aks: vendor 20201201 sdk and add 'enable-encryption-at-host' parameter (

#2912)

linter_exclusions.yml

@@ -73,6 +73,9 @@ aks create:
     workspace_resource_id:
       rule_exclusions:
       - option_length_too_long
+    enable_encryption_at_host:
+      rule_exclusions:
+      - option_length_too_long
 aks enable-addons:
   parameters:
     appgw_watch_namespace:
@@ -86,6 +89,9 @@ aks nodepool add:
     enable_node_public_ip:
       rule_exclusions:
       - option_length_too_long
+    enable_encryption_at_host:
+      rule_exclusions:
+      - option_length_too_long
 aks update:
   parameters:
     aad_admin_group_object_ids:

src/aks-preview/HISTORY.md

@@ -2,6 +2,11 @@
 
 Release History
 ===============
+0.4.73
++++++
+* Update to use 2020-12-01 api-version
+* Add argument '--enable-encryption-at-host'
+
 0.4.72
 ++++++
 * Add --no-uptime-sla

src/aks-preview/azext_aks_preview/__init__.py

@@ -16,7 +16,7 @@ class ContainerServiceCommandsLoader(AzCommandsLoader):
 
     def __init__(self, cli_ctx=None):
         from azure.cli.core.commands import CliCommandType
-        register_resource_type('latest', CUSTOM_MGMT_AKS_PREVIEW, '2020-11-01')
+        register_resource_type('latest', CUSTOM_MGMT_AKS_PREVIEW, '2020-12-01')
 
         acs_custom = CliCommandType(operations_tmpl='azext_aks_preview.custom#{}')
         super(ContainerServiceCommandsLoader, self).__init__(cli_ctx=cli_ctx,

src/aks-preview/azext_aks_preview/_help.py

@@ -304,6 +304,9 @@
         - name: --tags
           type: string
           short-summary: The tags of the managed cluster. The managed cluster instance and all resources managed by the cloud provider will be tagged.
+        - name: --enable-encryption-at-host
+          type: bool
+          short-summary: Enable EncryptionAtHost on agent node pool.
     examples:
         - name: Create a Kubernetes cluster with an existing SSH public key.
           text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey
@@ -341,6 +344,8 @@
           text: az aks create -g MyResourceGroup -n MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48
         - name: Create a kubernetes cluster with custom tags
           text: az aks create -g MyResourceGroup -n MyManagedCluster --tags "foo=bar" "baz=qux"
+        - name: Create a kubernetes cluster with EncryptionAtHost enabled.
+          text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-encryption-at-host
 
 """.format(sp_cache=AKS_SERVICE_PRINCIPAL_CACHE)
 
@@ -665,10 +670,14 @@
         - name: --linux-os-config
           type: string
           short-summary: OS configurations for Linux agent nodes.
+        - name: --enable-encryption-at-host
+          type: bool
+          short-summary: Enable EncryptionAtHost on agent node pool.
     examples:
         - name: Create a nodepool in an existing AKS cluster with ephemeral os enabled.
           text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48
-
+        - name: Create a nodepool with EncryptionAtHost enabled.
+          text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --enable-encryption-at-host
 """
 
 helps['aks nodepool scale'] = """

src/aks-preview/azext_aks_preview/_helpers.py

@@ -8,7 +8,7 @@
 from knack.util import CLIError
 
 # pylint: disable=no-name-in-module,import-error
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import ManagedClusterAPIServerAccessProfile
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import ManagedClusterAPIServerAccessProfile
 from ._consts import CONST_CONTAINER_NAME_MAX_LENGTH
 from ._consts import CONST_OUTBOUND_TYPE_LOAD_BALANCER, CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING
 

src/aks-preview/azext_aks_preview/_loadbalancer.py

@@ -6,11 +6,11 @@
 from distutils.version import StrictVersion  # pylint: disable=no-name-in-module,import-error
 from knack.log import get_logger
 
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import ManagedClusterLoadBalancerProfile
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import ManagedClusterLoadBalancerProfileManagedOutboundIPs
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import ManagedClusterLoadBalancerProfileOutboundIPPrefixes
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import ManagedClusterLoadBalancerProfileOutboundIPs
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import ResourceReference
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import ManagedClusterLoadBalancerProfile
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import ManagedClusterLoadBalancerProfileManagedOutboundIPs
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import ManagedClusterLoadBalancerProfileOutboundIPPrefixes
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import ManagedClusterLoadBalancerProfileOutboundIPs
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import ResourceReference
 
 logger = get_logger(__name__)
 

src/aks-preview/azext_aks_preview/_params.py

@@ -10,7 +10,7 @@
 
 from argcomplete.completers import FilesCompleter
 from azure.cli.core.commands.parameters import (
-    file_type, get_resource_name_completion_list, name_type, tags_type, zones_type, get_enum_type)
+    file_type, get_resource_name_completion_list, get_three_state_flag, name_type, tags_type, zones_type, get_enum_type)
 from knack.arguments import CLIArgumentType
 
 from ._completers import (
@@ -123,6 +123,7 @@ def load_arguments(self, _):
         c.argument('appgw_subnet_id', options_list=['--appgw-subnet-id'], arg_group='Application Gateway')
         c.argument('appgw_watch_namespace', options_list=['--appgw-watch-namespace'], arg_group='Application Gateway')
         c.argument('aci_subnet_name', type=str)
+        c.argument('enable_encryption_at_host', arg_type=get_three_state_flag(), help='Enable EncryptionAtHost.')
         c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
 
     with self.argument_context('aks update') as c:
@@ -187,6 +188,7 @@ def load_arguments(self, _):
             c.argument('pod_subnet_id', type=str, validator=validate_pod_subnet_id)
             c.argument('kubelet_config', type=str)
             c.argument('linux_os_config', type=str)
+            c.argument('enable_encryption_at_host', options_list=['--enable-encryption-at-host'], action='store_true')
 
     for scope in ['aks nodepool show', 'aks nodepool delete', 'aks nodepool scale', 'aks nodepool upgrade', 'aks nodepool update']:
         with self.argument_context(scope) as c:

src/aks-preview/azext_aks_preview/_validators.py

@@ -16,7 +16,7 @@
 from azure.cli.core.util import CLIError
 import azure.cli.core.keys as keys
 
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import ManagedClusterPropertiesAutoScalerProfile
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import ManagedClusterPropertiesAutoScalerProfile
 
 from ._helpers import (_fuzzy_match)
 

src/aks-preview/azext_aks_preview/custom.py

@@ -50,7 +50,7 @@
                                     KeyCredential,
                                     ServicePrincipalCreateParameters,
                                     GetObjectsParameters)
-from .vendored_sdks.azure_mgmt_preview_aks.v2020_11_01.models import (ContainerServiceLinuxProfile,
+from .vendored_sdks.azure_mgmt_preview_aks.v2020_12_01.models import (ContainerServiceLinuxProfile,
                                                                       ManagedClusterWindowsProfile,
                                                                       ContainerServiceNetworkProfile,
                                                                       ManagedClusterServicePrincipalProfile,
@@ -900,6 +900,7 @@ def aks_create(cmd,     # pylint: disable=too-many-locals,too-many-statements,to
                assign_identity=None,
                auto_upgrade_channel=None,
                enable_pod_identity=False,
+               enable_encryption_at_host=False,
                no_wait=False,
                yes=False):
     if not no_ssh_key:
@@ -945,6 +946,7 @@ def aks_create(cmd,     # pylint: disable=too-many-locals,too-many-statements,to
         proximity_placement_group_id=ppg,
         availability_zones=node_zones,
         enable_node_public_ip=enable_node_public_ip,
+        enable_encryption_at_host=enable_encryption_at_host,
         max_pods=int(max_pods) if max_pods else None,
         type=vm_set_type
     )
@@ -2501,6 +2503,7 @@ def aks_agentpool_add(cmd,      # pylint: disable=unused-argument,too-many-local
                       aks_custom_headers=None,
                       kubelet_config=None,
                       linux_os_config=None,
+                      enable_encryption_at_host=False,
                       no_wait=False):
     instances = client.list(resource_group_name, cluster_name)
     for agentpool_profile in instances:
@@ -2547,6 +2550,7 @@ def aks_agentpool_add(cmd,      # pylint: disable=unused-argument,too-many-local
         node_taints=taints_array,
         scale_set_priority=priority,
         upgrade_settings=upgradeSettings,
+        enable_encryption_at_host=enable_encryption_at_host,
         mode=mode
     )