Allow disable app test endpoint auth (#7686)

Azure · Jul 3, 2024 · 5360d59 · 5360d59
1 parent f22f36d
commit 5360d59
Show file tree

Hide file tree

Showing 11 changed files with 3,367 additions and 1,854 deletions.
diff --git a/src/spring/HISTORY.md b/src/spring/HISTORY.md
@@ -1,5 +1,9 @@
 Release History
 ===============
+1.25.0
+---
+* Add arguments `--disable-test-endpoint-auth` in `spring app create` and `spring app update`.
+
 1.24.5
 ---
 * Verify that `--artifact-path` and `--source-path` exist before all steps in `az spring app deploy`, `az spring app deployment create` and `az spring job deploy` commands.

diff --git a/src/spring/azext_spring/_app_factory.py b/src/spring/azext_spring/_app_factory.py
@@ -24,9 +24,16 @@ def _format_properties(self, **kwargs):
         kwargs['vnet_addons'] = self._load_vnet_addons(**kwargs)
         kwargs['ingress_settings'] = self._load_ingress_settings(**kwargs)
         kwargs['secrets'] = self._load_secrets_config(**kwargs)
+        kwargs['test_endpoint_auth_state'] = self._get_test_endpoint_auth_state(**kwargs)
         kwargs['addon_configs'] = self._load_addon_configs(**kwargs)
         return models.AppResourceProperties(**kwargs)
 
+    def _get_test_endpoint_auth_state(self, disable_test_endpoint_auth=None, **_):
+        if disable_test_endpoint_auth is None:
+            return None
+
+        return models.TestEndpointAuthState.DISABLED if disable_test_endpoint_auth else models.TestEndpointAuthState.ENABLED
+
     def _format_identity(self, system_assigned=None, user_assigned=None, **_):
         target_identity_type = self._get_identity_assign_type(system_assigned, user_assigned)
         user_identity_payload = self._get_user_identity_payload(user_assigned)

diff --git a/src/spring/azext_spring/_params.py b/src/spring/azext_spring/_params.py
@@ -390,6 +390,11 @@ def load_arguments(self, _):
                    help='A json file path indicates the certificates which would be loaded to app')
         c.argument('deployment_name', default='default',
                    help='Name of the default deployment.', validator=validate_name)
+        c.argument('disable_test_endpoint_auth',
+                   arg_type=get_three_state_flag(),
+                   options_list=['--disable-test-endpoint-auth', '--disable-tea'],
+                   help="If true, disable authentication of the app's test endpoint.",
+                   default=False)
 
     with self.argument_context('spring app update') as c:
         c.argument('assign_endpoint', arg_type=get_three_state_flag(),
@@ -409,6 +414,10 @@ def load_arguments(self, _):
         c.argument('deployment', options_list=['--deployment', '-d'],
                    help='Name of an existing deployment of the app. Default to the production deployment if not specified.',
                    validator=fulfill_deployment_param_or_warning)
+        c.argument('disable_test_endpoint_auth',
+                   arg_type=get_three_state_flag(),
+                   options_list=['--disable-test-endpoint-auth', '--disable-tea'],
+                   help="If true, disable authentication of the app's test endpoint.")
 
     with self.argument_context('spring app append-persistent-storage') as c:
         c.argument('storage_name', type=str,

diff --git a/src/spring/azext_spring/app.py b/src/spring/azext_spring/app.py
@@ -57,6 +57,7 @@ def app_create(cmd, client, resource_group, service, name,
                bind_service_registry=None,
                bind_application_configuration_service=None,
                bind_config_server=None,
+               disable_test_endpoint_auth=None,
                # app.update
                enable_persistent_storage=None,
                persistent_storage=None,
@@ -122,6 +123,7 @@ def app_create(cmd, client, resource_group, service, name,
         'bind_service_registry': bind_service_registry,
         'bind_application_configuration_service': bind_application_configuration_service,
         'bind_config_server': bind_config_server,
+        'disable_test_endpoint_auth': disable_test_endpoint_auth,
         'enable_temporary_disk': True,
         'enable_persistent_storage': enable_persistent_storage,
         'persistent_storage': persistent_storage,
@@ -206,6 +208,7 @@ def app_update(cmd, client, resource_group, service, name,
                backend_protocol=None,
                client_auth_certs=None,
                workload_profile=None,
+               disable_test_endpoint_auth=None,
                # deployment.source
                runtime_version=None,
                jvm_options=None,
@@ -277,6 +280,7 @@ def app_update(cmd, client, resource_group, service, name,
         'backend_protocol': backend_protocol,
         'client_auth_certs': client_auth_certs,
         'secrets': secrets,
+        'disable_test_endpoint_auth': disable_test_endpoint_auth,
         'workload_profile_name': workload_profile
     }
     if deployment is None:

diff --git a/src/spring/azext_spring/tests/latest/recordings/test_app_actuator_configs.yaml b/src/spring/azext_spring/tests/latest/recordings/test_app_actuator_configs.yaml
diff --git a/src/spring/azext_spring/tests/latest/recordings/test_app_crud.yaml b/src/spring/azext_spring/tests/latest/recordings/test_app_crud.yaml
diff --git a/src/spring/azext_spring/tests/latest/recordings/test_enterprise_app_crud.yaml b/src/spring/azext_spring/tests/latest/recordings/test_enterprise_app_crud.yaml
diff --git a/src/spring/azext_spring/tests/latest/recordings/test_persistent_storage.yaml b/src/spring/azext_spring/tests/latest/recordings/test_persistent_storage.yaml
diff --git a/src/spring/azext_spring/tests/latest/test_asa_app.py b/src/spring/azext_spring/tests/latest/test_asa_app.py
@@ -698,6 +698,19 @@ def test_update_workload_profile(self):
         resource = self.patch_app_resource
         self.assertEqual('w2', resource.properties.workload_profile_name)
 
+    def test_app_update_with_enable_test_endpoint_auth(self):
+        self._execute('rg', 'asc', 'app', workload_profile='w2')
+        resource = self.patch_app_resource
+        self.assertIsNone(resource.properties.test_endpoint_auth_state)
+
+        self._execute('rg', 'asc', 'app', workload_profile='w2', disable_test_endpoint_auth=False)
+        resource = self.patch_app_resource
+        self.assertEqual(models.TestEndpointAuthState.ENABLED, resource.properties.test_endpoint_auth_state)
+
+        self._execute('rg', 'asc', 'app', workload_profile='w2', disable_test_endpoint_auth=True)
+        resource = self.patch_app_resource
+        self.assertEqual(models.TestEndpointAuthState.DISABLED, resource.properties.test_endpoint_auth_state)
+
 
 class TestAppCreate(BasicTest):
     def __init__(self, methodName: str = ...):
@@ -790,6 +803,19 @@ def test_app_binding_tanzu_components_enterprise(self):
         self.assertEqual(default_config_server_id,
                     addon_configs['configServer']['resourceId'])
 
+    def test_app_create_with_enable_test_endpoint_auth(self):
+        self._execute('rg', 'asc', 'app', instance_count=1)
+        resource = self.put_app_resource
+        self.assertIsNone(resource.properties.test_endpoint_auth_state)
+
+        self._execute('rg', 'asc', 'app', instance_count=1, disable_test_endpoint_auth=False)
+        resource = self.put_app_resource
+        self.assertEqual(models.TestEndpointAuthState.ENABLED, resource.properties.test_endpoint_auth_state)
+
+        self._execute('rg', 'asc', 'app', instance_count=1, disable_test_endpoint_auth=True)
+        resource = self.put_app_resource
+        self.assertEqual(models.TestEndpointAuthState.DISABLED, resource.properties.test_endpoint_auth_state)
+
     def test_app_with_persistent_storage(self):
         self._execute('rg', 'asc', 'app', cpu='500m', memory='2Gi', instance_count=1, enable_persistent_storage=True)
         resource = self.put_app_resource

diff --git a/src/spring/azext_spring/tests/latest/test_asa_app_scenario.py b/src/spring/azext_spring/tests/latest/test_asa_app_scenario.py
@@ -153,6 +153,7 @@ def test_app_crud(self, resource_group, spring, app):
 
         self.cmd('spring app create -n {app} -g {rg} -s {serviceName} --cpu 2  --env "foo=bar"', checks=[
             self.check('name', '{app}'),
+            self.check('properties.testEndpointAuthState', "Enabled"),
             self.check('properties.activeDeployment.name', 'default'),
             self.check('properties.activeDeployment.properties.deploymentSettings.resourceRequests.cpu', '2'),
             self.check('properties.activeDeployment.sku.capacity', 1),
@@ -161,19 +162,28 @@ def test_app_crud(self, resource_group, spring, app):
             self.check('properties.activeDeployment.properties.deploymentSettings.environmentVariables', {'foo': 'bar'}),
         ])
 
+        self.cmd('spring app update -n {app} -g {rg} -s {serviceName} --session-max-age 1800',
+                 checks=[
+                     self.check('properties.testEndpointAuthState', "Enabled"),
+                ])
+
         # ingress only set session affinity
-        self.cmd('spring app update -n {app} -g {rg} -s {serviceName} --session-affinity Cookie --session-max-age 1800', checks=[
-            self.check('name', '{app}'),
-            self.check('properties.ingressSettings.readTimeoutInSeconds', '300'),
-            self.check('properties.ingressSettings.sendTimeoutInSeconds', '60'),
-            self.check('properties.ingressSettings.backendProtocol', 'Default'),
-            self.check('properties.ingressSettings.sessionAffinity', 'Cookie'),
-            self.check('properties.ingressSettings.sessionCookieMaxAge', '1800'),
-        ])
+        self.cmd('spring app update -n {app} -g {rg} -s {serviceName} --session-affinity Cookie --session-max-age 1800 '
+                 '--disable-test-endpoint-auth',
+                 checks=[
+                     self.check('name', '{app}'),
+                     self.check('properties.testEndpointAuthState', "Disabled"),
+                     self.check('properties.ingressSettings.readTimeoutInSeconds', '300'),
+                     self.check('properties.ingressSettings.sendTimeoutInSeconds', '60'),
+                     self.check('properties.ingressSettings.backendProtocol', 'Default'),
+                     self.check('properties.ingressSettings.sessionAffinity', 'Cookie'),
+                     self.check('properties.ingressSettings.sessionCookieMaxAge', '1800'),
+                ])
 
         # green deployment copy settings from active, but still accept input as highest priority
         self.cmd('spring app deployment create -n green --app {app} -g {rg} -s {serviceName} --instance-count 2', checks=[
             self.check('name', 'green'),
+            self.check('properties.testEndpointAuthState', None),
             self.check('properties.deploymentSettings.resourceRequests.cpu', '2'),
             self.check('properties.deploymentSettings.resourceRequests.memory', '1Gi'),
             self.check('properties.source.type', 'Jar'),
@@ -228,7 +238,7 @@ def test_app_create_binding_tanzu_components(self, resource_group, spring, app):
     @SpringResourceGroupPreparer(dev_setting_name=SpringTestEnvironmentEnum.ENTERPRISE['resource_group_name'])
     @SpringPreparer(**SpringTestEnvironmentEnum.ENTERPRISE['spring'], location = 'eastasia')
     @SpringAppNamePreparer()
-    def test_app_actuator_configs(self, resource_group, spring, app):
+    def test_enterprise_app_crud(self, resource_group, spring, app):
         self.kwargs.update({
             'app': app,
             'serviceName': spring,
@@ -237,12 +247,30 @@ def test_app_actuator_configs(self, resource_group, spring, app):
 
         self.cmd('spring app create -n {app} -g {rg} -s {serviceName}', checks=[
             self.check('name', '{app}'),
+            self.check('properties.testEndpointAuthState', "Enabled"),
         ])
 
-        # add actuator configs
-        self.cmd('spring app update -n {app} -g {rg} -s {serviceName} --custom-actuator-port 8080 --custom-actuator-path actuator', checks=[
-            self.check('properties.activeDeployment.properties.deploymentSettings.addonConfigs', {'appLiveView': {'actuatorPath': 'actuator', 'actuatorPort': 8080}}),
-        ])
+        # The property 'testEndpointAuthState' is enabled, update app without parameter 'disable-test-endpoint-auth'
+        self.cmd('spring app update -n {app} -g {rg} -s {serviceName} --custom-actuator-port 8080 --custom-actuator-path actuator',
+                 checks=[
+                     self.check('properties.activeDeployment.properties.deploymentSettings.addonConfigs', {'appLiveView': {'actuatorPath': 'actuator', 'actuatorPort': 8080}}),
+                     self.check('properties.testEndpointAuthState', "Enabled"),
+                 ])
+
+        # Update actuator configs, and test endpoint auth
+        self.cmd('spring app update -n {app} -g {rg} -s {serviceName} --custom-actuator-port 8081 --custom-actuator-path actuator '
+                 '--disable-test-endpoint-auth',
+                 checks=[
+                     self.check('properties.activeDeployment.properties.deploymentSettings.addonConfigs', {'appLiveView': {'actuatorPath': 'actuator', 'actuatorPort': 8081}}),
+                     self.check('properties.testEndpointAuthState', "Disabled"),
+                 ])
+        # The property 'testEndpointAuthState' is disabled, update app without parameter 'disable-test-endpoint-auth'
+        self.cmd('spring app update -n {app} -g {rg} -s {serviceName} --custom-actuator-port 8082',
+                 checks=[
+                     self.check('properties.activeDeployment.properties.deploymentSettings.addonConfigs', {'appLiveView': {'actuatorPath': 'actuator', 'actuatorPort': 8082}}),
+                     self.check('properties.testEndpointAuthState', "Disabled"),
+                 ])
+
 
 class BlueGreenTest(ScenarioTest):
 

diff --git a/src/spring/setup.py b/src/spring/setup.py
@@ -16,7 +16,7 @@
 
 # TODO: Confirm this is the right version number you want and it matches your
 # HISTORY.rst entry.
-VERSION = '1.24.5'
+VERSION = '1.25.0'
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers