[Container app] az containerapp env create: Add parameter --infrastructure-resource-group to support specifying name for resource group that will contain infrastructure resources (#32457)

Author: Greedygre

src/azure-cli/azure/cli/command_modules/containerapp/_params.py

@@ -165,6 +165,7 @@ def load_arguments(self, _):
 
     with self.argument_context('containerapp env', arg_group='Virtual Network') as c:
         c.argument('infrastructure_subnet_resource_id', options_list=['--infrastructure-subnet-resource-id', '-s'], help='Resource ID of a subnet for infrastructure components and user app containers.')
+        c.argument('infrastructure_resource_group', options_list=['--infrastructure-resource-group', '-i'], help='Name for resource group that will contain infrastructure resources. If not provided, a resource group name will be generated.')
         c.argument('docker_bridge_cidr', options_list=['--docker-bridge-cidr'], help='CIDR notation IP range assigned to the Docker bridge. It must not overlap with any Subnet IP ranges or the IP range defined in Platform Reserved CIDR, if defined', deprecate_info=Deprecated(self.cli_ctx, target='--docker-bridge-cidr', hide=True, message_func=lambda x: "Option '--docker-bridge-cidr' has been deprecated and will be removed in the Ignite 2024"))
         c.argument('platform_reserved_cidr', options_list=['--platform-reserved-cidr'], help='IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other Subnet IP ranges')
         c.argument('platform_reserved_dns_ip', options_list=['--platform-reserved-dns-ip'], help='An IP address from the IP range defined by Platform Reserved CIDR that will be reserved for the internal DNS server.')

src/azure-cli/azure/cli/command_modules/containerapp/containerapp_env_decorator.py

@@ -133,6 +133,9 @@ def __init__(self, cmd: AzCliCommand, client: Any, raw_parameters: Dict, models:
     def get_argument_enable_workload_profiles(self):
         return self.get_param("enable_workload_profiles")
 
+    def get_argument_infrastructure_resource_group(self):
+        return self.get_param("infrastructure_resource_group")
+
     def validate_arguments(self):
         location = self.get_argument_location()
         if self.get_argument_zone_redundant():
@@ -158,6 +161,15 @@ def validate_arguments(self):
         if self.get_argument_p2p_encryption_enabled() is False and self.get_argument_mtls_enabled() is True:
             raise ValidationError("Cannot use '--enable-mtls' with '--enable-peer-to-peer-encryption False'")
 
+        # Infrastructure Resource Group
+        if self.get_argument_infrastructure_resource_group() is not None:
+            if not self.get_argument_infrastructure_subnet_resource_id():
+                raise RequiredArgumentMissingError("Cannot use --infrastructure-resource-group/-i without "
+                                                   "--infrastructure-subnet-resource-id/-s")
+            if not self.get_argument_enable_workload_profiles():
+                raise RequiredArgumentMissingError("Cannot use --infrastructure-resource-group/-i without "
+                                                   "--enable-workload-profiles/-w")
+
     def create(self):
         try:
             return self.client.create(cmd=self.cmd, resource_group_name=self.get_argument_resource_group_name(),
@@ -206,6 +218,12 @@ def construct_payload(self):
 
         self.set_up_peer_to_peer_encryption()
 
+        self.set_up_infrastructure_resource_group()
+
+    def set_up_infrastructure_resource_group(self):
+        if self.get_argument_enable_workload_profiles() and self.get_argument_infrastructure_subnet_resource_id() is not None:
+            self.managed_env_def["properties"]["InfrastructureResourceGroup"] = self.get_argument_infrastructure_resource_group()
+
     def set_up_workload_profiles(self):
         if self.get_argument_enable_workload_profiles():
             # If the environment exists, infer the environment type

src/azure-cli/azure/cli/command_modules/containerapp/custom.py

@@ -853,6 +853,7 @@ def create_managed_environment(cmd,
                                instrumentation_key=None,
                                dapr_connection_string=None,
                                infrastructure_subnet_resource_id=None,
+                               infrastructure_resource_group=None,
                                docker_bridge_cidr=None,
                                platform_reserved_cidr=None,
                                platform_reserved_dns_ip=None,

src/azure-cli/azure/cli/command_modules/containerapp/tests/latest/common.py

@@ -8,7 +8,7 @@
 
 TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..'))
 TEST_LOCATION = os.getenv("CLITestLocation") if os.getenv("CLITestLocation") else "eastus"
-
+STAGE_LOCATION = "northcentralusstage"
 
 def write_test_file(filename, content):
     test_file = open(filename, "w", encoding='utf-8')

src/azure-cli/azure/cli/command_modules/containerapp/tests/latest/custom_preparers.py

@@ -0,0 +1,66 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+import time
+
+from azure.cli.command_modules.containerapp._utils import format_location
+
+from azure.cli.testsdk import CliTestError
+from azure.cli.testsdk.reverse_dependency import get_dummy_cli
+from azure.cli.testsdk.scenario_tests import SingleValueReplacer
+from azure.cli.testsdk.preparers import NoTrafficRecordingPreparer, ResourceGroupPreparer
+from .common import STAGE_LOCATION
+
+class SubnetPreparer(NoTrafficRecordingPreparer, SingleValueReplacer):
+    def __init__(self, name_prefix='vnet', location="centralus", location_replace_stage="centralus", resource_group_parameter_name='resource_group', vnet_name=None, vnet_address_prefixes='14.0.0.0/23', subnet_address_prefixes='14.0.0.0/23',
+                 delegations=None, subnet_name="default", service_endpoints=None, skip_delete=False):
+        super(SubnetPreparer, self).__init__(name_prefix, 15)
+        self.cli_ctx = get_dummy_cli()
+        self.location = location
+        self.resource_group_parameter_name = resource_group_parameter_name
+        self.vnet_name = vnet_name
+        if vnet_name is None:
+            self.vnet_name = self.create_random_name()
+        self.vnet_address_prefixes = vnet_address_prefixes
+        self.subnet_address_prefixes = subnet_address_prefixes
+        self.delegations = delegations
+        self.subnet_name = subnet_name
+        self.service_endpoints = service_endpoints
+        self.skip_delete = skip_delete
+        self.location_replace_stage = location_replace_stage
+
+    def create_resource(self, name, **kwargs):
+        resource_group = self._get_resource_group(**kwargs)
+        subnet_id = "FAKESUBNETID"
+        location = self.location
+        if format_location(location) == format_location(STAGE_LOCATION):
+            location = self.location_replace_stage
+
+        try:
+            self.live_only_execute(self.cli_ctx, f"az network vnet create --address-prefixes {self.vnet_address_prefixes} -g {resource_group} -n {self.vnet_name} --subnet-name {self.subnet_name} --location {location}")
+            subnet_command = f"az network vnet subnet update --address-prefixes {self.subnet_address_prefixes} " \
+                             f"-n {self.subnet_name} " \
+                             f"-g {resource_group} " \
+                             f"--vnet-name {self.vnet_name} "
+            if self.service_endpoints is not None:
+                subnet_command += f'--service-endpoints {self.service_endpoints} '
+
+            if self.delegations is not None:
+                subnet_command += f'--delegations {self.delegations} '
+
+            subnet_id = self.live_only_execute(self.cli_ctx, subnet_command).get_output_in_json()["id"]
+        except AttributeError:  # live only execute returns None if playing from record
+            pass
+        return {'subnet_id': subnet_id,
+                'vnet_name': self.vnet_name,
+                'subnet_name': self.subnet_name}
+
+    def _get_resource_group(self, **kwargs):
+        try:
+            return kwargs.get(self.resource_group_parameter_name)
+        except KeyError:
+            template = 'Resource group is required. Please add ' \
+                       'decorator @{} in front of this preparer.'
+            raise CliTestError(template.format(ResourceGroupPreparer.__name__,
+                                               self.resource_group_parameter_name))