mgmt aks, support FIPS-enable OS for agent pool machines (Azure#33944)

XiaofeiCao · web-flow · commit 4221741def53 · 2023-03-09T15:16:11.000+08:00
* test case

* support FIPS

* session records

* changelog

* javadoc
diff --git a/sdk/resourcemanager/azure-resourcemanager-containerservice/CHANGELOG.md b/sdk/resourcemanager/azure-resourcemanager-containerservice/CHANGELOG.md
@@ -3,12 +3,7 @@
 ## 2.25.0-beta.1 (Unreleased)
 
 ### Features Added
-
-### Breaking Changes
-
-### Bugs Fixed
-
-### Other Changes
+- Supported FIPS-enabled OS for agent pool machines.
 
 ## 2.24.0 (2023-02-17)
 
diff --git a/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/implementation/KubernetesClusterAgentPoolImpl.java b/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/implementation/KubernetesClusterAgentPoolImpl.java
@@ -173,6 +173,11 @@ public Map<String, String> tags() {
             : Collections.unmodifiableMap(innerModel().tags());
     }
 
+    @Override
+    public boolean isFipsEnabled() {
+        return ResourceManagerUtils.toPrimitiveBoolean(innerModel().enableFips());
+    }
+
 //    @Override
 //    public void start() {
 //        startAsync().block();
@@ -414,4 +419,10 @@ public KubernetesClusterAgentPoolImpl withoutTag(String key) {
         }
         return this;
     }
+
+    @Override
+    public KubernetesClusterAgentPoolImpl withFipsEnabled() {
+        innerModel().withEnableFips(true);
+        return this;
+    }
 }
diff --git a/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/models/AgentPool.java b/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/models/AgentPool.java
@@ -91,4 +91,11 @@ public interface AgentPool extends HasName {
      * @return the tags of the agents.
      */
     Map<String, String> tags();
+
+    /**
+     * @return whether FIPS-enabled OS is been used for agent pool's machines
+     * @see <a href="https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview">
+     *     Add a FIPS-enabled node pool</a> for more details.
+     */
+    boolean isFipsEnabled();
 }
diff --git a/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/models/AgentPoolData.java b/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/models/AgentPoolData.java
@@ -231,6 +231,14 @@ public KubeletDiskType kubeletDiskType() {
         return innerModel().kubeletDiskType();
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isFipsEnabled() {
+        return ResourceManagerUtils.toPrimitiveBoolean(innerModel().enableFips());
+    }
+
     /**
      * {@inheritDoc}
      */
@@ -487,6 +495,18 @@ public AgentPoolData withTag(String key, String value) {
         return this;
     }
 
+    /**
+     * Specify to use an FIPS-enabled OS for agent pool machines.
+     *
+     * @return the AgentPoolData object itself
+     * @see <a href="https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview">
+     *     Add a FIPS-enabled node pool</a> for more details.
+     */
+    public AgentPoolData withFipsEnabled() {
+        innerModel().withEnableFips(true);
+        return this;
+    }
+
     /**
      * {@inheritDoc}
      */
diff --git a/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/models/KubernetesClusterAgentPool.java b/sdk/resourcemanager/azure-resourcemanager-containerservice/src/main/java/com/azure/resourcemanager/containerservice/models/KubernetesClusterAgentPool.java
@@ -435,6 +435,22 @@ interface WithDiskType<ParentT> {
             WithAttach<ParentT> withKubeletDiskType(KubeletDiskType kubeletDiskType);
         }
 
