[Az.ConnectedKubernetes] support proxy environments and fix issues (#20944)

* Fix Invoke-WebRequest in Win10 issue

* Add optional settings (+2 squashed commit)

Squashed commit:

[37a75ce5980] Add optional settings

[f90cd1a98ee] Add optional settings

* Install azure-arc helm release in azure-arc-release namespace (+1 squashed commits)

Squashed commits:

[49e9e01caf3] Install azure-arc helm release in azure-arc-release namespace (+1 squashed commits)

Squashed commits:

[9662ecff989] Install azure-arc helm release in azure-arc-release namespace

* Fix RSAHelper format

* Add Proxy settings (+1 squashed commits)

Squashed commits:

[28ff1d7f8cf] Add Proxy settings (+4 squashed commit)

Squashed commit:

[cdfe615ad63] Update warning messages

[5d46ec26806] Check credential

[db0351e75f5] Update parameter description

[79bf2b15c29] Modify parameter type

* Fix Invalid URI issue when passing diaplsy name of location (+1 squashed commits)

Squashed commits:

[c893de7a1b5] Fix Invalid URI issue when passing diaplsy name of location (+1 squashed commits)

Squashed commits:

[bc81f1915fb] Fix Invalid URI issue when passing diaplsy name of location

* Update examples

* Update ChangeLog

* Update parameter names and docs

Author: yinghsugn

src/ConnectedKubernetes/ChangeLog.md

@@ -18,6 +18,10 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Added optional configs (-HttpProxy, -HttpsProxy, -NoProxy, -ProxyCert) for connection behind outbound proxy server.
+* Added optional configs (-ContainerLogPath, -DisableAutoUpgrade, -NoWait, -OnboardingTimeout).
+* Fixed invalid URI issue with display name of location.
+* Fixed response can't be parsed issue with UseBasicParsing.
 
 ## Version 0.7.1
 * Made `New-AzConnectedKubernetes` support PowerShell 5.

src/ConnectedKubernetes/custom/New-AzConnectedKubernetes.ps1

@@ -54,12 +54,55 @@ function New-AzConnectedKubernetes {
         # The ID of the target subscription.
         ${SubscriptionId},
 
+        [Parameter()]
+        [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')]
+        [System.Uri]
+        # The http URI of the proxy server for the kubernetes cluster to use
+        ${HttpProxy},
+
+        [Parameter()]
+        [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')]
+        [System.Uri]
+        # The https URI of the proxy server for the kubernetes cluster to use
+        ${HttpsProxy},
+
+        [Parameter()]
+        [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')]
+        [System.String]
+        # The comma-separated list of hostnames that should be excluded from the proxy server for the kubernetes cluster to use
+        ${NoProxy},
+
+        [Parameter()]
+        [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')]
+        [System.String]
+        # The path to the certificate file for proxy or custom Certificate Authority.
+        ${ProxyCert},
+
+        [Parameter()]
+        [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')]
+        [ValidateRange(0,3600)]
+        [Int]
+        # The time required (in seconds) for the arc-agent pods to be installed on the kubernetes cluster.
+        ${OnboardingTimeout} = 600,
+
+        [Parameter()]
+        [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')]
+        [System.Management.Automation.SwitchParameter]
+        # Flag to disable auto upgrade of arc agents.
+        ${DisableAutoUpgrade},
+
+        [Parameter()]
+        [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')]
+        [System.String]
+        # Override the default container log path to enable fluent-bit logging.
+        ${ContainerLogPath},
+
         [Parameter(HelpMessage="Path to the kube config file")]
         [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
         [System.String]
         # Path to the kube config file
         ${KubeConfig},
-    
+
         [Parameter(HelpMessage="Kubconfig context from current machine")]
         [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
         [System.String]
@@ -172,14 +215,14 @@ function New-AzConnectedKubernetes {
         [Parameter(DontShow)]
         [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Runtime')]
         [System.Uri]
-        # The URI for the proxy server to use
+        # The URI of the proxy server for host os to use
         ${Proxy},
 
         [Parameter(DontShow)]
         [ValidateNotNull()]
         [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Runtime')]
         [System.Management.Automation.PSCredential]
-        # Credentials for a proxy server to use for the remote call
+        # The credential of the proxy server for host os to use
         ${ProxyCredential},
 
         [Parameter(DontShow)]
@@ -224,7 +267,7 @@ function New-AzConnectedKubernetes {
         if ($PSBoundParameters.ContainsKey('KubeContext')) {
             $Null = $PSBoundParameters.Remove('KubeContext')
         }
-        if (($KubeContext -eq $null) -or ($KubeContext -eq '')) {
+        if (($null -eq $KubeContext) -or ($KubeContext -eq '')) {
             $KubeContext = kubectl config current-context
         }
 
@@ -260,9 +303,10 @@ function New-AzConnectedKubernetes {
         #EndRegion
 
         #Region get release namespace
+        Set-Variable ReleaseInstallNamespace -option Constant -value "azure-arc-release"
         $ReleaseNamespace = $null
         try {
-            $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext | ConvertFrom-Json).namespace
+            $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext -n $ReleaseInstallNamespace | ConvertFrom-Json).namespace
         } catch {
             Write-Error "Fail to find the namespace for azure-arc."
         }
@@ -302,6 +346,15 @@ function New-AzConnectedKubernetes {
             } else {
                 $ReleaseTrain = 'stable'
             }
+            
+            $AzLocation = Get-AzLocation | Where-Object { ($_.DisplayName -ieq $Location) -or ($_.Location -ieq $Location)}
+            $Region = $AzLocation.Location
+            if ($null -eq $Region) {
+                Write-Error "Invalid location: $Location"
+                return
+            } else {
+                $Location = $Region
+            }            
             $ChartLocationUrl = "https://${Location}.dp.kubernetesconfiguration.azure.com/azure-arc-k8sagents/GetLatestHelmPackagePath?api-version=2019-11-01-preview&releaseTrain=${ReleaseTrain}"
 
             $Uri = [System.Uri]::New($ChartLocationUrl)
@@ -315,7 +368,7 @@ function New-AzConnectedKubernetes {
             $HeaderParameter = @{
                 "Authorization" = "Bearer $AccessToken"
             }
-            $Response = Invoke-WebRequest -Uri $Uri -Headers $HeaderParameter -Method Post
+            $Response = Invoke-WebRequest -Uri $Uri -Headers $HeaderParameter -Method Post -UseBasicParsing
             if ($Response.StatusCode -eq 200) {
                 $RegisteryPath = ($Response.Content | ConvertFrom-Json).repositoryPath
             } else {
@@ -354,27 +407,104 @@ function New-AzConnectedKubernetes {
                 . "$PSScriptRoot/../utils/RSAHelper.ps1"
                 $AgentPublicKey = ExportRSAPublicKeyBase64($RSA)
                 $AgentPrivateKey = ExportRSAPrivateKeyBase64($RSA)
+                $AgentPrivateKey = "-----BEGIN RSA PRIVATE KEY-----`n" + $AgentPrivateKey + "`n-----END RSA PRIVATE KEY-----"                
             } catch {
                 Write-Error "Unable to generate RSA keys"
                 throw
             }
         } else {
             $AgentPublicKey = [System.Convert]::ToBase64String($RSA.ExportRSAPublicKey())
-            $AgentPrivateKey = "-----BEGIN RSA PRIVATE KEY-----`n" + [System.Convert]::ToBase64String($RSA.ExportRSAPrivateKey()) + "`n-----END RSA PRIVATE KEY-----"	  
+            $AgentPrivateKey = "-----BEGIN RSA PRIVATE KEY-----`n" + [System.Convert]::ToBase64String($RSA.ExportRSAPrivateKey()) + "`n-----END RSA PRIVATE KEY-----"
         }
-        
+
         $HelmChartPath = Join-Path -Path $ChartExportPath -ChildPath 'azure-arc-k8sagents'
         if (Test-Path Env:HELMCHART) {
             $ChartPath = Get-ChildItem -Path Env:HELMCHART
         } else {
             $ChartPath = $HelmChartPath
         }
 
+        #Region helm options
+        $options = ""
+        $proxyEnableState = $false
+        if (-not ([string]::IsNullOrEmpty($HttpProxy))) {
+            $HttpProxyStr = $HttpProxy.ToString()
+            $HttpProxyStr = $HttpProxyStr -replace ',','\,'
+            $HttpProxyStr = $HttpProxyStr -replace '/','\/'
+            $options += " --set global.httpProxy=$HttpProxyStr"
+            $proxyEnableState = $true
+            $Null = $PSBoundParameters.Remove('HttpProxy')
+        }
+        if (-not ([string]::IsNullOrEmpty($HttpsProxy))) {
+            $HttpsProxyStr = $HttpsProxy.ToString()
+            $HttpsProxyStr = $HttpsProxyStr -replace ',','\,'
+            $HttpsProxyStr = $HttpsProxyStr -replace '/','\/'
+            $options += " --set global.httpsProxy=$HttpsProxyStr"
+            $proxyEnableState = $true
+            $Null = $PSBoundParameters.Remove('HttpsProxy')
+        }
+        if (-not ([string]::IsNullOrEmpty($NoProxy))) {
+            $NoProxy = $NoProxy -replace ',','\,'
+            $NoProxy = $NoProxy -replace '/','\/'
+            $options += " --set global.noProxy=$NoProxy"
+            $proxyEnableState = $true
+            $Null = $PSBoundParameters.Remove('NoProxy')
+        }
+        if ($proxyEnableState) {
+            $options += " --set global.isProxyEnabled=true"
+        }
+        try {
+            if ((-not ([string]::IsNullOrEmpty($ProxyCert))) -and (Test-Path $ProxyCert)) {
+                $options += " --set-file global.proxyCert=$ProxyCert"
+                $options += " --set global.isCustomCert=true"
+            }
+        } catch {
+            Write-Error "Unable to find ProxyCert from file path"
+            throw
+        }
+        if ($DisableAutoUpgrade) {
+            $options += " --set systemDefaultValues.azureArcAgents.autoUpdate=false"
+            $Null = $PSBoundParameters.Remove('DisableAutoUpgrade')
+        }
+        if (-not ([string]::IsNullOrEmpty($ContainerLogPath))) {
+            $options += " --set systemDefaultValues.fluent-bit.containerLogPath=$ContainerLogPath"
+            $Null = $PSBoundParameters.Remove('ContainerLogPath')
+        }
+	    if (-not ([string]::IsNullOrEmpty($KubeConfig))) {
+            $options += " --kubeconfig $KubeConfig"
+        }
+	    if (-not ([string]::IsNullOrEmpty($KubeContext))) {
+            $options += " --kube-context $KubeContext"
+        }
+	    if (!$NoWait) {
+            $options += " --wait --timeout $OnboardingTimeout"
+            $options += "s"
+        }        
+        #Endregion
+        if ($PSBoundParameters.ContainsKey('OnboardingTimeout')) {
+            $PSBoundParameters.Remove('OnboardingTimeout')
+        }
+        if ((-not ([string]::IsNullOrEmpty($Proxy))) -and (-not $PSBoundParameters.ContainsKey('ProxyCredential'))) {
+            if (-not ([string]::IsNullOrEmpty($Proxy.UserInfo))) {
+                try{
+                    $userInfo = $Proxy.UserInfo -Split ':'
+                    $pass = ConvertTo-SecureString $userInfo[1] -AsPlainText -Force
+                    $ProxyCredential = New-Object System.Management.Automation.PSCredential ($userInfo[0] , $pass)
+                    $PSBoundParameters.Add('ProxyCredential', $ProxyCredential)
+                } catch {
+                    Write-Warning "Please set ProxyCredential or provide username and password in the Proxy parameter"
+                    throw
+                }
+            } else {
+                Write-Warning "If the proxy is a private proxy, pass ProxyCredential parameter or provide username and password in the Proxy parameter"
+            }
+        }
+
         $PSBoundParameters.Add('AgentPublicKeyCertificate', $AgentPublicKey)
         $Response = Az.ConnectedKubernetes.internal\New-AzConnectedKubernetes @PSBoundParameters
 
