add tests, for existing regsitry,keep consistent if not updated

src/aks-preview/HISTORY.rst

@@ -11,6 +11,12 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
+* Vendor new SDK and bump API version to 2024-07-02-preview.
+
+9.0.0b1
++++++++
+* [BREAKING CHANGE]: Remove support for `az aks update --ssh-access` command to avoid misleading. To update existing cluster's SSH access, please use `az aks nodepool update --ssh-access` to update node pool's SSH access one by one.
+* Remove dependency on `msrestazure.azure_exceptions` and `msrestazure.tools`.
 
 8.0.0b1
 +++++++

src/aks-preview/README.rst

@@ -175,6 +175,9 @@ Released version and adopted API version
     * - 7.0.0b3 ~ 7.0.0b3
       - 2024-05-02-preview
       - 
-    * - 7.0.0b4 ~ latest
+    * - 7.0.0b4 ~ 9.0.0b1
       - 2024-06-02-preview
       - 
+    * - 9.0.0b2 ~ latest
+      - 2024-07-02-preview
+      - 

src/aks-preview/azext_aks_preview/__init__.py

@@ -16,7 +16,7 @@ def register_aks_preview_resource_type():
     register_resource_type(
         "latest",
         CUSTOM_MGMT_AKS_PREVIEW,
-        SDKProfile("2024-06-02-preview", {"container_services": "2017-07-01"}),
+        SDKProfile("2024-07-02-preview", {"container_services": "2017-07-01"}),
     )
 
 

src/aks-preview/azext_aks_preview/_completers.py

@@ -79,12 +79,12 @@ def _get_location(cli_ctx, namespace):
 
 def _get_location_from_resource_group(cli_ctx, resource_group_name):
     from azext_aks_preview._client_factory import get_resource_groups_client
-    from msrestazure.azure_exceptions import CloudError
+    from azure.core.exceptions import HttpResponseError
 
     try:
         rg = get_resource_groups_client(cli_ctx).get(resource_group_name)
         return rg.location
-    except CloudError as err:
+    except HttpResponseError as err:
         # Print a warning if the user hit [TAB] but the `--resource-group` argument was incorrect.
         # For example: "Warning: Resource group 'bogus' could not be found."
         from argcomplete import warn

src/aks-preview/azext_aks_preview/_help.py

@@ -625,7 +625,7 @@
           short-summary: Enable AI toolchain operator to the cluster.
         - name: --ssh-access
           type: string
-          short-summary: Configure SSH setting for all node pools in this cluster. Use "disabled" to disable SSH access, "localuser" to enable SSH access using private key.
+          short-summary: Configure SSH setting for the first system pool in this cluster. Use "disabled" to disable SSH access, "localuser" to enable SSH access using private key. Note, this configuration will not take effect for later created new node pools, please use option `az aks nodepool add --ssh-access` to configure SSH access for new node pools.
         - name: --pod-ip-allocation-mode
           type: string
           short-summary: Set the ip allocation mode for how Pod IPs from the Azure Pod Subnet are allocated to the nodes in the AKS cluster. The choice is between dynamic batches of individual IPs or static allocation of a set of CIDR blocks. Accepted Values are "DynamicIndividual" or "StaticBlock".
@@ -1264,9 +1264,6 @@
         - name: --disable-ai-toolchain-operator
           type: bool
           short-summary: Disable AI toolchain operator.
-        - name: --ssh-access
-          type: string
-          short-summary: Update SSH setting for all node pools in this cluster. Use "disabled" to disable SSH access, "localuser" to enable SSH access using private key.
         - name: --node-init-taints --nodepool-initialization-taints
           type: string
           short-summary: The node initialization taints for all node pools in cluster.

