From 459d6b722be2688435b5fa3f52e79c7fceabc41d Mon Sep 17 00:00:00 2001
From: Sanjana Lawande <slawande@redhat.com>
Date: Fri, 27 Sep 2024 11:26:36 -0700
Subject: [PATCH 1/6] disallow refresh_cluster_credentials with
 platowrm_workload_identities

---
 python/az/aro/azext_aro/_validators.py                |  4 ++--
 .../azext_aro/tests/latest/unit/test_validators.py    | 11 +++++------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/python/az/aro/azext_aro/_validators.py b/python/az/aro/azext_aro/_validators.py
index 96b8941323a..0d789226e0a 100644
--- a/python/az/aro/azext_aro/_validators.py
+++ b/python/az/aro/azext_aro/_validators.py
@@ -284,8 +284,8 @@ def validate_refresh_cluster_credentials(namespace):
         return
     if namespace.client_secret is not None or namespace.client_id is not None:
         raise RequiredArgumentMissingError('--client-id and --client-secret must be not set with --refresh-credentials.')  # pylint: disable=line-too-long
-    if namespace.upgradeable_to is not None:
-        raise MutuallyExclusiveArgumentError('Must not specify --refresh-credentials when --upgradeable-to is used.')  # pylint: disable=line-too-long
+    if namespace.platform_workload_identities is not None:
+        raise MutuallyExclusiveArgumentError('--platform-workload-identities must be not set with --refresh-credentials.')
 
 
 def validate_version_format(namespace):
diff --git a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
index 0df05cf9c94..7f753ef653c 100644
--- a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
+++ b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
@@ -817,15 +817,14 @@ def test_validate_worker_vm_disk_size_gb(test_description, namespace, expected_e
     ),
     (
         "should not raise any Exception because namespace.client_secret is None and namespace.client_id is None",
-        Mock(upgradeable_to=None, client_secret=None, client_id=None),
+        Mock(platform_workload_identities=None, client_secret=None, client_id=None),
         None
-    ),
+    ), 
     (
-        "should raise MutuallyExclusiveArgumentError exception because namespace.upgradeable_to is not None",
-        Mock(upgradeable_to="4.14.2", client_id=None, client_secret=None),
+        "should raise MutuallyExclusiveArgumentError Exception because namespace.platform_workload_identities is present", 
+        Mock(platform_workload_identities=[Mock(resource_id='Foo')], client_id=None, client_secret=None),
         MutuallyExclusiveArgumentError
-    ),
-
+    )
 ]
 
 

From 53907d3b599855e4b5b9a97835a921c5fdd1a11e Mon Sep 17 00:00:00 2001
From: Sanjana Lawande <slawande@redhat.com>
Date: Mon, 30 Sep 2024 09:39:40 -0700
Subject: [PATCH 2/6] add pylint comment

---
 python/az/aro/azext_aro/_validators.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/az/aro/azext_aro/_validators.py b/python/az/aro/azext_aro/_validators.py
index 0d789226e0a..a05e3346ee0 100644
--- a/python/az/aro/azext_aro/_validators.py
+++ b/python/az/aro/azext_aro/_validators.py
@@ -285,7 +285,7 @@ def validate_refresh_cluster_credentials(namespace):
     if namespace.client_secret is not None or namespace.client_id is not None:
         raise RequiredArgumentMissingError('--client-id and --client-secret must be not set with --refresh-credentials.')  # pylint: disable=line-too-long
     if namespace.platform_workload_identities is not None:
-        raise MutuallyExclusiveArgumentError('--platform-workload-identities must be not set with --refresh-credentials.')
+        raise MutuallyExclusiveArgumentError('--platform-workload-identities must be not set with --refresh-credentials.')  # pylint: disable=line-too-long
 
 
 def validate_version_format(namespace):

From e9aaeb31f994362bdfa8b2fd008acf7ddc12b146 Mon Sep 17 00:00:00 2001
From: Sanjana Lawande <slawande@redhat.com>
Date: Tue, 1 Oct 2024 10:49:22 -0700
Subject: [PATCH 3/6] fix python lint issue

---
 python/az/aro/azext_aro/tests/latest/unit/test_validators.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
index 7f753ef653c..101782da99f 100644
--- a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
+++ b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
@@ -819,7 +819,7 @@ def test_validate_worker_vm_disk_size_gb(test_description, namespace, expected_e
         "should not raise any Exception because namespace.client_secret is None and namespace.client_id is None",
         Mock(platform_workload_identities=None, client_secret=None, client_id=None),
         None
-    ), 
+    ),
     (
         "should raise MutuallyExclusiveArgumentError Exception because namespace.platform_workload_identities is present", 
         Mock(platform_workload_identities=[Mock(resource_id='Foo')], client_id=None, client_secret=None),

From d17feb4079c3145e4f6c56684cf9bb04613f5711 Mon Sep 17 00:00:00 2001
From: Sanjana Lawande <slawande@redhat.com>
Date: Wed, 2 Oct 2024 08:29:22 -0700
Subject: [PATCH 4/6] fix pylint issue

---
 python/az/aro/azext_aro/tests/latest/unit/test_validators.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
index 101782da99f..9663a9ab920 100644
--- a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
+++ b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
@@ -821,7 +821,7 @@ def test_validate_worker_vm_disk_size_gb(test_description, namespace, expected_e
         None
     ),
     (
-        "should raise MutuallyExclusiveArgumentError Exception because namespace.platform_workload_identities is present", 
+        "should raise MutuallyExclusiveArgumentError Exception because namespace.platform_workload_identities is present",
         Mock(platform_workload_identities=[Mock(resource_id='Foo')], client_id=None, client_secret=None),
         MutuallyExclusiveArgumentError
     )

From 6593f24c20004925f1165da7de5b364905ad2c27 Mon Sep 17 00:00:00 2001
From: Sanjana Lawande <slawande@redhat.com>
Date: Mon, 7 Oct 2024 13:01:27 -0700
Subject: [PATCH 5/6] Revert "disallow refresh_cluster_credentials with
 platform_workload_identities"

This reverts commit 329322a0fecb15127b316c726f305d374092b113.
---
 python/az/aro/azext_aro/_validators.py                   | 4 ++--
 .../aro/azext_aro/tests/latest/unit/test_validators.py   | 9 +++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/python/az/aro/azext_aro/_validators.py b/python/az/aro/azext_aro/_validators.py
index a05e3346ee0..96b8941323a 100644
--- a/python/az/aro/azext_aro/_validators.py
+++ b/python/az/aro/azext_aro/_validators.py
@@ -284,8 +284,8 @@ def validate_refresh_cluster_credentials(namespace):
         return
     if namespace.client_secret is not None or namespace.client_id is not None:
         raise RequiredArgumentMissingError('--client-id and --client-secret must be not set with --refresh-credentials.')  # pylint: disable=line-too-long
-    if namespace.platform_workload_identities is not None:
-        raise MutuallyExclusiveArgumentError('--platform-workload-identities must be not set with --refresh-credentials.')  # pylint: disable=line-too-long
+    if namespace.upgradeable_to is not None:
+        raise MutuallyExclusiveArgumentError('Must not specify --refresh-credentials when --upgradeable-to is used.')  # pylint: disable=line-too-long
 
 
 def validate_version_format(namespace):
diff --git a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
index 9663a9ab920..0df05cf9c94 100644
--- a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
+++ b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
@@ -817,14 +817,15 @@ def test_validate_worker_vm_disk_size_gb(test_description, namespace, expected_e
     ),
     (
         "should not raise any Exception because namespace.client_secret is None and namespace.client_id is None",
-        Mock(platform_workload_identities=None, client_secret=None, client_id=None),
+        Mock(upgradeable_to=None, client_secret=None, client_id=None),
         None
     ),
     (
-        "should raise MutuallyExclusiveArgumentError Exception because namespace.platform_workload_identities is present",
-        Mock(platform_workload_identities=[Mock(resource_id='Foo')], client_id=None, client_secret=None),
+        "should raise MutuallyExclusiveArgumentError exception because namespace.upgradeable_to is not None",
+        Mock(upgradeable_to="4.14.2", client_id=None, client_secret=None),
         MutuallyExclusiveArgumentError
-    )
+    ),
+
 ]
 
 

From f6eeb3b66a3de997f59cf6e2b400751db9fb8eb9 Mon Sep 17 00:00:00 2001
From: Sanjana Lawande <slawande@redhat.com>
Date: Mon, 7 Oct 2024 21:06:23 -0700
Subject: [PATCH 6/6] disallow refresh_cluster_credentials with
 platform_workload_identities fix

---
 python/az/aro/azext_aro/_validators.py                     | 2 ++
 .../az/aro/azext_aro/tests/latest/unit/test_validators.py  | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/python/az/aro/azext_aro/_validators.py b/python/az/aro/azext_aro/_validators.py
index 96b8941323a..34b1435cc75 100644
--- a/python/az/aro/azext_aro/_validators.py
+++ b/python/az/aro/azext_aro/_validators.py
@@ -284,6 +284,8 @@ def validate_refresh_cluster_credentials(namespace):
         return
     if namespace.client_secret is not None or namespace.client_id is not None:
         raise RequiredArgumentMissingError('--client-id and --client-secret must be not set with --refresh-credentials.')  # pylint: disable=line-too-long
+    if namespace.platform_workload_identities is not None:
+        raise MutuallyExclusiveArgumentError('--platform-workload-identities must be not set with --refresh-credentials.')  # pylint: disable=line-too-long
     if namespace.upgradeable_to is not None:
         raise MutuallyExclusiveArgumentError('Must not specify --refresh-credentials when --upgradeable-to is used.')  # pylint: disable=line-too-long
 
diff --git a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
index 0df05cf9c94..3fce1c5a546 100644
--- a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
+++ b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
@@ -815,9 +815,14 @@ def test_validate_worker_vm_disk_size_gb(test_description, namespace, expected_e
         Mock(client_id="client_id_456"),
         RequiredArgumentMissingError
     ),
+    (
+        "should raise MutuallyExclusiveArgumentError Exception because namespace.platform_workload_identities is present",
+        Mock(platform_workload_identities=[Mock(resource_id='Foo')], client_id=None, client_secret=None),
+        MutuallyExclusiveArgumentError
+    ),
     (
         "should not raise any Exception because namespace.client_secret is None and namespace.client_id is None",
-        Mock(upgradeable_to=None, client_secret=None, client_id=None),
+        Mock(upgradeable_to=None, client_secret=None, client_id=None, platform_workload_identities=None),
         None
     ),
     (