Zetia/fix ssl secret flag (Azure#224)

* fix bug: update operation doesn't respect sslSecret parameter * fix bug: update operation doesn't respect sslSecret parameter * fix typo
ms-hujia · Mar 22, 2023 · e09dcc6 · e09dcc6
1 parent 03d9b63
commit e09dcc6
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/src/k8s-extension/HISTORY.rst b/src/k8s-extension/HISTORY.rst
@@ -3,6 +3,10 @@
 Release History
 ===============
 
+1.4.1
+++++++++++++++++++
+* microsoft.azureml.kubernetes: Fix sslSecret parameter in update operation
+
 1.4.0
 ++++++++++++++++++
 * microsoft.dapr: Update version comparison logic to use semver based comparison

diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
@@ -366,14 +366,17 @@ def Update(self, cmd, resource_group_name, cluster_name, auto_upgrade_minor_vers
 
             configuration_protected_settings = _dereference(self.reference_mapping, configuration_protected_settings)
 
-            if self.sslKeyPemFile in configuration_protected_settings and \
-                    self.sslCertPemFile in configuration_protected_settings:
-                logger.info(f"Both {self.sslKeyPemFile} and {self.sslCertPemFile} are set, update ssl key.")
-                fe_ssl_cert_file = configuration_protected_settings.get(self.sslCertPemFile)
-                fe_ssl_key_file = configuration_protected_settings.get(self.sslKeyPemFile)
-
-                if fe_ssl_cert_file and fe_ssl_key_file:
-                    self.__set_inference_ssl_from_file(configuration_protected_settings, fe_ssl_cert_file, fe_ssl_key_file)
+        fe_ssl_secret = _get_value_from_config_protected_config(
+            self.SSL_SECRET, configuration_settings, configuration_protected_settings)
+        fe_ssl_cert_file = configuration_protected_settings.get(self.sslCertPemFile)
+        fe_ssl_key_file = configuration_protected_settings.get(self.sslKeyPemFile)
+        # always take ssl key/cert first, then secret if key/cert file is not provided
+        if fe_ssl_cert_file and fe_ssl_key_file:
+            logger.info(f"Both {self.sslKeyPemFile} and {self.sslCertPemFile} are set, updating ssl key.")
+            self.__set_inference_ssl_from_file(configuration_protected_settings, fe_ssl_cert_file, fe_ssl_key_file)
+        elif fe_ssl_secret:
+            logger.info(f"{self.SSL_SECRET} is set, updating ssl secret.")
+            self.__set_inference_ssl_from_secret(configuration_settings, fe_ssl_secret)
 
         # if no entries are existed in configuration_protected_settings, configuration_settings, return whatever passed
         #  in the Update function(empty dict or None).