Merge branch 'dev' of https://github.com/mattboentoro/azure-cli into mattboentoro/remove-breaking-change-1

Author: Matthew Boentoro

src/azure-cli-core/azure/cli/core/profiles/_shared.py

@@ -220,39 +220,7 @@ def default_api_version(self):
         ResourceType.DATA_COSMOS_TABLE: '2017-04-17',
         ResourceType.MGMT_SERVICEBUS: '2022-10-01-preview',
         ResourceType.MGMT_EVENTHUB: '2022-01-01-preview',
-        ResourceType.MGMT_MONITOR: SDKProfile('2019-06-01', {
-            'action_groups': '2022-06-01',
-            'activity_log_alerts': '2017-04-01',
-            'activity_logs': '2015-04-01',
-            'alert_rule_incidents': '2016-03-01',
-            'alert_rules': '2016-03-01',
-            'autoscale_settings': '2022-10-01',
-            'baseline': '2018-09-01',
-            'baselines': '2019-03-01',
-            'diagnostic_settings': '2021-05-01-preview',
-            'diagnostic_settings_category': '2017-05-01-preview',
-            'event_categories': '2015-04-01',
-            'guest_diagnostics_settings': '2018-06-01-preview',
-            'guest_diagnostics_settings_association': '2018-06-01-preview',
-            'log_profiles': '2016-03-01',
-            'metric_alerts': '2018-03-01',
-            'metric_alerts_status': '2018-03-01',
-            'metric_baseline': '2018-09-01',
-            'metric_definitions': '2018-01-01',
-            'metric_namespaces': '2017-12-01-preview',
-            'metrics': '2018-01-01',
-            'operations': '2015-04-01',
-            'scheduled_query_rules': '2018-04-16',
-            'service_diagnostic_settings': '2016-09-01',
-            'tenant_activity_logs': '2015-04-01',
-            'vm_insights': '2018-11-27-preview',
-            'private_link_resources': '2019-10-17-preview',
-            'private_link_scoped_resources': '2019-10-17-preview',
-            'private_link_scope_operation_status': '2019-10-17-preview',
-            'private_link_scopes': '2019-10-17-preview',
-            'private_endpoint_connections': '2019-10-17-preview',
-            'subscription_diagnostic_settings': '2017-05-01-preview'
-        }),
+        ResourceType.MGMT_MONITOR: None,
         ResourceType.MGMT_MSI: '2023-01-31',
         ResourceType.MGMT_APPSERVICE: '2023-01-01',
         ResourceType.MGMT_IOTHUB: '2023-06-30-preview',

src/azure-cli/azure/cli/command_modules/acs/_consts.py

@@ -167,6 +167,13 @@
 CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC = "Public"
 CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE = "Private"
 
+# app routing nginx config options
+CONST_WEB_APPLICATION_ROUTING_KEY_NAME = "ingress/webApplicationRouting"
+CONST_APP_ROUTING_ANNOTATION_CONTROLLED_NGINX = "AnnotationControlled"
+CONST_APP_ROUTING_EXTERNAL_NGINX = "External"
+CONST_APP_ROUTING_INTERNAL_NGINX = "Internal"
+CONST_APP_ROUTING_NONE_NGINX = "None"
+
 # all supported addons
 ADDONS = {
     'http_application_routing': CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME,
@@ -177,7 +184,8 @@
     'ingress-appgw': CONST_INGRESS_APPGW_ADDON_NAME,
     "confcom": CONST_CONFCOM_ADDON_NAME,
     'open-service-mesh': CONST_OPEN_SERVICE_MESH_ADDON_NAME,
-    'azure-keyvault-secrets-provider': CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME
+    'azure-keyvault-secrets-provider': CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME,
+    "web_application_routing": CONST_WEB_APPLICATION_ROUTING_KEY_NAME,
 }
 