-        $TenantId = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext.Tenant.Id
-        helm upgrade --install azure-arc $ChartPath --set global.subscriptionId=$SubscriptionId --set global.resourceGroupName=$ResourceGroupName --set global.resourceName=$ClusterName --set global.tenantId=$TenantId --set global.location=$Location --set global.onboardingPrivateKey=$AgentPrivateKey --set systemDefaultValues.spnOnboarding=false --set global.azureEnvironment=AZUREPUBLICCLOUD --set systemDefaultValues.clusterconnect-agent.enabled=true --set global.kubernetesDistro=$Distribution --set global.kubernetesInfra=$Infrastructure --kubeconfig $KubeConfig --kube-context $KubeContext --wait --timeout 600s
+        $TenantId = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext.Tenant.Id        
+	    helm upgrade --install azure-arc $ChartPath --namespace $ReleaseInstallNamespace --create-namespace --set global.subscriptionId=$SubscriptionId --set global.resourceGroupName=$ResourceGroupName --set global.resourceName=$ClusterName --set global.tenantId=$TenantId --set global.location=$Location --set global.onboardingPrivateKey=$AgentPrivateKey --set systemDefaultValues.spnOnboarding=false --set global.azureEnvironment=AZUREPUBLICCLOUD --set systemDefaultValues.clusterconnect-agent.enabled=true --set global.kubernetesDistro=$Distribution --set global.kubernetesInfra=$Infrastructure (-split $options)
         Return $Response
     }
 }

src/ConnectedKubernetes/custom/Remove-AzConnectedKubernetes.ps1

@@ -186,9 +186,10 @@ param(
         #Endregion
 
         #Region get release namespace
+        Set-Variable ReleaseInstallNamespace -option Constant -value "azure-arc-release"
         $ReleaseNamespace = $null
         try {
-            $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext | ConvertFrom-Json).namespace
+            $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext -n $ReleaseInstallNamespace | ConvertFrom-Json).namespace
         } catch {
             Write-Error "Fail to find the namespace for azure-arc."
         }
@@ -211,7 +212,7 @@ param(
         }
         if (($ResourceGroupName -eq $ConfigmapRgName) -and ($ClusterName -eq $ConfigmapClusterName)) {
             Az.ConnectedKubernetes.internal\Remove-AzConnectedKubernetes @PSBoundParameters
-            helm delete azure-arc --namespace $ReleaseNamespace --kubeconfig $KubeConfig --kube-context $KubeContext
+            helm delete azure-arc --namespace $ReleaseInstallNamespace --kubeconfig $KubeConfig --kube-context $KubeContext
         } else {
             Write-Error "The current context in the kubeconfig file does not correspond to the connected cluster resource specified. Agents installed on this cluster correspond to the resource group name '$ConfigmapRgName' and resource name '$ConfigmapClusterName'."
         }

src/ConnectedKubernetes/docs/Az.ConnectedKubernetes.md

@@ -0,0 +1,28 @@
+---
+Module Name: Az.ConnectedKubernetes
+Module Guid: 683047b8-5094-43e1-96c7-6792b93e81cb
+Download Help Link: https://learn.microsoft.com/powershell/module/az.connectedkubernetes
+Help Version: 1.0.0.0
+Locale: en-US
+---
+
+# Az.ConnectedKubernetes Module
+## Description
+Microsoft Azure PowerShell: ConnectedKubernetes cmdlets
+
+## Az.ConnectedKubernetes Cmdlets
+### [Get-AzConnectedKubernetes](Get-AzConnectedKubernetes.md)
+Returns the properties of the specified connected cluster, including name, identity, properties, and additional cluster details.
+
+### [Get-AzConnectedKubernetesUserCredential](Get-AzConnectedKubernetesUserCredential.md)
+Gets cluster user credentials of the connected cluster with a specified resource group and name.
+
+### [New-AzConnectedKubernetes](New-AzConnectedKubernetes.md)
+API to register a new Kubernetes cluster and create a tracked resource in Azure Resource Manager (ARM).
+
+### [Remove-AzConnectedKubernetes](Remove-AzConnectedKubernetes.md)
+Delete a connected cluster, removing the tracked resource in Azure Resource Manager (ARM).
+
+### [Update-AzConnectedKubernetes](Update-AzConnectedKubernetes.md)
+API to update certain properties of the connected cluster resource
+