[NetAppFiles] Update to 2025-03-01

azure-pipelines.yml

@@ -813,6 +813,12 @@ jobs:
           artifact: rpm-ubi9-${{ arch.value }}
           python_package: python3.12
           pool: ${{ arch.pool }}
+        Red Hat Universal Base Image 10 ${{ arch.name }}:
+          dockerfile: ubi
+          image: registry.access.redhat.com/ubi10/ubi:10.0
+          artifact: rpm-ubi10-${{ arch.value }}
+          python_package: python3.12
+          pool: ${{ arch.pool }}
   steps:
   - bash: ./scripts/ci/install_docker.sh
     displayName: Install Docker
@@ -866,6 +872,14 @@ jobs:
           python_cmd: python3.12
           pip_cmd: pip3.12
           pool: ${{ arch.pool }}
+        Red Hat Universal Base Image 10 ${{ arch.name }}:
+          artifact: rpm-ubi10-${{ arch.value }}
+          distro: el10
+          image: registry.access.redhat.com/ubi10/ubi:10.0
+          python_package: python3.12
+          python_cmd: python3.12
+          pip_cmd: pip3.12
+          pool: ${{ arch.pool }}
   steps:
   - task: DownloadPipelineArtifact@1
     displayName: 'Download Metadata'

scripts/regression_test/extension_regression_test.yml

@@ -21,12 +21,7 @@ jobs:
       inputs:
         versionSpec: '3.12'
         displayName: "Use Python 3.12"
-    - task: AzureCLI@1
-      displayName: 'checkout branch'
-      inputs:
-        azureSubscription: $(AZURE_SDK_INFRA_SUB_CONNECTED_SERVICE)
-        scriptLocation: inlineScript
-        inlineScript: |
+    - bash: |
           set -ev
           pwd
           git clone https://github.com/Azure/azure-cli-extensions.git
@@ -39,6 +34,7 @@ jobs:
           git remote add azclibot https://azclibot:${GITHUB_TOKEN}@github.com/azclibot/azure-cli-extensions.git
           git checkout -b regression_test_$(Build.BuildId)
           git push --set-upstream azclibot regression_test_$(Build.BuildId)
+      displayName: 'checkout branch'
 
 - job: CLIExtensionRegressionTest
   displayName: CLI Extension Regression Test
@@ -78,12 +74,7 @@ jobs:
     inputs:
       versionSpec: '3.12'
       displayName: "Use Python 3.12"
-  - task: AzureCLI@1
-    displayName: 'checkout cli and extension repo'
-    inputs:
-      azureSubscription: $(AZURE_SDK_INFRA_SUB_CONNECTED_SERVICE)
-      scriptLocation: inlineScript
-      inlineScript: |
+  - bash: |
         set -ev
         pwd
         if [[ -n "$(CUSTOM_CLI_REPO)" && -n "$(CUSTOM_CLI_BRANCH)" ]]; then
@@ -103,21 +94,23 @@ jobs:
 
         git fetch azclibot
         git checkout -b regression_test_$(Build.BuildId) azclibot/regression_test_$(Build.BuildId)
+    displayName: 'checkout cli and extension repo'
   - template: ../../.azure-pipelines/templates/azdev_setup.yml
     parameters:
       CLIExtensionRepoPath: ./azure-cli-extensions
-  - task: AzureCLI@1
+  - task: AzureCLI@2
     displayName: 'Rerun tests'
     inputs:
-      azureSubscription: $(AZURE_SDK_TEST_SUB_CONNECTED_SERVICE)
+      connectedServiceNameARM: $(azure-cli-live-test-bami-connected-service)
+      scriptType: bash
       scriptLocation: inlineScript
       inlineScript: |
         set -ev
 
         source env/bin/activate
         cd azure-cli-extensions
 
-        az account set -s 0b1f6471-1bf0-4dda-aec3-cb9272f09590
+        az account set -s $(azure-cli-live-test-bami-sub-id)
 
         python ../scripts/ci/automation_full_test.py "12" "$(Instance_idx)" "latest" "" "True" "extension"
 
