Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ContainerApp] Fix #501: az containerapp create --allow-insecure: Add Flag to Allow Container App Insecure Ingress #6555

Merged
merged 13 commits into from
Aug 9, 2023
Merged

[ContainerApp] Fix #501: az containerapp create --allow-insecure: Add Flag to Allow Container App Insecure Ingress #6555

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
70b0925
added insecure ingress flag to create
Juancpani Jul 25, 2023
b073579
white space fix
Juancpani Jul 26, 2023
96af66e
added history
Juancpani Jul 28, 2023
dfa6f87
Merge branch 'main' of https://github.com/Juancpani/azure-cli-extensions
Juancpani Aug 3, 2023
8a9cf9a
added validation
Juancpani Aug 3, 2023
25cdbc6
added TCP validation
Juancpani Aug 3, 2023
3e72b72
added insecure flag to existing test
Juancpani Aug 3, 2023
0f3a727
history check
Juancpani Aug 3, 2023
df1b12b
Merge branch 'main' of https://github.com/Juancpani/azure-cli-extensions
Juancpani Aug 3, 2023
9b5b3af
working recording for ingress test
Juancpani Aug 3, 2023
2bf126f
double space fix for statci analysis
Juancpani Aug 3, 2023
3d7b3f7
Merge branch 'main' of https://github.com/Juancpani/azure-cli-extensions
Juancpani Aug 8, 2023
fed8f40
recording fix
Juancpani Aug 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/containerapp/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ Upcoming
* 'az containerapp job start': update start execution payload format to exlude template property from API version 2023-05-01 onwards
* 'az containerapp service': add support for creation and deletion of MariaDB
* 'az containerapp create/list': support --environment-type parameter
* 'az containerapp create': add support for insecure ingress with flag --allow-insecure

0.3.36
++++++
Expand Down
1 change: 1 addition & 0 deletions src/containerapp/azext_containerapp/_models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,7 @@
"targetPort": None,
"transport": None, # 'auto', 'http', 'http2', 'tcp'
"exposedPort": None,
"allowInsecure": False,
"traffic": None, # TrafficWeight
"customDomains": None, # [CustomDomain]
"ipSecurityRestrictions": None, # [IPSecurityRestrictions]
Expand Down
4 changes: 3 additions & 1 deletion src/containerapp/azext_containerapp/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@

from ._validators import (validate_memory, validate_cpu, validate_managed_env_name_or_id, validate_registry_server,
validate_registry_user, validate_registry_pass, validate_target_port, validate_ingress,
validate_storage_name_or_id, validate_cors_max_age, validate_env_name_or_id)
validate_storage_name_or_id, validate_cors_max_age, validate_env_name_or_id,
validate_allow_insecure)
from ._constants import UNAUTHENTICATED_CLIENT_ACTION, FORWARD_PROXY_CONVENTION, MAXIMUM_CONTAINER_APP_NAME_LENGTH, LOG_TYPE_CONSOLE, LOG_TYPE_SYSTEM


Expand Down Expand Up @@ -115,6 +116,7 @@ def load_arguments(self, _):
c.argument('target_port', type=int, validator=validate_target_port, help="The application port used for ingress traffic.")
c.argument('transport', arg_type=get_enum_type(['auto', 'http', 'http2', 'tcp']), help="The transport protocol used for ingress traffic.")
c.argument('exposed_port', type=int, help="Additional exposed port. Only supported by tcp transport protocol. Must be unique per environment if the app ingress is external.")
c.argument('allow_insecure', validator=validate_allow_insecure, arg_type=get_three_state_flag(), help='Allow insecure connections for ingress traffic.')

with self.argument_context('containerapp create') as c:
c.argument('traffic_weights', nargs='*', options_list=['--traffic-weight'], help="A list of revision weight(s) for the container app. Space-separated values in 'revision_name=weight' format. For latest revision, use 'latest=weight'")
Expand Down
9 changes: 9 additions & 0 deletions src/containerapp/azext_containerapp/_validators.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,15 @@ def validate_ingress(namespace):
raise ValidationError("Usage error: must specify --target-port with --ingress")


def validate_allow_insecure(namespace):
if "create" in namespace.command.lower():
if namespace.allow_insecure:
if not namespace.ingress or not namespace.target_port:
raise ValidationError("Usage error: must specify --ingress and --target-port with --allow-insecure")
if namespace.transport == "tcp":
raise ValidationError("Usage error: --allow-insecure is not supported for TCP ingress")


def _set_ssh_defaults(cmd, namespace):
app = ContainerAppClient.show(cmd, namespace.resource_group_name, namespace.name)
if not app:
Expand Down
4 changes: 4 additions & 0 deletions src/containerapp/azext_containerapp/containerapp_decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,9 @@ def get_argument_transport(self):
def get_argument_ingress(self):
return self.get_param("ingress")

def get_argument_allow_insecure(self):
return self.get_param("allow_insecure")

def get_argument_revisions_mode(self):
return self.get_param("revisions_mode")

Expand Down Expand Up @@ -392,6 +395,7 @@ def construct_containerapp(self):
ingress_def["targetPort"] = self.get_argument_target_port()
ingress_def["transport"] = self.get_argument_transport()
ingress_def["exposedPort"] = self.get_argument_exposed_port() if self.get_argument_transport() == "tcp" else None
ingress_def["allowInsecure"] = self.get_argument_allow_insecure()

secrets_def = None
if self.get_argument_secrets() is not None:
Expand Down
1 change: 1 addition & 0 deletions src/containerapp/azext_containerapp/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,7 @@ def create_containerapp(cmd,
exposed_port=None,
transport="auto",
ingress=None,
allow_insecure=False,
revisions_mode="single",
secrets=None,
env_vars=None,
Expand Down
3,515 changes: 1,802 additions & 1,713 deletions ...ontainerapp/azext_containerapp/tests/latest/recordings/test_containerapp_ingress_e2e.yaml
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion src/containerapp/azext_containerapp/tests/latest/test_containerapp_commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,11 +160,12 @@ def test_containerapp_ingress_e2e(self, resource_group):

create_containerapp_env(self, env_name, resource_group)

self.cmd('containerapp create -g {} -n {} --environment {} --ingress external --target-port 80'.format(resource_group, ca_name, env_name))
self.cmd('containerapp create -g {} -n {} --environment {} --ingress external --target-port 80 --allow-insecure'.format(resource_group, ca_name, env_name))

self.cmd('containerapp ingress show -g {} -n {}'.format(resource_group, ca_name, env_name), checks=[
JMESPathCheck('external', True),
JMESPathCheck('targetPort', 80),
JMESPathCheck('allowInsecure', True),
])

self.cmd('containerapp ingress disable -g {} -n {}'.format(resource_group, ca_name, env_name))
Expand Down