diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml
index bf20e14a438b..ed092501814a 100644
--- a/common/config/rush/pnpm-lock.yaml
+++ b/common/config/rush/pnpm-lock.yaml
@@ -939,7 +939,7 @@ packages:
     resolution: {integrity: sha512-Q71Buur3RMcg6lCnisLL8Im562DBw+ybzgm+YQj/FbAaI8ZNu/zl/5z1fE4k3Q9LSIzYrz6HLRzlhdSBXpydlQ==}
     engines: {node: '>=8.0.0'}
     dependencies:
-      '@azure/core-http': 1.2.3
+      '@azure/core-http': 1.2.6
       '@azure/core-tracing': 1.0.0-preview.9
       '@azure/logger': 1.0.3
       '@azure/msal-node': 1.0.0-beta.6_debug@4.3.4
@@ -2405,7 +2405,7 @@ packages:
     resolution: {integrity: sha512-ALYone6pm6QmwZoAgeyNksccT9Q4AWZQ6PvfwR37GT6r6FWUPguq6sUmNGSMV2Wr761oQoBxwGGa6DR5o1DC9g==}
     dependencies:
       '@types/connect': 3.4.35
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/chai-as-promised/7.1.5:
@@ -2431,7 +2431,7 @@ packages:
   /@types/connect/3.4.35:
     resolution: {integrity: sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/cookie/0.4.1:
@@ -2466,7 +2466,7 @@ packages:
   /@types/express-serve-static-core/4.17.28:
     resolution: {integrity: sha512-P1BJAEAW3E2DJUlkgq4tOL3RyMunoWXqbSCygWo5ZIWTjUgN1YnaXWW4VWl/oc8vs/XoYibEGBKP0uZyF4AHig==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
       '@types/qs': 6.9.7
       '@types/range-parser': 1.2.4
     dev: false
@@ -2483,26 +2483,26 @@ packages:
   /@types/fs-extra/8.1.2:
     resolution: {integrity: sha512-SvSrYXfWSc7R4eqnOzbQF4TZmfpNSM9FrSWLU3EUnWBuyZqNBOrv1B1JA3byUDPUl9z4Ab3jeZG2eDdySlgNMg==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/fs-extra/9.0.13:
     resolution: {integrity: sha512-nEnwB++1u5lVDM2UI4c1+5R+FYaKfaAzS4OococimjVm3nQw3TuzH5UNsocrcTBbhnerblyHj4A49qXbIiZdpA==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/glob/7.2.0:
     resolution: {integrity: sha512-ZUxbzKl0IfJILTS6t7ip5fQQM/J3TJYubDm3nMbgubNNYS62eXeUpoLUC8/7fJNiFYHTrGPQn7hspDUzIHX3UA==}
     dependencies:
       '@types/minimatch': 3.0.5
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/is-buffer/2.0.0:
     resolution: {integrity: sha512-0f7N/e3BAz32qDYvgB4d2cqv1DqUwvGxHkXsrucICn8la1Vb6Yl6Eg8mPScGwUiqHJeE7diXlzaK+QMA9m4Gxw==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/json-schema/7.0.11:
@@ -2516,13 +2516,13 @@ packages:
   /@types/jsonwebtoken/8.5.8:
     resolution: {integrity: sha512-zm6xBQpFDIDM6o9r6HSgDeIcLy82TKWctCXEPbJJcXb5AKmi5BNNdLXneixK4lplX3PqIVcwLBCGE/kAGnlD4A==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/jws/3.2.4:
     resolution: {integrity: sha512-aqtH4dPw1wUjFZaeMD1ak/pf8iXlu/odFe+trJrvw0g1sTh93i+SCykg0Ek8C6B7rVK3oBORbfZAsKO7P10etg==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/long/4.0.2:
@@ -2562,13 +2562,13 @@ packages:
   /@types/mock-fs/4.13.1:
     resolution: {integrity: sha512-m6nFAJ3lBSnqbvDZioawRvpLXSaPyn52Srf7OfzjubYbYX8MTUdIgDxQl0wEapm4m/pNYSd9TXocpQ0TvZFlYA==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/mock-require/2.0.1:
     resolution: {integrity: sha512-O7U5DVGboY/Crueb5/huUCIRjKtRVRaLmRDbZJBlDQgJn966z3aiFDN+6AtYviu2ExwMkl34LjT/IiC0OPtKuQ==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/ms/0.7.31:
@@ -2582,7 +2582,7 @@ packages:
   /@types/node-fetch/2.6.1:
     resolution: {integrity: sha512-oMqjURCaxoSIsHSr1E47QHzbmzNR5rK8McHuNb11BOM9cHcIK3Avy0s/b2JlXHoQGTYS3NsvWzV1M0iK7l0wbA==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
       form-data: 3.0.1
     dev: false
 
@@ -2625,7 +2625,7 @@ packages:
   /@types/resolve/1.17.1:
     resolution: {integrity: sha512-yy7HuzQhj0dhGpD8RLXSZWEkLsV9ibvxvi6EiJ3bkqLAO1RGo0WbkWQiwpRlSFymTJRz0d3k5LM3kkx8ArDbLw==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/semaphore/1.1.1:
@@ -2636,7 +2636,7 @@ packages:
     resolution: {integrity: sha512-nCkHGI4w7ZgAdNkrEu0bv+4xNV/XDqW+DydknebMOQwkpDGx8G+HTlj7R7ABI8i8nKxVw0wtKPi1D+lPOkh4YQ==}
     dependencies:
       '@types/mime': 1.3.2
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/sinon/10.0.11:
@@ -2658,7 +2658,7 @@ packages:
   /@types/stoppable/1.1.1:
     resolution: {integrity: sha512-b8N+fCADRIYYrGZOcmOR8ZNBOqhktWTB/bMUl5LvGtT201QKJZOOH5UsFyI3qtteM6ZAJbJqZoBcLqqxKIwjhw==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/tough-cookie/4.0.2:
@@ -2668,13 +2668,13 @@ packages:
   /@types/tunnel/0.0.1:
     resolution: {integrity: sha512-AOqu6bQu5MSWwYvehMXLukFHnupHrpZ8nvgae5Ggie9UwzDR1CCwoXgSSWNZJuyOlCdfdsWMA5F2LlmvyoTv8A==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/tunnel/0.0.3:
     resolution: {integrity: sha512-sOUTGn6h1SfQ+gbgqC364jLFBw2lnFqkgF3q0WovEHRLMrVD1sd5aufqi/aJObLekJO+Aq5z646U4Oxy6shXMA==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/underscore/1.11.4:
@@ -2692,26 +2692,26 @@ packages:
   /@types/ws/7.4.7:
     resolution: {integrity: sha512-JQbbmxZTZehdc2iszGKs5oC3NFnjeay7mtAWrdt7qNtAVK0g19muApzAy4bm9byz79xa2ZnO/BOBC2R8RC5Lww==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/ws/8.5.3:
     resolution: {integrity: sha512-6YOoWjruKj1uLf3INHH7D3qTXwFfEsg1kf3c0uDdSBJwfa/llkwIjrAGV7j7mVgGNbzTQ3HiHKKDXl6bJPD97w==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/xml2js/0.4.11:
     resolution: {integrity: sha512-JdigeAKmCyoJUiQljjr7tQG3if9NkqGUgwEUqBvV0N7LM4HyQk7UXCnusRa1lnvXAEYJ8mw8GtZWioagNztOwA==}
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
 
   /@types/yauzl/2.10.0:
     resolution: {integrity: sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==}
     requiresBuild: true
     dependencies:
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
     dev: false
     optional: true
 
@@ -3684,7 +3684,7 @@ packages:
     resolution: {integrity: sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==}
     deprecated: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
     dependencies:
-      ms: 2.1.1
+      ms: 2.1.3
     dev: false
 
   /debug/3.2.7:
@@ -3930,7 +3930,7 @@ packages:
     dependencies:
       '@types/cookie': 0.4.1
       '@types/cors': 2.8.12
-      '@types/node': 12.20.50
+      '@types/node': 17.0.31
       accepts: 1.3.8
       base64id: 2.0.0
       cookie: 0.4.2
@@ -4837,7 +4837,7 @@ packages:
       fs.realpath: 1.0.0
       inflight: 1.0.6
       inherits: 2.0.4
-      minimatch: 3.0.4
+      minimatch: 3.1.2
       once: 1.4.0
       path-is-absolute: 1.0.1
     dev: false
@@ -8647,7 +8647,7 @@ packages:
   /wide-align/1.1.5:
     resolution: {integrity: sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg==}
     dependencies:
-      string-width: 1.0.2
+      string-width: 4.2.3
     dev: false
 
   /word-wrap/1.2.3:
@@ -10197,28 +10197,27 @@ packages:
     dev: false
 
   file:projects/arm-containerservice.tgz:
-    resolution: {integrity: sha512-ydzxfNP0RKW/IMAJIOMPMAr38GWiOKPriHKATazJlcETiAn2mfHAXrPj/5YZTe7/Cvh4anicieTseoA2LUf7Nw==, tarball: file:projects/arm-containerservice.tgz}
+    resolution: {integrity: sha512-xsvax5ejhQf6od++due7jG07ThW9oVYJten5uBhVTIAsUFBcFJqWdisPQRIXccVNlJ+AP4cmE/JZeiKq/3jI0A==, tarball: file:projects/arm-containerservice.tgz}
     name: '@rush-temp/arm-containerservice'
     version: 0.0.0
     dependencies:
       '@azure-tools/test-recorder': 1.0.2
       '@azure/identity': 2.0.4
-      '@microsoft/api-extractor': 7.18.11
-      '@rollup/plugin-commonjs': 21.1.0_rollup@2.72.0
-      '@rollup/plugin-json': 4.1.0_rollup@2.72.0
-      '@rollup/plugin-multi-entry': 4.1.0_rollup@2.72.0
-      '@rollup/plugin-node-resolve': 13.3.0_rollup@2.72.0
+      '@microsoft/api-extractor': 7.23.1
+      '@rollup/plugin-commonjs': 11.0.2_rollup@1.32.1
+      '@rollup/plugin-json': 4.1.0_rollup@1.32.1
+      '@rollup/plugin-multi-entry': 3.0.1_rollup@1.32.1
+      '@rollup/plugin-node-resolve': 8.4.0_rollup@1.32.1
       cross-env: 7.0.3
       mkdirp: 1.0.4
       mocha: 7.2.0
       rimraf: 3.0.2
-      rollup: 2.72.0
-      rollup-plugin-sourcemaps: 0.6.3_rollup@2.72.0
+      rollup: 1.32.1
+      rollup-plugin-sourcemaps: 0.4.2_rollup@1.32.1
       tslib: 2.4.0
       typescript: 4.2.4
       uglify-js: 3.15.4
     transitivePeerDependencies:
-      - '@types/node'
       - debug
       - encoding
       - supports-color
diff --git a/sdk/containerservice/arm-containerservice/CHANGELOG.md b/sdk/containerservice/arm-containerservice/CHANGELOG.md
index b521f762bfbc..9d8954e57ff5 100644
--- a/sdk/containerservice/arm-containerservice/CHANGELOG.md
+++ b/sdk/containerservice/arm-containerservice/CHANGELOG.md
@@ -1,10 +1,12 @@
 # Release History
-
-## 16.1.0-beta.1 (2022-05-06)
+    
+## 16.1.0-beta.2 (2022-05-07)
     
