update to support disconnected environment (#7588)

Author: TheOnlyWei

src/connectedk8s/HISTORY.rst

@@ -3,6 +3,10 @@
 Release History
 ===============
 
+1.10.2
+++++++
+* Update for disconnected environment scenario.
+
 1.10.1
 ++++++
 * Fixed an issue where the proxy settings were not disabled when the 'disable_proxy' parameter was provided in the update command.

src/connectedk8s/azext_connectedk8s/_utils.py

@@ -1213,6 +1213,8 @@ def helm_install_release(
     helm_client_location,
     enable_private_link,
     arm_metadata,
+    registry_path,
+    aad_identity_principal_id,
     onboarding_timeout=consts.DEFAULT_MAX_ONBOARDING_TIMEOUT_HELMVALUE_SECONDS,
     helm_content_values=None,
 ):
@@ -1258,8 +1260,16 @@ def helm_install_release(
             )
             relay_endpoint = arm_metadata["suffixes"]["relayEndpointSuffix"]
             active_directory = arm_metadata["authentication"]["loginEndpoint"]
+            if not aad_identity_principal_id:
+                raise CLIInternalError("Failed to create the kubeAadEndpoint endpoint. The identity principal ID of "
+                                       "the created connected cluster is empty.")
+            kube_aad_endpoint = f"{aad_identity_principal_id}.k8sproxysvc.connectrp.azs"
             cmd_helm_install.extend(
                 [
+                    "--set",
+                    "global.kubeAadEndpoint={}".format(
+                        kube_aad_endpoint
+                    ),
                     "--set",
                     "systemDefaultValues.azureResourceManagerEndpoint={}".format(
                         resource_manager
@@ -1284,6 +1294,10 @@ def helm_install_release(
                     "systemDefaultValues.activeDirectoryEndpoint={}".format(
                         active_directory
                     ),
+                    "--set",
+                    "systemDefaultValues.image.repository={}".format(
+                        registry_path.split("/")[0]
+                    ),
                 ]
             )
         else:

src/connectedk8s/azext_connectedk8s/custom.py

@@ -301,6 +301,10 @@ def create_connectedk8s(
     ):
         lowbandwidth = True
 
+    azure_local_disconnected = False
+    if os.getenv("AZURE_LOCAL_DISCONNECTED") == "true":
+        azure_local_disconnected = True
+
     # Install kubectl and helm
     try:
         kubectl_client_location = install_kubectl_client()
@@ -316,8 +320,8 @@ def create_connectedk8s(
     # Pre onboarding checks
     diagnostic_checks = "Failed"
     try:
-        # if aks_hci lowbandwidth scenario skip, otherwise continue to perform pre-onboarding check
-        if not lowbandwidth:
+        # if aks_hci lowbandwidth scenario or Azure local disconnected, skip, otherwise continue pre-onboarding check.
+        if not azure_local_disconnected and not lowbandwidth:
             print(
                 "Step: {}: Starting Pre-onboarding-check".format(
                     utils.get_utctimestring()
@@ -406,7 +410,7 @@ def create_connectedk8s(
         raise ManualInterrupt("Process terminated externally.")
 
     # If the checks didnt pass then stop the onboarding
-    if diagnostic_checks != consts.Diagnostic_Check_Passed and lowbandwidth is False:
+    if diagnostic_checks != consts.Diagnostic_Check_Passed and not azure_local_disconnected and not lowbandwidth:
         if storage_space_available:
             logger.warning(
                 "The pre-check result logs logs have been saved at this path: "
@@ -439,7 +443,7 @@ def create_connectedk8s(
         )
         raise ValidationError(err_msg)
 
-    if lowbandwidth is False:
+    if not azure_local_disconnected and not lowbandwidth:
         print(
             "Step: {}: The required pre-checks for onboarding have succeeded.".format(
                 utils.get_utctimestring()
@@ -985,6 +989,8 @@ def create_connectedk8s(
         helm_client_location,
         enable_private_link,
         arm_metadata,
+        registry_path,
+        put_cc_response.identity.principal_id,
         onboarding_timeout,
         helm_content_values,
     )
@@ -3203,7 +3209,7 @@ def disable_features(
             )
             if not disable_cl and cl_enabled is True and cl_oid != "":
                 raise Exception(
-                    "Disabling 'cluster-connect' feature is not allowed when 'custom-locations' feature is enabled"
+                    "Disabling 'cluster-connect' feature is not allowed when 'custom-locations' feature is enabled."
                 )
         except AttributeError:
             pass
@@ -3723,6 +3729,13 @@ def client_side_proxy_wrapper(
     # initializations
     user_type = "sat"
     creds = ""
+    dict_file = {
+        "server": {
+            "httpPort": int(client_proxy_port),
+            "httpsPort": int(api_server_port)
+        },
+        "identity": {"tenantID": tenant_id}
+    }
 
     # if service account token is not passed
     if token is None:
@@ -3732,35 +3745,9 @@ def client_side_proxy_wrapper(
         user_type = account["user"]["type"]
 
         if user_type == "user":
-            dict_file = {
-                "server": {
-                    "httpPort": int(client_proxy_port),
-                    "httpsPort": int(api_server_port),
-                },
-                "identity": {
-                    "tenantID": tenant_id,
-                    "clientID": consts.CLIENTPROXY_CLIENT_ID,
-                },
-            }
+            dict_file["identity"]["clientID"] = consts.CLIENTPROXY_CLIENT_ID
         else:
-            dict_file = {
-                "server": {
-                    "httpPort": int(client_proxy_port),
-                    "httpsPort": int(api_server_port),
-                },
-                "identity": {
-                    "tenantID": tenant_id,
-                    "clientID": account["user"]["name"],
-                },
-            }
-
-        if cloud == "DOGFOOD":
-            dict_file["cloud"] = "AzureDogFood"
-
-        if cloud == consts.Azure_ChinaCloudName:
-            dict_file["cloud"] = "AzureChinaCloud"
-        elif cloud == consts.Azure_USGovCloudName:
-            dict_file["cloud"] = "AzureUSGovernmentCloud"
+            dict_file["identity"]["clientID"] = account["user"]["name"]
 
         if not utils.is_cli_using_msal_auth():
             # Fetching creds
@@ -3802,17 +3789,27 @@ def client_side_proxy_wrapper(
 
             if user_type != "user":
                 dict_file["identity"]["clientSecret"] = creds
+
+    if cloud == "DOGFOOD":
+        dict_file["cloud"] = "AzureDogFood"
+    elif cloud == consts.Azure_ChinaCloudName:
+        dict_file["cloud"] = "AzureChinaCloud"
+    elif cloud == consts.Azure_USGovCloudName:
+        dict_file["cloud"] = "AzureUSGovernmentCloud"
     else:
-        dict_file = {
-            "server": {
-                "httpPort": int(client_proxy_port),
-                "httpsPort": int(api_server_port),
-            }
-        }
-        if cloud == consts.Azure_ChinaCloudName:
-            dict_file["cloud"] = "AzureChinaCloud"
-        elif cloud == consts.Azure_USGovCloudName:
-            dict_file["cloud"] = "AzureUSGovernmentCloud"
+        dict_file["cloud"] = cloud
+
+    # Azure local configurations.
+    arm_metadata = utils.get_metadata(cmd.cli_ctx.cloud.endpoints.resource_manager)
+    if "dataplaneEndpoints" in arm_metadata:
+        dict_file["cloudConfig"] = {}
+        dict_file["cloudConfig"]["resourceManagerEndpoint"] = arm_metadata["resourceManager"]
+        relay_endpoint_suffix = arm_metadata["suffixes"]["relayEndpointSuffix"]
+        if relay_endpoint_suffix[0] == ".":
+            dict_file["cloudConfig"]["serviceBusEndpointSuffix"] = (relay_endpoint_suffix)[1:]
+        else:
+            dict_file["cloudConfig"]["serviceBusEndpointSuffix"] = relay_endpoint_suffix
+        dict_file["cloudConfig"]["activeDirectoryEndpoint"] = arm_metadata["authentication"]["loginEndpoint"]
 
     telemetry.set_debug_info("User type is ", user_type)
 
@@ -4658,6 +4655,9 @@ def install_kubectl_client():
         )
     )
     # Return kubectl client path set by user
+    if os.getenv("KUBECTL_CLIENT_PATH"):
+        return os.getenv("KUBECTL_CLIENT_PATH")
+
     try:
         # Fetching the current directory where the cli installs the kubectl executable
         home_dir = os.path.expanduser("~")

src/connectedk8s/azext_connectedk8s/tests/latest/README.md

@@ -1,11 +1,10 @@
-# Connectedk8s Testing
-Tests need to be configured before running.
-
-1. Make a copy of `config.json.dist` and rename it to `config.json` (the config.json is git ignored).
-1. Fill in the details of the newly created `config.json` file:
-    - Note that the code doesn't verify that you have a valid RBAC service principal application, so a fake one can be used for testing.
-    - `customLocationsOid`: The custom locations RP service principal object ID for enabling the custom locations feature.
-    - `rbacAppId`: The RBAC service principal app ID for testing RBAC feature.
-    - `rbacAppSecret`: The RBAC service principal secret for testing RBAC feature.
-1. Please make sure to test using a service principal with minimal privileges to replicate customer scenarios.
+# Connectedk8s Testing
+
+Tests need to be configured before running.
+
+1. Make a copy of `config.json.dist` and rename it to `config.json` (the config.json is git ignored).
+1. Fill in the details of the newly created `config.json` file:
+    - Note that the code doesn't verify that you have a valid RBAC service principal application, so a fake one can be used for testing.
+    - `customLocationsOid`: The custom locations RP service principal object ID for enabling the custom locations feature.
+1. Please make sure to test using a service principal with minimal privileges to replicate customer scenarios.
     - Make sure you test with a service principal without Graph API permissions, as some customers don't expect to need it.

src/connectedk8s/azext_connectedk8s/tests/latest/config.json.dist

@@ -1,6 +1,4 @@
 {
     "customLocationsOid": "",
-    "rbacAppId": "",
-    "rbacAppSecret": "",
     "location": "eastus2euap"
 }

src/connectedk8s/setup.py

@@ -13,7 +13,7 @@
 # TODO: Confirm this is the right version number you want and it matches your
 # HISTORY.rst entry.
 
-VERSION = "1.10.1"
+VERSION = "1.10.2"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers