From f31fa428a475b523ae21fd2afe51a59dec767782 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Mon, 11 Apr 2022 22:13:23 -0700 Subject: [PATCH 01/10] container insights aad auth support --- .../partner_extensions/ContainerInsights.py | 197 +++++++++++++++++- 1 file changed, 193 insertions(+), 4 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index f152b2e2ca8..95e0aac9bef 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -10,12 +10,13 @@ from knack.log import get_logger -from azure.cli.core.azclierror import InvalidArgumentValueError +from azure.cli.core.azclierror import AzCLIError, CLIError, InvalidArgumentValueError, ClientRequestError from azure.cli.core.commands import LongRunningOperation from azure.cli.core.commands.client_factory import get_mgmt_service_client, get_subscription_id -from azure.cli.core.util import sdk_no_wait +from azure.cli.core.util import sdk_no_wait, send_raw_request from msrestazure.tools import parse_resource_id, is_valid_resource_id + from ..vendored_sdks.models import Extension from ..vendored_sdks.models import ScopeCluster from ..vendored_sdks.models import Scope @@ -33,7 +34,6 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t scope, auto_upgrade_minor_version, release_train, version, target_namespace, release_namespace, configuration_settings, configuration_protected_settings, configuration_settings_file, configuration_protected_settings_file): - """ExtensionType 'microsoft.azuremonitor.containers' specific validations & defaults for Create Must create and return a valid 'Extension' object. @@ -376,6 +376,7 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n subscription_id = get_subscription_id(cmd.cli_ctx) workspace_resource_id = '' + useAADAuth = False if configuration_settings is not None: if 'loganalyticsworkspaceresourceid' in configuration_settings: @@ -385,6 +386,9 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n if 'logAnalyticsWorkspaceResourceID' in configuration_settings: workspace_resource_id = configuration_settings['logAnalyticsWorkspaceResourceID'] + if 'omsagent.useAADAuth' in configuration_settings: + useAADAuth = configuration_settings['omsagent.useAADAuth'] + workspace_resource_id = workspace_resource_id.strip() if configuration_protected_settings is not None: @@ -409,7 +413,10 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n raise InvalidArgumentValueError('{} is not a valid Azure resource ID.'.format(workspace_resource_id)) if is_ci_extension_type: - _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() + if useAADAuth: + _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id) + else: + _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() # extract subscription ID and resource group from workspace_resource_id URL parsed = parse_resource_id(workspace_resource_id) @@ -440,3 +447,185 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n configuration_settings['omsagent.domain'] = 'opinsights.azure.eaglex.ic.gov' elif cloud_name.lower() == 'ussec': configuration_settings['omsagent.domain'] = 'opinsights.azure.microsoft.scloud' + + +def get_existing_container_insights_extension_dcr_tags(cmd, dcr_url): + tags = {} + _MAX_RETRY_TIMES = 3 + for retry_count in range(0, _MAX_RETRY_TIMES): + try: + resp = send_raw_request( + cmd.cli_ctx, "GET", dcr_url + ) + json_response = json.loads(resp.text) + tags = json_response["tags"] + break + except CLIError as e: + if "ResourceNotFound" in str(e): + break + if retry_count >= (_MAX_RETRY_TIMES - 1): + raise e + return tags + + +def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id): + from azure.core.exceptions import HttpResponseError + + cluster_region = '' + resources = cf_resources(cmd.cli_ctx, subscription_id) + cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Kubernetes' \ + '/connectedClusters/{2}'.format(subscription_id, cluster_resource_group_name, cluster_name) + try: + resource = resources.get_by_id(cluster_resource_id, '2020-01-01-preview') + cluster_region = resource.location.lower() + except HttpResponseError as ex: + raise ex + + # extract subscription ID and resource group from workspace_resource_id URL + parsed = parse_resource_id(workspace_resource_id) + workspace_subscription_id, workspace_resource_group = parsed["subscription"], parsed["resource_group"] + workspace_region = '' + resources = cf_resources(cmd.cli_ctx, workspace_subscription_id) + try: + resource = resources.get_by_id(workspace_resource_id, '2015-11-01-preview') + workspace_region = resource.location + except HttpResponseError as ex: + raise ex + + dataCollectionRuleName = f"MSCI-{cluster_name}-{cluster_region}" + dcr_resource_id = f"/subscriptions/{workspace_subscription_id}/resourceGroups/{workspace_resource_group}/providers/Microsoft.Insights/dataCollectionRules/{dataCollectionRuleName}" + + # first get the association between region display names and region IDs (because for some reason + # the "which RPs are available in which regions" check returns region display names) + region_names_to_id = {} + # retry the request up to two times + for _ in range(3): + try: + location_list_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"/subscriptions/{subscription_id}/locations?api-version=2019-11-01" + r = send_raw_request(cmd.cli_ctx, "GET", location_list_url) + # this is required to fool the static analyzer. The else statement will only run if an exception + # is thrown, but flake8 will complain that e is undefined if we don't also define it here. + error = None + break + except AzCLIError as e: + error = e + else: + # This will run if the above for loop was not broken out of. This means all three requests failed + raise error + json_response = json.loads(r.text) + for region_data in json_response["value"]: + region_names_to_id[region_data["displayName"]] = region_data["name"] + + # check if region supports DCR and DCR-A + for _ in range(3): + try: + feature_check_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"/subscriptions/{subscription_id}/providers/Microsoft.Insights?api-version=2020-10-01" + r = send_raw_request(cmd.cli_ctx, "GET", feature_check_url) + error = None + break + except AzCLIError as e: + error = e + else: + raise error + + json_response = json.loads(r.text) + for resource in json_response["resourceTypes"]: + region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # map is lazy, so doing this for every region isn't slow + if (resource["resourceType"].lower() == "datacollectionrules" and workspace_region not in region_ids): + raise ClientRequestError(f"Data Collection Rules are not supported for LA workspace region {workspace_region}") + if (resource["resourceType"].lower() == "datacollectionruleassociations" and cluster_region not in region_ids): + raise ClientRequestError(f"Data Collection Rule Associations are not supported for cluster region {cluster_region}") + + dcr_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{dcr_resource_id}?api-version=2019-11-01-preview" + # get existing tags on the container insights extension DCR if the customer added any + existing_tags = get_existing_container_insights_extension_dcr_tags(cmd, dcr_url) + + # create the DCR + dcr_creation_body = json.dumps( + { + "location": workspace_region, + "tags": existing_tags, + "properties": { + "dataSources": { + "extensions": [ + { + "name": "ContainerInsightsExtension", + "streams": [ + "Microsoft-Perf", + "Microsoft-ContainerInventory", + "Microsoft-ContainerLog", + "Microsoft-ContainerLogV2", + "Microsoft-ContainerNodeInventory", + "Microsoft-KubeEvents", + "Microsoft-KubeMonAgentEvents", + "Microsoft-KubeNodeInventory", + "Microsoft-KubePodInventory", + "Microsoft-KubePVInventory", + "Microsoft-KubeServices", + "Microsoft-InsightsMetrics", + ], + "extensionName": "ContainerInsights", + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Microsoft-Perf", + "Microsoft-ContainerInventory", + "Microsoft-ContainerLog", + "Microsoft-ContainerLogV2", + "Microsoft-ContainerNodeInventory", + "Microsoft-KubeEvents", + "Microsoft-KubeMonAgentEvents", + "Microsoft-KubeNodeInventory", + "Microsoft-KubePodInventory", + "Microsoft-KubePVInventory", + "Microsoft-KubeServices", + "Microsoft-InsightsMetrics", + ], + "destinations": ["la-workspace"], + } + ], + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": workspace_resource_id, + "name": "la-workspace", + } + ] + }, + }, + } + ) + + for _ in range(3): + try: + send_raw_request(cmd.cli_ctx, "PUT", dcr_url, body=dcr_creation_body) + error = None + break + except AzCLIError as e: + error = e + else: + raise error + + association_body = json.dumps( + { + "location": cluster_region, + "properties": { + "dataCollectionRuleId": dcr_resource_id, + "description": "routes monitoring data to a Log Analytics workspace", + }, + } + ) + association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" + for _ in range(3): + try: + send_raw_request(cmd.cli_ctx, "PUT", association_url, body=association_body,) + error = None + break + except AzCLIError as e: + error = e + else: + raise error + From a9cf930d7d33b22bdcf56b69c2ebcc8f185098df Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 00:01:34 -0700 Subject: [PATCH 02/10] container insights aad auth support --- .../partner_extensions/ContainerInsights.py | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index 95e0aac9bef..639e3c8122f 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -458,7 +458,8 @@ def get_existing_container_insights_extension_dcr_tags(cmd, dcr_url): cmd.cli_ctx, "GET", dcr_url ) json_response = json.loads(resp.text) - tags = json_response["tags"] + if json_response["tags"] is not None: + tags = json_response["tags"] break except CLIError as e: if "ResourceNotFound" in str(e): @@ -512,9 +513,9 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ else: # This will run if the above for loop was not broken out of. This means all three requests failed raise error - json_response = json.loads(r.text) - for region_data in json_response["value"]: - region_names_to_id[region_data["displayName"]] = region_data["name"] + json_response = json.loads(r.text) + for region_data in json_response["value"]: + region_names_to_id[region_data["displayName"]] = region_data["name"] # check if region supports DCR and DCR-A for _ in range(3): @@ -530,11 +531,14 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ json_response = json.loads(r.text) for resource in json_response["resourceTypes"]: - region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # map is lazy, so doing this for every region isn't slow - if (resource["resourceType"].lower() == "datacollectionrules" and workspace_region not in region_ids): - raise ClientRequestError(f"Data Collection Rules are not supported for LA workspace region {workspace_region}") - if (resource["resourceType"].lower() == "datacollectionruleassociations" and cluster_region not in region_ids): - raise ClientRequestError(f"Data Collection Rule Associations are not supported for cluster region {cluster_region}") + if (resource["resourceType"].lower() == "datacollectionrules"): + region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # dcr supported regions + if (workspace_region not in region_ids): + raise ClientRequestError(f"Data Collection Rules are not supported for LA workspace region {workspace_region}") + if (resource["resourceType"].lower() == "datacollectionruleassociations"): + region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # dcr-a supported regions + if (cluster_region not in region_ids): + raise ClientRequestError(f"Data Collection Rule Associations are not supported for cluster region {cluster_region}") dcr_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{dcr_resource_id}?api-version=2019-11-01-preview" # get existing tags on the container insights extension DCR if the customer added any From 30908160bb18e897eb8bd57834c93f86f3b39ab9 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 00:17:09 -0700 Subject: [PATCH 03/10] container insights aad auth support --- .../partner_extensions/ContainerInsights.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index 639e3c8122f..ed68524e87b 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -159,7 +159,8 @@ def _ensure_default_log_analytics_workspace_for_monitoring(cmd, subscription_id, "westeurope": "westeurope", "westindia": "centralindia", "westus": "westus", - "westus2": "westus2" + "westus2": "westus2", + "eastus2euap": "eastus2euap" } # mapping for azure china cloud From fa75b71bc7e3571b5c351f38ac36ec29101ae213 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 11:42:28 -0700 Subject: [PATCH 04/10] handle useAADAuth setting --- .../partner_extensions/ContainerInsights.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index ed68524e87b..0208cf674c7 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -388,7 +388,9 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n workspace_resource_id = configuration_settings['logAnalyticsWorkspaceResourceID'] if 'omsagent.useAADAuth' in configuration_settings: - useAADAuth = configuration_settings['omsagent.useAADAuth'] + useAADAuthSetting = configuration_settings['omsagent.useAADAuth'] + if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): + useAADAuth = True workspace_resource_id = workspace_resource_id.strip() @@ -415,6 +417,7 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n if is_ci_extension_type: if useAADAuth: + logger.info("MSI onboarding since omsagent.useAADAuth set to true") _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id) else: _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() From 423bccb6aee403632bd99e5c7d155d0b7ccb44c9 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 13:29:03 -0700 Subject: [PATCH 05/10] handle useAADAuth setting --- .../partner_extensions/ContainerInsights.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index 0208cf674c7..0b7594d3a33 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -389,7 +389,8 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n if 'omsagent.useAADAuth' in configuration_settings: useAADAuthSetting = configuration_settings['omsagent.useAADAuth'] - if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): + logger.info("provided useAADAuth flag is : %s", useAADAuthSetting) + if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): useAADAuth = True workspace_resource_id = workspace_resource_id.strip() From 1c03519a19d2308de63908de5aa39f166743376c Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 16:17:34 -0700 Subject: [PATCH 06/10] delete dcr-a if its exists incase of MSI auth --- .../partner_extensions/ContainerInsights.py | 47 ++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index 0b7594d3a33..051b2cca7a5 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -8,6 +8,8 @@ import datetime import json +from ..utils import get_cluster_rp_api_version + from knack.log import get_logger from azure.cli.core.azclierror import AzCLIError, CLIError, InvalidArgumentValueError, ClientRequestError @@ -15,7 +17,7 @@ from azure.cli.core.commands.client_factory import get_mgmt_service_client, get_subscription_id from azure.cli.core.util import sdk_no_wait, send_raw_request from msrestazure.tools import parse_resource_id, is_valid_resource_id - +from azure.core.exceptions import HttpResponseError from ..vendored_sdks.models import Extension from ..vendored_sdks.models import ScopeCluster @@ -70,6 +72,49 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t ) return extension, name, create_identity + def Delete(self, cmd, client, resource_group_name, cluster_name, name, cluster_type, yes): + # Delete DCR-A if it exists incase of MSI Auth + useAADAuth = False + isDCRAExists = False + cluster_rp, _ = get_cluster_rp_api_version(cluster_type) + try: + extension = client.get(resource_group_name, cluster_rp, cluster_type, cluster_name, name) + except Exception: + pass # its OK to ignore the exception since MSI auth in preview + + logger.warn("deleting the container insights extension: %s", extension) + subscription_id = get_subscription_id(cmd.cli_ctx) + # handle cluster type here + cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}/{4}'.format(subscription_id, resource_group_name, cluster_rp, cluster_type, cluster_name) + if (extension is not None) and (extension.configuration_settings is not None): + configSettings = extension.configuration_settings + if 'omsagent.useAADAuth' in configSettings: + useAADAuthSetting =configSettings['omsagent.useAADAuth'] + if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): + useAADAuth = True + if useAADAuth: + association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" + for _ in range(3): + try: + send_raw_request(cmd.cli_ctx, "GET", association_url,) + isDCRAExists = True + break + except HttpResponseError as ex: + # Customize the error message for resources not found + if ex.response.status_code == 404: + isDCRAExists = False + except Exception: + pass # its OK to ignore the exception since MSI auth in preview + + if isDCRAExists: + association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" + for _ in range(3): + try: + send_raw_request(cmd.cli_ctx, "DELETE", association_url,) + break + except Exception: + pass # its OK to ignore the exception since MSI auth in preview + # Custom Validation Logic for Container Insights From a0635019d8bf5482fcab527f7011545ee900768a Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 16:43:55 -0700 Subject: [PATCH 07/10] fix formatting --- .../partner_extensions/ContainerInsights.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index 051b2cca7a5..d093a6281f5 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -89,9 +89,9 @@ def Delete(self, cmd, client, resource_group_name, cluster_name, name, cluster_t if (extension is not None) and (extension.configuration_settings is not None): configSettings = extension.configuration_settings if 'omsagent.useAADAuth' in configSettings: - useAADAuthSetting =configSettings['omsagent.useAADAuth'] + useAADAuthSetting = configSettings['omsagent.useAADAuth'] if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): - useAADAuth = True + useAADAuth = True if useAADAuth: association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" for _ in range(3): @@ -582,11 +582,11 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ json_response = json.loads(r.text) for resource in json_response["resourceTypes"]: if (resource["resourceType"].lower() == "datacollectionrules"): - region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # dcr supported regions + region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # dcr supported regions if (workspace_region not in region_ids): raise ClientRequestError(f"Data Collection Rules are not supported for LA workspace region {workspace_region}") if (resource["resourceType"].lower() == "datacollectionruleassociations"): - region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # dcr-a supported regions + region_ids = map(lambda x: region_names_to_id[x], resource["locations"]) # dcr-a supported regions if (cluster_region not in region_ids): raise ClientRequestError(f"Data Collection Rule Associations are not supported for cluster region {cluster_region}") @@ -682,4 +682,3 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ error = e else: raise error - From 8e968db4f892457d29bd4705d4ca530b7b394fab Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 16:46:00 -0700 Subject: [PATCH 08/10] fix formatting --- .../azext_k8s_extension/partner_extensions/ContainerInsights.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index d093a6281f5..8e79be04e68 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -82,7 +82,6 @@ def Delete(self, cmd, client, resource_group_name, cluster_name, name, cluster_t except Exception: pass # its OK to ignore the exception since MSI auth in preview - logger.warn("deleting the container insights extension: %s", extension) subscription_id = get_subscription_id(cmd.cli_ctx) # handle cluster type here cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}/{4}'.format(subscription_id, resource_group_name, cluster_rp, cluster_type, cluster_name) From f84d18ceb95fcfc3c8810b7b9172ba5eb7bc9b5e Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 17:02:25 -0700 Subject: [PATCH 09/10] fix formatting --- .../partner_extensions/ContainerInsights.py | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index 8e79be04e68..f43369f9893 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -73,25 +73,25 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t return extension, name, create_identity def Delete(self, cmd, client, resource_group_name, cluster_name, name, cluster_type, yes): - # Delete DCR-A if it exists incase of MSI Auth - useAADAuth = False - isDCRAExists = False - cluster_rp, _ = get_cluster_rp_api_version(cluster_type) - try: + # Delete DCR-A if it exists incase of MSI Auth + useAADAuth = False + isDCRAExists = False + cluster_rp, _ = get_cluster_rp_api_version(cluster_type) + try: extension = client.get(resource_group_name, cluster_rp, cluster_type, cluster_name, name) - except Exception: + except Exception: pass # its OK to ignore the exception since MSI auth in preview - subscription_id = get_subscription_id(cmd.cli_ctx) - # handle cluster type here - cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}/{4}'.format(subscription_id, resource_group_name, cluster_rp, cluster_type, cluster_name) - if (extension is not None) and (extension.configuration_settings is not None): + subscription_id = get_subscription_id(cmd.cli_ctx) + # handle cluster type here + cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}/{4}'.format(subscription_id, resource_group_name, cluster_rp, cluster_type, cluster_name) + if (extension is not None) and (extension.configuration_settings is not None): configSettings = extension.configuration_settings if 'omsagent.useAADAuth' in configSettings: useAADAuthSetting = configSettings['omsagent.useAADAuth'] if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): useAADAuth = True - if useAADAuth: + if useAADAuth: association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" for _ in range(3): try: @@ -105,7 +105,7 @@ def Delete(self, cmd, client, resource_group_name, cluster_name, name, cluster_t except Exception: pass # its OK to ignore the exception since MSI auth in preview - if isDCRAExists: + if isDCRAExists: association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" for _ in range(3): try: From b436a7eae416451f0c8cc7e3a0a49354c193411e Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 12 Apr 2022 17:12:15 -0700 Subject: [PATCH 10/10] fix formatting --- .../partner_extensions/ContainerInsights.py | 100 +++++++++--------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index f43369f9893..fcacbb829bf 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -78,41 +78,41 @@ def Delete(self, cmd, client, resource_group_name, cluster_name, name, cluster_t isDCRAExists = False cluster_rp, _ = get_cluster_rp_api_version(cluster_type) try: - extension = client.get(resource_group_name, cluster_rp, cluster_type, cluster_name, name) + extension = client.get(resource_group_name, cluster_rp, cluster_type, cluster_name, name) except Exception: - pass # its OK to ignore the exception since MSI auth in preview + pass # its OK to ignore the exception since MSI auth in preview subscription_id = get_subscription_id(cmd.cli_ctx) # handle cluster type here cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}/{4}'.format(subscription_id, resource_group_name, cluster_rp, cluster_type, cluster_name) if (extension is not None) and (extension.configuration_settings is not None): - configSettings = extension.configuration_settings - if 'omsagent.useAADAuth' in configSettings: - useAADAuthSetting = configSettings['omsagent.useAADAuth'] - if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): - useAADAuth = True + configSettings = extension.configuration_settings + if 'omsagent.useAADAuth' in configSettings: + useAADAuthSetting = configSettings['omsagent.useAADAuth'] + if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting): + useAADAuth = True if useAADAuth: - association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" - for _ in range(3): - try: - send_raw_request(cmd.cli_ctx, "GET", association_url,) - isDCRAExists = True - break - except HttpResponseError as ex: - # Customize the error message for resources not found - if ex.response.status_code == 404: - isDCRAExists = False - except Exception: - pass # its OK to ignore the exception since MSI auth in preview + association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" + for _ in range(3): + try: + send_raw_request(cmd.cli_ctx, "GET", association_url,) + isDCRAExists = True + break + except HttpResponseError as ex: + # Customize the error message for resources not found + if ex.response.status_code == 404: + isDCRAExists = False + except Exception: + pass # its OK to ignore the exception since MSI auth in preview if isDCRAExists: - association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" - for _ in range(3): - try: - send_raw_request(cmd.cli_ctx, "DELETE", association_url,) - break - except Exception: - pass # its OK to ignore the exception since MSI auth in preview + association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" + for _ in range(3): + try: + send_raw_request(cmd.cli_ctx, "DELETE", association_url,) + break + except Exception: + pass # its OK to ignore the exception since MSI auth in preview # Custom Validation Logic for Container Insights @@ -462,10 +462,10 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n if is_ci_extension_type: if useAADAuth: - logger.info("MSI onboarding since omsagent.useAADAuth set to true") - _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id) + logger.info("MSI onboarding since omsagent.useAADAuth set to true") + _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id) else: - _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() + _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() # extract subscription ID and resource group from workspace_resource_id URL parsed = parse_resource_id(workspace_resource_id) @@ -560,23 +560,23 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ except AzCLIError as e: error = e else: - # This will run if the above for loop was not broken out of. This means all three requests failed + # This will run if the above for loop was not broken out of. This means all three requests failed raise error json_response = json.loads(r.text) for region_data in json_response["value"]: - region_names_to_id[region_data["displayName"]] = region_data["name"] + region_names_to_id[region_data["displayName"]] = region_data["name"] - # check if region supports DCR and DCR-A + # check if region supports DCR and DCR-A for _ in range(3): - try: - feature_check_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"/subscriptions/{subscription_id}/providers/Microsoft.Insights?api-version=2020-10-01" - r = send_raw_request(cmd.cli_ctx, "GET", feature_check_url) - error = None - break - except AzCLIError as e: - error = e - else: - raise error + try: + feature_check_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"/subscriptions/{subscription_id}/providers/Microsoft.Insights?api-version=2020-10-01" + r = send_raw_request(cmd.cli_ctx, "GET", feature_check_url) + error = None + break + except AzCLIError as e: + error = e + else: + raise error json_response = json.loads(r.text) for resource in json_response["resourceTypes"]: @@ -654,13 +654,13 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ for _ in range(3): try: - send_raw_request(cmd.cli_ctx, "PUT", dcr_url, body=dcr_creation_body) - error = None - break + send_raw_request(cmd.cli_ctx, "PUT", dcr_url, body=dcr_creation_body) + error = None + break except AzCLIError as e: error = e else: - raise error + raise error association_body = json.dumps( { @@ -674,10 +674,10 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ association_url = cmd.cli_ctx.cloud.endpoints.resource_manager + f"{cluster_resource_id}/providers/Microsoft.Insights/dataCollectionRuleAssociations/ContainerInsightsExtension?api-version=2019-11-01-preview" for _ in range(3): try: - send_raw_request(cmd.cli_ctx, "PUT", association_url, body=association_body,) - error = None - break + send_raw_request(cmd.cli_ctx, "PUT", association_url, body=association_body,) + error = None + break except AzCLIError as e: - error = e + error = e else: - raise error + raise error