From e09dcc64dbc26a90d172cab14f010cd7f6c49adb Mon Sep 17 00:00:00 2001 From: Zeliang Tian <83852443+zetiaatgithub@users.noreply.github.com> Date: Thu, 23 Mar 2023 04:52:13 +0800 Subject: [PATCH] Zetia/fix ssl secret flag (#224) * fix bug: update operation doesn't respect sslSecret parameter * fix bug: update operation doesn't respect sslSecret parameter * fix typo --- src/k8s-extension/HISTORY.rst | 4 ++++ .../partner_extensions/AzureMLKubernetes.py | 19 +++++++++++-------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/k8s-extension/HISTORY.rst b/src/k8s-extension/HISTORY.rst index 66cd5aea491..66d0de1c583 100644 --- a/src/k8s-extension/HISTORY.rst +++ b/src/k8s-extension/HISTORY.rst @@ -3,6 +3,10 @@ Release History =============== +1.4.1 +++++++++++++++++++ +* microsoft.azureml.kubernetes: Fix sslSecret parameter in update operation + 1.4.0 ++++++++++++++++++ * microsoft.dapr: Update version comparison logic to use semver based comparison diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py index e0e88de3851..acd60254d91 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py @@ -366,14 +366,17 @@ def Update(self, cmd, resource_group_name, cluster_name, auto_upgrade_minor_vers configuration_protected_settings = _dereference(self.reference_mapping, configuration_protected_settings) - if self.sslKeyPemFile in configuration_protected_settings and \ - self.sslCertPemFile in configuration_protected_settings: - logger.info(f"Both {self.sslKeyPemFile} and {self.sslCertPemFile} are set, update ssl key.") - fe_ssl_cert_file = configuration_protected_settings.get(self.sslCertPemFile) - fe_ssl_key_file = configuration_protected_settings.get(self.sslKeyPemFile) - - if fe_ssl_cert_file and fe_ssl_key_file: - self.__set_inference_ssl_from_file(configuration_protected_settings, fe_ssl_cert_file, fe_ssl_key_file) + fe_ssl_secret = _get_value_from_config_protected_config( + self.SSL_SECRET, configuration_settings, configuration_protected_settings) + fe_ssl_cert_file = configuration_protected_settings.get(self.sslCertPemFile) + fe_ssl_key_file = configuration_protected_settings.get(self.sslKeyPemFile) + # always take ssl key/cert first, then secret if key/cert file is not provided + if fe_ssl_cert_file and fe_ssl_key_file: + logger.info(f"Both {self.sslKeyPemFile} and {self.sslCertPemFile} are set, updating ssl key.") + self.__set_inference_ssl_from_file(configuration_protected_settings, fe_ssl_cert_file, fe_ssl_key_file) + elif fe_ssl_secret: + logger.info(f"{self.SSL_SECRET} is set, updating ssl secret.") + self.__set_inference_ssl_from_secret(configuration_settings, fe_ssl_secret) # if no entries are existed in configuration_protected_settings, configuration_settings, return whatever passed # in the Update function(empty dict or None).