eefaa5176e6..b632cd96489 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -12,6 +12,9 @@ from azext_aks_preview.tests.latest.custom_preparers import ( AKSCustomResourceGroupPreparer, ) +from azure.cli.command_modules.acs._consts import ( + CONST_CUSTOM_CA_TEST_CERT, +) from azext_aks_preview.tests.latest.recording_processors import KeyReplacer from azure.cli.command_modules.acs._format import version_to_tuple from azure.cli.command_modules.acs.addonconfiguration import getRegionCodeForAzureRegion, sanitize_dcr_name @@ -1687,22 +1690,6 @@ def test_aks_custom_ca_trust_flow(self, resource_group, resource_group_location) @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='eastus') def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resource_group, resource_group_location): - test_cert_string = '-----BEGIN CERTIFICATE-----\n' \ - 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ - 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ - 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ - 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ - 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ - 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ - 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ - 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ - '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ - '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ - 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ - 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ - 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ - 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ - '-----END CERTIFICATE-----' aks_name = self.create_random_name('cliakstest', 16) node_pool_name = self.create_random_name('c', 6) node_pool_name_second = self.create_random_name('c', 6) @@ -1723,7 +1710,7 @@ def test_aks_create_add_nodepool_with_custom_ca_trust_certificates(self, resourc '--custom-ca-trust-certificates={custom_ca_trust_certificates}' self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), - self.check('securityProfile.customCaTrustCertificates', [test_cert_string for _ in range(2)]), + self.check('securityProfile.customCaTrustCertificates', [CONST_CUSTOM_CA_TEST_CERT for _ in range(2)]), ]) # delete diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 6ea06f4b778..65d455cf565 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -42,6 +42,7 @@ CONST_VIRTUAL_NODE_ADDON_NAME, CONST_VIRTUAL_NODE_SUBNET_NAME, CONST_WORKLOAD_RUNTIME_OCI_CONTAINER, + CONST_CUSTOM_CA_TEST_CERT, ) from azext_aks_preview.agentpool_decorator import AKSPreviewAgentPoolContext from azext_aks_preview.managed_cluster_decorator import ( @@ -4012,24 +4013,8 @@ def test_set_up_custom_ca_trust_certificates(self): mc_1 = self.models.ManagedCluster(location="test_location") dec_1.context.attach_mc(mc_1) dec_mc_1 = dec_1.set_up_custom_ca_trust_certificates(mc_1) - test_cert_string = '-----BEGIN CERTIFICATE-----\n' \ - 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ - 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ - 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ - 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ - 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ - 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ - 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ - 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ - '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ - '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ - 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ - 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ - 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ - 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ - '-----END CERTIFICATE-----' sec_profile = self.models.ManagedClusterSecurityProfile( - custom_ca_trust_certificates=[str.encode(test_cert_string) for _ in range(2)] + custom_ca_trust_certificates=[str.encode(CONST_CUSTOM_CA_TEST_CERT) for _ in range(2)] ) ground_truth_mc_1 = self.models.ManagedCluster(location="test_location", security_profile=sec_profile) self.assertEqual(dec_mc_1, ground_truth_mc_1) @@ -5719,26 +5704,10 @@ def test_update_custom_ca_certificates(self): dec_mc_1 = dec_1.update_custom_ca_trust_certificates(mc_1) - test_cert_string = '-----BEGIN