merge latest changes from upstream

.azure-pipelines/breaking-change-tests.yml

@@ -20,7 +20,6 @@ jobs:
   - checkout: self
     fetchDepth: 0
     fetchTags: true
-    persistCredentials: true
   - task: UsePythonVersion@0
     displayName: 'Use Python 3.10'
     inputs:

.github/CODEOWNERS

@@ -24,8 +24,6 @@
 
 /src/storage-preview/ @evelyn_ys @calvinhzy
 
-/src/db-up/ @Juliehzl
-
 /src/dev-spaces/ @amsoedal
 
 /src/devcenter/ @am-lim

linter_exclusions.yml

@@ -13,9 +13,6 @@ aks create:
     aad_admin_group_object_ids:
       rule_exclusions:
       - option_length_too_long
-    aad_server_app_secret:
-      rule_exclusions:
-      - option_length_too_long
     api_server_authorized_ip_ranges:
       rule_exclusions:
       - option_length_too_long

src/aks-preview/HISTORY.rst

@@ -9,6 +9,27 @@ If there is no rush to release a new version, please just add a description of t
 
 To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.
 
+13.0.0b1
++++++++
+* [BREAKING CHANGE]: `az aks trustedaccess rolebinding create`: Remove deprecated `-r` and `-s` options.
+
+12.0.0b2
+++++++++
+* `az aks create/update`: Fix storage pool name validation for Azure Container Storage.
+
+12.0.0b1
++++++++
+* [BREAKING CHANGE]: Remove advanced container networking service (acns) enablement preview parameters `--enable-advanced-network-observability`, `--disable-advanced-network-observability`, `--enable-fqdn-policy`, `--disable-fqdn-policy`, and `--advanced-networking-observability-tls-management` from `az aks create/update` command.
+* Add advanced container networking service (acns) enablement GA parameters `--disable-acns-observability` and `--disable-acns-security` to `az aks create/update` command.
+
+11.0.0b1
++++++++
+* [BREAKING CHANGE]: `az aks create`: Remove AAD-legacy properties `--aad-client-app-id`, `--aad-server-app-id` and `--aad-server-app-secret` when creating cluster.
+
+10.0.0b1
+++++++++
+* [BREAKING CHANGE]: `az aks create/update`: Remove `--uptime-sla` and `--no-uptime-sla` options.
+
 9.0.0b8
 +++++++
 * Update VM SKU validations to get values from backend API for Azure Container Storage.

src/aks-preview/azext_aks_preview/_consts.py

@@ -327,10 +327,6 @@
 CONST_IMDS_RESTRICTION_ENABLED = "None"
 CONST_IMDS_RESTRICTION_DISABLED = "IMDS"
 
-# TLS Management Consts
-CONST_TLS_MANAGEMENT_MANAGED = "Managed"
-CONST_TLS_MANAGEMENT_NONE = "None"
-
 # GPU Driver Type Consts
 CONST_GPU_DRIVER_TYPE_CUDA = "CUDA"
 CONST_GPU_DRIVER_TYPE_GRID = "GRID"

