[AKS] BREAKING CHANGE: Update ACNS preview CLI commands to align with GA CLI (Azure#8217)

Author: rayaisaiah

src/aks-preview/HISTORY.rst

@@ -9,6 +9,11 @@ If there is no rush to release a new version, please just add a description of t
 
 To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.
 
+12.0.0b1
++++++++
+* [BREAKING CHANGE]: Remove advanced container networking service (acns) enablement preview parameters `--enable-advanced-network-observability`, `--disable-advanced-network-observability`, `--enable-fqdn-policy`, `--disable-fqdn-policy`, and `--advanced-networking-observability-tls-management` from `az aks create/update` command.
+* Add advanced container networking service (acns) enablement GA parameters `--disable-acns-observability` and `--disable-acns-security` to `az aks create/update` command.
+
 11.0.0b1
 +++++++
 * [BREAKING CHANGE]: `az aks create`: Remove AAD-legacy properties `--aad-client-app-id`, `--aad-server-app-id` and `--aad-server-app-secret` when creating cluster.

src/aks-preview/azext_aks_preview/_consts.py

@@ -327,10 +327,6 @@
 CONST_IMDS_RESTRICTION_ENABLED = "None"
 CONST_IMDS_RESTRICTION_DISABLED = "IMDS"
 
-# TLS Management Consts
-CONST_TLS_MANAGEMENT_MANAGED = "Managed"
-CONST_TLS_MANAGEMENT_NONE = "None"
-
 # GPU Driver Type Consts
 CONST_GPU_DRIVER_TYPE_CUDA = "CUDA"
 CONST_GPU_DRIVER_TYPE_GRID = "GRID"

src/aks-preview/azext_aks_preview/_help.py

@@ -219,18 +219,15 @@
               Used together with the "azure" network plugin.
               Requires either --pod-subnet-id or --network-plugin-mode=overlay.
               This flag is deprecated in favor of --network-dataplane=cilium.
-        - name: --enable-advanced-network-observability
+        - name: --enable-acns
           type: bool
-          short-summary: Enable advanced network observability functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --enable-fqdn-policy
+          short-summary: Enable advanced network functionalities on a cluster. Enabling this will incur additional costs.
+        - name: --disable-acns-observability
           type: bool
-          short-summary: Enable advanced network security FQDN functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --enable-acns
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --disable-acns-security
           type: bool
-          short-summary: Enable advanced network functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --advanced-networking-observability-tls-management
-          type: string
-          short-summary: Management of TLS certificates for querying network flow logs via the flow log endpoint for Advanced Networking observability clusters. Valid values are "Managed" and "None". If not specified, the default is Managed.
+          short-summary: Used to disable advanced networking security features on a clusters when enabling advanced networking features with "--enable-acns".
         - name: --no-ssh-key -x
           type: string
           short-summary: Do not use or create a local SSH key.
@@ -1205,27 +1202,18 @@
         - name: --nodepool-labels
           type: string
           short-summary: The node labels for all node pool. See https://aka.ms/node-labels for syntax of labels.
-        - name: --enable-advanced-network-observability
-          type: bool
-          short-summary: Enable advanced network observability functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --disable-advanced-network-observability
-          type: bool
-          short-summary: Disable advanced network observability functionalities on a cluster
-        - name: --advanced-networking-observability-tls-management
-          type: string
-          short-summary: Management of TLS certificates for querying network flow logs via the flow log endpoint for Advanced Networking observability clusters. Valid values are "Managed" and "None". If not specified, the default is Managed.
-        - name: --enable-fqdn-policy
-          type: bool
-          short-summary: Enable advanced network security FQDN functionalities on a cluster. Note that enabling this will incur additional costs.
-        - name: --disable-fqdn-policy
-          type: bool
-          short-summary: Disable advanced network security FQDN functionalities on a cluster
         - name: --enable-acns
           type: bool
-          short-summary: Enable advanced network functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: Enable advanced network functionalities on a cluster. Enabling this will incur additional costs.
         - name: --disable-acns
           type: bool
-          short-summary: Disable advanced network functionalities on a cluster
+          short-summary: Disable all advanced networking functionalities on a cluster.
+        - name: --disable-acns-observability
+          type: bool
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --disable-acns-security
+          type: bool
+          short-summary: Used to disable advanced networking security features on a clusters when enabling advanced networking features with "--enable-acns".
         - name: --enable-cost-analysis
           type: bool
           short-summary: Enable exporting Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. For more information see aka.ms/aks/docs/cost-analysis.

src/aks-preview/azext_aks_preview/_params.py

@@ -127,8 +127,6 @@
     CONST_APP_ROUTING_EXTERNAL_NGINX,
     CONST_APP_ROUTING_INTERNAL_NGINX,
     CONST_APP_ROUTING_NONE_NGINX,
-    CONST_TLS_MANAGEMENT_MANAGED,
-    CONST_TLS_MANAGEMENT_NONE,
     CONST_GPU_DRIVER_TYPE_CUDA,
     CONST_GPU_DRIVER_TYPE_GRID,
 )
@@ -417,11 +415,6 @@
     CONST_APP_ROUTING_NONE_NGINX
 ]
 
-tls_management_types = [
-    CONST_TLS_MANAGEMENT_MANAGED,
-    CONST_TLS_MANAGEMENT_NONE,
-]
-
 gpu_driver_types = [
     CONST_GPU_DRIVER_TYPE_CUDA,
     CONST_GPU_DRIVER_TYPE_GRID,
@@ -818,23 +811,17 @@ def load_arguments(self, _):
             ),
         )
         c.argument(
-            "enable_advanced_network_observability",
+            "enable_acns",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "advanced_networking_observability_tls_management",
-            arg_type=get_enum_type(tls_management_types),
-            default=CONST_TLS_MANAGEMENT_MANAGED,
-            is_preview=True,
-        )
-        c.argument(
-            "enable_fqdn_policy",
+            "disable_acns_observability",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "enable_acns",
+            "disable_acns_security",
             action="store_true",
             is_preview=True,
         )
@@ -1301,37 +1288,22 @@ def load_arguments(self, _):
         c.argument("safeguards_version", help="The deployment safeguards version", is_preview=True)
         c.argument("safeguards_excluded_ns", is_preview=True)
         c.argument(
-            "enable_advanced_network_observability",
-            action="store_true",
-            is_preview=True,
-        )
-        c.argument(
-            "disable_advanced_network_observability",
-            action="store_true",
-            is_preview=True,
-        )
-        c.argument(
-            "advanced_networking_observability_tls_management",
-            arg_type=get_enum_type(tls_management_types),
-            is_preview=True,
-        )
-        c.argument(
-            "enable_fqdn_policy",
+            "enable_acns",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "disable_fqdn_policy",
+            "disable_acns",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "enable_acns",
+            "disable_acns_observability",
             action="store_true",
             is_preview=True,
         )
         c.argument(
-            "disable_acns",
+            "disable_acns_security",
             action="store_true",
             is_preview=True,
         )

src/aks-preview/azext_aks_preview/custom.py

@@ -489,10 +489,10 @@ def aks_create(
     enable_addon_autoscaling=False,
     enable_cilium_dataplane=False,
     custom_ca_trust_certificates=None,
-    enable_advanced_network_observability=None,
-    advanced_networking_observability_tls_management=None,
-    enable_fqdn_policy=None,
+    # advanced networking
     enable_acns=None,
+    disable_acns_observability=None,
+    disable_acns_security=None,
     # nodepool
     crg_id=None,
     message_of_the_day=None,
@@ -719,13 +719,11 @@ def aks_update(
     safeguards_level=None,
     safeguards_version=None,
     safeguards_excluded_ns=None,
-    enable_advanced_network_observability=None,
-    disable_advanced_network_observability=None,
-    advanced_networking_observability_tls_management=None,
-    enable_fqdn_policy=None,
-    disable_fqdn_policy=None,
+    # advanced networking
     enable_acns=None,
     disable_acns=None,
+    disable_acns_observability=None,
+    disable_acns_security=None,
     # metrics profile
     enable_cost_analysis=False,
     disable_cost_analysis=False,