 **Features**
 
   - Added operation group ManagedClusterSnapshots
+  - Added operation group TrustedAccessRoleBindings
+  - Added operation group TrustedAccessRoles
   - Added operation ManagedClusters.beginRotateServiceAccountSigningKeys
   - Added operation ManagedClusters.beginRotateServiceAccountSigningKeysAndWait
   - Added Interface AzureKeyVaultKms
@@ -24,6 +26,17 @@
   - Added Interface ManagedClusterSnapshotsUpdateTagsOptionalParams
   - Added Interface ManagedClustersRotateServiceAccountSigningKeysOptionalParams
   - Added Interface NetworkProfileForSnapshot
+  - Added Interface TrustedAccessRole
+  - Added Interface TrustedAccessRoleBindingListResult
+  - Added Interface TrustedAccessRoleBindingsCreateOrUpdateOptionalParams
+  - Added Interface TrustedAccessRoleBindingsDeleteOptionalParams
+  - Added Interface TrustedAccessRoleBindingsGetOptionalParams
+  - Added Interface TrustedAccessRoleBindingsListNextOptionalParams
+  - Added Interface TrustedAccessRoleBindingsListOptionalParams
+  - Added Interface TrustedAccessRoleListResult
+  - Added Interface TrustedAccessRoleRule
+  - Added Interface TrustedAccessRolesListNextOptionalParams
+  - Added Interface TrustedAccessRolesListOptionalParams
   - Added Type Alias ManagedClusterSnapshot
   - Added Type Alias ManagedClusterSnapshotsCreateOrUpdateResponse
   - Added Type Alias ManagedClusterSnapshotsGetResponse
@@ -32,28 +45,48 @@
   - Added Type Alias ManagedClusterSnapshotsListNextResponse
   - Added Type Alias ManagedClusterSnapshotsListResponse
   - Added Type Alias ManagedClusterSnapshotsUpdateTagsResponse
+  - Added Type Alias NetworkPluginMode
+  - Added Type Alias TrustedAccessRoleBinding
+  - Added Type Alias TrustedAccessRoleBindingsCreateOrUpdateResponse
+  - Added Type Alias TrustedAccessRoleBindingsGetResponse
+  - Added Type Alias TrustedAccessRoleBindingsListNextResponse
+  - Added Type Alias TrustedAccessRoleBindingsListResponse
+  - Added Type Alias TrustedAccessRolesListNextResponse
+  - Added Type Alias TrustedAccessRolesListResponse
   - Interface AgentPoolsDeleteOptionalParams has a new optional parameter ignorePodDisruptionBudget
+  - Interface ContainerServiceNetworkProfile has a new optional parameter networkPluginMode
   - Interface ManagedClusterAgentPoolProfileProperties has a new optional parameter capacityReservationGroupID
   - Interface ManagedClusterAgentPoolProfileProperties has a new optional parameter currentOrchestratorVersion
+  - Interface ManagedClusterAgentPoolProfileProperties has a new optional parameter enableCustomCATrust
   - Interface ManagedClusterAgentPoolProfileProperties has a new optional parameter hostGroupID
   - Interface ManagedClusterAgentPoolProfileProperties has a new optional parameter messageOfTheDay
+  - Interface ManagedClusterAPIServerAccessProfile has a new optional parameter enableVnetIntegration
+  - Interface ManagedClusterAPIServerAccessProfile has a new optional parameter subnetId
   - Interface ManagedClusterHttpProxyConfig has a new optional parameter effectiveNoProxy
   - Interface ManagedClustersDeleteOptionalParams has a new optional parameter ignorePodDisruptionBudget
   - Interface ManagedClusterSecurityProfile has a new optional parameter azureKeyVaultKms
   - Interface ManagedClusterSecurityProfile has a new optional parameter workloadIdentity
   - Interface ManagedClusterStorageProfileDiskCSIDriver has a new optional parameter version
   - Class ContainerServiceClient has a new parameter managedClusterSnapshots
+  - Class ContainerServiceClient has a new parameter trustedAccessRoleBindings
+  - Class ContainerServiceClient has a new parameter trustedAccessRoles
   - Type Alias AgentPool has a new parameter messageOfTheDay
   - Type Alias AgentPool has a new parameter currentOrchestratorVersion
+  - Type Alias AgentPool has a new parameter enableCustomCATrust
   - Type Alias AgentPool has a new parameter capacityReservationGroupID
   - Type Alias AgentPool has a new parameter hostGroupID
   - Type Alias ManagedCluster has a new parameter creationData
   - Type Alias ManagedCluster has a new parameter currentKubernetesVersion
   - Type Alias ManagedCluster has a new parameter oidcIssuerProfile
   - Type Alias ManagedCluster has a new parameter enableNamespaceResources
+  - Type Alias ManagedCluster has a new parameter storageProfile
   - Type Alias ManagedCluster has a new parameter ingressProfile
+  - Added Enum KnownNetworkPluginMode
   - Enum KnownNetworkPlugin has a new value None
-  - Enum KnownSnapshotType has a new value ManagedCluster  
+  - Enum KnownOssku has a new value Windows2019
+  - Enum KnownOssku has a new value Windows2022
+  - Enum KnownSnapshotType has a new value ManagedCluster
+    
     
 ## 16.0.0 (2022-04-20)
     
diff --git a/sdk/containerservice/arm-containerservice/README.md b/sdk/containerservice/arm-containerservice/README.md
index 634b51c21adf..e141b0131aa9 100644
--- a/sdk/containerservice/arm-containerservice/README.md
+++ b/sdk/containerservice/arm-containerservice/README.md
@@ -16,8 +16,6 @@ The Container Service Client.
 - [LTS versions of Node.js](https://nodejs.org/about/releases/)
 - Latest versions of Safari, Chrome, Edge and Firefox.
 
-See our [support policy](https://github.com/Azure/azure-sdk-for-js/blob/main/SUPPORT.md) for more details.
-
 ### Prerequisites
 
 - An [Azure subscription][azure_sub].
@@ -51,17 +49,8 @@ For more information about how to create an Azure AD Application check out [this
 ```javascript
 const { ContainerServiceClient } = require("@azure/arm-containerservice");
 const { DefaultAzureCredential } = require("@azure/identity");
-// For client-side applications running in the browser, use InteractiveBrowserCredential instead of DefaultAzureCredential. See https://aka.ms/azsdk/js/identity/examples for more details.
-
 const subscriptionId = "00000000-0000-0000-0000-000000000000";
 const client = new ContainerServiceClient(new DefaultAzureCredential(), subscriptionId);
-
-// For client-side applications running in the browser, use this code instead:
-// const credential = new InteractiveBrowserCredential({
-//   tenantId: "<YOUR_TENANT_ID>",
-//   clientId: "<YOUR_CLIENT_ID>"
-// });
-// const client = new ContainerServiceClient(credential, subscriptionId);
 ```
 
 
diff --git a/sdk/containerservice/arm-containerservice/_meta.json b/sdk/containerservice/arm-containerservice/_meta.json
index c0f0fa522199..de39a5931307 100644
--- a/sdk/containerservice/arm-containerservice/_meta.json
+++ b/sdk/containerservice/arm-containerservice/_meta.json
@@ -1,8 +1,8 @@
 {
-  "commit": "63ecc4782618d9f20f3b1d9d0b5153d4cf4e45be",
+  "commit": "9abe35ede9f446127c05da2f08705428bbbab521",
   "readme": "specification/containerservice/resource-manager/readme.md",
-  "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=D:\\work\\azure-sdk-for-js ..\\azure-rest-api-specs\\specification\\containerservice\\resource-manager\\readme.md --use=@autorest/typescript@6.0.0-alpha.19.20220408.1 --generate-sample=true",
+  "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/mnt/vss/_work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/containerservice/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220105.1",
   "repository_url": "https://github.com/Azure/azure-rest-api-specs.git",
   "release_tool": "@azure-tools/js-sdk-release-tools@2.3.0",
-  "use": "@autorest/typescript@6.0.0-alpha.19.20220408.1"
+  "use": "@autorest/typescript@6.0.0-alpha.16.20220105.1"
 }
\ No newline at end of file
diff --git a/sdk/containerservice/arm-containerservice/package.json b/sdk/containerservice/arm-containerservice/package.json
index 0ba5dab77c35..4c7adde1d03b 100644
--- a/sdk/containerservice/arm-containerservice/package.json
+++ b/sdk/containerservice/arm-containerservice/package.json
@@ -3,7 +3,7 @@
   "sdk-type": "mgmt",
   "author": "Microsoft Corporation",
   "description": "A generated SDK for ContainerServiceClient.",
-  "version": "16.1.0-beta.1",
+  "version": "16.1.0-beta.2",
   "engines": {
     "node": ">=12.0.0"
   },
@@ -11,9 +11,9 @@
     "@azure/core-lro": "^2.2.0",
     "@azure/abort-controller": "^1.0.0",
     "@azure/core-paging": "^1.2.0",
-    "@azure/core-client": "^1.5.0",
+    "@azure/core-client": "^1.0.0",
     "@azure/core-auth": "^1.3.0",
-    "@azure/core-rest-pipeline": "^1.8.0",
+    "@azure/core-rest-pipeline": "^1.1.0",
     "tslib": "^2.2.0"
   },
   "keywords": [
@@ -28,14 +28,14 @@
   "module": "./dist-esm/src/index.js",
   "types": "./types/arm-containerservice.d.ts",
   "devDependencies": {
-    "@microsoft/api-extractor": "7.18.11",
-    "@rollup/plugin-commonjs": "^21.0.1",
-    "@rollup/plugin-json": "^4.1.0",
-    "@rollup/plugin-multi-entry": "^4.1.0",
-    "@rollup/plugin-node-resolve": "^13.1.3",
+    "@microsoft/api-extractor": "^7.18.11",
+    "@rollup/plugin-commonjs": "11.0.2",
+    "@rollup/plugin-json": "^4.0.0",
+    "@rollup/plugin-multi-entry": "^3.0.0",
+    "@rollup/plugin-node-resolve": "^8.0.0",
     "mkdirp": "^1.0.4",
-    "rollup": "^2.66.1",
-    "rollup-plugin-sourcemaps": "^0.6.3",
+    "rollup": "^1.16.3",
+    "rollup-plugin-sourcemaps": "^0.4.2",
     "typescript": "~4.2.0",
     "uglify-js": "^3.4.9",
     "rimraf": "^3.0.0",
@@ -98,21 +98,5 @@
     "docs": "echo skipped"
   },
   "sideEffects": false,
-  "//metadata": {
-    "constantPaths": [
-      {
-        "path": "src/containerServiceClient.ts",
-        "prefix": "packageDetails"
-      }
-    ]
-  },
-  "autoPublish": true,
-  "//sampleConfiguration": {
-    "productName": "",
-    "productSlugs": [
-      "azure"
-    ],
-    "disableDocsMs": true,
-    "apiRefLink": "https://docs.microsoft.com/javascript/api/@azure/arm-containerservice?view=azure-node-preview"
-  }
-}
+  "autoPublish": true
+}
\ No newline at end of file
diff --git a/sdk/containerservice/arm-containerservice/review/arm-containerservice.api.md b/sdk/containerservice/arm-containerservice/review/arm-containerservice.api.md
index 01db72d6f270..737897039e05 100644
--- a/sdk/containerservice/arm-containerservice/review/arm-containerservice.api.md
+++ b/sdk/containerservice/arm-containerservice/review/arm-containerservice.api.md
@@ -38,6 +38,7 @@ export type AgentPool = SubResource & {
     powerState?: PowerState;
     availabilityZones?: string[];
     enableNodePublicIP?: boolean;
+    enableCustomCATrust?: boolean;
     nodePublicIPPrefixID?: string;
     scaleSetPriority?: ScaleSetPriority;
     scaleSetEvictionPolicy?: ScaleSetEvictionPolicy;
@@ -238,6 +239,10 @@ export class ContainerServiceClient extends coreClient.ServiceClient {
     snapshots: Snapshots;
     // (undocumented)
     subscriptionId: string;
+    // (undocumented)
+    trustedAccessRoleBindings: TrustedAccessRoleBindings;
+    // (undocumented)
+    trustedAccessRoles: TrustedAccessRoles;
 }
 
 // @public
@@ -280,6 +285,7 @@ export interface ContainerServiceNetworkProfile {
     natGatewayProfile?: ManagedClusterNATGatewayProfile;
     networkMode?: NetworkMode;
     networkPlugin?: NetworkPlugin;
+    networkPluginMode?: NetworkPluginMode;
     networkPolicy?: NetworkPolicy;
     outboundType?: OutboundType;
     podCidr?: string;
@@ -866,6 +872,11 @@ export enum KnownNetworkPlugin {
     None = "none"
 }
 
+// @public
+export enum KnownNetworkPluginMode {
+    Overlay = "Overlay"
+}
+
 // @public
 export enum KnownNetworkPolicy {
     Azure = "azure",
@@ -883,7 +894,11 @@ export enum KnownOssku {
     // (undocumented)
     CBLMariner = "CBLMariner",
     // (undocumented)
-    Ubuntu = "Ubuntu"
+    Ubuntu = "Ubuntu",
+    // (undocumented)
+    Windows2019 = "Windows2019",
+    // (undocumented)
+    Windows2022 = "Windows2022"
 }
 
 // @public
@@ -1104,6 +1119,7 @@ export type ManagedCluster = TrackedResource & {
     disableLocalAccounts?: boolean;
     httpProxyConfig?: ManagedClusterHttpProxyConfig;
     securityProfile?: ManagedClusterSecurityProfile;
+    storageProfile?: ManagedClusterStorageProfile;
     ingressProfile?: ManagedClusterIngressProfile;
     publicNetworkAccess?: PublicNetworkAccess;
 };
@@ -1149,6 +1165,7 @@ export interface ManagedClusterAgentPoolProfileProperties {
     creationData?: CreationData;
     currentOrchestratorVersion?: string;
     enableAutoScaling?: boolean;
+    enableCustomCATrust?: boolean;
     enableEncryptionAtHost?: boolean;
     enableFips?: boolean;
     enableNodePublicIP?: boolean;
@@ -1198,7 +1215,9 @@ export interface ManagedClusterAPIServerAccessProfile {
     disableRunCommand?: boolean;
     enablePrivateCluster?: boolean;
     enablePrivateClusterPublicFqdn?: boolean;
+    enableVnetIntegration?: boolean;
     privateDNSZone?: string;
+    subnetId?: string;
 }
 
 // @public
@@ -1751,6 +1770,9 @@ export type NetworkMode = string;
 // @public
 export type NetworkPlugin = string;
 
+// @public
+export type NetworkPluginMode = string;
+
 // @public
 export type NetworkPolicy = string;
 
@@ -1759,6 +1781,7 @@ export interface NetworkProfileForSnapshot {
     loadBalancerSku?: LoadBalancerSku;
     networkMode?: NetworkMode;
     networkPlugin?: NetworkPlugin;
+    networkPluginMode?: NetworkPluginMode;
     networkPolicy?: NetworkPolicy;
 }
 
@@ -2142,6 +2165,100 @@ export type TrackedResource = Resource & {
     location: string;
 };
 
+// @public
+export interface TrustedAccessRole {
+    readonly name?: string;
+    readonly rules?: TrustedAccessRoleRule[];
+    readonly sourceResourceType?: string;
+}
+
+// @public
+export type TrustedAccessRoleBinding = Resource & {
+    readonly provisioningState?: string;
+    sourceResourceId: string;
+    roles: string[];
+};
+
+// @public
+export interface TrustedAccessRoleBindingListResult {
+    readonly nextLink?: string;
+    value?: TrustedAccessRoleBinding[];
+}
+
+// @public
+export interface TrustedAccessRoleBindings {
+    createOrUpdate(resourceGroupName: string, resourceName: string, trustedAccessRoleBindingName: string, trustedAccessRoleBinding: TrustedAccessRoleBinding, options?: TrustedAccessRoleBindingsCreateOrUpdateOptionalParams): Promise<TrustedAccessRoleBindingsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, resourceName: string, trustedAccessRoleBindingName: string, options?: TrustedAccessRoleBindingsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, resourceName: string, trustedAccessRoleBindingName: string, options?: TrustedAccessRoleBindingsGetOptionalParams): Promise<TrustedAccessRoleBindingsGetResponse>;
+    list(resourceGroupName: string, resourceName: string, options?: TrustedAccessRoleBindingsListOptionalParams): PagedAsyncIterableIterator<TrustedAccessRoleBinding>;
+}
+
+// @public
+export interface TrustedAccessRoleBindingsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type TrustedAccessRoleBindingsCreateOrUpdateResponse = TrustedAccessRoleBinding;
+
+// @public
+export interface TrustedAccessRoleBindingsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface TrustedAccessRoleBindingsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type TrustedAccessRoleBindingsGetResponse = TrustedAccessRoleBinding;
+
+// @public
+export interface TrustedAccessRoleBindingsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type TrustedAccessRoleBindingsListNextResponse = TrustedAccessRoleBindingListResult;
+
+// @public
+export interface TrustedAccessRoleBindingsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type TrustedAccessRoleBindingsListResponse = TrustedAccessRoleBindingListResult;
+
+// @public
+export interface TrustedAccessRoleListResult {
+    readonly nextLink?: string;
+    readonly value?: TrustedAccessRole[];
+}
+
+// @public
+export interface TrustedAccessRoleRule {
+    readonly apiGroups?: string[];
+    readonly nonResourceURLs?: string[];
+    readonly resourceNames?: string[];
+    readonly resources?: string[];
+    readonly verbs?: string[];
+}
+
+// @public
+export interface TrustedAccessRoles {
+    list(location: string, options?: TrustedAccessRolesListOptionalParams): PagedAsyncIterableIterator<TrustedAccessRole>;
+}
+
+// @public
+export interface TrustedAccessRolesListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type TrustedAccessRolesListNextResponse = TrustedAccessRoleListResult;
+
+// @public
+export interface TrustedAccessRolesListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type TrustedAccessRolesListResponse = TrustedAccessRoleListResult;
+
 // @public
 export type UpgradeChannel = string;
 
diff --git a/sdk/containerservice/arm-containerservice/rollup.config.js b/sdk/containerservice/arm-containerservice/rollup.config.js
index 3f89d7309da5..9be1955eb7f1 100644
--- a/sdk/containerservice/arm-containerservice/rollup.config.js
+++ b/sdk/containerservice/arm-containerservice/rollup.config.js
@@ -14,14 +14,62 @@ import json from "@rollup/plugin-json";
 
 import nodeBuiltins from "builtin-modules";
 
+/**
+ * Gets the proper configuration needed for rollup's commonJS plugin for @opentelemetry/api.
+ *
+ * NOTE: this manual configuration is only needed because OpenTelemetry uses an
+ * __exportStar downleveled helper function to declare its exports which confuses
+ * rollup's automatic discovery mechanism.
+ *
+ * @returns an object reference that can be `...`'d into your cjs() configuration.
+ */
+export function openTelemetryCommonJs() {
+  const namedExports = {};
+
+  for (const key of [
+    "@opentelemetry/api",
+    "@azure/core-tracing/node_modules/@opentelemetry/api"
+  ]) {
+    namedExports[key] = [
+      "SpanKind",
+      "TraceFlags",
+      "getSpan",
+      "setSpan",
+      "SpanStatusCode",
+      "getSpanContext",
+      "setSpanContext"
+    ];
+  }
+
+  const releasedOpenTelemetryVersions = ["0.10.2", "1.0.0-rc.0"];
+
+  for (const version of releasedOpenTelemetryVersions) {
+    namedExports[
+      // working around a limitation in the rollup common.js plugin - it's not able to resolve these modules so the named exports listed above will not get applied. We have to drill down to the actual path.
+      `../../../common/temp/node_modules/.pnpm/@opentelemetry/api@${version}/node_modules/@opentelemetry/api/build/src/index.js`
+    ] = [
+      "SpanKind",
+      "TraceFlags",
+      "getSpan",
+      "setSpan",
+      "StatusCode",
+      "CanonicalCode",
+      "getSpanContext",
+      "setSpanContext"
+    ];
+  }
+
+  return namedExports;
+}
+
 // #region Warning Handler
 
 /**
- * A function that can determine whether a rollup warning should be ignored. If
+ * A function that can determine whether a rollupwarning should be ignored. If
  * the function returns `true`, then the warning will not be displayed.
  */
 
-function ignoreNiseSinonEval(warning) {
+function ignoreNiseSinonEvalWarnings(warning) {
   return (
     warning.code === "EVAL" &&
     warning.id &&
@@ -30,14 +78,17 @@ function ignoreNiseSinonEval(warning) {
   );
 }
 
-function ignoreChaiCircularDependency(warning) {
+function ignoreChaiCircularDependencyWarnings(warning) {
   return (
     warning.code === "CIRCULAR_DEPENDENCY" &&
     warning.importer && warning.importer.includes("node_modules/chai") === true
   );
 }
 
-const warningInhibitors = [ignoreChaiCircularDependency, ignoreNiseSinonEval];
+const warningInhibitors = [
+  ignoreChaiCircularDependencyWarnings,
+  ignoreNiseSinonEvalWarnings
+];
 
