[AKS] az aks nodepool update: Add --enable/disable-fips-image flags for GA mutable fips
#29695
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
️✔️AzureCLI-FullTest
|
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| aks nodepool update | cmd aks nodepool update added parameter disable_fips_image |
||
| aks nodepool update | cmd aks nodepool update added parameter enable_fips_image |
|
AKS |
microsoft-github-policy-service
bot
requested review from
zhoxing-ms,
yanzhudd,
yonzhan and
FumingZhang
microsoft-github-policy-service
bot
added
Auto-Assign
pineapplethevoyager
changed the title
--enable/disable--fips-image flags (nodepool update) for GA mutable fips
pineapplethevoyager
changed the title
--enable/disable--fips-image flags (nodepool update) for GA mutable fips--enable/disable-fips-image flags (nodepool update) for GA mutable fips
pineapplethevoyager
changed the title
--enable/disable-fips-image flags (nodepool update) for GA mutable fips--enable/disable-fips-image flags` (nodepool update) for GA mutable fips
pineapplethevoyager
changed the title
--enable/disable-fips-image flags` (nodepool update) for GA mutable fips--enable/disable-fips-image flags for GA mutable fips
pineapplethevoyager
changed the title
--enable/disable-fips-image flags for GA mutable fipsaz aks nodepool update: Add --enable/disable-fips-image flags for GA mutable fips
|
@FumingZhang to help review |
andyliuliming
suggested changes
Aug 10, 2024
| @@ -1070,25 +1070,38 @@ def get_enable_ultra_ssd(self) -> bool: | |||
| # this parameter does not need validation | |||
| return enable_ultra_ssd | |||
|
|
|||
| # Mutable Fips now allows changes after create | |||
| def get_enable_fips_image(self) -> bool: | |||
There was a problem hiding this comment.
looks like worth adding some ut
There was a problem hiding this comment.
tests have been added under "test_agentpool_decorator.py" and "test_aks_commands.py"
| if self.decorator_mode == DecoratorMode.CREATE: | ||
| if ( | ||
| self.agentpool and | ||
| hasattr(self.agentpool, "enable_fips") and # backward compatibility |
There was a problem hiding this comment.
make "enable_fips" a const?
There was a problem hiding this comment.
This code section isn't changed, and the string is not reused won't fix
| ): | ||
| enable_fips_image = self.agentpool.enable_fips | ||
| # In create mode, try and read the property value corresponding to the parameter from the `agentpool` object | ||
| if self.decorator_mode == DecoratorMode.CREATE: |
There was a problem hiding this comment.
what if it's UPDATE?
I think the mutually exclude check should also run?
There was a problem hiding this comment.
If update the flag is read directly (ie if --enable-fips-image exists the fips-mode will be set to true)
This existing code only applies to when DecoratorMode.Create to check if it has been set elsewhere ie MC create which isn't allowed for update
This code is already in preview and has been tested by many parties with no issue
andyliuliming
approved these changes
Aug 13, 2024
yanzhudd
approved these changes
Aug 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related command
az aks nodepool update --enable-fips-image --disable-fips-image
Description
This PR allows the CLI functionality for the GA AKS feature allowing fips mode to be enabled/disabled after nodepool creation using the cli "az aks nodepool update" with associated flags above.
Testing Guide
#! Make sure to use region where AKS RP functionality has been released
az aks nodepool add -g chrislopezrg --cluster-name chrislopezaks -n fipstest2
az aks nodepool update -g chrislopezrg --cluster-name chrislopezaks -n fipstest --enable-fips-image
az aks nodepool show -g chrislopezrg --cluster-name chrislopezaks -n fipstest
az aks nodepool add -g chrislopezrg --cluster-name chrislopezaks -n fipstest3 --enable-fips-image
az aks nodepool add -g chrislopezrg --cluster-name chrislopezaks -n fipstest3 --disable-fips-image
az aks nodepool show -g chrislopezrg --cluster-name chrislopezaks -n fipstest3
History Notes
[Component Name 1] BREAKING CHANGE:
az command a: Make some customer-facing breaking change[Component Name 2]
az command b: Add some customer-facing featureThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.