+        /**
+         * The stage of a container service agent pool definition allowing to specify FIPS-enabled OS for an agent pool machines.
+         *
+         * @param <ParentT> the stage of the container service definition to return to after attaching this definition
+         */
+        interface WithFips<ParentT> {
+            /**
+             * Specify to use an FIPS-enabled OS for agent pool machines.
+             *
+             * @return the next stage of the definition
+             * @see <a href="https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview">
+             *     Add a FIPS-enabled node pool</a> for more details.
+             */
+            WithAttach<ParentT> withFipsEnabled();
+        }
+
         /**
          * The final stage of a container service agent pool definition. At this stage, any remaining optional settings
          * can be specified, or the container service agent pool can be attached to the parent container service
@@ -456,6 +472,7 @@ interface WithAttach<ParentT>
                 WithVMPriority<ParentT>,
                 WithBillingProfile<ParentT>,
                 WithDiskType<ParentT>,
+                WithFips<ParentT>,
                 WithTags<ParentT>,
                 Attachable.InDefinition<ParentT> {
         }
diff --git a/sdk/resourcemanager/azure-resourcemanager-containerservice/src/test/java/com/azure/resourcemanager/containerservice/KubernetesClustersTests.java b/sdk/resourcemanager/azure-resourcemanager-containerservice/src/test/java/com/azure/resourcemanager/containerservice/KubernetesClustersTests.java
@@ -474,4 +474,54 @@ public void testBeginCreateAgentPool() {
         Assertions.assertEquals("Succeeded", agentPool.provisioningState());
         Assertions.assertEquals(agentPoolName1, agentPool.name());
     }
+
+    @Test
+    public void testFipsEnabled() {
+        String aksName = generateRandomResourceName("aks", 15);
+        String dnsPrefix = generateRandomResourceName("dns", 10);
+        String agentPoolName = generateRandomResourceName("ap0", 10);
+        String agentPoolName1 = generateRandomResourceName("ap1", 10);
+        String agentPoolName2 = generateRandomResourceName("ap2", 10);
+
+        // create cluster
+        KubernetesCluster kubernetesCluster = containerServiceManager.kubernetesClusters().define(aksName)
+            .withRegion(Region.US_CENTRAL)
+            .withExistingResourceGroup(rgName)
+            .withDefaultVersion()
+            .withRootUsername("testaks")
+            .withSshKey(SSH_KEY)
+            .withSystemAssignedManagedServiceIdentity()
+            .defineAgentPool(agentPoolName)
+                .withVirtualMachineSize(ContainerServiceVMSizeTypes.STANDARD_D2_V2)
+                .withAgentPoolVirtualMachineCount(1)
+                .withAgentPoolType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
+                .withAgentPoolMode(AgentPoolMode.SYSTEM)
+                .attach()
+            .defineAgentPool(agentPoolName1)
+                .withVirtualMachineSize(ContainerServiceVMSizeTypes.STANDARD_D2_V2)
+                .withAgentPoolVirtualMachineCount(1)
+                .withAgentPoolType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
+                .withAgentPoolMode(AgentPoolMode.USER)
+                .withFipsEnabled() // enable FIPS
+                .attach()
+            .withDnsPrefix("mp1" + dnsPrefix)
+            .create();
+
+        Assertions.assertFalse(kubernetesCluster.agentPools().get(agentPoolName).isFipsEnabled());
+        Assertions.assertTrue(kubernetesCluster.agentPools().get(agentPoolName1).isFipsEnabled());
+
+        // create a new agent pool with FIPS enabled
+        AgentPoolData request = new AgentPoolData()
+            .withVirtualMachineSize(ContainerServiceVMSizeTypes.STANDARD_D2_V2)
+            .withAgentPoolVirtualMachineCount(1)
+            .withAgentPoolType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
+            .withAgentPoolMode(AgentPoolMode.USER)
+            .withFipsEnabled();
+
+        AgentPool agentPool3 = kubernetesCluster.beginCreateAgentPool(agentPoolName2, request).getFinalResult();
+        Assertions.assertTrue(agentPool3.isFipsEnabled());
+
+        kubernetesCluster.refresh();
+        Assertions.assertTrue(kubernetesCluster.agentPools().get(agentPoolName2).isFipsEnabled());
+    }
 }
diff --git a/sdk/resourcemanager/azure-resourcemanager-containerservice/src/test/resources/session-records/KubernetesClustersTests.testFipsEnabled.json b/sdk/resourcemanager/azure-resourcemanager-containerservice/src/test/resources/session-records/KubernetesClustersTests.testFipsEnabled.json

Original file line number	Diff line number	Diff line change
`@@ -173,6 +173,11 @@ public Map<String, String> tags() {`
`173`	`173`	`: Collections.unmodifiableMap(innerModel().tags());`
`174`	`174`	`}`
`175`	`175`
	`176`	`+ @Override`
	`177`	`+ public boolean isFipsEnabled() {`
	`178`	`+ return ResourceManagerUtils.toPrimitiveBoolean(innerModel().enableFips());`
	`179`	`+ }`
	`180`	`+`
`176`	`181`	`// @Override`
`177`	`182`	`// public void start() {`
`178`	`183`	`// startAsync().block();`
`@@ -414,4 +419,10 @@ public KubernetesClusterAgentPoolImpl withoutTag(String key) {`
`414`	`419`	`}`
`415`	`420`	`return this;`
`416`	`421`	`}`
	`422`	`+`
	`423`	`+ @Override`
	`424`	`+ public KubernetesClusterAgentPoolImpl withFipsEnabled() {`
	`425`	`+ innerModel().withEnableFips(true);`
	`426`	`+ return this;`
	`427`	`+ }`
`417`	`428`	`}`