Skip to content

Commit 9ca3063

Browse files
nddqnddq
committed
{AKS} Fix ACNS update to preserve existing advanced networking settings
The update_network_profile_advanced_networking method was creating a new AdvancedNetworking object on every update, discarding existing sub-properties (observability, security, transit encryption) that the user didn't explicitly specify. This changes the method to modify the existing object in-place, only overwriting fields the user provided. When disabling ACNS, sub-features are explicitly set to disabled to ensure a consistent payload. Signed-off-by: Quang Nguyen <nguyenquang@microsoft.com>
1 parent d443a13 commit 9ca3063

12 files changed

Lines changed: 7022 additions & 6461 deletions

src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py

Lines changed: 48 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -8368,43 +8368,62 @@ def update_network_profile_advanced_networking(self, mc: ManagedCluster) -> Mana
83688368
(acns_enabled, acns_observability, acns_security, acns_perf_enabled) = self.context.get_acns_enablement_with_perf()
83698369
acns_transit_encryption = self.context.get_acns_transit_encryption_type()
83708370
if acns_enabled is not None:
8371-
acns = self.models.AdvancedNetworking(
8372-
enabled=acns_enabled,
8373-
)
8371+
# Preserve existing advanced_networking settings, only overwrite fields the user specified
8372+
if mc.network_profile.advanced_networking is None:
8373+
mc.network_profile.advanced_networking = self.models.AdvancedNetworking()
8374+
mc.network_profile.advanced_networking.enabled = acns_enabled
8375+
# When disabling ACNS, explicitly disable sub-features for a consistent payload
8376+
if not acns_enabled:
8377+
if mc.network_profile.advanced_networking.observability is not None:
8378+
mc.network_profile.advanced_networking.observability.enabled = False
8379+
if mc.network_profile.advanced_networking.security is not None:
8380+
mc.network_profile.advanced_networking.security.enabled = False
83748381
if acns_observability is not None:
8375-
acns.observability = self.models.AdvancedNetworkingObservability(
8376-
enabled=acns_observability,
8377-
)
8382+
if mc.network_profile.advanced_networking.observability is None:
8383+
mc.network_profile.advanced_networking.observability = (
8384+
self.models.AdvancedNetworkingObservability()
8385+
)
8386+
mc.network_profile.advanced_networking.observability.enabled = acns_observability
83788387
if acns_security is not None:
8379-
acns.security = self.models.AdvancedNetworkingSecurity(
8380-
enabled=acns_security,
8381-
)
8388+
if mc.network_profile.advanced_networking.security is None:
8389+
mc.network_profile.advanced_networking.security = (
8390+
self.models.AdvancedNetworkingSecurity()
8391+
)
8392+
mc.network_profile.advanced_networking.security.enabled = acns_security
83828393
if acns_advanced_networkpolicies is not None:
8383-
if acns.security is None:
8384-
acns.security = self.models.AdvancedNetworkingSecurity(
8385-
advanced_network_policies=acns_advanced_networkpolicies
8394+
if mc.network_profile.advanced_networking.security is None:
8395+
mc.network_profile.advanced_networking.security = (
8396+
self.models.AdvancedNetworkingSecurity()
83868397
)
8387-
else:
8388-
acns.security.advanced_network_policies = acns_advanced_networkpolicies
8398+
mc.network_profile.advanced_networking.security.advanced_network_policies = (
8399+
acns_advanced_networkpolicies
8400+
)
8401+
if acns_transit_encryption is not None:
8402+
if mc.network_profile.advanced_networking.security is None:
8403+
mc.network_profile.advanced_networking.security = (
8404+
self.models.AdvancedNetworkingSecurity()
8405+
)
8406+
mc.network_profile.advanced_networking.security.transit_encryption = (
8407+
self.models.AdvancedNetworkingSecurityTransitEncryption(
8408+
type=acns_transit_encryption,
8409+
)
8410+
)
83898411
if acns_perf_enabled is not None:
8390-
acns.performance = self.models.AdvancedNetworkingPerformance(
8391-
acceleration_mode=self.context.get_acns_datapath_acceleration_mode(),
8412+
if mc.network_profile.advanced_networking.performance is None:
8413+
mc.network_profile.advanced_networking.performance = (
8414+
self.models.AdvancedNetworkingPerformance()
8415+
)
8416+
mc.network_profile.advanced_networking.performance.acceleration_mode = (
8417+
self.context.get_acns_datapath_acceleration_mode()
83928418
)
83938419
elif not acns_enabled:
8394-
acns.performance = self.models.AdvancedNetworkingPerformance(
8395-
acceleration_mode=CONST_ACNS_DATAPATH_ACCELERATION_MODE_NONE,
8396-
)
8397-
elif mc.network_profile.advanced_networking is not None:
8398-
acns.performance = mc.network_profile.advanced_networking.performance
8399-
8400-
if acns_enabled is not None:
8401-
if acns_transit_encryption is not None:
8402-
if acns.security is None:
8403-
acns.security = self.models.AdvancedNetworkingSecurity()
8404-
acns.security.transit_encryption = self.models.AdvancedNetworkingSecurityTransitEncryption(
8405-
type=acns_transit_encryption,
8420+
if mc.network_profile.advanced_networking.performance is None:
8421+
mc.network_profile.advanced_networking.performance = (
8422+
self.models.AdvancedNetworkingPerformance()
8423+
)
8424+
mc.network_profile.advanced_networking.performance.acceleration_mode = (
8425+
CONST_ACNS_DATAPATH_ACCELERATION_MODE_NONE
84068426
)
8407-
mc.network_profile.advanced_networking = acns
84088427
elif acns_transit_encryption is not None:
84098428
if (mc.network_profile.advanced_networking is None or
84108429
not mc.network_profile.advanced_networking.enabled):

0 commit comments

Comments
 (0)