[KMS] Implement PMK-aware validation for CMK

[bingosummer]

---

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
• My extension version conforms to the Extension version schema

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

[azure-client-tools-bot-prd]

️✔️Azure CLI Extensions Breaking Change Test

️✔️Non Breaking Changes

[azure-client-tools-bot-prd]

Hi @bingosummer,
Please write the description of changes which can be perceived by customers into HISTORY.rst.
If you want to release a new extension version, please update the version in setup.py as well.

[yonzhan]

Thank you for your contribution! We will review the pull request and get back to you soon.

[github-actions]

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

[Copilot]

Pull Request Overview

This PR implements PMK (Platform-Managed Keys) awareness in CMK (Customer-Managed Keys) validation for Azure Key Vault KMS in AKS. The changes enable different validation logic based on whether PMK infrastructure encryption is enabled.

• Added PMK-aware validation logic for Key Vault key IDs and resource IDs
• Enhanced validators to handle both versionless (PMK enabled) and versioned (PMK disabled) key ID formats
• Added comprehensive test coverage for PMK scenarios including creation and key rotation

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
_validators.py	Enhanced key ID and resource ID validators with PMK-aware logic
test_validators.py	Added comprehensive test cases for PMK scenarios
test_aks_commands.py	Added integration tests for PMK-enabled cluster creation and key rotation

[Copilot]

Catching generic Exception is too broad and can hide unexpected errors. Consider catching more specific exceptions like KeyError or ValueError that might be raised by parse_resource_id.

Suggested change

	except Exception as ex:
	except (KeyError, ValueError) as ex:

[github-actions]

Hi @bingosummer

Release Suggestions

Module: aks-preview

• Please log updates into to src/aks-preview/HISTORY.rst
• Update VERSION to 18.0.0b45 in src/aks-preview/setup.py

Notes

• For more info about extension versioning, please refer to Extension version schema

[FumingZhang]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).