From d74f2a87222685c77c99545cbeb6aa11c1ab689d Mon Sep 17 00:00:00 2001 From: Arpit Gupta Date: Mon, 24 May 2021 07:08:05 +0530 Subject: [PATCH] [Connectedk8s] Added OID param for custom-locations feature (#3407) * Added oid param * Bump version * Nit * Nit2 * Refine message * Update src/connectedk8s/azext_connectedk8s/custom.py Co-authored-by: Shashank Barsin * Update src/connectedk8s/azext_connectedk8s/custom.py Co-authored-by: Shashank Barsin * Update src/connectedk8s/azext_connectedk8s/custom.py Co-authored-by: Shashank Barsin * Nit loggings * Changed param name * update param name * Fix param name ref * Update src/connectedk8s/HISTORY.rst Co-authored-by: Xing Zhou Co-authored-by: Arpit Gupta Co-authored-by: Shashank Barsin Co-authored-by: Xing Zhou --- src/connectedk8s/HISTORY.rst | 6 ++++ .../azext_connectedk8s/_params.py | 2 ++ src/connectedk8s/azext_connectedk8s/custom.py | 35 ++++++++++++------- src/connectedk8s/setup.py | 2 +- 4 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/connectedk8s/HISTORY.rst b/src/connectedk8s/HISTORY.rst index 22bfc6a4882..47371b2367a 100644 --- a/src/connectedk8s/HISTORY.rst +++ b/src/connectedk8s/HISTORY.rst @@ -3,10 +3,16 @@ Release History =============== +1.1.5 +++++++ +* Add custom-locations oid parameter for spn scenario + + 1.1.4 ++++++ * Add compatible logic for the track 2 migration of resource dependence + 1.1.3 ++++++ * Fix for list_node() sdk function for AKS v1.19.x clusters diff --git a/src/connectedk8s/azext_connectedk8s/_params.py b/src/connectedk8s/azext_connectedk8s/_params.py index 6c65e12e92f..d7b506fe8fc 100644 --- a/src/connectedk8s/azext_connectedk8s/_params.py +++ b/src/connectedk8s/azext_connectedk8s/_params.py @@ -33,6 +33,7 @@ def load_arguments(self, _): c.argument('distribution', options_list=['--distribution'], help='The Kubernetes distribution which will be running on this connected cluster.', arg_type=get_enum_type(Distribution_Enum_Values)) c.argument('infrastructure', options_list=['--infrastructure'], help='The infrastructure on which the Kubernetes cluster represented by this connected cluster will be running on.', arg_type=get_enum_type(Infrastructure_Enum_Values)) c.argument('disable_auto_upgrade', options_list=['--disable-auto-upgrade'], action='store_true', help='Flag to disable auto upgrade of arc agents.') + c.argument('cl_oid', options_list=['--custom-locations-oid'], help="OID of 'custom-locations' app") with self.argument_context('connectedk8s update') as c: c.argument('cluster_name', options_list=['--name', '-n'], id_part='name', help='The name of the connected cluster.') @@ -59,6 +60,7 @@ def load_arguments(self, _): c.argument('azrbac_client_id', options_list=['--app-id'], arg_group='Azure RBAC', help='Application ID for enabling Azure RBAC. Specify when enabling azure-rbac.') c.argument('azrbac_client_secret', options_list=['--app-secret'], arg_group='Azure RBAC', help='Application secret for enabling Azure RBAC. Specify when enabling azure-rbac.') c.argument('azrbac_skip_authz_check', options_list=['--skip-azure-rbac-list'], arg_group='Azure RBAC', help='Comma separated list of names of usernames/email/oid. Azure RBAC will be skipped for these users. Specify when enabling azure-rbac.') + c.argument('cl_oid', options_list=['--custom-locations-oid'], help="OID of 'custom-locations' app") with self.argument_context('connectedk8s disable-features') as c: c.argument('cluster_name', options_list=['--name', '-n'], id_part='name', help='The name of the connected cluster.') diff --git a/src/connectedk8s/azext_connectedk8s/custom.py b/src/connectedk8s/azext_connectedk8s/custom.py index 079430647ef..80b3f18c80e 100644 --- a/src/connectedk8s/azext_connectedk8s/custom.py +++ b/src/connectedk8s/azext_connectedk8s/custom.py @@ -57,7 +57,7 @@ def create_connectedk8s(cmd, client, resource_group_name, cluster_name, https_proxy="", http_proxy="", no_proxy="", proxy_cert="", location=None, kube_config=None, kube_context=None, no_wait=False, tags=None, distribution='auto', infrastructure='auto', - disable_auto_upgrade=False): + disable_auto_upgrade=False, cl_oid=None): logger.warning("Ensure that you have the latest helm version installed before proceeding.") logger.warning("This operation might take a while...\n") @@ -140,7 +140,7 @@ def create_connectedk8s(cmd, client, resource_group_name, cluster_name, https_pr # Checking if it is an AKS cluster is_aks_cluster = check_aks_cluster(kube_config, kube_context) if is_aks_cluster: - logger.warning("The cluster you are trying to connect to Azure Arc is an Azure Kubernetes Service (AKS) cluster. While Arc onboarding an AKS cluster is possible, it's not necessary. Learn more at {}.".format(" https://go.microsoft.com/fwlink/?linkid=2144200")) + logger.warning("Connecting an Azure Kubernetes Service (AKS) cluster to Azure Arc is only required for running Arc enabled services like App Services and Data Services on the cluster. Other features like Azure Monitor and Azure Defender are natively available on AKS. Learn more at {}.".format(" https://go.microsoft.com/fwlink/?linkid=2144200")) # Checking helm installation check_helm_install(kube_config, kube_context) @@ -253,7 +253,7 @@ def create_connectedk8s(cmd, client, resource_group_name, cluster_name, https_pr put_cc_response = create_cc_resource(client, resource_group_name, cluster_name, cc, no_wait) # Checking if custom locations rp is registered and fetching oid if it is registered - enable_custom_locations, custom_locations_oid = check_cl_registration_and_get_oid(cmd) + enable_custom_locations, custom_locations_oid = check_cl_registration_and_get_oid(cmd, cl_oid) # Install azure-arc agents utils.helm_install_release(chart_path, subscription_id, kubernetes_distro, kubernetes_infra, resource_group_name, cluster_name, @@ -1128,7 +1128,7 @@ def get_all_helm_values(release_namespace, kube_config, kube_context): def enable_features(cmd, client, resource_group_name, cluster_name, features, kube_config=None, kube_context=None, - azrbac_client_id=None, azrbac_client_secret=None, azrbac_skip_authz_check=None): + azrbac_client_id=None, azrbac_client_secret=None, azrbac_skip_authz_check=None, cl_oid=None): logger.warning("Ensure that you have the latest helm version installed before proceeding.") logger.warning("This operation might take a while...\n") @@ -1145,7 +1145,7 @@ def enable_features(cmd, client, resource_group_name, cluster_name, features, ku azrbac_skip_authz_check = escape_proxy_settings(azrbac_skip_authz_check) if enable_cl: - enable_cl, custom_locations_oid = check_cl_registration_and_get_oid(cmd) + enable_cl, custom_locations_oid = check_cl_registration_and_get_oid(cmd, cl_oid) if not enable_cluster_connect and enable_cl: enable_cluster_connect = True logger.warning("Enabling 'custom-locations' feature will enable 'cluster-connect' feature too.") @@ -1935,27 +1935,38 @@ def check_process(processName): return False -def get_custom_locations_oid(cmd): +def get_custom_locations_oid(cmd, cl_oid): try: sp_graph_client = get_graph_client_service_principals(cmd.cli_ctx) sub_filters = [] sub_filters.append("displayName eq '{}'".format("Custom Locations RP")) result = list(sp_graph_client.list(filter=(' and '.join(sub_filters)))) if len(result) != 0: - return result[0].object_id - else: - logger.warning("Unable to fetch oid of 'custom-locations' app. Proceeding without enabling the feature.") + if cl_oid is not None and cl_oid != result[0].object_id: + logger.debug("The 'Custom-locations' OID passed is different from the actual OID({}) of the Custom Locations RP app. Proceeding with the correct one...".format(result[0].object_id)) + return result[0].object_id # Using the fetched OID + + if cl_oid is None: + logger.warning("Failed to enable Custom Locations feature on the cluster. Unable to fetch Object ID of Azure AD application used by Azure Arc service. Try enabling the feature by passing the --custom-locations-oid parameter directly. Learn more at https://aka.ms/CustomLocationsObjectID") telemetry.set_exception(exception='Unable to fetch oid of custom locations app.', fault_type=consts.Custom_Locations_OID_Fetch_Fault_Type, summary='Unable to fetch oid for custom locations app.') return "" + else: + return cl_oid except Exception as e: - logger.warning("Unable to fetch oid of 'custom-locations' app. Proceeding without enabling the feature. " + str(e)) + log_string = "Unable to fetch the Object ID of the Azure AD application used by Azure Arc service. " telemetry.set_exception(exception=e, fault_type=consts.Custom_Locations_OID_Fetch_Fault_Type, summary='Unable to fetch oid for custom locations app.') + if cl_oid: + log_string += "Proceeding with the Object ID provided to enable the 'custom-locations' feature." + logger.warning(log_string) + return cl_oid + log_string += "Unable to enable the 'custom-locations' feature. " + str(e) + logger.warning(log_string) return "" -def check_cl_registration_and_get_oid(cmd): +def check_cl_registration_and_get_oid(cmd, cl_oid): enable_custom_locations = True custom_locations_oid = "" try: @@ -1965,7 +1976,7 @@ def check_cl_registration_and_get_oid(cmd): enable_custom_locations = False logger.warning("'Custom-locations' feature couldn't be enabled on this cluster as the pre-requisite registration of 'Microsoft.ExtendedLocation' was not met. More details for enabling this feature later on this cluster can be found here - https://aka.ms/EnableCustomLocations") else: - custom_locations_oid = get_custom_locations_oid(cmd) + custom_locations_oid = get_custom_locations_oid(cmd, cl_oid) if custom_locations_oid == "": enable_custom_locations = False except Exception as e: diff --git a/src/connectedk8s/setup.py b/src/connectedk8s/setup.py index 53a133b0677..4feac457b7f 100644 --- a/src/connectedk8s/setup.py +++ b/src/connectedk8s/setup.py @@ -17,7 +17,7 @@ # TODO: Confirm this is the right version number you want and it matches your # HISTORY.rst entry. -VERSION = '1.1.4' +VERSION = '1.1.5' # The full list of classifiers is available at # https://pypi.python.org/pypi?%3Aaction=list_classifiers