From 2f11df8a795cf30d62af380e9b11fe7724b3c5d4 Mon Sep 17 00:00:00 2001 From: nreisch Date: Thu, 1 Apr 2021 08:58:24 -0400 Subject: [PATCH 1/4] Add Policy extension --- src/k8s-extension/HISTORY.rst | 4 + .../azext_k8s_extension/_consts_private.py | 2 +- .../azext_k8s_extension/custom.py | 4 +- .../partner_extensions/AzurePolicy.py | 81 +++++++++++++++++++ 4 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py diff --git a/src/k8s-extension/HISTORY.rst b/src/k8s-extension/HISTORY.rst index 54c1e375f6f..95507e958d7 100644 --- a/src/k8s-extension/HISTORY.rst +++ b/src/k8s-extension/HISTORY.rst @@ -3,6 +3,10 @@ Release History =============== +0.2.2 +++++++++++++++++++ +* Add support for microsoft.policyinsights extension type + 0.2.0 ++++++++++++++++++ diff --git a/src/k8s-extension/azext_k8s_extension/_consts_private.py b/src/k8s-extension/azext_k8s_extension/_consts_private.py index 42a51c5d23d..9ab7da5195c 100644 --- a/src/k8s-extension/azext_k8s_extension/_consts_private.py +++ b/src/k8s-extension/azext_k8s_extension/_consts_private.py @@ -5,4 +5,4 @@ # -------------------------------------------------------------------------------------------- EXTENSION_NAME = 'k8s-extension-private' -VERSION = "0.2.1" +VERSION = "0.2.2" diff --git a/src/k8s-extension/azext_k8s_extension/custom.py b/src/k8s-extension/azext_k8s_extension/custom.py index 10c997a1a76..683ffb8e00b 100644 --- a/src/k8s-extension/azext_k8s_extension/custom.py +++ b/src/k8s-extension/azext_k8s_extension/custom.py @@ -22,6 +22,7 @@ from azext_k8s_extension.partner_extensions.Cassandra import Cassandra from azext_k8s_extension.partner_extensions.OpenServiceMesh import OpenServiceMesh from azext_k8s_extension.partner_extensions.AzureMLKubernetes import AzureMLKubernetes +from azext_k8s_extension.partner_extensions.AzurePolicy import AzurePolicy from azext_k8s_extension.partner_extensions.DefaultExtension import DefaultExtension import azext_k8s_extension._consts as consts @@ -37,7 +38,8 @@ def ExtensionFactory(extension_name): 'microsoft.azuredefender.kubernetes': AzureDefender, 'microsoft.openservicemesh': OpenServiceMesh, 'microsoft.azureml.kubernetes': AzureMLKubernetes, - 'cassandradatacentersoperator': Cassandra + 'cassandradatacentersoperator': Cassandra, + 'microsoft.policyinsights': AzurePolicy } # Return the extension if we find it in the map, else return the default diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py new file mode 100644 index 00000000000..f2ffaa28c08 --- /dev/null +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py @@ -0,0 +1,81 @@ +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + +# pylint: disable=unused-argument + +from knack.util import CLIError +from knack.log import get_logger + +from azext_k8s_extension.vendored_sdks.models import ExtensionInstance +from azext_k8s_extension.vendored_sdks.models import ExtensionInstanceUpdate +from azext_k8s_extension.vendored_sdks.models import ScopeCluster +from azext_k8s_extension.vendored_sdks.models import Scope + +from azext_k8s_extension.partner_extensions.PartnerExtensionModel import PartnerExtensionModel + +logger = get_logger(__name__) + +class AzurePolicy(PartnerExtensionModel): + def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_type, extension_type, + scope, auto_upgrade_minor_version, release_train, version, target_namespace, + release_namespace, configuration_settings, configuration_protected_settings, + configuration_settings_file, configuration_protected_settings_file): + + """ExtensionType 'Microsoft.PolicyInsights' specific validations & defaults for Create + Must create and return a valid 'ExtensionInstanceForCreate' object. + + """ + + # Hardcode scope to cluster + ext_scope = None + scope_cluster = ScopeCluster(release_namespace=release_namespace) + ext_scope = Scope(cluster=scope_cluster, namespace=None) + logger.warning('Ignoring scope parameters since %s ' + 'only supports cluster scope', extension_type) + + # If release-train is not provided, set it to 'preview' + valid_release_trains = ['preview', 'dev'] + if release_train is None: + release_train = 'preview' + + # If release-train is other than valid_release_trains raise error + if release_train.lower() not in valid_release_trains: + raise CLIError("Invalid release-train '{}'. Valid values are 'preview', 'dev'.".format(release_train)) + + # Create Managed Identity for extension + create_identity = True + + extension_instance = ExtensionInstance( + extension_type=extension_type, + auto_upgrade_minor_version=auto_upgrade_minor_version, + release_train=release_train, + version=version, + scope=ext_scope, + configuration_settings=configuration_settings, + configuration_protected_settings=configuration_protected_settings, + identity=None, + location="" + ) + return extension_instance, name, create_identity + + def Update(self, extension, auto_upgrade_minor_version, release_train, version): + """ExtensionType 'Microsoft.PolicyInsights' specific validations & defaults for Update + Must create and return a valid 'ExtensionInstanceUpdate' object. + + """ + # If release-train is not provided, set it to 'preview' + valid_release_trains = ['preview', 'dev'] + if release_train is None: + release_train = 'preview' + + # If release-train is other than valid_release_trains raise error + if release_train.lower() not in valid_release_trains: + raise CLIError("Invalid release-train '{}'. Valid values are 'preview', 'dev'.".format(release_train)) + + return ExtensionInstanceUpdate( + auto_upgrade_minor_version=auto_upgrade_minor_version, + release_train=release_train, + version=version + ) From 0e6da782a17fe19af7ce7e7a70332e9d461497b3 Mon Sep 17 00:00:00 2001 From: nreisch Date: Thu, 1 Apr 2021 09:11:58 -0400 Subject: [PATCH 2/4] Update comment --- .../azext_k8s_extension/partner_extensions/AzurePolicy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py index f2ffaa28c08..6482021b783 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py @@ -24,7 +24,7 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t configuration_settings_file, configuration_protected_settings_file): """ExtensionType 'Microsoft.PolicyInsights' specific validations & defaults for Create - Must create and return a valid 'ExtensionInstanceForCreate' object. + Must create and return a valid 'ExtensionInstance' object. """ From 9ca0bd8b9d913354ef96fa6a038ad4a49e1229af Mon Sep 17 00:00:00 2001 From: nreisch Date: Thu, 1 Apr 2021 12:45:30 -0400 Subject: [PATCH 3/4] Update args --- .../azext_k8s_extension/partner_extensions/AzurePolicy.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py index 6482021b783..d184aae8ea5 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py @@ -55,8 +55,6 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t scope=ext_scope, configuration_settings=configuration_settings, configuration_protected_settings=configuration_protected_settings, - identity=None, - location="" ) return extension_instance, name, create_identity From 989eae59f23f4b0b9f7a6299664f6ed89872ebb3 Mon Sep 17 00:00:00 2001 From: nreisch Date: Thu, 1 Apr 2021 20:16:33 -0400 Subject: [PATCH 4/4] Fix linting errors --- .../azext_k8s_extension/partner_extensions/AzurePolicy.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py index d184aae8ea5..b679e09c90d 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzurePolicy.py @@ -17,6 +17,7 @@ logger = get_logger(__name__) + class AzurePolicy(PartnerExtensionModel): def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_type, extension_type, scope, auto_upgrade_minor_version, release_train, version, target_namespace, @@ -34,7 +35,7 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t ext_scope = Scope(cluster=scope_cluster, namespace=None) logger.warning('Ignoring scope parameters since %s ' 'only supports cluster scope', extension_type) - + # If release-train is not provided, set it to 'preview' valid_release_trains = ['preview', 'dev'] if release_train is None: