Azure · zhoxing-ms · Dec 14, 2022 · Dec 13, 2022 · Dec 13, 2022 · Dec 13, 2022
@@ -12,8 +12,11 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 
-* GA file, blob csi driver and snapshot controller.
-* GA Azure Dedicated Host.
+0.5.120
++++++++
+* Remove file, blob csi driver and snapshot controller related CSI driver code after GA, reuse the implementation in azure-cli/acs.
+* Remove Azure Dedicated Host related code after GA, reuse the implementation in azure-cli/acs.
+* Remove KMS related code after GA, reuse the implementation in azure-cli/acs.
 
 0.5.119
 +++++++

@@ -834,250 +834,6 @@ def get_oidc_issuer_profile(self) -> ManagedClusterOIDCIssuerProfile:
 
         return profile
 
-    def _get_enable_azure_keyvault_kms(self, enable_validation: bool = False) -> bool:
-        """Internal function to obtain the value of enable_azure_keyvault_kms.
-
-        This function supports the option of enable_validation. When enabled, if azure_keyvault_kms_key_id is empty,
-        raise a RequiredArgumentMissingError.
-
-        :return: bool
-        """
-        # read the original value passed by the command
-        enable_azure_keyvault_kms = self.raw_param.get("enable_azure_keyvault_kms")
-        # In create mode, try to read the property value corresponding to the parameter from the `mc` object.
-        if self.decorator_mode == DecoratorMode.CREATE:
-            if (
-                self.mc and
-                self.mc.security_profile and
-                self.mc.security_profile.azure_key_vault_kms
-            ):
-                enable_azure_keyvault_kms = self.mc.security_profile.azure_key_vault_kms.enabled
-
-        # this parameter does not need dynamic completion
-        # validation
-        if enable_validation:
-            if bool(enable_azure_keyvault_kms) != bool(self._get_azure_keyvault_kms_key_id(enable_validation=False)):
-                raise RequiredArgumentMissingError(
-                    'You must set "--enable-azure-keyvault-kms" and "--azure-keyvault-kms-key-id" at the same time.'
-                )
-
-        return enable_azure_keyvault_kms
-
-    def get_enable_azure_keyvault_kms(self) -> bool:
-        """Obtain the value of enable_azure_keyvault_kms.
-
-        This function will verify the parameter by default. When enabled, if azure_keyvault_kms_key_id is empty,
-        raise a RequiredArgumentMissingError.
-
-        :return: bool
-        """
-        return self._get_enable_azure_keyvault_kms(enable_validation=True)
-
-    def _get_disable_azure_keyvault_kms(self, enable_validation: bool = False) -> bool:
-        """Internal function to obtain the value of disable_azure_keyvault_kms.
-
-        This function supports the option of enable_validation. When enabled, if both enable_azure_keyvault_kms and disable_azure_keyvault_kms are
-        specified, raise a MutuallyExclusiveArgumentError.
-
-        :return: bool
-        """
-        # Read the original value passed by the command.
-        disable_azure_keyvault_kms = self.raw_param.get("disable_azure_keyvault_kms")
-
-        # This option is not supported in create mode, hence we do not read the property value from the `mc` object.
-        # This parameter does not need dynamic completion.
-        if enable_validation:
-            if disable_azure_keyvault_kms and self._get_enable_azure_keyvault_kms(enable_validation=False):
-                raise MutuallyExclusiveArgumentError(
-                    "Cannot specify --enable-azure-keyvault-kms and --disable-azure-keyvault-kms at the same time."
-                )
-
-        return disable_azure_keyvault_kms
-
-    def get_disable_azure_keyvault_kms(self) -> bool:
-        """Obtain the value of disable_azure_keyvault_kms.
-
-        This function will verify the parameter by default. If both enable_azure_keyvault_kms and disable_azure_keyvault_kms are specified, raise a
-        MutuallyExclusiveArgumentError.
-
-        :return: bool
-        """
-        return self._get_disable_azure_keyvault_kms(enable_validation=True)
-
-    def _get_azure_keyvault_kms_key_id(self, enable_validation: bool = False) -> Union[str, None]:
-        """Internal function to obtain the value of azure_keyvault_kms_key_id according to the context.
-
-        This function supports the option of enable_validation. When enabled, it will check if azure_keyvault_kms_key_id is
-        assigned but enable_azure_keyvault_kms is not specified, if so, raise a RequiredArgumentMissingError.
-
-        :return: string or None
-        """
-        # read the original value passed by the command
-        azure_keyvault_kms_key_id = self.raw_param.get("azure_keyvault_kms_key_id")
-        # In create mode, try to read the property value corresponding to the parameter from the `mc` object.
-        if self.decorator_mode == DecoratorMode.CREATE:
-            if (
-                self.mc and
-                self.mc.security_profile and
-                self.mc.security_profile.azure_key_vault_kms and
-                self.mc.security_profile.azure_key_vault_kms.key_id is not None
-            ):
-                azure_keyvault_kms_key_id = self.mc.security_profile.azure_key_vault_kms.key_id
-
-        if enable_validation:
-            enable_azure_keyvault_kms = self._get_enable_azure_keyvault_kms(
-                enable_validation=False)
-            if (
-                azure_keyvault_kms_key_id and
-                (
-                    enable_azure_keyvault_kms is None or
-                    enable_azure_keyvault_kms is False
-                )
-            ):
-                raise RequiredArgumentMissingError(
-                    '"--azure-keyvault-kms-key-id" requires "--enable-azure-keyvault-kms".')
-
-        return azure_keyvault_kms_key_id
-
-    def get_azure_keyvault_kms_key_id(self) -> Union[str, None]:
-        """Obtain the value of azure_keyvault_kms_key_id.
-
-        This function will verify the parameter by default. When enabled, if enable_azure_keyvault_kms is False,
-        raise a RequiredArgumentMissingError.
-
-        :return: bool
-        """
-        return self._get_azure_keyvault_kms_key_id(enable_validation=True)
-
-    def _get_azure_keyvault_kms_key_vault_network_access(self, enable_validation: bool = False) -> Union[str, None]:
-        """Internal function to obtain the value of azure_keyvault_kms_key_vault_network_access according to the
-        context.
-
-        This function supports the option of enable_validation. When enabled, it will check if
-        azure_keyvault_kms_key_vault_network_access is assigned but enable_azure_keyvault_kms is not specified, if so,
-        raise a RequiredArgumentMissingError.
-
-        :return: string or None
-        """
-        # read the original value passed by the command
-        azure_keyvault_kms_key_vault_network_access = self.raw_param.get(
-            "azure_keyvault_kms_key_vault_network_access"
-        )
-
-        # validation
-        if enable_validation:
-            enable_azure_keyvault_kms = self._get_enable_azure_keyvault_kms(
-                enable_validation=False)
-            if azure_keyvault_kms_key_vault_network_access is None:
-                raise RequiredArgumentMissingError(
-                    '"--azure-keyvault-kms-key-vault-network-access" is required.')
-
-            if (
-                azure_keyvault_kms_key_vault_network_access and
-                (
-                    enable_azure_keyvault_kms is None or
-                    enable_azure_keyvault_kms is False
-                )
-            ):
-                raise RequiredArgumentMissingError(
-                    '"--azure-keyvault-kms-key-vault-network-access" requires "--enable-azure-keyvault-kms".')
-
-            if azure_keyvault_kms_key_vault_network_access == CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE:
-                key_vault_resource_id = self._get_azure_keyvault_kms_key_vault_resource_id(
-                    enable_validation=False)
-                if (
-                    key_vault_resource_id is None or
-                    key_vault_resource_id == ""
-                ):
-                    raise RequiredArgumentMissingError(
-                        '"--azure-keyvault-kms-key-vault-resource-id" is required when "--azure-keyvault-kms-key-vault-network-access" is Private.')
-
-        return azure_keyvault_kms_key_vault_network_access
-
-    def get_azure_keyvault_kms_key_vault_network_access(self) -> Union[str, None]:
-        """Obtain the value of azure_keyvault_kms_key_vault_network_access.
-
-        This function will verify the parameter by default. When enabled, if enable_azure_keyvault_kms is False,
-        raise a RequiredArgumentMissingError.
-
-        :return: bool
-        """
-        return self._get_azure_keyvault_kms_key_vault_network_access(enable_validation=True)
-
-    def _get_azure_keyvault_kms_key_vault_resource_id(self, enable_validation: bool = False) -> Union[str, None]:
-        """Internal function to obtain the value of azure_keyvault_kms_key_vault_resource_id according to the context.
-
-        This function supports the option of enable_validation. When enabled, it will do validation, and raise a
-        RequiredArgumentMissingError.
-
-        :return: string or None
-        """
-        # read the original value passed by the command
-        azure_keyvault_kms_key_vault_resource_id = self.raw_param.get(
-            "azure_keyvault_kms_key_vault_resource_id"
-        )
-        if self.decorator_mode == DecoratorMode.CREATE:
-            if (
-                self.mc and
-                self.mc.security_profile and
-                self.mc.security_profile.azure_key_vault_kms and
-                self.mc.security_profile.azure_key_vault_kms.key_vault_resource_id is not None
-            ):
-                azure_keyvault_kms_key_vault_resource_id = (
-                    self.mc.security_profile.azure_key_vault_kms.key_vault_resource_id
-                )
-
-        # validation
-        if enable_validation:
-            enable_azure_keyvault_kms = self._get_enable_azure_keyvault_kms(
-                enable_validation=False)
-            if (
-                azure_keyvault_kms_key_vault_resource_id and
-                (
-                    enable_azure_keyvault_kms is None or
-                    enable_azure_keyvault_kms is False
-                )
-            ):
-                raise RequiredArgumentMissingError(
-                    '"--azure-keyvault-kms-key-vault-resource-id" requires "--enable-azure-keyvault-kms".')
-
-            key_vault_network_access = self._get_azure_keyvault_kms_key_vault_network_access(
-                enable_validation=False)
-            if (
-                key_vault_network_access == CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE and
-                (
-                    azure_keyvault_kms_key_vault_resource_id is None or
-                    azure_keyvault_kms_key_vault_resource_id == ""
-                )
-            ):
-                raise ArgumentUsageError(
-                    '"--azure-keyvault-kms-key-vault-resource-id" can not be empty if '
-                    '"--azure-keyvault-kms-key-vault-network-access" is "Private".'
-                )
-            if (
-                key_vault_network_access == CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC and
-                (
-                    azure_keyvault_kms_key_vault_resource_id is not None and
-                    azure_keyvault_kms_key_vault_resource_id != ""
-                )
-            ):
-                raise ArgumentUsageError(
-                    '"--azure-keyvault-kms-key-vault-resource-id" must be empty if '
-                    '"--azure-keyvault-kms-key-vault-network-access" is "Public".'
-                )
-
-        return azure_keyvault_kms_key_vault_resource_id
-
-    def get_azure_keyvault_kms_key_vault_resource_id(self) -> Union[str, None]:
-        """Obtain the value of azure_keyvault_kms_key_vault_resource_id.
-
-        This function will verify the parameter by default. When enabled, if enable_azure_keyvault_kms is False,
-        raise a RequiredArgumentMissingError.
-
-        :return: bool
-        """
-        return self._get_azure_keyvault_kms_key_vault_resource_id(enable_validation=True)
-
     def get_enable_image_cleaner(self) -> bool:
         """Obtain the value of enable_image_cleaner.
 
@@ -2343,29 +2099,6 @@ def set_up_workload_identity_profile(self, mc: ManagedCluster) -> ManagedCluster
 
         return mc
 
-    def set_up_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster:
-        """Set up security profile azureKeyVaultKms for the ManagedCluster object.
-
-        :return: the ManagedCluster object
-        """
-        self._ensure_mc(mc)
-
-        if self.context.get_enable_azure_keyvault_kms():
-            key_id = self.context.get_azure_keyvault_kms_key_id()
-            if key_id:
-                if mc.security_profile is None:
-                    mc.security_profile = self.models.ManagedClusterSecurityProfile()
-                mc.security_profile.azure_key_vault_kms = self.models.AzureKeyVaultKms(
-                    enabled=True,
-                    key_id=key_id,
-                )
-                key_vault_network_access = self.context.get_azure_keyvault_kms_key_vault_network_access()
-                mc.security_profile.azure_key_vault_kms.key_vault_network_access = key_vault_network_access
-                if key_vault_network_access == CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE:
-                    mc.security_profile.azure_key_vault_kms.key_vault_resource_id = self.context.get_azure_keyvault_kms_key_vault_resource_id()
-
-        return mc
-
     def set_up_image_cleaner(self, mc: ManagedCluster) -> ManagedCluster:
         """Set up security profile imageCleaner for the ManagedCluster object.
 
