diff --git a/src/aks-preview/HISTORY.md b/src/aks-preview/HISTORY.md index 43239816ebf..8a3eb01d039 100644 --- a/src/aks-preview/HISTORY.md +++ b/src/aks-preview/HISTORY.md @@ -2,6 +2,12 @@ Release History =============== + +0.5.62 +++++++ + +* Add support for managing workload identity feature. + 0.5.61 ++++++ * Add support for `--format` parameter in `az aks get-credentials` command. diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index d5516747224..8500ce8fcfd 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -350,6 +350,9 @@ - name: --enable-pod-identity-with-kubenet type: bool short-summary: (PREVIEW) Enable pod identity addon for cluster using Kubnet network plugin. + - name: --enable-workload-identity + type: bool + short-summary: (PREVIEW) Enable workload identity addon. - name: --aci-subnet-name type: string short-summary: The name of a subnet in an existing VNet into which to deploy the virtual nodes. @@ -618,6 +621,12 @@ - name: --disable-pod-identity type: bool short-summary: (PREVIEW) Disable Pod Identity addon for cluster. + - name: --enable-workload-identity + type: bool + short-summary: (PREVIEW) Enable Workload Identity addon for cluster. + - name: --disable-workload-identity + type: bool + short-summary: (PREVIEW) Disable Workload Identity addon for cluster. - name: --enable-secret-rotation type: bool short-summary: Enable secret rotation. Use with azure-keyvault-secrets-provider addon. diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 8080dea9180..2ecdf5c138c 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -169,6 +169,7 @@ def load_arguments(self, _): c.argument('http_proxy_config', options_list=[ '--http-proxy-config'], type=str) c.argument('enable_pod_identity', action='store_true') + c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) c.argument('appgw_name', options_list=[ '--appgw-name'], arg_group='Application Gateway') c.argument('appgw_subnet_prefix', options_list=[ @@ -255,6 +256,8 @@ def load_arguments(self, _): validator=validate_assign_identity) c.argument('enable_pod_identity', action='store_true') c.argument('disable_pod_identity', action='store_true') + c.argument('enable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) + c.argument('disable_workload_identity', arg_type=get_three_state_flag(), is_preview=True) c.argument('enable_secret_rotation', action='store_true') c.argument('disable_secret_rotation', action='store_true') c.argument('rotation_poll_interval', type=str) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 75d8ab9c6e4..ab51368a8bb 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -753,6 +753,8 @@ def aks_create(cmd, auto_upgrade_channel=None, enable_pod_identity=False, enable_pod_identity_with_kubenet=False, + # NOTE: for workload identity flags, we need to know if it's set to True/False or not set (None) + enable_workload_identity=None, enable_encryption_at_host=False, enable_ultra_ssd=False, edge_zone=None, @@ -834,6 +836,9 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches, enable_pod_identity=False, enable_pod_identity_with_kubenet=False, disable_pod_identity=False, + # NOTE: for workload identity flags, we need to know if it's set to True/False or not set (None) + enable_workload_identity=None, + disable_workload_identity=None, enable_secret_rotation=False, disable_secret_rotation=False, rotation_poll_interval=None, diff --git a/src/aks-preview/azext_aks_preview/decorator.py b/src/aks-preview/azext_aks_preview/decorator.py index c65e6dbb830..15928bdf044 100644 --- a/src/aks-preview/azext_aks_preview/decorator.py +++ b/src/aks-preview/azext_aks_preview/decorator.py @@ -7,7 +7,7 @@ import os import time from types import SimpleNamespace -from typing import Dict, List, Tuple, TypeVar, Union +from typing import Dict, List, Tuple, TypeVar, Union, Optional from azure.cli.command_modules.acs._consts import ( DecoratorEarlyExitException, @@ -81,6 +81,7 @@ ContainerServiceNetworkProfile = TypeVar("ContainerServiceNetworkProfile") ManagedClusterAddonProfile = TypeVar("ManagedClusterAddonProfile") ManagedClusterOIDCIssuerProfile = TypeVar('ManagedClusterOIDCIssuerProfile') +ManagedClusterSecurityProfileWorkloadIdentity = TypeVar('ManagedClusterSecurityProfileWorkloadIdentity') Snapshot = TypeVar("Snapshot") AzureKeyVaultKms = TypeVar('AzureKeyVaultKms') @@ -120,6 +121,11 @@ def __init__(self, cmd: AzCommandsLoader, resource_type: ResourceType): resource_type=self.resource_type, operation_group="managed_clusters", ) + self.ManagedClusterSecurityProfileWorkloadIdentity = self.__cmd.get_models( + "ManagedClusterSecurityProfileWorkloadIdentity", + resource_type=self.resource_type, + operation_group="managed_clusters", + ) self.ManagedClusterSecurityProfile = self.