 /**
  * Construct a warning handler for the shared rollup configuration
@@ -71,7 +122,22 @@ function makeBrowserTestConfig() {
       nodeResolve({
         mainFields: ["module", "browser"]
       }),
-      cjs(),
+      cjs({
+        namedExports: {
+          // Chai's strange internal architecture makes it impossible to statically
+          // analyze its exports.
+          chai: [
+            "version",
+            "use",
+            "util",
+            "config",
+            "expect",
+            "should",
+            "assert"
+          ],
+          ...openTelemetryCommonJs()
+        }
+      }),
       json(),
       sourcemaps()
       //viz({ filename: "dist-test/browser-stats.html", sourcemap: true })
@@ -107,7 +173,7 @@ export function makeConfig(pkg, options) {
     ],
     output: { file: "dist/index.js", format: "cjs", sourcemap: true },
     preserveSymlinks: false,
-    plugins: [sourcemaps(), nodeResolve()]
+    plugins: [sourcemaps(), nodeResolve(), cjs()]
   };
 
   const config = [baseConfig];
diff --git a/sdk/containerservice/arm-containerservice/src/containerServiceClient.ts b/sdk/containerservice/arm-containerservice/src/containerServiceClient.ts
index a7ac1f385fa8..53d79dee9d98 100644
--- a/sdk/containerservice/arm-containerservice/src/containerServiceClient.ts
+++ b/sdk/containerservice/arm-containerservice/src/containerServiceClient.ts
@@ -7,7 +7,6 @@
  */
 
 import * as coreClient from "@azure/core-client";
-import * as coreRestPipeline from "@azure/core-rest-pipeline";
 import * as coreAuth from "@azure/core-auth";
 import {
   OperationsImpl,
@@ -18,7 +17,9 @@ import {
   PrivateLinkResourcesImpl,
   ResolvePrivateLinkServiceIdImpl,
   SnapshotsImpl,
-  ManagedClusterSnapshotsImpl
+  ManagedClusterSnapshotsImpl,
+  TrustedAccessRolesImpl,
+  TrustedAccessRoleBindingsImpl
 } from "./operations";
 import {
   Operations,
@@ -29,7 +30,9 @@ import {
   PrivateLinkResources,
   ResolvePrivateLinkServiceId,
   Snapshots,
-  ManagedClusterSnapshots
+  ManagedClusterSnapshots,
+  TrustedAccessRoles,
+  TrustedAccessRoleBindings
 } from "./operationsInterfaces";
 import { ContainerServiceClientOptionalParams } from "./models";
 
@@ -65,7 +68,7 @@ export class ContainerServiceClient extends coreClient.ServiceClient {
       credential: credentials
     };
 
-    const packageDetails = `azsdk-js-arm-containerservice/16.1.0-beta.1`;
+    const packageDetails = `azsdk-js-arm-containerservice/16.1.0-beta.2`;
     const userAgentPrefix =
       options.userAgentOptions && options.userAgentOptions.userAgentPrefix
         ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
@@ -80,39 +83,15 @@ export class ContainerServiceClient extends coreClient.ServiceClient {
       userAgentOptions: {
         userAgentPrefix
       },
-      baseUri:
-        options.endpoint ?? options.baseUri ?? "https://management.azure.com"
+      baseUri: options.endpoint || "https://management.azure.com"
     };
     super(optionsWithDefaults);
-
-    if (options?.pipeline && options.pipeline.getOrderedPolicies().length > 0) {
-      const pipelinePolicies: coreRestPipeline.PipelinePolicy[] = options.pipeline.getOrderedPolicies();
-      const bearerTokenAuthenticationPolicyFound = pipelinePolicies.some(
-        (pipelinePolicy) =>
-          pipelinePolicy.name ===
-          coreRestPipeline.bearerTokenAuthenticationPolicyName
-      );
-      if (!bearerTokenAuthenticationPolicyFound) {
-        this.pipeline.removePolicy({
-          name: coreRestPipeline.bearerTokenAuthenticationPolicyName
-        });
-        this.pipeline.addPolicy(
-          coreRestPipeline.bearerTokenAuthenticationPolicy({
-            scopes: `${optionsWithDefaults.baseUri}/.default`,
-            challengeCallbacks: {
-              authorizeRequestOnChallenge:
-                coreClient.authorizeRequestOnClaimChallenge
-            }
-          })
-        );
-      }
-    }
     // Parameter assignments
     this.subscriptionId = subscriptionId;
 
     // Assigning values to Constant parameters
     this.$host = options.$host || "https://management.azure.com";
-    this.apiVersion = options.apiVersion || "2022-03-02-preview";
+    this.apiVersion = options.apiVersion || "2022-04-02-preview";
     this.operations = new OperationsImpl(this);
     this.managedClusters = new ManagedClustersImpl(this);
     this.maintenanceConfigurations = new MaintenanceConfigurationsImpl(this);
@@ -124,6 +103,8 @@ export class ContainerServiceClient extends coreClient.ServiceClient {
     );
     this.snapshots = new SnapshotsImpl(this);
     this.managedClusterSnapshots = new ManagedClusterSnapshotsImpl(this);
+    this.trustedAccessRoles = new TrustedAccessRolesImpl(this);
+    this.trustedAccessRoleBindings = new TrustedAccessRoleBindingsImpl(this);
   }
 
   operations: Operations;
@@ -135,4 +116,6 @@ export class ContainerServiceClient extends coreClient.ServiceClient {
   resolvePrivateLinkServiceId: ResolvePrivateLinkServiceId;
   snapshots: Snapshots;
   managedClusterSnapshots: ManagedClusterSnapshots;
+  trustedAccessRoles: TrustedAccessRoles;
+  trustedAccessRoleBindings: TrustedAccessRoleBindings;
 }
diff --git a/sdk/containerservice/arm-containerservice/src/models/index.ts b/sdk/containerservice/arm-containerservice/src/models/index.ts
index 2fefc02d087e..e2c8a0800611 100644
--- a/sdk/containerservice/arm-containerservice/src/models/index.ts
+++ b/sdk/containerservice/arm-containerservice/src/models/index.ts
@@ -194,7 +194,7 @@ export interface ManagedClusterAgentPoolProfileProperties {
   maxPods?: number;
   /** The operating system type. The default is Linux. */
   osType?: OSType;
-  /** Specifies an OS SKU. This value must not be specified if OSType is Windows. */
+  /** Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. */
   osSKU?: Ossku;
   /** The maximum number of nodes for auto-scaling */
   maxCount?: number;
@@ -230,6 +230,8 @@ export interface ManagedClusterAgentPoolProfileProperties {
   availabilityZones?: string[];
   /** Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The default is false. */
   enableNodePublicIP?: boolean;
+  /** When set to true, AKS deploys a daemonset and host services to sync custom certificate authorities from a user-provided config map into node trust stores. Defaults to false. */
+  enableCustomCATrust?: boolean;
   /** This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} */
   nodePublicIPPrefixID?: string;
   /** The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'. */
@@ -524,6 +526,8 @@ export interface ManagedClusterOidcIssuerProfile {
 export interface ContainerServiceNetworkProfile {
   /** Network plugin used for building the Kubernetes network. */
   networkPlugin?: NetworkPlugin;
+  /** Network plugin mode used for building the Kubernetes network. */
+  networkPluginMode?: NetworkPluginMode;
   /** Network policy used for building the Kubernetes network. */
   networkPolicy?: NetworkPolicy;
   /** This cannot be specified if networkPlugin is anything other than 'azure'. */
@@ -686,6 +690,10 @@ export interface ManagedClusterAPIServerAccessProfile {
   enablePrivateClusterPublicFqdn?: boolean;
   /** Whether to disable run command for the cluster or not. */
   disableRunCommand?: boolean;
+  /** Whether to enable apiserver vnet integration for the cluster or not. */
+  enableVnetIntegration?: boolean;
+  /** It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable apiserver vnet integration. */
+  subnetId?: string;
 }
 
 /** A private link resource */
@@ -756,6 +764,36 @@ export interface ManagedClusterSecurityProfileWorkloadIdentity {
   enabled?: boolean;
 }
 
+/** Storage profile for the container service cluster. */
+export interface ManagedClusterStorageProfile {
+  /** AzureDisk CSI Driver settings for the storage profile. */
+  diskCSIDriver?: ManagedClusterStorageProfileDiskCSIDriver;
+  /** AzureFile CSI Driver settings for the storage profile. */
+  fileCSIDriver?: ManagedClusterStorageProfileFileCSIDriver;
+  /** Snapshot Controller settings for the storage profile. */
+  snapshotController?: ManagedClusterStorageProfileSnapshotController;
+}
+
+/** AzureDisk CSI Driver settings for the storage profile. */
+export interface ManagedClusterStorageProfileDiskCSIDriver {
+  /** Whether to enable AzureDisk CSI Driver. The default value is true. */
+  enabled?: boolean;
+  /** The version of AzureDisk CSI Driver. The default value is v1. */
+  version?: string;
+}
+
+/** AzureFile CSI Driver settings for the storage profile. */
+export interface ManagedClusterStorageProfileFileCSIDriver {
+  /** Whether to enable AzureFile CSI Driver. The default value is true. */
+  enabled?: boolean;
+}
+
+/** Snapshot Controller settings for the storage profile. */
+export interface ManagedClusterStorageProfileSnapshotController {
+  /** Whether to enable Snapshot Controller. The default value is true. */
+  enabled?: boolean;
+}
+
 /** Ingress profile for the container service cluster. */
 export interface ManagedClusterIngressProfile {
   /** Web App Routing settings for the ingress profile. */
@@ -1185,6 +1223,8 @@ export interface ManagedClusterPropertiesForSnapshot {
 export interface NetworkProfileForSnapshot {
   /** networkPlugin for managed cluster snapshot. */
   networkPlugin?: NetworkPlugin;
+  /** NetworkPluginMode for managed cluster snapshot. */
+  networkPluginMode?: NetworkPluginMode;
   /** networkPolicy for managed cluster snapshot. */
   networkPolicy?: NetworkPolicy;
   /** networkMode for managed cluster snapshot. */
@@ -1193,6 +1233,79 @@ export interface NetworkProfileForSnapshot {
   loadBalancerSku?: LoadBalancerSku;
 }
 
+/** List of trusted access roles */
+export interface TrustedAccessRoleListResult {
+  /**
+   * Role list
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly value?: TrustedAccessRole[];
+  /**
+   * Link to next page of resources.
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly nextLink?: string;
+}
+
+/** Trusted access role definition. */
+export interface TrustedAccessRole {
+  /**
+   * Resource type of Azure resource
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly sourceResourceType?: string;
+  /**
+   * Name of role, name is unique under a source resource type
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly name?: string;
+  /**
+   * List of rules for the role. This maps to 'rules' property of [Kubernetes Cluster Role](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1/#ClusterRole).
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly rules?: TrustedAccessRoleRule[];
+}
+
+/** Rule for trusted access role */
+export interface TrustedAccessRoleRule {
+  /**
+   * List of allowed verbs
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly verbs?: string[];
+  /**
+   * List of allowed apiGroups
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly apiGroups?: string[];
+  /**
+   * List of allowed resources
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly resources?: string[];
+  /**
+   * List of allowed names
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly resourceNames?: string[];
+  /**
+   * List of allowed nonResourceURLs
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly nonResourceURLs?: string[];
+}
+
+/** List of trusted access role bindings */
+export interface TrustedAccessRoleBindingListResult {
+  /** Role binding list */
+  value?: TrustedAccessRoleBinding[];
+  /**
+   * Link to next page of resources.
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly nextLink?: string;
+}
+
 /** Profile for the container service master. */
 export interface ContainerServiceMasterProfile {
   /** Number of masters (VMs) in the container service cluster. Allowed values are 1, 3, and 5. The default value is 1. */
@@ -1233,36 +1346,6 @@ export interface ContainerServiceVMDiagnostics {
   readonly storageUri?: string;
 }
 
