Update aro module and bump to 2025_07_25

* changes are identical to the downstream with the exception of
* rp_mode_development functionality which is removed, and preview
* extension metadata which is also removed.

Author: cadenmarchese

src/azure-cli/azure/cli/command_modules/aro/__init__.py

@@ -3,36 +3,35 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
+from azure.cli.command_modules.aro._client_factory import cf_aro
 from azure.cli.command_modules.aro._params import load_arguments
 from azure.cli.command_modules.aro.commands import load_command_table
-from azure.cli.core import AzCommandsLoader, ModExtensionSuppress
+from azure.cli.core import (
+    AzCommandsLoader,
+    ModExtensionSuppress
+)
 from azure.cli.core.commands import CliCommandType
-from azure.cli.core.profiles import ResourceType
-from azure.cli.command_modules.aro._client_factory import cf_aro  # pylint: disable=unused-import
+from azure.cli.core.aaz import load_aaz_command_table
 from azure.cli.command_modules.aro._help import helps  # pylint: disable=unused-import
+try:
+    from . import aaz
+except ImportError:
+    aaz = None
 
 
 class AroCommandsLoader(AzCommandsLoader):
-
     def __init__(self, cli_ctx=None):
         aro_custom = CliCommandType(
             operations_tmpl='azure.cli.command_modules.aro.custom#{}',
             client_factory=cf_aro)
-
         suppress = ModExtensionSuppress(__name__, 'aro', '1.0.0',
                                         reason='Its functionality is included in the core az CLI.',
                                         recommend_remove=True)
         super().__init__(cli_ctx=cli_ctx,
                          suppress_extension=suppress,
-                         custom_command_type=aro_custom,
-                         resource_type=ResourceType.MGMT_ARO)
+                         custom_command_type=aro_custom)
 
     def load_command_table(self, args):
-        from azure.cli.core.aaz import load_aaz_command_table
-        try:
-            from . import aaz
-        except ImportError:
-            aaz = None
         if aaz:
             load_aaz_command_table(
                 loader=self,

src/azure-cli/azure/cli/command_modules/aro/_aad.py

@@ -5,8 +5,10 @@
 
 import time
 
-from azure.cli.command_modules.role import graph_client_factory
-from azure.cli.command_modules.role import GraphError
+from azure.cli.command_modules.role import (
+    graph_client_factory,
+    GraphError
+)
 
 from knack.log import get_logger
 

src/azure-cli/azure/cli/command_modules/aro/_actions.py

@@ -0,0 +1,28 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+import argparse
+
+from azure.mgmt.redhatopenshift.models import PlatformWorkloadIdentity
+from azure.cli.core.azclierror import CLIError
+
+
+# pylint:disable=protected-access
+# pylint:disable=too-few-public-methods
+class AROPlatformWorkloadIdentityAddAction(argparse._AppendAction):
+
+    def __call__(self, parser, namespace, values, option_string=None):
+        try:
+            if len(values) != 2:
+                msg = f"{option_string} requires 2 values in format: `OPERATOR_NAME RESOURCE_ID`"
+                raise argparse.ArgumentError(self, msg)
+
+            operator_name, resource_id = values
+            parsed = (operator_name, PlatformWorkloadIdentity(resource_id=resource_id))
+
+            super().__call__(parser, namespace, parsed, option_string)
+
+        except ValueError as e:
+            raise CLIError(f"usage error: {option_string} NAME ID") from e

src/azure-cli/azure/cli/command_modules/aro/_client_factory.py

@@ -3,9 +3,8 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
-
-from azure.cli.core.commands.client_factory import get_mgmt_service_client
 from azure.mgmt.redhatopenshift import AzureRedHatOpenShiftClient
+from azure.cli.core.commands.client_factory import get_mgmt_service_client
 
 
 def cf_aro(cli_ctx, *_):

src/azure-cli/azure/cli/command_modules/aro/_dynamic_validators.py

@@ -1,25 +1,26 @@
-# --------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for license information.
-# --------------------------------------------------------------------------------------------
-
+# Copyright (c) Microsoft Corporation.
+# Licensed under the Apache License 2.0.
 
+import collections
 import ipaddress
 import re
 from itertools import tee
 
-from azure.cli.command_modules.aro._validators import validate_vnet, validate_cidr
-from azure.cli.command_modules.aro._rbac import has_role_assignment_on_resource
-from azure.cli.command_modules.aro.aaz.latest.network.vnet.subnet import Show as subnet_show
-from azure.cli.command_modules.aro.aaz.latest.network.vnet import Show as vnet_show
 from azure.cli.core.commands.client_factory import get_mgmt_service_client
 from azure.cli.core.commands.validators import get_default_location_from_resource_group
 from azure.cli.core.profiles import ResourceType
-from azure.cli.core.azclierror import CLIInternalError, InvalidArgumentValueError, \
+from azure.cli.core.azclierror import (
+    CLIInternalError,
+    InvalidArgumentValueError,
     RequiredArgumentMissingError
-from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
+)
+from azure.core.exceptions import HttpResponseError, ResourceNotFoundError
 from azure.mgmt.core.tools import is_valid_resource_id, parse_resource_id
 from knack.log import get_logger
+from azure.cli.command_modules.aro._validators import validate_vnet, validate_cidr
+from azure.cli.command_modules.aro._rbac import has_role_assignment_on_resource
+from azure.cli.command_modules.aro.aaz.latest.network.vnet.subnet import Show as subnet_show
+from azure.cli.command_modules.aro.aaz.latest.network.vnet import Show as vnet_show
 import azure.cli.command_modules.aro.custom
 
 
@@ -289,15 +290,15 @@ def _validate_cidr_ranges(cmd, namespace):
     return _validate_cidr_ranges
 
 
-def dyn_validate_resource_permissions(service_principle_ids, resources):
+def dyn_validate_resource_permissions(service_principal_ids, resources):
     prog = get_progress_tracker("Validating resource permissions")
 
     @prog
     def _validate_resource_permissions(cmd,
                                        _namespace):
         errors = []
 
-        for sp_id in service_principle_ids:
+        for sp_id in service_principal_ids:
             for role in sorted(resources):
                 for resource in resources[role]:
                     try:
@@ -331,7 +332,7 @@ def _validate_version(cmd,
         if namespace.location is None:
             get_default_location_from_resource_group(cmd, namespace)
 
-        versions = azure.cli.command_modules.aro.custom.aro_get_versions(namespace.client, namespace.location)
+        versions = azext_aro.custom.aro_get_versions(namespace.client, namespace.location)
 
         found = False
         for version in versions:
@@ -351,15 +352,47 @@ def _validate_version(cmd,
 
 def validate_cluster_create(version,
                             resources,
-                            service_principle_ids):
+                            service_principal_ids):
     error_object = []
 
     error_object.append(dyn_validate_vnet("vnet"))
     error_object.append(dyn_validate_subnet_and_route_tables("master_subnet"))
     error_object.append(dyn_validate_subnet_and_route_tables("worker_subnet"))
     error_object.append(dyn_validate_cidr_ranges())
-    error_object.append(dyn_validate_resource_permissions(service_principle_ids, resources))
+    error_object.append(dyn_validate_resource_permissions(service_principal_ids, resources))
     if version is not None:
         error_object.append(dyn_validate_version())
 
     return error_object
+
+
+def dyn_validate_managed_identity_delete_permissions():
+    prog = get_progress_tracker("Validating Managed Identity Delete Permissions")
+
+    @prog
+    def _validate_managed_identity_delete_permissions(cmd, namespace):
+        errors = []
+        managed_identities = namespace.managed_identities
+
+        for mi in managed_identities:
+            parts, auth_client = get_clients(mi, cmd)
+            validation_errors = validate_resource(auth_client, "Managed Identity", parts, [
+                "Microsoft.ManagedIdentity/userAssignedIdentities/delete"
+            ])
+            for error in validation_errors:
+                errors.append(f"{error[3]} over {mi}")
+
+        return errors
+
+    return _validate_managed_identity_delete_permissions
+
+
+def validate_cluster_delete(cmd, delete_identities, managed_identities):
+    errors = []
+
+    if delete_identities:
+        namespace = collections.namedtuple("Namespace", ["managed_identities"])(managed_identities)
+        validate_managed_identity_delete = dyn_validate_managed_identity_delete_permissions()
+        errors.extend(validate_managed_identity_delete(cmd, namespace))
+
+    return errors

src/azure-cli/azure/cli/command_modules/aro/_format.py

@@ -1,7 +1,5 @@
-# --------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for license information.
-# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the Apache License 2.0.
 
 import collections
 

src/azure-cli/azure/cli/command_modules/aro/_help.py

@@ -1,7 +1,5 @@
-# --------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for license information.
-# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the Apache License 2.0.
 
 from knack.help_files import helps