Add client side parameter validation logic. (#12905)

wyunchi-ms · web-flow · commit c27f45ac103b · 2020-09-11T14:17:09.000+08:00
Co-authored-by: wyunchi-ms &lt;yunwang@microsoft.com&gt;
diff --git a/src/Aks/Aks/ChangeLog.md b/src/Aks/Aks/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Added client side parameter validation logic for `New-AzAksCluster`, `Set-AzAksCluster` and `New-AzAksNodePool`.
 * Added parameter `GenerateSshKey` for `New-AzAksCluster`.
 * Updated api version to 2020-06-01.
 
diff --git a/src/Aks/Aks/Commands/CreateOrUpdateKubeBase.cs b/src/Aks/Aks/Commands/CreateOrUpdateKubeBase.cs
@@ -83,7 +83,7 @@ public abstract class CreateOrUpdateKubeBase : KubeCmdletBase
         [Alias("AdminUserName")]
         public string LinuxProfileAdminUserName { get; set; } = "azureuser";
 
-        [Parameter(Mandatory = false, HelpMessage = "The DNS name prefix for the cluster.")]
+        [Parameter(Mandatory = false, HelpMessage = "The DNS name prefix for the cluster. The length must be <= 9 if users plan to add windows container.")]
         public string DnsNamePrefix { get; set; }
 
         [Parameter(Mandatory = false, HelpMessage = "The version of Kubernetes to use for creating the cluster.")]
diff --git a/src/Aks/Aks/Commands/NewAzureRmAks.cs b/src/Aks/Aks/Commands/NewAzureRmAks.cs
@@ -85,7 +85,26 @@ private void PreValidate()
 
             if (this.IsParameterBound(c => c.GenerateSshKey) && this.IsParameterBound(c => c.SshKeyValue))
             {
-                throw new ArgumentException(string.Format(Resources.DonotUseGenerateSshKeyWithSshKeyValue));
+                throw new ArgumentException(Resources.DonotUseGenerateSshKeyWithSshKeyValue);
+            }
+
+            if ((this.IsParameterBound(c => c.WindowsProfileAdminUserName) && !this.IsParameterBound(c => c.WindowsProfileAdminUserPassword)) ||
+                (!this.IsParameterBound(c => c.WindowsProfileAdminUserName) && this.IsParameterBound(c => c.WindowsProfileAdminUserPassword)))
+            {
+                throw new ArgumentException(Resources.WindowsUserNameAndPasswordShouldAppearTogether);
+            }
+
+            if (this.IsParameterBound(c => c.WindowsProfileAdminUserName))
+            {
+                if (!string.Equals(this.NetworkPlugin, "azure"))
+                {
+                    throw new ArgumentException(Resources.NetworkPluginShouldBeAzure);
+                }
+            }
+            if (string.Equals(this.NodeOsType, "Windows"))
+            {
+                if (NodeName?.Length > 6)
+                    throw new PSInvalidOperationException(Resources.WindowsNodePoolNameLengthLimitation);
             }
         }
 
diff --git a/src/Aks/Aks/Commands/NewKubeBase.cs b/src/Aks/Aks/Commands/NewKubeBase.cs
@@ -17,6 +17,7 @@
 using System.Management.Automation;
 using System.Security;
 using Microsoft.Azure.Commands.Aks.Properties;
+using Microsoft.Azure.Commands.Aks.Utils;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
 using Microsoft.Azure.Management.ContainerService.Models;
@@ -97,6 +98,7 @@ public abstract class NewKubeBase : CreateOrUpdateKubeBase
 
         [Parameter(Mandatory = false, HelpMessage = "The administrator password to use for Windows VMs. Password requirement:"
           + "At least one lower case, one upper case, one special character !@#$%^&*(), the minimum lenth is 12.")]
+        [ValidateSecureString(RegularExpression = "^(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%\\^&\\*\\(\\)])[a-zA-Z\\d!@#$%\\^&\\*\\(\\)]{12,123}$")]
         public SecureString WindowsProfileAdminUserPassword { get; set; }
 
         [CmdletParameterBreakingChange("NetworkPlugin", ChangeDescription = "Default value will be changed from None to azure.")]
diff --git a/src/Aks/Aks/Properties/Resources.Designer.cs b/src/Aks/Aks/Properties/Resources.Designer.cs
diff --git a/src/Aks/Aks/Properties/Resources.resx b/src/Aks/Aks/Properties/Resources.resx
@@ -381,4 +381,13 @@
   <data name="UpdatingNodePoolMode" xml:space="preserve">
     <value>Updating NodePoolMode.</value>
   </data>
+  <data name="SecureStringNotValid" xml:space="preserve">
+    <value>Plain text of SecureString should match the patten {0}.</value>
+  </data>
+  <data name="WindowsUserNameAndPasswordShouldAppearTogether" xml:space="preserve">
+    <value>WindowsProfileAdminUser and WindowsProfileAdminUserPassword must appear together.</value>
+  </data>
+  <data name="NetworkPluginShouldBeAzure" xml:space="preserve">
+    <value>NetworkPlugin must be azure if you want to use Windows.</value>
+  </data>
 </root>
diff --git a/src/Aks/Aks/Utils/ValidateSecureString.cs b/src/Aks/Aks/Utils/ValidateSecureString.cs
@@ -0,0 +1,42 @@
+﻿// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+
+using Microsoft.Azure.Commands.Aks.Properties;
+using Microsoft.WindowsAzure.Commands.Common;
+
+using System;
+using System.Management.Automation;
+using System.Runtime.InteropServices;
+using System.Security;
+using System.Text.RegularExpressions;
+
+namespace Microsoft.Azure.Commands.Aks.Utils
+{
+    public sealed class ValidateSecureString: ValidateEnumeratedArgumentsAttribute
+    {
+        public string RegularExpression { get; set; }
+
+        protected override void ValidateElement(object element)
+        {
+            SecureString secureString = element as SecureString;
+            string content = secureString.ConvertToString();
+            Regex regex = new Regex(RegularExpression);
+            if (!regex.IsMatch(content))
+            {
+                throw new ArgumentException(string.Format(Resources.SecureStringNotValid, RegularExpression));
+            }
+        }
+    }
+}
diff --git a/src/Aks/Aks/help/New-AzAksCluster.md b/src/Aks/Aks/help/New-AzAksCluster.md
@@ -13,15 +13,15 @@ Create a new managed Kubernetes cluster.
 ## SYNTAX
 
 ```
-New-AzAksCluster [-Force] [-NodeVmSetType <String>] [-NodeVnetSubnetID <String>] [-NodeMaxPodCount <Int32>]
- [-NodeOsType <String>] [-NodeSetPriority <String>] [-NodePoolMode <String>]
+New-AzAksCluster [-Force] [-GenerateSshKey] [-NodeVmSetType <String>] [-NodeVnetSubnetID <String>]
+ [-NodeMaxPodCount <Int32>] [-NodeOsType <String>] [-NodeSetPriority <String>] [-NodePoolMode <String>]
  [-NodeScaleSetEvictionPolicy <String>] [-AcrNameToAttach <String>] [-EnableRbac]
  [-WindowsProfileAdminUserName <String>] [-WindowsProfileAdminUserPassword <SecureString>]
  [-NetworkPlugin <String>] [-LoadBalancerSku <String>] [-ResourceGroupName] <String> [-Name] <String>
  [[-ServicePrincipalIdAndSecret] <PSCredential>] [-Location <String>] [-LinuxProfileAdminUserName <String>]
  [-DnsNamePrefix <String>] [-KubernetesVersion <String>] [-NodeName <String>] [-NodeMinCount <Int32>]
  [-NodeMaxCount <Int32>] [-EnableNodeAutoScaling] [-NodeCount <Int32>] [-NodeOsDiskSize <Int32>]
- [-NodeVmSize <String>] [-SshKeyValue <String>] [-GenerateSshKey] [-AsJob] [-Tag <Hashtable>]
+ [-NodeVmSize <String>] [-SshKeyValue <String>] [-AsJob] [-Tag <Hashtable>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -95,7 +95,7 @@ Accept wildcard characters: False
 ```
 
 ### -DnsNamePrefix
-The DNS name prefix for the cluster.
+The DNS name prefix for the cluster. The length must be <= 9 if users plan to add windows container.
 
 ```yaml
 Type: System.String
