Skip to content

Commit cb808a1

Browse files
authored
[AKS] az aks update: Add support to remove existing certificates by setting the value of --custom-ca-trust-certificates to an empty file (#32201)
1 parent c8deaa4 commit cb808a1

File tree

5 files changed

+2751
-12
lines changed

5 files changed

+2751
-12
lines changed

src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -920,8 +920,13 @@ def get_custom_ca_trust_certificates(self) -> Union[List[bytes], None]:
920920
:return: List[str] or None
921921
"""
922922
custom_ca_certs_file_path = self.raw_param.get("custom_ca_trust_certificates")
923-
if not custom_ca_certs_file_path:
923+
if custom_ca_certs_file_path is None:
924924
return None
925+
# Reject empty string - user must provide a valid file path
926+
if custom_ca_certs_file_path == "":
927+
raise InvalidArgumentValueError(
928+
"custom_ca_trust_certificates cannot be an empty string. Please provide a valid file path."
929+
)
925930
if not os.path.isfile(custom_ca_certs_file_path):
926931
raise InvalidArgumentValueError(
927932
"{} is not valid file, or not accessible.".format(
@@ -8710,11 +8715,13 @@ def update_custom_ca_trust_certificates(self, mc: ManagedCluster) -> ManagedClus
87108715
"""
87118716
self._ensure_mc(mc)
87128717

8713-
ca_certs = self.context.get_custom_ca_trust_certificates()
8714-
if ca_certs:
8718+
# Check if the parameter was explicitly provided
8719+
if self.context.raw_param.get("custom_ca_trust_certificates") is not None:
8720+
ca_certs = self.context.get_custom_ca_trust_certificates()
87158721
if mc.security_profile is None:
87168722
mc.security_profile = self.models.ManagedClusterSecurityProfile() # pylint: disable=no-member
87178723

8724+
# Set certificates (this allows setting to empty list to remove certificates)
87188725
mc.security_profile.custom_ca_trust_certificates = ca_certs
87198726

87208727
return mc

src/azure-cli/azure/cli/command_modules/acs/tests/latest/data/certs_empty.txt

Whitespace-only changes.

0 commit comments

Comments
 (0)