Re-merge Workload Identity Federation (WIF) changes (#26127)

* Add WIF changes back * Run Autorest and build again
Azure · Sep 18, 2024 · 0a93254 · 0a93254
1 parent c1ee1c7
commit 0a93254
Show file tree

Hide file tree

Showing 9 changed files with 204 additions and 25 deletions.
diff --git a/...onnectedKubernetes/ConnectedKubernetes.Autorest/custom/Az.ConnectedKubernetes.custom.psm1 b/...onnectedKubernetes/ConnectedKubernetes.Autorest/custom/Az.ConnectedKubernetes.custom.psm1
@@ -1,9 +1,9 @@
 # region Generated 
  # Load the private module dll
- $null = Import-Module -PassThru -Name (Join-Path $PSScriptRoot '../bin/Az.ConnectedKubernetes.private.dll')
+ $null = Import-Module -PassThru -Name (Join-Path $PSScriptRoot '..\bin\Az.ConnectedKubernetes.private.dll')
 
  # Load the internal module
- $internalModulePath = Join-Path $PSScriptRoot '../internal/Az.ConnectedKubernetes.internal.psm1'
+ $internalModulePath = Join-Path $PSScriptRoot '..\internal\Az.ConnectedKubernetes.internal.psm1'
  if(Test-Path $internalModulePath) {
  $null = Import-Module -Name $internalModulePath
  }

diff --git a/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/custom/New-AzConnectedKubernetes.ps1 b/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/custom/New-AzConnectedKubernetes.ps1
@@ -180,6 +180,24 @@ function New-AzConnectedKubernetes {
  # OID of 'custom-locations' app.
  ${CustomLocationsOid},
 
+ [Parameter()]
+ [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
+ [System.Management.Automation.SwitchParameter]
+ # Whether to enable oidc issuer for workload identity integration.
+ ${OidcIssuerProfileEnabled},
+
+ [Parameter()]
+ [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
+ [System.String]
+ # The issuer url for public cloud clusters - AKS, EKS, GKE - used for the workload identity feature.
+ ${OidcIssuerProfileSelfHostedIssuerUrl},
+
+ [Parameter()]
+ [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
+ [System.Management.Automation.SwitchParameter]
+ # Whether to enable or disable the workload identity Webhook
+ ${WorkloadIdentityEnabled},
+
  [Parameter()]
  [System.Management.Automation.SwitchParameter]
  # Accept EULA of ConnectedKubernetes, legal term will pop up without this parameter provided
@@ -682,6 +700,28 @@ function New-AzConnectedKubernetes {
  throw "Unable to install helm chart at $ChartPath"
  }
  }
+
+ if ($PSCmdlet.ShouldProcess($ClusterName, "Check agent state of the connected cluster")) {
+ if ($PSBoundParameters.ContainsKey('OidcIssuerProfileEnabled') -or $PSBoundParameters.ContainsKey('WorkloadIdentityEnabled') ) {
+ $ExistConnectedKubernetes = Get-AzConnectedKubernetes -ResourceGroupName $ResourceGroupName -ClusterName $ClusterName @CommonPSBoundParameters
+
+ Write-Host "Cluster configuration is in progress..."
+ $timeout = [datetime]::Now.AddMinutes(60)
+
+ while (($ExistConnectedKubernetes.ArcAgentProfileAgentState -ne "Succeeded") -and ($ExistConnectedKubernetes.ArcAgentProfileAgentState -ne "Failed") -and ([datetime]::Now -lt $timeout)) {
+ Start-Sleep -Seconds 30
+ $ExistConnectedKubernetes = Get-AzConnectedKubernetes -ResourceGroupName $ResourceGroupName -ClusterName $ClusterName @CommonPSBoundParameters
+ }
+
+ if ($ExistConnectedKubernetes.ArcAgentProfileAgentState -eq "Succeeded") {
+ Write-Host "Cluster configuration succeeded."
+ } elseif ($ExistConnectedKubernetes.ArcAgentProfileAgentState -eq "Failed") {
+ Write-Error "Cluster configuration failed."
+ } else {
+ Write-Error "Cluster configuration timed out after 60 minutes."
+ } 
+ }
+ }
  Return $Response
  }
 }
diff --git a/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/custom/README.md b/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/custom/README.md
@@ -1,5 +1,5 @@
 # Custom
-This directory contains custom implementation for non-generated cmdlets for the `Az.ConnectedKubernetes` module. Both scripts (`.ps1`) and C# files (`.cs`) can be implemented here. They will be used during the build process in `build-module.ps1`, and create cmdlets into the `../exports` folder. The only generated file into this folder is the `Az.ConnectedKubernetes.custom.psm1`. This file should not be modified.
+This directory contains custom implementation for non-generated cmdlets for the `Az.ConnectedKubernetes` module. Both scripts (`.ps1`) and C# files (`.cs`) can be implemented here. They will be used during the build process in `build-module.ps1`, and create cmdlets into the `..\exports` folder. The only generated file into this folder is the `Az.ConnectedKubernetes.custom.psm1`. This file should not be modified.
 
