Merge branch 'containerapp-0.3.11' into no-dockerfile

.github/CODEOWNERS

@@ -243,3 +243,5 @@
 /src/orbital/ @thisisdevanshu
 
 /src/fluid-relay/ @kairu-ms @necusjz @ZengTaoxu
+
+/src/fleet/ @pdaru

linter_exclusions.yml

@@ -1166,6 +1166,9 @@ iot central user update:
     central_dns_suffix:
       rule_exclusions:
       - no_parameter_defaults_for_update_commands
+iot device-update update:
+  rule_exclusions:
+    - require_wait_command_if_no_wait
 iot dps enrollment update:
   parameters:
     auth_type_dataplane:

scripts/ci/credscan/CredScanSuppressions.json

@@ -82,9 +82,7 @@
     },
     {
       "file": [
-        "src\\communication\\azext_communication\\tests\\latest\\recordings\\test_service_link_to_notification_hub.yaml",
-        "src\\communication\\azext_communication\\tests\\latest\\recordings\\test_service_regenerate_and_link_key.yaml",
-        "src\\communication\\azext_communication\\tests\\latest\\test_communication_scenario.py"
+        "src\\communication\\azext_communication\\tests\\latest\\recordings\\test_communication_scenario.yaml"
       ],
       "_justification": "Dummy resources' tokens left during testing Micorosfot.Communication"
     },
@@ -145,33 +143,40 @@
         "src\\containerapp\\azext_containerapp\\tests\\latest\\test_containerapp_commands.py",
         "src\\containerapp\\azext_containerapp\\tests\\latest\\test_containerapp_env_commands.py",
         "src\\containerapp\\azext_containerapp\\tests\\latest\\recordings\\test_containerapp_registry_msi.yaml",
-        "src\\containerapp\\azext_containerapp\\tests\\latest\\recordings\\test_containerapp_update_containers.yaml"
+        "src\\containerapp\\azext_containerapp\\tests\\latest\\recordings\\test_containerapp_update_containers.yaml",
+        "src\\containerapp\\azext_containerapp\\tests\\latest\\recordings\\test_containerapp_anonymous_registry.yaml",
+        "src\\containerapp\\azext_containerapp\\tests\\latest\\recordings\\test_containerapp_identity_user.yaml",
+        "src\\containerapp\\azext_containerapp\\tests\\latest\\recordings\\test_containerapp_registry_identity_user.yaml",
+        "src\\containerapp\\azext_containerapp\\tests\\latest\\recordings\\test_containerapp_identity_e2e.yaml"
       ],
       "_justification": "Dummy resources' keys left during testing Microsoft.App (required for log-analytics to create managedEnvironments)"
     },
     {
       "file": [
         "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_basic_no_existing_resources.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_both_cpus_and_deploy_cpu.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_environment.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_deploy_cpu.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_environment_prompt.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_service_cpus.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_both.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_secrets.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_external.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_secrets_and_existing_environment.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_internal.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_secrets_and_existing_environment_conflict.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_prompt.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_transport_arg.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_registry_all_args.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_with_command_list.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_registry_server_arg_only.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_with_command_list_and_entrypoint.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_replicas_global_scale.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_with_command_string.yaml",
-        "src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_replicas_replicated_mode.yaml"
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_location_differ_from_resource_group.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_environment.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_environment_prompt.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_both.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_external.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_internal.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_ingress_prompt.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_registry_all_args.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_registry_server_arg_only.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_replicas_global_scale.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_replicas_replicated_mode.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_both_cpus_and_deploy_cpu.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_deploy_cpu.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_deploy_with_mismatched_cpu_memory.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_service_cpus.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_resources_from_service_memory.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_secrets.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_secrets_and_existing_environment.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_secrets_and_existing_environment_conflict.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_create_with_transport_arg.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_with_command_list.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_with_command_list_and_entrypoint.yaml",
+"src\\containerapp-compose\\azext_containerapp_compose\\tests\\latest\\recordings\\test_containerapp_compose_with_command_string.yaml"
       ],
       "_justification": "Dummy resources' tokens left during testing."
     }

src/aks-preview/HISTORY.rst

@@ -11,7 +11,16 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
-*  [BREAKING CHANGE] Since the service no longer supports updating source resource id for role binding, so remove --source-resource-id of `aks trustedaccess rolebinding update` command
+
+0.5.94
+++++++
+
+* [BREAKING CHANGE] Since the service no longer supports updating source resource id for role binding, so remove --source-resource-id of `aks trustedaccess rolebinding update` command.
+* Change the acceptable values of the `--roles` option to comma-seperated.
+    * az aks trustedaccess rolebinding create
+    * az aks trustedaccess rolebinding update
+* Upgrade `az aks kollect` command to use Periscope version 0.0.10 supporting enhanced Windows log collection.
+* Update to use 2022-07-02-preview api version.
 
 0.5.93
 ++++++

src/aks-preview/azext_aks_preview/__init__.py

@@ -16,7 +16,7 @@ def register_aks_preview_resource_type():
     register_resource_type(
         "latest",
         CUSTOM_MGMT_AKS_PREVIEW,
-        SDKProfile("2022-06-02-preview", {"container_services": "2017-07-01"}),
+        SDKProfile("2022-07-02-preview", {"container_services": "2017-07-01"}),
     )
 
 

src/aks-preview/azext_aks_preview/_consts.py

@@ -178,8 +178,8 @@
 
 CONST_PERISCOPE_REPO_ORG = "azure"
 CONST_PERISCOPE_CONTAINER_REGISTRY = "mcr.microsoft.com"
-CONST_PERISCOPE_RELEASE_TAG = "v0.9"
-CONST_PERISCOPE_IMAGE_VERSION = "0.0.9"
+CONST_PERISCOPE_RELEASE_TAG = "0.0.10"
+CONST_PERISCOPE_IMAGE_VERSION = "0.0.10"
 CONST_PERISCOPE_NAMESPACE = "aks-periscope"
 
 CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC = "Public"

src/aks-preview/azext_aks_preview/_help.py

@@ -1837,7 +1837,7 @@
 
     examples:
         - name: Create a new trusted access role binding
-          text: az aks trustedaccess rolebinding create -g myResourceGroup --cluster-name myCluster -n bindingName -s /subscriptions/0000/resourceGroups/myResourceGroup/providers/Microsoft.Demo/samples --roles Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer
+          text: az aks trustedaccess rolebinding create -g myResourceGroup --cluster-name myCluster -n bindingName -s /subscriptions/0000/resourceGroups/myResourceGroup/providers/Microsoft.Demo/samples --roles Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer
 """
 
 helps['aks trustedaccess rolebinding update'] = """

src/aks-preview/azext_aks_preview/_params.py

@@ -703,11 +703,11 @@ def load_arguments(self, _):
                        '--name', '-n'], required=True, help='The role binding name.')
 
     with self.argument_context('aks trustedaccess rolebinding create') as c:
-        c.argument('roles', nargs='*', help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...')
+        c.argument('roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...')
         c.argument('source_resource_id', options_list=['--source-resource-id', '-s'], help='The source resource id of the binding')
 
     with self.argument_context('aks trustedaccess rolebinding update') as c:
-        c.argument('roles', nargs='*', help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...')
+        c.argument('roles', help='comma-separated roles: Microsoft.Demo/samples/reader,Microsoft.Demo/samples/writer,...')
 
 
 def _get_default_install_location(exe_name):

src/aks-preview/azext_aks_preview/aks_diagnostics.py

@@ -12,13 +12,15 @@
 import time
 
 from azure.cli.core.commands.client_factory import get_mgmt_service_client, get_subscription_id
+from enum import Flag, auto
 from knack.log import get_logger
 from knack.prompting import prompt_y_n
 from knack.util import CLIError
 from msrestazure.azure_exceptions import CloudError
+from packaging import version
 from tabulate import tabulate
 
-from azext_aks_preview._client_factory import get_storage_client
+from azext_aks_preview._client_factory import cf_agent_pools, get_storage_client
 
 from azext_aks_preview._consts import (
     CONST_CONTAINER_NAME_MAX_LENGTH,
@@ -34,6 +36,11 @@
 logger = get_logger(__name__)
 
 
+class ClusterFeatures(Flag):
+    NONE = 0
+    WIN_HPC = auto()
+
+
 # pylint: disable=line-too-long
 def aks_kollect_cmd(cmd,    # pylint: disable=too-many-statements,too-many-locals
                     client,
@@ -137,7 +144,10 @@ def aks_kollect_cmd(cmd,    # pylint: disable=too-many-statements,too-many-local
     container_name = _generate_container_name(mc.fqdn, mc.private_fqdn)
     sas_token = sas_token.strip('?')
 
-    kustomize_yaml = _get_kustomize_yaml(storage_account_name, sas_token, container_name, container_logs, kube_objects, node_logs, node_logs_windows)
+    cluster_features = _get_cluster_features(cmd.cli_ctx, resource_group_name, name)
+
+    run_id = datetime.datetime.utcnow().strftime("%Y-%m-%dT%H-%M-%SZ")
+    kustomize_yaml = _get_kustomize_yaml(storage_account_name, sas_token, container_name, run_id, cluster_features, container_logs, kube_objects, node_logs, node_logs_windows)
     kustomize_folder = tempfile.mkdtemp()
     kustomize_file_path = os.path.join(kustomize_folder, "kustomization.yaml")
     try:
@@ -227,11 +237,20 @@ def aks_kanalyze_cmd(client, resource_group_name: str, name: str) -> None:
 def _get_kustomize_yaml(storage_account_name,
                         sas_token,
                         container_name,
+                        run_id,
+                        cluster_features,
                         container_logs=None,
                         kube_objects=None,
                         node_logs_linux=None,
                         node_logs_windows=None):
+    components = {
+        'win-hpc': bool(cluster_features & ClusterFeatures.WIN_HPC)
+    }
+
+    component_content = "\n".join(f'- https://github.com/{CONST_PERISCOPE_REPO_ORG}/aks-periscope//deployment/components/{c}?ref={CONST_PERISCOPE_RELEASE_TAG}' for c, enabled in components.items() if enabled)
+
     diag_config_vars = {
+        'DIAGNOSTIC_RUN_ID': run_id,
         'DIAGNOSTIC_CONTAINERLOGS_LIST': container_logs,
         'DIAGNOSTIC_KUBEOBJECTS_LIST': kube_objects,
         'DIAGNOSTIC_NODELOGS_LIST_LINUX': node_logs_linux,
@@ -247,6 +266,9 @@ def _get_kustomize_yaml(storage_account_name,
 resources:
 - https://github.com/{CONST_PERISCOPE_REPO_ORG}/aks-periscope//deployment/base?ref={CONST_PERISCOPE_RELEASE_TAG}
 
+components:
+{component_content}
+
 namespace: {CONST_PERISCOPE_NAMESPACE}
 
 images:
@@ -313,6 +335,26 @@ def _generate_container_name(fqdn: str, private_fqdn: str) -> str:
     return container_name
 
 
+def _get_cluster_features(cli_ctx, resource_group_name, cluster_name):
+    agent_pool_client = cf_agent_pools(cli_ctx)
+    agent_pool_items = agent_pool_client.list(resource_group_name, cluster_name)
+    agent_pools = list(agent_pool_items)
+
+    features = ClusterFeatures.NONE
+    if _is_windows_hpc_supported(agent_pools):
+        features |= ClusterFeatures.WIN_HPC
+
+    return features
+
+
+def _is_windows_hpc_supported(agent_pools):
+    # https://docs.microsoft.com/en-us/rest/api/aks/agent-pools/list?tabs=HTTP#agentpool
+    # The full (major.minor.patch) version *may* be stored in currentOrchestratorVersion.
+    # If not, it'll be in orchestratorVersion.
+    windows_k8s_versions = [p.current_orchestrator_version or p.orchestrator_version for p in agent_pools if p.os_type.casefold() == "Windows".casefold()]
+    return all([version.parse(v) >= version.parse("1.23.0") for v in windows_k8s_versions])
+
+
 def _display_diagnostics_report(temp_kubeconfig_path):   # pylint: disable=too-many-statements
     if not which('kubectl'):
         raise CLIError('Can not find kubectl executable in PATH')

src/aks-preview/azext_aks_preview/custom.py

@@ -2225,7 +2225,8 @@ def aks_trustedaccess_role_binding_create(cmd, client, resource_group_name, clus
         resource_type=CUSTOM_MGMT_AKS_PREVIEW,
         operation_group="trusted_access_role_bindings",
     )
-    roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roles)
+    roleList = roles.split(',')
+    roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roleList)
     return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)
 
 
@@ -2237,7 +2238,8 @@ def aks_trustedaccess_role_binding_update(cmd, client, resource_group_name, clus
     )
     existedBinding = client.get(resource_group_name, cluster_name, role_binding_name)
 
-    roleBinding = TrustedAccessRoleBinding(source_resource_id=existedBinding.source_resource_id, roles=roles)
+    roleList = roles.split(',')
+    roleBinding = TrustedAccessRoleBinding(source_resource_id=existedBinding.source_resource_id, roles=roleList)
     return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)