Azure · wenjungaogaogao · Aug 23, 2023 · Aug 24, 2023 · Aug 24, 2023 · Aug 25, 2023
@@ -16,7 +16,7 @@ def register_aks_preview_resource_type():
     register_resource_type(
         "latest",
         CUSTOM_MGMT_AKS_PREVIEW,
-        SDKProfile("2023-06-02-preview", {"container_services": "2017-07-01"}),
+        SDKProfile("2023-07-02-preview", {"container_services": "2017-07-01"}),
     )
 
 

@@ -91,9 +91,6 @@
 CONST_NODE_OS_CHANNEL_SECURITY_PATCH = "SecurityPatch"
 CONST_NODE_OS_CHANNEL_UNMANAGED = "Unmanaged"
 
-# consts for cluster upgrade settings
-CONST_IGNORE_KUBERNETES_DEPRECATIONS = "IgnoreKubernetesDeprecations"
-
 # consts for nrg-lockdown restriction level
 CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_READONLY = "ReadOnly"
 CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_UNRESTRICTED = "Unrestricted"

@@ -796,13 +796,15 @@
         - name: --node-os-upgrade-channel
           type: string
           short-summary: Manner in which the OS on your nodes is updated. It could be NodeImage, None, SecurityPatch or Unmanaged.
-        - name: --upgrade-settings
-          type: string
-          short-summary: A comma separated list of supported cluster upgrade settings. E.g., IgnoreKubernetesDeprecations.
-          long-summary: Allowed value is "IgnoreKubernetesDeprecations". If set as "", upgrade settings will be set to default and the existing overrides will no longer be effective.
+        - name: --enable-force-upgrade
+          type: bool
+          short-summary: Enable forceUpgrade cluster upgrade settings override.
+        - name: --disable-force-upgrade
+          type: bool
+          short-summary: Disable forceUpgrade cluster upgrade settings override.
         - name: --upgrade-override-until
           type: string
-          short-summary: Until when the cluster upgradeSettings overrides are effective. It needs to be in a valid date-time format that's within the next 30 days. For example, 2023-04-01T13:00:00Z. Note that if --upgrade-settings is set to IgnoreKubernetesDeprecations and --upgrade-override-until is not set, by default it will be set to 3 days from now.
+          short-summary: Until when the cluster upgradeSettings overrides are effective. It needs to be in a valid date-time format that's within the next 30 days. For example, 2023-04-01T13:00:00Z. Note that if --force-upgrade is set to true and --upgrade-override-until is not set, by default it will be set to 3 days from now.
         - name: --enable-managed-identity
           type: bool
           short-summary: Update current cluster to managed identity to manage cluster resource group.

@@ -154,7 +154,8 @@
     validate_user,
     validate_utc_offset,
     validate_vm_set_type,
-    validate_vnet_subnet_id
+    validate_vnet_subnet_id,
+    validate_force_upgrade_disable_and_enable_parameters
 )
 from azure.cli.core.commands.parameters import (
     edge_zone_type,
@@ -465,7 +466,8 @@ def load_arguments(self, _):
         c.argument('kube_proxy_config')
         c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels))
         c.argument('node_os_upgrade_channel', arg_type=get_enum_type(node_os_upgrade_channels))
-        c.argument('upgrade_settings', is_preview=True)
+        c.argument('disable_force_upgrade', action='store_true', validator=validate_force_upgrade_disable_and_enable_parameters)
+        c.argument('enable_force_upgrade', action='store_true', validator=validate_force_upgrade_disable_and_enable_parameters)
         c.argument('upgrade_override_until', is_preview=True)
         c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"],
                    help="Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.")

@@ -659,6 +659,9 @@ def validate_defender_disable_and_enable_parameters(namespace):
     if namespace.disable_defender and namespace.enable_defender:
         raise ArgumentUsageError('Providing both --disable-defender and --enable-defender flags is invalid')
 
+def validate_force_upgrade_disable_and_enable_parameters(namespace):
+    if namespace.disable_force_upgrade and namespace.enable_force_upgrade:
+        raise MutuallyExclusiveArgumentError('Providing both --disable-force-upgrade and --enable-force-upgrade flags is invalid')
 
 def sanitize_resource_id(resource_id):
     resource_id = resource_id.strip()

@@ -647,7 +647,8 @@ def aks_update(
     kube_proxy_config=None,
     auto_upgrade_channel=None,
     node_os_upgrade_channel=None,
-    upgrade_settings=None,
+    enable_force_upgrade=False,
+    disable_force_upgrade=False,
     upgrade_override_until=None,
     cluster_autoscaler_profile=None,
     uptime_sla=False,

@@ -61,7 +61,6 @@
     CONST_NETWORK_DATAPLANE_CILIUM,
     CONST_PRIVATE_DNS_ZONE_NONE,
     CONST_PRIVATE_DNS_ZONE_SYSTEM,
-    CONST_IGNORE_KUBERNETES_DEPRECATIONS,
 )
 from azext_aks_preview._helpers import (
     check_is_private_cluster,
@@ -769,39 +768,22 @@ def get_upgrade_override_until(self) -> Union[str, None]:
         # this parameter does not need validation
         return self.raw_param.get("upgrade_override_until")
 
-    def get_upgrade_settings(self) -> Union[List[str], None]:
-        """Obtain the value of upgrade_settings.
-        :return: List[str] or None
+    def get_force_upgrade(self) -> Union[bool, None]:
+        """Obtain the value of force_upgrade.
+        :return: bool or None
         """
         # this parameter does not need dynamic completion
-        # this parameter does not need validation
-        upgrade_settings = self.raw_param.get("upgrade_settings")
-        if upgrade_settings is None:
-            return None
-
-        goal_upgrade_settings_list = []
-
-        if upgrade_settings.strip() == "":
-            if self.get_upgrade_override_until():
-                raise MutuallyExclusiveArgumentError(
-                    "Cannot specify --upgrade-override-until when --upgrade-settings is set to empty string. Set only the --upgrade-override-until parameter instead."
-                )
-            return goal_upgrade_settings_list
-
-        input_upgrade_settings_list = [x.strip() for x in upgrade_settings.split(',')]
-
-        supported_upgrade_settings = [
-            CONST_IGNORE_KUBERNETES_DEPRECATIONS,
-        ]
+        # validation is done with param validator
+        enable_force_upgrade = self.raw_param.get("enable_force_upgrade")
+        disable_force_upgrade = self.raw_param.get("disable_force_upgrade")
 
-        for s in input_upgrade_settings_list:
-            if s in goal_upgrade_settings_list or s not in supported_upgrade_settings:
-                raise InvalidArgumentValueError(
-                    f"{upgrade_settings} either has duplicates or contains invalid upgrade-settings. Supported settings include, IgnoreKubernetesDeprecations."
-                )
-            goal_upgrade_settings_list.append(s)
-
-        return goal_upgrade_settings_list
+        if enable_force_upgrade is False and disable_force_upgrade is False:
+            return None
+        if enable_force_upgrade is not None:
+            return enable_force_upgrade
+        if disable_force_upgrade is not None:
+            return not disable_force_upgrade
+        return None
 
     def _get_enable_pod_security_policy(self, enable_validation: bool = False) -> bool:
         """Internal function to obtain the value of enable_pod_security_policy.
@@ -3609,32 +3591,17 @@ def update_upgrade_settings(self, mc: ManagedCluster) -> ManagedCluster:
         if mc.upgrade_settings is not None and mc.upgrade_settings.override_settings is not None and mc.upgrade_settings.override_settings.until is not None:
             existing_until = mc.upgrade_settings.override_settings.until
 
-        upgrade_settings = self.context.get_upgrade_settings()
-
-        # There is a limitation on differentiating empty list vs. not set in update requests.
-        # In such case, we'll use a workaround here to disable it by setting the until field to the current time, to make the overrides no longer effective.
-        # For now there's only one allowed override so we can return early here.
-        if upgrade_settings is not None and len(upgrade_settings) == 0:
-            if mc.upgrade_settings is not None and mc.upgrade_settings.override_settings is not None and mc.upgrade_settings.override_settings.control_plane_overrides is not None:
-                if mc.upgrade_settings.override_settings.control_plane_overrides == [CONST_IGNORE_KUBERNETES_DEPRECATIONS]:
-                    if existing_until is not None and existing_until.timestamp() > datetime.datetime.utcnow().timestamp():
-                        mc.upgrade_settings.override_settings.until = datetime.datetime.utcnow()
-            return mc
-
+        force_upgrade = self.context.get_force_upgrade()
         override_until = self.context.get_upgrade_override_until()
-        upgrade_ignore_kubernetes_deprecations = upgrade_settings is not None and CONST_IGNORE_KUBERNETES_DEPRECATIONS in upgrade_settings
 
-        if upgrade_settings is not None or override_until is not None:
+        if force_upgrade is not None or override_until is not None:
             if mc.upgrade_settings is None:
                 mc.upgrade_settings = self.models.ClusterUpgradeSettings()
             if mc.upgrade_settings.override_settings is None:
                 mc.upgrade_settings.override_settings = self.models.UpgradeOverrideSettings()
-            # sets control_plane_overrides
-            if upgrade_ignore_kubernetes_deprecations:
-                if mc.upgrade_settings.override_settings.control_plane_overrides is None:
-                    mc.upgrade_settings.override_settings.control_plane_overrides = []
-                if CONST_IGNORE_KUBERNETES_DEPRECATIONS not in mc.upgrade_settings.override_settings.control_plane_overrides:
-                    mc.upgrade_settings.override_settings.control_plane_overrides.append(CONST_IGNORE_KUBERNETES_DEPRECATIONS)
+            # sets force_upgrade
+            if force_upgrade is not None:
+                mc.upgrade_settings.override_settings.force_upgrade = force_upgrade
             # sets until
             if override_until is not None:
                 try:
@@ -3643,7 +3610,7 @@ def update_upgrade_settings(self, mc: ManagedCluster) -> ManagedCluster:
                     raise InvalidArgumentValueError(
                         f"{override_until} is not a valid datatime format."
                     )
-            elif upgrade_ignore_kubernetes_deprecations:
+            elif force_upgrade:
                 default_extended_until = datetime.datetime.utcnow() + datetime.timedelta(days=3)
                 if existing_until is None or existing_until.timestamp() < default_extended_until.timestamp():
                     mc.upgrade_settings.override_settings.until = default_extended_until
@@ -3715,7 +3682,7 @@ def update_mc_profile_preview(self) -> ManagedCluster:
         mc = self.update_auto_upgrade_profile(mc)
         # update guardrails_profile
         mc = self.update_guardrails_profile(mc)
-        # update auto upgrade profile
+        # update cluster upgrade settings profile
         mc = self.update_upgrade_settings(mc)
         # update nodepool taints
         mc = self.update_nodepool_taints_mc(mc)

@@ -16,7 +16,7 @@ interactions:
       - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/24.0.0b Python/3.10.8
         (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31)
     method: GET
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-06-02-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-07-02-preview
   response:
     body:
       string: '{"error":{"code":"ResourceNotFound","message":"The Resource ''Microsoft.ContainerService/managedClusters/cliakstest000002''
@@ -121,7 +121,7 @@ interactions:
       - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/24.0.0b Python/3.10.8
         (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31)
     method: PUT
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-06-02-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-07-02-preview
   response:
     body:
       string: "{\n  \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n
@@ -208,7 +208,7 @@ interactions:
       - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/24.0.0b Python/3.10.8
         (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31)
     method: GET
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-06-02-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-07-02-preview
   response:
     body:
       string: "{\n  \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n
@@ -297,7 +297,7 @@ interactions:
       - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/24.0.0b Python/3.10.8
         (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31)
     method: POST
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedclusters/cliakstest000002/abort?api-version=2023-06-02-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedclusters/cliakstest000002/abort?api-version=2023-07-02-preview
   response:
     body:
       string: "{\n  \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n
@@ -526,7 +526,7 @@ interactions:
       - AZURECLI/2.49.0 azsdk-python-azure-mgmt-containerservice/24.0.0b Python/3.10.8
         (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31)
     method: GET
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-06-02-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2023-07-02-preview
   response:
     body:
       string: "{\n  \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n