 ## Info
 - Modifiable: yes
@@ -15,10 +15,10 @@ For C# cmdlets, they are compiled with the rest of the generated low-level cmdle
 For script cmdlets, these are loaded via the `Az.ConnectedKubernetes.custom.psm1`. Then, during the build process, this module is loaded and processed in the same manner as the C# cmdlets. The fundamental difference is the script cmdlets use the `ParameterSetName` attribute and C# cmdlets do not. To create a script cmdlet variant of a generated cmdlet, simply decorate all parameters in the script with the new `ParameterSetName` in the `Parameter` attribute. This will appropriately treat each parameter set as a separate variant when processed to be exported during the build.
 
 ## Purpose
-This allows the modules to have cmdlets that were not defined in the REST specification. It also allows combining logic using generated cmdlets. This is a level of customization beyond what can be done using the [readme configuration options](https:/Azure/autorest/blob/master/docs/powershell/options.md) that are currently available. These custom cmdlets are then referenced by the cmdlets created at build-time in the `../exports` folder.
+This allows the modules to have cmdlets that were not defined in the REST specification. It also allows combining logic using generated cmdlets. This is a level of customization beyond what can be done using the [readme configuration options](https:/Azure/autorest/blob/master/docs/powershell/options.md) that are currently available. These custom cmdlets are then referenced by the cmdlets created at build-time in the `..\exports` folder.
 
 ## Usage
-The easiest way currently to start developing custom cmdlets is to copy an existing cmdlet. For C# cmdlets, copy one from the `generated/cmdlets` folder. For script cmdlets, build the project using `build-module.ps1` and copy one of the scripts from the `../exports` folder. After that, if you want to add new parameter sets, follow the guidelines in the `Details` section above. For implementing a new cmdlets, at minimum, please keep these parameters:
+The easiest way currently to start developing custom cmdlets is to copy an existing cmdlet. For C# cmdlets, copy one from the `generated/cmdlets` folder. For script cmdlets, build the project using `build-module.ps1` and copy one of the scripts from the `..\exports` folder. After that, if you want to add new parameter sets, follow the guidelines in the `Details` section above. For implementing a new cmdlets, at minimum, please keep these parameters:
 - Break
 - DefaultProfile
 - HttpPipelineAppend
@@ -36,6 +36,6 @@ For processing the cmdlets, we've created some additional attributes:
 - `Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.DoNotExportAttribute`
  - Used in C# and script cmdlets to suppress creating an exported cmdlet at build-time. These cmdlets will *not be exposed* by `Az.ConnectedKubernetes`.
 - `Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.InternalExportAttribute`
- - Used in C# cmdlets to route exported cmdlets to the `../internal`, which are *not exposed* by `Az.ConnectedKubernetes`. For more information, see [README.md](../internal/README.md) in the `../internal` folder.
+ - Used in C# cmdlets to route exported cmdlets to the `..\internal`, which are *not exposed* by `Az.ConnectedKubernetes`. For more information, see [README.md](..\internal/README.md) in the `..\internal` folder.
 - `Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.ProfileAttribute`
  - Used in C# and script cmdlets to define which Azure profiles the cmdlet supports. This is only supported for Azure (`--azure`) modules.
diff --git a/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/custom/Set-AzConnectedKubernetes.ps1 b/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/custom/Set-AzConnectedKubernetes.ps1
@@ -232,6 +232,24 @@ function Set-AzConnectedKubernetes {
  # OID of 'custom-locations' app.
  ${CustomLocationsOid},
 
+ [Parameter()]
+ [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
+ [System.Management.Automation.SwitchParameter]
+ # Whether to enable oidc issuer for workload identity integration.
+ ${OidcIssuerProfileEnabled},
+
+ [Parameter()]
+ [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
+ [System.String]
+ # The issuer url for public cloud clusters - AKS, EKS, GKE - used for the workload identity feature.
+ ${OidcIssuerProfileSelfHostedIssuerUrl},
+
+ [Parameter()]
+ [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')]
+ [System.Management.Automation.SwitchParameter]
+ # Whether to enable or disable the workload identity Webhook
+ ${WorkloadIdentityEnabled},
+
  [Parameter()]
  [System.Management.Automation.SwitchParameter]
  # Accept EULA of ConnectedKubernetes, legal term will pop up without this parameter provided
@@ -742,5 +760,27 @@ function Set-AzConnectedKubernetes {
  }
  Return $Response
  }
+
+ if ($PSCmdlet.ShouldProcess($ClusterName, "Check agent state of the connected cluster")) {
+ if ($PSBoundParameters.ContainsKey('OidcIssuerProfileEnabled') -or $PSBoundParameters.ContainsKey('WorkloadIdentityEnabled') ) {
+ $ExistConnectedKubernetes = Get-AzConnectedKubernetes -ResourceGroupName $ResourceGroupName -ClusterName $ClusterName @CommonPSBoundParameters
+
+ Write-Host "Cluster configuration is in progress..."
+ $timeout = [datetime]::Now.AddMinutes(60)
+
+ while (($ExistConnectedKubernetes.ArcAgentProfileAgentState -ne "Succeeded") -and ($ExistConnectedKubernetes.ArcAgentProfileAgentState -ne "Failed") -and ([datetime]::Now -lt $timeout)) {
+ Start-Sleep -Seconds 30
+ $ExistConnectedKubernetes = Get-AzConnectedKubernetes -ResourceGroupName $ResourceGroupName -ClusterName $ClusterName @CommonPSBoundParameters
+ }
+
+ if ($ExistConnectedKubernetes.ArcAgentProfileAgentState -eq "Succeeded") {
+ Write-Host "Cluster configuration succeeded."
+ } elseif ($ExistConnectedKubernetes.ArcAgentProfileAgentState -eq "Failed") {
+ Write-Error "Cluster configuration failed."
+ } else {
+ Write-Error "Cluster configuration timed out after 60 minutes."
+ } 
+ }
+ }
  }
 }
diff --git a/...nectedKubernetes/ConnectedKubernetes.Autorest/docs/New-AzConnectedKubernetes.md b/...nectedKubernetes/ConnectedKubernetes.Autorest/docs/New-AzConnectedKubernetes.md
@@ -18,10 +18,12 @@ New-AzConnectedKubernetes -ClusterName <String> -ResourceGroupName <String> -Loc
  [-OnboardingTimeout <Int32>] [-ProxyCert <String>] [-SubscriptionId <String>] [-AcceptEULA]
  [-AzureHybridBenefit <AzureHybridBenefit>] [-CustomLocationsOid <String>] [-Distribution <String>]
  [-DistributionVersion <String>] [-Infrastructure <String>] [-KubeConfig <String>] [-KubeContext <String>]
+ [-OidcIssuerProfileEnabled] [-OidcIssuerProfileSelfHostedIssuerUrl <String>]
  [-PrivateLinkScopeResourceId <String>] [-PrivateLinkState <PrivateLinkState>]
- [-ProvisioningState <ProvisioningState>] [-Tag <Hashtable>] [-DefaultProfile <PSObject>] [-AsJob]
- [-ConfigurationProtectedSetting <Hashtable>] [-ConfigurationSetting <Hashtable>]
- [-GatewayResourceId <String>] [-NoWait] [-Confirm] [-WhatIf] [<CommonParameters>]
+ [-ProvisioningState <ProvisioningState>] [-Tag <Hashtable>] [-WorkloadIdentityEnabled]
+ [-DefaultProfile <PSObject>] [-AsJob] [-ConfigurationProtectedSetting <Hashtable>]
+ [-ConfigurationSetting <Hashtable>] [-GatewayResourceId <String>] [-NoWait] [-Confirm] [-WhatIf]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -455,6 +457,36 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -OidcIssuerProfileEnabled
+Whether to enable oidc issuer for workload identity integration.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -OidcIssuerProfileSelfHostedIssuerUrl
+The issuer url for public cloud clusters - AKS, EKS, GKE - used for the workload identity feature.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -OnboardingTimeout
 The time required (in seconds) for the arc-agent pods to be installed on the kubernetes cluster.
 
@@ -576,6 +608,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -WorkloadIdentityEnabled
+Whether to enable or disable the workload identity Webhook
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Confirm
 Prompts you for confirmation before running the cmdlet.
 

diff --git a/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/docs/README.md b/src/ConnectedKubernetes/ConnectedKubernetes.Autorest/docs/README.md
@@ -1,5 +1,5 @@
 # Docs
-This directory contains the documentation of the cmdlets for the `Az.ConnectedKubernetes` module. To run documentation generation, use the `generate-help.ps1` script at the root module folder. Files in this folder will *always be overridden on regeneration*. To update documentation examples, please use the `../examples` folder.
+This directory contains the documentation of the cmdlets for the `Az.ConnectedKubernetes` module. To run documentation generation, use the `generate-help.ps1` script at the root module folder. Files in this folder will *always be overridden on regeneration*. To update documentation examples, please use the `..\examples` folder.
 
 ## Info
 - Modifiable: no
@@ -8,4 +8,4 @@ This directory contains the documentation of the cmdlets for the `Az.ConnectedKu
 - Packaged: yes
 
 ## Details
-The process of documentation generation loads `Az.ConnectedKubernetes` and analyzes the exported cmdlets from the module. It recognizes the [help comments](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_comment_based_help) that are generated into the scripts in the `../exports` folder. Additionally, when writing custom cmdlets in the `../custom` folder, you can use the help comments syntax, which decorate the exported scripts at build-time. The documentation examples are taken from the `../examples` folder.
+The process of documentation generation loads `Az.ConnectedKubernetes` and analyzes the exported cmdlets from the module. It recognizes the [help comments](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_comment_based_help) that are generated into the scripts in the `..\exports` folder. Additionally, when writing custom cmdlets in the `..\custom` folder, you can use the help comments syntax, which decorate the exported scripts at build-time. The documentation examples are taken from the `..\examples` folder.