merge latest changes from upstream

AzureArcForKubernetes · Feb 14, 2025 · cd09156 · cd09156
2 parents 41d6f64 + c898278
commit cd09156
Show file tree

Hide file tree

Showing 78 changed files with 5,051 additions and 4,270 deletions.
diff --git a/linter_exclusions.yml b/linter_exclusions.yml
@@ -207,6 +207,11 @@ aks update:
     cluster_service_load_balancer_health_probe_mode:
       rule_exclusions:
       - option_length_too_long
+arcdata dc config init:
+  parameters:
+    path:
+      rule_exclusions:
+      - disallowed_html_tag_from_parameter
 arcdata dc create:
   parameters:
     logs_ui_private_key_file:
@@ -221,6 +226,12 @@ arcdata dc create:
     metrics_ui_public_key_file:
       rule_exclusions:
       - option_length_too_long
+arcdata dc:
+  rule_exclusions:
+  - require_wait_command_if_no_wait
+arcdata ad-connector:
+  rule_exclusions:
+  - require_wait_command_if_no_wait
 arcdata ad-connector create:
   parameters:
     domain_service_account_secret:
@@ -237,6 +248,17 @@ arcdata ad-connector update:
     secondary_domain_controllers:
       rule_exclusions:
       - option_length_too_long
+sql instance-failover-group-arc:
+  rule_exclusions:
+  - require_wait_command_if_no_wait
+sql instance-failover-group-arc create:
+  parameters:
+    partner_resource_group:
+      rule_exclusions:
+      - parameter_should_not_end_in_resource_group
+sql server-arc availability-group:
+  rule_exclusions:
+  - require_wait_command_if_no_wait
 sql server-arc availability-group create:
   parameters:
     automated_backup_preference:
@@ -268,6 +290,9 @@ sql mi-arc update:
     tde_protector_public_key_file:
       rule_exclusions:
       - option_length_too_long
+sql mi-arc:
+  rule_exclusions:
+  - require_wait_command_if_no_wait
 sql mi-arc create:
   parameters:
     sync_secondary_to_commit:

diff --git a/scripts/ci/avail-ext-doc/list-template.md b/scripts/ci/avail-ext-doc/list-template.md
@@ -5,12 +5,9 @@ author: haroldrandom
 ms.author: jianzen
 manager: yonzhan,yungezz
 ms.date: {{ date }}
-ms.topic: article
+ms.topic: generated-reference
 ms.service: azure-cli
-ms.devlang: azure-cli
-ms.tool: azure-cli
 ms.custom: devx-track-azurecli
-keywords: az extension, azure cli extensions, azure extensions
 ---
 
 # Available Azure CLI extensions

diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst
@@ -9,6 +9,18 @@ If there is no rush to release a new version, please just add a description of t
 
 To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.
 
+13.0.0b5
++++++++
+* `az aks create/az aks nodepool add`: Emit error message when using `--asg-ids` alone without `--allowed-host-ports`.
+
+13.0.0b4
++++++++
+* `az aks nodepool upgrade`: Fix `--node-soak-duration` cannot be specified as 0
+
+13.0.0b3
++++++++
+* `az aks create`: Update outbound type selection logic for automatic cluster when customer brings BYO Vnet.
+
 13.0.0b2
 +++++++
 * `az aks create/update`: Update advanced container networking service (acns) with 2024-09-02-preview API version enablement.

diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py
@@ -756,13 +756,27 @@ def validate_allowed_host_ports(namespace):
 
 
 def validate_application_security_groups(namespace):
+    is_nodepool_operation = False
     if hasattr((namespace), "nodepool_asg_ids"):
+        is_nodepool_operation = True
         asg_ids = namespace.nodepool_asg_ids
+        host_ports = namespace.nodepool_allowed_host_ports
     else:
         asg_ids = namespace.asg_ids
+        host_ports = namespace.allowed_host_ports
+
     if not asg_ids:
         return
 
+    if not host_ports:
+        if is_nodepool_operation:
+            raise ArgumentUsageError(
+                '--nodepool-asg-ids must be used with --nodepool-allowed-host-ports'
+            )
+        raise ArgumentUsageError(
+            '--asg-ids must be used with --allowed-host-ports'
+        )
+
     for asg in asg_ids.split(","):
         if not is_valid_resource_id(asg):
             raise InvalidArgumentValueError(asg + " is not a valid Azure resource ID.")

diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py
@@ -1433,7 +1433,7 @@ def aks_agentpool_upgrade(cmd,
         instance.upgrade_settings.max_surge = max_surge
     if drain_timeout:
         instance.upgrade_settings.drain_timeout_in_minutes = drain_timeout
-    if node_soak_duration:
+    if isinstance(node_soak_duration, int) and node_soak_duration >= 0:
         instance.upgrade_settings.node_soak_duration_in_minutes = node_soak_duration
     if undrainable_node_behavior:
         instance.upgrade_settings.undrainable_node_behavior = undrainable_node_behavior

diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
@@ -433,8 +433,9 @@ def _get_outbound_type(
         ):
             outbound_type = CONST_OUTBOUND_TYPE_LOAD_BALANCER
             skuName = self.get_sku_name()
-            if skuName is not None and skuName == CONST_MANAGED_CLUSTER_SKU_NAME_AUTOMATIC:
-                # outbound_type of Automatic SKU should be ManagedNATGateway if not provided.
+            isVnetSubnetIdEmpty = self.get_vnet_subnet_id() in ["", None]
+            if skuName is not None and skuName == CONST_MANAGED_CLUSTER_SKU_NAME_AUTOMATIC and isVnetSubnetIdEmpty:
+                # outbound_type of Automatic SKU should be ManagedNATGateway if no subnet id provided.
                 outbound_type = CONST_OUTBOUND_TYPE_MANAGED_NAT_GATEWAY
 
         # validation
@@ -1425,6 +1426,7 @@ def _get_apiserver_subnet_id(self, enable_validation: bool = False) -> Union[str
                     enable_apiserver_vnet_integration is None or
                     enable_apiserver_vnet_integration is False
                 )
+                and self.get_sku_name() != CONST_MANAGED_CLUSTER_SKU_NAME_AUTOMATIC
             ):
                 raise RequiredArgumentMissingError(
                     '"--apiserver-subnet-id" requires "--enable-apiserver-vnet-integration".')
@@ -2923,6 +2925,9 @@ def set_up_api_server_access_profile(self, mc: ManagedCluster) -> ManagedCluster
                 mc.api_server_access_profile = self.models.ManagedClusterAPIServerAccessProfile()
             mc.api_server_access_profile.enable_vnet_integration = True
         if self.context.get_apiserver_subnet_id():
+            if mc.api_server_access_profile is None:
+                # pylint: disable=no-member
+                mc.api_server_access_profile = self.models.ManagedClusterAPIServerAccessProfile()
             mc.api_server_access_profile.subnet_id = self.context.get_apiserver_subnet_id()
 
         return mc

diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py
@@ -3958,6 +3958,7 @@ def test_get_outbound_type(self):
             self.models,
             decorator_mode=DecoratorMode.CREATE,
         )
+        self.create_attach_agentpool_context(ctx1)
         outbound_type_1 = ctx1._get_outbound_type(False, False, None)
         expect_outbound_type_1 = CONST_OUTBOUND_TYPE_MANAGED_NAT_GATEWAY
         self.assertEqual(outbound_type_1,expect_outbound_type_1)
@@ -3968,10 +3969,33 @@ def test_get_outbound_type(self):
             self.models,
             decorator_mode=DecoratorMode.CREATE,
         )
+        self.create_attach_agentpool_context(ctx2)
         outbound_type_2 = ctx2._get_outbound_type(False, False, None)
         expect_outbound_type_2 = CONST_OUTBOUND_TYPE_LOAD_BALANCER
         self.assertEqual(outbound_type_2,expect_outbound_type_2)
 
+        ctx3 = AKSPreviewManagedClusterContext(
+            self.cmd,
+            AKSManagedClusterParamDict({"sku": "automatic", "vnet_subnet_id": "/subscriptions/testid/resourceGroups/MockedResourceGroup/providers/Microsoft.Network/virtualNetworks/MockedNetworkId/subnets/MockedSubNetId"}),
+            self.models,
+            decorator_mode=DecoratorMode.CREATE,
+        )
+        self.create_attach_agentpool_context(ctx3)
+        outbound_type_3 = ctx3._get_outbound_type(False, False, None)
+        expect_outbound_type_3 = CONST_OUTBOUND_TYPE_LOAD_BALANCER
+        self.assertEqual(outbound_type_3,expect_outbound_type_3)
+
+        ctx4 = AKSPreviewManagedClusterContext(
+            self.cmd,
+            AKSManagedClusterParamDict({"sku": "automatic"}),
+            self.models,
+            decorator_mode=DecoratorMode.CREATE,
+        )
+        self.create_attach_agentpool_context(ctx4)
+        outbound_type_4 = ctx4._get_outbound_type(False, False, None)
+        expect_outbound_type_4 = CONST_OUTBOUND_TYPE_MANAGED_NAT_GATEWAY
+        self.assertEqual(outbound_type_4,expect_outbound_type_4)
+
 class AKSPreviewManagedClusterCreateDecoratorTestCase(unittest.TestCase):
     def setUp(self):
         # manually register CUSTOM_MGMT_AKS_PREVIEW
@@ -4266,6 +4290,30 @@ def test_set_up_api_server_access_profile(self):
         )
         self.assertEqual(dec_mc_3, ground_truth_mc_3)
 
+        dec_4 = AKSPreviewManagedClusterCreateDecorator(
+            self.cmd,
+            self.client,
+            {
+                "apiserver_subnet_id": apiserver_subnet_id,
+                "vnet_subnet_id": vnet_subnet_id,
+                "sku": "automatic",
+            },
+            CUSTOM_MGMT_AKS_PREVIEW,
+        )
+        mc_4 = self.models.ManagedCluster(location="test_location")
+        dec_4.context.attach_mc(mc_4)
+        dec_mc_4 = dec_4.set_up_api_server_access_profile(mc_4)
+        ground_truth_api_server_access_profile_4 = (
+            self.models.ManagedClusterAPIServerAccessProfile(
+                subnet_id=apiserver_subnet_id,
+            )
+        )
+        ground_truth_mc_4 = self.models.ManagedCluster(
+            location="test_location",
+            api_server_access_profile=ground_truth_api_server_access_profile_4,
+        )
+        self.assertEqual(dec_mc_4, ground_truth_mc_4)
+
     def test_build_gitops_addon_profile(self):
         # default
         dec_1 = AKSPreviewManagedClusterCreateDecorator(

diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py b/src/aks-preview/azext_aks_preview/tests/latest/test_validators.py
@@ -638,32 +638,94 @@ def test_invalid_application_security_groups(self):
         namespace = SimpleNamespace(
             **{
                 "asg_ids": "invalid",
+                "allowed_host_ports": ["80/tcp", "443/tcp", "8080-8090/tcp", "53/udp"],
             }
         )
         with self.assertRaises(InvalidArgumentValueError):
-            validators.validate_application_security_groups(namespace)
+            validators.validate_application_security_groups(
+                namespace
+            )
+
+    def test_application_security_groups_without_allowed_host_ports(self):
+        asg_ids = ",".join([
+            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
+        ])
+        namespace = SimpleNamespace(
+            **{
+                "asg_ids": asg_ids,
+                "allowed_host_ports": [],
+            }
+        )
+        with self.assertRaises(ArgumentUsageError):
+            validators.validate_application_security_groups(
+                namespace
+            )
+
+    def test_nodepool_application_security_groups_without_allowed_host_ports(self):
+        asg_ids = ",".join([
+            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
+        ])
+        namespace = SimpleNamespace(
+            **{
+                "nodepool_asg_ids": asg_ids,
+                "nodepool_allowed_host_ports": [],
+            }
+        )
+        with self.assertRaises(ArgumentUsageError):
+            validators.validate_application_security_groups(
+                namespace
+            )
 
     def test_empty_application_security_groups(self):
         namespace = SimpleNamespace(
             **{
                 "asg_ids": "",
+                "allowed_host_ports": [],
             }
         )
-        validators.validate_application_security_groups(namespace)
+        validators.validate_application_security_groups(
+            namespace
+        )
 
-    def test_multiple_application_security_groups(self):
-        asg_ids = ",".join(
-            [
-                "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
-                "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg2/providers/Microsoft.Network/applicationSecurityGroups/asg2",
-            ]
+    def test_empty_nodepool_application_security_groups(self):
+        namespace = SimpleNamespace(
+            **{
+                "nodepool_asg_ids": "",
+                "nodepool_allowed_host_ports": [],
+            }
+        )
+        validators.validate_application_security_groups(
+            namespace
         )
+    def test_multiple_application_security_groups(self):
+        asg_ids = ",".join([
+            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
+            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg2/providers/Microsoft.Network/applicationSecurityGroups/asg2",
+        ])
         namespace = SimpleNamespace(
             **{
                 "asg_ids": asg_ids,
+                "allowed_host_ports": ["80/tcp", "443/tcp", "8080-8090/tcp", "53/udp"],
             }
         )
-        validators.validate_application_security_groups(namespace)
+        validators.validate_application_security_groups(
+            namespace
+        )
+
+    def test_multiple_nodepool_application_security_groups(self):
+        asg_ids = ",".join([
+            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
+            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg2/providers/Microsoft.Network/applicationSecurityGroups/asg2",
+        ])
+        namespace = SimpleNamespace(
+            **{
+                "nodepool_asg_ids": asg_ids,
+                "nodepool_allowed_host_ports": ["80/tcp", "443/tcp", "8080-8090/tcp", "53/udp"],
+            }
+        )
+        validators.validate_application_security_groups(
+            namespace
+        )
 
 
 class MaintenanceWindowNameSpace:

diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py
@@ -9,7 +9,7 @@
 
 from setuptools import setup, find_packages
 
-VERSION = "13.0.0b2"
+VERSION = "13.0.0b5"
 
 CLASSIFIERS = [
     "Development Status :: 4 - Beta",

diff --git a/src/bastion/HISTORY.rst b/src/bastion/HISTORY.rst
@@ -2,6 +2,10 @@
 
 Release History
 ===============
+1.4.0
+++++++
+* Add support for bastion developer create.
+
 1.3.1
 ++++++
 * Remove dependency on msazurerest.