__cmd.get_models( "ManagedClusterSecurityProfile", resource_type=self.resource_type, @@ -1579,6 +1585,56 @@ def get_oidc_issuer_profile(self) -> ManagedClusterOIDCIssuerProfile: return profile + def get_workload_identity_profile(self) -> Optional[ManagedClusterSecurityProfileWorkloadIdentity]: + """Obtrain the value of security_profile.workload_identity. + + :return: Optional[ManagedClusterSecurityProfileWorkloadIdentity] + """ + enable_workload_identity = self.raw_param.get("enable_workload_identity") + disable_workload_identity = self.raw_param.get("disable_workload_identity") + if self.decorator_mode == DecoratorMode.CREATE: + # CREATE mode has no --disable-workload-identity flag + disable_workload_identity = None + + if enable_workload_identity is None and disable_workload_identity is None: + # no flags have been set, return None; server side will backfill the default/existing value + return None + + if enable_workload_identity and disable_workload_identity: + raise MutuallyExclusiveArgumentError( + "Cannot specify --enable-workload-identity and " + "--disable-workload-identity at the same time." + ) + + profile = self.models.ManagedClusterSecurityProfileWorkloadIdentity() + if self.decorator_mode == DecoratorMode.CREATE: + profile.enabled = bool(enable_workload_identity) + elif self.decorator_mode == DecoratorMode.UPDATE: + if self.mc.security_profile is not None and self.mc.security_profile.workload_identity is not None: + profile = self.mc.security_profile.workload_identity + if enable_workload_identity: + profile.enabled = True + elif disable_workload_identity: + profile.enabled = False + + if profile.enabled: + # in enable case, we need to check if OIDC issuer has been enabled + oidc_issuer_profile = self.get_oidc_issuer_profile() + if self.decorator_mode == DecoratorMode.UPDATE and oidc_issuer_profile is None: + # if the cluster has enabled OIDC issuer before, in update call: + # + # az aks update --enable-workload-identity + # + # we need to use previous OIDC issuer profile + oidc_issuer_profile = self.mc.oidc_issuer_profile + oidc_issuer_enabled = oidc_issuer_profile is not None and oidc_issuer_profile.enabled + if not oidc_issuer_enabled: + raise RequiredArgumentMissingError( + "Enabling workload identity requires enabling OIDC issuer (--enable-oidc-issuer)." + ) + + return profile + def get_crg_id(self) -> str: """Obtain the values of crg_id. @@ -1992,6 +2048,24 @@ def set_up_oidc_issuer_profile(self, mc: ManagedCluster) -> ManagedCluster: return mc + def set_up_workload_identity_profile(self, mc: ManagedCluster) -> ManagedCluster: + """Set up workload identity for the ManagedCluster object. + + :return: the ManagedCluster object + """ + profile = self.context.get_workload_identity_profile() + if profile is None: + if mc.security_profile is not None: + # set the value to None to let server side to fill in the default value + mc.security_profile.workload_identity = None + return mc + + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + mc.security_profile.workload_identity = profile + + return mc + def set_up_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster: """Set up security profile azureKeyVaultKms for the ManagedCluster object. @@ -2027,7 +2101,15 @@ def construct_mc_preview_profile(self) -> ManagedCluster: mc = self.set_up_pod_security_policy(mc) # set up pod identity profile mc = self.set_up_pod_identity_profile(mc) + + # update workload identity & OIDC issuer settings + # NOTE: in current implementation, workload identity settings setup requires checking + # previous OIDC issuer profile. However, the OIDC issuer settings setup will + # overrides the previous OIDC issuer profile based on user input. Therefore, we have + # to make sure the workload identity settings setup is done after OIDC issuer settings. + mc = self.set_up_workload_identity_profile(mc) mc = self.set_up_oidc_issuer_profile(mc) + mc = self.set_up_azure_keyvault_kms(mc) return mc @@ -2181,7 +2263,9 @@ def check_raw_parameters(self): '"--nodepool-labels" or ' '"--enable-oidc-issuer" or ' '"--http-proxy-config" or ' - '"--enable-azure-keyvault-kms".' + '"--enable-azure-keyvault-kms" or ' + '"--enable-workload-identity" or ' + '"--disable-workload-identity".' ) def update_load_balancer_profile(self, mc: ManagedCluster) -> ManagedCluster: @@ -2317,6 +2401,26 @@ def update_oidc_issuer_profile(self, mc: ManagedCluster) -> ManagedCluster: return mc + def update_workload_identity_profile(self, mc: ManagedCluster) -> ManagedCluster: + """Update workload identity profile for the ManagedCluster object. + + :return: the ManagedCluster object + """ + self._ensure_mc(mc) + + profile = self.context.get_workload_identity_profile() + if profile is None: + if mc.security_profile is not None: + # set the value to None to let server side to fill in the default value + mc.security_profile.workload_identity = None + return mc + + if mc.security_profile is None: + mc.security_profile = self.models.ManagedClusterSecurityProfile() + mc.security_profile.workload_identity = profile + + return mc + def update_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster: """Update security profile azureKeyvaultKms for the ManagedCluster object. @@ -2367,7 +2471,15 @@ def update_mc_preview_profile(self) -> ManagedCluster: mc = self.update_nat_gateway_profile(mc) # update pod identity profile mc = self.update_pod_identity_profile(mc) + + # update workload identity & OIDC issuer settings + # NOTE: in current implementation, workload identity settings setup requires checking + # previous OIDC issuer profile. However, the OIDC issuer settings setup will + # overrides the previous OIDC issuer profile based on user input. Therefore, we have + # to make sure the workload identity settings setup is done after OIDC issuer settings. + mc = self.update_workload_identity_profile(mc) mc = self.update_oidc_issuer_profile(mc) + mc = self.update_http_proxy_config(mc) mc = self.update_azure_keyvault_kms(mc) return mc diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_workload_identity_enabled.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_workload_identity_enabled.yaml new file mode 100644 index 00000000000..ff7bd480e04 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_workload_identity_enabled.yaml @@ -0,0 +1,604 @@ +interactions: +- request: + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestxa5hqlks3-8ecadf", + "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "workloadRuntime": + "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "enableNodePublicIP": false, "scaleSetPriority": "Regular", + "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "enableEncryptionAtHost": + false, "enableUltraSSD": false, "enableFIPS": false, "name": "nodepool1"}], + "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {}, "oidcIssuerProfile": + {"enabled": true}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": + {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": + "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false, + "securityProfile": {"workloadIdentity": {"enabled": true}}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1519' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitestxa5hqlks3-8ecadf\",\n \"fqdn\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n }\n },\n \"podCidr\": + \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n \"dnsServiceIP\": + \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n \"outboundType\": + \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/0ab20aca-0f31-4807-827e-ce15da97a0b3/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3203' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/3b59123f-4349-4c3a-8a14-a409ee9cb6b8?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"3f12593b-4943-3a4c-8a14-a409ee9cb6b8\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:41:04.2566666Z\",\n \"endTime\": + \"2022-04-18T07:44:46.0468336Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --enable-workload-identity --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitestxa5hqlks3-8ecadf\",\n \"fqdn\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitestxa5hqlks3-8ecadf-45d9402a.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/fbf58988-36de-4306-be8d-841a64aba381\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/0ab20aca-0f31-4807-827e-ce15da97a0b3/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3856' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_workload_identity.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_workload_identity.yaml new file mode 100644 index 00000000000..c3c88863246 --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_update_with_workload_identity.yaml @@ -0,0 +1,1493 @@ +interactions: +- request: + body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitesttkedmzmgr-8ecadf", + "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "workloadRuntime": + "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "enableNodePublicIP": false, "scaleSetPriority": "Regular", + "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "enableEncryptionAtHost": + false, "enableUltraSSD": false, "enableFIPS": false, "name": "nodepool1"}], + "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {}, "oidcIssuerProfile": + {"enabled": true}, "enableRBAC": true, "enablePodSecurityPolicy": false, "networkProfile": + {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": + "loadBalancer", "loadBalancerSku": "standard"}, "disableLocalAccounts": false}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '1459' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n }\n },\n \"podCidr\": + \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n \"dnsServiceIP\": + \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n \"outboundType\": + \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": + [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n + \ },\n \"maxAgentPools\": 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"oidcIssuerProfile\": {\n \"enabled\": true,\n \"issuerURL\": + \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3146' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:41:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:42:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:43:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '121' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:44:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/f86f1793-597f-405d-9286-489567b98f68?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"93176ff8-7f59-5d40-9286-489567b98f68\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:41:04.41Z\",\n \"endTime\": + \"2022-04-18T07:44:50.1855296Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '165' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --location --enable-managed-identity --enable-oidc-issuer + --ssh-key-value --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"oidcIssuerProfile\": {\n \"enabled\": true,\n \"issuerURL\": + \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3799' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:05 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {},\n \"oidcIssuerProfile\": {\n \"enabled\": true,\n \"issuerURL\": + \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3799' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:06 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "sku": {"name": "Basic", "tier": "Free"}, "identity": + {"type": "SystemAssigned"}, "properties": {"kubernetesVersion": "1.21.9", "dnsPrefix": + "cliakstest-clitesttkedmzmgr-8ecadf", "agentPoolProfiles": [{"count": 3, "vmSize": + "Standard_DS2_v2", "osDiskSizeGB": 128, "osDiskType": "Managed", "kubeletDiskType": + "OS", "workloadRuntime": "OCIContainer", "maxPods": 110, "osType": "Linux", + "osSKU": "Ubuntu", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "currentOrchestratorVersion": "1.21.9", "powerState": {"code": + "Running"}, "enableNodePublicIP": false, "enableEncryptionAtHost": false, "enableUltraSSD": + false, "enableFIPS": false, "name": "nodepool1"}], "linuxProfile": {"adminUsername": + "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "servicePrincipalProfile": {"clientId":"00000000-0000-0000-0000-000000000001"}, + "nodeResourceGroup": "MC_clitest000001_cliakstest000001_westus2", "enableRBAC": + true, "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": + "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": + "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", + "loadBalancerSku": "Standard", "loadBalancerProfile": {"managedOutboundIPs": + {"count": 1, "countIPv6": 0}, "effectiveOutboundIPs": [{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f"}]}, + "podCidrs": ["10.244.0.0/16"], "serviceCidrs": ["10.0.0.0/16"], "ipFamilies": + ["IPv4"]}, "identityProfile": {"kubeletidentity": {"resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool", + "clientId":"00000000-0000-0000-0000-000000000001", "objectId":"00000000-0000-0000-0000-000000000001"}}, + "disableLocalAccounts": false, "securityProfile": {"workloadIdentity": {"enabled": + true}}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + Content-Length: + - '2494' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Updating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Updating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3854' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"d9c87a71-d726-1340-aa38-6e2b27683cac\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:45:08.6033333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:45:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"d9c87a71-d726-1340-aa38-6e2b27683cac\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:45:08.6033333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/717ac8d9-26d7-4013-aa38-6e2b27683cac?