[AKS] Revert azure defender addon changes from AKS-Preview (Azure#3474)

* Added azureDefender addon to aks-preview

* added history.md note

* Update src/aks-preview/HISTORY.md

* Revert AzureDefender addon changes from AKS Preview

* finalize revert aks azure defender addon changes

* resolved comments

* Trigger Build

* Update src/aks-preview/azext_aks_preview/custom.py

Co-authored-by: kai ru <69238381+kairu-ms@users.noreply.github.com>

* Update setup.py

* Update HISTORY.md

* Update HISTORY.md

* Update setup.py

* Update HISTORY.md

* Update HISTORY.md

* Update setup.py

Co-authored-by: Feng Zhou <55177366+fengzhou-msft@users.noreply.github.com>
Co-authored-by: kai ru <69238381+kairu-ms@users.noreply.github.com>

Author: 3 people

src/aks-preview/HISTORY.md

@@ -2,6 +2,10 @@
 
 Release History
 ===============
+0.5.19
++++++
+* Remove azure-defender from list of available addons to install via `az aks enable-addons` command
+
 0.5.18
 +++++
 * Fix issue with node config not consuming logging settings

src/aks-preview/azext_aks_preview/_consts.py

@@ -64,12 +64,7 @@
 CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME = "azureKeyvaultSecretsProvider"
 CONST_SECRET_ROTATION_ENABLED = "enableSecretRotation"
 
-# Azure Defender addon configuration keys
-CONST_AZURE_DEFENDER_ADDON_NAME = "azureDefender"
-CONST_AZURE_DEFENDER_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID = CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID
-
 ADDONS = {
-    'azure-defender': CONST_AZURE_DEFENDER_ADDON_NAME,
     'http_application_routing': CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME,
     'monitoring': CONST_MONITORING_ADDON_NAME,
     'virtual-node': CONST_VIRTUAL_NODE_ADDON_NAME,

src/aks-preview/azext_aks_preview/_help.py

@@ -171,7 +171,6 @@
                 open-service-mesh               - enable Open Service Mesh addon (PREVIEW).
                 gitops                          - enable GitOps (PREVIEW).
                 azure-keyvault-secrets-provider - enable Azure Keyvault Secrets Provider addon (PREVIEW).
-                azure-defender                  - enable Azure Defender addon (PREVIEW).
         - name: --disable-rbac
           type: bool
           short-summary: Disable Kubernetes Role-Based Access Control.
@@ -386,7 +385,6 @@
           text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad --enable-azure-rbac
         - name: Create a kubernetes cluster with a specific os-sku
           text: az aks create -g MyResourceGroup -n MyManagedCluster --os-sku Ubuntu
-
 """.format(sp_cache=AKS_SERVICE_PRINCIPAL_CACHE)
 
 helps['aks scale'] = """
@@ -1037,8 +1035,6 @@
         open-service-mesh               - enable Open Service Mesh addon (PREVIEW).
         gitops                          - enable GitOps (PREVIEW).
         azure-keyvault-secrets-provider - enable Azure Keyvault Secrets Provider addon (PREVIEW).
-        azure-defender                  - enable Azure Defender addon (PREVIEW).
-
 parameters:
   - name: --addons -a
     type: string
@@ -1083,9 +1079,6 @@
   - name: Enable open-service-mesh addon.
     text: az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons open-service-mesh
     crafted: true
-  - name: Enable azure-defender addon with workspace resourceId.
-    text: az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons azure-defender --workspace-resource-id WorkspaceResourceId
-    crafted: true
 """
 
 helps['aks get-versions'] = """

src/aks-preview/azext_aks_preview/custom.py

@@ -114,7 +114,6 @@
 from ._consts import CONST_CONFCOM_ADDON_NAME, CONST_ACC_SGX_QUOTE_HELPER_ENABLED
 from ._consts import CONST_OPEN_SERVICE_MESH_ADDON_NAME
 from ._consts import CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME, CONST_SECRET_ROTATION_ENABLED
-from ._consts import CONST_AZURE_DEFENDER_ADDON_NAME, CONST_AZURE_DEFENDER_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID
 from ._consts import CONST_MANAGED_IDENTITY_OPERATOR_ROLE, CONST_MANAGED_IDENTITY_OPERATOR_ROLE_ID
 from ._consts import ADDONS
 from .maintenanceconfiguration import aks_maintenanceconfiguration_update_internal
@@ -2408,24 +2407,21 @@ def _handle_addons_args(cmd,  # pylint: disable=too-many-statements
             enabled=True)
         addons.remove('kube-dashboard')
     # TODO: can we help the user find a workspace resource ID?
-    if 'monitoring' in addons or 'azure-defender' in addons:
+    if 'monitoring' in addons:
         if not workspace_resource_id:
             # use default workspace if exists else create default workspace
             workspace_resource_id = _ensure_default_log_analytics_workspace_for_monitoring(
                 cmd, subscription_id, resource_group_name)
 
         workspace_resource_id = _sanitize_loganalytics_ws_resource_id(workspace_resource_id)
 
-        if 'monitoring' in addons:
-            addon_profiles[CONST_MONITORING_ADDON_NAME] = ManagedClusterAddonProfile(enabled=True, config={CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID: workspace_resource_id})
-            addons.remove('monitoring')
-        if 'azure-defender' in addons:
-            addon_profiles[CONST_AZURE_DEFENDER_ADDON_NAME] = ManagedClusterAddonProfile(enabled=True, config={CONST_AZURE_DEFENDER_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID: workspace_resource_id})
-            addons.remove('azure-defender')
-    # error out if '--enable-addons=monitoring/azure-defender' isn't set but workspace_resource_id is
+        addon_profiles[CONST_MONITORING_ADDON_NAME] = ManagedClusterAddonProfile(enabled=True, config={CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID: workspace_resource_id})
+        addons.remove('monitoring')
+
+    # error out if '--enable-addons=monitoring' isn't set but workspace_resource_id is
     elif workspace_resource_id:
         raise CLIError(
-            '"--workspace-resource-id" requires "--enable-addons [monitoring/azure-defender]".')
+            '"--workspace-resource-id" requires "--enable-addons monitoring".')
     if 'azure-policy' in addons:
         addon_profiles[CONST_AZURE_POLICY_ADDON_NAME] = ManagedClusterAddonProfile(
             enabled=True)
@@ -3383,11 +3379,11 @@ def _update_addons(cmd,  # pylint: disable=too-many-branches,too-many-statements
             addon_profile = addon_profiles.get(
                 addon, ManagedClusterAddonProfile(enabled=False))
             # special config handling for certain addons
-            if addon in [CONST_MONITORING_ADDON_NAME, CONST_AZURE_DEFENDER_ADDON_NAME]:
-                logAnalyticsConstName = CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID if addon == CONST_MONITORING_ADDON_NAME else CONST_AZURE_DEFENDER_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID
+            if addon == CONST_MONITORING_ADDON_NAME:
+                logAnalyticsConstName = CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID
                 if addon_profile.enabled:
-                    raise CLIError(f'The {addon} addon is already enabled for this managed cluster.\n'
-                                   f'To change {addon} configuration, run "az aks disable-addons -a {addon}"'
+                    raise CLIError('The monitoring addon is already enabled for this managed cluster.\n'
+                                   'To change monitoring configuration, run "az aks disable-addons -a monitoring"'
                                    'before enabling it again.')
                 if not workspace_resource_id:
                     workspace_resource_id = _ensure_default_log_analytics_workspace_for_monitoring(

src/aks-preview/setup.py

@@ -8,7 +8,7 @@
 from codecs import open as open1
 from setuptools import setup, find_packages
 
-VERSION = "0.5.18"
+VERSION = "0.5.19"
 CLASSIFIERS = [
     'Development Status :: 4 - Beta',
     'Intended Audience :: Developers',