src/aks-preview/azext_aks_preview/_help.py

@@ -106,20 +106,6 @@
         - name: --aad-admin-group-object-ids
           type: string
           short-summary: Comma-separated list of aad group object IDs that will be set as cluster admin.
-        - name: --aad-client-app-id
-          type: string
-          short-summary: The ID of an Azure Active Directory client application of type "Native". This
-                         application is for user login via kubectl.
-          long-summary: --aad-client-app-id is deprecated. See https://aka.ms/aks/aad-legacy for details.
-        - name: --aad-server-app-id
-          type: string
-          short-summary: The ID of an Azure Active Directory server application of type "Web app/API". This
-                         application represents the managed cluster's apiserver (Server application).
-          long-summary: --aad-server-app-id is deprecated. See https://aka.ms/aks/aad-legacy for details.
-        - name: --aad-server-app-secret
-          type: string
-          short-summary: The secret of an Azure Active Directory server application.
-          long-summary: --aad-server-app-secret is deprecated. See https://aka.ms/aks/aad-legacy for details.
         - name: --aad-tenant-id
           type: string
           short-summary: The ID of an Azure Active Directory tenant.
@@ -233,18 +219,15 @@
               Used together with the "azure" network plugin.
               Requires either --pod-subnet-id or --network-plugin-mode=overlay.
               This flag is deprecated in favor of --network-dataplane=cilium.
-        - name: --enable-advanced-network-observability
+        - name: --enable-acns
           type: bool
-          short-summary: Enable advanced network observability functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --enable-fqdn-policy
+          short-summary: Enable advanced network functionalities on a cluster. Enabling this will incur additional costs.
+        - name: --disable-acns-observability
           type: bool
-          short-summary: Enable advanced network security FQDN functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --enable-acns
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --disable-acns-security
           type: bool
-          short-summary: Enable advanced network functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --advanced-networking-observability-tls-management
-          type: string
-          short-summary: Management of TLS certificates for querying network flow logs via the flow log endpoint for Advanced Networking observability clusters. Valid values are "Managed" and "None". If not specified, the default is Managed.
+          short-summary: Used to disable advanced networking security features on a clusters when enabling advanced networking features with "--enable-acns".
         - name: --no-ssh-key -x
           type: string
           short-summary: Do not use or create a local SSH key.
@@ -329,9 +312,6 @@
           type: string
           short-summary: Restriction level on the managed node resource group.
           long-summary: The restriction level of permissions allowed on the cluster's managed node resource group, supported values are Unrestricted, and ReadOnly (recommended ReadOnly).
-        - name: --uptime-sla
-          type: bool
-          short-summary: --uptime-sla is deprecated. Please use '--tier standard' instead.
         - name: --sku
           type: string
           short-summary: Specify SKU name for managed clusters. '--sku base' enables a base managed cluster. '--sku automatic' enables an automatic managed cluster.
@@ -828,12 +808,6 @@
         - name: --max-count
           type: int
           short-summary: Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 1000]
-        - name: --uptime-sla
-          type: bool
-          short-summary: Enable a standard managed cluster service with a financially backed SLA. --uptime-sla is deprecated. Please use '--tier standard' instead.
-        - name: --no-uptime-sla
-          type: bool
-          short-summary: Change a standard managed cluster to a free one. --no-uptime-sla is deprecated. Please use '--tier free' instead.
         - name: --sku
           type: string
           short-summary: Specify SKU name for managed clusters. '--sku base' enables a base managed cluster. '--sku automatic' enables an automatic managed cluster.
@@ -1228,27 +1202,18 @@
         - name: --nodepool-labels
           type: string
           short-summary: The node labels for all node pool. See https://aka.ms/node-labels for syntax of labels.
-        - name: --enable-advanced-network-observability
-          type: bool
-          short-summary: Enable advanced network observability functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --disable-advanced-network-observability
-          type: bool
-          short-summary: Disable advanced network observability functionalities on a cluster
-        - name: --advanced-networking-observability-tls-management
-          type: string
-          short-summary: Management of TLS certificates for querying network flow logs via the flow log endpoint for Advanced Networking observability clusters. Valid values are "Managed" and "None". If not specified, the default is Managed.
-        - name: --enable-fqdn-policy
-          type: bool
-          short-summary: Enable advanced network security FQDN functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --disable-fqdn-policy
-          type: bool
-          short-summary: Disable advanced network security FQDN functionalities on a cluster
         - name: --enable-acns
           type: bool
-          short-summary: Enable advanced network functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: Enable advanced network functionalities on a cluster. Enabling this will incur additional costs.
         - name: --disable-acns
           type: bool
-          short-summary: Disable advanced network functionalities on a cluster
+          short-summary: Disable all advanced networking functionalities on a cluster.
+        - name: --disable-acns-observability
+          type: bool
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --disable-acns-security
+          type: bool
+          short-summary: Used to disable advanced networking security features on a clusters when enabling advanced networking features with "--enable-acns".
         - name: --enable-cost-analysis
           type: bool
           short-summary: Enable exporting Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. For more information see aka.ms/aks/docs/cost-analysis.
@@ -1318,7 +1283,7 @@
         text: az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 0.0.0.0/32
       - name: Update a AKS-managed AAD cluster with tenant ID or admin group object IDs.
         text: az aks update -g MyResourceGroup -n MyManagedCluster --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>
-      - name: Migrate a AKS AAD-Integrated cluster or a non-AAAAD cluster to a AKS-managed AAD cluster.
+      - name: Migrate a AKS AAD-Integrated cluster or a non-AAD cluster to a AKS-managed AAD cluster.
         text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-aad --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>
       - name: Enable Azure Hybrid User Benefits featture for a kubernetes cluster.
         text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-ahub

src/aks-preview/azext_aks_preview/_params.py

@@ -127,8 +127,6 @@
     CONST_APP_ROUTING_EXTERNAL_NGINX,
     CONST_APP_ROUTING_INTERNAL_NGINX,
     CONST_APP_ROUTING_NONE_NGINX,
-    CONST_TLS_MANAGEMENT_MANAGED,
-    CONST_TLS_MANAGEMENT_NONE,
     CONST_GPU_DRIVER_TYPE_CUDA,
     CONST_GPU_DRIVER_TYPE_GRID,
 )
@@ -417,11 +415,6 @@
     CONST_APP_ROUTING_NONE_NGINX
 ]
 
-tls_management_types = [
-    CONST_TLS_MANAGEMENT_MANAGED,
-    CONST_TLS_MANAGEMENT_NONE,
-]
-
 gpu_driver_types = [
     CONST_GPU_DRIVER_TYPE_CUDA,
     CONST_GPU_DRIVER_TYPE_GRID,
@@ -562,13 +555,6 @@ def load_arguments(self, _):
                 "Pass an empty string to clear the profile."
             ),
         )
-        c.argument(
-            "uptime_sla",
-            action="store_true",
-            deprecate_info=c.deprecate(
-                target="--uptime-sla", redirect="--tier", hide=True
-            ),
-        )
         c.argument(
             "sku", is_preview=True, arg_type=get_enum_type(sku_names)
         )
@@ -589,18 +575,6 @@ def load_arguments(self, _):
         )
         c.argument("enable_aad", action="store_true")
         c.argument("enable_azure_rbac", action="store_true")
-        c.argument(
-            "aad_client_app_id",
-            deprecate_info=c.deprecate(target="--aad-client-app-id", hide=True),
-        )
-        c.argument(
-            "aad_server_app_id",
-            deprecate_info=c.deprecate(target="--aad-server-app-id", hide=True),
-        )
-        c.argument(
-            "aad_server_app_secret",
-            deprecate_info=c.deprecate(target="--aad-server-app-secret", hide=True),
-        )
         c.argument("aad_tenant_id")
         c.argument("aad_admin_group_object_ids")
         c.argument("enable_oidc_issuer", action="store_true")
@@ -837,23 +811,17 @@ def load_arguments(self, _):
             ),
         )
         c.argument(
-            "enable_advanced_network_observability",
+            "enable_acns",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "advanced_networking_observability_tls_management",
-            arg_type=get_enum_type(tls_management_types),
-            default=CONST_TLS_MANAGEMENT_MANAGED,
-            is_preview=True,
-        )
-        c.argument(
-            "enable_fqdn_policy",
+            "disable_acns_observability",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "enable_acns",
+            "disable_acns_security",
             action="store_true",
             is_preview=True,
         )
@@ -1071,20 +1039,6 @@ def load_arguments(self, _):
                 "Pass an empty string to clear the profile."
             ),
         )
-        c.argument(
-            "uptime_sla",
-            action="store_true",
-            deprecate_info=c.deprecate(
-                target="--uptime-sla", redirect="--tier", hide=True
-            ),
-        )
-        c.argument(
-            "no_uptime_sla",
-            action="store_true",
-            deprecate_info=c.deprecate(
-                target="--no-uptime-sla", redirect="--tier", hide=True
-            ),
-        )
         c.argument(
             "sku", is_preview=True, arg_type=get_enum_type(sku_names)
         )
@@ -1334,37 +1288,22 @@ def load_arguments(self, _):
         c.argument("safeguards_version", help="The deployment safeguards version", is_preview=True)
         c.argument("safeguards_excluded_ns", is_preview=True)
         c.argument(
-            "enable_advanced_network_observability",
-            action="store_true",
-            is_preview=True,
-        )
-        c.argument(
-            "disable_advanced_network_observability",
-            action="store_true",
-            is_preview=True,
-        )
-        c.argument(
-            "advanced_networking_observability_tls_management",
-            arg_type=get_enum_type(tls_management_types),
-            is_preview=True,
-        )
-        c.argument(
-            "enable_fqdn_policy",
+            "enable_acns",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "disable_fqdn_policy",
+            "disable_acns",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "enable_acns",
+            "disable_acns_observability",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "disable_acns",
+            "disable_acns_security",
             action="store_true",
             is_preview=True,
         )
@@ -2269,11 +2208,6 @@ def load_arguments(self, _):
         )
         c.argument(
             "source_resource_id",
-            options_list=[
-                "--source-resource-id",
-                c.deprecate(target="-s", redirect="--source-resource-id", hide=True),
-                c.deprecate(target="-r", redirect="--source-resource-id", hide=True),
-            ],
             help="The source resource id of the binding",
         )
 

