Creating an Azure az cli extension for AKS Non Interactive Auth
Introduction
In the previous 4 part article series https://adrianhynes.medium.com/connecting-to-an-aks-cluster-non-interactivity-part-1-260c9451b6a7, we went through how Authentication and Authorization works in your AKS RBAC enabled cluster, as well as how you can Non Interactively connect to your AKS cluster.
We created a simple python script to show this Non Interactive Connection via code.
In this article, we want to explore how we can integrate our previous script into an az cli extension https://github.com/Azure/azure-cli-extensions/, so we can just call our non interactive code via an az cli call.
The Azure az CLI extension setup uses a Command Line Interface framework called knack https://github.com/microsoft/knack. Knack allows us to specify commands, arguments, factories, validators, help etc when creating a command line interface.
Once we extend from the Azure’s azCommandLoader, we get to inherit the az part of the command structure as well as global arguments such as subscription id, which may form part of our implementations.
Next we just need to create our Python Wheel project and add this through the az extension add.
Project Structure and Files
Let’s first create our required project structure. You can check out Microsoft’s real examples here for some help on your az cli extension journey: https://github.com/Azure/azure-cli-extensions/tree/master/src
We’ll first create our project name aksauth and we’ll import that directory into vscode.
setup.py will define our Python wheel project, it’s dependencies and it’s packages
setup.cfg will define our packaging format
Next we’ll create a directory called azext_aksauth to store our cli application package.
azext_aksauth/__init__.py Here is where we extend Azure’s az cli (AzCommandsLoader). We’ll load our own sub commands as well as the sub command’s arguments as well as the entry point to our command implementations.
azext_aksauth/_help.py — Allows us to provide help strings to each of our sub commands.
azext_aksauth/_validators.py — Allows us to validate arguments for our sub commands
azext_aksauth/custom.py — The implementation of our sub commands
For now that’s enough to get you started and integrate the code we wrote in the previous articles. I’d recommend you look at the documentation and check out some of Microsoft’s own examples for how you can structure your code for larger more complex projects.
Steps
I’ve pretty much lifted and shifted the code from our AKS Non Interactive Auth project in the previous series from here https://github.com/aido123/azaksauth to here https://github.com/aido123/aksauth/blob/master/azext_aksauth/custom.py.
- Clone down https://github.com/aido123/aksauth
- Create our python wheel
python setup.py bdist_wheel
3. Add our wheel distribution as an az extension
az extension add — source C:\Users\Adrian\aksauth\dist\aksauth-0.0.1-py2.py3-none-any.whl
4. Test it out against one of your AKS RBAC’s clusters
az aksauth connect --resource-group adrian-group --subscription xxxxxx–aaaa–bbbb-cccc–zzzzzzz --cluster-name adrian-cluster --tenant 00000000–2222–5555–9999-222222 --username clusteruser@mydmn.com --password “hard2Guess”