Updating the Client side proxy version

src/connectedk8s/HISTORY.rst

@@ -2,6 +2,15 @@
 
 Release History
 ===============
+1.10.12
++++++
+* Removed deprecated '--app-id' and '--app-secret' RBAC parameters from the extension.
+
+1.10.11
++++++++
+* Removed hardcoded public ARM endpoint URL for Government clouds.
+* Fixed incorrect MCR endpoint URLs for Government cloud environments.
+
 1.10.10
 +++++
 * Deprecated '--app-id' and '--app-secret' RBAC parameters from the extension by adding them to _breaking_change.py.

src/connectedk8s/azext_connectedk8s/_client_factory.py

@@ -83,15 +83,13 @@ def cf_connectedk8s_prev_2025_08_01(
             KubernetesClient,
             subscription_id=os.getenv("AZURE_SUBSCRIPTION_ID"),
             credential=credential,
-            base_url="https://management.azure.com",
             per_call_policies=[headers_policy],
         )
         return client
 
     client = get_mgmt_service_client(
         cli_ctx,
         KubernetesClient,
-        base_url="https://management.azure.com",
         per_call_policies=[headers_policy],
     )
     return client

src/connectedk8s/azext_connectedk8s/_constants.py

@@ -418,7 +418,7 @@
 
 # Connect Precheck Diagnoser constants
 Cluster_Diagnostic_Checks_Job_Registry_Path = (
-    "azurearck8s/helmchart/stable/clusterdiagnosticchecks:1.29.3"
+    "azurearck8s/helmchart/stable/clusterdiagnosticchecks:1.31.2"
 )
 Cluster_Diagnostic_Checks_Helm_Install_Failed_Fault_Type = (
     "Error while installing cluster diagnostic checks helm release"
@@ -476,7 +476,7 @@
 )
 DNS_Check_Result_String = "DNS Result:"
 AZ_CLI_ADAL_TO_MSAL_MIGRATE_VERSION = "2.30.0"
-CLIENT_PROXY_VERSION = "1.3.029301"
+CLIENT_PROXY_VERSION = "1.3.032281"
 CLIENT_PROXY_FOLDER = ".clientproxy"
 API_SERVER_PORT = 47011
 CLIENT_PROXY_PORT = 47010

src/connectedk8s/azext_connectedk8s/_params.py

@@ -440,20 +440,6 @@ def load_arguments(self: Connectedk8sCommandsLoader, _: CLICommand) -> None:
             options_list=["--features"],
             help="Space-separated list of features you want to enable.",
         )
-        c.argument(
-            "azrbac_client_id",
-            options_list=["--app-id"],
-            arg_group="Azure RBAC",
-            help="Application ID for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
-        c.argument(
-            "azrbac_client_secret",
-            options_list=["--app-secret"],
-            arg_group="Azure RBAC",
-            help="Application secret for enabling Azure RBAC.",
-            deprecate_info=c.deprecate(hide=True),
-        )
         c.argument(
             "azrbac_skip_authz_check",
             options_list=["--skip-azure-rbac-list"],

src/connectedk8s/azext_connectedk8s/_precheckutils.py

@@ -212,7 +212,7 @@ def executing_cluster_diagnostic_checks_job(
                     )
                     return None
 
-        mcr_url = azext_utils.get_mcr_path(cmd)
+        mcr_url = azext_utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory)
 
         chart_path = azext_utils.get_chart_path(
             f"{mcr_url}/{consts.Cluster_Diagnostic_Checks_Job_Registry_Path}",

src/connectedk8s/azext_connectedk8s/_utils.py

@@ -58,11 +58,15 @@
 # pylint: disable=bare-except
 
 
-def get_mcr_path(cmd: CLICommand) -> str:
-    active_directory_array = cmd.cli_ctx.cloud.endpoints.active_directory.split(".")
+def get_mcr_path(active_directory_endpoint: str) -> str:
+    active_directory_array = active_directory_endpoint.split(".")
 
