RBAC deprecation & fix the issue

vithumma · vithumma · commit 5692eff758c7 · 2025-09-10T10:55:33.000-07:00
diff --git a/src/connectedk8s/HISTORY.rst b/src/connectedk8s/HISTORY.rst
@@ -2,6 +2,11 @@
 
 Release History
 ===============
+1.10.8
++++++
+* Removed deprecated '--app-id' and '--app-secret' RBAC parameters from the extension.
+* Bug fix for https://github.com/Azure/azure-cli-extensions/issues/8498: resolved error when using the extension with Azure CLI v2.59+.
+* Update warning to use the latest kubelogin version which has support for generating PoP token.
 
 1.10.7
 ++++++
@@ -68,7 +73,7 @@ Release History
 ++++++
 * New api version 2024-07-1-preview added
 * Adding functionality for workload identity feature.
-* Cluster create and update waits for agent state 
+* Cluster create and update waits for agent state
 
 1.7.3
 ++++++
diff --git a/src/connectedk8s/azext_connectedk8s/_params.py b/src/connectedk8s/azext_connectedk8s/_params.py
@@ -440,20 +440,6 @@ def load_arguments(self: Connectedk8sCommandsLoader, _: CLICommand) -> None:
             options_list=["--features"],
             help="Space-separated list of features you want to enable.",
         )
-        c.argument(
-            "azrbac_client_id",
-            options_list=["--app-id"],
-            arg_group="Azure RBAC",
-            help="Application ID for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
-        c.argument(
-            "azrbac_client_secret",
-            options_list=["--app-secret"],
-            arg_group="Azure RBAC",
-            help="Application secret for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
         c.argument(
             "azrbac_skip_authz_check",
             options_list=["--skip-azure-rbac-list"],
diff --git a/src/connectedk8s/azext_connectedk8s/custom.py b/src/connectedk8s/azext_connectedk8s/custom.py
@@ -2865,6 +2865,10 @@ def enable_features(
         utils.check_features_to_update(features)
     )
 
+    # Initialize these variables to ensure they are always defined, preventing UnboundLocalError if only a subset of features is enabled.
+    final_enable_cl = False
+    custom_locations_oid = None
+
     # Check if cluster is private link enabled
     connected_cluster = client.get(resource_group_name, cluster_name)
 
@@ -3024,8 +3028,9 @@ def enable_features(
         #  apps for authN/authZ.
         cmd_helm_upgrade.extend(["--set", "systemDefaultValues.guard.authnMode=arc"])
         logger.warning(
-            "Please use the kubelogin version v0.0.32 or higher which has support for generating PoP token(s). "
-            "This is needed by guard running in 'arc' authN mode."
+            "[Azure RBAC] For secure authentication, ensure you have the latest kubelogin installed which supports PoP tokens. "
+            "This is required for Azure RBAC. Download or upgrade at: https://github.com/Azure/kubelogin/releases. "
+            "If you encounter authentication errors, please verify your kubelogin version and refer to the documentation for troubleshooting."
         )
         cmd_helm_upgrade.extend(
             [