-/** Storage profile for the container service cluster. */
-export interface ManagedClusterStorageProfile {
-  /** AzureDisk CSI Driver settings for the storage profile. */
-  diskCSIDriver?: ManagedClusterStorageProfileDiskCSIDriver;
-  /** AzureFile CSI Driver settings for the storage profile. */
-  fileCSIDriver?: ManagedClusterStorageProfileFileCSIDriver;
-  /** Snapshot Controller settings for the storage profile. */
-  snapshotController?: ManagedClusterStorageProfileSnapshotController;
-}
-
-/** AzureDisk CSI Driver settings for the storage profile. */
-export interface ManagedClusterStorageProfileDiskCSIDriver {
-  /** Whether to enable AzureDisk CSI Driver. The default value is true. */
-  enabled?: boolean;
-  /** The version of AzureDisk CSI Driver. The default value is v1. */
-  version?: string;
-}
-
-/** AzureFile CSI Driver settings for the storage profile. */
-export interface ManagedClusterStorageProfileFileCSIDriver {
-  /** Whether to enable AzureFile CSI Driver. The default value is true. */
-  enabled?: boolean;
-}
-
-/** Snapshot Controller settings for the storage profile. */
-export interface ManagedClusterStorageProfileSnapshotController {
-  /** Whether to enable Snapshot Controller. The default value is true. */
-  enabled?: boolean;
-}
-
 /** Profile for the container service agent pool. */
 export type ManagedClusterAgentPoolProfile = ManagedClusterAgentPoolProfileProperties & {
   /** Windows agent pool names must be 6 characters or less. */
@@ -1280,6 +1363,19 @@ export type TrackedResource = Resource & {
   location: string;
 };
 
+/** Defines binding between a resource and role */
+export type TrustedAccessRoleBinding = Resource & {
+  /**
+   * The current provisioning state of trusted access role binding.
+   * NOTE: This property will not be serialized. It can only be populated by the server.
+   */
+  readonly provisioningState?: string;
+  /** The ARM resource ID of source resource that trusted access is configured for. */
+  sourceResourceId: string;
+  /** A list of roles to bind, each item is a resource type qualified role name. For example: 'Microsoft.MachineLearningServices/workspaces/reader'. */
+  roles: string[];
+};
+
 /** See [planned maintenance](https://docs.microsoft.com/azure/aks/planned-maintenance) for more information about planned maintenance. */
 export type MaintenanceConfiguration = SubResource & {
   /**
@@ -1317,7 +1413,7 @@ export type AgentPool = SubResource & {
   maxPods?: number;
   /** The operating system type. The default is Linux. */
   osType?: OSType;
-  /** Specifies an OS SKU. This value must not be specified if OSType is Windows. */
+  /** Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. */
   osSKU?: Ossku;
   /** The maximum number of nodes for auto-scaling */
   maxCount?: number;
@@ -1353,6 +1449,8 @@ export type AgentPool = SubResource & {
   availabilityZones?: string[];
   /** Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The default is false. */
   enableNodePublicIP?: boolean;
+  /** When set to true, AKS deploys a daemonset and host services to sync custom certificate authorities from a user-provided config map into node trust stores. Defaults to false. */
+  enableCustomCATrust?: boolean;
   /** This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} */
   nodePublicIPPrefixID?: string;
   /** The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'. */
@@ -1484,6 +1582,8 @@ export type ManagedCluster = TrackedResource & {
   httpProxyConfig?: ManagedClusterHttpProxyConfig;
   /** Security profile for the managed cluster. */
   securityProfile?: ManagedClusterSecurityProfile;
+  /** Storage profile for the managed cluster. */
+  storageProfile?: ManagedClusterStorageProfile;
   /** Ingress profile for the managed cluster. */
   ingressProfile?: ManagedClusterIngressProfile;
   /** Allow or deny public network access for AKS */
@@ -1518,7 +1618,7 @@ export type Snapshot = TrackedResource & {
    */
   readonly osType?: OSType;
   /**
-   * Specifies an OS SKU. This value must not be specified if OSType is Windows.
+   * Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated.
    * NOTE: This property will not be serialized. It can only be populated by the server.
    */
   readonly osSku?: Ossku;
@@ -1692,7 +1792,9 @@ export type OSType = string;
 /** Known values of {@link Ossku} that the service accepts. */
 export enum KnownOssku {
   Ubuntu = "Ubuntu",
-  CBLMariner = "CBLMariner"
+  CBLMariner = "CBLMariner",
+  Windows2019 = "Windows2019",
+  Windows2022 = "Windows2022"
 }
 
 /**
@@ -1701,7 +1803,9 @@ export enum KnownOssku {
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
  * **Ubuntu** \
- * **CBLMariner**
+ * **CBLMariner** \
+ * **Windows2019** \
+ * **Windows2022**
  */
 export type Ossku = string;
 
@@ -1876,6 +1980,21 @@ export enum KnownNetworkPlugin {
  */
 export type NetworkPlugin = string;
 
+/** Known values of {@link NetworkPluginMode} that the service accepts. */
+export enum KnownNetworkPluginMode {
+  /** Pods are given IPs from the PodCIDR address space but use Azure Routing Domains rather than Kubenet reference plugins host-local and bridge. */
+  Overlay = "Overlay"
+}
+
+/**
+ * Defines values for NetworkPluginMode. \
+ * {@link KnownNetworkPluginMode} can be used interchangeably with NetworkPluginMode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Overlay**: Pods are given IPs from the PodCIDR address space but use Azure Routing Domains rather than Kubenet reference plugins host-local and bridge.
+ */
+export type NetworkPluginMode = string;
+
 /** Known values of {@link NetworkPolicy} that the service accepts. */
 export enum KnownNetworkPolicy {
   /** Use Calico network policies. See [differences between Azure and Calico policies](https://docs.microsoft.com/azure/aks/use-network-policies#differences-between-azure-and-calico-policies-and-their-capabilities) for more information. */
@@ -3008,6 +3127,52 @@ export interface ManagedClusterSnapshotsListByResourceGroupNextOptionalParams
 /** Contains response data for the listByResourceGroupNext operation. */
 export type ManagedClusterSnapshotsListByResourceGroupNextResponse = ManagedClusterSnapshotListResult;
 
+/** Optional parameters. */
+export interface TrustedAccessRolesListOptionalParams
+  extends coreClient.OperationOptions {}
+
+/** Contains response data for the list operation. */
+export type TrustedAccessRolesListResponse = TrustedAccessRoleListResult;
+
+/** Optional parameters. */
+export interface TrustedAccessRolesListNextOptionalParams
+  extends coreClient.OperationOptions {}
+
+/** Contains response data for the listNext operation. */
+export type TrustedAccessRolesListNextResponse = TrustedAccessRoleListResult;
+
+/** Optional parameters. */
+export interface TrustedAccessRoleBindingsListOptionalParams
+  extends coreClient.OperationOptions {}
+
+/** Contains response data for the list operation. */
+export type TrustedAccessRoleBindingsListResponse = TrustedAccessRoleBindingListResult;
+
+/** Optional parameters. */
+export interface TrustedAccessRoleBindingsGetOptionalParams
+  extends coreClient.OperationOptions {}
+
+/** Contains response data for the get operation. */
+export type TrustedAccessRoleBindingsGetResponse = TrustedAccessRoleBinding;
+
+/** Optional parameters. */
+export interface TrustedAccessRoleBindingsCreateOrUpdateOptionalParams
+  extends coreClient.OperationOptions {}
+
+/** Contains response data for the createOrUpdate operation. */
+export type TrustedAccessRoleBindingsCreateOrUpdateResponse = TrustedAccessRoleBinding;
+
+/** Optional parameters. */
+export interface TrustedAccessRoleBindingsDeleteOptionalParams
+  extends coreClient.OperationOptions {}
+
+/** Optional parameters. */
+export interface TrustedAccessRoleBindingsListNextOptionalParams
+  extends coreClient.OperationOptions {}
+
+/** Contains response data for the listNext operation. */
+export type TrustedAccessRoleBindingsListNextResponse = TrustedAccessRoleBindingListResult;
+
 /** Optional parameters. */
 export interface ContainerServiceClientOptionalParams
   extends coreClient.ServiceClientOptions {
diff --git a/sdk/containerservice/arm-containerservice/src/models/mappers.ts b/sdk/containerservice/arm-containerservice/src/models/mappers.ts
index e25358b421cf..60e7aa5b5af9 100644
--- a/sdk/containerservice/arm-containerservice/src/models/mappers.ts
+++ b/sdk/containerservice/arm-containerservice/src/models/mappers.ts
@@ -542,6 +542,12 @@ export const ManagedClusterAgentPoolProfileProperties: coreClient.CompositeMappe
           name: "Boolean"
         }
       },
+      enableCustomCATrust: {
+        serializedName: "enableCustomCATrust",
+        type: {
+          name: "Boolean"
+        }
+      },
       nodePublicIPPrefixID: {
         serializedName: "nodePublicIPPrefixID",
         type: {
@@ -1412,6 +1418,12 @@ export const ContainerServiceNetworkProfile: coreClient.CompositeMapper = {
           name: "String"
         }
       },
+      networkPluginMode: {
+        serializedName: "networkPluginMode",
+        type: {
+          name: "String"
+        }
+      },
       networkPolicy: {
         serializedName: "networkPolicy",
         type: {
@@ -1974,6 +1986,18 @@ export const ManagedClusterAPIServerAccessProfile: coreClient.CompositeMapper =
         type: {
           name: "Boolean"
         }
+      },
+      enableVnetIntegration: {
+        serializedName: "enableVnetIntegration",
+        type: {
+          name: "Boolean"
+        }
+      },
+      subnetId: {
+        serializedName: "subnetId",
+        type: {
+          name: "String"
+        }
       }
     }
   }
@@ -2167,6 +2191,87 @@ export const ManagedClusterSecurityProfileWorkloadIdentity: coreClient.Composite
   }
 };
 
