Skip to content

[AKS] Support EntraID SSH #9329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 28, 2025
Merged

[AKS] Support EntraID SSH #9329

merged 3 commits into from
Oct 28, 2025

Conversation

@norshtein
Copy link
Member

@norshtein norshtein commented Oct 23, 2025

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

General Guidelines

  • Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
  • Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
  • My extension version conforms to the Extension version schema

For new extensions:

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

Copilot AI review requested due to automatic review settings October 23, 2025 07:14
@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Oct 23, 2025
edited
Loading

❌Azure CLI Extensions Breaking Change Test
❌aks-preview
rule cmd_name rule_message suggest_message
1010 - ParaPropUpdate aks nodepool add cmd aks nodepool add update parameter spot_max_price: updated property default from nan to nan please change property default from nan to nan for parameter spot_max_price of cmd aks nodepool add
⚠️ 1010 - ParaPropUpdate aks create cmd aks create update parameter ssh_access: updated property choices from ['disabled', 'localuser'] to ['disabled', 'entraid', 'localuser']
⚠️ 1010 - ParaPropUpdate aks nodepool add cmd aks nodepool add update parameter ssh_access: updated property choices from ['disabled', 'localuser'] to ['disabled', 'entraid', 'localuser']
⚠️ 1010 - ParaPropUpdate aks nodepool update cmd aks nodepool update update parameter ssh_access: updated property choices from ['disabled', 'localuser'] to ['disabled', 'entraid', 'localuser']

@yonzhan
Copy link
Collaborator

yonzhan commented Oct 23, 2025

Thank you for your contribution! We will review the pull request and get back to you soon.

Copilot AI reviewed Oct 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for EntraID SSH authentication in AKS by introducing a new entraid option for the --ssh-access parameter. This expands the existing SSH access modes (localuser and disabled) to include EntraID-based authentication.

Key Changes:

  • Added entraid as a new SSH access option alongside existing localuser and disabled options
  • Comprehensive test coverage for EntraID SSH functionality including cluster creation, nodepool updates, and new nodepool addition
  • Version bumped to 19.0.0b6

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/aks-preview/setup.py Version bump from 19.0.0b5 to 19.0.0b6
src/aks-preview/azext_aks_preview/_consts.py Added CONST_SSH_ACCESS_ENTRAID constant
src/aks-preview/azext_aks_preview/_params.py Imported and added entraid to ssh_accesses list
src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py Added comprehensive test for EntraID SSH feature
src/aks-preview/HISTORY.rst Added release notes for version 19.0.0b6

@github-actions
Copy link

github-actions bot commented Oct 23, 2025

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

@github-actions
Copy link

github-actions bot commented Oct 23, 2025
edited
Loading

Hi @norshtein

Release Suggestions

Module: aks-preview

  • Update VERSION to 19.0.0b7 in src/aks-preview/setup.py

Notes

@FumingZhang
Copy link
Member

FumingZhang commented Oct 23, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 23, 2025

Azure Pipelines successfully started running 2 pipeline(s).

FumingZhang
FumingZhang reviewed Oct 23, 2025
View reviewed changes
src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py

@AllowLargeResponse()
@AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap')
def test_aks_entraid_ssh(self, resource_group, resource_group_location):
Copy link
Member

@FumingZhang FumingZhang Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Queued live test to validate the change.

@norshtein
Copy link
Member Author

norshtein commented Oct 24, 2025

@FumingZhang I noticed the live test failed because the code change is not rolled out to selected region "westus2" yet. Could you help queue a test in canary regions? Thanks!

@norshtein
Copy link
Member Author

norshtein commented Oct 24, 2025

I requeued on in centraluseuap and succeeded: https://dev.azure.com/msazure/CloudNativeCompute/_build/results?buildId=141435004&view=results

FumingZhang
FumingZhang previously approved these changes Oct 27, 2025
View reviewed changes
@FumingZhang
Copy link
Member

FumingZhang commented Oct 27, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 27, 2025

Azure Pipelines successfully started running 2 pipeline(s).

@FumingZhang
Copy link
Member

FumingZhang commented Oct 28, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 28, 2025

Azure Pipelines successfully started running 2 pipeline(s).

@yanzhudd yanzhudd merged commit c989845 into Azure:main Oct 28, 2025
26 of 30 checks passed
FumingZhang pushed a commit to FumingZhang/azure-cli-extensions that referenced this pull request Oct 28, 2025
@norshtein @FumingZhang
[AKS] Support EntraID SSH (Azure#9329)
5c617c6
@norshtein norshtein deleted the tosi/aadssh branch November 6, 2025 11:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@yanzhudd yanzhudd yanzhudd approved these changes

@FumingZhang FumingZhang FumingZhang left review comments

@andyliuliming andyliuliming Awaiting requested review from andyliuliming andyliuliming is a code owner

@zhoxing-ms zhoxing-ms Awaiting requested review from zhoxing-ms

@yonzhan yonzhan Awaiting requested review from yonzhan

Assignees

@zhoxing-ms zhoxing-ms

@yanzhudd yanzhudd

Labels

AKS Auto-Assign Auto assign by bot

Projects

None yet

Milestone

November 2025 (2025-11-04)

Development

Successfully merging this pull request may close these issues.

5 participants

@norshtein @yonzhan @FumingZhang @yanzhudd @zhoxing-ms