Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

{AKS} [KMS]: Remove private keyvault kms tests #29965

Merged
merged 1 commit into from
Oct 8, 2024

Conversation

lzhecheng
Copy link
Contributor

@lzhecheng lzhecheng commented Sep 24, 2024

Related command

az aks create/update --enable-azure-keyvault-kms

Description

[KMS] Update tests. private keyvault + konnectivity is blocked now, so vnet integration should be used

Testing Guide

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature


This checklist is used to make sure that common guidelines for a pull request are followed.

Copy link

azure-client-tools-bot-prd bot commented Sep 24, 2024

️✔️AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️ams
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️apim
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️aro
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️backup
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️batch
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️billing
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️compute_recommender
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️config
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️configure
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️container
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️containerapp
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️dla
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️dls
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️dms
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️find
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️identity
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️keyvault
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️kusto
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️lab
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️maps
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️mysql
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️profile
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️redis
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️relay
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️role
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️search
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️security
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️sql
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️util
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.12
️✔️3.9

Copy link

azure-client-tools-bot-prd bot commented Sep 24, 2024

️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot AKS az aks/acs/openshift labels Sep 24, 2024
@lzhecheng lzhecheng force-pushed the kms-test-vnet-integration branch from d744728 to 7167515 Compare September 24, 2024 08:23
@lzhecheng lzhecheng changed the title [AKS][KMS] Breaking change: Update tests to set --enableVnetIntegration=true [AKS] [KMS] Breaking change: Update tests to set --enableVnetIntegration=true Sep 24, 2024
@FumingZhang
Copy link
Member

/azp run

Copy link

Commenter does not have sufficient privileges for PR 29965 in repo Azure/azure-cli

@lzhecheng lzhecheng force-pushed the kms-test-vnet-integration branch from 7167515 to 4dd25a1 Compare September 24, 2024 08:37
@yonzhan
Copy link
Collaborator

yonzhan commented Sep 24, 2024

AKS

Copy link
Member

@FumingZhang FumingZhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Queued live test to validate the change.

  • test_aks_create_with_azurekeyvaultkms_private_key_vault
  • test_aks_update_with_azurekeyvaultkms_private_key_vault
  • test_aks_create_with_azurekeyvaultkms_private_cluster_v1_private_key_vault

@FumingZhang
Copy link
Member

I would say this is not a breaking change to user as you've only modified tests. Also, the changes are invisible to users, you could change the beginning of the PR title to {AKS} (won't leave a note in the release history).

@lzhecheng lzhecheng force-pushed the kms-test-vnet-integration branch from 4dd25a1 to 4d8a7c1 Compare September 25, 2024 03:21
@lzhecheng lzhecheng changed the title [AKS] [KMS] Breaking change: Update tests to set --enableVnetIntegration=true [AKS] [KMS]: Update tests to set --enableVnetIntegration=true Sep 25, 2024
@lzhecheng lzhecheng changed the title [AKS] [KMS]: Update tests to set --enableVnetIntegration=true {AKS} [KMS]: Update tests to set --enableVnetIntegration=true Sep 25, 2024
@lzhecheng
Copy link
Contributor Author

I would say this is not a breaking change to user as you've only modified tests. Also, the changes are invisible to users, you could change the beginning of the PR title to {AKS} (won't leave a note in the release history).

Thank you! Updated.

'--assign-identity {identity_id} ' \
'--enable-azure-keyvault-kms --azure-keyvault-kms-key-id={key_id} ' \
'--azure-keyvault-kms-key-vault-network-access=Private --azure-keyvault-kms-key-vault-resource-id {kv_resource_id} ' \
'--enable-apiserver-vnet-integration=true ' \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an action option and does not accept a value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@lzhecheng lzhecheng force-pushed the kms-test-vnet-integration branch from 4d8a7c1 to b9b7443 Compare September 26, 2024 06:14
private keyvault + konnectivity is blocked now, so vnet integration
should be used.

Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>
@lzhecheng lzhecheng force-pushed the kms-test-vnet-integration branch from b9b7443 to ea96ee8 Compare September 26, 2024 07:07
@lzhecheng lzhecheng changed the title {AKS} [KMS]: Update tests to set --enableVnetIntegration=true {AKS} [KMS]: Remove private keyvault kms tests Sep 26, 2024
Copy link
Member

@FumingZhang FumingZhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lzhecheng
Copy link
Contributor Author

@zhoxing-ms @yanzhudd Could you please merge this one? Thanks.

@zhoxing-ms
Copy link
Contributor

May I ask why do you need to remove this test?

@FumingZhang
Copy link
Member

May I ask why do you need to remove this test?

The test case is no longer a valid scenario. To use private key vault with KMS enabled, user need to enable the preview feature vnet integration for the cluster. Since it is a preview feature, the official azure-cli does not support it yet. Therefore, the relevant test cases are retained in cli-extensions/aks-preview after being appropriately modified, but have been deleted here.

@zhoxing-ms zhoxing-ms merged commit d32bd7e into Azure:dev Oct 8, 2024
61 checks passed
@lzhecheng lzhecheng deleted the kms-test-vnet-integration branch October 29, 2024 02:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
AKS az aks/acs/openshift Auto-Assign Auto assign by bot
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants