[AKS] az aks create/update: Add LicenseType support for Windows (#15257)

2020-09-27 09:34:12 +08:00 · 2020-09-27 09:34:12 +08:00 · fb36b75011
--- a/src/azure-cli/azure/cli/command_modules/acs/_help.py
+++ b/src/azure-cli/azure/cli/command_modules/acs/_help.py
@ -222,6 +222,9 @@ parameters:
  - name: --windows-admin-password
    type: string
    short-summary: Password to create on Windows node VMs.
+  - name: --enable-ahub
+    type: bool
+    short-summary: Enable Azure Hybrid User Benefits (AHUB) for Windows VMs.
  - name: --enable-aad
    type: bool
    short-summary: Enable managed AAD feature for cluster.
@ -395,6 +398,8 @@ examples:
    text: az aks create -g MyResourceGroup -n MyManagedCluster --outbound-type userDefinedRouting --load-balancer-sku standard --vnet-subnet-id customUserSubnetVnetID
  - name: Create a kubernetes cluster with supporting Windows agent pools.
    text: az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$'
+  - name: Create a kubernetes cluster with supporting Windows agent pools with AHUB enabled.
+    text: az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$' --enable-ahub
  - name: Create a kubernetes cluster with managed AAD enabled.
    text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>
  - name: Create a kubernetes cluster with server side encryption using your owned key.
@ -461,6 +466,12 @@ parameters:
  - name: --aad-tenant-id
    type: string
    short-summary: The ID of an Azure Active Directory tenant.
+  - name: --enable-ahub
+    type: bool
+    short-summary: Enable Azure Hybrid User Benefits (AHUB) feature for cluster.
+  - name: --disable-ahub
+    type: bool
+    short-summary: Disable Azure Hybrid User Benefits (AHUB) feature for cluster.
 examples:
  - name: Update a kubernetes cluster with standard SKU load balancer to use two AKS created IPs for the load balancer outbound connection usage.
    text: az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2
@ -482,6 +493,10 @@ examples:
    text: az aks update -g MyResourceGroup -n MyManagedCluster --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>
  - name: Migrate a AKS AAD-Integrated cluster or a non-AAD cluster to a AKS-managed AAD cluster.
    text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-aad --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>
+  - name: Enable Azure Hybrid User Benefits featture for a kubernetes cluster.
+    text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-ahub
+  - name: Disable Azure Hybrid User Benefits featture for a kubernetes cluster.
+    text: az aks update -g MyResourceGroup -n MyManagedCluster --disable-ahub
 """

 helps['aks delete'] = """
--- a/src/azure-cli/azure/cli/command_modules/acs/_params.py
+++ b/src/azure-cli/azure/cli/command_modules/acs/_params.py
@ -207,6 +207,7 @@ def load_arguments(self, _):
        c.argument('enable_node_public_ip', action='store_true', is_preview=True)
        c.argument('windows_admin_username', options_list=['--windows-admin-username'])
        c.argument('windows_admin_password', options_list=['--windows-admin-password'])
+        c.argument('enable_ahub', options_list=['--enable-ahub'])
        c.argument('node_osdisk_diskencryptionset_id', type=str, options_list=['--node-osdisk-diskencryptionset-id', '-d'])
        c.argument('aci_subnet_name')

@ -228,6 +229,8 @@ def load_arguments(self, _):
        c.argument('load_balancer_outbound_ports', type=int, validator=validate_load_balancer_outbound_ports)
        c.argument('load_balancer_idle_timeout', type=int, validator=validate_load_balancer_idle_timeout)
        c.argument('api_server_authorized_ip_ranges', type=str, validator=validate_ip_ranges)
+        c.argument('enable_ahub', options_list=['--enable-ahub'])
+        c.argument('disable_ahub', options_list=['--disable-ahub'])

    with self.argument_context('aks disable-addons') as c:
        c.argument('addons', options_list=['--addons', '-a'])
--- a/src/azure-cli/azure/cli/command_modules/acs/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/acs/custom.py
@ -1587,6 +1587,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value,  # pylint:
               admin_username="azureuser",
               windows_admin_username=None,
               windows_admin_password=None,
+               enable_ahub=False,
               kubernetes_version='',
               node_vm_size="Standard_DS2_v2",
               node_osdisk_size=0,
@ -1701,9 +1702,14 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value,  # pylint:
                raise CLIError(
                    'Please specify both username and password in non-interactive mode.')

+        windows_license_type = None
+        if enable_ahub:
+            windows_license_type = 'Windows_Server'
+
        windows_profile = ManagedClusterWindowsProfile(
            admin_username=windows_admin_username,
-            admin_password=windows_admin_password)
+            admin_password=windows_admin_password,
+            license_type=windows_license_type)

    # Skip create service principal profile for the cluster if the cluster
    # enables managed identity and customer doesn't explicitly provide a service principal.
@ -2095,6 +2101,8 @@ def aks_update(cmd, client, resource_group_name, name,
               enable_aad=False,
               aad_tenant_id=None,
               aad_admin_group_object_ids=None,
+               enable_ahub=False,
+               disable_ahub=False,
               no_wait=False):
    update_autoscaler = enable_cluster_autoscaler + disable_cluster_autoscaler + update_cluster_autoscaler
    update_lb_profile = is_load_balancer_profile_provided(load_balancer_managed_outbound_ip_count,
@ -2111,7 +2119,9 @@ def aks_update(cmd, client, resource_group_name, name,
            not uptime_sla and
            api_server_authorized_ip_ranges is None and
            not enable_aad and
-            not update_aad_profile):
+            not update_aad_profile and
+            not enable_ahub and
+            not disable_ahub):
        raise CLIError('Please specify one or more of "--enable-cluster-autoscaler" or '
                       '"--disable-cluster-autoscaler" or '
                       '"--update-cluster-autoscaler" or '
@ -2126,7 +2136,9 @@ def aks_update(cmd, client, resource_group_name, name,
                       '"--api-server-authorized-ip-ranges" or '
                       '"--enable-aad" or '
                       '"--aad-tenant-id" or '
-                       '"--aad-admin-group-object-ids"')
+                       '"--aad-admin-group-object-ids" or '
+                       '"--enable-ahub" or '
+                       '"--disable-ahub"')

    instance = client.get(resource_group_name, name)
    # For multi-agent pool, use the az aks nodepool command
@ -2236,6 +2248,14 @@ def aks_update(cmd, client, resource_group_name, name,
        if aad_admin_group_object_ids is not None:
            instance.aad_profile.admin_group_object_ids = _parse_comma_separated_list(aad_admin_group_object_ids)

+    if enable_ahub and disable_ahub:
+        raise CLIError('Cannot specify "--enable-ahub" and "--disable-ahub" at the same time')
+
+    if enable_ahub:
+        instance.windows_profile.license_type = 'Windows_Server'
+    if disable_ahub:
+        instance.windows_profile.license_type = 'None'
+
    return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, name, instance)


--- a/src/azure-cli/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_create_with_ahub.yaml
+++ b/src/azure-cli/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_create_with_ahub.yaml
--- a/src/azure-cli/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_create_with_windows.yaml
+++ b/src/azure-cli/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_create_with_windows.yaml
--- a/src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py
+++ b/src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py
@ -1635,6 +1635,66 @@ class AzureKubernetesServiceScenarioTest(ScenarioTest):
            self.check('provisioningState', 'Succeeded')
            ])

+        # update Windows license type
+        self.cmd('aks update --resource-group={resource_group} --name={name} --enable-ahub', checks=[
+            self.check('provisioningState', 'Succeeded'),
+            self.check('windowsProfile.licenseType', 'Windows_Server')
+        ])
+
+        # #nodepool delete
+        self.cmd('aks nodepool delete --resource-group={resource_group} --cluster-name={name} --name={nodepool2_name} --no-wait', checks=[self.is_empty()])
+
+        # delete
+        self.cmd(
+            'aks delete -g {resource_group} -n {name} --yes --no-wait', checks=[self.is_empty()])
+
+    @AllowLargeResponse()
+    @ResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2')
+    @RoleBasedServicePrincipalPreparer()
+    def test_aks_create_with_ahub(self, resource_group, resource_group_location, sp_name, sp_password):
+        # reset the count so in replay mode the random names will start with 0
+        self.test_resources_count = 0
+        # kwargs for string formatting
+        aks_name = self.create_random_name('cliakstest', 16)
+        self.kwargs.update({
+            'resource_group': resource_group,
+            'name': aks_name,
+            'dns_name_prefix': self.create_random_name('cliaksdns', 16),
+            'ssh_key_value': self.generate_ssh_keys().replace('\\', '\\\\'),
+            'location': resource_group_location,
+            'service_principal': sp_name,
+            'client_secret': sp_password,
+            'resource_type': 'Microsoft.ContainerService/ManagedClusters',
+            'windows_admin_username': 'azureuser1',
+            'windows_admin_password': 'replacePassword1234$',
+            'nodepool2_name': 'npwin',
+        })
+
+        # create
+        create_cmd = 'aks create --resource-group={resource_group} --name={name} --location={location} ' \
+                     '--dns-name-prefix={dns_name_prefix} --node-count=1 --ssh-key-value={ssh_key_value} ' \
+                     '--service-principal={service_principal} --client-secret={client_secret} ' \
+                     '--windows-admin-username={windows_admin_username} --windows-admin-password={windows_admin_password} ' \
+                     '--load-balancer-sku=standard --vm-set-type=virtualmachinescalesets --network-plugin=azure --enable-ahub'
+        self.cmd(create_cmd, checks=[
+            self.exists('fqdn'),
+            self.exists('nodeResourceGroup'),
+            self.check('provisioningState', 'Succeeded'),
+            self.check('windowsProfile.adminUsername', 'azureuser1'),
+            self.check('windowsProfile.licenseType', 'Windows_Server')
+        ])
+
+        # nodepool add
+        self.cmd('aks nodepool add --resource-group={resource_group} --cluster-name={name} --name={nodepool2_name} --os-type Windows --node-count=1',checks=[
+            self.check('provisioningState', 'Succeeded')
+            ])
+
+        # update Windows license type
+        self.cmd('aks update --resource-group={resource_group} --name={name} --disable-ahub', checks=[
+            self.check('provisioningState', 'Succeeded'),
+            self.check('windowsProfile.licenseType', 'None')
+        ])
+
        # #nodepool delete
        self.cmd('aks nodepool delete --resource-group={resource_group} --cluster-name={name} --name={nodepool2_name} --no-wait', checks=[self.is_empty()])