@@ -160,12 +153,7 @@ jobs:
   pool:
     name: ${{ variables.ubuntu_pool }}
   steps:
-    - task: AzureCLI@1
-      displayName: 'Result Summary'
-      inputs:
-        azureSubscription: $(AZURE_SDK_INFRA_SUB_CONNECTED_SERVICE)
-        scriptLocation: inlineScript
-        inlineScript: |
+    - bash: |
           set -ev
 
           # git config
@@ -207,3 +195,4 @@ jobs:
 
             sleep 5
           done
+      displayName: 'Result Summary'

scripts/regression_test/regression_test.yml

@@ -22,12 +22,7 @@ jobs:
       inputs:
         versionSpec: '3.12'
         displayName: "Use Python 3.12"
-    - task: AzureCLI@1
-      displayName: 'update version'
-      inputs:
-        azureSubscription: $(AZURE_SDK_INFRA_SUB_CONNECTED_SERVICE)
-        scriptLocation: inlineScript
-        inlineScript: |
+    - bash: |
           set -ev
 
           # git config
@@ -58,6 +53,7 @@ jobs:
           git add .
           git commit -m "update version"
           git push --set-upstream azclibot regression_test_$(Build.BuildId)
+      displayName: 'update version'
 
 - job: RerunTests
   displayName: CLI Regression tests
@@ -90,12 +86,7 @@ jobs:
       inputs:
         versionSpec: '3.12'
         displayName: "Use Python 3.12"
-    - task: AzureCLI@1
-      displayName: 'Checkout Target Branch'
-      inputs:
-        azureSubscription: $(AZURE_SDK_INFRA_SUB_CONNECTED_SERVICE)
-        scriptLocation: inlineScript
-        inlineScript: |
+    - bash: |
           set -ev
           # git config
           if [[ -n "$(CUSTOM_REPO)" && -n "$(CUSTOM_BRANCH)" && -n "$(CUSTOM_GITHUB_TOKEN)" ]]; then
@@ -113,11 +104,13 @@ jobs:
           git fetch ${GITHUB_REPO} ${GITHUB_BRANCH}
 
           git checkout -b ${GITHUB_BRANCH} ${GITHUB_REPO}/${GITHUB_BRANCH}
+      displayName: 'Checkout Target Branch'
     - template: ../../.azure-pipelines/templates/azdev_setup.yml
-    - task: AzureCLI@1
+    - task: AzureCLI@2
       displayName: 'Rerun tests'
       inputs:
-        azureSubscription: $(AZURE_SDK_TEST_SUB_CONNECTED_SERVICE)
+        connectedServiceNameARM: $(azure-cli-live-test-bami-connected-service)
+        scriptType: bash
         scriptLocation: inlineScript
         inlineScript: |
           set -ev
@@ -128,7 +121,7 @@ jobs:
             pip install $(CUSTOM_WHL_URL) --force-reinstall
           fi
 
-          az account set -s 0b1f6471-1bf0-4dda-aec3-cb9272f09590
+          az account set -s $(azure-cli-live-test-bami-sub-id)
 
           serial_modules="appservice botservice cloud network azure-cli-core azure-cli-telemetry"
           python scripts/ci/automation_full_test.py "8" "$(Instance_idx)" "latest" "$serial_modules" "True"
@@ -144,12 +137,7 @@ jobs:
   pool:
     name: ${{ variables.ubuntu_pool }}
   steps:
-    - task: AzureCLI@1
-      displayName: 'Create PR'
-      inputs:
-        azureSubscription: $(AZURE_SDK_INFRA_SUB_CONNECTED_SERVICE)
-        scriptLocation: inlineScript
-        inlineScript: |
+    - bash: |
           set -ev
           # git config
           if [[ -n "$(CUSTOM_REPO)" && -n "$(CUSTOM_BRANCH)" && -n "$(CUSTOM_GITHUB_TOKEN)" ]]; then

src/azure-cli-core/azure/cli/core/auth/msal_credentials.py

@@ -59,7 +59,8 @@ def acquire_token(self, scopes, claims_challenge=None, **kwargs):
         from azure.cli.core.azclierror import AuthenticationError
         try:
             # Check if an access token is returned.
-            check_result(result, scopes=scopes, claims_challenge=claims_challenge)
+            check_result(result, tenant=self._msal_app.authority.tenant, scopes=scopes,
+                         claims_challenge=claims_challenge)
         except AuthenticationError as ex:
             # For VM SSH ('data' is passed), if getting access token fails because
             # Conditional Access MFA step-up or compliance check is required, re-launch

src/azure-cli-core/azure/cli/core/auth/tests/test_util.py

@@ -54,9 +54,20 @@ def test_generate_login_command(self):
         # No parameter is given
         assert _generate_login_command() == 'az login'
 