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"d9c87a71-d726-1340-aa38-6e2b27683cac\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:45:08.6033333Z\",\n \"endTime\": + \"2022-04-18T07:46:24.356849Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '169' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3856' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3856' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:39 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"location": "westus2", "sku": {"name": "Basic", "tier": "Free"}, "identity": + {"type": "SystemAssigned"}, "properties": {"kubernetesVersion": "1.21.9", "dnsPrefix": + "cliakstest-clitesttkedmzmgr-8ecadf", "agentPoolProfiles": [{"count": 3, "vmSize": + "Standard_DS2_v2", "osDiskSizeGB": 128, "osDiskType": "Managed", "kubeletDiskType": + "OS", "workloadRuntime": "OCIContainer", "maxPods": 110, "osType": "Linux", + "osSKU": "Ubuntu", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "currentOrchestratorVersion": "1.21.9", "powerState": {"code": + "Running"}, "enableNodePublicIP": false, "enableEncryptionAtHost": false, "enableUltraSSD": + false, "enableFIPS": false, "name": "nodepool1"}], "linuxProfile": {"adminUsername": + "azureuser", "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\n"}]}}, "servicePrincipalProfile": {"clientId":"00000000-0000-0000-0000-000000000001"}, + "nodeResourceGroup": "MC_clitest000001_cliakstest000001_westus2", "enableRBAC": + true, "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": + "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": + "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", + "loadBalancerSku": "Standard", "loadBalancerProfile": {"managedOutboundIPs": + {"count": 1, "countIPv6": 0}, "effectiveOutboundIPs": [{"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f"}]}, + "podCidrs": ["10.244.0.0/16"], "serviceCidrs": ["10.0.0.0/16"], "ipFamilies": + ["IPv4"]}, "identityProfile": {"kubeletidentity": {"resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool", + "clientId":"00000000-0000-0000-0000-000000000001", "objectId":"00000000-0000-0000-0000-000000000001"}}, + "disableLocalAccounts": false, "securityProfile": {"workloadIdentity": {"enabled": + false}}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + Content-Length: + - '2495' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Updating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Updating\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": false\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3855' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:46:42 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"4e7ac2a6-bf42-fc45-8816-3d6c5e3102ef\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:46:41.9333333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:47:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"4e7ac2a6-bf42-fc45-8816-3d6c5e3102ef\",\n \"status\": + \"InProgress\",\n \"startTime\": \"2022-04-18T07:46:41.9333333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:47:41 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/a6c27a4e-42bf-45fc-8816-3d6c5e3102ef?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"4e7ac2a6-bf42-fc45-8816-3d6c5e3102ef\",\n \"status\": + \"Succeeded\",\n \"startTime\": \"2022-04-18T07:46:41.9333333Z\",\n \"endTime\": + \"2022-04-18T07:47:50.7653813Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:48:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableWorkloadIdentityPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --disable-workload-identity --aks-custom-headers + User-Agent: + - AZURECLI/2.35.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.10 + (Linux-5.13.0-1021-azure-x86_64-with-glibc2.29) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001?api-version=2022-03-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000001\",\n + \ \"location\": \"westus2\",\n \"name\": \"cliakstest000001\",\n \"type\": + \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": + \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": + \"1.21.9\",\n \"currentKubernetesVersion\": \"1.21.9\",\n \"dnsPrefix\": + \"cliakstest-clitesttkedmzmgr-8ecadf\",\n \"fqdn\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.hcp.westus2.azmk8s.io\",\n + \ \"azurePortalFQDN\": \"cliakstest-clitesttkedmzmgr-8ecadf-fd744287.portal.hcp.westus2.azmk8s.io\",\n + \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": + 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": + \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": + \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n + \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n + \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"currentOrchestratorVersion\": + \"1.21.9\",\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n + \ \"enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n + \ \"osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\": + \"AKSUbuntu-1804gen2containerd-2022.03.29\",\n \"enableFIPS\": false\n + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\",\n + \ \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmQBpwsevpFiCagT7DdJovt65tNIQuFg0nI90QTUG9objLgMETUfInYoUN00OrcHgElLpcQE0U2oTlv0oqgDP5q/iLUquOyuUPX3TXBqWHBYD0RdH73dDP3dmJI+qtNAEezrDMSGOw9GPjBKSAoFi3LA0VPc72fxbV9AwzrtSU3HzAikmxhOdNl2TkM5oCPGr5NgXmvfmirRztoosB4eBCWEYpvKDqiXYvEiOaxxwqkAhmuku4f/v6ioJqeEhgPewiuXQgXEZ63kob0y3AqKmpIGAf+NtwImOv2RsQso5sxPdSiC7ejRh5g01RyFUc8CD5I/lwZZhXwgpnjIv239N + azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": + {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"nodeResourceGroup\": + \"MC_clitest000001_cliakstest000001_westus2\",\n \"enableRBAC\": true,\n + \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": + \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n \"loadBalancerProfile\": + {\n \"managedOutboundIPs\": {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": + [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.Network/publicIPAddresses/dbf524a5-a289-4f29-b612-fdae921c030f\"\n + \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": + \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": + \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": + [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n + \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": + 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": + \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000001_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000001-agentpool\",\n + \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n + \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": + {\n \"workloadIdentity\": {\n \"enabled\": false\n }\n },\n \"oidcIssuerProfile\": + {\n \"enabled\": true,\n \"issuerURL\": \"https://oidc.prod-aks.azure.com/d0d3c3d2-bb2a-40d6-9118-b7ebf6c1bbea/\"\n + \ }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n + \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": + {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" + headers: + cache-control: + - no-cache + content-length: + - '3857' + content-type: + - application/json + date: + - Mon, 18 Apr 2022 07:48:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index 4ab26f23fc1..6ce92675e95 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -3602,6 +3602,80 @@ def test_aks_update_with_oidc_issuer_enabled(self, resource_group, resource_grou self.check('oidcIssuerProfile.enabled', True), ]) + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap') + def test_aks_create_with_workload_identity_enabled(self, resource_group, resource_group_location): + # reset the count so in replay mode the random names will start with 0 + self.test_resources_count = 0 + # kwargs for string formatting + aks_name = self.create_random_name('cliakstest', 16) + + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'location': resource_group_location, + 'resource_type': 'Microsoft.ContainerService/ManagedClusters', + 'ssh_key_value': self.generate_ssh_keys(), + }) + + create_cmd = ' '.join([ + 'aks', 'create', '--resource-group={resource_group}', '--name={name}', '--location={location}', + '--enable-managed-identity', '--enable-oidc-issuer', '--enable-workload-identity', + '--ssh-key-value={ssh_key_value}', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview,AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableOIDCIssuerPreview', + ]) + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('oidcIssuerProfile.enabled', True), + self.check('securityProfile.workloadIdentity.enabled', True), + ]) + + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap') + def test_aks_update_with_workload_identity(self, resource_group, resource_group_location): + # reset the count so in replay mode the random names will start with 0 + self.test_resources_count = 0 + # kwargs for string formatting + aks_name = self.create_random_name('cliakstest', 16) + + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'location': resource_group_location, + 'resource_type': 'Microsoft.ContainerService/ManagedClusters', + 'ssh_key_value': self.generate_ssh_keys(), + }) + + create_cmd = ' '.join([ + 'aks', 'create', '--resource-group={resource_group}', '--name={name}', '--location={location}', + '--enable-managed-identity', '--enable-oidc-issuer', + '--ssh-key-value={ssh_key_value}', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview', + ]) + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + ]) + + enable_cmd = ' '.join([ + 'aks', 'update', '--resource-group={resource_group}', '--name={name}', + '--enable-workload-identity', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview,AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableOIDCIssuerPreview', + ]) + self.cmd(enable_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('securityProfile.workloadIdentity.enabled', True), + ]) + + disable_cmd = ' '.join([ + 'aks', 'update', '--resource-group={resource_group}', '--name={name}', + '--disable-workload-identity', + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableWorkloadIdentityPreview,AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableOIDCIssuerPreview', + ]) + self.cmd(disable_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('securityProfile.workloadIdentity.enabled', False), + ]) + @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') def test_aks_create_with_crg_id(self, resource_group, resource_group_location): diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py index 96dacbece67..1f82d31e94c 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py @@ -1649,6 +1649,121 @@ def test_get_oidc_issuer_profile__update_enable(self): self.assertIsNotNone(profile) self.assertTrue(profile.enabled) + def test_get_workload_identity_profile__create_no_set(self): + ctx = AKSPreviewContext( + self.cmd, {}, self.models, decorator_mode=DecoratorMode.CREATE + ) + self.assertIsNone(ctx.get_workload_identity_profile()) + + def test_get_workload_identity_profile__create_enable_without_oidc_issuer(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.CREATE + ) + with self.assertRaises(RequiredArgumentMissingError): + ctx.get_workload_identity_profile() + + def test_get_workload_identity_profile__create_enable_with_oidc_issuer(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_oidc_issuer": True, + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.CREATE + ) + profile = ctx.get_workload_identity_profile() + self.assertTrue(profile.enabled) + + def test_get_workload_identity_profile__update_not_set(self): + ctx = AKSPreviewContext( + self.cmd, {}, self.models, decorator_mode=DecoratorMode.UPDATE + ) + ctx.attach_mc(self.models.ManagedCluster(location="test_location")) + self.assertIsNone(ctx.get_workload_identity_profile()) + + def test_get_workload_identity_profile__update_with_enable_and_disable(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + "disable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + ctx.attach_mc(self.models.ManagedCluster(location="test_location")) + with self.assertRaises(MutuallyExclusiveArgumentError): + ctx.get_workload_identity_profile() + + def test_get_workload_identity_profile__update_with_enable_without_oidc_issuer(self): + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + ctx.attach_mc(self.models.ManagedCluster(location="test_location")) + with self.assertRaises(RequiredArgumentMissingError): + ctx.get_workload_identity_profile() + + def test_get_workload_identity_profile__update_with_enable(self): + for previous_enablement_status in [ + None, # preivous not set + True, # previous set to enabled=true + False, # previous set to enabled=false + ]: + ctx = AKSPreviewContext( + self.cmd, + { + "enable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + if previous_enablement_status is None: + mc.security_profile = None + else: + mc.security_profile = self.models.ManagedClusterSecurityProfile( + workload_identity=self.models.ManagedClusterSecurityProfileWorkloadIdentity( + enabled=previous_enablement_status + ) + ) + ctx.attach_mc(mc) + profile = ctx.get_workload_identity_profile() + self.assertTrue(profile.enabled) + + def test_get_workload_identity_profile__update_with_disable(self): + for previous_enablement_status in [ + None, # preivous not set + True, # previous set to enabled=true + False, # previous set to enabled=false + ]: + ctx = AKSPreviewContext( + self.cmd, + { + "disable_workload_identity": True, + }, + self.models, decorator_mode=DecoratorMode.UPDATE + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + if previous_enablement_status is None: + mc.security_profile = None + else: + mc.security_profile = self.models.ManagedClusterSecurityProfile( + workload_identity=self.models.ManagedClusterSecurityProfileWorkloadIdentity( + enabled=previous_enablement_status + ) + ) + ctx.attach_mc(mc) + profile = ctx.get_workload_identity_profile() + self.assertFalse(profile.enabled) + def test_get_crg_id(self): # default ctx_1 = AKSPreviewContext( @@ -2744,6 +2859,36 @@ def test_set_up_oidc_issuer_profile__enabled_mc_enabled(self): self.assertIsNotNone(updated_mc.oidc_issuer_profile) self.assertTrue(updated_mc.oidc_issuer_profile.enabled) + def test_set_up_workload_identity_profile__default_value(self): + dec = AKSPreviewCreateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + updated_mc = dec.set_up_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile) + + def test_set_up_workload_identity_profile__default_value_with_security_profile(self): + dec = AKSPreviewCreateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.security_profile = self.models.ManagedClusterSecurityProfile() + updated_mc = dec.set_up_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile.workload_identity) + + def test_set_up_workload_identity_profile__enabled(self): + dec = AKSPreviewCreateDecorator( + self.cmd, self.client, + { + "enable_oidc_issuer": True, + "enable_workload_identity": True, + }, + CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + updated_mc = dec.set_up_workload_identity_profile(mc) + self.assertTrue(updated_mc.security_profile.workload_identity.enabled) + def test_set_up_azure_keyvault_kms(self): dec_1 = AKSPreviewCreateDecorator( self.cmd, @@ -3822,6 +3967,57 @@ def test_update_oidc_issuer_profile__enabled_mc_enabled(self): self.assertIsNotNone(updated_mc.oidc_issuer_profile) self.assertTrue(updated_mc.oidc_issuer_profile.enabled) + def test_update_workload_identity_profile__default_value(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile) + + def test_update_workload_identity_profile__default_value_mc_enabled(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, {}, CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.security_profile = self.models.ManagedClusterSecurityProfile( + workload_identity=self.models.ManagedClusterSecurityProfileWorkloadIdentity( + enabled=True, + ) + ) + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertIsNone(updated_mc.security_profile.workload_identity) + + def test_update_workload_identity_profile__enabled(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, + { + "enable_workload_identity": True, + }, + CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertTrue(updated_mc.security_profile.workload_identity.enabled) + + def test_update_workload_identity_profile__disabled(self): + dec = AKSPreviewUpdateDecorator( + self.cmd, self.client, + { + "enable_workload_identity": False, + }, + CUSTOM_MGMT_AKS_PREVIEW + ) + mc = self.models.ManagedCluster(location="test_location") + mc.oidc_issuer_profile = self.models.ManagedClusterOIDCIssuerProfile(enabled=True) + dec.context.attach_mc(mc) + updated_mc = dec.update_workload_identity_profile(mc) + self.assertFalse(updated_mc.security_profile.workload_identity.enabled) + def test_update_azure_keyvault_kms(self): dec_1 = AKSPreviewUpdateDecorator( self.cmd, diff --git a/src/aks-preview/linter_exclusions.yml b/src/aks-preview/linter_exclusions.yml index 38e717f280d..62d52a3eb8f 100644 --- a/src/aks-preview/linter_exclusions.yml +++ b/src/aks-preview/linter_exclusions.yml @@ -2,37 +2,46 @@ aks create: parameters: enable_sgxquotehelper: rule_exclusions: - - option_length_too_long + - option_length_too_long enable_pod_identity_with_kubenet: rule_exclusions: - - option_length_too_long + - option_length_too_long enable_azure_keyvault_kms: rule_exclusions: - - option_length_too_long + - option_length_too_long azure_keyvault_kms_key_id: rule_exclusions: - - option_length_too_long + - option_length_too_long + enable_workload_identity: + rule_exclusions: + - option_length_too_long aks delete: parameters: ignore_pod_disruption_budget: rule_exclusions: - - option_length_too_long + - option_length_too_long aks enable-addons: parameters: enable_sgxquotehelper: rule_exclusions: - - option_length_too_long + - option_length_too_long aks update: parameters: enable_pod_identity_with_kubenet: rule_exclusions: - - option_length_too_long + - option_length_too_long disable_secret_rotation: rule_exclusions: - - option_length_too_long + - option_length_too_long enable_azure_keyvault_kms: rule_exclusions: - - option_length_too_long + - option_length_too_long azure_keyvault_kms_key_id: rule_exclusions: - - option_length_too_long + - option_length_too_long + enable_workload_identity: + rule_exclusions: + - option_length_too_long + disable_workload_identity: + rule_exclusions: + - option_length_too_long diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 9ae2808d35d..26d74b11136 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.61" +VERSION = "0.5.62" CLASSIFIERS = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers",