forked from Azure/azure-cli-extensions
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add some more logging. Remove help text referring to --order-params.
- Loading branch information
Andy Churchard
committed
Jan 16, 2024
1 parent
49ba9bb
commit 7c36d2c
Showing
6 changed files
with
184 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,175 @@ | ||
| { | ||
| "$schema": "https://json-schema.org/draft-07/schema#", | ||
| "title": "SasDeployParametersSchema", | ||
| "type": "object", | ||
| "properties": { | ||
| "resourceBundleBlobContainerUrl": { | ||
| "type": "string", | ||
| "description": "URL of the SAS resource bundle Azure Blob Storage Container. SAS will attempt to fetch any missing resource bundles from this location." | ||
| }, | ||
| "aksVmCount": { | ||
| "type": "number", | ||
| "description": "Number of VMs to create in the AKS cluster. Always set this to be 1 greater than the dataSasCount." | ||
| }, | ||
| "dataRetentionDays": { | ||
| "type": "number", | ||
| "description": "The number of days to retain data for." | ||
| }, | ||
| "dataSasCount": { | ||
| "type": "number", | ||
| "description": "Number of Data SAS instances to create. This controls the number of `replicas` defined for the Data SAS StatefulSet. If this value is changed, the number of nodes for the AKS cluster also needs to be updated to equal one over the number of Data SASs." | ||
| }, | ||
| "dataSasStorageClass": { | ||
| "type": "string", | ||
| "description": "The name of the StorageClass to specify in the Persistent Volume Claim. See https://docs.microsoft.com/en-us/azure/aks/concepts-storage#storage-classes. Ignored if persistent storage is disabled." | ||
| }, | ||
| "disableRateLimiting": { | ||
| "type": "string", | ||
| "description": "Whether to disable the rate limiting which is applied to the SAS Web UI. Setting this to any value disables rate limiting - leave blank to enable rate limiting." | ||
| }, | ||
| "dnsZone": { | ||
| "type": "string", | ||
| "description": "The DNS Zone to be used by the SAS SI." | ||
| }, | ||
| "keyVaultName": { | ||
| "type": "string", | ||
| "description": "Name of Azure Key Vault to be read." | ||
| }, | ||
| "keyVaultTenantID": { | ||
| "type": "string", | ||
| "description": "Tenant ID containing key vault instance." | ||
| }, | ||
| "managedIdentityClientID": { | ||
| "type": "string", | ||
| "description": "Client ID of Managed Identity which is used by SAS for authentication when downloading Resource Bundles." | ||
| }, | ||
| "persistentStorage": { | ||
| "type": "boolean", | ||
| "description": "Whether to enable persistent storage. This should be set to true for production deployments. If set to false, then the SAS database will be created as a temporary volume that will be lost if the Data SAS pod is recreated." | ||
| }, | ||
| "releaseNamespace": { | ||
| "type": "string", | ||
| "description": "The namespaces the Kubernetes objects are to be deployed into." | ||
| }, | ||
| "sasAuthClientID": { | ||
| "type": "string", | ||
| "description": "Application (client) ID of the AAD App Registration." | ||
| }, | ||
| "sasDiscoveryLoadbalancerIP": { | ||
| "type": "string", | ||
| "description": "This IP must be chosen from within SAS_AKS_INFRA_SUBNET. It must not be any of the lowest three IP addresses, or the highest IP address, available in the subnet." | ||
| }, | ||
| "sasGuiAccessIP": { | ||
| "type": "string", | ||
| "description": "The IP address to assign to the Search service. This must be a unique IP address from the infra subnet." | ||
| }, | ||
| "sasInfraSubnet": { | ||
| "type": "string", | ||
| "description": "A subnet contained within the enclosing VNET address space. Each SAS SI must have a unique non-overlapping infra subnet." | ||
| }, | ||
| "sasSearchSrv": { | ||
| "type": "string", | ||
| "description": "Comma separated list of SRV record names that the Search SAS should use to identify Fram instances to query for a list of Data SAS instances." | ||
| }, | ||
| "sasReleaseName": { | ||
| "type": "string", | ||
| "description": "The name of the deployment." | ||
| }, | ||
| "sasStorageCapacity": { | ||
| "type": "string", | ||
| "description": "Capacity (size) to request for the Persistent Volume. The size should be specified as an integer with one of these SI suffixes (T,G,M,K) or their power-of-two equivalents (Ti,Gi,Mi,Ki). Refer to the SAS documentation for recommendations of the size to choose for your system: https://manuals.metaswitch.com/CrossProduct/latest/OpenStackDeploymentDesignGuide/Source/CrossProd/Concepts/SASDataStorageXDDG.html" | ||
| }, | ||
| "dataSasEncryption": { | ||
| "type": "object", | ||
| "description": "Block for configuring encryption of the VPED (data) interface and the inter SAS Search interface. The default configuration allows unencrypted connections. This is likely to change. To explicitly enable unencrypted connections (rather than relying on the defaulting) set `vped.source` to \"disabled\" and set `vped.allowUnencrypted` to true. The same is true for the inter SAS Search interface using `search.source` and `search.allowUnencrypted`. When using encryption, you must configure the certificates to use for encrypting these interfaces. More details can be found in the documentation of the `certificate.name` field.", | ||
| "properties": { | ||
| "search": { | ||
| "type": "object", | ||
| "description": "Block for configuring encryption of the inter SAS Search interface.", | ||
| "properties": { | ||
| "allowUnencrypted": { | ||
| "type": "boolean", | ||
| "description": "Set to 'false' to stop SAS from requesting/serving unencrypted searches." | ||
| }, | ||
| "certificate": { | ||
| "type": "object", | ||
| "description": "Block for configuring the source of certificates to use for encrypting inter SAS Search data.", | ||
