diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 4988dad61fa..e51daf8e583 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -70,6 +70,9 @@ - name: --enable-aad type: bool short-summary: Enable managed AAD feature for cluster. + - name: --aad-enable-azure-rbac + type: bool + short-summary: Whether to enable Azure RBAC for Kubernetes authorization. - name: --aad-admin-group-object-ids type: string short-summary: Comma seperated list of aad group object IDs that will be set as cluster admin. diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 6c526da4948..8ce96563439 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -809,6 +809,7 @@ def aks_create(cmd, # pylint: disable=too-many-locals,too-many-statements,to appgw_subnet_id=None, appgw_watch_namespace=None, enable_aad=False, + aad_enable_azure_rbac=False, aad_admin_group_object_ids=None, no_wait=False): if not no_ssh_key: @@ -982,6 +983,7 @@ def aks_create(cmd, # pylint: disable=too-many-locals,too-many-statements,to aad_profile = ManagedClusterAADProfile( managed=True, + enable_azure_rbac=aad_enable_azure_rbac, admin_group_object_ids=_parse_comma_separated_list(aad_admin_group_object_ids), tenant_id=aad_tenant_id ) @@ -989,6 +991,9 @@ def aks_create(cmd, # pylint: disable=too-many-locals,too-many-statements,to if aad_admin_group_object_ids is not None: raise CLIError('"--admin-aad-object-id" can only be used together with "--enable-aad"') + if aad_enable_azure_rbac is True: + raise CLIError('"--enable_azure_rbac" can only be used together with "--enable-aad"') + if any([aad_client_app_id, aad_server_app_id, aad_server_app_secret]): aad_profile = ManagedClusterAADProfile( client_app_id=aad_client_app_id, diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_and_update_with_managed_aad_enable_azure_rbac.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_and_update_with_managed_aad_enable_azure_rbac.yaml new file mode 100644 index 00000000000..3f47c74b023 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_and_update_with_managed_aad_enable_azure_rbac.yaml @@ -0,0 +1,561 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-resource/9.0.0 Azure-SDK-For-Python + AZURECLI/2.6.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2019-07-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","date":"2020-05-28T05:26:30Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '313' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 28 May 2020 05:26:32 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "properties": {"kubernetesVersion": "", "dnsPrefix": + "cliakstest-clitestvouk66jlj-c10894", "agentPoolProfiles": [{"count": 1, "vmSize": + "Standard_D2s_v3", "osType": "Linux", "type": "AvailabilitySet", "mode": "System", + "enableNodePublicIP": false, "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": + "Delete", "name": "nodepool1"}], "linuxProfile": {"adminUsername": "azureuser", + "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiOFgDVZSitF+jMxvBpJmYO8ReNVZMG+n996WvKxFfaR9903Zykxrvu7RUqdpZZ0hzzueeLJPJpiGxvk8ur4vnkXJkX7H8fvZZw6EI5PhuD76xXXRdXp9I2dH91oTqJ0Ne/s01K2PcJC+SzkU+icGLsIqP47QVoBL+H1nMapzcZVYYXzPd2u1bJZbGgJZSxEOJenybNY/1qhJGIEhMqLPXcz8QDuqLMrz3WMGLmfwv5SMTzd9ejfRAJ85RXeciTSjUtT37HUDafiql3JxhrrbUkgyuoVMztGp6DvTHb0XKDS06su1jBxQpGuquCKcpJNIa7Z3pJmWSM/b7VahsHzWP + pmiller@gmail.com\n"}]}}, "servicePrincipalProfile": {"clientId": "709e9be8-2b36-441f-81b5-16bd257fb5cb", + "secret": "b39ff07ddb2703825634$"}, "addonProfiles": {}, "enableRBAC": true, + "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", "loadBalancerSku": + "standard"}, "aadProfile": {"managed": true, "enableAzureRBAC": true, "adminGroupObjectIDs": ["00000000-0000-0000-0000-000000000001"]}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1376' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2020-06-01 + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\"\ + ,\n \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\"\ + : \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \ + \ \"provisioningState\": \"Creating\",\n \"kubernetesVersion\": \"1.15.11\"\ + ,\n \"dnsPrefix\": \"cliakstest-clitestvouk66jlj-c10894\",\n \"fqdn\"\ + : \"cliakstest-clitestvouk66jlj-c10894-ece69997.hcp.westus2.azmk8s.io\",\n\ + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"\ + count\": 1,\n \"vmSize\": \"Standard_D2s_v3\",\n \"osDiskSizeGB\"\ + : 100,\n \"maxPods\": 110,\n \"type\": \"AvailabilitySet\",\n \ + \ \"provisioningState\": \"Creating\",\n \"orchestratorVersion\": \"1.15.11\"\ + ,\n \"enableNodePublicIP\": false,\n \"nodeLabels\": {},\n \"\ + mode\": \"System\",\n \"osType\": \"Linux\"\n }\n ],\n \"linuxProfile\"\ + : {\n \"adminUsername\": \"azureuser\",\n \"ssh\": {\n \"publicKeys\"\ + : [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiOFgDVZSitF+jMxvBpJmYO8ReNVZMG+n996WvKxFfaR9903Zykxrvu7RUqdpZZ0hzzueeLJPJpiGxvk8ur4vnkXJkX7H8fvZZw6EI5PhuD76xXXRdXp9I2dH91oTqJ0Ne/s01K2PcJC+SzkU+icGLsIqP47QVoBL+H1nMapzcZVYYXzPd2u1bJZbGgJZSxEOJenybNY/1qhJGIEhMqLPXcz8QDuqLMrz3WMGLmfwv5SMTzd9ejfRAJ85RXeciTSjUtT37HUDafiql3JxhrrbUkgyuoVMztGp6DvTHb0XKDS06su1jBxQpGuquCKcpJNIa7Z3pJmWSM/b7VahsHzWP\ + \ pmiller@gmail.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\"\ + : {\n \"clientId\": \"709e9be8-2b36-441f-81b5-16bd257fb5cb\"\n },\n \ + \ \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n\ + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"networkProfile\"\ + : {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"standard\"\ + ,\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"\ + count\": 1\n }\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\"\ + : \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\"\ + : \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\"\n },\n \"\ + aadProfile\": {\n \"managed\": true,\n \"enableAzureRBAC\": true,\n \"adminGroupObjectIDs\": [\n\ + \ \"00000000-0000-0000-0000-000000000001\"\n ],\n \"tenantID\":\ + \ \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"maxAgentPools\": 1\n\ + \ },\n \"sku\": {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n\ + \ }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '2276' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:26:39 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"91537d72-d485-fa46-9302-156c5f6d3c3e\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2020-05-28T05:26:40.042017Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:27:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"91537d72-d485-fa46-9302-156c5f6d3c3e\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2020-05-28T05:26:40.042017Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:27:41 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"91537d72-d485-fa46-9302-156c5f6d3c3e\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2020-05-28T05:26:40.042017Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:28:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"91537d72-d485-fa46-9302-156c5f6d3c3e\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2020-05-28T05:26:40.042017Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:28:41 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"91537d72-d485-fa46-9302-156c5f6d3c3e\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2020-05-28T05:26:40.042017Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:29:13 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"91537d72-d485-fa46-9302-156c5f6d3c3e\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2020-05-28T05:26:40.042017Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '125' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:29:43 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/727d5391-85d4-46fa-9302-156c5f6d3c3e?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"91537d72-d485-fa46-9302-156c5f6d3c3e\",\n \"status\"\ + : \"Succeeded\",\n \"startTime\": \"2020-05-28T05:26:40.042017Z\",\n \"\ + endTime\": \"2020-05-28T05:29:56.0050552Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '169' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:30:13 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --vm-set-type -c --enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids + User-Agent: + - python/3.6.9 (Linux-4.19.104-microsoft-standard-x86_64-with-Ubuntu-18.04-bionic) + msrest/0.6.9 msrest_azure/0.6.3 azure-mgmt-containerservice/4.4.3 Azure-SDK-For-Python + AZURECLI/2.6.