From 15692f6815f579928db467a69d2db53250af0c00 Mon Sep 17 00:00:00 2001 From: hbc Date: Fri, 15 Apr 2022 14:46:02 +0800 Subject: [PATCH 01/12] feat: implement workload identity related flags --- src/aks-preview/azext_aks_preview/_help.py | 9 + src/aks-preview/azext_aks_preview/_params.py | 3 + src/aks-preview/azext_aks_preview/custom.py | 5 + .../azext_aks_preview/decorator.py | 102 +++++++++- .../tests/latest/test_decorator.py | 187 ++++++++++++++++++ 5 files changed, 304 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 7e4a611eb70..27b7147b478 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -350,6 +350,9 @@ - name: --enable-pod-identity-with-kubenet type: bool short-summary: (PREVIEW) Enable pod identity addon for cluster using Kubnet network plugin. + - name: --enable-workload-identity + type: bool + short-summary: (PREVIEW) Enable workload identity addon. - name: --aci-subnet-name type: string short-summary: The name of a subnet in an existing VNet into which to deploy the virtual nodes. @@ -618,6 +621,12 @@ - name: --disable-pod-identity type: bool short-summary: (PREVIEW) Disable Pod Identity addon for cluster. + - name: --enable-workload-identity + type: bool + short-summary: (PREVIEW) Enable Workload Identity addon for cluster. + - name: --disable-workload-identity + type: bool + short-summary: (PREVIEW) Disable Workload Identity addon for cluster. - name: --enable-secret-rotation type: bool short-summary: Enable secret rotation. Use with azure-keyvault-secrets-provider addon. diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 3670a91667f..708fc6a07fe 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -169,6 +169,7 @@ def load_arguments(self, _): c.argument('http_proxy_config', options_list=[ '--http-proxy-config'], type=str) c.argument('enable_pod_identity', action='store_true') + c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) c.argument('appgw_name', options_list=[ '--appgw-name'], arg_group='Application Gateway') c.argument('appgw_subnet_prefix', options_list=[ @@ -255,6 +256,8 @@ def load_arguments(self, _): validator=validate_assign_identity) c.argument('enable_pod_identity', action='store_true') c.argument('disable_pod_identity', action='store_true') + c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) + c.argument('disable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) c.argument('enable_secret_rotation', action='store_true') c.argument('disable_secret_rotation', action='store_true') c.argument('rotation_poll_interval', type=str) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 1451aa26c15..7814b5c3a59 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -753,6 +753,8 @@ def aks_create(cmd, auto_upgrade_channel=None, enable_pod_identity=False, enable_pod_identity_with_kubenet=False, + # NOTE: for workload identity flags, we need to know if it's set to True/False or not set (None) + enable_workload_identity=None, enable_encryption_at_host=False, enable_ultra_ssd=False, edge_zone=None, @@ -834,6 +836,9 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches, enable_pod_identity=False, enable_pod_identity_with_kubenet=False, disable_pod_identity=False, + # NOTE: for workload identity flags, we need to know if it's set to True/False or not set (None) + enable_workload_identity=None, + disable_workload_identity=None, enable_secret_rotation=False, disable_secret_rotation=False, rotation_poll_interval=None, diff --git a/src/aks-preview/azext_aks_preview/decorator.py b/src/aks-preview/azext_aks_preview/decorator.py index c65e6dbb830..7c93e4d752d 100644 --- a/src/aks-preview/azext_aks_preview/decorator.py +++ b/src/aks-preview/azext_aks_preview/decorator.py @@ -7,7 +7,7 @@ import os import time from types import SimpleNamespace -from typing import Dict, List, Tuple, TypeVar, Union +from typing import Dict, List, Tuple, TypeVar, Union, Optional from azure.cli.command_modules.acs._consts import ( DecoratorEarlyExitException, @@ -81,6 +81,7 @@ ContainerServiceNetworkProfile = TypeVar("ContainerServiceNetworkProfile") ManagedClusterAddonProfile = TypeVar("ManagedClusterAddonProfile") ManagedClusterOIDCIssuerProfile = TypeVar('ManagedClusterOIDCIssuerProfile') +ManagedClusterSecurityProfileWorkloadIdentity = TypeVar('ManagedClusterSecurityProfileWorkloadIdentity') Snapshot = TypeVar("Snapshot") AzureKeyVaultKms = TypeVar('AzureKeyVaultKms') @@ -120,6 +121,11 @@ def __init__(self, cmd: AzCommandsLoader, resource_type: ResourceType): resource_type=self.resource_type, operation_group="managed_clusters", ) + self.ManagedClusterSecurityProfileWorkloadIdentity = self.__cmd.get_models( + "ManagedClusterSecurityProfileWorkloadIdentity", + resource_type=self.resource_type, + operation_group="managed_clusters", + ) self.ManagedClusterSecurityProfile = self.__cmd.get_models( "ManagedClusterSecurityProfile", resource_type=self.resource_type, @@ -1579,6 +1585,56 @@ def get_oidc_issuer_profile(self) -> ManagedClusterOIDCIssuerProfile: return profile + def get_workload_identity_profile(self) -> Optional[ManagedClusterSecurityProfileWorkloadIdentity]: + """Obtrain the value of security_profile.workload_identity. + + :return: Optional[ManagedClusterSecurityProfileWorkloadIdentity] + """ + enable_workload_identity = self.raw_param.get("enable_workload_identity") + disable_workload_identity = self.raw_param.get("disable_workload_identity") + if self.decorator_mode == DecoratorMode.CREATE: + # CREATE mode has no --disable-workload-identity flag + disable_workload_identity = None + + if enable_workload_identity is None and disable_workload_identity is None: + # no flags have been set, return None; server side will backfill the default/existing value + return None + + if enable_workload_identity and disable_workload_identity: + raise MutuallyExclusiveArgumentError( + "Cannot specify --enable-workload-identity and " + "--disable-workload-identity at the same time." + ) + + profile = self.models.ManagedClusterSecurityProfileWorkloadIdentity() + if self.decorator_mode == DecoratorMode.CREATE: + profile.enabled = bool(enable_workload_identity) + elif self.decorator_mode == DecoratorMode.UPDATE: + if self.mc.security_profile is not None and self.mc.security_profile.workload_identity is not None: + profile = self.mc.security_profile.workload_identity + if enable_workload_identity: + profile.enabled = True + elif disable_workload_identity: + profile.enabled = False + + if profile.enabled: + # in enable case, we need to check if OIDC issuer has been enabled + oidc_issuer_profile = self.get_oidc_issuer_profile() + if self.decorator_mode == DecoratorMode.UPDATE and oidc_issuer_profile is None: + # if the cluster has enabled OIDC issuer before, in update call: + # + # az aks update --enable-workload-identity + # + # we need to use previous OIDC issuer profile + oidc_issuer_profile = self.mc.oidc_issuer_profile + oidc_issuer_enabled = oidc_issuer_profile is not None and oidc_issuer_profile.enabled + if not oidc_issuer_enabled: + raise RequiredArgumentMissingError( + "Enabling workload identity requires enabling OIDC issuer (--enable-oidc-issuer)." + ) + + return profile + def get_crg_id(self) -> str: """Obtain the values of crg_id. @@ -1992,6 +2048,24 @@ def set_up_oidc_issuer_profile(self, mc: ManagedCluster) -> ManagedCluster: return mc + def set_up_workload_identity_profile(self, mc: ManagedCluster) -> ManagedCluster: + """Set up workload identity for the ManagedCluster object. + + :return: the ManagedCluster object + """ + profile = self.context.get_workload_identity_profile() + if profile is None: + if mc.security_profile is not None: + # set the value to None to let server side to fill in the default value + mc.security_profile.workload_identity = None + return mc + + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + mc.security_profile.workload_identity = profile + + return mc + def set_up_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster: """Set up security profile azureKeyVaultKms for the ManagedCluster object. @@ -2028,6 +2102,7 @@ def construct_mc_preview_profile(self) -> ManagedCluster: # set up pod identity profile mc = self.set_up_pod_identity_profile(mc) mc = self.set_up_oidc_issuer_profile(mc) + mc = self.set_up_workload_identity_profile(mc) mc = self.set_up_azure_keyvault_kms(mc) return mc @@ -2181,7 +2256,9 @@ def check_raw_parameters(self): '"--nodepool-labels" or ' '"--enable-oidc-issuer" or ' '"--http-proxy-config" or ' - '"--enable-azure-keyvault-kms".' + '"--enable-azure-keyvault-kms" or ' + '"--enable-workload-identity" or ' + '"--disable-workload-identity".' ) def update_load_balancer_profile(self, mc: ManagedCluster) -> ManagedCluster: @@ -2317,6 +2394,26 @@ def update_oidc_issuer_profile(self, mc: ManagedCluster) -> ManagedCluster: return mc + def update_workload_identity_profile(self, mc: ManagedCluster) -> ManagedCluster: + """Update workload identity profile for the ManagedCluster object. + + :return: the ManagedCluster object + """ + self._ensure_mc(mc) + + profile = self.context.get_workload_identity_profile() + if profile is None: + if mc.security_profile is not None: + # set the value to None to let server side to fill in the default value + mc.security_profile.workload_identity = None + return mc + + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + mc.security_profile.workload_identity = profile + + return mc + def update_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster: """Update security profile azureKeyvaultKms for the ManagedCluster object. @@ -2368,6 +2465,7 @@ def update_mc_preview_profile(self) -> ManagedCluster: # update pod identity profile mc = self.update_pod_identity_profile(mc) mc = self.update_oidc_issuer_profile(mc) + mc = self.update_workload_identity_profile(mc) mc = self.update_http_proxy_config(mc) mc = self.update_azure_keyvault_kms(mc) return mc diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py index 96dacbece67..5a2c7ff96fe 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py @@ -1649,6 +1649,121 @@ def test_get_oidc_issuer_profile__update_enable(self): self.assertIsNotNone(profile) self.assertTrue(profile.enabled) + def test_get_workload_identity_profile__create_no_set(self): + ctx = AKSPreviewContext( + self.cmd, {}, self.models, decorator_mode=DecoratorMode.CREATE + ) + self.assertIsNone(ctx.get_workload_identity_profile()) + + def test_get_workload_identity_profile__create_enable_without_oidc_issuer(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.CREATE + ) + with self.assertRaises(RequiredArgumentMissingError): + ctx.get_workload_identity_profile() + + def test_get_workload_identity_profile__create_enable_with_oidc_issuer(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_oidc_issuer": True, + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.CREATE + ) + profile = ctx.get_workload_identity_profile() + self.assertTrue(profile.enabled) + + def test_get_workload_identity_profile__update_not_set(self): + ctx = AKSPreviewContext( + self.cmd, {}, self.models, decorator_mode=DecoratorMode.UPDATE + ) + ctx.attach_mc(self.models.ManagedCluster(location="test_location")) + self.assertIsNone(ctx.get_workload_identity_profile()) + + def test_get_workload_identity_profile__update_with_enable_and_disable(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + "disable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + ctx.attach_mc(self.models.ManagedCluster(location="test_location")) + with self.assertRaises(MutuallyExclusiveArgumentError): + ctx.get_workload_identity_profile() + + def test_get_workload_identity_profile__update_with_enable_without_oidc_issuer(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + ctx.attach_mc(self.models.ManagedCluster(location="test_location")) + with self.assertRaises(RequiredArgumentMissingError): + ctx.get_workload_identity_profile() + + def test_get_workload_identity_profile__update_with_enable(self): + for previous_enablement_status in [ + None, # preivous not set + True, # previous set to enabled=true + False, # previous set to enabled=false + ]: + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + if previous_enablement_status is None: + mc.security_profile = None + else: + mc.security_profile = self.models.ManagedClusterSecurityProfile( + workload_identity=self.models.ManagedClusterSecurityProfileWorkloadIdentity( + enabled=previous_enablement_status + ) + ) + ctx.attach_mc(mc) + profile = ctx.get_workload_identity_profile() + self.assertTrue(profile.enabled) + + def test_get_workload_identity_profile__update_with_disable(self): + for previous_enablement_status in [ + None, # preivous not set + True, # previous set to enabled=true + False, # previous set to enabled=false + ]: + ctx = AKSPreviewContext( + self.cmd, + { + "disable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + if previous_enablement_status is None: + mc.security_profile = None + else: + mc.security_profile = self.models.ManagedClusterSecurityProfile( + workload_identity=self.models.ManagedClusterSecurityProfileWorkloadIdentity( + enabled=previous_enablement_status + ) + ) + ctx.attach_mc(mc) + profile = ctx.get_workload_identity_profile() + self.assertFalse(profile.enabled) + def test_get_crg_id(self): # default ctx_1 = AKSPreviewContext( @@ -2744,6 +2859,27 @@ def test_set_up_oidc_issuer_profile__enabled_mc_enabled(self): self.assertIsNotNone(updated_mc.oidc_issuer_profile) self.assertTrue(updated_mc.oidc_issuer_profile.enabled) + def test_set_up_workload_identity_profile__default_value(self): + dec = AKSPreviewCreateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + updated_mc = dec.set_up_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile) + + def test_set_up_workload_identity_profile__enabled(self): + dec = AKSPreviewCreateDecorator( + self.cmd, self.client, + { + "enable_oidc_issuer": True, + "enable_workload_identity": True, + }, + CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + updated_mc = dec.set_up_workload_identity_profile(mc) + self.assertTrue(updated_mc.security_profile.workload_identity.enabled) + def test_set_up_azure_keyvault_kms(self): dec_1 = AKSPreviewCreateDecorator( self.cmd, @@ -3822,6 +3958,57 @@ def test_update_oidc_issuer_profile__enabled_mc_enabled(self): self.assertIsNotNone(updated_mc.oidc_issuer_profile) self.assertTrue(updated_mc.oidc_issuer_profile.enabled) + def test_update_workload_identity_profile__default_value(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile) + + def test_update_workload_identity_profile__default_value_mc_enabled(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.security_profile = self.models.ManagedClusterSecurityProfile( + workload_identity=self.models.ManagedClusterSecurityProfileWorkloadIdentity( + enabled=True, + ) + ) + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile.workload_identity) + + def test_update_workload_identity_profile__enabled(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, + { + "enable_workload_identity": True, + }, + CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertTrue(updated_mc.security_profile.workload_identity.enabled) + + def test_update_workload_identity_profile__disabled(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, + { + "enable_workload_identity": False, + }, + CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertFalse(updated_mc.security_profile.workload_identity.enabled) + def test_update_azure_keyvault_kms(self): dec_1 = AKSPreviewUpdateDecorator( self.cmd, From eb403fef5e89de6a4559fc30bb78bb8d08ed3f88 Mon Sep 17 00:00:00 2001 From: hbc Date: Fri, 15 Apr 2022 14:50:00 +0800 Subject: [PATCH 02/12] feat: bump version --- src/aks-preview/HISTORY.md | 5 +++++ src/aks-preview/setup.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/aks-preview/HISTORY.md b/src/aks-preview/HISTORY.md index 63e9033484e..02805416994 100644 --- a/src/aks-preview/HISTORY.md +++ b/src/aks-preview/HISTORY.md @@ -3,6 +3,11 @@ Release History =============== +0.5.61 +++++++ + +* Add support for managing workload identity feature. + 0.5.60 ++++++ diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 20197ef2bfb..9ae2808d35d 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.60" +VERSION = "0.5.61" CLASSIFIERS = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", From f8265997552d2f489ce2de025bb3dec571491914 Mon Sep 17 00:00:00 2001 From: hbc Date: Fri, 15 Apr 2022 15:16:36 +0800 Subject: [PATCH 03/12] fix: setup workload identity before oidc issuer --- src/aks-preview/azext_aks_preview/decorator.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/decorator.py b/src/aks-preview/azext_aks_preview/decorator.py index 7c93e4d752d..15928bdf044 100644 --- a/src/aks-preview/azext_aks_preview/decorator.py +++ b/src/aks-preview/azext_aks_preview/decorator.py @@ -2101,8 +2101,15 @@ def construct_mc_preview_profile(self) -> ManagedCluster: mc = self.set_up_pod_security_policy(mc) # set up pod identity profile mc = self.set_up_pod_identity_profile(mc) - mc = self.set_up_oidc_issuer_profile(mc) + + # update workload identity & OIDC issuer settings + # NOTE: in current implementation, workload identity settings setup requires checking + # previous OIDC issuer profile. However, the OIDC issuer settings setup will + # overrides the previous OIDC issuer profile based on user input. Therefore, we have + # to make sure the workload identity settings setup is done after OIDC issuer settings. mc = self.set_up_workload_identity_profile(mc) + mc = self.set_up_oidc_issuer_profile(mc) + mc = self.set_up_azure_keyvault_kms(mc) return mc @@ -2464,8 +2471,15 @@ def update_mc_preview_profile(self) -> ManagedCluster: mc = self.update_nat_gateway_profile(mc) # update pod identity profile mc = self.update_pod_identity_profile(mc) - mc = self.update_oidc_issuer_profile(mc) + + # update workload identity & OIDC issuer settings + # NOTE: in current implementation, workload identity settings setup requires checking + # previous OIDC issuer profile. However, the OIDC issuer settings setup will + # overrides the previous OIDC issuer profile based on user input. Therefore, we have + # to make sure the workload identity settings setup is done after OIDC issuer settings. mc = self.update_workload_identity_profile(mc) + mc = self.update_oidc_issuer_profile(mc) + mc = self.update_http_proxy_config(mc) mc = self.update_azure_keyvault_kms(mc) return mc From 1fb9d6ddc00dc9ab096c8b1b57ffab48c31b874a Mon Sep 17 00:00:00 2001 From: hbc Date: Fri, 15 Apr 2022 15:19:20 +0800 Subject: [PATCH 04/12] test: define live tests --- .../tests/latest/test_aks_commands.py | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 4ab26f23fc1..69f61e1bb89 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -3602,6 +3602,74 @@ def test_aks_update_with_oidc_issuer_enabled(self, resource_group, resource_grou self.check('oidcIssuerProfile.enabled', True), ]) + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap') + def test_aks_create_with_workload_identity_enabled(self, resource_group, resource_group_location): + # reset the count so in replay mode the random names will start with 0 + self.test_resources_count = 0 + # kwargs for string formatting + aks_name = self.create_random_name('cliakstest', 16) + + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'location': resource_group_location, + 'resource_type': 'Microsoft.ContainerService/ManagedClusters', + 'ssh_key_value': self.generate_ssh_keys(), + }) + + create_cmd = 'aks create --resource-group={resource_group} --name={name} --location={location} ' \ + '--enable-managed-identity ' \ + '--enable-oidc-issuer ' \ + '--enable-workload-idenitty' \ + '--ssh-key-value={ssh_key_value}' \ + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview' + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('oidcIssuerProfile.enabled', True), + self.check('securityProfile.workloadIdentity.enabled', True), + ]) + + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap') + def test_aks_update_with_workload_identity(self, resource_group, resource_group_location): + # reset the count so in replay mode the random names will start with 0 + self.test_resources_count = 0 + # kwargs for string formatting + aks_name = self.create_random_name('cliakstest', 16) + + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'location': resource_group_location, + 'resource_type': 'Microsoft.ContainerService/ManagedClusters', + 'ssh_key_value': self.generate_ssh_keys(), + }) + + create_cmd = 'aks create --resource-group={resource_group} --name={name} --location={location} ' \ + '--enable-managed-identity ' \ + '--enable-oidc-issuer' \ + '--ssh-key-value={ssh_key_value}' + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + ]) + + enable_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ + '--enable-workload-idenetity' \ + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview' + self.cmd(enable_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('securityProfile.workloadIdentity.enabled', True), + ]) + + disable_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ + '--disable-workload-idenetity' \ + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview' + self.cmd(disable_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('securityProfile.workloadIdentity.disable', True), + ]) + @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_crg_id(self, resource_group, resource_group_location): From 7aa77840ce517df1e25ff08c4c4fdd9a66bcee9b Mon Sep 17 00:00:00 2001 From: hbc Date: Fri, 15 Apr 2022 17:45:02 +0800 Subject: [PATCH 05/12] fix: construct cmd with proper way --- .../tests/latest/test_aks_commands.py | 38 +++++++++++-------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 69f61e1bb89..57215c39c1a 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -3618,12 +3618,12 @@ def test_aks_create_with_workload_identity_enabled(self, resource_group, resourc 'ssh_key_value': self.generate_ssh_keys(), }) - create_cmd = 'aks create --resource-group={resource_group} --name={name} --location={location} ' \ - '--enable-managed-identity ' \ - '--enable-oidc-issuer ' \ - '--enable-workload-idenitty' \ - '--ssh-key-value={ssh_key_value}' \ - '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview' + create_cmd = ' '.join([ + 'aks', 'create', '--resource-group={resource_group}', '--name={name}', '--location={location}', + '--enable-managed-identity', '--enable-oidc-issuer', '--enable-workload-identity', + '--ssh-key-value={ssh_key_value}', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + ]) self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), self.check('oidcIssuerProfile.enabled', True), @@ -3646,25 +3646,31 @@ def test_aks_update_with_workload_identity(self, resource_group, resource_group_ 'ssh_key_value': self.generate_ssh_keys(), }) - create_cmd = 'aks create --resource-group={resource_group} --name={name} --location={location} ' \ - '--enable-managed-identity ' \ - '--enable-oidc-issuer' \ - '--ssh-key-value={ssh_key_value}' + create_cmd = ' '.join([ + 'aks', 'create', '--resource-group={resource_group}', '--name={name}', '--location={location}', + '--enable-managed-identity', '--enable-oidc-issuer', + '--ssh-key-value={ssh_key_value}', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + ]) self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), ]) - enable_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ - '--enable-workload-idenetity' \ - '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview' + enable_cmd = ' '.join([ + 'aks', 'update', '--resource-group={resource_group}', '--name={name}', + '--enable-workload-identity', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + ]) self.cmd(enable_cmd, checks=[ self.check('provisioningState', 'Succeeded'), self.check('securityProfile.workloadIdentity.enabled', True), ]) - disable_cmd = 'aks update --resource-group={resource_group} --name={name} ' \ - '--disable-workload-idenetity' \ - '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview' + disable_cmd = ' '.join([ + 'aks', 'update', '--resource-group={resource_group}', '--name={name}', + '--disable-workload-identity', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + ]) self.cmd(disable_cmd, checks=[ self.check('provisioningState', 'Succeeded'), self.check('securityProfile.workloadIdentity.disable', True), From 2b491ff127d0ec8fbd16a39424f6f6be7f314649 Mon Sep 17 00:00:00 2001 From: hbc Date: Fri, 15 Apr 2022 21:19:03 +0800 Subject: [PATCH 06/12] fix: typo --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 57215c39c1a..014a5f91605 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -3673,7 +3673,7 @@ def test_aks_update_with_workload_identity(self, resource_group, resource_group_ ]) self.cmd(disable_cmd, checks=[ self.check('provisioningState', 'Succeeded'), - self.check('securityProfile.workloadIdentity.disable', True), + self.check('securityProfile.workloadIdentity.enabled', True), ]) @AllowLargeResponse() From 5ed010fb05dd9071f621b3380d015d635575cc9a Mon Sep 17 00:00:00 2001 From: hbc Date: Mon, 18 Apr 2022 15:34:49 +0800 Subject: [PATCH 07/12] fix: typo --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 014a5f91605..1c03dd1a400 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -3673,7 +3673,7 @@ def test_aks_update_with_workload_identity(self, resource_group, resource_group_ ]) self.cmd(disable_cmd, checks=[ self.check('provisioningState', 'Succeeded'), - self.check('securityProfile.workloadIdentity.enabled', True), + self.check('securityProfile.workloadIdentity.enabled', False), ]) @AllowLargeResponse() From 7cbb8e6b004024ab56f9f65816e0e5e97fe57ec0 Mon Sep 17 00:00:00 2001 From: hbc Date: Mon, 18 Apr 2022 16:40:23 +0800 Subject: [PATCH 08/12] test: add recordings --- ...create_with_workload_identity_enabled.yaml | 604 +++++++ ...est_aks_update_with_workload_identity.yaml | 1493 +++++++++++++++++ 2 files changed, 2097 insertions(+) create mode 100644 src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_workload_identity_enabled.yaml create mode 100644 src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_workload_identity.yaml diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_workload_identity_enabled.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_workload_identity_enabled.yaml new file mode 100644 index 00000000000..ff7bd480e04 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_workload_identity_enabled.yaml @@ -0,0 +1,604 @@ +interactions: +- request: + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestxa5hqlks3-8ecadf", + "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "workloadRuntime": + "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "enableNodePublicIP": false, "scaleSetPriority": "Regular", + "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "enableEncryptionAtHost": + false, "enableUltraSSD": false, "enableFIPS": false, "name": "nodepool1"}], + "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {}, "oidcIssuerProfile": + {"enabled": true}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": + {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": + "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false, + "securityProfile": {"workloadIdentity": {"enabled": true}}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1519' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitestxa5hqlks3-8ecadf\",\n \"fqdn\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n }\n },\n \"podCidr\": + \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n \"dnsServiceIP\": + \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n \"outboundType\": + \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/0ab20aca-0f31-4807-827e-ce15da97a0b3/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3203' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\",\n \"endTime\": + \"2022-04-18T07:44:46.0468336Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitestxa5hqlks3-8ecadf\",\n \"fqdn\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/fbf58988-36de-4306-be8d-841a64aba381\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/0ab20aca-0f31-4807-827e-ce15da97a0b3/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3856' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_workload_identity.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_workload_identity.yaml new file mode 100644 index 00000000000..c3c88863246 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_workload_identity.yaml @@ -0,0 +1,1493 @@ +interactions: +- request: + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitesttkedmzmgr-8ecadf", + "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "workloadRuntime": + "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "enableNodePublicIP": false, "scaleSetPriority": "Regular", + "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "enableEncryptionAtHost": + false, "enableUltraSSD": false, "enableFIPS": false, "name": "nodepool1"}], + "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {}, "oidcIssuerProfile": + {"enabled": true}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": + {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": + "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1459' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n }\n },\n \"podCidr\": + \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n \"dnsServiceIP\": + \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n \"outboundType\": + \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"oidcIssuerProfile\": {\n \"enabled\": true,\n \"issuerURL\": + \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3146' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\",\n \"endTime\": + \"2022-04-18T07:44:50.1855296Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '165' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"oidcIssuerProfile\": {\n \"enabled\": true,\n \"issuerURL\": + \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3799' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:05 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"oidcIssuerProfile\": {\n \"enabled\": true,\n \"issuerURL\": + \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3799' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:06 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "sku": {"name": "Basic", "tier": "Free"}, "identity": + {"type": "SystemAssigned"}, "properties": {"kubernetesVersion": "1.21.9", "dnsPrefix": + "cliakstest-clitesttkedmzmgr-8ecadf", "agentPoolProfiles": [{"count": 3, "vmSize": + "Standard_DS2_v2", "osDiskSizeGB": 128, "osDiskType": "Managed", "kubeletDiskType": + "OS", "workloadRuntime": "OCIContainer", "maxPods": 110, "osType": "Linux", + "osSKU": "Ubuntu", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "currentOrchestratorVersion": "1.21.9", "powerState": {"code": + "Running"}, "enableNodePublicIP": false, "enableEncryptionAtHost": false, "enableUltraSSD": + false, "enableFIPS": false, "name": "nodepool1"}], "linuxProfile": {"adminUsername": + "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "servicePrincipalProfile": {"clientId":"00000000-0000-0000-0000-000000000001"}, + "nodeResourceGroup": "MC_clitest000001_cliakstest000001_westus2", "enableRBAC": + true, "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": + "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": + "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", + "loadBalancerSku": "Standard", "loadBalancerProfile": {"managedOutboundIPs": + {"count": 1, "countIPv6": 0}, "effectiveOutboundIPs": [{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f"}]}, + "podCidrs": ["10.244.0.0/16"], "serviceCidrs": ["10.0.0.0/16"], "ipFamilies": + ["IPv4"]}, "identityProfile": {"kubeletidentity": {"resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool", + "clientId":"00000000-0000-0000-0000-000000000001", "objectId":"00000000-0000-0000-0000-000000000001"}}, + "disableLocalAccounts": false, "securityProfile": {"workloadIdentity": {"enabled": + true}}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + Content-Length: + - '2494' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Updating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Updating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3854' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"d9c87a71-d726-1340-aa38-6e2b27683cac\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:45:08.6033333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"d9c87a71-d726-1340-aa38-6e2b27683cac\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:45:08.6033333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"d9c87a71-d726-1340-aa38-6e2b27683cac\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:45:08.6033333Z\",\n \"endTime\": + \"2022-04-18T07:46:24.356849Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '169' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3856' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3856' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:39 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "sku": {"name": "Basic", "tier": "Free"}, "identity": + {"type": "SystemAssigned"}, "properties": {"kubernetesVersion": "1.21.9", "dnsPrefix": + "cliakstest-clitesttkedmzmgr-8ecadf", "agentPoolProfiles": [{"count": 3, "vmSize": + "Standard_DS2_v2", "osDiskSizeGB": 128, "osDiskType": "Managed", "kubeletDiskType": + "OS", "workloadRuntime": "OCIContainer", "maxPods": 110, "osType": "Linux", + "osSKU": "Ubuntu", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "currentOrchestratorVersion": "1.21.9", "powerState": {"code": + "Running"}, "enableNodePublicIP": false, "enableEncryptionAtHost": false, "enableUltraSSD": + false, "enableFIPS": false, "name": "nodepool1"}], "linuxProfile": {"adminUsername": + "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "servicePrincipalProfile": {"clientId":"00000000-0000-0000-0000-000000000001"}, + "nodeResourceGroup": "MC_clitest000001_cliakstest000001_westus2", "enableRBAC": + true, "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": + "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": + "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", + "loadBalancerSku": "Standard", "loadBalancerProfile": {"managedOutboundIPs": + {"count": 1, "countIPv6": 0}, "effectiveOutboundIPs": [{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f"}]}, + "podCidrs": ["10.244.0.0/16"], "serviceCidrs": ["10.0.0.0/16"], "ipFamilies": + ["IPv4"]}, "identityProfile": {"kubeletidentity": {"resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool", + "clientId":"00000000-0000-0000-0000-000000000001", "objectId":"00000000-0000-0000-0000-000000000001"}}, + "disableLocalAccounts": false, "securityProfile": {"workloadIdentity": {"enabled": + false}}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + Content-Length: + - '2495' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Updating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Updating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": false\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3855' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:42 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"4e7ac2a6-bf42-fc45-8816-3d6c5e3102ef\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:46:41.9333333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:47:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"4e7ac2a6-bf42-fc45-8816-3d6c5e3102ef\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:46:41.9333333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:47:41 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"4e7ac2a6-bf42-fc45-8816-3d6c5e3102ef\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:46:41.9333333Z\",\n \"endTime\": + \"2022-04-18T07:47:50.7653813Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:48:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": false\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3857' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:48:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 From 44dd722dbd43ff1afb0fde59330701397a415d18 Mon Sep 17 00:00:00 2001 From: hbc Date: Mon, 18 Apr 2022 17:14:25 +0800 Subject: [PATCH 09/12] fix: lint issues --- src/aks-preview/linter_exclusions.yml | 29 ++++++++++++++++++--------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/src/aks-preview/linter_exclusions.yml b/src/aks-preview/linter_exclusions.yml index 38e717f280d..62d52a3eb8f 100644 --- a/src/aks-preview/linter_exclusions.yml +++ b/src/aks-preview/linter_exclusions.yml @@ -2,37 +2,46 @@ aks create: parameters: enable_sgxquotehelper: rule_exclusions: - - option_length_too_long + - option_length_too_long enable_pod_identity_with_kubenet: rule_exclusions: - - option_length_too_long + - option_length_too_long enable_azure_keyvault_kms: rule_exclusions: - - option_length_too_long + - option_length_too_long azure_keyvault_kms_key_id: rule_exclusions: - - option_length_too_long + - option_length_too_long + enable_workload_identity: + rule_exclusions: + - option_length_too_long aks delete: parameters: ignore_pod_disruption_budget: rule_exclusions: - - option_length_too_long + - option_length_too_long aks enable-addons: parameters: enable_sgxquotehelper: rule_exclusions: - - option_length_too_long + - option_length_too_long aks update: parameters: enable_pod_identity_with_kubenet: rule_exclusions: - - option_length_too_long + - option_length_too_long disable_secret_rotation: rule_exclusions: - - option_length_too_long + - option_length_too_long enable_azure_keyvault_kms: rule_exclusions: - - option_length_too_long + - option_length_too_long azure_keyvault_kms_key_id: rule_exclusions: - - option_length_too_long + - option_length_too_long + enable_workload_identity: + rule_exclusions: + - option_length_too_long + disable_workload_identity: + rule_exclusions: + - option_length_too_long From f9488c279386241e7cb5326856fbf9f388171b2b Mon Sep 17 00:00:00 2001 From: hbc Date: Mon, 18 Apr 2022 17:30:53 +0800 Subject: [PATCH 10/12] test: add test coverage --- .../azext_aks_preview/tests/latest/test_decorator.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py index 5a2c7ff96fe..1f82d31e94c 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py @@ -2867,6 +2867,15 @@ def test_set_up_workload_identity_profile__default_value(self): updated_mc = dec.set_up_workload_identity_profile(mc) self.assertIsNone(updated_mc.security_profile) + def test_set_up_workload_identity_profile__default_value_with_security_profile(self): + dec = AKSPreviewCreateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.security_profile = self.models.ManagedClusterSecurityProfile() + updated_mc = dec.set_up_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile.workload_identity) + def test_set_up_workload_identity_profile__enabled(self): dec = AKSPreviewCreateDecorator( self.cmd, self.client, From 2268841342fff5684099d195737cfc52902c393f Mon Sep 17 00:00:00 2001 From: hbc Date: Mon, 18 Apr 2022 18:50:56 +0800 Subject: [PATCH 11/12] chore: update version --- src/aks-preview/HISTORY.md | 9 +++++---- src/aks-preview/setup.py | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/aks-preview/HISTORY.md b/src/aks-preview/HISTORY.md index 18cf130b42e..8a3eb01d039 100644 --- a/src/aks-preview/HISTORY.md +++ b/src/aks-preview/HISTORY.md @@ -2,15 +2,16 @@ Release History =============== -0.5.61 -++++++ -* Add support for `--format` parameter in `az aks get-credentials` command. -0.5.61 +0.5.62 ++++++ * Add support for managing workload identity feature. +0.5.61 +++++++ +* Add support for `--format` parameter in `az aks get-credentials` command. + 0.5.60 ++++++ diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 9ae2808d35d..26d74b11136 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.61" +VERSION = "0.5.62" CLASSIFIERS = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", From 39af8f2e98d2a0c041b8a67ebe38a060f33bcd85 Mon Sep 17 00:00:00 2001 From: hbc Date: Mon, 18 Apr 2022 18:52:21 +0800 Subject: [PATCH 12/12] fix: update custom headers --- .../azext_aks_preview/tests/latest/test_aks_commands.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 1c03dd1a400..6ce92675e95 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -3622,7 +3622,7 @@ def test_aks_create_with_workload_identity_enabled(self, resource_group, resourc 'aks', 'create', '--resource-group={resource_group}', '--name={name}', '--location={location}', '--enable-managed-identity', '--enable-oidc-issuer', '--enable-workload-identity', '--ssh-key-value={ssh_key_value}', - '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview,AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableOIDCIssuerPreview', ]) self.cmd(create_cmd, checks=[ self.check('provisioningState', 'Succeeded'), @@ -3659,7 +3659,7 @@ def test_aks_update_with_workload_identity(self, resource_group, resource_group_ enable_cmd = ' '.join([ 'aks', 'update', '--resource-group={resource_group}', '--name={name}', '--enable-workload-identity', - '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview,AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableOIDCIssuerPreview', ]) self.cmd(enable_cmd, checks=[ self.check('provisioningState', 'Succeeded'), @@ -3669,7 +3669,7 @@ def test_aks_update_with_workload_identity(self, resource_group, resource_group_ disable_cmd = ' '.join([ 'aks', 'update', '--resource-group={resource_group}', '--name={name}', '--disable-workload-identity', - '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview,AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableOIDCIssuerPreview', ]) self.cmd(disable_cmd, checks=[ self.check('provisioningState', 'Succeeded'),