-    # default for public, mc, ff clouds
-    mcr_postfix = active_directory_array[2]
+    # For US Government and China clouds, use public mcr
+    if active_directory_endpoint.endswith((".us", ".cn")):
+        return "mcr.microsoft.com"
+
+    # Default MCR postfix
+    mcr_postfix = "com"
     # special cases for USSec, exclude part of suffix
     if len(active_directory_array) == 4 and active_directory_array[2] == "microsoft":
         mcr_postfix = active_directory_array[3]
@@ -1311,6 +1315,7 @@ def helm_install_release(
     ]
 
     # Special configurations from 2022-09-01 ARM metadata.
+    # "dataplaneEndpoints" does not appear in arm_metadata for public and AGC
     if "dataplaneEndpoints" in arm_metadata:
         if "arcConfigEndpoint" in arm_metadata["dataplaneEndpoints"]:
             notification_endpoint = arm_metadata["dataplaneEndpoints"][
@@ -1360,6 +1365,10 @@ def helm_install_release(
                 "'arcConfigEndpoint' doesn't exist under 'dataplaneEndpoints' in the ARM metadata."
             )
 
+    # Add overrides for AGC Scenario
+    if cloud_name.lower() == "ussec" or cloud_name.lower() == "usnat":
+        add_agc_endpoint_overrides(location, cloud_name, arm_metadata, cmd_helm_install)
+
     # Add helmValues content response from DP
     cmd_helm_install = parse_helm_values(helm_content_values, cmd_helm=cmd_helm_install)
 
@@ -1835,3 +1844,51 @@ def helm_update_agent(
     logger.info(str.format(consts.Update_Agent_Success, cluster_name))
     with contextlib.suppress(OSError):
         os.remove(user_values_location)
+
+
+def add_agc_endpoint_overrides(
+    location: str,
+    cloud_name: str,
+    arm_metadata: dict[str, Any],
+    cmd_helm_install: list[str],
+) -> None:
+    logger.debug("Adding AGC scenario overrides.")
+
+    arm_metadata_endpoint_array = (
+        arm_metadata["authentication"]["loginEndpoint"].strip("/").split(".")
+    )
+    if len(arm_metadata_endpoint_array) < 4:
+        raise CLIInternalError("Unexpected loginEndpoint format for AGC")
+
+    cloud_suffix = arm_metadata_endpoint_array[3]
+    endpoint_suffix = (
+        arm_metadata_endpoint_array[2] + "." + arm_metadata_endpoint_array[3]
+    )
+    if cloud_name.lower() == "usnat":
+        cloud_suffix = (
+            arm_metadata_endpoint_array[2]
+            + "."
+            + arm_metadata_endpoint_array[3]
+            + "."
+            + arm_metadata_endpoint_array[4]
+        )
+        endpoint_suffix = cloud_suffix
+
+    cmd_helm_install.extend(
+        [
+            "--set",
+            f"global.microsoftArtifactRepository=mcr.microsoft.{cloud_suffix}",
+            "--set",
+            f"systemDefaultValues.activeDirectoryEndpoint=https://login.microsoftonline.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.azureArcAgents.config_dp_endpoint_override=https://{location}.dp.kubernetesconfiguration.azure.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusterconnect-agent.notification_dp_endpoint_override=https://guestnotificationservice.azure.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusterconnect-agent.relay_endpoint_suffix_override=.servicebus.cloudapi.{endpoint_suffix}",
+            "--set",
+            f"systemDefaultValues.clusteridentityoperator.his_endpoint_override=https://gbl.his.arc.azure.{endpoint_suffix}/discovery?location={location}&api-version=1.1-preview",
+            "--set",
+            f"systemDefaultValues.image.repository=mcr.microsoft.{cloud_suffix}",
+        ]
+    )

src/connectedk8s/azext_connectedk8s/clientproxyhelper/_binaryutils.py

@@ -76,7 +76,7 @@ def _download_proxy_from_MCR(
     operating_system: str,
     architecture: str,
 ) -> None:
-    mcr_url = utils.get_mcr_path(cmd)
+    mcr_url = utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory)
 
     mar_target = f"{mcr_url}/{consts.CLIENT_PROXY_MCR_TARGET}/{operating_system.lower()}/{architecture}/arc-proxy"
     logger.debug(

src/connectedk8s/azext_connectedk8s/custom.py

@@ -1318,7 +1318,7 @@ def install_helm_client(cmd: CLICommand) -> str:
             "Downloading helm client for first time. This can take few minutes..."
         )
 
-        mcr_url = utils.get_mcr_path(cmd)
+        mcr_url = utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory)
 
         client = oras.client.OrasClient(hostname=mcr_url)
         retry_count = 3
@@ -2975,8 +2975,6 @@ def enable_features(
     features: list[str],
     kube_config: str | None = None,
     kube_context: str | None = None,
-    azrbac_client_id: str | None = None,
-    azrbac_client_secret: str | None = None,
     azrbac_skip_authz_check: str | None = None,
     skip_ssl_verification: bool = False,
     cl_oid: str | None = None,

src/connectedk8s/azext_connectedk8s/tests/unittests/test_utils_.py

@@ -9,6 +9,7 @@
 
 sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "../../..")))
 from azext_connectedk8s._utils import (
+    get_mcr_path,
     process_helm_error_detail,
     redact_sensitive_fields_from_string,
     remove_rsa_private_key,
@@ -76,5 +77,27 @@ def test_redact_sensitive_fields_from_string():
     )
 
 
+def test_get_mcr_path():
+    input_active_directory = "login.microsoftonline.com"
+    expected_output = "mcr.microsoft.com"
+    assert get_mcr_path(input_active_directory) == expected_output
+
+    input_active_directory = "login.microsoftonline.us"
+    expected_output = "mcr.microsoft.com"
+    assert get_mcr_path(input_active_directory) == expected_output
+
+    input_active_directory = "login.chinacloudapi.cn"
+    expected_output = "mcr.microsoft.com"
+    assert get_mcr_path(input_active_directory) == expected_output
+
+    input_active_directory = "https://login.microsoftonline.microsoft.foo"
+    expected_output = "mcr.microsoft.foo"
+    assert get_mcr_path(input_active_directory) == expected_output
+
+    input_active_directory = "https://login.microsoftonline.some.cloud.bar"
+    expected_output = "mcr.microsoft.some.cloud.bar"
+    assert get_mcr_path(input_active_directory) == expected_output
+
+
 if __name__ == "__main__":
     pytest.main()

src/connectedk8s/setup.py

@@ -13,7 +13,7 @@
 # TODO: Confirm this is the right version number you want and it matches your
 # HISTORY.rst entry.
 
-VERSION = "1.10.10"
+VERSION = "1.10.12"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers

src/k8s-extension/azext_k8s_extension/custom.py

@@ -763,7 +763,7 @@ def install_helm_client(cmd: CLICommand) -> str:
             "Downloading helm client for first time. This can take few minutes..."
         )
 
-        mcr_url = utils.get_mcr_path(cmd)
+        mcr_url = utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory)
 
         client = oras.client.OrasClient(hostname=mcr_url)
         retry_count = 3

src/k8s-extension/azext_k8s_extension/utils.py

@@ -361,11 +361,15 @@ def create_folder_diagnosticlogs(folder_name: str, base_folder_name: str) -> tup
         )
         return "", False
 
-def get_mcr_path(cmd: CLICommand) -> str:
-    active_directory_array = cmd.cli_ctx.cloud.endpoints.active_directory.split(".")
+def get_mcr_path(active_directory_endpoint: str) -> str:
+    active_directory_array = active_directory_endpoint.split(".")
 
-    # default for public, mc, ff clouds
-    mcr_postfix = active_directory_array[2]
+    # For US Government and China clouds, use public mcr
+    if active_directory_endpoint.endswith((".us", ".cn")):
+        return "mcr.microsoft.com"
+
+    # Default MCR postfix
+    mcr_postfix = "com"
     # special cases for USSec, exclude part of suffix
     if len(active_directory_array) == 4 and active_directory_array[2] == "microsoft":
         mcr_postfix = active_directory_array[3]

testing/.gitignore

@@ -0,0 +1,9 @@
+settings.json
+tmp/
+bin/*
+!bin/connectedk8s-1.0.0-py3-none-any.whl
+!bin/k8s_extension-0.3.0-py3-none-any.whl
+!bin/k8s_extension_private-0.1.0-py3-none-any.whl
+!bin/k8s_configuration-1.0.0-py3-none-any.whl
+!bin/connectedk8s-values.yaml
+*.xml

testing/Bootstrap.ps1

@@ -0,0 +1,30 @@
+param (
+    [switch] $SkipInstall,
+    [switch] $CI
+)
+
+# Disable confirm prompt for script
+az config set core.disable_confirm_prompt=true
+
+# Configuring the environment
+$ENVCONFIG = Get-Content -Path $PSScriptRoot/settings.json | ConvertFrom-Json
+
+az account set --subscription $ENVCONFIG.subscriptionId
+
+if (-not (Test-Path -Path $PSScriptRoot/tmp)) {
+    New-Item -ItemType Directory -Path $PSScriptRoot/tmp
+}
+
+az group show --name $envConfig.resourceGroup
+if (!$?) {
+    Write-Host "Resource group does not exist, creating it now in region 'eastus2euap'"
+    az group create --name $envConfig.resourceGroup --location eastus2euap
+
+    if (!$?) {
+        Write-Host "Failed to create Resource Group - exiting!"
+        Exit 1
+    }
+}
+
+
+Copy-Item $HOME/.kube/config -Destination $PSScriptRoot/tmp/KUBECONFIG