AzureArcForKubernetes · bavneetsingh16 · Sep 29, 2022 · Jul 29, 2022 · Jul 18, 2022 · Jul 22, 2022
@@ -94,6 +94,14 @@
           --kind bucket --url https://bucket-provider.minio.io \\
           --bucket-name my-bucket --kustomization name=my-kustomization \\
           --bucket-access-key my-access-key --bucket-secret-key my-secret-key
+      - name: Create a Kubernetes v2 Flux Configuration with Azure Blob Source Kind
+        text: |-
+          az k8s-configuration flux create --resource-group my-resource-group \\
+          --cluster-name mycluster --cluster-type connectedClusters \\
+          --name myconfig --scope cluster --namespace my-namespace \\
+          --kind azblob --url https://mystorageaccount.blob.core.windows.net \\
+          --container-name my-container --kustomization name=my-kustomization \\
+          --account-key my-account-key
 """
 
 helps[
@@ -108,11 +116,16 @@
           --cluster-name mycluster --cluster-type connectedClusters --name myconfig \\
           --url https://github.com/Azure/arc-k8s-demo --branch main \\
           --kustomization name=my-kustomization path=./my/new-path
-      - name: Update a Flux v2 Kubernetse configuration with Bucket Source Kind to connect insecurely
+      - name: Update a Flux v2 Kubernetes configuration with Bucket Source Kind to connect insecurely
         text: |-
           az k8s-configuration flux update --resource-group my-resource-group \\
           --cluster-name mycluster --cluster-type connectedClusters --name myconfig \\
           --bucket-insecure
+      - name: Update a Flux v2 Kubernetes configuration with Azure Blob Source Kind with another container name
+        text: |-
+          az k8s-configuration flux update --resource-group my-resource-group \\
+          --cluster-name mycluster --cluster-type connectedClusters --name myconfig \\
+          --container-name other-container
 """
 
 helps[

@@ -67,7 +67,7 @@ def load_arguments(self, _):
         )
         c.argument(
             "kind",
-            arg_type=get_enum_type([consts.GIT, consts.BUCKET]),
+            arg_type=get_enum_type([consts.GIT, consts.BUCKET, consts.AZBLOB]),
             help="Source kind to reconcile",
         )
         c.argument(
@@ -178,6 +178,62 @@ def load_arguments(self, _):
             help="Define kustomizations to sync sources with parameters ['name', 'path', 'depends_on', 'timeout', 'sync_interval', 'retry_interval', 'prune', 'force']",
             nargs="+",
         )
+        c.argument(
+            "container_name",
+            help="Name of the Azure Blob Storage container to sync",
+        )
+        c.argument(
+            "sp_client_id",
+            arg_group="Azure Blob Auth",
+            options_list=["--sp-client-id", "--service-principal-client-id"],
+            help="The client ID for authenticating a service principal with Azure Blob, required for this authentication method",
+        )
+        c.argument(
+            "sp_tenant_id",
+            arg_group="Azure Blob Auth",
+            options_list=["--sp-tenant-id", "--service-principal-tenant-id"],
+            help="The tenant ID for authenticating a service principal with Azure Blob, required for this authentication method",
+        )
+        c.argument(
+            "sp_client_secret",
+            arg_group="Azure Blob Auth",
+            options_list=["--sp-client-secret", "--service-principal-client-secret"],
+            help="The client secret for authenticating a service principal with Azure Blob",
+        )
+        c.argument(
+            "sp_client_cert",
+            arg_group="Azure Blob Auth",
+            options_list=["--sp-client-cert", "--service-principal-client-certificate"],
+            help="The Base64 encoded client certificate for authenticating a service principal with Azure Blob",
+        )
+        c.argument(
+            "sp_client_cert_password",
+            arg_group="Azure Blob Auth",
+            options_list=["--sp-cert-password", "--service-principal-client-certificate-password"],
+            help="The password for the client certificate used to authenticate a service principal with Azure Blob",
+        )
+        c.argument(
+            "sp_client_cert_send_chain",
+            arg_group="Azure Blob Auth",
+            options_list=["--sp-cert-send-chain", "--service-principal-client-certificate-send-chain"],
+            help="Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate",
+        )
+        c.argument(
+            "account_key",
+            arg_group="Azure Blob Auth",
+            help="The Azure Blob Shared Key for authentication ",
+        )
+        c.argument(
+            "sas_token",
+            arg_group="Azure Blob Auth",
+            help="The Azure Blob SAS Token for authentication ",
+        )
+        c.argument(
+            "mi_client_id",
+            arg_group="Azure Blob Auth",
+            options_list=["--mi-client-id", "--managed-identity-client-id"],
+            help="The client ID of the managed identity for authentication with Azure Blob",
+        )
 
     with self.argument_context("k8s-configuration flux update") as c:
         c.argument(

@@ -8,8 +8,8 @@
 # API VERSIONS -----------------------------------------
 
 SOURCE_CONTROL_API_VERSION = "2022-03-01"
-FLUXCONFIG_API_VERSION = "2022-03-01"
-EXTENSION_API_VERSION = "2022-03-01"
+FLUXCONFIG_API_VERSION = "2022-07-01"
+EXTENSION_API_VERSION = "2022-07-01"
 
 # ERROR/HELP TEXT DEFINITIONS -----------------------------------------
 
@@ -41,7 +41,30 @@
 REQUIRED_BUCKET_VALUES_MISSING_HELP = (
     "Provide either both of '--secret-key' and '--access-key' or '--local-auth-ref'"
 )
-
+REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_VALUES_MISSING_ERROR = (
+    "Error! Service principal is invalid because it is missing value(s)"
+)
+REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_VALUES_MISSING_HELP = (
+    "Provide '--sp-client-id', '--sp-tenant-id', and either '--sp-client-secret' or '--sp-client-cert'"
+)
+REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_AUTH_ERROR = (
+    "Error! Too many authentication methods provided for service principal"
+)
+REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_AUTH_HELP = (
+    "Provide either '--sp-client-secret' or '--sp-client-cert'"
+)
+REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_CERT_VALUES_MISSING_ERROR = (
+    "Error! Service principal certificate password is invalid"
+)
+REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_CERT_VALUES_MISSING_HELP = (
+    "Provide '--sp-client-id', '--sp-tenant-id', and '--sp-client-cert' with your '--sp-cert-password"
+)
+REQUIRED_AZURE_BLOB_AUTH_ERROR = (
+    "Error! Too many authentication methods provided for Azure Blob"
+)
+REQUIRED_AZURE_BLOB_AUTH_HELP = (
+    "Specify one of the available authentication methods from the list: '--local-auth-ref', '--account-key', '--sas-token', '--mi-client-id', or service principal with '--sp-client-id', '--sp-tenant-id', and either '--sp-client-secret' or '--sp-client-cert'"
+)
 EXTRA_VALUES_PROVIDED_ERROR = (
     "Error! Invalid properties [{}] were specified for kind '{}'"
 )
@@ -213,6 +236,24 @@
     "local_auth_ref",
 }
 
+AZUREBLOB_REQUIRED_PARAMS = {"url", "container_name"}
+AZUREBLOB_VALID_PARAMS = {
+    "url",
+    "container_name",
+    "sync_interval",
+    "timeout",
+    "account_key",
+    "local_auth_ref",
+    "sp_tenant_id",
+    "sp_client_id",
+    "sp_client_cert",
+    "sp_client_cert_password",
+    "sp_client_secret",
+    "sp_client_cert_send_chain",
+    "sas_token",
+    "mi_client_id",
+}
+
 DEPENDENCY_KEYS = ["dependencies", "depends_on", "dependsOn", "depends"]
 SYNC_INTERVAL_KEYS = ["interval", "sync_interval", "syncInterval"]
 RETRY_INTERVAL_KEYS = ["retryInterval", "retry_interval"]
@@ -222,12 +263,16 @@
 VALID_DURATION_REGEX = r"((?P<hours>\d+?)h)?((?P<minutes>\d+?)m)?((?P<seconds>\d+?)s)?"
 VALID_GIT_URL_REGEX = r"^(((http|https|ssh)://)|(git@))"
 VALID_BUCKET_URL_REGEX = r"^(((http|https)://))"
+VALID_AZUREBLOB_URL_REGEX = r"^(((http|https)://))"
 
 VALID_KUBERNETES_DNS_SUBDOMAIN_NAME_REGEX = r"^[a-z0-9]([\.\-a-z0-9]*[a-z0-9])?$"
 VALID_KUBERNETES_DNS_NAME_REGEX = r"^[a-z0-9]([\-a-z0-9]*[a-z0-9])?$"
 
 GIT = "git"
 BUCKET = "bucket"
+BUCKET_CAPS = "Bucket"
+AZBLOB = "azblob"
+AZURE_BLOB = "AzureBlob"
 GIT_REPOSITORY = "GitRepository"
 
 CONNECTED_CLUSTER_TYPE = "connectedclusters"