-        # scopes
+        # tenant
+        actual = _generate_login_command(tenant='21987a97-4e85-47c5-9a13-9dc3e11b2a9a')
+        assert actual == 'az login --tenant "21987a97-4e85-47c5-9a13-9dc3e11b2a9a"'
+
+        # scope
         actual = _generate_login_command(scopes=["https://management.core.windows.net//.default"])
-        assert actual == 'az login --scope https://management.core.windows.net//.default'
+        assert actual == 'az login --scope "https://management.core.windows.net//.default"'
+
+        # tenant and scopes
+        actual = _generate_login_command(tenant='21987a97-4e85-47c5-9a13-9dc3e11b2a9a',
+                                         scopes=["https://management.core.windows.net//.default"])
+        assert actual == ('az login --tenant "21987a97-4e85-47c5-9a13-9dc3e11b2a9a" '
+                          '--scope "https://management.core.windows.net//.default"')
+
 
 
 if __name__ == '__main__':

src/azure-cli-core/azure/cli/core/auth/util.py

@@ -29,6 +29,8 @@ def aad_error_handler(error, **kwargs):
     # To trigger this function for testing, simply provide an invalid scope:
     # az account get-access-token --scope https://my-invalid-scope
 
+    logger.debug('MSAL error: %r', error)
+
     from azure.cli.core.util import in_cloud_console
     if in_cloud_console():
         import socket
@@ -43,22 +45,27 @@ def aad_error_handler(error, **kwargs):
         recommendation = PASSWORD_CERTIFICATE_WARNING
     else:
         login_command = _generate_login_command(**kwargs)
-        recommendation = (
-            # Cloud Shell uses IMDS-like interface for implicit login. If getting token/cert failed,
-            # we let the user explicitly log in to AAD with MSAL.
-            "Please explicitly log in with:\n{}" if error.get('error') == 'broker_error'
-            else "Interactive authentication is needed. Please run:\n{}").format(login_command)
+        recommendation = "Interactive authentication is needed. Please run:\n{}".format(login_command)
 
     from azure.cli.core.azclierror import AuthenticationError
     raise AuthenticationError(error_description, msal_error=error, recommendation=recommendation)
 
 
-def _generate_login_command(scopes=None, claims_challenge=None):
+def _generate_login_command(tenant=None, scopes=None, claims_challenge=None):
     login_command = ['az login']
 
-    # Rejected by Conditional Access policy, like MFA
+    # Rejected by Conditional Access policy, like MFA.
+    # MFA status is not shared between tenants. Specifying tenant triggers the MFA process for that tenant.
+    # Double quotes are not necessary, but we add them following the best practice to avoid shell interpretation.
+    if tenant:
+        login_command.extend(['--tenant', f'"{tenant}"'])
+
+    # Some scopes (such as Graph) may require MFA while ARM may not.
+    # Specifying scope triggers the MFA process for that scope.
     if scopes:
-        login_command.append('--scope {}'.format(' '.join(scopes)))
+        login_command.append('--scope')
+        for s in scopes:
+            login_command.append(f'"{s}"')
 
     # Rejected by CAE
     if claims_challenge:

src/azure-cli/azure/cli/command_modules/acs/_format.py

@@ -45,15 +45,36 @@ def aks_machine_list_table_format(results):
     return [aks_machine_show_table_format(r) for r in results]
 