src/aks-preview/azext_aks_preview/_params.py

@@ -1415,8 +1415,6 @@ def load_arguments(self, _):
                 'For more information on "Auto" mode see aka.ms/aks/nap.'
             )
         )
-        # In update scenario, use emtpy str as default.
-        c.argument('ssh_access', arg_type=get_enum_type(ssh_accesses), is_preview=True)
         c.argument('enable_static_egress_gateway', is_preview=True, action='store_true')
         c.argument('disable_static_egress_gateway', is_preview=True, action='store_true')
         c.argument("enable_imds_restriction", action="store_true", is_preview=True)

src/aks-preview/azext_aks_preview/_roleassignments.py

@@ -15,7 +15,6 @@
 from azure.cli.core.profiles import ResourceType, get_sdk
 from azure.core.exceptions import HttpResponseError, ResourceExistsError
 from knack.log import get_logger
-from msrestazure.azure_exceptions import CloudError
 
 logger = get_logger(__name__)
 
@@ -24,9 +23,6 @@
 
 # temp workaround for the breaking change caused by default API version bump of the auth SDK
 def add_role_assignment(cmd, role, service_principal_msi_id, is_service_principal=True, delay=2, scope=None):
-    from azure.cli.core import __version__ as core_version
-    if core_version <= "2.45.0":
-        return _add_role_assignment_old(cmd, role, service_principal_msi_id, is_service_principal, delay, scope)
     return _add_role_assignment_new(cmd, role, service_principal_msi_id, is_service_principal, delay, scope)
 
 
@@ -95,7 +91,7 @@ def _add_role_assignment_new(cmd, role, service_principal_msi_id, is_service_pri
                 resolve_assignee=is_service_principal,
             )
             break
-        except (CloudError, HttpResponseError) as ex:
+        except HttpResponseError as ex:
             if isinstance(ex, ResourceExistsError) or "The role assignment already exists." in ex.message:
                 break
             logger.info(ex.message)
@@ -107,81 +103,3 @@ def _add_role_assignment_new(cmd, role, service_principal_msi_id, is_service_pri
     hook.add(message="AAD role propagation done", value=1.0, total_val=1.0)
     logger.info("AAD role propagation done")
     return True
-
-
-# TODO(fuming): remove this once dependency bumped to 2.47.0
-def _add_role_assignment_executor_old(cmd, role, assignee, resource_group_name=None, scope=None, resolve_assignee=True):
-    factory = get_auth_management_client(cmd.cli_ctx, scope)
-    assignments_client = factory.role_assignments
-    definitions_client = factory.role_definitions
-
-    # FIXME: is this necessary?
-    if assignments_client.config is None:
-        raise AzCLIError("Assignments client config is undefined.")
-
-    scope = build_role_scope(resource_group_name, scope, assignments_client.config.subscription_id)
-
-    # XXX: if role is uuid, this function's output cannot be used as role assignment defintion id
-    # ref: https://github.com/Azure/azure-cli/issues/2458
-    role_id = resolve_role_id(role, scope, definitions_client)
-
-    # If the cluster has service principal resolve the service principal client id to get the object id,
-    # if not use MSI object id.
-    object_id = resolve_object_id(cmd.cli_ctx, assignee) if resolve_assignee else assignee
-
-    assignment_name = uuid.uuid4()
-    custom_headers = None
-
-    RoleAssignmentCreateParameters = get_sdk(
-        cmd.cli_ctx,
-        ResourceType.MGMT_AUTHORIZATION,
-        "RoleAssignmentCreateParameters",
-        mod="models",
-        operation_group="role_assignments",
-    )
-    if cmd.supported_api_version(min_api="2018-01-01-preview", resource_type=ResourceType.MGMT_AUTHORIZATION):
-        parameters = RoleAssignmentCreateParameters(role_definition_id=role_id, principal_id=object_id)
-        return assignments_client.create(scope, assignment_name, parameters, custom_headers=custom_headers)
-
-    # for backward compatibility
-    RoleAssignmentProperties = get_sdk(
-        cmd.cli_ctx,
-        ResourceType.MGMT_AUTHORIZATION,
-        "RoleAssignmentProperties",
-        mod="models",
-        operation_group="role_assignments",
-    )
-    properties = RoleAssignmentProperties(role_definition_id=role_id, principal_id=object_id)
-    return assignments_client.create(scope, assignment_name, properties, custom_headers=custom_headers)
-
-
-# TODO(fuming): remove this once dependency bumped to 2.47.0
-def _add_role_assignment_old(cmd, role, service_principal_msi_id, is_service_principal=True, delay=2, scope=None):
-    # AAD can have delays in propagating data, so sleep and retry
-    hook = cmd.cli_ctx.get_progress_controller(True)
-    hook.add(message="Waiting for AAD role to propagate", value=0, total_val=1.0)
-    logger.info("Waiting for AAD role to propagate")
-    for x in range(0, 10):
-        hook.add(message="Waiting for AAD role to propagate", value=0.1 * x, total_val=1.0)
-        try:
-            # TODO: break this out into a shared utility library
-            _add_role_assignment_executor_old(
-                cmd,
-                role,
-                service_principal_msi_id,
-                scope=scope,
-                resolve_assignee=is_service_principal,
-            )
-            break
-        except (CloudError, HttpResponseError) as ex:
-            if ex.message == "The role assignment already exists.":
-                break
-            logger.info(ex.message)
-        except Exception as ex:  # pylint: disable=broad-except
-            logger.error(str(ex))
-        time.sleep(delay + delay * x)
-    else:
-        return False
-    hook.add(message="AAD role propagation done", value=1.0, total_val=1.0)
-    logger.info("AAD role propagation done")
-    return True