CERTIFICATE-----\n' \ - 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ - 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ - 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ - 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ - 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ - 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ - 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ - 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ - '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ - '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ - 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ - 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ - 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ - 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ - '-----END CERTIFICATE-----' ground_truth_mc_1 = self.models.ManagedCluster( location="test_location", security_profile=self.models.ManagedClusterSecurityProfile( - custom_ca_trust_certificates=[str.encode(test_cert_string) for _ in range(2)] + custom_ca_trust_certificates=[str.encode(CONST_CUSTOM_CA_TEST_CERT) for _ in range(2)] ), ) self.assertEqual(dec_mc_1, ground_truth_mc_1) From 9ddb578d8d2b599837788d0bf34b2cb49611d48d Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Fri, 9 Dec 2022 10:25:36 -0800 Subject: [PATCH 29/30] Fix import path --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index b632cd96489..a80dfcf8887 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -12,7 +12,7 @@ from azext_aks_preview.tests.latest.custom_preparers import ( AKSCustomResourceGroupPreparer, ) -from azure.cli.command_modules.acs._consts import ( +from azext_aks_preview._consts import ( CONST_CUSTOM_CA_TEST_CERT, ) from azext_aks_preview.tests.latest.recording_processors import KeyReplacer From 7003ab6342083eb6167c40772e19768aa2c9d6c7 Mon Sep 17 00:00:00 2001 From: Mikolaj Umanski Date: Fri, 9 Dec 2022 10:40:11 -0800 Subject: [PATCH 30/30] lint fix --- src/aks-preview/azext_aks_preview/_consts.py | 30 ++++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_consts.py b/src/aks-preview/azext_aks_preview/_consts.py index 30610261d5d..c2a83411077 100644 --- a/src/aks-preview/azext_aks_preview/_consts.py +++ b/src/aks-preview/azext_aks_preview/_consts.py @@ -198,18 +198,18 @@ CONST_DRAFT_CLI_VERSION = "v0.0.22" CONST_CUSTOM_CA_TEST_CERT = '-----BEGIN CERTIFICATE-----\n' \ - 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ - 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ - 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ - 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ - 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ - 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ - 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ - 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ - '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ - '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ - 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ - 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ - 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ - 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ - '-----END CERTIFICATE-----' \ No newline at end of file + 'MIICljCCAX4CCQC9zUAgqqqrWzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJQ\n' \ + 'TDAeFw0yMjA5MTQwNjIzMjdaFw0yMjA5MTUwNjIzMjdaMA0xCzAJBgNVBAYTAlBM\n' \ + 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopKNIIbvvcPCw9fc4KLX\n' \ + 'KDtRZobp5L+/1hCN+3OGhk5NvSTpSUrFifxqc0o3IF7YkO3K1n2jAvCMXO16Bf9b\n' \ + 'OAR7VkCrwGFVkXNjM4wvXAX8CNNvjqd1zDPXSKdE7Wd8k3fTzx6nGUM0UgljIPhH\n' \ + 'yh4a4Zujd5Ig2P/ZSX0pGJm47JTtMu7MDFHVM5wRWcCrN/H0TCYPIvEOs0B8AZxc\n' \ + 'p3TF7A6veT5U9pVhQ3Xl9JN6LvvLqPxG3ea10rdv9DYzaiXmSY3ujI3Ri1Q11uWC\n' \ + 'dtrFIpFu5cHW2OBW+jBXxL0v8xQmkxTLik4BR/PLCl30wxKQNsq3pjDgu0mutKuu\n' \ + '5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAVEAIs/hLwTVCwpEXdoXR24LelNNuB\n' \ + '/8ptK6lyjE11XwfMN3yy7F2oB1lrA4rI3j9obpDsHDJBNB13bi/lKgvAcbIn/Tyu\n' \ + 'RKThtUdPgxNnqDUyxnb3OofMF3gB8ePTu+jZpd3zrlEuxdl40ByATCSyOgR6DHMt\n' \ + 'SDd+joypnOHFAeSM+V0AaTelXSCK9OAWSAp5e6S76a6lRx+D5Xl3hBedBI0tX59h\n' \ + 'tEYNEGZaRElFU79WcEF0cH+ZW0+jJ95xE3thZffRz6QI6yF63m8aC9l9bbdJS2zg\n' \ + 'Yv8W+lCZi//ODeOBUugr++z9uj+vGk47JDSpV0n4JOun3ALUDJ0gqmcS\n' \ + '-----END CERTIFICATE-----'