| "properties": { | ||
| "name": { | ||
| "type": "string", | ||
| "description": "Meaning depends on the source in use. When the source is `keyvault`, this is the name of the keyvault containing the certificate.The certificate itself should be called: - `sas-search-secrets` When the source is `kubernetes` this is the name of the secret. The certificate chain, and private key should be keys in that secret with names: - `tls.crt` - `tls.key` This can be created using `kubectl create secret tls` or any other means of creating a certificate. In either case the certificate should be signed for your domain name as specified in `domainName`. Leave as an empty string if not using encryption." | ||
| }, | ||
| "source": { | ||
| "type": "string", | ||
| "description": "Where the certificates are stored. Options are Azure Keyvault `keyvault`, or Kubernetes Secret `kubernetes`. The strong recommendation is to use Azure Keyvault where possible. To disable encrypted connections set to `disabled`. You must also set `allowUnencrypted` to `true` in this case. Otherwise, SAS won't be able to receive inter SAS Search data as it is accepting neither encrypted nor nunencrypted connections." | ||
| }, | ||
| "trusted_domain": { | ||
| "type": "string", | ||
| "description": "The domain name of the SAS Search service. This is used to verify the certificate presented by the SAS Search service. Leave as an empty string if not using encryption. If not specified it will default to `domainName`." | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "vped": { | ||
| "type": "object", | ||
| "description": "Block for configuring encryption of the VPED (data) interface.", | ||
| "properties": { | ||
| "allowUnencrypted": { | ||
| "type": "boolean", | ||
| "description": "Set to 'false' to stop SAS from receiving unencrypted VPED (data) data." | ||
| }, | ||
| "certificate": { | ||
| "type": "object", | ||
| "description": "Block for configuring the source of certificates to use for encrypting VPED data.", | ||
| "properties": { | ||
| "name": { | ||
| "type": "string", | ||
| "description": "Meaning depends on the source in use. When the source is `keyvault`, this is the name of the keyvault containing the certificate. The certificate itself should be called: - `sas-vped-secrets` When the source is `kubernetes` this is the name of the secret. The certificate chain, and private key should be keys in that secret with names: - `tls.crt` - `tls.key` This can be created using `kubectl create secret tls` or any other means of creating a certificate. Leave as an empty string if not using encryption." | ||
| }, | ||
| "source": { | ||
| "type": "string", | ||
| "description": "Where the certificates are stored. Options are Azure Keyvault `keyvault`, or Kubernetes Secret `kubernetes`. The strong recommendation is to use Azure Keyvault where possible. To disable encrypted connections set to `disabled`. You must also set `allowUnencrypted` to `true` in this case. Otherwise, SAS won't be able to receive VPED data as it is accepting neither encrypted nor unencrypted connections." | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "searchSasEncryption": { | ||
| "type": "object", | ||
| "description": "Block for configuring encryption of the inter SAS Search interface. The default configuration allows unencrypted connections. This is likely to change. To explicitly enable unencrypted connections (rather than relying on the defaulting) set `search.source` to \"disabled\" and set `search.allowUnencrypted` to true. When using encryption, you must configure the certificates to use for encrypting these interfaces. More details can be found in the documentation of the `certificate.name` field.", | ||
| "properties": { | ||
| "search": { | ||
| "type": "object", | ||
| "description": "Block for configuring encryption of the inter SAS Search interface.", | ||
| "properties": { | ||
| "allowUnencrypted": { | ||
| "type": "boolean", | ||
| "description": "Set to 'false' to stop SAS from requesting/serving unencrypted searches." | ||
| }, | ||
| "certificate": { | ||
| "type": "object", | ||
| "description": "Block for configuring the source of certificates to use for encrypting inter SAS Search data.", | ||
| "properties": { | ||
| "name": { | ||
| "type": "string", | ||
| "description": "Meaning depends on the source in use. When the source is `keyvault`, this is the name of the keyvault containing the certificate. The certificate itself should be called: - `sas-search-secrets` When the source is `kubernetes` this is the name of the secret. The certificate chain, and private key should be keys in that secret with names: - `tls.crt` - `tls.key` This can be created using `kubectl create secret tls` or any other means of creating a certificate. In either case the certificate should be signed for your domain name as specified in `domainName`. Leave as an empty string if not using encryption." | ||
| }, | ||
| "source": { | ||
| "type": "string", | ||
| "description": "Where the certificates are stored. Options are Azure Keyvault `keyvault`, or Kubernetes Secret `kubernetes`. The strong recommendation is to use Azure Keyvault where possible. To disable encrypted connections set to `disabled`. You must also set `allowUnencrypted` to `true` in this case. Otherwise, SAS won't be able to receive inter SAS Search data as it is accepting neither encrypted nor unencrypted connections." | ||
| }, | ||
| "trusted_domain": { | ||
| "type": "string", | ||
| "description": "The domain name of the SAS Search service. This is used to verify the certificate presented by the SAS Search service. Leave as an empty string if not using encryption. If not specified it will default to `domainName`." | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |