|
31 | 31 |
|
32 | 32 | from azure.cli.command_modules.acs._consts import CONST_WORKLOAD_RUNTIME_KATA_VM_ISOLATION |
33 | 33 | from azure.cli.command_modules.acs.tests.latest.utils import get_test_data_file_path |
34 | | -from azure.cli.core.azclierror import ClientRequestError, CLIInternalError, InvalidArgumentValueError |
| 34 | +from azure.cli.core.azclierror import BadRequestError, ClientRequestError, CLIInternalError, InvalidArgumentValueError, MutuallyExclusiveArgumentError |
35 | 35 | from azure.core.exceptions import HttpResponseError |
36 | 36 | from azure.cli.testsdk import ScenarioTest, live_only |
37 | 37 | from azure.cli.testsdk.checkers import (StringCheck, StringContainCheck, |
@@ -15183,3 +15183,373 @@ def test_aks_managed_gateway_requires_service_mesh( |
15183 | 15183 | # Cleanup |
15184 | 15184 | delete_cmd = "aks delete --resource-group={resource_group} --name={name} --yes --no-wait" |
15185 | 15185 | self.cmd(delete_cmd, checks=[self.is_empty()]) |
| 15186 | + |
| 15187 | + @AllowLargeResponse() |
| 15188 | + @AKSCustomResourceGroupPreparer( |
| 15189 | + random_name_length=17, name_prefix="clitest", location="centraluseuap" |
| 15190 | + ) |
| 15191 | + def test_aks_create_and_update_with_app_routing_istio( |
| 15192 | + self, resource_group, resource_group_location |
| 15193 | + ): |
| 15194 | + aks_name = self.create_random_name("cliakstest", 16) |
| 15195 | + _, create_version = self._get_versions(resource_group_location) |
| 15196 | + self.kwargs.update( |
| 15197 | + { |
| 15198 | + "resource_group": resource_group, |
| 15199 | + "name": aks_name, |
| 15200 | + "ssh_key_value": self.generate_ssh_keys(), |
| 15201 | + "k8s_version": create_version, |
| 15202 | + } |
| 15203 | + ) |
| 15204 | + |
| 15205 | + # Test successful creation with App Routing Istio enabled |
| 15206 | + create_cmd = ( |
| 15207 | + "aks create --resource-group={resource_group} --name={name} " |
| 15208 | + "--enable-app-routing " |
| 15209 | + "--enable-app-routing-istio " |
| 15210 | + "--ssh-key-value={ssh_key_value} -o json " |
| 15211 | + ) |
| 15212 | + self.cmd( |
| 15213 | + create_cmd, |
| 15214 | + checks=[ |
| 15215 | + self.check("provisioningState", "Succeeded"), |
| 15216 | + self.check("ingressProfile.webAppRouting.enabled", True), |
| 15217 | + self.check( |
| 15218 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15219 | + "Enabled", |
| 15220 | + ), |
| 15221 | + ], |
| 15222 | + ) |
| 15223 | + |
| 15224 | + # Test disabling App Routing Istio |
| 15225 | + update_cmd = ( |
| 15226 | + "aks update --resource-group={resource_group} --name={name} " |
| 15227 | + "--disable-app-routing-istio " |
| 15228 | + ) |
| 15229 | + self.cmd( |
| 15230 | + update_cmd, |
| 15231 | + checks=[ |
| 15232 | + self.check("provisioningState", "Succeeded"), |
| 15233 | + self.check( |
| 15234 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15235 | + "Disabled", |
| 15236 | + ), |
| 15237 | + ], |
| 15238 | + ) |
| 15239 | + |
| 15240 | + # Test re-enabling App Routing Istio |
| 15241 | + update_cmd = ( |
| 15242 | + "aks update --resource-group={resource_group} --name={name} " |
| 15243 | + "--enable-app-routing-istio " |
| 15244 | + ) |
| 15245 | + self.cmd( |
| 15246 | + update_cmd, |
| 15247 | + checks=[ |
| 15248 | + self.check("provisioningState", "Succeeded"), |
| 15249 | + self.check( |
| 15250 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15251 | + "Enabled", |
| 15252 | + ), |
| 15253 | + ], |
| 15254 | + ) |
| 15255 | + |
| 15256 | + @AllowLargeResponse() |
| 15257 | + @AKSCustomResourceGroupPreparer( |
| 15258 | + random_name_length=17, name_prefix="clitest", location="centraluseuap" |
| 15259 | + ) |
| 15260 | + def test_aks_create_with_app_routing_istio_fails_when_asm_enabled( |
| 15261 | + self, resource_group, resource_group_location |
| 15262 | + ): |
| 15263 | + aks_name = self.create_random_name("cliakstest", 16) |
| 15264 | + _, create_version = self._get_versions(resource_group_location) |
| 15265 | + self.kwargs.update( |
| 15266 | + { |
| 15267 | + "resource_group": resource_group, |
| 15268 | + "name": aks_name, |
| 15269 | + "ssh_key_value": self.generate_ssh_keys(), |
| 15270 | + "k8s_version": create_version, |
| 15271 | + } |
| 15272 | + ) |
| 15273 | + |
| 15274 | + # Creating a cluster with both ASM (Istio) and App Routing Istio should fail |
| 15275 | + create_cmd = ( |
| 15276 | + "aks create --resource-group={resource_group} --name={name} " |
| 15277 | + "--enable-azure-service-mesh " |
| 15278 | + "--enable-app-routing " |
| 15279 | + "--enable-app-routing-istio " |
| 15280 | + "--ssh-key-value={ssh_key_value} -o json " |
| 15281 | + ) |
| 15282 | + with self.assertRaises(BadRequestError) as context: |
| 15283 | + self.cmd(create_cmd) |
| 15284 | + self.assertIn( |
| 15285 | + "Cannot enable both the Istio add-on and the AppRouting Istio Gateway API implementation simultaneously", |
| 15286 | + str(context.exception), |
| 15287 | + ) |
| 15288 | + |
| 15289 | + @AllowLargeResponse() |
| 15290 | + @AKSCustomResourceGroupPreparer( |
| 15291 | + random_name_length=17, name_prefix="clitest", location="centraluseuap" |
| 15292 | + ) |
| 15293 | + def test_aks_update_app_routing_istio_fails_when_asm_enabled( |
| 15294 | + self, resource_group, resource_group_location |
| 15295 | + ): |
| 15296 | + aks_name = self.create_random_name("cliakstest", 16) |
| 15297 | + _, create_version = self._get_versions(resource_group_location) |
| 15298 | + self.kwargs.update( |
| 15299 | + { |
| 15300 | + "resource_group": resource_group, |
| 15301 | + "name": aks_name, |
| 15302 | + "ssh_key_value": self.generate_ssh_keys(), |
| 15303 | + "k8s_version": create_version, |
| 15304 | + } |
| 15305 | + ) |
| 15306 | + |
| 15307 | + # First create a cluster with ASM enabled |
| 15308 | + create_cmd = ( |
| 15309 | + "aks create --resource-group={resource_group} --name={name} " |
| 15310 | + "--enable-azure-service-mesh " |
| 15311 | + "--enable-app-routing " |
| 15312 | + "--ssh-key-value={ssh_key_value} -o json " |
| 15313 | + ) |
| 15314 | + self.cmd( |
| 15315 | + create_cmd, |
| 15316 | + checks=[ |
| 15317 | + self.check("provisioningState", "Succeeded"), |
| 15318 | + self.check("serviceMeshProfile.mode", "Istio"), |
| 15319 | + ], |
| 15320 | + ) |
| 15321 | + |
| 15322 | + # Updating to enable App Routing Istio on a cluster with ASM should fail |
| 15323 | + update_cmd = ( |
| 15324 | + "aks update --resource-group={resource_group} --name={name} " |
| 15325 | + "--enable-app-routing-istio " |
| 15326 | + ) |
| 15327 | + with self.assertRaises(HttpResponseError) as context: |
| 15328 | + self.cmd(update_cmd) |
| 15329 | + self.assertIn( |
| 15330 | + "Requested change from Istio add-on to AppRouting Istio Gateway API implementation is disallowed", |
| 15331 | + str(context.exception), |
| 15332 | + ) |
| 15333 | + |
| 15334 | + @AllowLargeResponse() |
| 15335 | + @AKSCustomResourceGroupPreparer( |
| 15336 | + random_name_length=17, name_prefix="clitest", location="centraluseuap" |
| 15337 | + ) |
| 15338 | + def test_aks_update_switch_from_asm_to_app_routing_istio_fails( |
| 15339 | + self, resource_group, resource_group_location |
| 15340 | + ): |
| 15341 | + aks_name = self.create_random_name("cliakstest", 16) |
| 15342 | + _, create_version = self._get_versions(resource_group_location) |
| 15343 | + self.kwargs.update( |
| 15344 | + { |
| 15345 | + "resource_group": resource_group, |
| 15346 | + "name": aks_name, |
| 15347 | + "ssh_key_value": self.generate_ssh_keys(), |
| 15348 | + "k8s_version": create_version, |
| 15349 | + } |
| 15350 | + ) |
| 15351 | + |
| 15352 | + # Create a cluster with ASM (Istio) and App Routing enabled |
| 15353 | + create_cmd = ( |
| 15354 | + "aks create --resource-group={resource_group} --name={name} " |
| 15355 | + "--enable-azure-service-mesh " |
| 15356 | + "--enable-app-routing " |
| 15357 | + "--ssh-key-value={ssh_key_value} -o json " |
| 15358 | + ) |
| 15359 | + self.cmd( |
| 15360 | + create_cmd, |
| 15361 | + checks=[ |
| 15362 | + self.check("provisioningState", "Succeeded"), |
| 15363 | + self.check("serviceMeshProfile.mode", "Istio"), |
| 15364 | + ], |
| 15365 | + ) |
| 15366 | + |
| 15367 | + # Attempt to disable ASM and enable App Routing Istio in the same operation should fail |
| 15368 | + # First try enabling app routing istio while ASM is still enabled - this should fail |
| 15369 | + update_cmd = ( |
| 15370 | + "aks update --resource-group={resource_group} --name={name} " |
| 15371 | + "--enable-app-routing-istio " |
| 15372 | + ) |
| 15373 | + with self.assertRaises(HttpResponseError) as context: |
| 15374 | + self.cmd(update_cmd) |
| 15375 | + self.assertIn( |
| 15376 | + "Requested change from Istio add-on to AppRouting Istio Gateway API implementation is disallowed", |
| 15377 | + str(context.exception), |
| 15378 | + ) |
| 15379 | + |
| 15380 | + # First disable ASM in a separate request using mesh disable |
| 15381 | + disable_asm_cmd = ( |
| 15382 | + "aks mesh disable --resource-group={resource_group} --name={name} --yes" |
| 15383 | + ) |
| 15384 | + self.cmd( |
| 15385 | + disable_asm_cmd, |
| 15386 | + checks=[ |
| 15387 | + self.check("provisioningState", "Succeeded"), |
| 15388 | + ], |
| 15389 | + ) |
| 15390 | + |
| 15391 | + # Now enabling App Routing Istio should succeed |
| 15392 | + enable_ari_cmd = ( |
| 15393 | + "aks update --resource-group={resource_group} --name={name} " |
| 15394 | + "--enable-app-routing-istio " |
| 15395 | + ) |
| 15396 | + self.cmd( |
| 15397 | + enable_ari_cmd, |
| 15398 | + checks=[ |
| 15399 | + self.check("provisioningState", "Succeeded"), |
| 15400 | + self.check( |
| 15401 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15402 | + "Enabled", |
| 15403 | + ), |
| 15404 | + ], |
| 15405 | + ) |
| 15406 | + |
| 15407 | + @AllowLargeResponse() |
| 15408 | + @AKSCustomResourceGroupPreparer( |
| 15409 | + random_name_length=17, name_prefix="clitest", location="centraluseuap" |
| 15410 | + ) |
| 15411 | + def test_aks_update_switch_from_app_routing_istio_to_asm_fails( |
| 15412 | + self, resource_group, resource_group_location |
| 15413 | + ): |
| 15414 | + aks_name = self.create_random_name("cliakstest", 16) |
| 15415 | + _, create_version = self._get_versions(resource_group_location) |
| 15416 | + self.kwargs.update( |
| 15417 | + { |
| 15418 | + "resource_group": resource_group, |
| 15419 | + "name": aks_name, |
| 15420 | + "ssh_key_value": self.generate_ssh_keys(), |
| 15421 | + "k8s_version": create_version, |
| 15422 | + } |
| 15423 | + ) |
| 15424 | + |
| 15425 | + # Create a cluster with App Routing and App Routing Istio enabled |
| 15426 | + create_cmd = ( |
| 15427 | + "aks create --resource-group={resource_group} --name={name} " |
| 15428 | + "--enable-app-routing " |
| 15429 | + "--enable-app-routing-istio " |
| 15430 | + "--ssh-key-value={ssh_key_value} -o json " |
| 15431 | + ) |
| 15432 | + self.cmd( |
| 15433 | + create_cmd, |
| 15434 | + checks=[ |
| 15435 | + self.check("provisioningState", "Succeeded"), |
| 15436 | + self.check( |
| 15437 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15438 | + "Enabled", |
| 15439 | + ), |
| 15440 | + ], |
| 15441 | + ) |
| 15442 | + |
| 15443 | + # Attempt to enable ASM while App Routing Istio is still enabled - this should fail |
| 15444 | + enable_asm_cmd_fail = ( |
| 15445 | + "aks mesh enable --resource-group={resource_group} --name={name}" |
| 15446 | + ) |
| 15447 | + with self.assertRaises(HttpResponseError) as context: |
| 15448 | + self.cmd(enable_asm_cmd_fail) |
| 15449 | + self.assertIn( |
| 15450 | + "Requested change from AppRouting Istio Gateway API implementation to Istio add-on is disallowed", |
| 15451 | + str(context.exception), |
| 15452 | + ) |
| 15453 | + |
| 15454 | + # First disable App Routing Istio in a separate request |
| 15455 | + disable_ari_cmd = ( |
| 15456 | + "aks update --resource-group={resource_group} --name={name} " |
| 15457 | + "--disable-app-routing-istio " |
| 15458 | + ) |
| 15459 | + self.cmd( |
| 15460 | + disable_ari_cmd, |
| 15461 | + checks=[ |
| 15462 | + self.check("provisioningState", "Succeeded"), |
| 15463 | + self.check( |
| 15464 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15465 | + "Disabled", |
| 15466 | + ), |
| 15467 | + ], |
| 15468 | + ) |
| 15469 | + |
| 15470 | + # Now enabling ASM should succeed |
| 15471 | + enable_asm_cmd = ( |
| 15472 | + "aks mesh enable --resource-group={resource_group} --name={name}" |
| 15473 | + ) |
| 15474 | + self.cmd( |
| 15475 | + enable_asm_cmd, |
| 15476 | + checks=[ |
| 15477 | + self.check("serviceMeshProfile.mode", "Istio"), |
| 15478 | + ], |
| 15479 | + ) |
| 15480 | + |
| 15481 | + @AllowLargeResponse() |
| 15482 | + @AKSCustomResourceGroupPreparer( |
| 15483 | + random_name_length=17, name_prefix="clitest", location="centraluseuap" |
| 15484 | + ) |
| 15485 | + def test_aks_approuting_gateway_istio_enable_disable( |
| 15486 | + self, resource_group, resource_group_location |
| 15487 | + ): |
| 15488 | + aks_name = self.create_random_name("cliakstest", 16) |
| 15489 | + _, create_version = self._get_versions(resource_group_location) |
| 15490 | + self.kwargs.update( |
| 15491 | + { |
| 15492 | + "resource_group": resource_group, |
| 15493 | + "name": aks_name, |
| 15494 | + "ssh_key_value": self.generate_ssh_keys(), |
| 15495 | + "k8s_version": create_version, |
| 15496 | + } |
| 15497 | + ) |
| 15498 | + |
| 15499 | + # Create a cluster with App Routing enabled |
| 15500 | + create_cmd = ( |
| 15501 | + "aks create --resource-group={resource_group} --name={name} " |
| 15502 | + "--enable-app-routing " |
| 15503 | + "--ssh-key-value={ssh_key_value} -o json " |
| 15504 | + ) |
| 15505 | + self.cmd( |
| 15506 | + create_cmd, |
| 15507 | + checks=[ |
| 15508 | + self.check("provisioningState", "Succeeded"), |
| 15509 | + self.check("ingressProfile.webAppRouting.enabled", True), |
| 15510 | + ], |
| 15511 | + ) |
| 15512 | + |
| 15513 | + # Enable Istio via approuting gateway istio enable |
| 15514 | + enable_cmd = ( |
| 15515 | + "aks approuting gateway istio enable " |
| 15516 | + "--resource-group={resource_group} --name={name} " |
| 15517 | + ) |
| 15518 | + self.cmd( |
| 15519 | + enable_cmd, |
| 15520 | + checks=[ |
| 15521 | + self.check("provisioningState", "Succeeded"), |
| 15522 | + self.check( |
| 15523 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15524 | + "Enabled", |
| 15525 | + ), |
| 15526 | + ], |
| 15527 | + ) |
| 15528 | + |
| 15529 | + # Disable Istio via approuting gateway istio disable |
| 15530 | + disable_cmd = ( |
| 15531 | + "aks approuting gateway istio disable " |
| 15532 | + "--resource-group={resource_group} --name={name} --yes " |
| 15533 | + ) |
| 15534 | + self.cmd( |
| 15535 | + disable_cmd, |
| 15536 | + checks=[ |
| 15537 | + self.check("provisioningState", "Succeeded"), |
| 15538 | + self.check( |
| 15539 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15540 | + "Disabled", |
| 15541 | + ), |
| 15542 | + ], |
| 15543 | + ) |
| 15544 | + |
| 15545 | + # Re-enable to confirm toggle works |
| 15546 | + self.cmd( |
| 15547 | + enable_cmd, |
| 15548 | + checks=[ |
| 15549 | + self.check("provisioningState", "Succeeded"), |
| 15550 | + self.check( |
| 15551 | + "ingressProfile.webAppRouting.gatewayApiImplementations.appRoutingIstio.mode", |
| 15552 | + "Enabled", |
| 15553 | + ), |
| 15554 | + ], |
| 15555 | + ) |
0 commit comments