Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AKS] Fix apiServerAccessProfile when updating --api-server-authorized-ip-ranges #12589

Merged
merged 3 commits into from
Mar 17, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion src/azure-cli/azure/cli/command_modules/acs/_helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@
from distutils.version import StrictVersion # pylint: disable=no-name-in-module,import-error
# pylint: disable=no-name-in-module,import-error
from azure.mgmt.containerservice.v2019_11_01.models import ManagedClusterAPIServerAccessProfile
from knack.util import CLIError


def _populate_api_server_access_profile(api_server_authorized_ip_ranges, enable_private_cluster, instance=None):
def _populate_api_server_access_profile(api_server_authorized_ip_ranges, enable_private_cluster=False, instance=None):
if instance is None or instance.api_server_access_profile is None:
profile = ManagedClusterAPIServerAccessProfile()
else:
Expand All @@ -22,6 +23,9 @@ def _populate_api_server_access_profile(api_server_authorized_ip_ranges, enable_
else:
authorized_ip_ranges = [ip.strip() for ip in api_server_authorized_ip_ranges.split(",")]

if profile.enable_private_cluster and authorized_ip_ranges:
raise CLIError('--api-server-authorized-ip-ranges is not supported for private cluster')

profile.authorized_ip_ranges = authorized_ip_ranges
return profile

Expand Down
4 changes: 2 additions & 2 deletions src/azure-cli/azure/cli/command_modules/acs/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -1813,7 +1813,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value, # pylint:
if api_server_authorized_ip_ranges or enable_private_cluster:
api_server_access_profile = _populate_api_server_access_profile(
api_server_authorized_ip_ranges,
enable_private_cluster
enable_private_cluster=enable_private_cluster
)

# Check that both --disable-rbac and --enable-rbac weren't provided
Expand Down Expand Up @@ -2132,7 +2132,7 @@ def aks_update(cmd, client, resource_group_name, name,
# empty string is valid as it disables ip whitelisting
if api_server_authorized_ip_ranges is not None:
instance.api_server_access_profile = \
_populate_api_server_access_profile(api_server_authorized_ip_ranges, instance)
_populate_api_server_access_profile(api_server_authorized_ip_ranges, instance=instance)

return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, name, instance)

Expand Down
Loading