[Connectedk8s] Added OID param for custom-locations feature (Azure#3407)

* Added oid param

* Bump version

* Nit

* Nit2

* Refine message

* Update src/connectedk8s/azext_connectedk8s/custom.py

Co-authored-by: Shashank Barsin <[email protected]>

* Update src/connectedk8s/azext_connectedk8s/custom.py

Co-authored-by: Shashank Barsin <[email protected]>

* Update src/connectedk8s/azext_connectedk8s/custom.py

Co-authored-by: Shashank Barsin <[email protected]>

* Nit loggings

* Changed param name

* update param name

* Fix param name ref

* Update src/connectedk8s/HISTORY.rst

Co-authored-by: Xing Zhou <[email protected]>

Co-authored-by: Arpit Gupta <[email protected]>
Co-authored-by: Shashank Barsin <[email protected]>
Co-authored-by: Xing Zhou <[email protected]>

src/connectedk8s/HISTORY.rst

@@ -3,10 +3,16 @@
 Release History
 ===============
 
+1.1.5
+++++++
+* Add custom-locations oid parameter for spn scenario
+
+
 1.1.4
 ++++++
 * Add compatible logic for the track 2 migration of resource dependence
 
+
 1.1.3
 ++++++
 * Fix for list_node() sdk function for AKS v1.19.x clusters

src/connectedk8s/azext_connectedk8s/_params.py

@@ -33,6 +33,7 @@ def load_arguments(self, _):
         c.argument('distribution', options_list=['--distribution'], help='The Kubernetes distribution which will be running on this connected cluster.', arg_type=get_enum_type(Distribution_Enum_Values))
         c.argument('infrastructure', options_list=['--infrastructure'], help='The infrastructure on which the Kubernetes cluster represented by this connected cluster will be running on.', arg_type=get_enum_type(Infrastructure_Enum_Values))
         c.argument('disable_auto_upgrade', options_list=['--disable-auto-upgrade'], action='store_true', help='Flag to disable auto upgrade of arc agents.')
+        c.argument('cl_oid', options_list=['--custom-locations-oid'], help="OID of 'custom-locations' app")
 
     with self.argument_context('connectedk8s update') as c:
         c.argument('cluster_name', options_list=['--name', '-n'], id_part='name', help='The name of the connected cluster.')
@@ -59,6 +60,7 @@ def load_arguments(self, _):
         c.argument('azrbac_client_id', options_list=['--app-id'], arg_group='Azure RBAC', help='Application ID for enabling Azure RBAC. Specify when enabling azure-rbac.')
         c.argument('azrbac_client_secret', options_list=['--app-secret'], arg_group='Azure RBAC', help='Application secret for enabling Azure RBAC. Specify when enabling azure-rbac.')
         c.argument('azrbac_skip_authz_check', options_list=['--skip-azure-rbac-list'], arg_group='Azure RBAC', help='Comma separated list of names of usernames/email/oid. Azure RBAC will be skipped for these users. Specify when enabling azure-rbac.')
+        c.argument('cl_oid', options_list=['--custom-locations-oid'], help="OID of 'custom-locations' app")
 
     with self.argument_context('connectedk8s disable-features') as c:
         c.argument('cluster_name', options_list=['--name', '-n'], id_part='name', help='The name of the connected cluster.')

src/connectedk8s/azext_connectedk8s/custom.py

@@ -57,7 +57,7 @@
 
 def create_connectedk8s(cmd, client, resource_group_name, cluster_name, https_proxy="", http_proxy="", no_proxy="", proxy_cert="", location=None,
                         kube_config=None, kube_context=None, no_wait=False, tags=None, distribution='auto', infrastructure='auto',
-                        disable_auto_upgrade=False):
+                        disable_auto_upgrade=False, cl_oid=None):
     logger.warning("Ensure that you have the latest helm version installed before proceeding.")
     logger.warning("This operation might take a while...\n")
 
@@ -140,7 +140,7 @@ def create_connectedk8s(cmd, client, resource_group_name, cluster_name, https_pr
     # Checking if it is an AKS cluster
     is_aks_cluster = check_aks_cluster(kube_config, kube_context)
     if is_aks_cluster:
-        logger.warning("The cluster you are trying to connect to Azure Arc is an Azure Kubernetes Service (AKS) cluster. While Arc onboarding an AKS cluster is possible, it's not necessary. Learn more at {}.".format(" https://go.microsoft.com/fwlink/?linkid=2144200"))
+        logger.warning("Connecting an Azure Kubernetes Service (AKS) cluster to Azure Arc is only required for running Arc enabled services like App Services and Data Services on the cluster. Other features like Azure Monitor and Azure Defender are natively available on AKS. Learn more at {}.".format(" https://go.microsoft.com/fwlink/?linkid=2144200"))
 
     # Checking helm installation
     check_helm_install(kube_config, kube_context)
@@ -253,7 +253,7 @@ def create_connectedk8s(cmd, client, resource_group_name, cluster_name, https_pr
     put_cc_response = create_cc_resource(client, resource_group_name, cluster_name, cc, no_wait)
 
