From 0c3d90f75aa7166dd8db8faa40641696bf42bc22 Mon Sep 17 00:00:00 2001 From: longwan Date: Mon, 22 May 2023 05:26:36 -0700 Subject: [PATCH 1/9] Change the default value of `--enable-msi-auth-for-monitoring` to true --- src/aks-preview/HISTORY.rst | 1 + .../azext_aks_preview/addonconfiguration.py | 57 ++++--------------- src/aks-preview/azext_aks_preview/custom.py | 31 +++++----- 3 files changed, 24 insertions(+), 65 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 038194b61fd..86c755e3e72 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -15,6 +15,7 @@ Pending 0.5.139 * `az aks create` and `az aks nodepool add`: Add warning message when specifying `--os-sku` to `Mariner` or `CBLMariner`. +* `az aks create` and `az aks enable-addons`: Change the default value of `--enable-msi-auth-for-monitoring` to `true` and add check for airgap clouds 0.5.138 +++++++ diff --git a/src/aks-preview/azext_aks_preview/addonconfiguration.py b/src/aks-preview/azext_aks_preview/addonconfiguration.py index 509e478cb07..1fab549ca32 100644 --- a/src/aks-preview/azext_aks_preview/addonconfiguration.py +++ b/src/aks-preview/azext_aks_preview/addonconfiguration.py @@ -61,7 +61,7 @@ def enable_addons(cmd, rotation_poll_interval=None, no_wait=False, dns_zone_resource_id=None, - enable_msi_auth_for_monitoring=False, + enable_msi_auth_for_monitoring=True, enable_syslog=False, data_collection_settings=None): instance = client.get(resource_group_name, name) @@ -139,17 +139,7 @@ def enable_addons(cmd, # adding a wait here since we rely on the result for role assignment result = LongRunningOperation(cmd.cli_ctx)( client.begin_create_or_update(resource_group_name, name, instance)) - cloud_name = cmd.cli_ctx.cloud.name - # mdm metrics supported only in Azure Public cloud so add the role assignment only in this cloud - if monitoring_addon_enabled and cloud_name.lower() == 'azurecloud': - from msrestazure.tools import resource_id - cluster_resource_id = resource_id( - subscription=subscription_id, - resource_group=resource_group_name, - namespace='Microsoft.ContainerService', type='managedClusters', - name=name - ) - add_monitoring_role_assignment(result, cluster_resource_id, cmd) + if ingress_appgw_addon_enabled: add_ingress_appgw_addon_role_assignment(result, cmd) if enable_virtual_node: @@ -177,7 +167,7 @@ def update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements enable, check_enabled=True, workspace_resource_id=None, - enable_msi_auth_for_monitoring=False, + enable_msi_auth_for_monitoring=True, subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, @@ -262,9 +252,15 @@ def update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements workspace_resource_id = sanitize_loganalytics_ws_resource_id( workspace_resource_id) + cloud_name = cmd.cli_ctx.cloud.name + if enable_msi_auth_for_monitoring and (cloud_name.lower() == 'ussec' or cloud_name.lower() == 'usnat'): + if instance.identity is not None and instance.identity.type is not None and instance.identity.type == "userassigned": + logger.warning("--enable_msi_auth_for_monitoring is not supported in %s cloud and continuing monitoring enablement without this flag.", cloud_name) + enable_msi_auth_for_monitoring = False + addon_profile.config = { logAnalyticsConstName: workspace_resource_id} - addon_profile.config[CONST_MONITORING_USING_AAD_MSI_AUTH] = enable_msi_auth_for_monitoring + addon_profile.config[CONST_MONITORING_USING_AAD_MSI_AUTH] = "true" if enable_msi_auth_for_monitoring else "false" elif addon == (CONST_VIRTUAL_NODE_ADDON_NAME + os_type): if addon_profile.enabled and check_enabled: raise CLIError('The virtual-node addon is already enabled for this managed cluster.