src/aks-preview/azext_aks_preview/custom.py

@@ -370,7 +370,6 @@ def aks_create(
     auto_upgrade_channel=None,
     node_os_upgrade_channel=None,
     cluster_autoscaler_profile=None,
-    uptime_sla=False,
     sku=None,
     tier=None,
     fqdn_subdomain=None,
@@ -385,9 +384,6 @@ def aks_create(
     assign_kubelet_identity=None,
     enable_aad=False,
     enable_azure_rbac=False,
-    aad_client_app_id=None,
-    aad_server_app_id=None,
-    aad_server_app_secret=None,
     aad_tenant_id=None,
     aad_admin_group_object_ids=None,
     enable_oidc_issuer=False,
@@ -493,10 +489,10 @@ def aks_create(
     enable_addon_autoscaling=False,
     enable_cilium_dataplane=False,
     custom_ca_trust_certificates=None,
-    enable_advanced_network_observability=None,
-    advanced_networking_observability_tls_management=None,
-    enable_fqdn_policy=None,
+    # advanced networking
     enable_acns=None,
+    disable_acns_observability=None,
+    disable_acns_security=None,
     # nodepool
     crg_id=None,
     message_of_the_day=None,
@@ -610,8 +606,6 @@ def aks_update(
     disable_force_upgrade=False,
     upgrade_override_until=None,
     cluster_autoscaler_profile=None,
-    uptime_sla=False,
-    no_uptime_sla=False,
     sku=None,
     tier=None,
     api_server_authorized_ip_ranges=None,
@@ -725,13 +719,11 @@ def aks_update(
     safeguards_level=None,
     safeguards_version=None,
     safeguards_excluded_ns=None,
-    enable_advanced_network_observability=None,
-    disable_advanced_network_observability=None,
-    advanced_networking_observability_tls_management=None,
-    enable_fqdn_policy=None,
-    disable_fqdn_policy=None,
+    # advanced networking
     enable_acns=None,
     disable_acns=None,
+    disable_acns_observability=None,
+    disable_acns_security=None,
     # metrics profile
     enable_cost_analysis=False,
     disable_cost_analysis=False,