Merge branch 'Azure:main' into abiyer/add-arcgateway

linter_exclusions.yml

@@ -438,6 +438,16 @@ databox job mark-devices-shipped:
     deliver_package_details:
       rule_exclusions:
         - option_length_too_long
+databricks access-connector create:
+  parameters:
+    user_assigned_identities:
+      rule_exclusions:
+      - option_length_too_long
+databricks access-connector update:
+  parameters:
+    user_assigned_identities:
+      rule_exclusions:
+      - option_length_too_long
 databricks workspace create:
   parameters:
     managed_resource_group:
@@ -446,6 +456,20 @@ databricks workspace create:
     require_infrastructure_encryption:
       rule_exclusions:
       - option_length_too_long
+    default_storage_firewall:
+      rule_exclusions:
+        - option_length_too_long
+    enhanced_security_compliance:
+      rule_exclusions:
+        - option_length_too_long
+databricks workspace update:
+  parameters:
+    default_storage_firewall:
+      rule_exclusions:
+        - option_length_too_long
+    enhanced_security_compliance:
+      rule_exclusions:
+        - option_length_too_long
 databricks workspace vnet-peering create:
   parameters:
     allow_forwarded_traffic:

scripts/ci/release_version_cal.py

@@ -7,6 +7,7 @@
 # pylint: disable=line-too-long
 import os
 import re
+import json
 from packaging.version import parse
 
 from azdev.utilities.path import get_cli_repo_path, get_ext_repo_paths
@@ -22,8 +23,8 @@
 changed_module_list = os.environ.get('changed_module_list', "").split()
 diff_code_file = os.environ.get('diff_code_file', "")
 print("diff_code_file:", diff_code_file)
-pr_label_list = os.environ.get('pr_label_list', "").split()
-pr_label_list = [name.lower().strip().strip('"').strip("'") for name in pr_label_list]
+pr_label_list = os.environ.get('pr_label_list', "")
+pr_label_list = [name.lower().strip().strip('"').strip("'") for name in json.loads(pr_label_list)]
 
 DEFAULT_VERSION = "0.0.0"
 INIT_RELEASE_VERSION = "1.0.0b1"

src/aks-preview/HISTORY.rst

@@ -11,6 +11,15 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
+* Add validation to `az aks create` and `az aks update` while modifying the `--ephemeral-disk-volume-type` and `--ephemeral-disk-nvme-perf-tier` values.
+
+5.0.0b4
+++++++++
+* Add additional unit test cases for mutable fips flags in agentpool update.
+
+5.0.0b3
+++++++++
+* Add support for mutable fips in agentpool update. (enable/disable flags)
 
 5.0.0b2
 ++++++++

src/aks-preview/azext_aks_preview/_help.py

@@ -2004,6 +2004,12 @@
         - name: --if-none-match
           type: string
           short-summary: Set to '*' to allow a new node pool to be created, but to prevent updating an existing node pool. Other values will be ignored.
+        - name: --enable-fips-image
+          type: bool
+          short-summary: Switch to use FIPS-enabled OS on agent nodes.
+        - name: --disable-fips-image
+          type: bool
+          short-summary: Switch to use non-FIPS-enabled OS on agent nodes.
     examples:
       - name: Reconcile the nodepool back to its current state.
         text: az aks nodepool update -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster

src/aks-preview/azext_aks_preview/_params.py

@@ -1645,6 +1645,16 @@ def load_arguments(self, _):
         )
         c.argument("if_match")
         c.argument("if_none_match")
+        c.argument(
+            "enable_fips_image",
+            is_preview=True,
+            action="store_true"
+        )
+        c.argument(
+            "disable_fips_image",
+            is_preview=True,
+            action="store_true"
+        )
 
     with self.argument_context("aks nodepool upgrade") as c:
         c.argument("max_surge", validator=validate_max_surge)

src/aks-preview/azext_aks_preview/agentpool_decorator.py

@@ -655,6 +655,39 @@ def get_vm_sizes(self) -> List[str]:
             vm_sizes = [self.get_node_vm_size()]
         return vm_sizes
 
+    # Overrides azure-cli command to allow changes after create
+    def get_enable_fips_image(self) -> bool:
+        """Obtain the value of enable_fips_image, default value is False.
+
+        :return: bool
+        """
+
+        # read the original value passed by the command
+        enable_fips_image = self.raw_param.get("enable_fips_image", False)
+        # In create mode, try and read the property value corresponding to the parameter from the `agentpool` object
+        if self.decorator_mode == DecoratorMode.CREATE:
+            if (
+                self.agentpool and
+                hasattr(self.agentpool, "enable_fips") and      # backward compatibility
+                self.agentpool.enable_fips is not None
+            ):
+                enable_fips_image = self.agentpool.enable_fips
+
+        # Verify both flags have not been set
+        if enable_fips_image and self.get_disable_fips_image():
+            raise MutuallyExclusiveArgumentError(
+                'Cannot specify "--enable-fips-image" and "--disable-fips-image" at the same time'
+            )
+
+        return enable_fips_image
+
+    def get_disable_fips_image(self) -> bool:
+        """Obtain the value of disable_fips_image.
+        :return: bool
+        """
+        # read the original value passed by the command
+        return self.raw_param.get("disable_fips_image")
+
 
 class AKSPreviewAgentPoolAddDecorator(AKSAgentPoolAddDecorator):
     def __init__(
@@ -1092,6 +1125,21 @@ def update_vtpm(self, agentpool: AgentPool) -> AgentPool:
 
         return agentpool
 
+    def update_fips_image(self, agentpool: AgentPool) -> AgentPool:
+        """Update fips image property for the AgentPool object.
+        :return: the AgentPool object
+        """
+        self._ensure_agentpool(agentpool)
+
+        # Updates enable_fips property allowing switching of fips mode
+        if self.context.get_enable_fips_image():
+            agentpool.enable_fips = True
+
+        if self.context.get_disable_fips_image():
+            agentpool.enable_fips = False
+
+        return agentpool
+
     def update_agentpool_profile_preview(self, agentpools: List[AgentPool] = None) -> AgentPool:
         """The overall controller used to update the preview AgentPool profile.
 
@@ -1121,6 +1169,9 @@ def update_agentpool_profile_preview(self, agentpools: List[AgentPool] = None) -
         # update os sku
         agentpool = self.update_os_sku(agentpool)
 
+        # update fips image
+        agentpool = self.update_fips_image(agentpool)
+
         # update ssh access
         agentpool = self.update_ssh_access(agentpool)
 

src/aks-preview/azext_aks_preview/azurecontainerstorage/_validators.py

@@ -303,20 +303,37 @@ def validate_enable_azure_container_storage_params(  # pylint: disable=too-many-
                         f'already enabled for storage pool option {enabled_options}.'
                     )
             else:
-                if ephemeral_disk_volume_type is not None and ephemeral_disk_nvme_perf_tier is None and \
+                if required_type_installed_for_disk_vol_type and \
+                   ephemeral_disk_volume_type is not None and \
+                   ephemeral_disk_nvme_perf_tier is None and \
                    existing_ephemeral_disk_volume_type.lower() == ephemeral_disk_volume_type.lower():
                     raise InvalidArgumentValueError(
                         'Azure Container Storage is already configured with --ephemeral-disk-volume-type '
                         f'value set to {existing_ephemeral_disk_volume_type}.'
                     )
 
-                if ephemeral_disk_nvme_perf_tier is not None and ephemeral_disk_volume_type is None and \
+                if required_type_installed_for_nvme_perf_tier and \
+                   ephemeral_disk_nvme_perf_tier is not None and \
+                   ephemeral_disk_volume_type is None and \
                    existing_ephemeral_disk_nvme_perf_tier.lower() == ephemeral_disk_nvme_perf_tier.lower():
                     raise InvalidArgumentValueError(
                         'Azure Container Storage is already configured with --ephemeral-disk-nvme-perf-tier '
                         f'value set to {existing_ephemeral_disk_nvme_perf_tier}.'
                     )
 
+                # pylint: disable=too-many-boolean-expressions
+                if required_type_installed_for_disk_vol_type and \
+                   ephemeral_disk_volume_type is not None and \
+                   existing_ephemeral_disk_volume_type.lower() == ephemeral_disk_volume_type.lower() and \
+                   required_type_installed_for_nvme_perf_tier and \
+                   ephemeral_disk_nvme_perf_tier is not None and \
+                   existing_ephemeral_disk_nvme_perf_tier.lower() == ephemeral_disk_nvme_perf_tier.lower():
+                    raise InvalidArgumentValueError(
+                        'Azure Container Storage is already configured with --ephemeral-disk-volume-type '
+                        f'value set to {existing_ephemeral_disk_volume_type} and --ephemeral-disk-nvme-perf-tier '
+                        f'value set to {existing_ephemeral_disk_nvme_perf_tier}.'
+                    )
+
         if storage_pool_option == CONST_ACSTOR_ALL:
             raise InvalidArgumentValueError(
                 f'Cannot set --storage-pool-option value as {CONST_ACSTOR_ALL} '

src/aks-preview/azext_aks_preview/custom.py

@@ -1387,6 +1387,8 @@ def aks_agentpool_update(
     disable_vtpm=False,
     if_match=None,
     if_none_match=None,
+    enable_fips_image=False,
+    disable_fips_image=False,
 ):
     # DO NOT MOVE: get all the original parameters and save them as a dictionary
     raw_parameters = locals()