\n' @@ -348,39 +344,6 @@ def update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements return instance -def add_monitoring_role_assignment(result, cluster_resource_id, cmd): - service_principal_msi_id = None - # Check if service principal exists, if it does, assign permissions to service principal - # Else, provide permissions to MSI - if ( - hasattr(result, 'service_principal_profile') and - hasattr(result.service_principal_profile, 'client_id') and - result.service_principal_profile.client_id != 'msi' - ): - logger.info('valid service principal exists, using it') - service_principal_msi_id = result.service_principal_profile.client_id - is_service_principal = True - elif ( - (hasattr(result, 'addon_profiles')) and - (CONST_MONITORING_ADDON_NAME in result.addon_profiles) and - (hasattr(result.addon_profiles[CONST_MONITORING_ADDON_NAME], 'identity')) and - (hasattr( - result.addon_profiles[CONST_MONITORING_ADDON_NAME].identity, 'object_id')) - ): - logger.info('omsagent MSI exists, using it') - service_principal_msi_id = result.addon_profiles[CONST_MONITORING_ADDON_NAME].identity.object_id - is_service_principal = False - - if service_principal_msi_id is not None: - if not add_role_assignment(cmd, 'Monitoring Metrics Publisher', - service_principal_msi_id, is_service_principal, scope=cluster_resource_id): - logger.warning('Could not create a role assignment for Monitoring addon. ' - 'Are you an Owner on this subscription?') - else: - logger.warning('Could not find service principal or user assigned MSI for role' - 'assignment') - - def add_ingress_appgw_addon_role_assignment(result, cmd): service_principal_msi_id = None # Check if service principal exists, if it does, assign permissions to service principal diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 82eecb6a694..c26205d415b 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -62,7 +62,6 @@ from azext_aks_preview._resourcegroup import get_rg_location from azext_aks_preview.addonconfiguration import ( add_ingress_appgw_addon_role_assignment, - add_monitoring_role_assignment, add_virtual_node_role_assignment, enable_addons, ) @@ -500,7 +499,7 @@ def aks_create( # addons enable_addons=None, workspace_resource_id=None, - enable_msi_auth_for_monitoring=False, + enable_msi_auth_for_monitoring=True, enable_syslog=False, data_collection_settings=None, aci_subnet_name=None, @@ -1455,7 +1454,7 @@ def aks_addon_enable(cmd, client, resource_group_name, name, addon, workspace_re subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, appgw_subnet_id=None, appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, - no_wait=False, enable_msi_auth_for_monitoring=False, + no_wait=False, enable_msi_auth_for_monitoring=True, dns_zone_resource_id=None, enable_syslog=False, data_collection_settings=None): return enable_addons(cmd, client, resource_group_name, name, addon, workspace_resource_id=workspace_resource_id, subnet_name=subnet_name, appgw_name=appgw_name, appgw_subnet_prefix=appgw_subnet_prefix, @@ -1475,7 +1474,7 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, appgw_subnet_id=None, appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, - no_wait=False, enable_msi_auth_for_monitoring=False, + no_wait=False, enable_msi_auth_for_monitoring=True, dns_zone_resource_id=None, enable_syslog=False, data_collection_settings=None): instance = client.get(resource_group_name, name) addon_profiles = instance.addon_profiles @@ -1543,7 +1542,7 @@ def aks_disable_addons(cmd, client, resource_group_name, name, addons, no_wait=F def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_resource_id=None, subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, appgw_subnet_id=None, - appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, no_wait=False, enable_msi_auth_for_monitoring=False, + appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, no_wait=False, enable_msi_auth_for_monitoring=True, dns_zone_resource_id=None, enable_syslog=False, data_collection_settings=None): instance = client.get(resource_group_name, name) @@ -1610,17 +1609,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_ # adding a wait here since we rely on the result for role assignment result = LongRunningOperation(cmd.cli_ctx)( client.begin_create_or_update(resource_group_name, name, instance)) - cloud_name = cmd.cli_ctx.cloud.name - # mdm metrics supported only in Azure Public cloud so add the role assignment only in this cloud - if monitoring and cloud_name.lower() == 'azurecloud': - from msrestazure.tools import resource_id - cluster_resource_id = resource_id( - subscription=subscription_id, - resource_group=resource_group_name, - namespace='Microsoft.ContainerService', type='managedClusters', - name=name - ) - add_monitoring_role_assignment(result, cluster_resource_id, cmd) + if ingress_appgw_addon_enabled: add_ingress_appgw_addon_role_assignment(result, cmd) if enable_virtual_node: @@ -1651,7 +1640,7 @@ def _update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements addons, enable, workspace_resource_id=None, - enable_msi_auth_for_monitoring=False, + enable_msi_auth_for_monitoring=True, subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, @@ -1736,9 +1725,15 @@ def _update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements workspace_resource_id = sanitize_loganalytics_ws_resource_id( workspace_resource_id) + cloud_name = cmd.cli_ctx.cloud.name + if enable_msi_auth_for_monitoring and (cloud_name.lower() == 'ussec' or cloud_name.lower() == 'usnat'): + if instance.identity is not None and instance.identity.type is not None and instance.identity.type == "userassigned": + logger.warning("--enable_msi_auth_for_monitoring is not supported in %s cloud and continuing monitoring enablement without this flag.", cloud_name) + enable_msi_auth_for_monitoring = False + addon_profile.config = { logAnalyticsConstName: workspace_resource_id} - addon_profile.config[CONST_MONITORING_USING_AAD_MSI_AUTH] = enable_msi_auth_for_monitoring + addon_profile.config[CONST_MONITORING_USING_AAD_MSI_AUTH] = "true" if enable_msi_auth_for_monitoring else "false" elif addon == (CONST_VIRTUAL_NODE_ADDON_NAME + os_type): if addon_profile.enabled: raise CLIError('The virtual-node addon is already enabled for this managed cluster.\n' From ce356ddd87a2f5cd5f14431d649a95bec3bacfce Mon Sep 17 00:00:00 2001 From: longwan Date: Mon, 22 May 2023 06:01:04 -0700 Subject: [PATCH 2/9] remove default value for addon update --- src/aks-preview/azext_aks_preview/custom.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index c26205d415b..4b026d01208 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1474,7 +1474,7 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, appgw_subnet_id=None, appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, - no_wait=False, enable_msi_auth_for_monitoring=True, + no_wait=False, enable_msi_auth_for_monitoring=None, dns_zone_resource_id=None, enable_syslog=False, data_collection_settings=None): instance = client.get(resource_group_name, name) addon_profiles = instance.addon_profiles From ac190ebc34ef977d7d34a5cc058d5901f5886a69 Mon Sep 17 00:00:00 2001 From: longwan Date: Mon, 22 May 2023 16:08:02 -0700 Subject: [PATCH 3/9] default need to be true --- src/aks-preview/azext_aks_preview/custom.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 4b026d01208..c26205d415b 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1474,7 +1474,7 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, appgw_subnet_id=None, appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, - no_wait=False, enable_msi_auth_for_monitoring=None, + no_wait=False, enable_msi_auth_for_monitoring=True, dns_zone_resource_id=None, enable_syslog=False, data_collection_settings=None): instance = client.get(resource_group_name, name) addon_profiles = instance.addon_profiles From 49d883dd8e6cd1f7eb3ad7138856df6e2f67b570 Mon Sep 17 00:00:00 2001 From: longwan Date: Mon, 22 May 2023 16:18:05 -0700 Subject: [PATCH 4/9] update wording --- src/aks-preview/HISTORY.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 86c755e3e72..23672714bf3 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -15,7 +15,7 @@ Pending 0.5.139 * `az aks create` and `az aks nodepool add`: Add warning message when specifying `--os-sku` to `Mariner` or `CBLMariner`. -* `az aks create` and `az aks enable-addons`: Change the default value of `--enable-msi-auth-for-monitoring` to `true` and add check for airgap clouds +* `az aks create` and `az aks enable-addons`: Change the default value of `--enable-msi-auth-for-monitoring` to `true` and add check for airgap clouds for monitoring addon 0.5.138 +++++++ From fd76f3ee478fb52e05a46dbc4a0af7c3752183ac Mon Sep 17 00:00:00 2001 From: longwan Date: Mon, 22 May 2023 16:40:16 -0700 Subject: [PATCH 5/9] add default value for aks_addon_update --- src/aks-preview/azext_aks_preview/custom.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index c26205d415b..ff83f36c522 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1474,7 +1474,7 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re subnet_name=None, appgw_name=None, appgw_subnet_prefix=None, appgw_subnet_cidr=None, appgw_id=None, appgw_subnet_id=None, appgw_watch_namespace=None, enable_sgxquotehelper=False, enable_secret_rotation=False, rotation_poll_interval=None, - no_wait=False, enable_msi_auth_for_monitoring=True, + no_wait=False, enable_msi_auth_for_monitoring=None, dns_zone_resource_id=None, enable_syslog=False, data_collection_settings=None): instance = client.get(resource_group_name, name) addon_profiles = instance.addon_profiles @@ -1482,6 +1482,10 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re if addon == "web_application_routing": if (instance.ingress_profile is None) or (instance.ingress_profile.web_app_routing is None) or not instance.ingress_profile.web_app_routing.enabled: raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') + + if addon == "monitoring" and enable_msi_auth_for_monitoring is None: + enable_msi_auth_for_monitoring = True + else: addon_key = ADDONS[addon] if not addon_profiles or addon_key not in addon_profiles or not addon_profiles[addon_key].enabled: From edf1defca6bfc18b05a7f9d81fcf98291fb64c4c Mon Sep 17 00:00:00 2001 From: longwan Date: Mon, 22 May 2023 17:06:16 -0700 Subject: [PATCH 6/9] fix style --- src/aks-preview/azext_aks_preview/custom.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index ff83f36c522..96ef4d841e6 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1482,7 +1482,7 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re if addon == "web_application_routing": if (instance.ingress_profile is None) or (instance.ingress_profile.web_app_routing is None) or not instance.ingress_profile.web_app_routing.enabled: raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') - + if addon == "monitoring" and enable_msi_auth_for_monitoring is None: enable_msi_auth_for_monitoring = True From 4b226ebfe189bd16ee3d5415d7000a9bb24794a1 Mon Sep 17 00:00:00 2001 From: longwan Date: Mon, 22 May 2023 19:48:38 -0700 Subject: [PATCH 7/9] release new version per comment --- src/aks-preview/HISTORY.rst | 6 +++++- src/aks-preview/setup.py | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 23672714bf3..6f48e9b2ccb 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -13,9 +13,13 @@ Pending +++++++ * Vendor new SDK and bump API version to 2023-04-02-preview. +0.5.140 ++++++++ +* `az aks create` and `az aks enable-addons`: Change the default value of `--enable-msi-auth-for-monitoring` to `true` and add check for airgap clouds for monitoring addon + 0.5.139 ++++++++ * `az aks create` and `az aks nodepool add`: Add warning message when specifying `--os-sku` to `Mariner` or `CBLMariner`. -* `az aks create` and `az aks enable-addons`: Change the default value of `--enable-msi-auth-for-monitoring` to `true` and add check for airgap clouds for monitoring addon 0.5.138 +++++++ diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index d3c37dd27a5..5150c18a453 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.139" +VERSION = "0.5.140" CLASSIFIERS = [ "Development Status :: 4 - Beta", From 0840717cae5dadc34487f88e575c1386ffe6b3f3 Mon Sep 17 00:00:00 2001 From: longwan Date: Wed, 24 May 2023 16:21:47 -0700 Subject: [PATCH 8/9] address live tests --- .../azext_aks_preview/addonconfiguration.py | 9 ++++++++- src/aks-preview/azext_aks_preview/custom.py | 9 ++++++++- .../tests/latest/test_aks_commands.py | 11 ++++------- .../tests/latest/test_managed_cluster_decorator.py | 2 +- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/addonconfiguration.py b/src/aks-preview/azext_aks_preview/addonconfiguration.py index 1fab549ca32..55fd5a7ebed 100644 --- a/src/aks-preview/azext_aks_preview/addonconfiguration.py +++ b/src/aks-preview/azext_aks_preview/addonconfiguration.py @@ -66,7 +66,11 @@ def enable_addons(cmd, data_collection_settings=None): instance = client.get(resource_group_name, name) # this is overwritten by _update_addons(), so the value needs to be recorded here - msi_auth = True if instance.service_principal_profile.client_id == "msi" else False + msi_auth = False + if instance.service_principal_profile.client_id == "msi": + msi_auth = True + else: + enable_msi_auth_for_monitoring = False subscription_id = get_subscription_id(cmd.cli_ctx) instance = update_addons(cmd, instance, subscription_id, resource_group_name, name, addons, enable=True, @@ -189,6 +193,9 @@ def update_addons(cmd, # pylint: disable=too-many-branches,too-many-statements os_type = 'Linux' + if instance.service_principal_profile.client_id != "msi": + enable_msi_auth_for_monitoring = False + # load model ManagedClusterAddonProfile = cmd.get_models( "ManagedClusterAddonProfile", diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 96ef4d841e6..6b4adee61db 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1479,6 +1479,9 @@ def aks_addon_update(cmd, client, resource_group_name, name, addon, workspace_re instance = client.get(resource_group_name, name) addon_profiles = instance.addon_profiles + if instance.service_principal_profile.client_id != "msi": + enable_msi_auth_for_monitoring = False + if addon == "web_application_routing": if (instance.ingress_profile is None) or (instance.ingress_profile.web_app_routing is None) or not instance.ingress_profile.web_app_routing.enabled: raise InvalidArgumentValueError(f'Addon "{addon}" is not enabled in this cluster.') @@ -1551,7 +1554,11 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_ instance = client.get(resource_group_name, name) # this is overwritten by _update_addons(), so the value needs to be recorded here - msi_auth = True if instance.service_principal_profile.client_id == "msi" else False + msi_auth = False + if instance.service_principal_profile.client_id == "msi": + msi_auth = True + else: + enable_msi_auth_for_monitoring = False subscription_id = get_subscription_id(cmd.cli_ctx) instance = _update_addons(cmd, instance, subscription_id, resource_group_name, name, addons, enable=True, diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 7e4f5436317..ae680cbda79 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -2756,7 +2756,6 @@ def create_new_cluster_with_monitoring_aad_auth(self, resource_group, resource_g create_cmd = f'aks create --resource-group={resource_group} --name={aks_name} --location={resource_group_location} ' \ '--enable-managed-identity ' \ '--enable-addons monitoring ' \ - '--enable-msi-auth-for-monitoring ' \ '--node-count 1 ' \ '--ssh-key-value={ssh_key_value} ' create_cmd += f'--assign-identity {identity_id} ' if user_assigned_identity else '' @@ -2765,7 +2764,7 @@ def create_new_cluster_with_monitoring_aad_auth(self, resource_group, resource_g response = self.cmd(create_cmd, checks=[ self.check('addonProfiles.omsagent.enabled', True), - self.check('addonProfiles.omsagent.config.useAADAuth', 'True') + self.check('addonProfiles.omsagent.config.useAADAuth', 'true') ]).get_output_in_json() cluster_resource_id = response["id"] @@ -2895,14 +2894,13 @@ def enable_monitoring_existing_cluster_aad_atuh(self, resource_group, resource_g enable_monitoring_cmd = 'aks addon enable -a monitoring ' else: enable_monitoring_cmd = 'aks enable-addons -a monitoring ' - enable_monitoring_cmd += f'--resource-group={resource_group} --name={aks_name} ' \ - '--enable-msi-auth-for-monitoring ' + enable_monitoring_cmd += f'--resource-group={resource_group} --name={aks_name} ' if syslog_enabled: enable_monitoring_cmd += f'--enable-syslog ' response = self.cmd(enable_monitoring_cmd, checks=[ self.check('addonProfiles.omsagent.enabled', True), - self.check('addonProfiles.omsagent.config.useAADAuth', 'True') + self.check('addonProfiles.omsagent.config.useAADAuth', 'true') ]).get_output_in_json() cluster_resource_id = response["id"] @@ -2963,8 +2961,7 @@ def test_aks_create_with_monitoring_legacy_auth(self, resource_group, resource_g response = self.cmd(create_cmd, checks=[ self.check('addonProfiles.omsagent.enabled', True), self.exists( - 'addonProfiles.omsagent.config.logAnalyticsWorkspaceResourceID'), - self.check('addonProfiles.omsagent.config.useAADAuth', 'False') + 'addonProfiles.omsagent.config.logAnalyticsWorkspaceResourceID') ]).get_output_in_json() # make sure a DCR was not created diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index f6612c49eee..32369291e4e 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -3631,7 +3631,7 @@ def test_set_up_addon_profiles(self): enabled=True, config={ CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID: "/test_workspace_resource_id", - CONST_MONITORING_USING_AAD_MSI_AUTH: "True", + CONST_MONITORING_USING_AAD_MSI_AUTH: "true", }, ), CONST_INGRESS_APPGW_ADDON_NAME: self.models.ManagedClusterAddonProfile( From a38b47a9ba4d42f47cbc733cd4997dfa7871040c Mon Sep 17 00:00:00 2001 From: longwan Date: Wed, 24 May 2023 20:19:41 -0700 Subject: [PATCH 9/9] update --- src/aks-preview/azext_aks_preview/addonconfiguration.py | 2 +- src/aks-preview/azext_aks_preview/custom.py | 2 +- .../tests/latest/test_managed_cluster_decorator.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/aks-preview/azext_aks_preview/addonconfiguration.py b/src/aks-preview/azext_aks_preview/addonconfiguration.py index 55fd5a7ebed..30bd6a83a37 100644 --- a/src/aks-preview/azext_aks_preview/addonconfiguration.py +++ b/src/aks-preview/azext_aks_preview/addonconfiguration.py @@ -66,7 +66,7 @@ def enable_addons(cmd, data_collection_settings=None): instance = client.get(resource_group_name, name) # this is overwritten by _update_addons(), so the value needs to be recorded here - msi_auth = False + msi_auth = False if instance.service_principal_profile.client_id == "msi": msi_auth = True else: diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 6b4adee61db..30d217db4d6 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1554,7 +1554,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons, workspace_ instance = client.get(resource_group_name, name) # this is overwritten by _update_addons(), so the value needs to be recorded here - msi_auth = False + msi_auth = False if instance.service_principal_profile.client_id == "msi": msi_auth = True else: diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 32369291e4e..f6612c49eee 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -3631,7 +3631,7 @@ def test_set_up_addon_profiles(self): enabled=True, config={ CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID: "/test_workspace_resource_id", - CONST_MONITORING_USING_AAD_MSI_AUTH: "true", + CONST_MONITORING_USING_AAD_MSI_AUTH: "True", }, ), CONST_INGRESS_APPGW_ADDON_NAME: self.models.ManagedClusterAddonProfile(