Skip to content

[AKS] az aks update: add --enable-aad argument #14217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
arrownj merged 1 commit into from
Jul 6, 2020
Merged

[AKS] az aks update: add --enable-aad argument #14217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -440,6 +440,9 @@
- name: --api-server-authorized-ip-ranges
type: string
short-summary: Comma seperated list of authorized apiserver IP ranges. Set to "" to allow all traffic on a previously restricted cluster. Set to 0.0.0.0/32 to restrict apiserver traffic to node pools.
- name: --enable-aad
type: bool
short-summary: Enable managed AAD feature for cluster.
- name: --aad-admin-group-object-ids
type: string
short-summary: Comma seperated list of aad group object IDs that will be set as cluster admin.
Expand All @@ -465,6 +468,8 @@
text: az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 0.0.0.0/32
- name: Update a AKS-managed AAD cluster with tenant ID or admin group object IDs.
text: az aks update -g MyResourceGroup -n MyManagedCluster --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>
- name: Update an existing AKS AAD-Integrated cluster to the new AKS-managed AAD experience.
text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-aad
"""

helps['aks delete'] = """
Expand Down
13 changes: 12 additions & 1 deletion src/azure-cli/azure/cli/command_modules/acs/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2139,6 +2139,7 @@ def aks_update(cmd, client, resource_group_name, name,
attach_acr=None,
detach_acr=None,
api_server_authorized_ip_ranges=None,
enable_aad=False,
aad_tenant_id=None,
aad_admin_group_object_ids=None,
no_wait=False):
Expand All @@ -2155,6 +2156,7 @@ def aks_update(cmd, client, resource_group_name, name,
not detach_acr and
not uptime_sla and
api_server_authorized_ip_ranges is None and
not enable_aad and
not update_aad_profile):
raise CLIError('Please specify one or more of "--enable-cluster-autoscaler" or '
'"--disable-cluster-autoscaler" or '
Expand All @@ -2167,6 +2169,7 @@ def aks_update(cmd, client, resource_group_name, name,
'"--attach-acr" or "--detach-acr" or'
'"--uptime-sla" or'
'"--api-server-authorized-ip-ranges" or '
'"--enable-aad" or '
'"--aad-tenant-id" or '
'"--aad-admin-group-object-ids"')

Expand Down Expand Up @@ -2253,10 +2256,18 @@ def aks_update(cmd, client, resource_group_name, name,
instance.api_server_access_profile = \
_populate_api_server_access_profile(api_server_authorized_ip_ranges, instance=instance)

if enable_aad:
if instance.aad_profile is None:
raise CLIError('Cannot specify "--enable-aad" for a non-AAD cluster')
if instance.aad_profile.managed:
raise CLIError('Cannot specify "--enable-aad" if managed AAD is already enabled')
instance.aad_profile = ManagedClusterAADProfile(
managed=True
)
if update_aad_profile:
if instance.aad_profile is None or not instance.aad_profile.managed:
raise CLIError('Cannot specify "--aad-tenant-id/--aad-admin-group-object-ids"'
' if managed aad not is enabled')
' if managed AAD is not enabled')
if aad_tenant_id is not None:
instance.aad_profile.tenant_id = aad_tenant_id
if aad_admin_group_object_ids is not None:
Expand Down
Loading