Azure · yanzhudd · Jul 24, 2025 · Jul 16, 2025 · Jul 17, 2025 · Jul 17, 2025
@@ -620,19 +620,24 @@ def ensure_container_insights_for_monitoring(
                 }
             )
 
+            resources = get_resources_client(cmd.cli_ctx, cluster_subscription)
             for _ in range(3):
                 try:
                     if enable_syslog:
-                        send_raw_request(
-                            cmd.cli_ctx, "PUT", dcr_url, body=dcr_creation_body_with_syslog
+                        resources.begin_create_or_update_by_id(
+                            dcr_resource_id,
+                            "2022-06-01",
+                            json.loads(dcr_creation_body_with_syslog)
                         )
                     else:
-                        send_raw_request(
-                            cmd.cli_ctx, "PUT", dcr_url, body=dcr_creation_body_without_syslog
+                        resources.begin_create_or_update_by_id(
+                            dcr_resource_id,
+                            "2022-06-01",
+                            json.loads(dcr_creation_body_without_syslog)
                         )
                     error = None
                     break
-                except AzCLIError as e:
+                except CLIError as e:
                     error = e
             else:
                 raise error
@@ -662,19 +667,18 @@ def create_dce_association(cmd, cluster_region, cluster_resource_id, config_dce_
             },
         }
     )
-    association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + \
-        f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/configurationAccessEndpoint?api-version=2022-06-01"
+    resources = get_resources_client(cmd.cli_ctx, cmd.cli_ctx.data.get('subscription_id'))
+    association_id = f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/configurationAccessEndpoint"
     for _ in range(3):
         try:
-            send_raw_request(
-                cmd.cli_ctx,
-                "PUT",
-                association_url,
-                body=association_body,
+            resources.begin_create_or_update_by_id(
+                association_id,
+                "2022-06-01",
+                json.loads(association_body)
             )
             error = None
             break
-        except AzCLIError as e:
+        except CLIError as e:
             error = e
     else:
         raise error
@@ -690,19 +694,24 @@ def create_or_delete_dcr_association(cmd, cluster_region, remove_monitoring, clu
             },
         }
     )
-    association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + \
-        f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2022-06-01"
+    resources = get_resources_client(cmd.cli_ctx, cmd.cli_ctx.data.get('subscription_id'))
+    association_id = f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension"
     for _ in range(3):
         try:
-            send_raw_request(
-                cmd.cli_ctx,
-                "PUT" if not remove_monitoring else "DELETE",
-                association_url,
-                body=association_body,
-            )
+            if not remove_monitoring:
+                resources.begin_create_or_update_by_id(
+                    association_id,
+                    "2022-06-01",
+                    json.loads(association_body)
+                )
+            else:
+                resources.begin_delete_by_id(
+                    association_id,
+                    "2022-06-01"
+                )
             error = None
             break
-        except AzCLIError as e:
+        except CLIError as e:
             error = e
     else:
         raise error
@@ -716,20 +725,18 @@ def create_ampls_scope(cmd, ampls_resource_id, dce_endpoint_name, dce_resource_i
             },
         }
     )
-    link_dce_ampls_url = cmd.cli_ctx.cloud.endpoints.resource_manager + \
-        f"{ampls_resource_id}/scopedresources/{dce_endpoint_name}-connection?api-version=2021-07-01-preview"
-
+    resources = get_resources_client(cmd.cli_ctx, cmd.cli_ctx.data.get('subscription_id'))
+    ampls_scope_id = f"{ampls_resource_id}/scopedresources/{dce_endpoint_name}-connection"
     for _ in range(3):
         try:
-            send_raw_request(
-                cmd.cli_ctx,
-                "PUT",
-                link_dce_ampls_url,
-                body=link_dce_ampls_body,
+            resources.begin_create_or_update_by_id(
+                ampls_scope_id,
+                "2021-07-01-preview",
+                json.loads(link_dce_ampls_body)
             )
             error = None
             break
-        except AzCLIError as e:
+        except CLIError as e:
             error = e
     else:
         raise error
@@ -740,8 +747,6 @@ def create_data_collection_endpoint(cmd, subscription, resource_group, region, e
         f"/subscriptions/{subscription}/resourceGroups/{resource_group}/"
         f"providers/Microsoft.Insights/dataCollectionEndpoints/{endpoint_name}"
     )
-    dce_url = cmd.cli_ctx.cloud.endpoints.resource_manager + \
-        f"{dce_resource_id}?api-version=2022-06-01"
     # create the DCE
     dce_creation_body_common = {
         "location": region,
@@ -755,12 +760,17 @@ def create_data_collection_endpoint(cmd, subscription, resource_group, region, e
     if is_ampls:
         dce_creation_body_common["properties"]["networkAcls"]["publicNetworkAccess"] = "Disabled"
     dce_creation_body_ = json.dumps(dce_creation_body_common)
+    resources = get_resources_client(cmd.cli_ctx, subscription)
     for _ in range(3):
         try:
-            send_raw_request(cmd.cli_ctx, "PUT", dce_url, body=dce_creation_body_)
+            resources.begin_create_or_update_by_id(
+                dce_resource_id,
+                "2022-06-01",
+                json.loads(dce_creation_body_)
+            )
             error = None
             break
-        except AzCLIError as e:
+        except CLIError as e:
             error = e
     else:
         raise error

@@ -2,8 +2,7 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
-import json
-from azure.cli.command_modules.acs.azuremonitormetrics.constants import AKS_CLUSTER_API
+from azure.cli.command_modules.acs._client_factory import get_container_service_client
 from azure.cli.core.azclierror import (
     UnknownError,
     CLIError
@@ -12,25 +11,17 @@
 
 # pylint: disable=line-too-long
 def addon_put(cmd, cluster_subscription, cluster_resource_group_name, cluster_name):
-    from azure.cli.core.util import send_raw_request
-    armendpoint = cmd.cli_ctx.cloud.endpoints.resource_manager
-    feature_check_url = f"{armendpoint}/subscriptions/{cluster_subscription}/resourceGroups/{cluster_resource_group_name}/providers/Microsoft.ContainerService/managedClusters/{cluster_name}?api-version={AKS_CLUSTER_API}"
+    client = get_container_service_client(cmd.cli_ctx, cluster_subscription).managed_clusters
     try:
-        headers = ['User-Agent=azuremonitormetrics.addon_get']
-        r = send_raw_request(cmd.cli_ctx, "GET", feature_check_url,
-                             body={}, headers=headers)
+        mc = client.get(cluster_resource_group_name, cluster_name)
     except CLIError as e:
         raise UnknownError(e)
-    json_response = json.loads(r.text)
-    if "azureMonitorProfile" in json_response["properties"]:
-        if "metrics" in json_response["properties"]["azureMonitorProfile"]:
-            if json_response["properties"]["azureMonitorProfile"]["metrics"]["enabled"] is False:
-                # What if enabled doesn't exist
-                json_response["properties"]["azureMonitorProfile"]["metrics"]["enabled"] = True
+    # Enable metrics if present and not already enabled
+    if hasattr(mc, "azure_monitor_profile") and mc.azure_monitor_profile:
+        if hasattr(mc.azure_monitor_profile, "metrics") and mc.azure_monitor_profile.metrics:
+            if getattr(mc.azure_monitor_profile.metrics, "enabled", None) is False:
+                mc.azure_monitor_profile.metrics.enabled = True
     try:
-        headers = ['User-Agent=azuremonitormetrics.addon_put']
-        body = json.dumps(json_response)
-        r = send_raw_request(cmd.cli_ctx, "PUT", feature_check_url,
-                             body=body, headers=headers)
-    except CLIError as e:
+        client.begin_create_or_update(cluster_resource_group_name, cluster_name, mc)
+    except Exception as e:
         raise UnknownError(e)
@@ -13,72 +13,80 @@
 from azure.cli.command_modules.acs.azuremonitormetrics.helper import sanitize_resource_id
 
 
+# pylint: disable=line-too-long
 def link_grafana_instance(cmd, raw_parameters, azure_monitor_workspace_resource_id):
-    from azure.cli.core.util import send_raw_request
+    from azure.cli.command_modules.acs._client_factory import get_resources_client
+    resources = get_resources_client(cmd.cli_ctx, raw_parameters.get("subscription_id"))
     # GET grafana principal ID
     try:
         grafana_resource_id = raw_parameters.get("grafana_resource_id")
         if grafana_resource_id is None or grafana_resource_id == "":
             return GrafanaLink.NOPARAMPROVIDED
         grafana_resource_id = sanitize_resource_id(grafana_resource_id)
-        grafanaURI = "{0}{1}?api-version={2}".format(
-            cmd.cli_ctx.cloud.endpoints.resource_manager,
-            grafana_resource_id,
-            GRAFANA_API
-        )
-        headers = ['User-Agent=azuremonitormetrics.link_grafana_instance']
-        grafanaArmResponse = send_raw_request(cmd.cli_ctx, "GET", grafanaURI, body={}, headers=headers)
+        grafanaArmResponse = resources.get_by_id(grafana_resource_id, GRAFANA_API)
 
         # Check if 'identity' and 'type' exist in the response
-        identity_info = grafanaArmResponse.json().get("identity", {})
-        identity_type = identity_info.get("type", "").lower()
+        identity_info = getattr(grafanaArmResponse, "identity", {})
+        identity_type = getattr(identity_info, "type", "").lower() if identity_info else ""
 
         if identity_type == "systemassigned":
-            servicePrincipalId = identity_info.get("principalId")
+            servicePrincipalId = getattr(identity_info, "principal_id", None)
         elif identity_type == "userassigned":
-            user_assigned_identities = identity_info.get("userAssignedIdentities", {})
+            user_assigned_identities = getattr(identity_info, "user_assigned_identities", {})
             if not user_assigned_identities:
                 raise CLIError("No user-assigned identities found.")
-            servicePrincipalId = list(user_assigned_identities.values())[0]["principalId"]
+            user_assigned_values = list(user_assigned_identities.values())
+            if not user_assigned_values or "principal_id" not in user_assigned_values[0]:
+                raise CLIError("Invalid user-assigned identity structure or missing principal_id.")
+            servicePrincipalId = user_assigned_values[0]["principal_id"]
         else:
             raise CLIError("Unsupported or missing identity type.")
 
