[Service Connector] `az webapp/containerapp/spring connection create/…

…update`: Support opt out action (#28079)
Azure · Jan 30, 2024 · 21b54b5 · 21b54b5
1 parent e4018b7
commit 21b54b5
Show file tree

Hide file tree

Showing 7 changed files with 4,873 additions and 9 deletions.
diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/_params.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/_params.py
@@ -29,7 +29,8 @@
     SUPPORTED_CLIENT_TYPE,
     TARGET_SUPPORT_SERVICE_ENDPOINT,
     TARGET_SUPPORT_PRIVATE_ENDPOINT,
-    LOCAL_CONNECTION_PARAMS
+    LOCAL_CONNECTION_PARAMS,
+    OPT_OUT_OPTION
 )
 from ._addon_factory import AddonFactory
 from knack.arguments import CLIArgumentType
@@ -236,6 +237,16 @@ def add_confluent_kafka_argument(context):
                      help='Name of the connection', validator=validate_kafka_params)
 
 
+def add_opt_out_argument(context):
+    context.argument('opt_out_list', options_list=['--opt-out'],
+                     default=None, nargs='+',
+                     arg_type=get_enum_type(OPT_OUT_OPTION),
+                     help='Whether to disable some configuration steps. '
+                     'Use configinfo to disbale configuration information changes on source. '
+                     'Use publicnetwork to disable public network access configuration.'
+                     )
+
+
 def load_arguments(self, _):  # pylint: disable=too-many-statements
 
     for source in SOURCE_RESOURCES_PARAMS:
@@ -278,6 +289,7 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
                 add_vnet_block(c, target)
                 add_connection_string_argument(c, source, target)
                 add_customized_keys_argument(c)
+                add_opt_out_argument(c)
             with self.argument_context('{} connection update {}'.format(source.value, target.value)) as c:
                 add_client_type_argument(c, source, target)
                 add_connection_name_argument(c, source)
@@ -287,6 +299,7 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
                 add_vnet_block(c, target)
                 add_connection_string_argument(c, source, target)
                 add_customized_keys_argument(c)
+                add_opt_out_argument(c)
 
         # special target resource: independent implementation
         target = RESOURCE.ConfluentKafka
@@ -296,12 +309,14 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
             add_confluent_kafka_argument(c)
             add_secret_store_argument(c)
             add_customized_keys_argument(c)
+            add_opt_out_argument(c)
         with self.argument_context('{} connection update {}'.format(source.value, target.value)) as c:
             add_client_type_argument(c, source, target)
             add_source_resource_block(c, source, enable_id=False)
             add_confluent_kafka_argument(c)
             add_secret_store_argument(c)
             add_customized_keys_argument(c)
+            add_opt_out_argument(c)
 
     # local connection
     with self.argument_context('connection list') as c:

diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/_resource_config.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/_resource_config.py
@@ -1132,3 +1132,10 @@ class CLIENT_TYPE(Enum):
 SUPPORTED_CLIENT_TYPE[RESOURCE.ContainerApp] = SUPPORTED_CLIENT_TYPE[RESOURCE.WebApp]
 SUPPORTED_CLIENT_TYPE[RESOURCE.Local] = SUPPORTED_CLIENT_TYPE[RESOURCE.WebApp]
 SUPPORTED_CLIENT_TYPE[RESOURCE.FunctionApp] = SUPPORTED_CLIENT_TYPE[RESOURCE.WebApp]
+
+
+# The dict defines the options for opt-out
+class OPT_OUT_OPTION(Enum):
+    PUBLIC_NETWORK = 'publicnetwork'
+    CONFIGURATION_INFO = 'configinfo'
+    # AUTHENTICATION = 'auth'
diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/custom.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/custom.py
@@ -20,7 +20,8 @@
     SUPPORTED_CLIENT_TYPE,
     TARGET_RESOURCES,
     AUTH_TYPE,
-    RESOURCE
+    RESOURCE,
+    OPT_OUT_OPTION,
 )
 from ._validators import (
     get_source_resource_name,
@@ -294,6 +295,7 @@ def connection_create(cmd, client,  # pylint: disable=too-many-locals,too-many-s
                       private_endpoint=None,
                       store_in_connection_string=False,
                       customized_keys=None,
+                      opt_out_list=None,
                       new_addon=False, no_wait=False,
                       cluster=None, scope=None, enable_csi=False,            # Resource.KubernetesCluster
                       site=None, slot=None,                                  # Resource.WebApp
@@ -327,7 +329,8 @@ def connection_create(cmd, client,  # pylint: disable=too-many-locals,too-many-s
                                                       store_in_connection_string,
                                                       new_addon, no_wait,
                                                       cluster, scope, enable_csi,
-                                                      customized_keys=customized_keys)
+                                                      customized_keys=customized_keys,
+                                                      opt_out_list=opt_out_list)
         raise CLIInternalError("Fail to install `serviceconnector-passwordless` extension. Please manually install it"
                                " with `az extension add --name serviceconnector-passwordless --upgrade`"
                                " and rerun the command")
@@ -345,6 +348,7 @@ def connection_create(cmd, client,  # pylint: disable=too-many-locals,too-many-s
                                   # Resource.KubernetesCluster
                                   cluster, scope, enable_csi,
                                   customized_keys=customized_keys,
+                                  opt_out_list=opt_out_list,
                                   )
 
 
@@ -375,6 +379,7 @@ def connection_create_func(cmd, client,  # pylint: disable=too-many-locals,too-m
                            signalr=None,                                          # Resource.SignalR
                            enable_mi_for_db_linker=None,
                            customized_keys=None,
+                           opt_out_list=None,
                            **kwargs,
                            ):
     if not source_id:
@@ -391,6 +396,11 @@ def connection_create_func(cmd, client,  # pylint: disable=too-many-locals,too-m
         else:
             logger.warning('client_type is not dotnet, ignore "--config-connstr"')
 
+    config_action = 'optOut' if (opt_out_list is not None and
+                                 OPT_OUT_OPTION.CONFIGURATION_INFO.value in opt_out_list) else None
+    public_network_action = 'optOut' if (opt_out_list is not None and
+                                         OPT_OUT_OPTION.PUBLIC_NETWORK.value in opt_out_list) else None
+
     parameters = {
         'target_service': {
             "type": "AzureResource",
@@ -403,7 +413,11 @@ def connection_create_func(cmd, client,  # pylint: disable=too-many-locals,too-m
         'client_type': client_type,
         'scope': scope,
         'configurationInfo': {
-            'customizedKeys': customized_keys
+            'customizedKeys': customized_keys,
+            'action': config_action
+        },
+        'publicNetworkSolution': {
+            'action': public_network_action
         }
     }
 
@@ -611,6 +625,7 @@ def connection_update(cmd, client,  # pylint: disable=too-many-locals, too-many-
                       site=None, slot=None,                                   # Resource.WebApp
                       spring=None, app=None, deployment=None,                 # Resource.SpringCloud
                       customized_keys=None,
+                      opt_out_list=None,
                       ):
 
     linker = todict(client.get(resource_uri=source_id, linker_name=connection_name))
@@ -657,6 +672,12 @@ def connection_update(cmd, client,  # pylint: disable=too-many-locals, too-many-
 
     if linker.get('configurationInfo') and linker.get('configurationInfo').get('customizedKeys'):
         customized_keys = customized_keys or linker.get('configurationInfo').get('customizedKeys')
+
+    config_action = 'optOut' if (opt_out_list is not None and
+                                 OPT_OUT_OPTION.CONFIGURATION_INFO.value in opt_out_list) else None
+    public_network_action = 'optOut' if (opt_out_list is not None and
+                                         OPT_OUT_OPTION.PUBLIC_NETWORK.value in opt_out_list) else None
+
     parameters = {
         'target_service': linker.get('targetService'),
         'auth_info': auth_info,
@@ -667,7 +688,11 @@ def connection_update(cmd, client,  # pylint: disable=too-many-locals, too-many-
         # scope can be updated in container app while cannot be updated in aks due to some limitations
         'scope': scope or linker.get('scope'),
         'configurationInfo': {
-            'customizedKeys': customized_keys
+            'customizedKeys': customized_keys,
+            'action': config_action
+        },
+        'publicNetworkSolution': {
+            'action': public_network_action
         }
     }
 
@@ -993,6 +1018,7 @@ def connection_create_kafka(cmd, client,  # pylint: disable=too-many-locals
                             source_resource_group=None,
                             source_id=None,
                             customized_keys=None,
+                            opt_out_list=None,
                             cluster=None, scope=None,          # Resource.Kubernetes
                             site=None, slot=None,              # Resource.WebApp
                             deployment=None,
@@ -1010,6 +1036,11 @@ def connection_create_kafka(cmd, client,  # pylint: disable=too-many-locals
         from ._utils import create_key_vault_reference_connection_if_not_exist
         create_key_vault_reference_connection_if_not_exist(cmd, client, source_id, key_vault_id)
 
+    config_action = 'optOut' if (opt_out_list is not None and
+                                 OPT_OUT_OPTION.CONFIGURATION_INFO.value in opt_out_list) else None
+    public_network_action = 'optOut' if (opt_out_list is not None and
+                                         OPT_OUT_OPTION.PUBLIC_NETWORK.value in opt_out_list) else None
+
     # create bootstrap-server
     parameters = {
         'target_service': {
@@ -1030,8 +1061,12 @@ def connection_create_kafka(cmd, client,  # pylint: disable=too-many-locals
         'client_type': client_type,
         'scope': scope,
         'configurationInfo': {
-            'customizedKeys': customized_keys
+            'customizedKeys': customized_keys,
+            'action': config_action
         },
+        'publicNetworkSolution': {
+            'action': public_network_action
+        }
     }
     logger.warning('Start creating a connection for bootstrap server ...')
     server_linker = client.begin_create_or_update(resource_uri=source_id,
@@ -1059,7 +1094,10 @@ def connection_create_kafka(cmd, client,  # pylint: disable=too-many-locals
             'key_vault_id': key_vault_id,
         },
         'client_type': client_type,
-        'scope': scope
+        'scope': scope,
+        'configurationInfo': {
+            'action': config_action
+        }
     }
     logger.warning('Start creating a connection for schema registry ...')
     registry_linker = client.begin_create_or_update(resource_uri=source_id,
@@ -1088,11 +1126,17 @@ def connection_update_kafka(cmd, client,  # pylint: disable=too-many-locals
                             source_resource_group=None,
                             source_id=None,
                             customized_keys=None,
+                            opt_out_list=None,
                             cluster=None,
                             site=None, slot=None,              # Resource.WebApp
                             deployment=None,
                             spring=None, app=None):            # Resource.SpringCloud
 
+    config_action = 'optOut' if (opt_out_list is not None and
+                                 OPT_OUT_OPTION.CONFIGURATION_INFO.value in opt_out_list) else None
+    public_network_action = 'optOut' if (opt_out_list is not None and
+                                         OPT_OUT_OPTION.PUBLIC_NETWORK.value in opt_out_list) else None
+
     # use the suffix to decide the connection type
     if connection_name.endswith('_schema'):  # the schema registry connection
         if schema_secret is None:
@@ -1125,7 +1169,8 @@ def connection_update_kafka(cmd, client,  # pylint: disable=too-many-locals
             # scope does not support update due to aks solution's limitation
             'scope': server_linker.get('scope'),
             'configurationInfo': {
-                'customizedKeys': customized_keys
+                'customizedKeys': customized_keys,
+                'action': config_action,
             },
         }
         if schema_registry:
@@ -1162,8 +1207,12 @@ def connection_update_kafka(cmd, client,  # pylint: disable=too-many-locals
             },
             'client_type': client_type or schema_linker.get('clientType'),
             'configurationInfo': {
-                'customizedKeys': customized_keys
+                'customizedKeys': customized_keys,
+                'action': config_action
             },
+            'publicNetworkSolution': {
+                'action': public_network_action
+            }
         }
         if bootstrap_server:
             parameters['targetService'] = {