 
-def aks_machine_show_table_format(result):
-    def parser(entry):
+def aks_machine_show_table_format(result: dict):
+    def parser(entry: dict):
         ip_addresses = ""
-        for k in entry["properties"]["network"]["ipAddresses"]:
-            ip_addresses += "ip:" + k["ip"] + "," + "family:" + k["family"] + ";"
+        zones = ""
+        if "zones" in entry and entry["zones"]:
+            zones_data = entry["zones"]
+            if isinstance(zones_data, list):
+                zones = ', '.join(part.strip() for part in zones_data if part and part.strip())
+            elif isinstance(zones_data, str):
+                zones = zones_data.strip()
+        # If no zones at top-level, check in properties
+        elif "properties" in entry and "zones" in entry["properties"] and entry["properties"]["zones"]:
+            zones_data = entry["properties"]["zones"]
+            if isinstance(zones_data, list):
+                zones = ', '.join(part.strip() for part in zones_data if part and part.strip())
+            elif isinstance(zones_data, str):
+                zones = zones_data.strip()
+        if "properties" in entry and isinstance(entry["properties"], dict):
+            if "network" in entry["properties"] and isinstance(entry["properties"]["network"], dict):
+                if ("ipAddresses" in entry["properties"]["network"] and
+                        isinstance(entry["properties"]["network"]["ipAddresses"], list)):
+                    for k in entry["properties"]["network"]["ipAddresses"]:
+                        if isinstance(k, dict) and "ip" in k and "family" in k:
+                            ip_addresses += f"ip:{k['ip']},family:{k['family']};"
         entry["ip"] = ip_addresses
+        entry["zones"] = zones
         parsed = compile_jmes("""{
                 name: name,
-                ip: ip
+                ip: ip,
+                zones: zones
             }""")
         return parsed.search(entry, Options(dict_cls=OrderedDict))
     return parser(result)

src/azure-cli/azure/cli/command_modules/acs/_help.py

@@ -263,8 +263,8 @@
     long-summary: To access nodes after creating a cluster with this option, use the Azure Portal.
   - name: --pod-cidr
     type: string
-    short-summary: A CIDR notation IP range from which to assign pod IPs when kubenet is used.
-    long-summary: This range must not overlap with any Subnet IP ranges. For example, 172.244.0.0/16.
+    short-summary: A CIDR notation IP range from which to assign pod IPs when Azure CNI Overlay or Kubenet is used (On 31 March 2028, Kubenet will be retired).
+    long-summary: This range must not overlap with any Subnet IP ranges. For example, 172.244.0.0/16. See https://aka.ms/aks/azure-cni-overlay
   - name: --message-of-the-day
     type: string
     short-summary: Path to a file containing the desired message of the day. Only valid for linux nodes. Will be written to /etc/motd.
@@ -278,8 +278,8 @@
     long-summary: Each range must not overlap with any Subnet IP ranges. For example, "10.0.0.0/16,2001:abcd::/108".
   - name: --pod-cidrs
     type: string
-    short-summary: A comma-separated list of CIDR notation IP ranges from which to assign pod IPs when kubenet is used.
-    long-summary: Each range must not overlap with any Subnet IP ranges. For example, "172.244.0.0/16,fd0:abcd::/64".
+    short-summary: A comma-separated list of CIDR notation IP ranges from which to assign pod IPs when Azure CNI Overlay or Kubenet is used (On 31 March 2028, Kubenet will be retired).
+    long-summary: Each range must not overlap with any Subnet IP ranges. For example, "172.244.0.0/16,fd0:abcd::/64". See https://aka.ms/aks/azure-cni-overlay
   - name: --ip-families
     type: string
     short-summary: A comma-separated list of IP versions to use for cluster networking.
@@ -2609,9 +2609,9 @@
        - name: --nodepool-name
          type: string
          short-summary: Name of the agentpool of a managed cluster
-   exmaples:
-       - name: Get information about IP Addresses, Hostname for all machines in an agentpool
-         text: az aks machine list --cluster-name <clusterName> --nodepool-name <apName>
+   examples:
+       - name: Get information about IP Addresses, Hostname, Availability Zones for all machines in an agentpool
+         text: az aks machine list  --resource-group <rg> --cluster-name <clusterName> --nodepool-name <apName>
 """
 helps['aks machine show'] = """
    type: command
@@ -2627,6 +2627,6 @@
          type: string
          short-summary: Name of the machine in the agentpool of a managed cluster
    exmaples:
-       - name: Get IP Addresses, Hostname for a specific machine in an agentpool
-         text: az aks machine show --cluster-name <clusterName> --nodepool-name <apName> --machine-name <machineName>
+       - name: Get IP Addresses, Hostname, Availability Zones for a specific machine in an agentpool
+         text: az aks machine show --resource-group <rg> --cluster-name <clusterName> --nodepool-name <apName> --machine-name <machineName>
 """