Azure · zhoxing-ms · May 24, 2022 · May 17, 2022 · May 17, 2022 · May 18, 2022
@@ -14,6 +14,11 @@ Pending
 
 * Refactor: Removed redundant `--disable-workload-identity` flag. User can disable the workload identity feature by using `--enable-workload-identity False`.
 
+0.5.74
+++++++
+
+* Add command `aks trustedaccess role list`.
+
 0.5.73
 ++++++
 

@@ -26,7 +26,8 @@
             "test_aks_create_and_update_with_http_proxy_config",
             "test_aks_snapshot",
             "test_aks_custom_kubelet_identity",
-            "test_aks_nodepool_add_with_ossku_windows2022"
+            "test_aks_nodepool_add_with_ossku_windows2022",
+            "test_list_trustedaccess_roles"
         ]
     }
 }
@@ -18,6 +18,10 @@ def get_container_service_client(cli_ctx, **_):
     return get_mgmt_service_client(cli_ctx, CUSTOM_MGMT_AKS_PREVIEW)
 
 
+def cf_trustedaccess_role(cli_ctx, *_):
+    return get_container_service_client(cli_ctx).trusted_access_roles
+
+
 def cf_container_services(cli_ctx, *_):
     return get_container_service_client(cli_ctx).container_services
 

@@ -1702,6 +1702,21 @@
     short-summary: Delete a nodepool snapshot.
 """
 
+helps['aks trustedaccess'] = """
+    type: group
+    short-summary: Commands to manage trusted access security features.
+"""
+
+helps['aks trustedaccess role'] = """
+    type: group
+    short-summary: Commands to manage trusted access roles.
+"""
+
+helps['aks trustedaccess role list'] = """
+    type: command
+    short-summary: List trusted access roles.
+"""
+
 helps['aks draft'] = """
     type: group
     short-summary: Commands to build deployment files in a project directory and deploy to an AKS cluster.

@@ -10,6 +10,7 @@
 from ._client_factory import cf_agent_pools
 from ._client_factory import cf_nodepool_snapshots
 from ._client_factory import cf_mc_snapshots
+from ._client_factory import cf_trustedaccess_role
 from ._format import aks_show_table_format
 from ._format import aks_addon_list_available_table_format, aks_addon_list_table_format, aks_addon_show_table_format
 from ._format import aks_agentpool_show_table_format
@@ -54,7 +55,14 @@ def load_command_table(self, _):
     mc_snapshot_sdk = CliCommandType(
         operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.'
                         'operations._managed_clusters_snapshots_operations#ManagedClusterSnapshotsOperations.{}',
-        client_factory=cf_mc_snapshots)
+        client_factory=cf_mc_snapshots
+    )
+
+    trustedaccess_role_sdk = CliCommandType(
+        operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.'
+                        'operations._trusted_access_roles_operations#TrustedAccessRolesOperations.{}',
+        client_factory=cf_trustedaccess_role
+    )
 
     # AKS managed cluster commands
     with self.command_group('aks', managed_clusters_sdk, client_factory=cf_managed_clusters) as g:
@@ -170,3 +178,7 @@ def load_command_table(self, _):
                          supports_no_wait=True)
         g.custom_command('delete', 'aks_snapshot_delete',
                          supports_no_wait=True)
+
+    # AKS trusted access roles commands
+    with self.command_group('aks trustedaccess role', trustedaccess_role_sdk, client_factory=cf_trustedaccess_role) as g:
+        g.custom_command('list', 'aks_trustedaccess_role_list')
@@ -3229,3 +3229,7 @@ def aks_nodepool_snapshot_list(cmd, client, resource_group_name=None):  # pylint
         return client.list()
 
     return client.list_by_resource_group(resource_group_name)
+
+
+def aks_trustedaccess_role_list(cmd, client, location):  # pylint: disable=unused-argument
+    return client.list(location)
@@ -443,7 +443,7 @@ def test_aks_create_with_openservicemesh_addon(self, resource_group, resource_gr
             self.check('addonProfiles.openServiceMesh.enabled', True),
         ])
 
-    @live_only() # live only is required for test environment setup like `az login`
+    @live_only()  # live only is required for test environment setup like `az login`
     @AllowLargeResponse()
     def test_aks_addon_list_available(self):
         list_available_cmd = 'aks addon list-available -o json'
@@ -1378,10 +1378,10 @@ def test_aks_nodepool_add_with_ossku_windows2022(self, resource_group, resource_
                  '--node-count=1 '
                  '--os-type Windows '
                  '--os-sku Windows2022',
-            checks=[
-                self.check('provisioningState', 'Succeeded'),
-                self.check('osSku', 'Windows2022'),
-            ])
+                 checks=[
+                     self.check('provisioningState', 'Succeeded'),
+                     self.check('osSku', 'Windows2022'),
+                 ])
 
         # delete
         self.cmd(
@@ -4065,8 +4065,7 @@ def test_aks_create_and_update_with_csi_drivers_extensibility(self, resource_gro
 
         # check standard reconcile scenario
         update_cmd = 'aks update --resource-group={resource_group} --name={name} -y -o json'
-        self.cmd(update_cmd
-        , checks=[
+        self.cmd(update_cmd, checks=[
             self.check('provisioningState', 'Succeeded'),
             self.check('storageProfile.diskCsiDriver.enabled', False),
             self.check('storageProfile.fileCsiDriver.enabled', False),
@@ -4086,8 +4085,7 @@ def test_aks_create_and_update_with_csi_drivers_extensibility(self, resource_gro
 
         # check standard reconcile scenario
         update_cmd = 'aks update --resource-group={resource_group} --name={name} -y -o json'
-        self.cmd(update_cmd
-        , checks=[
+        self.cmd(update_cmd, checks=[
             self.check('provisioningState', 'Succeeded'),
             self.check('storageProfile.diskCsiDriver.enabled', True),
             self.check('storageProfile.fileCsiDriver.enabled', True),
@@ -4175,6 +4173,17 @@ def test_aks_create_with_apiserver_vnet_integration(self, resource_group, resour
             self.is_empty(),
         ])
 
+
+    @live_only()  # live only is required for test environment setup like `az login`
+    @AllowLargeResponse()
+    def test_list_trustedaccess_roles(self):
+        cmd = 'aks trustedaccess role list -l eastus2euap'
+        self.cmd(cmd, checks=[
+            self.check(
+                'type', 'Microsoft.ContainerService/locations/trustedaccessroles')
+        ])
+
+
     @live_only() # this test requires live_only because a binary is downloaded
     def test_aks_draft_with_helm(self):
         import tempfile, os
@@ -4199,6 +4208,7 @@ def test_aks_draft_with_helm(self):
             self.cmd(update_cmd)
             assert os.path.isfile(f'{tmp_dir}/charts/production.yaml')
 
+
     @live_only() # this test requires live_only because a binary is downloaded
     def test_aks_draft_with_kustomize(self):
         import tempfile, os
@@ -4223,6 +4233,7 @@ def test_aks_draft_with_kustomize(self):
             self.cmd(update_cmd)
             assert os.path.isfile(f'{tmp_dir}/overlays/production/service.yaml')
 
+
     @live_only() # this test requires live_only because a binary is downloaded
     def test_aks_draft_with_manifest(self):
         import tempfile, os
@@ -4245,4 +4256,4 @@ def test_aks_draft_with_manifest(self):
             # test `update`
             update_cmd = f'aks draft update --path={tmp_dir} --destination={tmp_dir} --host=testHost --certificate=testKV'
             self.cmd(update_cmd)
-            assert os.path.isfile(f'{tmp_dir}/manifests/service.yaml')
+            assert os.path.isfile(f'{tmp_dir}/manifests/service.yaml')
@@ -9,7 +9,7 @@
 
 from setuptools import setup, find_packages
 
-VERSION = "0.5.73"
+VERSION = "0.5.74"
 CLASSIFIERS = [
     "Development Status :: 4 - Beta",
     "Intended Audience :: Developers",
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,6 +14,11 @@ Pending @@
     * Refactor: Removed redundant `--disable-workload-identity` flag. User can disable the workload identity feature by using `--enable-workload-identity False`.
+.5.74
+    ++++++
+    * Add command `aks trustedaccess role list`.
 .5.73
     ++++++
@@ Expand Down @@