Skip to content

Commit

Permalink
{ACS} az aks approuting: Creating commands for approuting enable|di…
Browse files Browse the repository at this point in the history
…sable|keyvault as well as dns zone add|remove|list (#28463)
  • Loading branch information
bfoley13 authored Mar 8, 2024
1 parent c0e82c8 commit 7dbe9a6
Show file tree
Hide file tree
Showing 15 changed files with 13,786 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -123,3 +123,7 @@ def get_resource_by_name(cli_ctx, resource_name, resource_type):
def get_msi_client(cli_ctx, subscription_id=None):
return get_mgmt_service_client(cli_ctx, ManagedServiceIdentityClient,
subscription_id=subscription_id)


def get_keyvault_client(cli_ctx, subscription_id=None):
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_KEYVAULT, subscription_id=subscription_id).vaults
4 changes: 4 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_consts.py
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,10 @@
CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_COMPLETE = "Complete"
CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_ROLLBACK = "Rollback"

# Dns zone contributor role
CONST_PRIVATE_DNS_ZONE_CONTRIBUTOR_ROLE = "Private DNS Zone Contributor"
CONST_DNS_ZONE_CONTRIBUTOR_ROLE = "DNS Zone Contributor"


# consts for decorator pattern
class DecoratorMode(Enum):
Expand Down
93 changes: 93 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -531,6 +531,9 @@
- name: --enable-asm --enable-azure-service-mesh
type: bool
short-summary: Enable Azure Service Mesh addon.
- name: --enable-app-routing
type: bool
short-summary: Enable Application Routing addon.
- name: --revision
type: string
short-summary: Azure Service Mesh revision to install.
Expand Down Expand Up @@ -2255,3 +2258,93 @@
- name: Rollback Azure Service Mesh upgrade.
text: az aks mesh upgrade rollback --resource-group MyResourceGroup --name MyManagedCluster
"""

helps['aks approuting'] = """
type: group
short-summary: Commands to manage App Routing aadon.
long-summary: A group of commands to manage App Routing in given cluster.
"""

helps['aks approuting enable'] = """
type: command
short-summary: Enable App Routing.
long-summary: This command enables App Routing in given cluster.
parameters:
- name: --enable-kv
type: bool
short-summary: Enable the keyvault secrets provider.
long-summary: This optional flag enables the keyvault-secrets-provider addon in given cluster. This is required for most App Routing use-cases.
- name: --attach-kv
type: string
short-summary: Attach a keyvault id to access secrets and certificates.
long-summary: This optional flag attaches a keyvault id to access secrets and certificates.
"""

helps['aks approuting disable'] = """
type: command
short-summary: Disable App Routing addon.
long-summary: This command disables App Routing in given cluster.
"""

helps['aks approuting update'] = """
type: command
short-summary: Update App Routing addon.
long-summary: This command is used to update keyvault id in App Routing addon.
parameters:
- name: --attach-kv
type: string
short-summary: Attach a keyvault id to access secrets and certificates.
long-summary: This optional flag attaches a keyvault id to access secrets and certificates.
- name: --enable-kv
type: bool
short-summary: Enable the keyvault secrets provider addon.
long-summary: This optional flag enables the keyvault-secrets-provider addon in given cluster. This is required for most App Routing use-cases.
"""

helps['aks approuting zone'] = """
type: group
short-summary: Commands to manage App Routing DNS Zones.
long-summary: A group of commands to manage App Routing DNS zones in given cluster.
"""

helps['aks approuting zone add'] = """
type: command
short-summary: Add DNS Zone(s) to App Routing.
long-summary: This command adds multiple DNS zone resource IDs to App Routing.
parameters:
- name: --ids
type: string
short-summary: Comma-separated list of DNS zone resource IDs to add to App Routing.
- name: --attach-zones
type: bool
short-summary: Grant DNS zone Contributor permissions on all zone IDs specified in --ids.
"""

helps['aks approuting zone delete'] = """
type: command
short-summary: Delete DNS Zone(s) from App Routing.
long-summary: This command deletes DNS zone resource IDs from App Routing in given cluster.
parameters:
- name: --ids
type: string
short-summary: Comma-separated list of DNS zone resource IDs to delete from App Routing.
"""

helps['aks approuting zone update'] = """
type: command
short-summary: Replace DNS Zone(s) in App Routing.
long-summary: This command replaces the DNS zone resource IDs used in App Routing.
parameters:
- name: --ids
type: string
short-summary: Comma-separated list of DNS zone resource IDs to replace in App Routing.
- name: --attach-zones
type: bool
short-summary: Grant DNS zone Contributor permissions on all zone IDs specified in --ids.
"""

helps['aks approuting zone list'] = """
type: command
short-summary: List DNS Zone IDs in App Routing.
long-summary: This command lists the DNS zone resources used in App Routing.
"""
20 changes: 20 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,7 @@ def load_arguments(self, _):
c.argument('enable_secret_rotation', action='store_true')
c.argument('rotation_poll_interval')
c.argument('enable_sgxquotehelper', action='store_true')
c.argument('enable_app_routing', action="store_true")

# nodepool paramerters
c.argument('nodepool_name', default='nodepool1',
Expand Down Expand Up @@ -718,6 +719,25 @@ def load_arguments(self, _):
with self.argument_context('aks mesh upgrade start') as c:
c.argument('revision', validator=validate_azure_service_mesh_revision, required=True)

with self.argument_context('aks approuting enable') as c:
c.argument('enable_kv', action='store_true')
c.argument('keyvault_id', options_list=['--attach-kv'])

with self.argument_context('aks approuting update') as c:
c.argument('keyvault_id', options_list=['--attach-kv'])
c.argument('enable_kv', action='store_true')

with self.argument_context('aks approuting zone add') as c:
c.argument('dns_zone_resource_ids', options_list=['--ids'], required=True)
c.argument('attach_zones')

with self.argument_context('aks approuting zone delete') as c:
c.argument('dns_zone_resource_ids', options_list=['--ids'], required=True)

with self.argument_context('aks approuting zone update') as c:
c.argument('dns_zone_resource_ids', options_list=['--ids'], required=True)
c.argument('attach_zones')


def _get_default_install_location(exe_name):
system = platform.system()
Expand Down
13 changes: 13 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/commands.py
Original file line number Diff line number Diff line change
Expand Up @@ -234,3 +234,16 @@ def load_command_table(self, _):
'rollback',
'aks_mesh_upgrade_rollback',
supports_no_wait=True)

# AKS approuting commands
with self.command_group('aks approuting', managed_clusters_sdk, client_factory=cf_managed_clusters) as g:
g.custom_command('enable', 'aks_approuting_enable')
g.custom_command('disable', 'aks_approuting_disable', confirmation=True)
g.custom_command('update', 'aks_approuting_update')

# AKS approuting dns-zone commands
with self.command_group('aks approuting zone', managed_clusters_sdk, client_factory=cf_managed_clusters) as g:
g.custom_command('add', 'aks_approuting_zone_add')
g.custom_command('delete', 'aks_approuting_zone_delete', confirmation=True)
g.custom_command('update', 'aks_approuting_zone_update')
g.custom_command('list', 'aks_approuting_zone_list')
164 changes: 164 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -575,6 +575,7 @@ def aks_create(
enable_sgxquotehelper=False,
enable_secret_rotation=False,
rotation_poll_interval=None,
enable_app_routing=False,
# nodepool paramerters
nodepool_name="nodepool1",
node_vm_size=None,
Expand Down Expand Up @@ -2941,3 +2942,166 @@ def _aks_mesh_update(
return None

return aks_update_decorator.update_mc(mc)


def aks_approuting_enable(
cmd,
client,
resource_group_name,
name,
enable_kv=False,
keyvault_id=None
):
return _aks_approuting_update(
cmd,
client,
resource_group_name,
name,
enable_app_routing=True,
keyvault_id=keyvault_id,
enable_kv=enable_kv)


def aks_approuting_disable(
cmd,
client,
resource_group_name,
name
):
return _aks_approuting_update(
cmd,
client,
resource_group_name,
name,
enable_app_routing=False)


def aks_approuting_update(
cmd,
client,
resource_group_name,
name,
keyvault_id=None,
enable_kv=False
):
return _aks_approuting_update(
cmd,
client,
resource_group_name,
name,
keyvault_id=keyvault_id,
enable_kv=enable_kv)


def aks_approuting_zone_add(
cmd,
client,
resource_group_name,
name,
dns_zone_resource_ids,
attach_zones=False
):
return _aks_approuting_update(
cmd,
client,
resource_group_name,
name,
dns_zone_resource_ids=dns_zone_resource_ids,
add_dns_zone=True,
attach_zones=attach_zones)


def aks_approuting_zone_delete(
cmd,
client,
resource_group_name,
name,
dns_zone_resource_ids
):
return _aks_approuting_update(
cmd,
client,
resource_group_name,
name,
dns_zone_resource_ids=dns_zone_resource_ids,
delete_dns_zone=True)


def aks_approuting_zone_update(
cmd,
client,
resource_group_name,
name,
dns_zone_resource_ids,
attach_zones=False
):
return _aks_approuting_update(
cmd,
client,
resource_group_name,
name,
dns_zone_resource_ids=dns_zone_resource_ids,
update_dns_zone=True,
attach_zones=attach_zones)


def aks_approuting_zone_list(
cmd,
client,
resource_group_name,
name
):
from msrestazure.tools import parse_resource_id
mc = client.get(resource_group_name, name)

if mc.ingress_profile and mc.ingress_profile.web_app_routing and mc.ingress_profile.web_app_routing.enabled:
if mc.ingress_profile.web_app_routing.dns_zone_resource_ids:
dns_zone_resource_ids = mc.ingress_profile.web_app_routing.dns_zone_resource_ids
dns_zone_list = []
for dns_zone in dns_zone_resource_ids:
dns_zone_dict = {}
parsed_dns_zone = parse_resource_id(dns_zone)
dns_zone_dict['id'] = dns_zone
dns_zone_dict['subscription'] = parsed_dns_zone['subscription']
dns_zone_dict['resource_group'] = parsed_dns_zone['resource_group']
dns_zone_dict['name'] = parsed_dns_zone['name']
dns_zone_dict['type'] = parsed_dns_zone['type']
dns_zone_list.append(dns_zone_dict)
return dns_zone_list
raise CLIError('No dns zone attached to the cluster')
raise CLIError('App routing addon is not enabled')


# pylint: disable=unused-argument
def _aks_approuting_update(
cmd,
client,
resource_group_name,
name,
enable_app_routing=None,
enable_kv=None,
keyvault_id=None,
add_dns_zone=None,
delete_dns_zone=None,
update_dns_zone=None,
dns_zone_resource_ids=None,
attach_zones=None
):
from azure.cli.command_modules.acs.managed_cluster_decorator import AKSManagedClusterUpdateDecorator

raw_parameters = locals()

aks_update_decorator = AKSManagedClusterUpdateDecorator(
cmd=cmd,
client=client,
raw_parameters=raw_parameters,
resource_type=ResourceType.MGMT_CONTAINERSERVICE,
)

try:
mc = aks_update_decorator.fetch_mc()
mc = aks_update_decorator.update_app_routing_profile(mc)
except DecoratorEarlyExitException:
return None

return aks_update_decorator.update_mc(mc)
Loading

0 comments on commit 7dbe9a6

Please sign in to comment.