Merge branch 'main' into fix-upload-fragment

Author: DomAyre

src/connectedk8s/HISTORY.rst

@@ -2,6 +2,13 @@
 
 Release History
 ===============
+1.11.0
++++++
+* [Breaking Change] Removed deprecated '--app-id' and '--app-secret' RBAC parameters from the extension.
+* Update cluster diagnostics image to comply with Pod Security Standards-Restricted level( Updated image version:1.31.2).
+* Add endpoint overrides for Azure Government cloud environments
+* Update Proxy Image to 1.3.032281
+
 1.10.11
 +++++++
 * Removed hardcoded public ARM endpoint URL for Government clouds.

src/connectedk8s/azext_connectedk8s/_breaking_change.py

@@ -418,7 +418,7 @@
 
 # Connect Precheck Diagnoser constants
 Cluster_Diagnostic_Checks_Job_Registry_Path = (
-    "azurearck8s/helmchart/stable/clusterdiagnosticchecks:1.29.3"
+    "azurearck8s/helmchart/stable/clusterdiagnosticchecks:1.31.2"
 )
 Cluster_Diagnostic_Checks_Helm_Install_Failed_Fault_Type = (
     "Error while installing cluster diagnostic checks helm release"
@@ -476,7 +476,7 @@
 )
 DNS_Check_Result_String = "DNS Result:"
 AZ_CLI_ADAL_TO_MSAL_MIGRATE_VERSION = "2.30.0"
-CLIENT_PROXY_VERSION = "1.3.029301"
+CLIENT_PROXY_VERSION = "1.3.032281"
 CLIENT_PROXY_FOLDER = ".clientproxy"
 API_SERVER_PORT = 47011
 CLIENT_PROXY_PORT = 47010

src/connectedk8s/azext_connectedk8s/_constants.py

@@ -440,20 +440,6 @@ def load_arguments(self: Connectedk8sCommandsLoader, _: CLICommand) -> None:
             options_list=["--features"],
             help="Space-separated list of features you want to enable.",
         )
-        c.argument(
-            "azrbac_client_id",
-            options_list=["--app-id"],
-            arg_group="Azure RBAC",
-            help="Application ID for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
-        c.argument(
-            "azrbac_client_secret",
-            options_list=["--app-secret"],
-            arg_group="Azure RBAC",
-            help="Application secret for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
         c.argument(
             "azrbac_skip_authz_check",
             options_list=["--skip-azure-rbac-list"],

src/connectedk8s/azext_connectedk8s/_params.py

@@ -1315,6 +1315,7 @@ def helm_install_release(
     ]
 
     # Special configurations from 2022-09-01 ARM metadata.
+    # "dataplaneEndpoints" property does not appear in arm_metadata structure for public and AGC clouds.
     if "dataplaneEndpoints" in arm_metadata:
         if "arcConfigEndpoint" in arm_metadata["dataplaneEndpoints"]:
             notification_endpoint = arm_metadata["dataplaneEndpoints"][
@@ -1364,6 +1365,10 @@ def helm_install_release(
                 "'arcConfigEndpoint' doesn't exist under 'dataplaneEndpoints' in the ARM metadata."
             )
 
+    # Add overrides for AGC Scenario
+    if cloud_name.lower() == "ussec" or cloud_name.lower() == "usnat":
+        add_agc_endpoint_overrides(location, cloud_name, arm_metadata, cmd_helm_install)
+
     # Add helmValues content response from DP
     cmd_helm_install = parse_helm_values(helm_content_values, cmd_helm=cmd_helm_install)
 
@@ -1839,3 +1844,51 @@ def helm_update_agent(
     logger.info(str.format(consts.Update_Agent_Success, cluster_name))
     with contextlib.suppress(OSError):
         os.remove(user_values_location)
+
+
+def add_agc_endpoint_overrides(
+    location: str,
+    cloud_name: str,
+    arm_metadata: dict[str, Any],
+    cmd_helm_install: list[str],
+) -> None:
+    logger.debug("Adding AGC scenario overrides.")
+
+    arm_metadata_endpoint_array = (
+        arm_metadata["authentication"]["loginEndpoint"].strip("/").split(".")
+    )
+    if len(arm_metadata_endpoint_array) < 4:
+        raise CLIInternalError("Unexpected loginEndpoint format for AGC")
+
+    cloud_suffix = arm_metadata_endpoint_array[3]
+    endpoint_suffix = (
+        arm_metadata_endpoint_array[2] + "." + arm_metadata_endpoint_array[3]
+    )
+    if cloud_name.lower() == "usnat":
+        cloud_suffix = (
+            arm_metadata_endpoint_array[2]
+            + "."
+            + arm_metadata_endpoint_array[3]
+            + "."
+            + arm_metadata_endpoint_array[4]
+        )
+        endpoint_suffix = cloud_suffix
+
+    cmd_helm_install.extend(
+        [
+            "--set",
+            f"global.microsoftArtifactRepository=mcr.microsoft.{cloud_suffix}",
+            "--set",
+            f"systemDefaultValues.activeDirectoryEndpoint=https://login.microsoftonline.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.azureArcAgents.config_dp_endpoint_override=https://{location}.dp.kubernetesconfiguration.azure.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusterconnect-agent.notification_dp_endpoint_override=https://guestnotificationservice.azure.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusterconnect-agent.relay_endpoint_suffix_override=.servicebus.cloudapi.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusteridentityoperator.his_endpoint_override=https://gbl.his.arc.azure.{endpoint_suffix}/discovery?location={location}&api-version=1.1-preview",
+            "--set",
+            f"systemDefaultValues.image.repository=mcr.microsoft.{cloud_suffix}",
+        ]
+    )

src/connectedk8s/azext_connectedk8s/_utils.py

@@ -2975,8 +2975,6 @@ def enable_features(
     features: list[str],
     kube_config: str | None = None,
     kube_context: str | None = None,
-    azrbac_client_id: str | None = None,
-    azrbac_client_secret: str | None = None,
     azrbac_skip_authz_check: str | None = None,
     skip_ssl_verification: bool = False,
     cl_oid: str | None = None,

src/connectedk8s/azext_connectedk8s/custom.py

@@ -13,7 +13,7 @@
 # TODO: Confirm this is the right version number you want and it matches your
 # HISTORY.rst entry.
 
-VERSION = "1.10.11"
+VERSION = "1.11.0"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers

src/connectedk8s/setup.py

@@ -4,6 +4,8 @@ Release History
 ===============
 upcoming
 ++++++
+* 'az containerapp function invocations': Update application insights query 
+* 'az containerapp function keys': Update minimum replica check 
 
 1.3.0b1
 ++++++

src/containerapp/HISTORY.rst

@@ -835,6 +835,17 @@ def create_acrpull_role_assignment_if_needed(cmd, registry_server, registry_iden
                     time.sleep(5)
 
 
+def get_min_replicas_from_revision(cmd, resource_group_name, container_app_name, revision_name):
+    revision_def = ContainerAppClient.show_revision(
+        cmd=cmd,
+        resource_group_name=resource_group_name,
+        container_app_name=container_app_name,
+        name=revision_name
+    )
+    min_replicas = safe_get(revision_def, "properties", "template", "scale", "minReplicas", default=None)
+    return min_replicas
+
+
 def get_random_replica(cmd, resource_group_name, container_app_name, revision_name):
     logger.debug(f"Getting random replica for container app: name='{container_app_name}', resource_group='{resource_group_name}', revision='{revision_name}'")
 
@@ -851,6 +862,18 @@ def get_random_replica(cmd, resource_group_name, container_app_name, revision_na
 
     if not replicas:
         logger.debug(f"No replicas found for revision '{revision_name}' - unable to proceed")
+        logger.debug(f"checking min replica count for revision='{revision_name}'")
+
+        min_replicas = get_min_replicas_from_revision(
+            cmd,
+            resource_group_name,
+            container_app_name,
+            revision_name
+        )
+        if min_replicas is None or min_replicas == 0:
+            logger.debug(f"The revision '{revision_name}' has minReplicas set to 0.")
+            raise CLIError(f"The revision '{revision_name}' has minReplicas set to 0. Ensure that there is at least one replica. To update minimum replica: Run 'az containerapp update --name {container_app_name} --resource-group {resource_group_name} --min-replica 1'")
+
         raise CLIError(f"No replicas found for revision '{revision_name}' of container app '{container_app_name}'.")
 
     # Filter replicas by running state

src/containerapp/azext_containerapp/_utils.py

@@ -318,7 +318,7 @@ def validate_revision_and_get_name(cmd, resource_group_name, container_app_name,
         if not provided_revision_name:
             logger.debug("No revision name provided for multiple revision mode container app")
             raise ValidationError("Revision name is required when active revision mode is not 'single'.")
-        return provided_revision_name
+        return provided_revision_name, active_revision_mode
     if not provided_revision_name:
         logger.debug("No revision name provided - attempting to determine latest revision")
         revision_name = safe_get(containerapp_def, "properties", "latestRevisionName")
@@ -331,9 +331,9 @@ def validate_revision_and_get_name(cmd, resource_group_name, container_app_name,
         if not revision_name or revision_name is None:
             logger.debug("Could not determine any revision name from container app properties")
             raise ValidationError("Could not determine the latest revision name. Please provide --revision.")
-        return revision_name
+        return revision_name, active_revision_mode
     logger.debug("Using provided revision name: '%s'", provided_revision_name)
-    return provided_revision_name
+    return provided_revision_name, active_revision_mode
 
 
 def validate_functionapp_kind(cmd, resource_group_name, container_app_name):