K8s extension/release 1.6.1

.github/workflows/VersionCalPRComment.yml

@@ -0,0 +1,130 @@
+name: Generate Release Version and Comment PR
+
+on:
+  workflow_dispatch:
+  pull_request_target:
+      types: [opened, labeled, unlabeled, synchronize]
+      paths:
+        - '**.py'
+
+permissions:
+  pull-requests: write
+
+jobs:
+  version-cal:
+    if: contains(github.event.pull_request.labels.*.name, 'auto-cal-version')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set Init Version Message
+        run: |
+          echo "message=$(echo 'Suggested init version: 1.0.0b1 for preview release and 1.0.0 for stable release')" >> $GITHUB_ENV
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v3
+        with:
+           python-version: "3.10"
+      - name: Checkout CLI extension repo
+        uses: actions/checkout@master
+        with:
+          fetch-depth: 0 # checkout all branches
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}  # checkout pull request branch
+      - name: Show workdirectory after site cloned
+        run: |
+           pwd
+           ls
+      - name: Get Diff Files
+        env:
+          bash_sha: ${{ github.event.pull_request.base.sha }}
+          base_branch: ${{ github.event.pull_request.base.ref }}
+          diff_sha: ${{ github.event.pull_request.head.sha }}
+          diff_branch: ${{ github.event.pull_request.head.ref }}
+          repo_full_name: ${{ github.event.pull_request.head.repo.full_name }}
+        run: |
+            set -x
+            git --version
+            git log --oneline | head -n 30
+            git branch -a
+            git fetch https://github.com/Azure/azure-cli-extensions.git ${{ env.base_branch }}:${{ env.base_branch }}
+            git checkout ${{ env.base_branch }}
+            git log --oneline | head -n 30
+            git checkout ${{ env.diff_branch }}
+            git log --oneline | head -n 30
+            git --no-pager diff --name-only --diff-filter=ACMRT ${{ env.base_branch }}...${{ env.diff_branch }} > changed_files
+            cat changed_files
+            cat changed_files | grep azext_ | awk -F"azext_" '{print $1}'| awk -F"/" '{print $2}' | sort | uniq > changed_modules
+            echo "changed_module_list=$(cat changed_files | grep azext_ | awk -F"azext_" '{print $1}'| awk -F"/" '{print $2}' | sort | uniq | xargs)" >> $GITHUB_ENV
+      - name: Display Diff Modules
+        run: |
+            for mod in ${{ env.changed_module_list }}
+            do
+              echo changed module: "${mod}"
+            done
+      - name: Checkout CLI main repo 
+        uses: actions/checkout@master
+        with:
+           repository: Azure/azure-cli
+           path: ./azure-cli
+      - name: Show workdirectory after cli cloned
+        run: |
+           pwd
+           ls
+      - name: Move the main repo to the same level as the extension repo
+        run: |
+           mv azure-cli ../
+           cd ../
+           pwd
+           ls
+      - name: Install azdev
+        run: | 
+           python -m pip install --upgrade pip
+           set -ev
+           python -m venv env
+           chmod +x env/bin/activate
+           source ./env/bin/activate
+           pip install azdev
+           azdev --version
+           cd ../
+           azdev setup -c azure-cli -r azure-cli-extensions --debug
+           az --version
+           pip list -v
+      - name: Gen Base and Diff Metadata
+        id: get_comment_message
+        env:
+          pr_label_list: ${{ toJson(github.event.pull_request.labels.*.name) }}
+          base_branch: ${{ github.event.pull_request.base.ref }}
+          diff_branch: ${{ github.event.pull_request.head.ref }}
+          base_meta_path: "./base_meta/"
+          diff_meta_path: "./diff_meta/"
+          output_file: "version_update.txt"
+        run: |
+           chmod +x env/bin/activate
+           source ./env/bin/activate
+           set -ev
+           git checkout ${{ env.base_branch }}
+           mkdir ${{ env.base_meta_path }}
+           for mod in ${{ env.changed_module_list }}
+           do
+              echo changed module: "${mod}"
+              azdev extension add "${mod}" && azdev command-change meta-export "${mod}" --meta-output-path ./${{ env.base_meta_path }}/ && azdev extension remove "${mod}"
+           done
+           git checkout ${{ env.diff_branch }}
+           mkdir ${{ env.diff_meta_path }}
+           for mod in ${{ env.changed_module_list }}
+           do
+              echo changed module: "${mod}"
+              azdev extension add "${mod}" && azdev command-change meta-export "${mod}" --meta-output-path ./${{ env.diff_meta_path }}/ && azdev extension remove "${mod}"
+           done
+           ls ./${{ env.base_meta_path }}/
+           ls ./${{ env.diff_meta_path }}/
+           git checkout ${{ env.base_branch }}
+           python scripts/ci/release_version_cal.py
+           # echo "commit_message=$(cat ${{ env.output_file }})" >> $GITHUB_ENV
+      - name: Comment on the pull request
+        uses: mshick/add-pr-comment@v2
+        with:
+           repo-token: ${{ secrets.GITHUB_TOKEN }}
+           message-id: versioncommentbot
+           message-path: |
+            version_update.txt
+           message-failure: |
+            Please refer to [Extension version schema](https://github.com/Azure/azure-cli/blob/release/doc/extensions/versioning_guidelines.md) to update release versions.

scripts/ci/release_version_cal.py

@@ -15,8 +15,6 @@
 from util import get_index_data
 
 
-base_branch = os.environ.get('base_branch', None)
-diff_branch = os.environ.get('diff_branch', None)
 base_meta_path = os.environ.get('base_meta_path', None)
 diff_meta_path = os.environ.get('diff_meta_path', None)
 output_file = os.environ.get('output_file', None)
@@ -96,8 +94,6 @@ def main():
     cli_ext_path = get_ext_repo_paths()[0]
     print("get_cli_repo_path: ", get_cli_repo_path())
     print("get_ext_repo_paths: ", cli_ext_path)
-    print("base_branch: ", base_branch)
-    print("diff_branch: ", diff_branch)
     print("base_meta_path: ", base_meta_path)
     print("diff_meta_path: ", diff_meta_path)
     print("output_file: ", output_file)

src/aks-preview/HISTORY.rst

@@ -9,6 +9,16 @@ If there is no rush to release a new version, please just add a description of t
 
 To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.
 
+Pending
++++++++
+
+2.0.0b4
++++++++
+* Add `--enable-vtpm` to `az aks create`, `az aks nodepool add` and `az aks nodepool update`.
+* Add `--disable-vtpm` to the `az aks nodepool update` command.
+* Add `--enable-secure-boot` to `az aks create`, `az aks nodepool add` and `az aks nodepool update`.
+* Add `--disable-secure-boot` to the `az aks nodepool update` command.
+
 2.0.0b3
 +++++++
 * Add parameter to set revision `--revision` for the Azure Service Mesh addon while creating AKS cluster.

src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json

@@ -49,6 +49,10 @@
         "ai toolchain operator, enabled in staging only": [
             "test_aks_create_with_enable_ai_toolchain_operator",
             "test_aks_update_with_enable_ai_toolchain_operator"
+        ],
+        "trusted launch, missing feature registration & toggle": [
+            "test_aks_create_update_secure_boot_flow",
+            "test_aks_create_update_vtpm_flow"
         ]
     }
 }

src/aks-preview/azext_aks_preview/_help.py

@@ -601,6 +601,12 @@
           long-summary: |
               Used together with the "azure" network plugin.
               Requires --pod-subnet-id.
+        - name: --enable-secure-boot
+          type: bool
+          short-summary: Enable Secure Boot on all node pools in the cluster. Must use VMSS agent pool type.
+        - name: --enable-vtpm
+          type: bool
+          short-summary: Enable vTPM on all node pools in the cluster. Must use VMSS agent pool type.
     examples:
         - name: Create a Kubernetes cluster with an existing SSH public key.
           text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey
@@ -1742,6 +1748,12 @@
           long-summary: |
               Used together with the "azure" network plugin.
               Requires --pod-subnet-id.
+        - name: --enable-secure-boot
+          type: bool
+          short-summary: Enable Secure Boot on agent node pool. Must use VMSS agent pool type.
+        - name: --enable-vtpm
+          type: bool
+          short-summary: Enable vTPM on agent node pool. Must use VMSS agent pool type.
     examples:
         - name: Create a nodepool in an existing AKS cluster with ephemeral os enabled.
           text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48
@@ -1865,6 +1877,18 @@
         - name: --ssh-access
           type: string
           short-summary: Update SSH setting for the node pool. Use "disabled" to disable SSH access, "localuser" to enable SSH access using private key.
+        - name: --enable-secure-boot
+          type: bool
+          short-summary: Enable Secure Boot on an existing Trusted Launch enabled agent node pool. Must use VMSS agent pool type.
+        - name: --disable-secure-boot
+          type: bool
+          short-summary: Disable Secure Boot on on an existing Trusted Launch enabled agent node pool.
+        - name: --enable-vtpm
+          type: bool
+          short-summary: Enable vTPM on an existing Trusted Launch enabled agent node pool. Must use VMSS agent pool type.
+        - name: --disable-vtpm
+          type: bool
+          short-summary: Disable vTPM on an existing Trusted Launch enabled agent node pool.
     examples:
       - name: Reconcile the nodepool back to its current state.
         text: az aks nodepool update -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster

src/aks-preview/azext_aks_preview/_params.py

@@ -840,6 +840,17 @@ def load_arguments(self, _):
             default=CONST_SSH_ACCESS_LOCALUSER,
             is_preview=True,
         )
+        # trusted launch
+        c.argument(
+            "enable_secure_boot",
+            is_preview=True,
+            action="store_true"
+        )
+        c.argument(
+            "enable_vtpm",
+            is_preview=True,
+            action="store_true"
+        )
 
     with self.argument_context("aks update") as c:
         # managed cluster paramerters
@@ -1381,6 +1392,17 @@ def load_arguments(self, _):
             default=CONST_SSH_ACCESS_LOCALUSER,
             is_preview=True,
         )
+        # trusted launch
+        c.argument(
+            "enable_secure_boot",
+            is_preview=True,
+            action="store_true"
+        )
+        c.argument(
+            "enable_vtpm",
+            is_preview=True,
+            action="store_true"
+        )
 
     with self.argument_context("aks nodepool update") as c:
         c.argument(
@@ -1439,6 +1461,27 @@ def load_arguments(self, _):
         # In update scenario, use emtpy str as default.
         c.argument('ssh_access', arg_type=get_enum_type(ssh_accesses), is_preview=True)
         c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
+        # trusted launch
+        c.argument(
+            "enable_secure_boot",
+            is_preview=True,
+            action="store_true"
+        )
+        c.argument(
+            "disable_secure_boot",
+            is_preview=True,
+            action="store_true"
+        )
+        c.argument(
+            "enable_vtpm",
+            is_preview=True,
+            action="store_true"
+        )
+        c.argument(
+            "disable_vtpm",
+            is_preview=True,
+            action="store_true"
+        )
 
     with self.argument_context("aks nodepool upgrade") as c:
         c.argument("max_surge", validator=validate_max_surge)