From d3307528b5b0d6456fcad1a800fa104a892160b7 Mon Sep 17 00:00:00 2001 From: wyunchi Date: Fri, 23 Apr 2021 21:55:16 +0800 Subject: [PATCH 1/5] Add SetAzureRmAksCredential --- src/Aks/Aks/Az.Aks.psd1 | 2 +- .../Aks/Commands/SetAzureRmAksCredential.cs | 235 ++++++++++++++++++ src/Aks/Aks/help/Az.Aks.md | 2 +- 3 files changed, 237 insertions(+), 2 deletions(-) create mode 100644 src/Aks/Aks/Commands/SetAzureRmAksCredential.cs diff --git a/src/Aks/Aks/Az.Aks.psd1 b/src/Aks/Aks/Az.Aks.psd1 index ee411956a577..53ed0c719b67 100644 --- a/src/Aks/Aks/Az.Aks.psd1 +++ b/src/Aks/Aks/Az.Aks.psd1 @@ -76,7 +76,7 @@ FunctionsToExport = @() # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = 'Get-AzAksCluster', 'New-AzAksCluster', 'Remove-AzAksCluster', - 'Import-AzAksCredential', 'Start-AzAksDashboard', + 'Import-AzAksCredential', 'Start-AzAksDashboard', 'Update-AzAksCredential', 'Stop-AzAksDashboard', 'Set-AzAksCluster', 'New-AzAksNodePool', 'Update-AzAksNodePool', 'Remove-AzAksNodePool', 'Get-AzAksNodePool', 'Install-AzAksKubectl', 'Get-AzAksVersion', 'Enable-AzAksAddOn', diff --git a/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs new file mode 100644 index 000000000000..800790540def --- /dev/null +++ b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs @@ -0,0 +1,235 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + + +using Microsoft.Azure.Commands.Aks.Models; +using Microsoft.Azure.Commands.Aks.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Management.ContainerService; +using Microsoft.Azure.Management.ContainerService.Models; +using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; +using Microsoft.WindowsAzure.Commands.Common; + +using System; +using System.Collections.Generic; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.Aks.Commands +{ + [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "AksCredential", SupportsShouldProcess = true, DefaultParameterSetName = ResetServicePrincipalWithGroupNameParameterSet)] + [OutputType(typeof(bool))] + class SetAzureRmAksCredential : KubeCmdletBase + { + private const string ResetServicePrincipalWithIdParameterSet = "ResetServicePrincipalWithIdParameterSet"; + private const string ResetServicePrincipalWithGroupNameParameterSet = "ResetServicePrincipalWithGroupNameParameterSet"; + private const string ResetServicePrincipalWithInputObjectParameterSet = "ResetServicePrincipalWithInputObjectParameterSet"; + private const string ResetAadWithIdParameterSet = "ResetAadWithIdParameterSet"; + private const string ResetAadWithGroupNameParameterSet = "ResetAadWithGroupNameParameterSet"; + private const string ResetAadWithInputObjectParameterSet = "ResetAadWithInputObjectParameterSet"; + + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, + ValueFromPipeline = true, + HelpMessage = "A PSKubernetesCluster object, normally passed through the pipeline.")] + [Parameter(Mandatory = true, + ParameterSetName = ResetAadWithInputObjectParameterSet, + ValueFromPipeline = true, + HelpMessage = "A PSKubernetesCluster object, normally passed through the pipeline.")] + [ValidateNotNullOrEmpty] + public PSKubernetesCluster InputObject { get; set; } + + [Parameter(Mandatory = true, + ParameterSetName = ResetAadWithIdParameterSet, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Id of a managed Kubernetes cluster")] + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithIdParameterSet, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Id of a managed Kubernetes cluster")] + [ValidateNotNullOrEmpty] + [Alias("ResourceId")] + public string Id { get; set; } + + /// + /// Resource group name + /// + [Parameter( + Position = 0, + Mandatory = true, + ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, + HelpMessage = "Resource group name")] + [Parameter( + Position = 0, + Mandatory = true, + ParameterSetName = ResetAadWithGroupNameParameterSet, + HelpMessage = "Resource group name")] + [ResourceGroupCompleter()] + [ValidateNotNullOrEmpty] + public string ResourceGroupName { get; set; } + + /// + /// Cluster name + /// + [Parameter( + Mandatory = true, + Position = 1, + ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, + HelpMessage = "Name of your managed Kubernetes cluster")] + [Parameter( + Mandatory = true, + Position = 1, + ParameterSetName = ResetAadWithGroupNameParameterSet, + HelpMessage = "Name of your managed Kubernetes cluster")] + [ValidateNotNullOrEmpty] + public string Name { get; set; } + + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, + HelpMessage = "The client app id associated with the AAD application / service principal.")] + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, + HelpMessage = "The client app id associated with the AAD application / service principal.")] + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithIdParameterSet, + HelpMessage = "The client app id associated with the AAD application / service principal.")] + [ValidateNotNullOrEmpty] + public string ClientAppID { get; set; } + + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, + HelpMessage = "The tenant id with the AAD application / service principal.")] + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, + HelpMessage = "The tenant id with the AAD application / service principal.")] + [Parameter(Mandatory = true, + ParameterSetName = ResetServicePrincipalWithIdParameterSet, + HelpMessage = "The tenant id with the AAD application / service principal.")] + [ValidateNotNullOrEmpty] + public string TenantID { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, + HelpMessage = "The server app id and server secret associated with the AAD application / service principal.")] + [Parameter( + Mandatory = true, + ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, + HelpMessage = "The server app id and server secret associated with the AAD application / service principal.")] + [Parameter( + Mandatory = true, + ParameterSetName = ResetServicePrincipalWithIdParameterSet, + HelpMessage = "The server app id and server secret associated with the AAD application / service principal.")] + public PSCredential ServerAppIdAndSecret { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = ResetAadWithGroupNameParameterSet, + HelpMessage = "The client id and client secret associated with the AAD application / service principal.")] + [Parameter( + Mandatory = true, + ParameterSetName = ResetAadWithInputObjectParameterSet, + HelpMessage = "The client id and client secret associated with the AAD application / service principal.")] + [Parameter( + Mandatory = true, + ParameterSetName = ResetAadWithIdParameterSet, + HelpMessage = "The client id and client secret associated with the AAD application / service principal.")] + public PSCredential ServicePrincipalIdAndSecret { get; set; } + + [Parameter(Mandatory = false)] + public SwitchParameter PassThru { get; set; } + + [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")] + public SwitchParameter AsJob { get; set; } + + [Parameter(Mandatory = false, HelpMessage = "Remove managed Kubernetes cluster without prompt")] + public SwitchParameter Force { get; set; } + + public override void ExecuteCmdlet() + { + base.ExecuteCmdlet(); + + switch (ParameterSetName) + { + case ResetServicePrincipalWithIdParameterSet: + case ResetAadWithIdParameterSet: + { + var resource = new ResourceIdentifier(Id); + ResourceGroupName = resource.ResourceGroupName; + Name = resource.ResourceName; + break; + } + case ResetServicePrincipalWithInputObjectParameterSet: + case ResetAadWithInputObjectParameterSet: + { + var resource = new ResourceIdentifier(InputObject.Id); + ResourceGroupName = resource.ResourceGroupName; + Name = resource.ResourceName; + break; + } + } + + var msg = $"{Name} in {ResourceGroupName}"; + + ConfirmAction(Force.IsPresent, + Resources.DoYouWantToDeleteTheManagedKubernetesCluster, + Resources.RemovingTheManagedKubernetesCluster, + msg, + () => + { + RunCmdLet(() => + { + if (ParameterSetName.Equals(ResetServicePrincipalWithInputObjectParameterSet) + || ParameterSetName.Equals(ResetServicePrincipalWithGroupNameParameterSet) + || ParameterSetName.Equals(ResetServicePrincipalWithIdParameterSet)) + { + ResetServicePrincipalProfile(); + } + else + { + ResetAADProfile(); + } + if (PassThru) + { + WriteObject(true); + } + }); + }); + } + + private void ResetAADProfile() + { + ManagedClusterAADProfile aadProfile = new ManagedClusterAADProfile() + { + ClientAppID = ClientAppID, + TenantID = TenantID, + ServerAppID = ServerAppIdAndSecret.UserName, + ServerAppSecret = ServerAppIdAndSecret.Password.ConvertToString() + }; + Client.ManagedClusters.ResetAADProfile(ResourceGroupName, Name, aadProfile); + } + + private void ResetServicePrincipalProfile() + { + ManagedClusterServicePrincipalProfile servicePrincipalProfile = new ManagedClusterServicePrincipalProfile() + { + ClientId = ServicePrincipalIdAndSecret.UserName, + Secret = ServicePrincipalIdAndSecret.Password.ConvertToString() + }; + Client.ManagedClusters.ResetServicePrincipalProfile(ResourceGroupName, Name, servicePrincipalProfile); + } + } +} diff --git a/src/Aks/Aks/help/Az.Aks.md b/src/Aks/Aks/help/Az.Aks.md index 71995c33a824..57f0c2dcae42 100644 --- a/src/Aks/Aks/help/Az.Aks.md +++ b/src/Aks/Aks/help/Az.Aks.md @@ -21,7 +21,7 @@ Enable the addons for aks. List Kubernetes managed clusters. ### [Get-AzAksNodePool](Get-AzAksNodePool.md) -Create node pool in specified cluster. +List node pools in specified cluster. ### [Get-AzAksVersion](Get-AzAksVersion.md) List available version for creating managed Kubernetes cluster. From 5b5af62f07e5330c3c8dfcaa18eda4039e220e80 Mon Sep 17 00:00:00 2001 From: wyunchi Date: Sat, 24 Apr 2021 20:07:56 +0800 Subject: [PATCH 2/5] Add `Set-AzAksClusterCredential` to reset the ServicePrincipal or reset AAD profile of a existing aks cluster. --- .../Aks.Test/ScenarioTests/KubernetesTests.cs | 7 + .../ScenarioTests/KubernetesTests.ps1 | 31 +- src/Aks/Aks/Az.Aks.psd1 | 4 +- src/Aks/Aks/ChangeLog.md | 1 + .../Aks/Commands/SetAzureRmAksCredential.cs | 79 ++--- src/Aks/Aks/Properties/Resources.Designer.cs | 18 ++ src/Aks/Aks/Properties/Resources.resx | 6 + src/Aks/Aks/help/Az.Aks.md | 3 + .../Aks/help/Set-AzAksClusterCredential.md | 298 ++++++++++++++++++ 9 files changed, 407 insertions(+), 40 deletions(-) create mode 100644 src/Aks/Aks/help/Set-AzAksClusterCredential.md diff --git a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs index 3d774152d88f..f0bb10e63958 100644 --- a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs +++ b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs @@ -44,5 +44,12 @@ public void TestAzureKubernetesAddons() { TestController.NewInstance.RunPowerShellTest(_logger, "Test-NewAzAksAddons"); } + + [Fact(Skip = "Updating service principal profile is not allowed on MSI cluster.")] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void TestResetAzureKubernetesServicePrincipal() + { + TestController.NewInstance.RunPowerShellTest(_logger, "Test-ResetAzureKubernetesServicePrincipal"); + } } } \ No newline at end of file diff --git a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1 b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1 index 5a92f369b356..b48d69d576d7 100644 --- a/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1 +++ b/src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1 @@ -46,7 +46,7 @@ function Test-NewAzAksWithAcr New-AzResourceGroup -Name $resourceGroupName -Location $location New-AzContainerRegistry -ResourceGroupName $resourceGroupName -Name $acrName -Sku Standard - + $cred = $(createTestCredential "e65d50b0-0853-48a9-82d3-77d800f4a9bc" "V8-S-y6Er8jXy-.aM_WT95BF89N~X23lqb") New-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName -NodeVmSize $nodeVmSize -ServicePrincipalIdAndSecret $cred -AcrNameToAttach $acrName @@ -187,3 +187,32 @@ function Test-NewAzAksAddons Remove-AzResourceGroup -Name $resourceGroupName -Force } } + + +<# +.SYNOPSIS +Test Kubernetes stuff +#> +function Test-ResetAzureKubernetesServicePrincipal +{ + # Setup + $resourceGroupName = Get-RandomResourceGroupName + $kubeClusterName = Get-RandomClusterName + $location = Get-ProviderLocation "Microsoft.ContainerService/managedClusters" + $nodeVmSize = "Standard_D2_v2" + + try + { + New-AzResourceGroup -Name $resourceGroupName -Location 'eastus' + + $credObject = $(createTestCredential "e65d50b0-0853-48a9-82d3-77d800f4a9bc" "75_4.yHJFjkKaRUUb535aH2d.ty4RG~uax") + New-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName -NodeVmSize $nodeVmSize -ServicePrincipalIdAndSecret $credObject + + $newCred = $(createTestCredential "6f277dd3-e481-4518-8aab-35c31662bad9" "XITofmnbbyU34uR_Yqx_4TI13OJ9--0C3m") + Set-AzAksClusterCredential -ResourceGroupName $resourceGroupName -Name $kubeClusterName -ServicePrincipalIdAndSecret $newCred -force + } + finally + { + Remove-AzResourceGroup -Name $resourceGroupName -Force + } +} \ No newline at end of file diff --git a/src/Aks/Aks/Az.Aks.psd1 b/src/Aks/Aks/Az.Aks.psd1 index 53ed0c719b67..dd6fb5902967 100644 --- a/src/Aks/Aks/Az.Aks.psd1 +++ b/src/Aks/Aks/Az.Aks.psd1 @@ -76,11 +76,11 @@ FunctionsToExport = @() # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = 'Get-AzAksCluster', 'New-AzAksCluster', 'Remove-AzAksCluster', - 'Import-AzAksCredential', 'Start-AzAksDashboard', 'Update-AzAksCredential', + 'Import-AzAksCredential', 'Start-AzAksDashboard', 'Stop-AzAksDashboard', 'Set-AzAksCluster', 'New-AzAksNodePool', 'Update-AzAksNodePool', 'Remove-AzAksNodePool', 'Get-AzAksNodePool', 'Install-AzAksKubectl', 'Get-AzAksVersion', 'Enable-AzAksAddOn', - 'Disable-AzAksAddOn' + 'Disable-AzAksAddOn', 'Set-AzAksClusterCredential' # Variables to export from this module # VariablesToExport = @() diff --git a/src/Aks/Aks/ChangeLog.md b/src/Aks/Aks/ChangeLog.md index 598d0747eb1b..84539e262eda 100644 --- a/src/Aks/Aks/ChangeLog.md +++ b/src/Aks/Aks/ChangeLog.md @@ -18,6 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release +* Add `Set-AzAksClusterCredential` to reset the ServicePrincipal or reset AAD profile of a existing aks cluster. ## Version 2.0.2 * Refined error messages of cmdlet failure. diff --git a/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs index 800790540def..eb2a77b5249c 100644 --- a/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs +++ b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs @@ -26,11 +26,11 @@ using System.Management.Automation; using System.Text; -namespace Microsoft.Azure.Commands.Aks.Commands +namespace Microsoft.Azure.Commands.Aks { - [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "AksCredential", SupportsShouldProcess = true, DefaultParameterSetName = ResetServicePrincipalWithGroupNameParameterSet)] + [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzurePrefix + "AksClusterCredential", SupportsShouldProcess = true, DefaultParameterSetName = ResetServicePrincipalWithGroupNameParameterSet)] [OutputType(typeof(bool))] - class SetAzureRmAksCredential : KubeCmdletBase + public class SetAzureRmAksCredential : KubeCmdletBase { private const string ResetServicePrincipalWithIdParameterSet = "ResetServicePrincipalWithIdParameterSet"; private const string ResetServicePrincipalWithGroupNameParameterSet = "ResetServicePrincipalWithGroupNameParameterSet"; @@ -98,55 +98,55 @@ class SetAzureRmAksCredential : KubeCmdletBase public string Name { get; set; } [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, - HelpMessage = "The client app id associated with the AAD application / service principal.")] + ParameterSetName = ResetAadWithGroupNameParameterSet, + HelpMessage = "The client app id associated with the AAD profile.")] [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, - HelpMessage = "The client app id associated with the AAD application / service principal.")] + ParameterSetName = ResetAadWithInputObjectParameterSet, + HelpMessage = "The client app id associated with the AAD profile.")] [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithIdParameterSet, - HelpMessage = "The client app id associated with the AAD application / service principal.")] + ParameterSetName = ResetAadWithIdParameterSet, + HelpMessage = "The client app id associated with the AAD profile.")] [ValidateNotNullOrEmpty] public string ClientAppID { get; set; } [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, - HelpMessage = "The tenant id with the AAD application / service principal.")] + ParameterSetName = ResetAadWithGroupNameParameterSet, + HelpMessage = "The tenant id with the AAD profile.")] [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, - HelpMessage = "The tenant id with the AAD application / service principal.")] + ParameterSetName = ResetAadWithInputObjectParameterSet, + HelpMessage = "The tenant id with the AAD profile.")] [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithIdParameterSet, - HelpMessage = "The tenant id with the AAD application / service principal.")] + ParameterSetName = ResetAadWithIdParameterSet, + HelpMessage = "The tenant id with the AAD profile.")] [ValidateNotNullOrEmpty] public string TenantID { get; set; } [Parameter( Mandatory = true, - ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, - HelpMessage = "The server app id and server secret associated with the AAD application / service principal.")] + ParameterSetName = ResetAadWithGroupNameParameterSet, + HelpMessage = "The server app id and server secret associated with the AAD profile.")] [Parameter( Mandatory = true, - ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, - HelpMessage = "The server app id and server secret associated with the AAD application / service principal.")] + ParameterSetName = ResetAadWithInputObjectParameterSet, + HelpMessage = "The server app id and server secret associated with the AAD profile.")] [Parameter( Mandatory = true, - ParameterSetName = ResetServicePrincipalWithIdParameterSet, - HelpMessage = "The server app id and server secret associated with the AAD application / service principal.")] + ParameterSetName = ResetAadWithIdParameterSet, + HelpMessage = "The server app id and server secret associated with the AAD profile.")] public PSCredential ServerAppIdAndSecret { get; set; } [Parameter( Mandatory = true, - ParameterSetName = ResetAadWithGroupNameParameterSet, - HelpMessage = "The client id and client secret associated with the AAD application / service principal.")] + ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, + HelpMessage = "The client id and client secret associated with the service principal.")] [Parameter( Mandatory = true, - ParameterSetName = ResetAadWithInputObjectParameterSet, - HelpMessage = "The client id and client secret associated with the AAD application / service principal.")] + ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, + HelpMessage = "The client id and client secret associated with the service principal.")] [Parameter( Mandatory = true, - ParameterSetName = ResetAadWithIdParameterSet, - HelpMessage = "The client id and client secret associated with the AAD application / service principal.")] + ParameterSetName = ResetServicePrincipalWithIdParameterSet, + HelpMessage = "The client id and client secret associated with the service principal.")] public PSCredential ServicePrincipalIdAndSecret { get; set; } [Parameter(Mandatory = false)] @@ -185,22 +185,27 @@ public override void ExecuteCmdlet() var msg = $"{Name} in {ResourceGroupName}"; ConfirmAction(Force.IsPresent, - Resources.DoYouWantToDeleteTheManagedKubernetesCluster, - Resources.RemovingTheManagedKubernetesCluster, + Resources.ResetTheCredentialOfAksCluster, + Resources.ResetingTheCredentialOfAksCluster, msg, () => { RunCmdLet(() => { - if (ParameterSetName.Equals(ResetServicePrincipalWithInputObjectParameterSet) - || ParameterSetName.Equals(ResetServicePrincipalWithGroupNameParameterSet) - || ParameterSetName.Equals(ResetServicePrincipalWithIdParameterSet)) - { - ResetServicePrincipalProfile(); - } - else + switch (ParameterSetName) { - ResetAADProfile(); + case ResetServicePrincipalWithInputObjectParameterSet: + case ResetServicePrincipalWithGroupNameParameterSet: + case ResetServicePrincipalWithIdParameterSet: + { + ResetServicePrincipalProfile(); + break; + } + default: + { + ResetAADProfile(); + break; + } } if (PassThru) { diff --git a/src/Aks/Aks/Properties/Resources.Designer.cs b/src/Aks/Aks/Properties/Resources.Designer.cs index 48c456ea7650..81bd3b495ee5 100644 --- a/src/Aks/Aks/Properties/Resources.Designer.cs +++ b/src/Aks/Aks/Properties/Resources.Designer.cs @@ -609,6 +609,24 @@ internal static string RemovingTheManagedKubernetesCluster { } } + /// + /// Looks up a localized string similar to Reseting the credential of the aks cluster.. + /// + internal static string ResetingTheCredentialOfAksCluster { + get { + return ResourceManager.GetString("ResetingTheCredentialOfAksCluster", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to Do you want to reset the credential of the aks cluster?. + /// + internal static string ResetTheCredentialOfAksCluster { + get { + return ResourceManager.GetString("ResetTheCredentialOfAksCluster", resourceCulture); + } + } + /// /// Looks up a localized string similar to Retry {0} for {1} after error: {2}. /// diff --git a/src/Aks/Aks/Properties/Resources.resx b/src/Aks/Aks/Properties/Resources.resx index 4bc3defb8399..036b135f2516 100644 --- a/src/Aks/Aks/Properties/Resources.resx +++ b/src/Aks/Aks/Properties/Resources.resx @@ -411,4 +411,10 @@ Could not assign subscription contributor permission to service principal just created. Please make sure you have permission to assign subscription contributor role, or you could use parameter -ClientIdAndSecret to specify one existing service principal id and secret. + + Reseting the credential of the aks cluster. + + + Do you want to reset the credential of the aks cluster? + \ No newline at end of file diff --git a/src/Aks/Aks/help/Az.Aks.md b/src/Aks/Aks/help/Az.Aks.md index 57f0c2dcae42..f98a88b048ac 100644 --- a/src/Aks/Aks/help/Az.Aks.md +++ b/src/Aks/Aks/help/Az.Aks.md @@ -47,6 +47,9 @@ Delete node pool from managed cluster. ### [Set-AzAksCluster](Set-AzAksCluster.md) Update or create a managed Kubernetes cluster. +### [Set-AzAksClusterCredential](Set-AzAksClusterCredential.md) +Reset the ServicePrincipal or reset AAD profile of a existing aks cluster. + ### [Start-AzAksDashboard](Start-AzAksDashboard.md) Create a Kubectl SSH tunnel to the managed cluster's dashboard. diff --git a/src/Aks/Aks/help/Set-AzAksClusterCredential.md b/src/Aks/Aks/help/Set-AzAksClusterCredential.md new file mode 100644 index 000000000000..95768b9372d1 --- /dev/null +++ b/src/Aks/Aks/help/Set-AzAksClusterCredential.md @@ -0,0 +1,298 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Aks.dll-Help.xml +Module Name: Az.Aks +online version: https://docs.microsoft.com/powershell/module/az.aks/set-azaksclustercredential +schema: 2.0.0 +--- + +# Set-AzAksClusterCredential + +## SYNOPSIS +Reset the ServicePrincipal or reset AAD profile of a existing aks cluster. + +## SYNTAX + +### ResetServicePrincipalWithGroupNameParameterSet (Default) +``` +Set-AzAksClusterCredential [-ResourceGroupName] [-Name] + -ServicePrincipalIdAndSecret [-PassThru] [-AsJob] [-Force] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### ResetServicePrincipalWithInputObjectParameterSet +``` +Set-AzAksClusterCredential -InputObject -ServicePrincipalIdAndSecret + [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm] + [] +``` + +### ResetAadWithInputObjectParameterSet +``` +Set-AzAksClusterCredential -InputObject -ClientAppID -TenantID + -ServerAppIdAndSecret [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### ResetAadWithIdParameterSet +``` +Set-AzAksClusterCredential [-Id] -ClientAppID -TenantID + -ServerAppIdAndSecret [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### ResetServicePrincipalWithIdParameterSet +``` +Set-AzAksClusterCredential [-Id] -ServicePrincipalIdAndSecret [-PassThru] [-AsJob] + [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### ResetAadWithGroupNameParameterSet +``` +Set-AzAksClusterCredential [-ResourceGroupName] [-Name] -ClientAppID + -TenantID -ServerAppIdAndSecret [-PassThru] [-AsJob] [-Force] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Reset the ServicePrincipal or reset AAD profile of a existing aks cluster. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> $SecPasswd = ConvertTo-SecureString $password -AsPlainText -Force +PS C:\> $Credential = $(New-Object System.Management.Automation.PSCredential ('6f277dd3-e481-4518-8aab-35c31662bad9', $SecPasswd)) +PS C:\> Set-AzAksClusterCredential -ResourceGroupName $ResourceGroupName -Name $Name -ServicePrincipalIdAndSecret $Credential -force +``` + +Set the service principal of a existing kubernetes cluster with resource group name and cluster name. + +## PARAMETERS + +### -AsJob +Run cmdlet in the background + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ClientAppID +The client app id associated with the AAD profile. + +```yaml +Type: System.String +Parameter Sets: ResetAadWithInputObjectParameterSet, ResetAadWithIdParameterSet, ResetAadWithGroupNameParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Remove managed Kubernetes cluster without prompt + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Id +Id of a managed Kubernetes cluster + +```yaml +Type: System.String +Parameter Sets: ResetAadWithIdParameterSet, ResetServicePrincipalWithIdParameterSet +Aliases: ResourceId + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -InputObject +A PSKubernetesCluster object, normally passed through the pipeline. + +```yaml +Type: Microsoft.Azure.Commands.Aks.Models.PSKubernetesCluster +Parameter Sets: ResetServicePrincipalWithInputObjectParameterSet, ResetAadWithInputObjectParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Name of your managed Kubernetes cluster + +```yaml +Type: System.String +Parameter Sets: ResetServicePrincipalWithGroupNameParameterSet, ResetAadWithGroupNameParameterSet +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns true if reset is successful. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +Resource group name + +```yaml +Type: System.String +Parameter Sets: ResetServicePrincipalWithGroupNameParameterSet, ResetAadWithGroupNameParameterSet +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServerAppIdAndSecret +The server app id and server secret associated with the AAD profile. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: ResetAadWithInputObjectParameterSet, ResetAadWithIdParameterSet, ResetAadWithGroupNameParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServicePrincipalIdAndSecret +The client id and client secret associated with the service principal. + +```yaml +Type: System.Management.Automation.PSCredential +Parameter Sets: ResetServicePrincipalWithGroupNameParameterSet, ResetServicePrincipalWithInputObjectParameterSet, ResetServicePrincipalWithIdParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TenantID +The tenant id with the AAD profile. + +```yaml +Type: System.String +Parameter Sets: ResetAadWithInputObjectParameterSet, ResetAadWithIdParameterSet, ResetAadWithGroupNameParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.Aks.Models.PSKubernetesCluster + +### System.String + +## OUTPUTS + +### System.Boolean + +## NOTES + +## RELATED LINKS From 00ca0b5a498cd7bb8926bddb6a448e839a631a84 Mon Sep 17 00:00:00 2001 From: wyunchi-ms Date: Sun, 25 Apr 2021 14:53:38 +0800 Subject: [PATCH 3/5] Remove the support of reset AAD profile. --- src/Aks/Aks/ChangeLog.md | 2 +- .../Aks/Commands/SetAzureRmAksCredential.cs | 129 +++--------------- .../Aks/help/Set-AzAksClusterCredential.md | 86 ++---------- 3 files changed, 29 insertions(+), 188 deletions(-) diff --git a/src/Aks/Aks/ChangeLog.md b/src/Aks/Aks/ChangeLog.md index 84539e262eda..550ce4d5f9ab 100644 --- a/src/Aks/Aks/ChangeLog.md +++ b/src/Aks/Aks/ChangeLog.md @@ -18,7 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release -* Add `Set-AzAksClusterCredential` to reset the ServicePrincipal or reset AAD profile of a existing aks cluster. +* Add `Set-AzAksClusterCredential` to reset the ServicePrincipal of a existing aks cluster. ## Version 2.0.2 * Refined error messages of cmdlet failure. diff --git a/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs index eb2a77b5249c..6b3f1d93ca4f 100644 --- a/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs +++ b/src/Aks/Aks/Commands/SetAzureRmAksCredential.cs @@ -28,35 +28,23 @@ namespace Microsoft.Azure.Commands.Aks { - [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzurePrefix + "AksClusterCredential", SupportsShouldProcess = true, DefaultParameterSetName = ResetServicePrincipalWithGroupNameParameterSet)] + [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzurePrefix + "AksClusterCredential", SupportsShouldProcess = true, DefaultParameterSetName = GroupNameParameterSet)] [OutputType(typeof(bool))] public class SetAzureRmAksCredential : KubeCmdletBase { - private const string ResetServicePrincipalWithIdParameterSet = "ResetServicePrincipalWithIdParameterSet"; - private const string ResetServicePrincipalWithGroupNameParameterSet = "ResetServicePrincipalWithGroupNameParameterSet"; - private const string ResetServicePrincipalWithInputObjectParameterSet = "ResetServicePrincipalWithInputObjectParameterSet"; - private const string ResetAadWithIdParameterSet = "ResetAadWithIdParameterSet"; - private const string ResetAadWithGroupNameParameterSet = "ResetAadWithGroupNameParameterSet"; - private const string ResetAadWithInputObjectParameterSet = "ResetAadWithInputObjectParameterSet"; + private const string IdParameterSet = "IdParameterSet"; + private const string GroupNameParameterSet = "GroupNameParameterSet"; + private const string InputObjectParameterSet = "InputObjectParameterSet"; [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, - ValueFromPipeline = true, - HelpMessage = "A PSKubernetesCluster object, normally passed through the pipeline.")] - [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithInputObjectParameterSet, + ParameterSetName = InputObjectParameterSet, ValueFromPipeline = true, HelpMessage = "A PSKubernetesCluster object, normally passed through the pipeline.")] [ValidateNotNullOrEmpty] public PSKubernetesCluster InputObject { get; set; } [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithIdParameterSet, - Position = 0, - ValueFromPipelineByPropertyName = true, - HelpMessage = "Id of a managed Kubernetes cluster")] - [Parameter(Mandatory = true, - ParameterSetName = ResetServicePrincipalWithIdParameterSet, + ParameterSetName = IdParameterSet, Position = 0, ValueFromPipelineByPropertyName = true, HelpMessage = "Id of a managed Kubernetes cluster")] @@ -70,12 +58,7 @@ public class SetAzureRmAksCredential : KubeCmdletBase [Parameter( Position = 0, Mandatory = true, - ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, - HelpMessage = "Resource group name")] - [Parameter( - Position = 0, - Mandatory = true, - ParameterSetName = ResetAadWithGroupNameParameterSet, + ParameterSetName = GroupNameParameterSet, HelpMessage = "Resource group name")] [ResourceGroupCompleter()] [ValidateNotNullOrEmpty] @@ -87,65 +70,22 @@ public class SetAzureRmAksCredential : KubeCmdletBase [Parameter( Mandatory = true, Position = 1, - ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, - HelpMessage = "Name of your managed Kubernetes cluster")] - [Parameter( - Mandatory = true, - Position = 1, - ParameterSetName = ResetAadWithGroupNameParameterSet, + ParameterSetName = GroupNameParameterSet, HelpMessage = "Name of your managed Kubernetes cluster")] [ValidateNotNullOrEmpty] public string Name { get; set; } - [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithGroupNameParameterSet, - HelpMessage = "The client app id associated with the AAD profile.")] - [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithInputObjectParameterSet, - HelpMessage = "The client app id associated with the AAD profile.")] - [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithIdParameterSet, - HelpMessage = "The client app id associated with the AAD profile.")] - [ValidateNotNullOrEmpty] - public string ClientAppID { get; set; } - - [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithGroupNameParameterSet, - HelpMessage = "The tenant id with the AAD profile.")] - [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithInputObjectParameterSet, - HelpMessage = "The tenant id with the AAD profile.")] - [Parameter(Mandatory = true, - ParameterSetName = ResetAadWithIdParameterSet, - HelpMessage = "The tenant id with the AAD profile.")] - [ValidateNotNullOrEmpty] - public string TenantID { get; set; } - - [Parameter( - Mandatory = true, - ParameterSetName = ResetAadWithGroupNameParameterSet, - HelpMessage = "The server app id and server secret associated with the AAD profile.")] - [Parameter( - Mandatory = true, - ParameterSetName = ResetAadWithInputObjectParameterSet, - HelpMessage = "The server app id and server secret associated with the AAD profile.")] - [Parameter( - Mandatory = true, - ParameterSetName = ResetAadWithIdParameterSet, - HelpMessage = "The server app id and server secret associated with the AAD profile.")] - public PSCredential ServerAppIdAndSecret { get; set; } - [Parameter( Mandatory = true, - ParameterSetName = ResetServicePrincipalWithInputObjectParameterSet, + ParameterSetName = InputObjectParameterSet, HelpMessage = "The client id and client secret associated with the service principal.")] [Parameter( Mandatory = true, - ParameterSetName = ResetServicePrincipalWithGroupNameParameterSet, + ParameterSetName = GroupNameParameterSet, HelpMessage = "The client id and client secret associated with the service principal.")] [Parameter( Mandatory = true, - ParameterSetName = ResetServicePrincipalWithIdParameterSet, + ParameterSetName = IdParameterSet, HelpMessage = "The client id and client secret associated with the service principal.")] public PSCredential ServicePrincipalIdAndSecret { get; set; } @@ -164,16 +104,14 @@ public override void ExecuteCmdlet() switch (ParameterSetName) { - case ResetServicePrincipalWithIdParameterSet: - case ResetAadWithIdParameterSet: + case IdParameterSet: { var resource = new ResourceIdentifier(Id); ResourceGroupName = resource.ResourceGroupName; Name = resource.ResourceName; break; } - case ResetServicePrincipalWithInputObjectParameterSet: - case ResetAadWithInputObjectParameterSet: + case InputObjectParameterSet: { var resource = new ResourceIdentifier(InputObject.Id); ResourceGroupName = resource.ResourceGroupName; @@ -192,21 +130,12 @@ public override void ExecuteCmdlet() { RunCmdLet(() => { - switch (ParameterSetName) + ManagedClusterServicePrincipalProfile servicePrincipalProfile = new ManagedClusterServicePrincipalProfile() { - case ResetServicePrincipalWithInputObjectParameterSet: - case ResetServicePrincipalWithGroupNameParameterSet: - case ResetServicePrincipalWithIdParameterSet: - { - ResetServicePrincipalProfile(); - break; - } - default: - { - ResetAADProfile(); - break; - } - } + ClientId = ServicePrincipalIdAndSecret.UserName, + Secret = ServicePrincipalIdAndSecret.Password.ConvertToString() + }; + Client.ManagedClusters.ResetServicePrincipalProfile(ResourceGroupName, Name, servicePrincipalProfile); if (PassThru) { WriteObject(true); @@ -214,27 +143,5 @@ public override void ExecuteCmdlet() }); }); } - - private void ResetAADProfile() - { - ManagedClusterAADProfile aadProfile = new ManagedClusterAADProfile() - { - ClientAppID = ClientAppID, - TenantID = TenantID, - ServerAppID = ServerAppIdAndSecret.UserName, - ServerAppSecret = ServerAppIdAndSecret.Password.ConvertToString() - }; - Client.ManagedClusters.ResetAADProfile(ResourceGroupName, Name, aadProfile); - } - - private void ResetServicePrincipalProfile() - { - ManagedClusterServicePrincipalProfile servicePrincipalProfile = new ManagedClusterServicePrincipalProfile() - { - ClientId = ServicePrincipalIdAndSecret.UserName, - Secret = ServicePrincipalIdAndSecret.Password.ConvertToString() - }; - Client.ManagedClusters.ResetServicePrincipalProfile(ResourceGroupName, Name, servicePrincipalProfile); - } } } diff --git a/src/Aks/Aks/help/Set-AzAksClusterCredential.md b/src/Aks/Aks/help/Set-AzAksClusterCredential.md index 95768b9372d1..14d2df97df30 100644 --- a/src/Aks/Aks/help/Set-AzAksClusterCredential.md +++ b/src/Aks/Aks/help/Set-AzAksClusterCredential.md @@ -8,53 +8,32 @@ schema: 2.0.0 # Set-AzAksClusterCredential ## SYNOPSIS -Reset the ServicePrincipal or reset AAD profile of a existing aks cluster. +Reset the ServicePrincipal of a existing aks cluster. ## SYNTAX -### ResetServicePrincipalWithGroupNameParameterSet (Default) +### GroupNameParameterSet (Default) ``` Set-AzAksClusterCredential [-ResourceGroupName] [-Name] -ServicePrincipalIdAndSecret [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### ResetServicePrincipalWithInputObjectParameterSet +### InputObjectParameterSet ``` Set-AzAksClusterCredential -InputObject -ServicePrincipalIdAndSecret [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### ResetAadWithInputObjectParameterSet -``` -Set-AzAksClusterCredential -InputObject -ClientAppID -TenantID - -ServerAppIdAndSecret [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] -``` - -### ResetAadWithIdParameterSet -``` -Set-AzAksClusterCredential [-Id] -ClientAppID -TenantID - -ServerAppIdAndSecret [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] -``` - -### ResetServicePrincipalWithIdParameterSet +### IdParameterSet ``` Set-AzAksClusterCredential [-Id] -ServicePrincipalIdAndSecret [-PassThru] [-AsJob] [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### ResetAadWithGroupNameParameterSet -``` -Set-AzAksClusterCredential [-ResourceGroupName] [-Name] -ClientAppID - -TenantID -ServerAppIdAndSecret [-PassThru] [-AsJob] [-Force] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - ## DESCRIPTION -Reset the ServicePrincipal or reset AAD profile of a existing aks cluster. +Reset the ServicePrincipal of a existing aks cluster. ## EXAMPLES @@ -84,21 +63,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ClientAppID -The client app id associated with the AAD profile. - -```yaml -Type: System.String -Parameter Sets: ResetAadWithInputObjectParameterSet, ResetAadWithIdParameterSet, ResetAadWithGroupNameParameterSet -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -DefaultProfile The credentials, account, tenant, and subscription used for communication with Azure. @@ -134,7 +98,7 @@ Id of a managed Kubernetes cluster ```yaml Type: System.String -Parameter Sets: ResetAadWithIdParameterSet, ResetServicePrincipalWithIdParameterSet +Parameter Sets: IdParameterSet Aliases: ResourceId Required: True @@ -149,7 +113,7 @@ A PSKubernetesCluster object, normally passed through the pipeline. ```yaml Type: Microsoft.Azure.Commands.Aks.Models.PSKubernetesCluster -Parameter Sets: ResetServicePrincipalWithInputObjectParameterSet, ResetAadWithInputObjectParameterSet +Parameter Sets: InputObjectParameterSet Aliases: Required: True @@ -164,7 +128,7 @@ Name of your managed Kubernetes cluster ```yaml Type: System.String -Parameter Sets: ResetServicePrincipalWithGroupNameParameterSet, ResetAadWithGroupNameParameterSet +Parameter Sets: GroupNameParameterSet Aliases: Required: True @@ -194,7 +158,7 @@ Resource group name ```yaml Type: System.String -Parameter Sets: ResetServicePrincipalWithGroupNameParameterSet, ResetAadWithGroupNameParameterSet +Parameter Sets: GroupNameParameterSet Aliases: Required: True @@ -204,42 +168,12 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ServerAppIdAndSecret -The server app id and server secret associated with the AAD profile. - -```yaml -Type: System.Management.Automation.PSCredential -Parameter Sets: ResetAadWithInputObjectParameterSet, ResetAadWithIdParameterSet, ResetAadWithGroupNameParameterSet -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -ServicePrincipalIdAndSecret The client id and client secret associated with the service principal. ```yaml Type: System.Management.Automation.PSCredential -Parameter Sets: ResetServicePrincipalWithGroupNameParameterSet, ResetServicePrincipalWithInputObjectParameterSet, ResetServicePrincipalWithIdParameterSet -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -TenantID -The tenant id with the AAD profile. - -```yaml -Type: System.String -Parameter Sets: ResetAadWithInputObjectParameterSet, ResetAadWithIdParameterSet, ResetAadWithGroupNameParameterSet +Parameter Sets: (All) Aliases: Required: True From 12ea543d2373788e5ac864a352c35c7c88da1bd1 Mon Sep 17 00:00:00 2001 From: wyunchi-ms Date: Sun, 25 Apr 2021 14:54:57 +0800 Subject: [PATCH 4/5] Remove the support of reset AAD profile. --- src/Aks/Aks/help/Az.Aks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Aks/Aks/help/Az.Aks.md b/src/Aks/Aks/help/Az.Aks.md index f98a88b048ac..f6eb8c45a9b3 100644 --- a/src/Aks/Aks/help/Az.Aks.md +++ b/src/Aks/Aks/help/Az.Aks.md @@ -48,7 +48,7 @@ Delete node pool from managed cluster. Update or create a managed Kubernetes cluster. ### [Set-AzAksClusterCredential](Set-AzAksClusterCredential.md) -Reset the ServicePrincipal or reset AAD profile of a existing aks cluster. +Reset the ServicePrincipal of a existing aks cluster. ### [Start-AzAksDashboard](Start-AzAksDashboard.md) Create a Kubectl SSH tunnel to the managed cluster's dashboard. From 743df1dc736f5f7a1bd1e37041ad3349625313a2 Mon Sep 17 00:00:00 2001 From: wyunchi-ms Date: Mon, 26 Apr 2021 13:48:29 +0800 Subject: [PATCH 5/5] Update the document --- src/Aks/Aks/ChangeLog.md | 2 +- src/Aks/Aks/help/Set-AzAksClusterCredential.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Aks/Aks/ChangeLog.md b/src/Aks/Aks/ChangeLog.md index 550ce4d5f9ab..b64e1d6ab1c3 100644 --- a/src/Aks/Aks/ChangeLog.md +++ b/src/Aks/Aks/ChangeLog.md @@ -18,7 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release -* Add `Set-AzAksClusterCredential` to reset the ServicePrincipal of a existing aks cluster. +* Add `Set-AzAksClusterCredential` to reset the ServicePrincipal of an existing AKS cluster. ## Version 2.0.2 * Refined error messages of cmdlet failure. diff --git a/src/Aks/Aks/help/Set-AzAksClusterCredential.md b/src/Aks/Aks/help/Set-AzAksClusterCredential.md index 14d2df97df30..da2183b6694b 100644 --- a/src/Aks/Aks/help/Set-AzAksClusterCredential.md +++ b/src/Aks/Aks/help/Set-AzAksClusterCredential.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Set-AzAksClusterCredential ## SYNOPSIS -Reset the ServicePrincipal of a existing aks cluster. +Reset the ServicePrincipal of an existing AKS cluster. ## SYNTAX @@ -33,7 +33,7 @@ Set-AzAksClusterCredential [-Id] -ServicePrincipalIdAndSecret