         if not servicePrincipalId:
             raise CLIError("No service principal ID found for the specified identity.")
-    except CLIError as e:
+    except Exception as e:
         raise CLIError(e)
     # Add Role Assignment
     try:
         MonitoringDataReader = "b0d8363b-8ddd-447d-831f-62ca05bff136"
-        roleDefinitionURI = "{0}{1}/providers/Microsoft.Authorization/roleAssignments/{2}?api-version={3}".format(
-            cmd.cli_ctx.cloud.endpoints.resource_manager,
-            azure_monitor_workspace_resource_id,
-            uuid.uuid4(),
-            GRAFANA_ROLE_ASSIGNMENT_API
+        roleAssignmentId = str(uuid.uuid4())
+        roleDefinitionId = (
+            f"{azure_monitor_workspace_resource_id}/providers/Microsoft.Authorization/roleDefinitions/"
+            f"{MonitoringDataReader}"
         )
-        roleDefinitionId = "{0}/providers/Microsoft.Authorization/roleDefinitions/{1}".format(
-            azure_monitor_workspace_resource_id,
-            MonitoringDataReader
+        roleAssignmentResourceId = (
+            f"{azure_monitor_workspace_resource_id}/providers/Microsoft.Authorization/roleAssignments/"
+            f"{roleAssignmentId}"
         )
-        association_body = json.dumps({
+        association_body = {
             "properties": {
                 "roleDefinitionId": roleDefinitionId,
                 "principalId": servicePrincipalId
             }
-        })
-        headers = ['User-Agent=azuremonitormetrics.add_role_assignment']
-        send_raw_request(cmd.cli_ctx, "PUT", roleDefinitionURI, body=association_body, headers=headers)
-    except CLIError as e:
-        if e.response.status_code != 409:
-            erroString = "Role Assingment failed. Please manually assign the `Monitoring Data Reader` role\
-                to the Azure Monitor Workspace ({0}) for the Azure Managed Grafana\
-                System Assigned Managed Identity ({1})".format(
-                azure_monitor_workspace_resource_id,
-                servicePrincipalId
+        }
+        try:
+            resources.begin_create_or_update_by_id(
+                roleAssignmentResourceId,
+                GRAFANA_ROLE_ASSIGNMENT_API,
+                association_body
             )
-            print(erroString)
+        except CLIError as e:
+            # If already exists (409), ignore, else print error
+            if not (hasattr(e, "status_code") and e.status_code == 409):
+                erroString = (
+                    f"Role Assignment failed. Please manually assign the `Monitoring Data Reader` role\n"
+                    f"to the Azure Monitor Workspace ({azure_monitor_workspace_resource_id}) "
+                    f"for the Azure Managed Grafana\nSystem Assigned Managed Identity ({servicePrincipalId})"
+                )
+                print(erroString)
+    except Exception as e:
+        raise CLIError(e)
     # Setting up AMW Integration
-    targetGrafanaArmPayload = grafanaArmResponse.json()
+    targetGrafanaArmPayload = (
+        grafanaArmResponse.as_dict()
+        if hasattr(grafanaArmResponse, "as_dict")
+        else grafanaArmResponse
+    )
     if targetGrafanaArmPayload["properties"] is None:
         raise CLIError("Invalid grafana payload to add AMW integration")
     if "grafanaIntegrations" not in json.dumps(targetGrafanaArmPayload):
@@ -89,17 +97,14 @@ def link_grafana_instance(cmd, raw_parameters, azure_monitor_workspace_resource_
     if amwIntegrations != [] and azure_monitor_workspace_resource_id in json.dumps(amwIntegrations).lower():
         return GrafanaLink.ALREADYPRESENT
     try:
-        grafanaURI = "{0}{1}?api-version={2}".format(
-            cmd.cli_ctx.cloud.endpoints.resource_manager,
-            grafana_resource_id,
-            GRAFANA_API
-        )
         targetGrafanaArmPayload["properties"]["grafanaIntegrations"]["azureMonitorWorkspaceIntegrations"].append({
             "azureMonitorWorkspaceResourceId": azure_monitor_workspace_resource_id
         })
-        targetGrafanaArmPayload = json.dumps(targetGrafanaArmPayload)
-        headers = ['User-Agent=azuremonitormetrics.setup_amw_grafana_integration', 'Content-Type=application/json']
-        send_raw_request(cmd.cli_ctx, "PUT", grafanaURI, body=targetGrafanaArmPayload, headers=headers)
+        resources.begin_create_or_update_by_id(
+            grafana_resource_id,
+            GRAFANA_API,
+            targetGrafanaArmPayload
+        )
     except CLIError as e:
         raise CLIError(e)
     return GrafanaLink.SUCCESS
@@ -2,8 +2,6 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
-import json
-
 from azure.cli.command_modules.acs.azuremonitormetrics.constants import MAC_API
 from azure.cli.command_modules.acs.azuremonitormetrics.amw.defaults import get_default_mac_name_and_region
 from azure.cli.command_modules.acs._client_factory import get_resource_groups_client, get_resources_client
@@ -12,7 +10,6 @@
 
 
 def create_default_mac(cmd, cluster_subscription, cluster_region):
-    from azure.cli.core.util import send_raw_request
     default_mac_name, default_mac_region = get_default_mac_name_and_region(cmd, cluster_region, cluster_subscription)
     default_resource_group_name = "DefaultResourceGroup-{0}".format(default_mac_region)
     azure_monitor_workspace_resource_id = \
@@ -36,13 +33,15 @@ def create_default_mac(cmd, cluster_subscription, cluster_region):
                 raise ex
     else:
         resource_groups.create_or_update(default_resource_group_name, {"location": default_mac_region})
-    association_body = json.dumps({"location": default_mac_region, "properties": {}})
-    armendpoint = cmd.cli_ctx.cloud.endpoints.resource_manager
-    association_url = f"{armendpoint}{azure_monitor_workspace_resource_id}?api-version={MAC_API}"
     try:
-        headers = ['User-Agent=azuremonitormetrics.create_default_mac']
-        send_raw_request(cmd.cli_ctx, "PUT", association_url,
-                         body=association_body, headers=headers)
+        resources.begin_create_or_update_by_id(
+            azure_monitor_workspace_resource_id,
+            MAC_API,
+            {
+                "location": default_mac_region,
+                "properties": {}
+            }
+        )
         return azure_monitor_workspace_resource_id, default_mac_region
-    except CLIError as e:
-        raise e
+    except Exception as e:
+        raise CLIError(e)