@@ -2553,8 +2286,6 @@ def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) ->
         mc = self.set_up_oidc_issuer_profile(mc)
         # set up workload identity profile
         mc = self.set_up_workload_identity_profile(mc)
-        # set up azure keyvalut kms
-        mc = self.set_up_azure_keyvault_kms(mc)
         # set up node restriction
         mc = self.set_up_node_restriction(mc)
         # set up image cleaner
@@ -2865,49 +2596,6 @@ def update_workload_identity_profile(self, mc: ManagedCluster) -> ManagedCluster
 
         return mc
 
-    def update_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster:
-        """Update security profile azureKeyvaultKms for the ManagedCluster object.
-
-        :return: the ManagedCluster object
-        """
-        self._ensure_mc(mc)
-
-        if self.context.get_enable_azure_keyvault_kms():
-            # get kms profile
-            if mc.security_profile is None:
-                mc.security_profile = self.models.ManagedClusterSecurityProfile()
-            azure_key_vault_kms_profile = mc.security_profile.azure_key_vault_kms
-            if azure_key_vault_kms_profile is None:
-                azure_key_vault_kms_profile = self.models.AzureKeyVaultKms()
-                mc.security_profile.azure_key_vault_kms = azure_key_vault_kms_profile
-
-            # set enabled
-            azure_key_vault_kms_profile.enabled = True
-            # set key id
-            azure_key_vault_kms_profile.key_id = self.context.get_azure_keyvault_kms_key_id()
-            # set network access, should never be None for now, can be safely assigned, temp fix for rp
-            # the value is obtained from user input or backfilled from existing mc or to default value
-            azure_key_vault_kms_profile.key_vault_network_access = self.context.get_azure_keyvault_kms_key_vault_network_access()
-            # set key vault resource id
-            if azure_key_vault_kms_profile.key_vault_network_access == CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE:
-                azure_key_vault_kms_profile.key_vault_resource_id = self.context.get_azure_keyvault_kms_key_vault_resource_id()
-            else:
-                azure_key_vault_kms_profile.key_vault_resource_id = ""
-
-        if self.context.get_disable_azure_keyvault_kms():
-            # get kms profile
-            if mc.security_profile is None:
-                mc.security_profile = self.models.ManagedClusterSecurityProfile()
-            azure_key_vault_kms_profile = mc.security_profile.azure_key_vault_kms
-            if azure_key_vault_kms_profile is None:
-                azure_key_vault_kms_profile = self.models.AzureKeyVaultKms()
-                mc.security_profile.azure_key_vault_kms = azure_key_vault_kms_profile
-
-            # set enabled to False
-            azure_key_vault_kms_profile.enabled = False
-
-        return mc
-
     def update_image_cleaner(self, mc: ManagedCluster) -> ManagedCluster:
         """Update security profile imageCleaner for the ManagedCluster object.
 
@@ -3166,8 +2854,6 @@ def update_mc_profile_preview(self) -> ManagedCluster:
         mc = self.update_oidc_issuer_profile(mc)
         # update workload identity profile
         mc = self.update_workload_identity_profile(mc)
-        # update azure keyvalut kms
-        mc = self.update_azure_keyvault_kms(mc)
         # update node restriction
         mc = self.update_node_restriction(mc)
         # update image cleaner

@@ -9,7 +9,7 @@
 
 from setuptools import setup, find_packages
 
-VERSION = "0.5.119"
+VERSION = "0.5.120"
 
 CLASSIFIERS = [
     "Development Status :: 4 - Beta",