[Spring] Private Storage Access support (Azure#7471)

src/spring/HISTORY.md

@@ -10,6 +10,7 @@ Release History
 * Add argument `--bind-config-server` to `az spring app create` bind with default config server during creation automatically.
 * Update commands `az spring config-server clear` and `az spring config-server git repo remove` to require confirmation before running the command.
 * Add more samples for `az spring config-server` sub commands.
+* Update commands `az spring create` and `az spring update` to include a new argument `--enable-private-storage-access` to set whether private network access to backend storage in vnet injection instance.
 
 1.20.1
 ---

src/spring/azext_spring/_params.py

@@ -94,6 +94,12 @@ def load_arguments(self, _):
         c.argument('outbound_type', arg_group='VNet Injection',
                    help='The outbound type of Azure Spring Apps VNet instance.',
                    validator=validate_vnet, default="loadBalancer")
+        c.argument('enable_private_storage_access',
+                   arg_group='VNet Injection',
+                   arg_type=get_three_state_flag(),
+                   is_preview=True,
+                   options_list=['--enable-private-storage-access', '--enable-psa'],
+                   help='If true, set private network access to backend storage in vnet injection instance.')
         c.argument('enable_log_stream_public_endpoint',
                    arg_type=get_three_state_flag(),
                    validator=validate_dataplane_public_endpoint,
@@ -266,6 +272,13 @@ def load_arguments(self, _):
                    options_list=['--enable-dataplane-public-endpoint', '--enable-dppa'],
                    help='If true, assign public endpoint for log streaming, remote debugging, app connect in vnet injection instance which could be accessed out of virtual network.')
 
+        c.argument('enable_private_storage_access',
+                   arg_group='VNet Injection',
+                   arg_type=get_three_state_flag(),
+                   is_preview=True,
+                   options_list=['--enable-private-storage-access', '--enable-psa'],
+                   help='If true, set private network access to backend storage in vnet injection instance.')
+
         c.argument('enable_planned_maintenance',
                    arg_group='Planned Maintenance',
                    action='store_true',

src/spring/azext_spring/custom.py

@@ -91,7 +91,8 @@ def _update_application_insights_asc_create(cmd,
 def spring_update(cmd, client, resource_group, name, app_insights_key=None, app_insights=None,
                   disable_app_insights=None, sku=None, tags=None, build_pool_size=None,
                   enable_log_stream_public_endpoint=None, enable_dataplane_public_endpoint=None,
-                  ingress_read_timeout=None, enable_planned_maintenance=False, planned_maintenance_day=None,
+                  enable_private_storage_access=None, ingress_read_timeout=None, 
+                  enable_planned_maintenance=False, planned_maintenance_day=None,
                   planned_maintenance_start_hour=None, no_wait=False):
     """
     TODO (jiec) app_insights_key, app_insights and disable_app_insights are marked as deprecated.
@@ -102,6 +103,7 @@ def spring_update(cmd, client, resource_group, name, app_insights_key=None, app_
     update_service_tags = False
     update_service_sku = False
     update_dataplane_public_endpoint = False
+    update_private_storage_access = False
 
     # update service sku
     if sku is not None:
@@ -114,15 +116,24 @@ def spring_update(cmd, client, resource_group, name, app_insights_key=None, app_
     updated_resource_properties.zone_redundant = None
 
     if enable_log_stream_public_endpoint is not None or enable_dataplane_public_endpoint is not None:
+        if updated_resource_properties.vnet_addons is None:
+            updated_resource_properties.vnet_addons = models.ServiceVNetAddons()
         val = enable_log_stream_public_endpoint if enable_log_stream_public_endpoint is not None else \
             enable_dataplane_public_endpoint
-        updated_resource_properties.vnet_addons = models.ServiceVNetAddons(
-            data_plane_public_endpoint=val,
-            log_stream_public_endpoint=val
-        )
+        updated_resource_properties.vnet_addons.data_plane_public_endpoint = val
+        updated_resource_properties.vnet_addons.log_stream_public_endpoint = val
         update_dataplane_public_endpoint = True
-    else:
-        updated_resource_properties.vnet_addons = None
+
+    if enable_private_storage_access is not None:
+        if updated_resource_properties.vnet_addons is None:
+            updated_resource_properties.vnet_addons = models.ServiceVNetAddons(
+                # explicitly set as none in case unexpected update
+                data_plane_public_endpoint = None,
+                log_stream_public_endpoint = None
+            )
+        val = "Enabled" if enable_private_storage_access else "Disabled"
+        updated_resource_properties.vnet_addons.private_storage_access = val
+        update_private_storage_access = True
 
     _update_application_insights_asc_update(cmd, resource_group, name, location,
                                             app_insights_key, app_insights, disable_app_insights, no_wait)
@@ -146,7 +157,7 @@ def spring_update(cmd, client, resource_group, name, app_insights_key=None, app_
         update_service_tags = True
 
     if update_service_tags is False and update_service_sku is False and update_dataplane_public_endpoint is False \
-            and update_planned_maintenance is False and ingress_read_timeout is None:
+            and update_private_storage_access is False and update_planned_maintenance is False and ingress_read_timeout is None:
         return resource
 
     updated_resource.properties = updated_resource_properties

src/spring/azext_spring/spring_instance.py

@@ -65,6 +65,7 @@ def create_service(self,
                        outbound_type=None,
                        enable_log_stream_public_endpoint=None,
                        enable_dataplane_public_endpoint=None,
+                       enable_private_storage_access=None,
                        zone_redundant=False,
                        sku=None,
                        tags=None,
@@ -78,14 +79,18 @@ def create_service(self,
         )
 
         if enable_log_stream_public_endpoint is not None or enable_dataplane_public_endpoint is not None:
+            if properties.vnet_addons is None:
+                properties.vnet_addons = models.ServiceVNetAddons()
             val = enable_log_stream_public_endpoint if enable_log_stream_public_endpoint is not None else \
                 enable_dataplane_public_endpoint
-            properties.vnet_addons = models.ServiceVNetAddons(
-                data_plane_public_endpoint=val,
-                log_stream_public_endpoint=val
-            )
-        else:
-            properties.vnet_addons = None
+            properties.vnet_addons.data_plane_public_endpoint = val
+            properties.vnet_addons.log_stream_public_endpoint = val
+
+        if enable_private_storage_access is not None:
+            if properties.vnet_addons is None:
+                properties.vnet_addons = models.ServiceVNetAddons()
+            val = "Enabled" if enable_private_storage_access else "Disabled"
+            properties.vnet_addons.private_storage_access = val
 
         if marketplace_plan_id:
             properties.marketplace_resource = models.MarketplaceResource(
@@ -194,6 +199,7 @@ def spring_create(cmd, client, resource_group, name,
                   enable_application_accelerator=False,
                   enable_log_stream_public_endpoint=None,
                   enable_dataplane_public_endpoint=None,
+                  enable_private_storage_access=None,
                   ingress_read_timeout=None,
                   marketplace_plan_id=None,
                   managed_environment=None,
@@ -237,6 +243,7 @@ def spring_create(cmd, client, resource_group, name,
         'enable_application_accelerator': enable_application_accelerator,
         'enable_log_stream_public_endpoint': enable_log_stream_public_endpoint,
         'enable_dataplane_public_endpoint': enable_dataplane_public_endpoint,
+        'enable_private_storage_access': enable_private_storage_access,
         'marketplace_plan_id': marketplace_plan_id,
         'managed_environment': managed_environment,
         'infra_resource_group': infra_resource_group,

src/spring/azext_spring/tests/latest/test_asa_create.py

@@ -369,3 +369,16 @@ def test_asa_create_enterprise_with_log_stream_config(self):
                       disable_app_insights=True)
         resource = self.created_resource
         self.assertEqual(True, resource.properties.vnet_addons.data_plane_public_endpoint)
+
+class TestSpringAppCreateWithPrivateStorageAccess(BasicTest):
+    def test_asa_create_standard_with_private_storage_access(self):
+        self._execute('rg', 'asa', sku=self._get_sku('Standard'), enable_private_storage_access=True,
+                      disable_app_insights=True)
+        resource = self.created_resource
+        self.assertEqual("Enabled", resource.properties.vnet_addons.private_storage_access)
+
+    def test_asa_create_enterprise_with_private_storage_access(self):
+        self._execute('rg', 'asa', sku=self._get_sku('Enterprise'), enable_private_storage_access=True,
+                      disable_app_insights=True)
+        resource = self.created_resource
+        self.assertEqual("Enabled", resource.properties.vnet_addons.private_storage_access)

src/spring/azext_spring/tests/latest/test_asa_update.py

@@ -62,3 +62,9 @@ def test_asa_update_with_planned_maintenance(self):
         resource = self.updated_resource
         self.assertEqual(day_of_week, resource.properties.maintenance_schedule_configuration.day)
         self.assertEqual(start_hour, resource.properties.maintenance_schedule_configuration.hour)
+
+class TestSpringAppUpdateWithPrivateStorageAccess(BasicTest):
+    def test_asa_update_with_private_storage_access(self):
+        self._execute('rg', 'asa', enable_private_storage_access=True)
+        resource = self.updated_resource
+        self.assertEqual("Enabled", resource.properties.vnet_addons.private_storage_access)