     # Checking if custom locations rp is registered and fetching oid if it is registered
-    enable_custom_locations, custom_locations_oid = check_cl_registration_and_get_oid(cmd)
+    enable_custom_locations, custom_locations_oid = check_cl_registration_and_get_oid(cmd, cl_oid)
 
     # Install azure-arc agents
     utils.helm_install_release(chart_path, subscription_id, kubernetes_distro, kubernetes_infra, resource_group_name, cluster_name,
@@ -1128,7 +1128,7 @@ def get_all_helm_values(release_namespace, kube_config, kube_context):
 
 
 def enable_features(cmd, client, resource_group_name, cluster_name, features, kube_config=None, kube_context=None,
-                    azrbac_client_id=None, azrbac_client_secret=None, azrbac_skip_authz_check=None):
+                    azrbac_client_id=None, azrbac_client_secret=None, azrbac_skip_authz_check=None, cl_oid=None):
     logger.warning("Ensure that you have the latest helm version installed before proceeding.")
     logger.warning("This operation might take a while...\n")
 
@@ -1145,7 +1145,7 @@ def enable_features(cmd, client, resource_group_name, cluster_name, features, ku
         azrbac_skip_authz_check = escape_proxy_settings(azrbac_skip_authz_check)
 
     if enable_cl:
-        enable_cl, custom_locations_oid = check_cl_registration_and_get_oid(cmd)
+        enable_cl, custom_locations_oid = check_cl_registration_and_get_oid(cmd, cl_oid)
         if not enable_cluster_connect and enable_cl:
             enable_cluster_connect = True
             logger.warning("Enabling 'custom-locations' feature will enable 'cluster-connect' feature too.")
@@ -1935,27 +1935,38 @@ def check_process(processName):
     return False
 
 
-def get_custom_locations_oid(cmd):
+def get_custom_locations_oid(cmd, cl_oid):
     try:
         sp_graph_client = get_graph_client_service_principals(cmd.cli_ctx)
         sub_filters = []
         sub_filters.append("displayName eq '{}'".format("Custom Locations RP"))
         result = list(sp_graph_client.list(filter=(' and '.join(sub_filters))))
         if len(result) != 0:
-            return result[0].object_id
-        else:
-            logger.warning("Unable to fetch oid of 'custom-locations' app. Proceeding without enabling the feature.")
+            if cl_oid is not None and cl_oid != result[0].object_id:
+                logger.debug("The 'Custom-locations' OID passed is different from the actual OID({}) of the Custom Locations RP app. Proceeding with the correct one...".format(result[0].object_id))
+            return result[0].object_id  # Using the fetched OID
+
+        if cl_oid is None:
+            logger.warning("Failed to enable Custom Locations feature on the cluster. Unable to fetch Object ID of Azure AD application used by Azure Arc service. Try enabling the feature by passing the --custom-locations-oid parameter directly. Learn more at https://aka.ms/CustomLocationsObjectID")
             telemetry.set_exception(exception='Unable to fetch oid of custom locations app.', fault_type=consts.Custom_Locations_OID_Fetch_Fault_Type,
                                     summary='Unable to fetch oid for custom locations app.')
             return ""
+        else:
+            return cl_oid
     except Exception as e:
-        logger.warning("Unable to fetch oid of 'custom-locations' app. Proceeding without enabling the feature. " + str(e))
+        log_string = "Unable to fetch the Object ID of the Azure AD application used by Azure Arc service. "
         telemetry.set_exception(exception=e, fault_type=consts.Custom_Locations_OID_Fetch_Fault_Type,
                                 summary='Unable to fetch oid for custom locations app.')
+        if cl_oid:
+            log_string += "Proceeding with the Object ID provided to enable the 'custom-locations' feature."
+            logger.warning(log_string)
+            return cl_oid
+        log_string += "Unable to enable the 'custom-locations' feature. " + str(e)
+        logger.warning(log_string)
         return ""
 
 
-def check_cl_registration_and_get_oid(cmd):
+def check_cl_registration_and_get_oid(cmd, cl_oid):
     enable_custom_locations = True
     custom_locations_oid = ""
     try:
@@ -1965,7 +1976,7 @@ def check_cl_registration_and_get_oid(cmd):
             enable_custom_locations = False
             logger.warning("'Custom-locations' feature couldn't be enabled on this cluster as the pre-requisite registration of 'Microsoft.ExtendedLocation' was not met. More details for enabling this feature later on this cluster can be found here - https://aka.ms/EnableCustomLocations")
         else:
-            custom_locations_oid = get_custom_locations_oid(cmd)
+            custom_locations_oid = get_custom_locations_oid(cmd, cl_oid)
             if custom_locations_oid == "":
                 enable_custom_locations = False
     except Exception as e:

src/connectedk8s/setup.py

@@ -17,7 +17,7 @@
 # TODO: Confirm this is the right version number you want and it matches your
 # HISTORY.rst entry.
 
-VERSION = '1.1.4'
+VERSION = '1.1.5'
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers