feat!: Incremental changeset removal of CSI driver workflow.

.gitignore

@@ -331,4 +331,6 @@ coverage.json
 .tox/
 
 # test results / junit
-junit/
+junit/
+
+pyrightconfiguration.json

azext_edge/edge/_help.py

@@ -403,40 +403,6 @@ def load_iotops_help():
                       Pre-creating an app registration is useful when the logged-in principal has constrained
                       Entra Id permissions. For example in CI/automation scenarios, or an orgs separation of user
                       responsibility.
-
-        examples:
-        - name: Minimum input for complete setup. This includes Key Vault configuration, CSI driver deployment, TLS config and deployment of IoT Operations.
-          text: >
-            az iot ops init --cluster mycluster -g myresourcegroup --kv-id /subscriptions/2cb3a427-1abc-48d0-9d03-dd240819742a/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeyvault
-
-        - name: Same setup as prior example, except with the usage of an existing app Id and a flag to include a simulated PLC server as part of the deployment.
-                Including the app Id will prevent init from creating an app registration.
-          text: >
-            az iot ops init --cluster mycluster -g myresourcegroup --kv-id $KEYVAULT_ID --sp-app-id a14e216b-6802-4e9c-a6ac-844f9ffd230d --simulate-plc
-
-        - name: To skip deployment and focus only on the Key Vault CSI driver and TLS config workflows simple pass in --no-deploy.
-                This can be useful when desiring to deploy from a different tool such as Portal.
-          text: >
-            az iot ops init --cluster mycluster -g myresourcegroup --kv-id $KEYVAULT_ID --sp-app-id a14e216b-6802-4e9c-a6ac-844f9ffd230d --no-deploy
-
-        - name: To only deploy IoT Operations on a cluster that has already been prepped, simply omit --kv-id and include --no-tls.
-          text: >
-            az iot ops init --cluster mycluster -g myresourcegroup --no-tls
-
-        - name: Use --no-block to do other work while the deployment is on-going vs waiting for the deployment to finish before starting the other work.
-          text: >
-            az iot ops init --cluster mycluster -g myresourcegroup --kv-id $KEYVAULT_ID --sp-app-id a14e216b-6802-4e9c-a6ac-844f9ffd230d --no-block
-
-        - name: This example shows providing values for --sp-app-id, --sp-object-id and --sp-secret. These values should reflect the desired service principal
-                that will be used for the Key Vault CSI driver secret synchronization. Please review the command summary for additional details.
-          text: >
-            az iot ops init --cluster mycluster -g myresourcegroup --kv-id $KEYVAULT_ID --sp-app-id a14e216b-6802-4e9c-a6ac-844f9ffd230d
-            --sp-object-id 224a7a3f-c63d-4923-8950-c4a85f0d2f29 --sp-secret $SP_SECRET
-
-        - name: To customize runtime configuration of the Key Vault CSI driver, --csi-config can be used. For example setting resource limits on the telegraf container dependency.
-          text: >
-            az iot ops init --cluster mycluster -g myresourcegroup --kv-id $KEYVAULT_ID --sp-app-id a14e216b-6802-4e9c-a6ac-844f9ffd230d
-            --csi-config telegraf.resources.limits.memory=500Mi telegraf.resources.limits.cpu=100m
     """
 
     helps[

azext_edge/edge/commands_edge.py

@@ -17,9 +17,7 @@
 from .providers.check.common import ResourceOutputDetailLevel
 from .providers.edge_api.orc import ORC_API_V1
 from .providers.orchestration.common import (
-    DEFAULT_SERVICE_PRINCIPAL_SECRET_DAYS,
     DEFAULT_X509_CA_VALID_DAYS,
-    KEYVAULT_ARC_EXTENSION_VERSION,
     KubernetesDistroType,
     MqMemoryProfile,
     MqServiceType,
@@ -102,7 +100,6 @@ def init(
     instance_name: Optional[str] = None,
     instance_description: Optional[str] = None,
     cluster_namespace: str = DEFAULT_NAMESPACE,
-    keyvault_spc_secret_name: str = DEFAULT_NAMESPACE,
     custom_location_name: Optional[str] = None,
     location: Optional[str] = None,
     show_template: Optional[bool] = None,
@@ -125,15 +122,8 @@ def init(
     mq_broker_config_file: Optional[str] = None,
     mq_insecure: Optional[bool] = None,
     dataflow_profile_instances: int = 1,
-    disable_secret_rotation: Optional[bool] = None,
-    rotation_poll_interval: str = "1h",
-    csi_driver_version: str = KEYVAULT_ARC_EXTENSION_VERSION,
-    csi_driver_config: Optional[List[str]] = None,
-    service_principal_app_id: Optional[str] = None,
-    service_principal_object_id: Optional[str] = None,
-    service_principal_secret: Optional[str] = None,
-    service_principal_secret_valid_days: int = DEFAULT_SERVICE_PRINCIPAL_SECRET_DAYS,
-    keyvault_resource_id: Optional[str] = None,
+    # TODO - @digimaun csi_driver_config: Optional[List[str]] = None,
+    keyvault_resource_id: Optional[str] = None,  # TODO - @digimaun
     tls_ca_path: Optional[str] = None,
     tls_ca_key_path: Optional[str] = None,
     tls_ca_dir: Optional[str] = None,
@@ -144,11 +134,12 @@ def init(
     disable_rsync_rules: Optional[bool] = None,
     context_name: Optional[str] = None,
     ensure_latest: Optional[bool] = None,
+    **kwargs,
 ) -> Union[Dict[str, Any], None]:
     from .common import INIT_NO_PREFLIGHT_ENV_KEY
     from .providers.orchestration import deploy
     from .util import (
-        assemble_nargs_to_dict,
+        # assemble_nargs_to_dict,
         is_env_flag_enabled,
         read_file_content,
         url_safe_random_chars,
@@ -184,9 +175,6 @@ def init(
         if not exists(tls_ca_key_path):
             raise InvalidArgumentValueError("Provided CA private key file does not exist.")
 
-    if csi_driver_config:
-        csi_driver_config = assemble_nargs_to_dict(csi_driver_config)
-
     # TODO - @digimaun
     mq_broker_config = None
     if mq_broker_config_file:
@@ -227,20 +215,12 @@ def init(
         mq_insecure=mq_insecure,
         dataflow_profile_instances=int(dataflow_profile_instances),
         keyvault_resource_id=keyvault_resource_id,
-        keyvault_spc_secret_name=str(keyvault_spc_secret_name),
-        disable_secret_rotation=disable_secret_rotation,
-        rotation_poll_interval=str(rotation_poll_interval),
-        csi_driver_version=str(csi_driver_version),
-        csi_driver_config=csi_driver_config,
-        service_principal_app_id=service_principal_app_id,
-        service_principal_object_id=service_principal_object_id,
-        service_principal_secret=service_principal_secret,
-        service_principal_secret_valid_days=int(service_principal_secret_valid_days),
         tls_ca_path=tls_ca_path,
         tls_ca_key_path=tls_ca_key_path,
         tls_ca_dir=tls_ca_dir,
         tls_ca_valid_days=int(tls_ca_valid_days),
         template_path=template_path,
+        **kwargs,
     )
 
 

azext_edge/edge/params.py

@@ -80,7 +80,7 @@ def load_iotops_arguments(self, _):
             options_list=["--tags"],
             arg_type=tags_type,
             help="Instance tags. Property bag in key-value pairs with the following format: a=b c=d. "
-            "Use --tags \"\" to remove all tags.",
+            'Use --tags "" to remove all tags.',
         )
         context.argument(
             "instance_description",
@@ -514,81 +514,29 @@ def load_iotops_arguments(self, _):
         # AKV CSI Driver
         context.argument(
             "keyvault_resource_id",
-            options_list=["--kv-id"],
+            options_list=[
+                "--kv-resource-id",
+                context.deprecate(
+                    target="--kv-id",
+                    redirect="--kv-resource-id",
+                    hide=True,
+                ),
+            ],
             help="Key Vault ARM resource Id. Providing this resource Id will enable the client "
             "to setup all necessary resources and cluster side configuration to enable "
             "the Key Vault CSI driver for IoT Operations.",
             arg_group="Key Vault CSI Driver",
         )
-        context.argument(
-            "keyvault_spc_secret_name",
-            options_list=["--kv-spc-secret-name"],
-            help="The Key Vault secret **name** to use as the default SPC secret. "
-            "If the secret does not exist, it will be created with a cryptographically secure placeholder value.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "disable_secret_rotation",
-            options_list=["--disable-rotation"],
-            arg_type=get_three_state_flag(),
-            help="Flag to disable secret rotation.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "rotation_poll_interval",
-            options_list=["--rotation-int"],
-            help="Rotation poll interval.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "csi_driver_version",
-            options_list=["--csi-ver"],
-            help="CSI driver extension version.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "csi_driver_config",
-            options_list=["--csi-config"],
-            nargs="+",
-            action="extend",
-            help="CSI driver extension custom configuration. Format is space-separated key=value pairs. "
-            "--csi-config can be used one or more times.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "service_principal_app_id",
-            options_list=["--sp-app-id"],
-            help="Service principal app Id. If provided will be used for CSI driver setup. "
-            "Otherwise an app registration will be created. "
-            "**Required** if the logged in principal does not have permissions to query graph.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "service_principal_object_id",
-            options_list=["--sp-object-id"],
-            help="Service principal (sp) object Id. If provided will be used for CSI driver setup. "
-            "Otherwise the object Id will be queried from the app Id - creating the sp if one does not exist. "
-            "**Required** if the logged in principal does not have permissions to query graph. "
-            "Use `az ad sp show --id <app Id> --query id -o tsv` to produce the proper object Id. "
-            "Alternatively using Portal you can navigate to Enterprise Applications in your Entra Id tenant.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "service_principal_secret",
-            options_list=["--sp-secret"],
-            help="The secret corresponding to the provided service principal app Id. "
-            "If provided will be used for CSI driver setup. Otherwise a new secret will be created. "
-            "**Required** if the logged in principal does not have permissions to query graph.",
-            arg_group="Key Vault CSI Driver",
-        )
-        context.argument(
-            "service_principal_secret_valid_days",
-            options_list=["--sp-secret-valid-days"],
-            help="Option to control the duration in days of the init generated service principal secret. "
-            "Applicable if --sp-secret is not provided.",
-            arg_group="Key Vault CSI Driver",
-            type=int,
-        )
+        # TODO - @digimaun - still applicable
+        # context.argument(
+        #     "csi_driver_config",
+        #     options_list=["--csi-config"],
+        #     nargs="+",
+        #     action="extend",
+        #     help="CSI driver extension custom configuration. Format is space-separated key=value pairs. "
+        #     "--csi-config can be used one or more times.",
+        #     arg_group="Key Vault CSI Driver",
+        # )
         # TLS
         context.argument(
             "tls_ca_path",
@@ -1122,7 +1070,7 @@ def load_iotops_arguments(self, _):
             options_list=["--tags"],
             arg_type=tags_type,
             help="Schema registry tags. Property bag in key-value pairs with the following format: a=b c=d. "
-            "Use --tags \"\" to remove all tags.",
+            'Use --tags "" to remove all tags.',
         )
         context.argument(
             "description",