Merge pull request #897 from ShantingLiu/safeguards-pss-docs

Author: yanzhudd

Commands/aks/safeguards/_create.md

@@ -4,6 +4,37 @@ Enable Deployment Safeguards for a Managed Cluster
 
 ## Versions
 
+### [2025-05-02-preview](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-05-02-preview.xml) **Preview**
+
+<!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-05-02-preview -->
+
+#### examples
+
+- Creates a DeploymentSafeguards resource at Warn level with a managed cluster resource id
+    ```bash
+        aks safeguards create --resource /subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1 --level Warn
+    ```
+
+- Creates a DeploymentSafeguards resource at Warn level using subscription, resourcegroup, and name tags
+    ```bash
+        aks safeguards create --subscription subid1 -g rg1 -n cluster1 --level Warn
+    ```
+
+- Create a DeploymentSafeguards resource at Warn level with ignored namespaces
+    ```bash
+        aks safeguards create -g rg1 -n mc1 --excluded-ns ns1 ns2 --level Warn
+    ```
+
+- Creates a DeploymentSafeguards resource at Warn level with Pod Security Standards level set to Baseline
+    ```bash
+        aks safeguards create --managed-cluster /subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1 --level Warn --pss-level Baseline
+    ```
+
+- Creates a DeploymentSafeguards resource with PSS level set to Restricted using -g/-n pattern
+    ```bash
+        aks safeguards create -g rg1 -n cluster1 --level Enforce --pss-level Restricted
+    ```
+
 ### [2025-04-01](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-04-01.xml) **Stable**
 
 <!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-04-01 -->

Commands/aks/safeguards/_delete.md

@@ -4,6 +4,22 @@ Disable Deployment Safeguards for a Managed Cluster
 
 ## Versions
 
+### [2025-05-02-preview](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-05-02-preview.xml) **Preview**
+
+<!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-05-02-preview -->
+
+#### examples
+
+- Deletes a DeploymentSafeguard resource by managed cluster id
+    ```bash
+        aks safeguards delete -c subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1
+    ```
+
+- Deletes a DeploymentSafeguard resource with resourceGroup and clusterName arguments
+    ```bash
+        aks safeguards delete -g rg1 -n cluster1
+    ```
+
 ### [2025-04-01](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-04-01.xml) **Stable**
 
 <!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-04-01 -->

Commands/aks/safeguards/_list.md

@@ -4,6 +4,22 @@ List DeploymentSafeguards by parent resource
 
 ## Versions
 
+### [2025-05-02-preview](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRz/2025-05-02-preview.xml) **Preview**
+
+<!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards 2025-05-02-preview -->
+
+#### examples
+
+- List DeploymentSafeguards by parent resource
+    ```bash
+        aks safeguards list --managed-cluster subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1
+    ```
+
+- List DeploymentSafeguards by parent resource
+    ```bash
+        aks safeguards list -g rg1 -n cluster1
+    ```
+
 ### [2025-04-01](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRz/2025-04-01.xml) **Stable**
 
 <!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards 2025-04-01 -->

Commands/aks/safeguards/_show.md

@@ -4,6 +4,22 @@ Show Deployment Safeguards Configuration for a Managed Cluster
 
 ## Versions
 
+### [2025-05-02-preview](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-05-02-preview.xml) **Preview**
+
+<!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-05-02-preview -->
+
+#### examples
+
+- Gets a DeploymentSafeguard resource by managed cluster id
+    ```bash
+        aks safeguards show --managed-cluster subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1
+    ```
+
+- Gets a DeploymentSafeguard resource with resourceGroup and clusterName arguments
+    ```bash
+        aks safeguards show -g rg1 -n cluster1
+    ```
+
 ### [2025-04-01](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-04-01.xml) **Stable**
 
 <!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-04-01 -->

Commands/aks/safeguards/_update.md

@@ -4,6 +4,42 @@ Update Deployment Safeguards configuration for a Managed Cluster
 
 ## Versions
 
+### [2025-05-02-preview](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-05-02-preview.xml) **Preview**
+
+<!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-05-02-preview -->
+
+#### examples
+
+- Update a DeploymentSafeguards resource by cluster id to Enforce level
+    ```bash
+        aks safeguards update -c /subscriptions/subid/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/mc1 --level Enforce
+    ```
+
+- Update a DeploymentSafeguards resource to Enforce level using resourceGroup and name arguments
+    ```bash
+        aks safeguards update --level Enforce -g rg1 -n mc1
+    ```
+
+- Update a DeploymentSafeguards resource by adding 2 new namespaces to ignore
+    ```bash
+        aks safeguards update -g rg1 -n mc1 --excluded-ns ns1 ns2
+    ```
+
+- Update Pod Security Standards level to Restricted
+    ```bash
+        aks safeguards update --managed-cluster /subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1 --pss-level Restricted
+    ```
+
+- Update PSS level to Baseline using -g/-n pattern
+    ```bash
+        aks safeguards update -g rg1 -n cluster1 --pss-level Baseline
+    ```
+
+- Update both safeguards level and PSS level
+    ```bash
+        aks safeguards update -g rg1 -n cluster1 --level Enforce --pss-level Restricted
+    ```
+
 ### [2025-04-01](/Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRzL2RlZmF1bHQ=/2025-04-01.xml) **Stable**
 
 <!-- mgmt-plane /{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards/default 2025-04-01 -->

Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRz/2025-05-02-preview.json

@@ -0,0 +1 @@
+{"plane": "mgmt-plane", "resources": [{"id": "/{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards", "version": "2025-05-02-preview", "swagger": "mgmt-plane/containerservice/ResourceProviders/Microsoft.ContainerService/Paths/L3tyZXNvdXJjZVVyaX0vcHJvdmlkZXJzL01pY3Jvc29mdC5Db250YWluZXJTZXJ2aWNlL2RlcGxveW1lbnRTYWZlZ3VhcmRz/V/MjAyNS0wNS0wMi1wcmV2aWV3"}], "commandGroups": [{"name": "aks safeguards", "commands": [{"name": "list", "version": "2025-05-02-preview", "resources": [{"id": "/{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards", "version": "2025-05-02-preview", "swagger": "mgmt-plane/containerservice/ResourceProviders/Microsoft.ContainerService/Paths/L3tyZXNvdXJjZVVyaX0vcHJvdmlkZXJzL01pY3Jvc29mdC5Db250YWluZXJTZXJ2aWNlL2RlcGxveW1lbnRTYWZlZ3VhcmRz/V/MjAyNS0wNS0wMi1wcmV2aWV3"}], "argGroups": [{"name": "", "args": [{"type": "string", "var": "$Path.resourceUri", "options": ["c", "cluster", "managed-cluster"], "required": true, "group": "", "help": {"short": "The fully qualified Azure Resource manager identifier of the Managed Cluster."}}]}], "operations": [{"operationId": "DeploymentSafeguards_List", "http": {"path": "/{resourceUri}/providers/Microsoft.ContainerService/deploymentSafeguards", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "resourceUri", "arg": "$Path.resourceUri", "required": true, "skipUrlEncoding": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-05-02-preview"}, "type": "string", "name": "api-version", "required": true, "format": {"minLength": 1}}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "nextLink"}, {"type": "array<object>", "name": "value", "required": true, "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "eTag"}, {"readOnly": true, "type": "ResourceId", "name": "id", "format": {"template": "/{resourceUri}/providers/Microsoft.ContainerService/deploymentSafeguards/default"}}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"type": "array<string>", "name": "excludedNamespaces", "item": {"type": "string"}}, {"type": "string", "name": "level", "required": true, "enum": {"items": [{"value": "Enforce"}, {"value": "Warn"}]}}, {"type": "string", "name": "podSecurityStandardsLevel", "enum": {"items": [{"value": "Baseline"}, {"value": "Privileged"}, {"value": "Restricted"}]}}, {"readOnly": true, "type": "string", "name": "provisioningState", "enum": {"items": [{"value": "Canceled"}, {"value": "Creating"}, {"value": "Deleting"}, {"value": "Failed"}, {"value": "Succeeded"}, {"value": "Updating"}]}}, {"readOnly": true, "type": "array<string>", "name": "systemExcludedNamespaces", "item": {"type": "string"}}], "clientFlatten": true}, {"readOnly": true, "type": "object", "name": "systemData", "props": [{"type": "dateTime", "name": "createdAt", "format": {"protocol": "iso"}}, {"type": "string", "name": "createdBy"}, {"type": "string", "name": "createdByType", "enum": {"items": [{"value": "Application"}, {"value": "Key"}, {"value": "ManagedIdentity"}, {"value": "User"}]}}, {"type": "dateTime", "name": "lastModifiedAt", "format": {"protocol": "iso"}}, {"type": "string", "name": "lastModifiedBy"}, {"type": "string", "name": "lastModifiedByType", "enum": {"items": [{"value": "Application"}, {"value": "Key"}, {"value": "ManagedIdentity"}, {"value": "User"}]}}]}, {"readOnly": true, "type": "string", "name": "type"}]}}]}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@MgmtErrorFormat"}}}}]}}], "outputs": [{"type": "array", "ref": "$Instance.value", "clientFlatten": true, "nextLink": "$Instance.nextLink"}]}]}]}

Resources/mgmt-plane/L3tyZXNvdXJjZXVyaX0vcHJvdmlkZXJzL21pY3Jvc29mdC5jb250YWluZXJzZXJ2aWNlL2RlcGxveW1lbnRzYWZlZ3VhcmRz/2025-05-02-preview.xml

@@ -0,0 +1,113 @@
+<?xml version='1.0' encoding='utf-8'?>
+<CodeGen plane="mgmt-plane">
+  <resource id="/{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards" version="2025-05-02-preview" swagger="mgmt-plane/containerservice/ResourceProviders/Microsoft.ContainerService/Paths/L3tyZXNvdXJjZVVyaX0vcHJvdmlkZXJzL01pY3Jvc29mdC5Db250YWluZXJTZXJ2aWNlL2RlcGxveW1lbnRTYWZlZ3VhcmRz/V/MjAyNS0wNS0wMi1wcmV2aWV3"/>
+  <commandGroup name="aks safeguards">
+    <command name="list" version="2025-05-02-preview">
+      <resource id="/{resourceuri}/providers/microsoft.containerservice/deploymentsafeguards" version="2025-05-02-preview" swagger="mgmt-plane/containerservice/ResourceProviders/Microsoft.ContainerService/Paths/L3tyZXNvdXJjZVVyaX0vcHJvdmlkZXJzL01pY3Jvc29mdC5Db250YWluZXJTZXJ2aWNlL2RlcGxveW1lbnRTYWZlZ3VhcmRz/V/MjAyNS0wNS0wMi1wcmV2aWV3"/>
+      <argGroup name="">
+        <arg type="string" var="$Path.resourceUri" options="managed-cluster cluster c" required="True" group="">
+          <help short="The fully qualified Azure Resource manager identifier of the Managed Cluster."/>
+        </arg>
+      </argGroup>
+      <operation operationId="DeploymentSafeguards_List">
+        <http path="/{resourceUri}/providers/Microsoft.ContainerService/deploymentSafeguards">
+          <request method="get">
+            <path>
+              <param type="string" name="resourceUri" arg="$Path.resourceUri" required="True" skipUrlEncoding="True"/>
+            </path>
+            <query>
+              <const readOnly="True" const="True" type="string" name="api-version" required="True">
+                <default value="&quot;2025-05-02-preview&quot;"/>
+                <format minLength="1"/>
+              </const>
+            </query>
+          </request>
+          <response statusCode="200">
+            <body>
+              <json var="$Instance">
+                <schema type="object">
+                  <prop type="string" name="nextLink"/>
+                  <prop type="array<object>" name="value" required="True">
+                    <item type="object">
+                      <prop readOnly="True" type="string" name="eTag"/>
+                      <prop readOnly="True" type="ResourceId" name="id">
+                        <format template="/{resourceUri}/providers/Microsoft.ContainerService/deploymentSafeguards/default"/>
+                      </prop>
+                      <prop readOnly="True" type="string" name="name"/>
+                      <prop type="object" name="properties" clientFlatten="True">
+                        <prop type="array<string>" name="excludedNamespaces">
+                          <item type="string"/>
+                        </prop>
+                        <prop type="string" name="level" required="True">
+                          <enum>
+                            <item value="&quot;Enforce&quot;"/>
+                            <item value="&quot;Warn&quot;"/>
+                          </enum>
+                        </prop>
+                        <prop type="string" name="podSecurityStandardsLevel">
+                          <enum>
+                            <item value="&quot;Baseline&quot;"/>
+                            <item value="&quot;Privileged&quot;"/>
+                            <item value="&quot;Restricted&quot;"/>
+                          </enum>
+                        </prop>
+                        <prop readOnly="True" type="string" name="provisioningState">
+                          <enum>
+                            <item value="&quot;Canceled&quot;"/>
+                            <item value="&quot;Creating&quot;"/>
+                            <item value="&quot;Deleting&quot;"/>
+                            <item value="&quot;Failed&quot;"/>
+                            <item value="&quot;Succeeded&quot;"/>
+                            <item value="&quot;Updating&quot;"/>
+                          </enum>
+                        </prop>
+                        <prop readOnly="True" type="array<string>" name="systemExcludedNamespaces">
+                          <item type="string"/>
+                        </prop>
+                      </prop>
+                      <prop readOnly="True" type="object" name="systemData">
+                        <prop type="dateTime" name="createdAt">
+                          <format protocol="iso"/>
+                        </prop>
+                        <prop type="string" name="createdBy"/>
+                        <prop type="string" name="createdByType">
+                          <enum>
+                            <item value="&quot;Application&quot;"/>
+                            <item value="&quot;Key&quot;"/>
+                            <item value="&quot;ManagedIdentity&quot;"/>
+                            <item value="&quot;User&quot;"/>
+                          </enum>
+                        </prop>
+                        <prop type="dateTime" name="lastModifiedAt">
+                          <format protocol="iso"/>
+                        </prop>
+                        <prop type="string" name="lastModifiedBy"/>
+                        <prop type="string" name="lastModifiedByType">
+                          <enum>
+                            <item value="&quot;Application&quot;"/>
+                            <item value="&quot;Key&quot;"/>
+                            <item value="&quot;ManagedIdentity&quot;"/>
+                            <item value="&quot;User&quot;"/>
+                          </enum>
+                        </prop>
+                      </prop>
+                      <prop readOnly="True" type="string" name="type"/>
+                    </item>
+                  </prop>
+                </schema>
+              </json>
+            </body>
+          </response>
+          <response isError="True">
+            <body>
+              <json>
+                <schema type="@MgmtErrorFormat"/>
+              </json>
+            </body>
+          </response>
+        </http>
+      </operation>
+      <output type="array" ref="$Instance.value" clientFlatten="True" nextLink="$Instance.nextLink"/>
+    </command>
+  </commandGroup>
+</CodeGen>