 # consts for check-acr command

src/azure-cli/azure/cli/command_modules/acs/_help.py

@@ -323,6 +323,12 @@
   - name: --attach-acr
     type: string
     short-summary: Grant the 'acrpull' role assignment to the ACR specified by name or resource ID.
+  - name: --enable-apiserver-vnet-integration
+    type: bool
+    short-summary: Enable integration of user vnet with control plane apiserver pods.
+  - name: --apiserver-subnet-id
+    type: string
+    short-summary: The ID of a subnet in an existing VNet into which to assign control plane apiserver pods(requires --enable-apiserver-vnet-integration)
   - name: --enable-private-cluster
     type: string
     short-summary: Enable private cluster.
@@ -536,6 +542,9 @@
   - name: --enable-app-routing
     type: bool
     short-summary: Enable Application Routing addon.
+  - name: --app-routing-default-nginx-controller --ardnc
+    type: string
+    short-summary: Configure default nginx ingress controller type. Valid values are annotationControlled (default behavior), external, internal, or none.
   - name: --revision
     type: string
     short-summary: Azure Service Mesh revision to install.
@@ -931,6 +940,18 @@
   - name: --enable-oidc-issuer
     type: bool
     short-summary: Enable OIDC issuer.
+  - name: --enable-apiserver-vnet-integration
+    type: bool
+    short-summary: Enable integration of user vnet with control plane apiserver pods.
+  - name: --apiserver-subnet-id
+    type: string
+    short-summary: The ID of a subnet in an existing VNet into which to assign control plane apiserver pods(requires --enable-apiserver-vnet-integration)
+  - name: --enable-private-cluster
+    type: bool
+    short-summary: Enable private cluster for apiserver vnet integration cluster.
+  - name: --disable-private-cluster
+    type: bool
+    short-summary: Disable private cluster for apiserver vnet integration cluster.
   - name: --enable-keda
     type: bool
     short-summary: Enable KEDA workload auto-scaler.
@@ -2451,6 +2472,10 @@
         type: string
         short-summary: Attach a keyvault id to access secrets and certificates.
         long-summary: This optional flag attaches a keyvault id to access secrets and certificates.
+      - name: --nginx
+        type: string
+        short-summary: Configure default NginxIngressController resource
+        long-summary: Configure default nginx ingress controller type. Valid values are annotationControlled (default behavior), external, internal, or none.
 """
 
 helps['aks approuting disable'] = """
@@ -2472,6 +2497,10 @@
         type: bool
         short-summary: Enable the keyvault secrets provider addon.
         long-summary: This optional flag enables the keyvault-secrets-provider addon in given cluster. This is required for most App Routing use-cases.
+      - name: --nginx
+        type: string
+        short-summary: Configure default NginxIngressController resource
+        long-summary: Configure default nginx ingress controller type. Valid values are annotationControlled (default behavior), external, internal, or none.
 """
 
 helps['aks approuting zone'] = """

src/azure-cli/azure/cli/command_modules/acs/_params.py

@@ -52,7 +52,11 @@
     CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_READONLY,
     CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_UNRESTRICTED,
     CONST_ARTIFACT_SOURCE_DIRECT,
-    CONST_ARTIFACT_SOURCE_CACHE)
+    CONST_ARTIFACT_SOURCE_CACHE,
+    CONST_APP_ROUTING_ANNOTATION_CONTROLLED_NGINX,
+    CONST_APP_ROUTING_EXTERNAL_NGINX,
+    CONST_APP_ROUTING_INTERNAL_NGINX,
+    CONST_APP_ROUTING_NONE_NGINX)
 from azure.cli.command_modules.acs.azurecontainerstorage._consts import (
     CONST_ACSTOR_ALL,
     CONST_DISK_TYPE_EPHEMERAL_VOLUME_ONLY,
@@ -102,7 +106,7 @@
     validate_allowed_host_ports, validate_application_security_groups,
     validate_node_public_ip_tags,
     validate_disable_windows_outbound_nat,
-    validate_crg_id,
+    validate_crg_id, validate_apiserver_subnet_id,
     validate_azure_service_mesh_revision,
     validate_message_of_the_day,
     validate_custom_ca_trust_certificates,
@@ -283,9 +287,16 @@
     CONST_ARTIFACT_SOURCE_CACHE,
 ]
 
+# consts for app routing add-on
+app_routing_nginx_configs = [
+    CONST_APP_ROUTING_ANNOTATION_CONTROLLED_NGINX,
+    CONST_APP_ROUTING_EXTERNAL_NGINX,
+    CONST_APP_ROUTING_INTERNAL_NGINX,
+    CONST_APP_ROUTING_NONE_NGINX
+]
+
 
 def load_arguments(self, _):
-
     acr_arg_type = CLIArgumentType(metavar='ACR_NAME_OR_RESOURCE_ID')
     k8s_support_plans = self.get_models("KubernetesSupportPlan", resource_type=ResourceType.MGMT_CONTAINERSERVICE, operation_group='managed_clusters')
 
@@ -346,6 +357,8 @@ def load_arguments(self, _):
         c.argument('fqdn_subdomain')
         c.argument('api_server_authorized_ip_ranges', validator=validate_ip_ranges)
         c.argument('enable_private_cluster', action='store_true')
+        c.argument('enable_apiserver_vnet_integration', action='store_true')
+        c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id)
         c.argument('private_dns_zone')
         c.argument('disable_public_fqdn', action='store_true')
         c.argument('service_principal')
@@ -416,6 +429,11 @@ def load_arguments(self, _):
         c.argument('rotation_poll_interval')
         c.argument('enable_sgxquotehelper', action='store_true')
         c.argument('enable_app_routing', action="store_true")
+        c.argument(
+            "app_routing_default_nginx_controller",
+            arg_type=get_enum_type(app_routing_nginx_configs),
+            options_list=["--app-routing-default-nginx-controller", "--ardnc"]
+        )
 
         # nodepool paramerters
         c.argument('nodepool_name', default='nodepool1',
@@ -538,6 +556,10 @@ def load_arguments(self, _):
         c.argument('disable_acns_observability', action='store_true')
         c.argument('disable_acns_security', action='store_true')
         # private cluster parameters
+        c.argument('enable_apiserver_vnet_integration', action='store_true')
+        c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id)
+        c.argument('enable_private_cluster', action='store_true')
+        c.argument('disable_private_cluster', action='store_true')
         c.argument('enable_public_fqdn', action='store_true')
         c.argument('disable_public_fqdn', action='store_true')
         c.argument('private_dns_zone')
@@ -969,10 +991,12 @@ def load_arguments(self, _):
     with self.argument_context('aks approuting enable') as c:
         c.argument('enable_kv', action='store_true')
         c.argument('keyvault_id', options_list=['--attach-kv'])
+        c.argument("nginx", arg_type=get_enum_type(app_routing_nginx_configs))
 
     with self.argument_context('aks approuting update') as c:
         c.argument('keyvault_id', options_list=['--attach-kv'])
         c.argument('enable_kv', action='store_true')
+        c.argument("nginx", arg_type=get_enum_type(app_routing_nginx_configs))
 
     with self.argument_context('aks approuting zone add') as c:
         c.argument('dns_zone_resource_ids', options_list=['--ids'], required=True)

src/azure-cli/azure/cli/command_modules/acs/_validators.py

@@ -360,6 +360,10 @@ def validate_pod_subnet_id(namespace):
     _validate_subnet_id(namespace.pod_subnet_id, "--pod-subnet-id")
 
 
+def validate_apiserver_subnet_id(namespace):
+    _validate_subnet_id(namespace.apiserver_subnet_id, "--apiserver-subnet-id")
+
+
 def _validate_subnet_id(subnet_id, name):
     if subnet_id is None or subnet_id == '':
         return

src/azure-cli/azure/cli/command_modules/acs/custom.py

@@ -601,6 +601,7 @@ def aks_create(
     enable_secret_rotation=False,
     rotation_poll_interval=None,
     enable_app_routing=False,
+    app_routing_default_nginx_controller=None,
     # nodepool paramerters
     nodepool_name="nodepool1",
     node_vm_size=None,
@@ -665,6 +666,9 @@ def aks_create(
     # trusted launch
     enable_vtpm=False,
     enable_secure_boot=False,
+    # apiserver vnet integration
+    enable_apiserver_vnet_integration=False,
+    apiserver_subnet_id=None,
 ):
     # DO NOT MOVE: get all the original parameters and save them as a dictionary
     raw_parameters = locals()
@@ -830,6 +834,11 @@ def aks_update(
     # metrics profile
     enable_cost_analysis=False,
     disable_cost_analysis=False,
+    # apiserver vnet integration
+    enable_apiserver_vnet_integration=False,
+    apiserver_subnet_id=None,
+    enable_private_cluster=False,
+    disable_private_cluster=False
 ):
     # DO NOT MOVE: get all the original parameters and save them as a dictionary
     raw_parameters = locals()
@@ -3193,7 +3202,8 @@ def aks_approuting_enable(
         resource_group_name,
         name,
         enable_kv=False,
-        keyvault_id=None
+        keyvault_id=None,
+        nginx=None
 ):
     return _aks_approuting_update(
         cmd,
@@ -3202,7 +3212,8 @@ def aks_approuting_enable(
         name,
         enable_app_routing=True,
         keyvault_id=keyvault_id,
-        enable_kv=enable_kv)
+        enable_kv=enable_kv,
+        nginx=nginx)
 
 
 def aks_approuting_disable(
@@ -3225,15 +3236,17 @@ def aks_approuting_update(
         resource_group_name,
         name,
         keyvault_id=None,
-        enable_kv=False
+        enable_kv=False,
+        nginx=None
 ):
     return _aks_approuting_update(
         cmd,
         client,
         resource_group_name,
         name,
         keyvault_id=keyvault_id,
-        enable_kv=enable_kv)
+        enable_kv=enable_kv,
+        nginx=nginx)
 
 
 def aks_approuting_zone_add(
@@ -3328,7 +3341,8 @@ def _aks_approuting_update(
         delete_dns_zone=None,
         update_dns_zone=None,
         dns_zone_resource_ids=None,
-        attach_zones=None
+        attach_zones=None,
+        nginx=None
 ):
     from azure.cli.command_modules.acs.managed_cluster_decorator import AKSManagedClusterUpdateDecorator
 

src/azure-cli/azure/cli/command_modules/acs/linter_exclusions.yml

@@ -82,6 +82,9 @@ aks create:
       bootstrap_container_registry_resource_id:
         rule_exclusions:
         - option_length_too_long
+      enable_apiserver_vnet_integration:
+        rule_exclusions:
+        - option_length_too_long
 
 aks enable-addons:
   parameters:
@@ -186,6 +189,12 @@ aks update:
       bootstrap_container_registry_resource_id:
         rule_exclusions:
         - option_length_too_long
+      enable_apiserver_vnet_integration:
+        rule_exclusions:
+        - option_length_too_long
+      disable_private_cluster:
+        rule_exclusions:
+        - option_length_too_long 
 aks nodepool add:
   parameters:
       disable_windows_outbound_nat: