remove --disable-pod-security-policy as it's deprecated

Author: bingosummer

linter_exclusions.yml

@@ -132,9 +132,6 @@ aks update:
     cluster_autoscaler_profile:
       rule_exclusions:
       - option_length_too_long
-    disable_pod_security_policy:
-      rule_exclusions:
-      - option_length_too_long
     load_balancer_idle_timeout:
       rule_exclusions:
       - option_length_too_long

src/aks-preview/HISTORY.rst

@@ -14,7 +14,7 @@ Pending
 
 18.0.0b1
 +++++++
-* [BREAKING CHANGE] Remove "--enable-pod-security-policy" as it's deprecated.
+* [BREAKING CHANGE] Remove "--enable-pod-security-policy" and "--disable-pod-security-policy" as it's deprecated.
 
 17.0.0b1
 +++++++

src/aks-preview/azext_aks_preview/_help.py

@@ -860,10 +860,6 @@
           type: string
           short-summary: How outbound traffic will be configured for a cluster.
           long-summary: This option will change the way how the outbound connections are managed in the AKS cluster. Available options are loadbalancer, managedNATGateway, userAssignedNATGateway, userDefinedRouting, none and block. For custom vnet, loadbalancer, userAssignedNATGateway and userDefinedRouting are supported. For aks managed vnet, loadbalancer, managedNATGateway and userDefinedRouting are supported.
-        - name: --disable-pod-security-policy
-          type: bool
-          short-summary: Disable pod security policy
-          long-summary: PodSecurityPolicy is deprecated. See https://aka.ms/aks/psp for details.
         - name: --nrg-lockdown-restriction-level
           type: string
           short-summary: Restriction level on the managed node resource.
@@ -1268,8 +1264,6 @@
         text: az aks update --disable-cluster-autoscaler -g MyResourceGroup -n MyManagedCluster
       - name: Update min-count or max-count for cluster autoscaler.
         text: az aks update --update-cluster-autoscaler --min-count 1 --max-count 10 -g MyResourceGroup -n MyManagedCluster
-      - name: Disable pod security policy.
-        text: az aks update --disable-pod-security-policy -g MyResourceGroup -n MyManagedCluster
       - name: Update a kubernetes cluster with standard SKU load balancer to use two AKS created IPs for the load balancer outbound connection usage.
         text: az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2
       - name: Update a kubernetes cluster with standard SKU load balancer to use the provided public IPs for the load balancer outbound connection usage.

src/aks-preview/azext_aks_preview/_params.py

@@ -1189,7 +1189,6 @@ def load_arguments(self, _):
         )
         c.argument("load_balancer_managed_outbound_ipv6_count", type=int)
         c.argument("outbound_type", arg_type=get_enum_type(outbound_types))
-        c.argument("disable_pod_security_policy", action="store_true", is_preview=True)
         c.argument("enable_pod_identity", action="store_true")
         c.argument("enable_pod_identity_with_kubenet", action="store_true")
         c.argument("disable_pod_identity", action="store_true")

src/aks-preview/azext_aks_preview/custom.py

@@ -685,7 +685,6 @@ def aks_update(
     network_dataplane=None,
     ip_families=None,
     pod_cidr=None,
-    disable_pod_security_policy=False,
     enable_pod_identity=False,
     enable_pod_identity_with_kubenet=False,
     disable_pod_identity=False,

src/aks-preview/azext_aks_preview/managed_cluster_decorator.py

@@ -983,24 +983,6 @@ def get_force_upgrade(self) -> Union[bool, None]:
             return not disable_force_upgrade
         return None
 
-    def _get_disable_pod_security_policy(self) -> bool:
-        """Internal function to obtain the value of disable_pod_security_policy.
-
-        :return: bool
-        """
-        # read the original value passed by the command
-        disable_pod_security_policy = self.raw_param.get("disable_pod_security_policy")
-        # We do not support this option in create mode, therefore we do not read the value from `mc`.
-
-        return disable_pod_security_policy
-
-    def get_disable_pod_security_policy(self) -> bool:
-        """Obtain the value of disable_pod_security_policy.
-
-        :return: bool
-        """
-        return self._get_disable_pod_security_policy()
-
     # pylint: disable=unused-argument
     def _get_enable_managed_identity(
         self, enable_validation: bool = False, read_only: bool = False
@@ -4486,17 +4468,6 @@ def update_kube_proxy_config(self, mc: ManagedCluster) -> ManagedCluster:
 
         return mc
 
-    def update_pod_security_policy(self, mc: ManagedCluster) -> ManagedCluster:
-        """Update pod security policy for the ManagedCluster object.
-
-        :return: the ManagedCluster object
-        """
-        self._ensure_mc(mc)
-
-        if self.context.get_disable_pod_security_policy():
-            mc.enable_pod_security_policy = False
-        return mc
-
     def update_pod_identity_profile(self, mc: ManagedCluster) -> ManagedCluster:
         """Update pod identity profile for the ManagedCluster object.
 
@@ -5279,8 +5250,6 @@ def update_mc_profile_preview(self) -> ManagedCluster:
         # DO NOT MOVE: keep this on top, fetch and update the default ManagedCluster profile
         mc = self.update_mc_profile_default()
 
-        # update pod security policy
-        mc = self.update_pod_security_policy(mc)
         # update pod identity profile
         mc = self.update_pod_identity_profile(mc)
         # update workload identity profile

src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py

@@ -700,22 +700,6 @@ def test_get_load_balancer_backend_pool_type(self):
         )
         self.assertEqual(ctx.get_load_balancer_backend_pool_type(), "nodeIP")
 
-    def test_get_disable_pod_security_policy(self):
-        # default
-        ctx_1 = AKSPreviewManagedClusterContext(
-            self.cmd,
-            AKSManagedClusterParamDict({"disable_pod_security_policy": False}),
-            self.models,
-            decorator_mode=DecoratorMode.UPDATE,
-        )
-        self.assertEqual(ctx_1.get_disable_pod_security_policy(), False)
-        mc = self.models.ManagedCluster(
-            location="test_location",
-            enable_pod_security_policy=False,
-        )
-        ctx_1.attach_mc(mc)
-        self.assertEqual(ctx_1.get_disable_pod_security_policy(), False)
-
     def test_get_network_plugin(self):
         # default
         ctx_1 = AKSPreviewManagedClusterContext(
@@ -6498,54 +6482,6 @@ def test_update_http_proxy_config(self):
         )
         self.assertEqual(dec_mc_1, ground_truth_mc_1)
 
-    def test_update_pod_security_policy(self):
-        # default value in `aks_update`
-        dec_1 = AKSPreviewManagedClusterUpdateDecorator(
-            self.cmd,
-            self.client,
-            {
-                "disable_pod_security_policy": False,
-            },
-            CUSTOM_MGMT_AKS_PREVIEW,
-        )
-        mc_1 = self.models.ManagedCluster(
-            location="test_location",
-            enable_pod_security_policy=True,
-        )
-        dec_1.context.attach_mc(mc_1)
-        # fail on passing the wrong mc object
-        with self.assertRaises(CLIInternalError):
-            dec_1.update_pod_security_policy(None)
-
-        dec_mc_1 = dec_1.update_pod_security_policy(mc_1)
-        ground_truth_mc_1 = self.models.ManagedCluster(
-            location="test_location",
-            enable_pod_security_policy=True,
-        )
-        self.assertEqual(dec_mc_1, ground_truth_mc_1)
-
-        # custom value
-        dec_3 = AKSPreviewManagedClusterUpdateDecorator(
-            self.cmd,
-            self.client,
-            {
-                "disable_pod_security_policy": True,
-            },
-            CUSTOM_MGMT_AKS_PREVIEW,
-        )
-
-        mc_3 = self.models.ManagedCluster(
-            location="test_location",
-            enable_pod_security_policy=True,
-        )
-        dec_3.context.attach_mc(mc_3)
-        dec_mc_3 = dec_3.update_pod_security_policy(mc_3)
-        ground_truth_mc_3 = self.models.ManagedCluster(
-            location="test_location",
-            enable_pod_security_policy=False,
-        )
-        self.assertEqual(dec_mc_3, ground_truth_mc_3)
-
     def test_update_pod_identity_profile(self):
         # default value in `aks_update`
         dec_1 = AKSPreviewManagedClusterUpdateDecorator(