bump k8s-extension version to 1.3.1

.github/CODEOWNERS

@@ -240,4 +240,6 @@
 
 /src/change-analysis/ @linglingtong
 
+/src/orbital/ @thisisdevanshu
+
 /src/fluid-relay/ @kairu-ms @necusjz @ZengTaoxu

src/aks-preview/HISTORY.rst

@@ -11,6 +11,12 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
+*  [BREAKING CHANGE] Since the service no longer supports updating source resource id for role binding, so remove --source-resource-id of `aks trustedaccess rolebinding update` command
+
+0.5.93
+++++++
+
+* Fix for "'Namespace' object has no attribute 'nodepool_name' error" in command `az aks nodepool wait`, see issue `\#23468 <https://github.com/Azure/azure-cli/issues/23468>`_.
 
 0.5.92
 ++++++

src/aks-preview/azext_aks_preview/_help.py

@@ -956,15 +956,15 @@
     examples:
         - name: Add a maintenance configuration with --weekday and --start-hour.
           text: |
-            az aks maintenanceconfiguration add -g xiazhan-mtc-stg --cluster-name test1 -n default --weekday Monday  --start-hour 1
+            az aks maintenanceconfiguration add -g MyResourceGroup --cluster-name test1 -n default --weekday Monday  --start-hour 1
               The maintenance is allowed on Monday 1:00am to 2:00am
-        - name: Add a maintenance configuration with --weekday.The maintenance is allowd on any time of that day.
+        - name: Add a maintenance configuration with --weekday. The maintenance is allowd on any time of that day.
           text: |
-            az aks maintenanceconfiguration add -g xiazhan-mtc-stg --cluster-name test1 -n default --weekday Monday
+            az aks maintenanceconfiguration add -g MyResourceGroup --cluster-name test1 -n default --weekday Monday
               The maintenance is allowed on Monday.
         - name: Add a maintenance configuration with maintenance configuration json file
           text: |
-            az aks maintenanceconfiguration add -g xiazhan-mtc-stg --cluster-name test1 -n default --config-file ./test.json
+            az aks maintenanceconfiguration add -g MyResourceGroup --cluster-name test1 -n default --config-file ./test.json
                 The content of json file looks below. It means the maintenance is allowed on UTC time Tuesday 1:00am - 3:00 am and Wednesday 1:00am - 2:00am, 6:00am-7:00am
                 No maintenance is allowed from 2020-11-26T03:00:00Z to 2020-11-30T12:00:00Z and from 2020-12-26T03:00:00Z to 2020-12-26T12:00:00Z even if they are allowed in the above weekly setting
                 {
@@ -1013,15 +1013,15 @@
     examples:
         - name: Update a maintenance configuration with --weekday and --start-hour.
           text: |
-            az aks maintenanceconfiguration update -g xiazhan-mtc-stg --cluster-name test1 -n default --weekday Monday  --start-hour 1
+            az aks maintenanceconfiguration update -g MyResourceGroup --cluster-name test1 -n default --weekday Monday  --start-hour 1
               The maintenance is allowed on Monday 1:00am to 2:00am
         - name: Update a maintenance configuration with --weekday.The maintenance is allowd on any time of that day.
           text: |
-            az aks maintenanceconfiguration update -g xiazhan-mtc-stg --cluster-name test1 -n default --weekday Monday
+            az aks maintenanceconfiguration update -g MyResourceGroup --cluster-name test1 -n default --weekday Monday
               The maintenance is allowed on Monday.
         - name: Update a maintenance configuration with maintenance configuration json file
           text: |
-            az aks maintenanceconfiguration update -g xiazhan-mtc-stg --cluster-name test1 -n default --config-file ./test.json
+            az aks maintenanceconfiguration update -g MyResourceGroup --cluster-name test1 -n default --config-file ./test.json
                 The content of json file looks below. It means the maintenance is allowed on UTC time Tuesday 1:00am - 3:00 am and Wednesday 1:00am - 2:00am, 6:00am-7:00am
                 No maintenance is allowed from 2020-11-26T03:00:00Z to 2020-11-30T12:00:00Z and from 2020-12-26T03:00:00Z to 2020-12-26T12:00:00Z even if they are allowed in the above weekly setting
                 {
@@ -1850,9 +1850,6 @@
         - name: --roles
           type: string
           short-summary: Specify the space-separated roles.
-        - name: --source-resource-id -s
-          type: string
-          short-summary: Specify the source resource id of the binding.
 """
 
 helps['aks trustedaccess rolebinding delete'] = """

src/aks-preview/azext_aks_preview/_params.py

@@ -75,6 +75,7 @@
     validate_acr,
     validate_addon,
     validate_addons,
+    validate_agent_pool_name,
     validate_apiserver_subnet_id,
     validate_assign_identity,
     validate_assign_kubelet_identity,
@@ -423,6 +424,8 @@ def load_arguments(self, _):
 
     with self.argument_context('aks nodepool') as c:
         c.argument('cluster_name', help='The cluster name.')
+        # the following argument is declared for the wait command
+        c.argument('agent_pool_name', options_list=['--nodepool-name', '--agent-pool-name'], validator=validate_agent_pool_name, help='The node pool name.')
 
     for sub_command in ['add', 'update', 'upgrade', 'scale', 'show', 'list', 'delete']:
         with self.argument_context('aks nodepool ' + sub_command) as c:
@@ -699,12 +702,12 @@ def load_arguments(self, _):
             c.argument('role_binding_name', options_list=[
                        '--name', '-n'], required=True, help='The role binding name.')
 
-    for scope in ['aks trustedaccess rolebinding create', 'aks trustedaccess rolebinding update']:
-        with self.argument_context(scope) as c:
-            c.argument('roles', nargs='*',
-                       help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...')
-            c.argument('source_resource_id', options_list=['--source-resource-id', '-s'],
-                       help='The source resource id of the binding')
+    with self.argument_context('aks trustedaccess rolebinding create') as c:
+        c.argument('roles', nargs='*', help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...')
+        c.argument('source_resource_id', options_list=['--source-resource-id', '-s'], help='The source resource id of the binding')
+
+    with self.argument_context('aks trustedaccess rolebinding update') as c:
+        c.argument('roles', nargs='*', help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...')
 
 
 def _get_default_install_location(exe_name):

src/aks-preview/azext_aks_preview/_validators.py

@@ -138,14 +138,23 @@ def validate_ip_ranges(namespace):
                 "--api-server-authorized-ip-ranges should be a list of IPv4 addresses or CIDRs")
 
 
+def _validate_nodepool_name(nodepool_name):
+    """Validates a nodepool name to be at most 12 characters, alphanumeric only."""
+    if nodepool_name != "":
+        if len(nodepool_name) > 12:
+            raise InvalidArgumentValueError('--nodepool-name can contain at most 12 characters')
+        if not nodepool_name.isalnum():
+            raise InvalidArgumentValueError('--nodepool-name should contain only alphanumeric characters')
+
+
 def validate_nodepool_name(namespace):
     """Validates a nodepool name to be at most 12 characters, alphanumeric only."""
-    if namespace.nodepool_name != "":
-        if len(namespace.nodepool_name) > 12:
-            raise CLIError('--nodepool-name can contain atmost 12 characters')
-        if not namespace.nodepool_name.isalnum():
-            raise CLIError(
-                '--nodepool-name should only contain alphanumeric characters')
+    _validate_nodepool_name(namespace.nodepool_name)
+
+
+def validate_agent_pool_name(namespace):
+    """Validates a nodepool name to be at most 12 characters, alphanumeric only."""
+    _validate_nodepool_name(namespace.agent_pool_name)
 
 
 def validate_vm_set_type(namespace):

src/aks-preview/azext_aks_preview/commands.py

@@ -199,6 +199,6 @@ def load_command_table(self, _):
     with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g:
         g.custom_command('list', 'aks_trustedaccess_role_binding_list')
         g.custom_show_command('show', 'aks_trustedaccess_role_binding_get')
-        g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update')
-        g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update')
+        g.custom_command('create', 'aks_trustedaccess_role_binding_create')
+        g.custom_command('update', 'aks_trustedaccess_role_binding_update')
         g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', confirmation=True)

src/aks-preview/azext_aks_preview/custom.py

@@ -2218,8 +2218,8 @@ def aks_trustedaccess_role_binding_get(cmd, client, resource_group_name, cluster
     return client.get(resource_group_name, cluster_name, role_binding_name)
 
 
-def aks_trustedaccess_role_binding_create_or_update(cmd, client, resource_group_name, cluster_name, role_binding_name,
-                                                    source_resource_id, roles):
+def aks_trustedaccess_role_binding_create(cmd, client, resource_group_name, cluster_name, role_binding_name,
+                                          source_resource_id, roles):
     TrustedAccessRoleBinding = cmd.get_models(
         "TrustedAccessRoleBinding",
         resource_type=CUSTOM_MGMT_AKS_PREVIEW,
@@ -2229,5 +2229,17 @@ def aks_trustedaccess_role_binding_create_or_update(cmd, client, resource_group_
     return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)
 
 
+def aks_trustedaccess_role_binding_update(cmd, client, resource_group_name, cluster_name, role_binding_name, roles):
+    TrustedAccessRoleBinding = cmd.get_models(
+        "TrustedAccessRoleBinding",
+        resource_type=CUSTOM_MGMT_AKS_PREVIEW,
+        operation_group="trusted_access_role_bindings",
+    )
+    existedBinding = client.get(resource_group_name, cluster_name, role_binding_name)
+
+    roleBinding = TrustedAccessRoleBinding(source_resource_id=existedBinding.source_resource_id, roles=roles)
+    return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)
+
+
 def aks_trustedaccess_role_binding_delete(cmd, client, resource_group_name, cluster_name, role_binding_name):
     return client.delete(resource_group_name, cluster_name, role_binding_name)

src/aks-preview/azext_aks_preview/tests/latest/test_validators.py

@@ -3,6 +3,8 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 import unittest
+from types import SimpleNamespace
+
 from azure.cli.core.util import CLIError
 from azure.cli.core.azclierror import InvalidArgumentValueError
 import azext_aks_preview._validators as validators
@@ -408,5 +410,71 @@ def test_valid_azure_keyvault_kms_key_vault_resource_id(self):
         validators.validate_azure_keyvault_kms_key_vault_resource_id(namespace)
 
 
+class TestValidateNodepoolName(unittest.TestCase):
+    def test_invalid_nodepool_name_too_long(self):
+        namespace = SimpleNamespace(
+            **{
+                "nodepool_name": "tooLongNodepoolName",
+            }
+        )
+        with self.assertRaises(InvalidArgumentValueError):
+            validators.validate_nodepool_name(
+                namespace
+            )
+
+    def test_invalid_agent_pool_name_too_long(self):
+        namespace = SimpleNamespace(
+            **{
+                "agent_pool_name": "tooLongNodepoolName",
+            }
+        )
+        with self.assertRaises(InvalidArgumentValueError):
+            validators.validate_agent_pool_name(
+                namespace
+            )
+
+    def test_invalid_nodepool_name_not_alnum(self):
+        namespace = SimpleNamespace(
+            **{
+                "nodepool_name": "invalid-np*",
+            }
+        )
+        with self.assertRaises(InvalidArgumentValueError):
+            validators.validate_nodepool_name(
+                namespace
+            )
+
+    def test_invalid_agent_pool_name_not_alnum(self):
+        namespace = SimpleNamespace(
+            **{
+                "agent_pool_name": "invalid-np*",
+            }
+        )
+        with self.assertRaises(InvalidArgumentValueError):
+            validators.validate_agent_pool_name(
+                namespace
+            )
+
+    def test_valid_nodepool_name(self):
+        namespace = SimpleNamespace(
+            **{
+                "nodepool_name": "np100",
+            }
+        )
+        validators.validate_nodepool_name(
+            namespace
+        )
+
+    def test_valid_agent_pool_name(self):
+        namespace = SimpleNamespace(
+            **{
+                "agent_pool_name": "np100",
+            }
+        )
+        validators.validate_agent_pool_name(
+            namespace
+        )
+
+
 if __name__ == "__main__":
     unittest.main()

src/aks-preview/setup.py

@@ -9,7 +9,7 @@
 
 from setuptools import setup, find_packages
 
-VERSION = "0.5.92"
+VERSION = "0.5.93"
 CLASSIFIERS = [
     "Development Status :: 4 - Beta",
     "Intended Audience :: Developers",

src/azure-firewall/HISTORY.rst

@@ -2,6 +2,10 @@
 
 Release History
 ===============
+0.14.2
+++++++
+* `az network firewall create/update`: add parameter `--fat-flow-logging`
+
 0.14.1
 ++++++
 * `az network firewall policy`: add parameter `sql`

src/azure-firewall/azext_firewall/_params.py

@@ -65,6 +65,8 @@ def load_arguments(self, _):
         c.argument('threat_intel_mode', arg_type=get_enum_type(['Alert', 'Deny', 'Off']), help='The operation mode for Threat Intelligence.')
         c.argument('allow_active_ftp', arg_type=get_three_state_flag(),
                    help="Allow Active FTP. By default it is false. It's only allowed for azure firewall on virtual network.")
+        c.argument('enable_fat_flow_logging', options_list=['--fat-flow-logging'], arg_type=get_three_state_flag(),
+                   help="Identify fat flows. By default it is false.")
 
     with self.argument_context('network firewall', arg_group='Virtual Hub Public Ip') as c:
         c.argument('hub_public_ip_count', options_list=['--public-ip-count', '--count'], type=int,

src/azure-firewall/azext_firewall/custom.py

@@ -68,7 +68,8 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
                           tags=None, zones=None, private_ranges=None, firewall_policy=None,
                           virtual_hub=None, sku=None,
                           dns_servers=None, enable_dns_proxy=None,
-                          threat_intel_mode=None, hub_public_ip_count=None, allow_active_ftp=None, tier=None):
+                          threat_intel_mode=None, hub_public_ip_count=None, allow_active_ftp=None, tier=None,
+                          enable_fat_flow_logging=False):
     if firewall_policy and any([enable_dns_proxy, dns_servers]):
         raise CLIError('usage error: firewall policy and dns settings cannot co-exist.')
     if sku and sku.lower() == 'azfw_hub' and not all([virtual_hub, hub_public_ip_count]):
@@ -118,6 +119,11 @@ def create_azure_firewall(cmd, resource_group_name, azure_firewall_name, locatio
             firewall.additional_properties = {}
         firewall.additional_properties['Network.FTP.AllowActiveFTP'] = "true"
 
+    if enable_fat_flow_logging:
+        if firewall.additional_properties is None:
+            firewall.additional_properties = {}
+        firewall.additional_properties['Network.AdditionalLogs.EnableFatFlowLogging'] = "true"
+
     return client.begin_create_or_update(resource_group_name, azure_firewall_name, firewall)
 
 
@@ -126,7 +132,7 @@ def update_azure_firewall(cmd, instance, tags=None, zones=None, private_ranges=N
                           firewall_policy=None, virtual_hub=None,
                           dns_servers=None, enable_dns_proxy=None,
                           threat_intel_mode=None, hub_public_ip_addresses=None,
-                          hub_public_ip_count=None, allow_active_ftp=None):
+                          hub_public_ip_count=None, allow_active_ftp=None, enable_fat_flow_logging=None):
     if firewall_policy and any([enable_dns_proxy, dns_servers]):
         raise CLIError('usage error: firewall policy and dns settings cannot co-exist.')
     if all([hub_public_ip_addresses, hub_public_ip_count]):
@@ -194,6 +200,14 @@ def update_azure_firewall(cmd, instance, tags=None, zones=None, private_ranges=N
         elif 'Network.FTP.AllowActiveFTP' in instance.additional_properties:
             del instance.additional_properties['Network.FTP.AllowActiveFTP']
 
+    if enable_fat_flow_logging is not None:
+        if instance.additional_properties is None:
+            instance.additional_properties = {}
+        if enable_fat_flow_logging:
+            instance.additional_properties['Network.AdditionalLogs.EnableFatFlowLogging'] = "true"
+        elif 'Network.AdditionalLogs.EnableFatFlowLogging' in instance.additional_properties:
+            del instance.additional_properties['Network.AdditionalLogs.EnableFatFlowLogging']
+
     return instance