Removing Private Key from helm values in CLI Onboarding (Including previous helm v4 changes)#49
Open
jmccormick7 wants to merge 38 commits into
Open
Removing Private Key from helm values in CLI Onboarding (Including previous helm v4 changes)#49jmccormick7 wants to merge 38 commits into
jmccormick7 wants to merge 38 commits into
Conversation
* forcedelete * format * add code owner * mypy
… '2025-08-01-preview' (#17)
…add E2E coverage and improve logging (#20) * add pester tests for connectedk8s cli extension * Pass the force delete param to the API call (#4) * forcedelete * format * add code owner * mypy * Parameterize for airgapped clouds (#5) * Add parameterization for the airgapped clouds * Fix azdev style * MCR path function * azdev, ruff, and mypy --------- Co-authored-by: Matthew McNeal (from Dev Box) <mmcneal@microsoft.com> * Oras client fix to work with different MCRs (#6) Co-authored-by: mmcneal <mmcneal@microsoft.com> * fix CI testcases for nodepool image issues (#8) * update errors for the config and connectivity issues (#11) * update errors * format * style * update python version to 3.13 (#12) * Update cluster diagnostics image to 1.29.3 (#7) * Update cluster diagnostics helm chart to 1.29.3 * Fix lint issues --------- Co-authored-by: bgriddaluru <bharath.griddaluru@microsoft.com> * RBAC deprecation & fix the issue * typo * fix comments * update tests * add pester tests for connectedk8s cli extension * Pass the force delete param to the API call (#4) * forcedelete * format * add code owner * mypy * fix CI testcases for nodepool image issues (#8) * update errors for the config and connectivity issues (#11) * update errors * format * style * update python version to 3.13 (#12) * rebase * fix tests * fix version * fix mypy, lint * fix test * fix test * fix test * fix test * fix test * rename test * deprecate flags * rebase * rebase * bump version for release --------- Co-authored-by: Bavneet Singh <bavneetsingh@microsoft.com> Co-authored-by: Atchut Kumar Barli <atchut@gmail.com> Co-authored-by: mcnealm13 <57726243+mcnealm13@users.noreply.github.com> Co-authored-by: Matthew McNeal (from Dev Box) <mmcneal@microsoft.com> Co-authored-by: Bavneet Singh <33008256+bavneetsingh16@users.noreply.github.com> Co-authored-by: bgriddaluru <117554445+bgriddaluru@users.noreply.github.com> Co-authored-by: bgriddaluru <bharath.griddaluru@microsoft.com> Co-authored-by: vithumma <vithumma@microsoft.com>
* add agc overrides * update gns endpoint * add indentation * fix linter error * fix ruff formatting * move overrides to it's own method * update method * update ruff formatting
* add pester tests for connectedk8s cli extension * Pass the force delete param to the API call (#4) * forcedelete * format * add code owner * mypy * Parameterize for airgapped clouds (#5) * Add parameterization for the airgapped clouds * Fix azdev style * MCR path function * azdev, ruff, and mypy --------- Co-authored-by: Matthew McNeal (from Dev Box) <mmcneal@microsoft.com> * Oras client fix to work with different MCRs (#6) Co-authored-by: mmcneal <mmcneal@microsoft.com> * fix CI testcases for nodepool image issues (#8) * update errors for the config and connectivity issues (#11) * update errors * format * style * update python version to 3.13 (#12) * Update cluster diagnostics image to 1.29.3 (#7) * Update cluster diagnostics helm chart to 1.29.3 * Fix lint issues --------- Co-authored-by: bgriddaluru <bharath.griddaluru@microsoft.com> * RBAC deprecation & fix the issue * typo * fix comments * update tests * add pester tests for connectedk8s cli extension * Pass the force delete param to the API call (#4) * forcedelete * format * add code owner * mypy * fix CI testcases for nodepool image issues (#8) * update errors for the config and connectivity issues (#11) * update errors * format * style * update python version to 3.13 (#12) * rebase * fix tests * fix version * fix mypy, lint * fix test * fix test * fix test * fix test * fix test * rename test * add pester tests for connectedk8s cli extension * Pass the force delete param to the API call (#4) * forcedelete * format * add code owner * mypy * fix CI testcases for nodepool image issues (#8) * update python version to 3.13 (#12) * changes to support gateway association/disassociation for api version '2025-08-01-preview' (#17) * [Azure RBAC] Deprecate 3P mode flags, fix Azure RBAC enablement bug, add E2E coverage and improve logging (#20) * add pester tests for connectedk8s cli extension * Pass the force delete param to the API call (#4) * forcedelete * format * add code owner * mypy * Parameterize for airgapped clouds (#5) * Add parameterization for the airgapped clouds * Fix azdev style * MCR path function * azdev, ruff, and mypy --------- Co-authored-by: Matthew McNeal (from Dev Box) <mmcneal@microsoft.com> * Oras client fix to work with different MCRs (#6) Co-authored-by: mmcneal <mmcneal@microsoft.com> * fix CI testcases for nodepool image issues (#8) * update errors for the config and connectivity issues (#11) * update errors * format * style * update python version to 3.13 (#12) * Update cluster diagnostics image to 1.29.3 (#7) * Update cluster diagnostics helm chart to 1.29.3 * Fix lint issues --------- Co-authored-by: bgriddaluru <bharath.griddaluru@microsoft.com> * RBAC deprecation & fix the issue * typo * fix comments * update tests * add pester tests for connectedk8s cli extension * Pass the force delete param to the API call (#4) * forcedelete * format * add code owner * mypy * fix CI testcases for nodepool image issues (#8) * update errors for the config and connectivity issues (#11) * update errors * format * style * update python version to 3.13 (#12) * rebase * fix tests * fix version * fix mypy, lint * fix test * fix test * fix test * fix test * fix test * rename test * deprecate flags * rebase * rebase * bump version for release --------- Co-authored-by: Bavneet Singh <bavneetsingh@microsoft.com> Co-authored-by: Atchut Kumar Barli <atchut@gmail.com> Co-authored-by: mcnealm13 <57726243+mcnealm13@users.noreply.github.com> Co-authored-by: Matthew McNeal (from Dev Box) <mmcneal@microsoft.com> Co-authored-by: Bavneet Singh <33008256+bavneetsingh16@users.noreply.github.com> Co-authored-by: bgriddaluru <117554445+bgriddaluru@users.noreply.github.com> Co-authored-by: bgriddaluru <bharath.griddaluru@microsoft.com> Co-authored-by: vithumma <vithumma@microsoft.com> * remove breaking change announcement for removed flags --------- Co-authored-by: Bavneet Singh <bavneetsingh@microsoft.com> Co-authored-by: Atchut Kumar Barli <atchut@gmail.com> Co-authored-by: mcnealm13 <57726243+mcnealm13@users.noreply.github.com> Co-authored-by: Matthew McNeal (from Dev Box) <mmcneal@microsoft.com> Co-authored-by: Bavneet Singh <33008256+bavneetsingh16@users.noreply.github.com> Co-authored-by: bgriddaluru <117554445+bgriddaluru@users.noreply.github.com> Co-authored-by: bgriddaluru <bharath.griddaluru@microsoft.com> Co-authored-by: vithumma <vithumma@microsoft.com>
* adjusting arm64 support * editing * adding * Revert k8s-extension changes from this repo * changes * changing order * fix ruff: ternary for arch, remove unused artifactTag * fix ruff format * fix mypy type: ignore comments in _utils.py * raise CLIInternalError instead of silent fallbacks in _resolve_helm_pull_target * use requests instead of oras internals for manifest resolution * add MCR anonymous bearer token auth for manifest resolution * fix MCR resolution: add Accept header, fetch child manifests for annotations
the tests passed, the typecheck and extension index failures are not relevant to this PR * switch * fixswitch * addhelm4test * specificexception
…bump HELM_VERSION to v3.20.1
added 8 commits
May 13, 2026 11:08
jmccormick7
requested review from
anagg929,
atchutbarli,
bavneetsingh16,
bgriddaluru and
dipti-pai
as code owners
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
CodeGen Tools Feedback CollectionThank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey |
Author
Per-library findings on compatability between
|
| version | getheaders present |
|---|---|
| 1.26.18 | yes |
| 2.0.7 | yes |
| 2.1.0 | yes |
| 2.2.3 | yes |
| 2.3.0 | yes |
| 2.4.0 | yes |
| 2.5.0 | yes |
| 2.6.0 | NO |
| 2.6.3 | yes |
| 2.7.0 | yes |
kubernetes: does ApiException.init call .getheaders()?
| version | calls getheaders |
|---|---|
| 18.20.0 | yes |
| 20.13.0 | yes |
| 22.6.0 | yes |
| 24.2.0 | yes |
| 26.1.0 | yes |
| 27.2.0 | yes |
| 28.1.0 | yes |
| 29.0.0 | yes |
| 30.1.0 | yes |
| 31.0.0 | yes |
| 32.0.1 | yes |
Compatibility matrix — X = crashes without shim
| kubernetes \ urllib3 | 1.26.18 | 2.0.7 | 2.1.0 | 2.2.3 | 2.3.0 | 2.4.0 | 2.5.0 | 2.6.0 | 2.6.3 | 2.7.0 |
|---|---|---|---|---|---|---|---|---|---|---|
| 18.20.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 20.13.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 22.6.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 24.2.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 26.1.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 27.2.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 28.1.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 29.0.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 30.1.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 31.0.0 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
| 32.0.1 | ok | ok | ok | ok | ok | ok | ok | X | ok | ok |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a step in the onboarding flow for future agents to insert the onboardingPrivateKey directly as a kubernetes secret instead of relying on helm and the helm values. This secures the key appropriately without exposing the key to the helm values. As a result of e2e failures due to a broken
urllib3dependeny, this also adds a 6-line shim in azext_connectedk8s/init.py that, at extension load time, re-attachesHTTPResponse.getheaders(returningself.headers) only if it's missing. No-op on every urllib3 version that still has the alias; transparently fixes the broken 2.6.0 build and any future regression of the same shape.This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.