+export const ManagedClusterStorageProfile: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "ManagedClusterStorageProfile",
+    modelProperties: {
+      diskCSIDriver: {
+        serializedName: "diskCSIDriver",
+        type: {
+          name: "Composite",
+          className: "ManagedClusterStorageProfileDiskCSIDriver"
+        }
+      },
+      fileCSIDriver: {
+        serializedName: "fileCSIDriver",
+        type: {
+          name: "Composite",
+          className: "ManagedClusterStorageProfileFileCSIDriver"
+        }
+      },
+      snapshotController: {
+        serializedName: "snapshotController",
+        type: {
+          name: "Composite",
+          className: "ManagedClusterStorageProfileSnapshotController"
+        }
+      }
+    }
+  }
+};
+
+export const ManagedClusterStorageProfileDiskCSIDriver: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "ManagedClusterStorageProfileDiskCSIDriver",
+    modelProperties: {
+      enabled: {
+        serializedName: "enabled",
+        type: {
+          name: "Boolean"
+        }
+      },
+      version: {
+        serializedName: "version",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const ManagedClusterStorageProfileFileCSIDriver: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "ManagedClusterStorageProfileFileCSIDriver",
+    modelProperties: {
+      enabled: {
+        serializedName: "enabled",
+        type: {
+          name: "Boolean"
+        }
+      }
+    }
+  }
+};
+
+export const ManagedClusterStorageProfileSnapshotController: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "ManagedClusterStorageProfileSnapshotController",
+    modelProperties: {
+      enabled: {
+        serializedName: "enabled",
+        type: {
+          name: "Boolean"
+        }
+      }
+    }
+  }
+};
+
 export const ManagedClusterIngressProfile: coreClient.CompositeMapper = {
   type: {
     name: "Composite",
@@ -3185,6 +3290,12 @@ export const NetworkProfileForSnapshot: coreClient.CompositeMapper = {
           name: "String"
         }
       },
+      networkPluginMode: {
+        serializedName: "networkPluginMode",
+        type: {
+          name: "String"
+        }
+      },
       networkPolicy: {
         serializedName: "networkPolicy",
         type: {
@@ -3207,6 +3318,168 @@ export const NetworkProfileForSnapshot: coreClient.CompositeMapper = {
   }
 };
 
+export const TrustedAccessRoleListResult: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "TrustedAccessRoleListResult",
+    modelProperties: {
+      value: {
+        serializedName: "value",
+        readOnly: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "Composite",
+              className: "TrustedAccessRole"
+            }
+          }
+        }
+      },
+      nextLink: {
+        serializedName: "nextLink",
+        readOnly: true,
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const TrustedAccessRole: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "TrustedAccessRole",
+    modelProperties: {
+      sourceResourceType: {
+        serializedName: "sourceResourceType",
+        readOnly: true,
+        type: {
+          name: "String"
+        }
+      },
+      name: {
+        serializedName: "name",
+        readOnly: true,
+        type: {
+          name: "String"
+        }
+      },
+      rules: {
+        serializedName: "rules",
+        readOnly: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "Composite",
+              className: "TrustedAccessRoleRule"
+            }
+          }
+        }
+      }
+    }
+  }
+};
+
+export const TrustedAccessRoleRule: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "TrustedAccessRoleRule",
+    modelProperties: {
+      verbs: {
+        serializedName: "verbs",
+        readOnly: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "String"
+            }
+          }
+        }
+      },
+      apiGroups: {
+        serializedName: "apiGroups",
+        readOnly: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "String"
+            }
+          }
+        }
+      },
+      resources: {
+        serializedName: "resources",
+        readOnly: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "String"
+            }
+          }
+        }
+      },
+      resourceNames: {
+        serializedName: "resourceNames",
+        readOnly: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "String"
+            }
+          }
+        }
+      },
+      nonResourceURLs: {
+        serializedName: "nonResourceURLs",
+        readOnly: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "String"
+            }
+          }
+        }
+      }
+    }
+  }
+};
+
+export const TrustedAccessRoleBindingListResult: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "TrustedAccessRoleBindingListResult",
+    modelProperties: {
+      value: {
+        serializedName: "value",
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "Composite",
+              className: "TrustedAccessRoleBinding"
+            }
+          }
+        }
+      },
+      nextLink: {
+        serializedName: "nextLink",
+        readOnly: true,
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
 export const ContainerServiceMasterProfile: coreClient.CompositeMapper = {
   type: {
     name: "Composite",
@@ -3313,87 +3586,6 @@ export const ContainerServiceVMDiagnostics: coreClient.CompositeMapper = {
   }
 };
 
-export const ManagedClusterStorageProfile: coreClient.CompositeMapper = {
-  type: {
-    name: "Composite",
-    className: "ManagedClusterStorageProfile",
-    modelProperties: {
-      diskCSIDriver: {
-        serializedName: "diskCSIDriver",
-        type: {
-          name: "Composite",
-          className: "ManagedClusterStorageProfileDiskCSIDriver"
-        }
-      },
-      fileCSIDriver: {
-        serializedName: "fileCSIDriver",
-        type: {
-          name: "Composite",
-          className: "ManagedClusterStorageProfileFileCSIDriver"
-        }
-      },
-      snapshotController: {
-        serializedName: "snapshotController",
-        type: {
-          name: "Composite",
-          className: "ManagedClusterStorageProfileSnapshotController"
-        }
-      }
-    }
-  }
-};
-
-export const ManagedClusterStorageProfileDiskCSIDriver: coreClient.CompositeMapper = {
-  type: {
-    name: "Composite",
-    className: "ManagedClusterStorageProfileDiskCSIDriver",
-    modelProperties: {
-      enabled: {
-        serializedName: "enabled",
-        type: {
-          name: "Boolean"
-        }
-      },
-      version: {
-        serializedName: "version",
-        type: {
-          name: "String"
-        }
-      }
-    }
-  }
-};
-
-export const ManagedClusterStorageProfileFileCSIDriver: coreClient.CompositeMapper = {
-  type: {
-    name: "Composite",
-    className: "ManagedClusterStorageProfileFileCSIDriver",
-    modelProperties: {
-      enabled: {
-        serializedName: "enabled",
-        type: {
-          name: "Boolean"
-        }
-      }
-    }
-  }
-};
-
-export const ManagedClusterStorageProfileSnapshotController: coreClient.CompositeMapper = {
-  type: {
-    name: "Composite",
-    className: "ManagedClusterStorageProfileSnapshotController",
-    modelProperties: {
-      enabled: {
-        serializedName: "enabled",
-        type: {
-          name: "Boolean"
-        }
-      }
-    }
-  }
-};
-
 export const ManagedClusterAgentPoolProfile: coreClient.CompositeMapper = {
   type: {
     name: "Composite",
@@ -3448,6 +3640,42 @@ export const TrackedResource: coreClient.CompositeMapper = {
   }
 };
 
+export const TrustedAccessRoleBinding: coreClient.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "TrustedAccessRoleBinding",
+    modelProperties: {
+      ...Resource.type.modelProperties,
+      provisioningState: {
+        serializedName: "properties.provisioningState",
+        readOnly: true,
+        type: {
+          name: "String"
+        }
+      },
+      sourceResourceId: {
+        serializedName: "properties.sourceResourceId",
+        required: true,
+        type: {
+          name: "String"
+        }
+      },
+      roles: {
+        serializedName: "properties.roles",
+        required: true,
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "String"
+            }
+          }
+        }
+      }
+    }
+  }
+};
+
 export const MaintenanceConfiguration: coreClient.CompositeMapper = {
   type: {
     name: "Composite",
@@ -3665,6 +3893,12 @@ export const AgentPool: coreClient.CompositeMapper = {
           name: "Boolean"
         }
       },
+      enableCustomCATrust: {
+        serializedName: "properties.enableCustomCATrust",
+        type: {
+          name: "Boolean"
+        }
+      },
       nodePublicIPPrefixID: {
         serializedName: "properties.nodePublicIPPrefixID",
         type: {
@@ -4047,6 +4281,13 @@ export const ManagedCluster: coreClient.CompositeMapper = {
           className: "ManagedClusterSecurityProfile"
         }
       },
+      storageProfile: {
+        serializedName: "properties.storageProfile",
+        type: {
+          name: "Composite",
+          className: "ManagedClusterStorageProfile"
+        }
+      },
       ingressProfile: {
         serializedName: "properties.ingressProfile",
         type: {
diff --git a/sdk/containerservice/arm-containerservice/src/models/parameters.ts b/sdk/containerservice/arm-containerservice/src/models/parameters.ts
index c83c37a48294..8605437968ed 100644
--- a/sdk/containerservice/arm-containerservice/src/models/parameters.ts
+++ b/sdk/containerservice/arm-containerservice/src/models/parameters.ts
@@ -22,7 +22,8 @@ import {
   PrivateEndpointConnection as PrivateEndpointConnectionMapper,
   PrivateLinkResource as PrivateLinkResourceMapper,
   Snapshot as SnapshotMapper,
-  ManagedClusterSnapshot as ManagedClusterSnapshotMapper
+  ManagedClusterSnapshot as ManagedClusterSnapshotMapper,
+  TrustedAccessRoleBinding as TrustedAccessRoleBindingMapper
 } from "../models/mappers";
 
 export const accept: OperationParameter = {
@@ -52,7 +53,7 @@ export const $host: OperationURLParameter = {
 export const apiVersion: OperationQueryParameter = {
   parameterPath: "apiVersion",
   mapper: {
-    defaultValue: "2022-03-02-preview",
+    defaultValue: "2022-04-02-preview",
     isConstant: true,
     serializedName: "api-version",
     type: {
@@ -295,3 +296,23 @@ export const parameters9: OperationParameter = {
   parameterPath: "parameters",
   mapper: ManagedClusterSnapshotMapper
 };
+
+export const trustedAccessRoleBindingName: OperationURLParameter = {
+  parameterPath: "trustedAccessRoleBindingName",
+  mapper: {
+    constraints: {
+      MaxLength: 36,
+      MinLength: 1
+    },
+    serializedName: "trustedAccessRoleBindingName",
+    required: true,
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const trustedAccessRoleBinding: OperationParameter = {
+  parameterPath: "trustedAccessRoleBinding",
+  mapper: TrustedAccessRoleBindingMapper
+};
diff --git a/sdk/containerservice/arm-containerservice/src/operations/agentPools.ts b/sdk/containerservice/arm-containerservice/src/operations/agentPools.ts
index cef7bd8c5f6f..63205d288f2c 100644
--- a/sdk/containerservice/arm-containerservice/src/operations/agentPools.ts
+++ b/sdk/containerservice/arm-containerservice/src/operations/agentPools.ts
@@ -204,12 +204,10 @@ export class AgentPoolsImpl implements AgentPools {
       { resourceGroupName, resourceName, agentPoolName, parameters, options },
       createOrUpdateOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -294,12 +292,10 @@ export class AgentPoolsImpl implements AgentPools {
       { resourceGroupName, resourceName, agentPoolName, options },
       deleteOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -421,12 +417,10 @@ export class AgentPoolsImpl implements AgentPools {
       { resourceGroupName, resourceName, agentPoolName, options },
       upgradeNodeImageVersionOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
diff --git a/sdk/containerservice/arm-containerservice/src/operations/index.ts b/sdk/containerservice/arm-containerservice/src/operations/index.ts
index 67e60e725e9b..9266846c2a40 100644
--- a/sdk/containerservice/arm-containerservice/src/operations/index.ts
+++ b/sdk/containerservice/arm-containerservice/src/operations/index.ts
@@ -15,3 +15,5 @@ export * from "./privateLinkResources";
 export * from "./resolvePrivateLinkServiceId";
 export * from "./snapshots";
 export * from "./managedClusterSnapshots";
+export * from "./trustedAccessRoles";
+export * from "./trustedAccessRoleBindings";
diff --git a/sdk/containerservice/arm-containerservice/src/operations/managedClusters.ts b/sdk/containerservice/arm-containerservice/src/operations/managedClusters.ts
index d5c53c65fd5b..04555b0df45a 100644
--- a/sdk/containerservice/arm-containerservice/src/operations/managedClusters.ts
+++ b/sdk/containerservice/arm-containerservice/src/operations/managedClusters.ts
@@ -454,12 +454,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, parameters, options },
       createOrUpdateOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -546,12 +544,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, parameters, options },
       updateTagsOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -631,12 +627,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, options },
       deleteOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -715,12 +709,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, parameters, options },
       resetServicePrincipalProfileOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -802,12 +794,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, parameters, options },
       resetAADProfileOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -888,12 +878,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, options },
       rotateClusterCertificatesOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -971,12 +959,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, options },
       rotateServiceAccountSigningKeysOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -1057,12 +1043,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, options },
       stopOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -1144,12 +1128,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, options },
       startOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
@@ -1236,12 +1218,10 @@ export class ManagedClustersImpl implements ManagedClusters {
       { resourceGroupName, resourceName, requestPayload, options },
       runCommandOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
diff --git a/sdk/containerservice/arm-containerservice/src/operations/privateEndpointConnections.ts b/sdk/containerservice/arm-containerservice/src/operations/privateEndpointConnections.ts
index b79ddd490026..03c9e8935226 100644
--- a/sdk/containerservice/arm-containerservice/src/operations/privateEndpointConnections.ts
+++ b/sdk/containerservice/arm-containerservice/src/operations/privateEndpointConnections.ts
@@ -167,12 +167,10 @@ export class PrivateEndpointConnectionsImpl
       },
       deleteOperationSpec
     );
-    const poller = new LroEngine(lro, {
+    return new LroEngine(lro, {
       resumeFrom: options?.resumeFrom,
       intervalInMs: options?.updateIntervalInMs
     });
-    await poller.poll();
-    return poller;
   }
 
   /**
diff --git a/sdk/containerservice/arm-containerservice/src/operations/trustedAccessRoleBindings.ts b/sdk/containerservice/arm-containerservice/src/operations/trustedAccessRoleBindings.ts
new file mode 100644
index 000000000000..d438aa167fb0
--- /dev/null
+++ b/sdk/containerservice/arm-containerservice/src/operations/trustedAccessRoleBindings.ts
@@ -0,0 +1,328 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import { PagedAsyncIterableIterator } from "@azure/core-paging";
+import { TrustedAccessRoleBindings } from "../operationsInterfaces";
+import * as coreClient from "@azure/core-client";
+import * as Mappers from "../models/mappers";
+import * as Parameters from "../models/parameters";
+import { ContainerServiceClient } from "../containerServiceClient";
+import {
+  TrustedAccessRoleBinding,
+  TrustedAccessRoleBindingsListNextOptionalParams,
+  TrustedAccessRoleBindingsListOptionalParams,
+  TrustedAccessRoleBindingsListResponse,
+  TrustedAccessRoleBindingsGetOptionalParams,
+  TrustedAccessRoleBindingsGetResponse,
+  TrustedAccessRoleBindingsCreateOrUpdateOptionalParams,
+  TrustedAccessRoleBindingsCreateOrUpdateResponse,
+  TrustedAccessRoleBindingsDeleteOptionalParams,
+  TrustedAccessRoleBindingsListNextResponse
+} from "../models";
+
+/// <reference lib="esnext.asynciterable" />
+/** Class containing TrustedAccessRoleBindings operations. */
+export class TrustedAccessRoleBindingsImpl
+  implements TrustedAccessRoleBindings {
+  private readonly client: ContainerServiceClient;
+
+  /**
+   * Initialize a new instance of the class TrustedAccessRoleBindings class.
+   * @param client Reference to the service client
+   */
+  constructor(client: ContainerServiceClient) {
+    this.client = client;
+  }
+
+  /**
+   * List trusted access role bindings.
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param options The options parameters.
+   */
+  public list(
+    resourceGroupName: string,
+    resourceName: string,
+    options?: TrustedAccessRoleBindingsListOptionalParams
+  ): PagedAsyncIterableIterator<TrustedAccessRoleBinding> {
+    const iter = this.listPagingAll(resourceGroupName, resourceName, options);
+    return {
+      next() {
+        return iter.next();
+      },
+      [Symbol.asyncIterator]() {
+        return this;
+      },
+      byPage: () => {
+        return this.listPagingPage(resourceGroupName, resourceName, options);
+      }
+    };
+  }
+
+  private async *listPagingPage(
+    resourceGroupName: string,
+    resourceName: string,
+    options?: TrustedAccessRoleBindingsListOptionalParams
+  ): AsyncIterableIterator<TrustedAccessRoleBinding[]> {
+    let result = await this._list(resourceGroupName, resourceName, options);
+    yield result.value || [];
+    let continuationToken = result.nextLink;
+    while (continuationToken) {
+      result = await this._listNext(
+        resourceGroupName,
+        resourceName,
+        continuationToken,
+        options
+      );
+      continuationToken = result.nextLink;
+      yield result.value || [];
+    }
+  }
+
+  private async *listPagingAll(
+    resourceGroupName: string,
+    resourceName: string,
+    options?: TrustedAccessRoleBindingsListOptionalParams
+  ): AsyncIterableIterator<TrustedAccessRoleBinding> {
+    for await (const page of this.listPagingPage(
+      resourceGroupName,
+      resourceName,
+      options
+    )) {
+      yield* page;
+    }
+  }
+
+  /**
+   * List trusted access role bindings.
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param options The options parameters.
+   */
+  private _list(
+    resourceGroupName: string,
+    resourceName: string,
+    options?: TrustedAccessRoleBindingsListOptionalParams
+  ): Promise<TrustedAccessRoleBindingsListResponse> {
+    return this.client.sendOperationRequest(
+      { resourceGroupName, resourceName, options },
+      listOperationSpec
+    );
+  }
+
+  /**
+   * Get a trusted access role binding.
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param trustedAccessRoleBindingName The name of trusted access role binding.
+   * @param options The options parameters.
+   */
+  get(
+    resourceGroupName: string,
+    resourceName: string,
+    trustedAccessRoleBindingName: string,
+    options?: TrustedAccessRoleBindingsGetOptionalParams
+  ): Promise<TrustedAccessRoleBindingsGetResponse> {
+    return this.client.sendOperationRequest(
+      {
+        resourceGroupName,
+        resourceName,
+        trustedAccessRoleBindingName,
+        options
+      },
+      getOperationSpec
+    );
+  }
+
+  /**
+   * Create or update a trusted access role binding
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param trustedAccessRoleBindingName The name of trusted access role binding.
+   * @param trustedAccessRoleBinding A trusted access role binding
+   * @param options The options parameters.
+   */
+  createOrUpdate(
+    resourceGroupName: string,
+    resourceName: string,
+    trustedAccessRoleBindingName: string,
+    trustedAccessRoleBinding: TrustedAccessRoleBinding,
+    options?: TrustedAccessRoleBindingsCreateOrUpdateOptionalParams
+  ): Promise<TrustedAccessRoleBindingsCreateOrUpdateResponse> {
+    return this.client.sendOperationRequest(
+      {
+        resourceGroupName,
+        resourceName,
+        trustedAccessRoleBindingName,
+        trustedAccessRoleBinding,
+        options
+      },
+      createOrUpdateOperationSpec
+    );
+  }
+
+  /**
+   * Delete a trusted access role binding.
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param trustedAccessRoleBindingName The name of trusted access role binding.
+   * @param options The options parameters.
+   */
+  delete(
+    resourceGroupName: string,
+    resourceName: string,
+    trustedAccessRoleBindingName: string,
+    options?: TrustedAccessRoleBindingsDeleteOptionalParams
+  ): Promise<void> {
+    return this.client.sendOperationRequest(
+      {
+        resourceGroupName,
+        resourceName,
+        trustedAccessRoleBindingName,
+        options
+      },
+      deleteOperationSpec
+    );
+  }
+
+  /**
+   * ListNext
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param nextLink The nextLink from the previous successful call to the List method.
+   * @param options The options parameters.
+   */
+  private _listNext(
+    resourceGroupName: string,
+    resourceName: string,
+    nextLink: string,
+    options?: TrustedAccessRoleBindingsListNextOptionalParams
+  ): Promise<TrustedAccessRoleBindingsListNextResponse> {
+    return this.client.sendOperationRequest(
+      { resourceGroupName, resourceName, nextLink, options },
+      listNextOperationSpec
+    );
+  }
+}
+// Operation Specifications
+const serializer = coreClient.createSerializer(Mappers, /* isXml */ false);
+
+const listOperationSpec: coreClient.OperationSpec = {
+  path:
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.TrustedAccessRoleBindingListResult
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [
+    Parameters.$host,
+    Parameters.subscriptionId,
+    Parameters.resourceGroupName,
+    Parameters.resourceName
+  ],
+  headerParameters: [Parameters.accept],
+  serializer
+};
+const getOperationSpec: coreClient.OperationSpec = {
+  path:
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.TrustedAccessRoleBinding
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [
+    Parameters.$host,
+    Parameters.subscriptionId,
+    Parameters.resourceGroupName,
+    Parameters.resourceName,
+    Parameters.trustedAccessRoleBindingName
+  ],
+  headerParameters: [Parameters.accept],
+  serializer
+};
+const createOrUpdateOperationSpec: coreClient.OperationSpec = {
+  path:
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}",
+  httpMethod: "PUT",
+  responses: {
+    200: {
+      bodyMapper: Mappers.TrustedAccessRoleBinding
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.trustedAccessRoleBinding,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [
+    Parameters.$host,
+    Parameters.subscriptionId,
+    Parameters.resourceGroupName,
+    Parameters.resourceName,
+    Parameters.trustedAccessRoleBindingName
+  ],
+  headerParameters: [Parameters.accept, Parameters.contentType],
+  mediaType: "json",
+  serializer
+};
+const deleteOperationSpec: coreClient.OperationSpec = {
+  path:
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}",
+  httpMethod: "DELETE",
+  responses: {
+    200: {},
+    204: {},
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [
+    Parameters.$host,
+    Parameters.subscriptionId,
+    Parameters.resourceGroupName,
+    Parameters.resourceName,
+    Parameters.trustedAccessRoleBindingName
+  ],
+  headerParameters: [Parameters.accept],
+  serializer
+};
+const listNextOperationSpec: coreClient.OperationSpec = {
+  path: "{nextLink}",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.TrustedAccessRoleBindingListResult
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [
+    Parameters.$host,
+    Parameters.subscriptionId,
+    Parameters.resourceGroupName,
+    Parameters.resourceName,
+    Parameters.nextLink
+  ],
+  headerParameters: [Parameters.accept],
+  serializer
+};
diff --git a/sdk/containerservice/arm-containerservice/src/operations/trustedAccessRoles.ts b/sdk/containerservice/arm-containerservice/src/operations/trustedAccessRoles.ts
new file mode 100644
index 000000000000..f92b063034b9
--- /dev/null
+++ b/sdk/containerservice/arm-containerservice/src/operations/trustedAccessRoles.ts
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import { PagedAsyncIterableIterator } from "@azure/core-paging";
+import { TrustedAccessRoles } from "../operationsInterfaces";
+import * as coreClient from "@azure/core-client";
+import * as Mappers from "../models/mappers";
+import * as Parameters from "../models/parameters";
+import { ContainerServiceClient } from "../containerServiceClient";
+import {
+  TrustedAccessRole,
+  TrustedAccessRolesListNextOptionalParams,
+  TrustedAccessRolesListOptionalParams,
+  TrustedAccessRolesListResponse,
+  TrustedAccessRolesListNextResponse
+} from "../models";
+
+/// <reference lib="esnext.asynciterable" />
+/** Class containing TrustedAccessRoles operations. */
+export class TrustedAccessRolesImpl implements TrustedAccessRoles {
+  private readonly client: ContainerServiceClient;
+
+  /**
+   * Initialize a new instance of the class TrustedAccessRoles class.
+   * @param client Reference to the service client
+   */
+  constructor(client: ContainerServiceClient) {
+    this.client = client;
+  }
+
+  /**
+   * List supported trusted access roles.
+   * @param location The name of Azure region.
+   * @param options The options parameters.
+   */
+  public list(
+    location: string,
+    options?: TrustedAccessRolesListOptionalParams
+  ): PagedAsyncIterableIterator<TrustedAccessRole> {
+    const iter = this.listPagingAll(location, options);
+    return {
+      next() {
+        return iter.next();
+      },
+      [Symbol.asyncIterator]() {
+        return this;
+      },
+      byPage: () => {
+        return this.listPagingPage(location, options);
+      }
+    };
+  }
+
+  private async *listPagingPage(
+    location: string,
+    options?: TrustedAccessRolesListOptionalParams
+  ): AsyncIterableIterator<TrustedAccessRole[]> {
+    let result = await this._list(location, options);
+    yield result.value || [];
+    let continuationToken = result.nextLink;
+    while (continuationToken) {
+      result = await this._listNext(location, continuationToken, options);
+      continuationToken = result.nextLink;
+      yield result.value || [];
+    }
+  }
+
+  private async *listPagingAll(
+    location: string,
+    options?: TrustedAccessRolesListOptionalParams
+  ): AsyncIterableIterator<TrustedAccessRole> {
+    for await (const page of this.listPagingPage(location, options)) {
+      yield* page;
+    }
+  }
+
+  /**
+   * List supported trusted access roles.
+   * @param location The name of Azure region.
+   * @param options The options parameters.
+   */
+  private _list(
+    location: string,
+    options?: TrustedAccessRolesListOptionalParams
+  ): Promise<TrustedAccessRolesListResponse> {
+    return this.client.sendOperationRequest(
+      { location, options },
+      listOperationSpec
+    );
+  }
+
+  /**
+   * ListNext
+   * @param location The name of Azure region.
+   * @param nextLink The nextLink from the previous successful call to the List method.
+   * @param options The options parameters.
+   */
+  private _listNext(
+    location: string,
+    nextLink: string,
+    options?: TrustedAccessRolesListNextOptionalParams
+  ): Promise<TrustedAccessRolesListNextResponse> {
+    return this.client.sendOperationRequest(
+      { location, nextLink, options },
+      listNextOperationSpec
+    );
+  }
+}
+// Operation Specifications
+const serializer = coreClient.createSerializer(Mappers, /* isXml */ false);
+
+const listOperationSpec: coreClient.OperationSpec = {
+  path:
+    "/subscriptions/{subscriptionId}/providers/Microsoft.ContainerService/locations/{location}/trustedAccessRoles",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.TrustedAccessRoleListResult
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [
+    Parameters.$host,
+    Parameters.subscriptionId,
+    Parameters.location
+  ],
+  headerParameters: [Parameters.accept],
+  serializer
+};
+const listNextOperationSpec: coreClient.OperationSpec = {
+  path: "{nextLink}",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.TrustedAccessRoleListResult
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [
+    Parameters.$host,
+    Parameters.subscriptionId,
+    Parameters.location,
+    Parameters.nextLink
+  ],
+  headerParameters: [Parameters.accept],
+  serializer
+};
diff --git a/sdk/containerservice/arm-containerservice/src/operationsInterfaces/index.ts b/sdk/containerservice/arm-containerservice/src/operationsInterfaces/index.ts
index 67e60e725e9b..9266846c2a40 100644
--- a/sdk/containerservice/arm-containerservice/src/operationsInterfaces/index.ts
+++ b/sdk/containerservice/arm-containerservice/src/operationsInterfaces/index.ts
@@ -15,3 +15,5 @@ export * from "./privateLinkResources";
 export * from "./resolvePrivateLinkServiceId";
 export * from "./snapshots";
 export * from "./managedClusterSnapshots";
+export * from "./trustedAccessRoles";
+export * from "./trustedAccessRoleBindings";
diff --git a/sdk/containerservice/arm-containerservice/src/operationsInterfaces/trustedAccessRoleBindings.ts b/sdk/containerservice/arm-containerservice/src/operationsInterfaces/trustedAccessRoleBindings.ts
new file mode 100644
index 000000000000..a1849299cbd5
--- /dev/null
+++ b/sdk/containerservice/arm-containerservice/src/operationsInterfaces/trustedAccessRoleBindings.ts
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import { PagedAsyncIterableIterator } from "@azure/core-paging";
+import {
+  TrustedAccessRoleBinding,
+  TrustedAccessRoleBindingsListOptionalParams,
+  TrustedAccessRoleBindingsGetOptionalParams,
+  TrustedAccessRoleBindingsGetResponse,
+  TrustedAccessRoleBindingsCreateOrUpdateOptionalParams,
+  TrustedAccessRoleBindingsCreateOrUpdateResponse,
+  TrustedAccessRoleBindingsDeleteOptionalParams
+} from "../models";
+
+/// <reference lib="esnext.asynciterable" />
+/** Interface representing a TrustedAccessRoleBindings. */
+export interface TrustedAccessRoleBindings {
+  /**
+   * List trusted access role bindings.
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param options The options parameters.
+   */
+  list(
+    resourceGroupName: string,
+    resourceName: string,
+    options?: TrustedAccessRoleBindingsListOptionalParams
+  ): PagedAsyncIterableIterator<TrustedAccessRoleBinding>;
+  /**
+   * Get a trusted access role binding.
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param trustedAccessRoleBindingName The name of trusted access role binding.
+   * @param options The options parameters.
+   */
+  get(
+    resourceGroupName: string,
+    resourceName: string,
+    trustedAccessRoleBindingName: string,
+    options?: TrustedAccessRoleBindingsGetOptionalParams
+  ): Promise<TrustedAccessRoleBindingsGetResponse>;
+  /**
+   * Create or update a trusted access role binding
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param trustedAccessRoleBindingName The name of trusted access role binding.
+   * @param trustedAccessRoleBinding A trusted access role binding
+   * @param options The options parameters.
+   */
+  createOrUpdate(
+    resourceGroupName: string,
+    resourceName: string,
+    trustedAccessRoleBindingName: string,
+    trustedAccessRoleBinding: TrustedAccessRoleBinding,
+    options?: TrustedAccessRoleBindingsCreateOrUpdateOptionalParams
+  ): Promise<TrustedAccessRoleBindingsCreateOrUpdateResponse>;
+  /**
+   * Delete a trusted access role binding.
+   * @param resourceGroupName The name of the resource group. The name is case insensitive.
+   * @param resourceName The name of the managed cluster resource.
+   * @param trustedAccessRoleBindingName The name of trusted access role binding.
+   * @param options The options parameters.
+   */
+  delete(
+    resourceGroupName: string,
+    resourceName: string,
+    trustedAccessRoleBindingName: string,
+    options?: TrustedAccessRoleBindingsDeleteOptionalParams
+  ): Promise<void>;
+}
diff --git a/sdk/containerservice/arm-containerservice/src/operationsInterfaces/trustedAccessRoles.ts b/sdk/containerservice/arm-containerservice/src/operationsInterfaces/trustedAccessRoles.ts
new file mode 100644
index 000000000000..48bad47db1b5
--- /dev/null
+++ b/sdk/containerservice/arm-containerservice/src/operationsInterfaces/trustedAccessRoles.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import { PagedAsyncIterableIterator } from "@azure/core-paging";
+import {
+  TrustedAccessRole,
+  TrustedAccessRolesListOptionalParams
+} from "../models";
+
+/// <reference lib="esnext.asynciterable" />
+/** Interface representing a TrustedAccessRoles. */
+export interface TrustedAccessRoles {
+  /**
+   * List supported trusted access roles.
+   * @param location The name of Azure region.
+   * @param options The options parameters.
+   */
+  list(
+    location: string,
+    options?: TrustedAccessRolesListOptionalParams
+  ): PagedAsyncIterableIterator<TrustedAccessRole>;
+}
diff --git a/sdk/containerservice/arm-containerservice/test/sampleTest.ts b/sdk/containerservice/arm-containerservice/test/sampleTest.ts
new file mode 100644
index 000000000000..7ed89b043e1b
--- /dev/null
+++ b/sdk/containerservice/arm-containerservice/test/sampleTest.ts
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import {
+  env,
+  record,
+  RecorderEnvironmentSetup,
+  Recorder
+} from "@azure-tools/test-recorder";
+import * as assert from "assert";
+
+const recorderEnvSetup: RecorderEnvironmentSetup = {
+  replaceableVariables: {
+    AZURE_CLIENT_ID: "azure_client_id",
+    AZURE_CLIENT_SECRET: "azure_client_secret",
+    AZURE_TENANT_ID: "88888888-8888-8888-8888-888888888888",
+    SUBSCRIPTION_ID: "azure_subscription_id"
+  },
+  customizationsOnRecordings: [
+    (recording: any): any =>
+      recording.replace(
+        /"access_token":"[^"]*"/g,
+        `"access_token":"access_token"`
+      )
+  ],
+  queryParametersToSkip: []
+};
+
+describe("My test", () => {
+  let recorder: Recorder;
+
+  beforeEach(async function() {
+    recorder = record(this, recorderEnvSetup);
+  });
+
+  afterEach(async function() {
+    await recorder.stop();
+  });
+
+  it("sample test", async function() {
+    console.log("Hi, I'm a test!");
+  });
+});
diff --git a/sdk/containerservice/arm-containerservice/tsconfig.json b/sdk/containerservice/arm-containerservice/tsconfig.json
index 5bad5556bbfd..3e6ae96443f3 100644
--- a/sdk/containerservice/arm-containerservice/tsconfig.json
+++ b/sdk/containerservice/arm-containerservice/tsconfig.json
@@ -15,17 +15,11 @@
     ],
     "declaration": true,
     "outDir": "./dist-esm",
-    "importHelpers": true,
-    "paths": {
-      "@azure/arm-containerservice": [
-        "./src/index"
-      ]
-    }
+    "importHelpers": true
   },
   "include": [
     "./src/**/*.ts",
-    "./test/**/*.ts",
-    "samples-dev/**/*.ts"
+    "./test/**/*.ts"
   ],
   "exclude": [
     "node_modules"