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2020-06-01 + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\"\ + ,\n \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\"\ + : \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \ + \ \"provisioningState\": \"Succeeded\",\n \"kubernetesVersion\": \"1.15.11\"\ + ,\n \"dnsPrefix\": \"cliakstest-clitestvouk66jlj-c10894\",\n \"fqdn\"\ + : \"cliakstest-clitestvouk66jlj-c10894-ece69997.hcp.westus2.azmk8s.io\",\n\ + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"\ + count\": 1,\n \"vmSize\": \"Standard_D2s_v3\",\n \"osDiskSizeGB\"\ + : 100,\n \"maxPods\": 110,\n \"type\": \"AvailabilitySet\",\n \ + \ \"provisioningState\": \"Succeeded\",\n \"orchestratorVersion\": \"\ + 1.15.11\",\n \"enableNodePublicIP\": false,\n \"nodeLabels\": {},\n\ + \ \"mode\": \"System\",\n \"osType\": \"Linux\"\n }\n ],\n \ + \ \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n \"ssh\"\ + : {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiOFgDVZSitF+jMxvBpJmYO8ReNVZMG+n996WvKxFfaR9903Zykxrvu7RUqdpZZ0hzzueeLJPJpiGxvk8ur4vnkXJkX7H8fvZZw6EI5PhuD76xXXRdXp9I2dH91oTqJ0Ne/s01K2PcJC+SzkU+icGLsIqP47QVoBL+H1nMapzcZVYYXzPd2u1bJZbGgJZSxEOJenybNY/1qhJGIEhMqLPXcz8QDuqLMrz3WMGLmfwv5SMTzd9ejfRAJ85RXeciTSjUtT37HUDafiql3JxhrrbUkgyuoVMztGp6DvTHb0XKDS06su1jBxQpGuquCKcpJNIa7Z3pJmWSM/b7VahsHzWP\ + \ pmiller@gmail.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\"\ + : {\n \"clientId\": \"709e9be8-2b36-441f-81b5-16bd257fb5cb\"\n },\n \ + \ \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n\ + \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"networkProfile\"\ + : {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\"\ + ,\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"\ + count\": 1\n },\n \"effectiveOutboundIPs\": [\n {\n \"\ + id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/3e0ca7a7-7c0b-4d4f-8f8c-786347dcc849\"\ + \n }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\"\ + : \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\"\ + : \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\"\n },\n \"\ + aadProfile\": {\n \"managed\": true,\n \"enableAzureRBAC\": true,\n \"adminGroupObjectIDs\": [\n\ + \ \"00000000-0000-0000-0000-000000000001\"\n ],\n \"tenantID\":\ + \ \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"maxAgentPools\": 1\n\ + \ },\n \"sku\": {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n\ + \ }" + headers: + cache-control: + - no-cache + content-length: + - '2544' + content-type: + - application/json + date: + - Thu, 28 May 2020 05:30:14 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 034534be724..875b776c374 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -109,6 +109,26 @@ def test_aks_create_nonaad_and_update_with_managed_aad(self, resource_group, res '--aad-tenant-id 00000000-0000-0000-0000-000000000002 -o json' self.cmd(update_cmd, expect_failure=True) + @live_only() # without live only fails with needs .ssh fails (maybe generate-ssh-keys would fix) and maybe az login. + @AllowLargeResponse() + @ResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') + def test_aks_create_and_update_with_managed_aad_enable_azure_rbac(self, resource_group, resource_group_location): + aks_name = self.create_random_name('cliakstest', 16) + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name + }) + + create_cmd = 'aks create --resource-group={resource_group} --name={name} ' \ + '--vm-set-type AvailabilitySet -c 1 ' \ + '--enable-aad --aad-enable-azure-rbac --aad-admin-group-object-ids 00000000-0000-0000-0000-000000000001 -o json' + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('aadProfile.managed', True), + self.check('aadProfile.enableAzureRBAC', True), + self.check('aadProfile.adminGroupObjectIds[0]', '00000000-0000-0000-0000-000000000001') + ]) + @AllowLargeResponse() @ResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_ingress_appgw_addon(self, resource_group, resource_group_location): diff --git a/src/aks-preview/azext_aks_preview/vendored_sdks/azure_mgmt_preview_aks/container_service_client.py b/src/aks-preview/azext_aks_preview/vendored_sdks/azure_mgmt_preview_aks/container_service_client.py index 74d3b0d0545..ff9d9440160 100644 --- a/src/aks-preview/azext_aks_preview/vendored_sdks/azure_mgmt_preview_aks/container_service_client.py +++ b/src/aks-preview/azext_aks_preview/vendored_sdks/azure_mgmt_preview_aks/container_service_client.py @@ -326,7 +326,7 @@ def operations(self): elif api_version == '2020-04-01': from .v2020_04_01.operations import Operations as OperationClass elif api_version == '2020-06-01': - from .v2020_06_01.operations import Operations as OperationClass + from .v2020_06_01.operations import Operations as OperationClass else: raise NotImplementedError("APIVersion {} is not available".format(api_version)) return OperationClass(self._client, self.config, Serializer(self._models_dict(api_version)), Deserializer(self._models_dict(api_version)))