src/aks-preview/azext_aks_preview/_validators.py

@@ -20,6 +20,7 @@
 )
 from azure.cli.core.commands.validators import validate_tag
 from azure.cli.core.util import CLIError
+from azure.mgmt.core.tools import is_valid_resource_id
 from azext_aks_preview._consts import (
     ADDONS,
     CONST_LOAD_BALANCER_BACKEND_POOL_TYPE_NODE_IP,
@@ -323,7 +324,6 @@ def validate_apiserver_subnet_id(namespace):
 def _validate_subnet_id(subnet_id, name):
     if subnet_id is None or subnet_id == '':
         return
-    from msrestazure.tools import is_valid_resource_id
     if not is_valid_resource_id(subnet_id):
         raise CLIError(name + " is not a valid Azure resource ID.")
 
@@ -468,7 +468,6 @@ def validate_assign_identity(namespace):
     if namespace.assign_identity is not None:
         if namespace.assign_identity == '':
             return
-        from msrestazure.tools import is_valid_resource_id
         if not is_valid_resource_id(namespace.assign_identity):
             raise CLIError(
                 "--assign-identity is not a valid Azure resource ID.")
@@ -561,7 +560,6 @@ def validate_assign_kubelet_identity(namespace):
     if namespace.assign_kubelet_identity is not None:
         if namespace.assign_kubelet_identity == '':
             return
-        from msrestazure.tools import is_valid_resource_id
         if not is_valid_resource_id(namespace.assign_kubelet_identity):
             raise CLIError(
                 "--assign-kubelet-identity is not a valid Azure resource ID.")
@@ -578,46 +576,40 @@ def validate_snapshot_name(namespace):
 
 
 def validate_nodepool_id(namespace):
-    from msrestazure.tools import is_valid_resource_id
     if not is_valid_resource_id(namespace.nodepool_id):
         raise InvalidArgumentValueError(
             "--nodepool-id is not a valid Azure resource ID.")
 
 
 def validate_cluster_id(namespace):
-    from msrestazure.tools import is_valid_resource_id
     if not is_valid_resource_id(namespace.cluster_id):
         raise InvalidArgumentValueError(
             "--cluster-id is not a valid Azure resource ID.")
 
 
 def validate_snapshot_id(namespace):
     if namespace.snapshot_id:
-        from msrestazure.tools import is_valid_resource_id
         if not is_valid_resource_id(namespace.snapshot_id):
             raise InvalidArgumentValueError(
                 "--snapshot-id is not a valid Azure resource ID.")
 
 
 def validate_cluster_snapshot_id(namespace):
     if namespace.cluster_snapshot_id:
-        from msrestazure.tools import is_valid_resource_id
         if not is_valid_resource_id(namespace.cluster_snapshot_id):
             raise InvalidArgumentValueError(
                 "--cluster-snapshot-id is not a valid Azure resource ID.")
 
 
 def validate_host_group_id(namespace):
     if namespace.host_group_id:
-        from msrestazure.tools import is_valid_resource_id
         if not is_valid_resource_id(namespace.host_group_id):
             raise InvalidArgumentValueError(
                 "--host-group-id is not a valid Azure resource ID.")
 
 
 def validate_crg_id(namespace):
     if namespace.crg_id:
-        from msrestazure.tools import is_valid_resource_id
         if not is_valid_resource_id(namespace.crg_id):
             raise InvalidArgumentValueError(
                 "--crg-id is not a valid Azure resource ID.")
@@ -644,7 +636,6 @@ def validate_azure_keyvault_kms_key_vault_resource_id(namespace):
     key_vault_resource_id = namespace.azure_keyvault_kms_key_vault_resource_id
     if key_vault_resource_id is None or key_vault_resource_id == '':
         return
-    from msrestazure.tools import is_valid_resource_id
     if not is_valid_resource_id(key_vault_resource_id):
         raise InvalidArgumentValueError("--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.")
 
@@ -653,7 +644,6 @@ def validate_bootstrap_container_registry_resource_id(namespace):
     container_registry_resource_id = namespace.bootstrap_container_registry_resource_id
     if container_registry_resource_id is None or container_registry_resource_id == '':
         return
-    from msrestazure.tools import is_valid_resource_id
     if not is_valid_resource_id(container_registry_resource_id):
         raise InvalidArgumentValueError("--bootstrap-container-registry-resource-id is not a valid Azure resource ID.")
 
@@ -773,7 +763,6 @@ def validate_application_security_groups(namespace):
     if not asg_ids:
         return
 
-    from msrestazure.tools import is_valid_resource_id
     for asg in asg_ids.split(","):
         if not is_valid_resource_id(asg):
             raise InvalidArgumentValueError(asg + " is not a valid Azure resource ID.")

src/aks-preview/azext_aks_preview/addonconfiguration.py

@@ -424,7 +424,7 @@ def add_ingress_appgw_addon_role_assignment(result, cmd):
 
     if service_principal_msi_id is not None:
         config = result.addon_profiles[CONST_INGRESS_APPGW_ADDON_NAME].config
-        from msrestazure.tools import parse_resource_id, resource_id
+        from azure.mgmt.core.tools import parse_resource_id, resource_id
         if CONST_INGRESS_APPGW_APPLICATION_GATEWAY_ID in config:
             appgw_id = config[CONST_INGRESS_APPGW_APPLICATION_GATEWAY_ID]
             parsed_appgw_id = parse_resource_id(appgw_id)

src/aks-preview/azext_aks_preview/aks_diagnostics.py

@@ -28,10 +28,11 @@
     get_mgmt_service_client,
     get_subscription_id,
 )
+from azure.core.exceptions import HttpResponseError
+from azure.mgmt.core.tools import is_valid_resource_id, parse_resource_id, resource_id
 from knack.log import get_logger
 from knack.prompting import prompt_y_n
 from knack.util import CLIError
-from msrestazure.azure_exceptions import CloudError
 from packaging import version
 from tabulate import tabulate
 
@@ -70,8 +71,6 @@ def aks_kollect_cmd(cmd,    # pylint: disable=too-many-statements,too-many-local
             raise CLIError(
                 "A storage account must be specified, since there isn't one in the diagnostic settings.")
 
-    from msrestazure.tools import (is_valid_resource_id, parse_resource_id,
-                                   resource_id)
     if storage_account_id is None:
         if not is_valid_resource_id(storage_account):
             storage_account_id = resource_id(
@@ -86,7 +85,7 @@ def aks_kollect_cmd(cmd,    # pylint: disable=too-many-statements,too-many-local
     if is_valid_resource_id(storage_account_id):
         try:
             parsed_storage_account = parse_resource_id(storage_account_id)
-        except CloudError as ex:
+        except HttpResponseError as ex:
             raise CLIError(ex.message) from ex
     else:
         raise CLIError(f"Invalid storage account id {storage_account_id}")