From 5a7e64150ac232a0de17c047bfd4b622b89e4c4e Mon Sep 17 00:00:00 2001 From: tschneid Date: Thu, 13 Jul 2023 14:38:32 -0500 Subject: [PATCH] validate effectiveOutboundIps --- .../openshiftcluster_validatestatic.go | 9 ++++++-- .../openshiftcluster_validatestatic_test.go | 21 ++++++++++++++++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/pkg/api/v20230701preview/openshiftcluster_validatestatic.go b/pkg/api/v20230701preview/openshiftcluster_validatestatic.go index 2fa61b7816e..ac51152e972 100644 --- a/pkg/api/v20230701preview/openshiftcluster_validatestatic.go +++ b/pkg/api/v20230701preview/openshiftcluster_validatestatic.go @@ -98,7 +98,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile, p.APIServerProfile.Visibility, p.IngressProfiles[0].Visibility); err != nil { return err } - if err := sv.validateLoadBalancerProfile(path+".networkProfile.loadBalancerProfile", p.NetworkProfile.LoadbalancerProfile); err != nil { + if err := sv.validateLoadBalancerProfile(path+".networkProfile.loadBalancerProfile", p.NetworkProfile.LoadbalancerProfile, isCreate); err != nil { return err } if err := sv.validateMasterProfile(path+".masterProfile", &p.MasterProfile); err != nil { @@ -239,7 +239,7 @@ func (sv openShiftClusterStaticValidator) validateNetworkProfile(path string, np return nil } -func (sv openShiftClusterStaticValidator) validateLoadBalancerProfile(path string, lbp *LoadbalancerProfile) error { +func (sv openShiftClusterStaticValidator) validateLoadBalancerProfile(path string, lbp *LoadbalancerProfile, isCreate bool) error { if lbp != nil { var isManagedOutboundIPCount = lbp.ManagedOutboundIPs != nil var isOutboundIPs = lbp.OutboundIPs != nil @@ -263,6 +263,11 @@ func (sv openShiftClusterStaticValidator) validateLoadBalancerProfile(path strin return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".allocatedOutboundPorts", "The field allocatedOutboundPorts is not implemented at this time, please check back later.") } + // Prevents EffectiveOutboundIPs from being set during create, + // during update validateDelta will prevent the field from being changed. + if lbp.EffectiveOutboundIPs != nil && isCreate { + return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".effectiveOutboundIps", "The field effectiveOutboundIps is read only.") + } } return nil } diff --git a/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go b/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go index 9ef7fb5f079..504cf3b56b2 100644 --- a/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go @@ -668,6 +668,25 @@ func TestOpenShiftClusterStaticValidateLoadBalancerProfile(t *testing.T) { }, } + createTests := []*validateTest{ + { + name: "LoadbalancerProfile.EffectiveOutboundIPs is read only", + current: func(oc *OpenShiftCluster) { + oc.Properties.NetworkProfile.LoadbalancerProfile = &LoadbalancerProfile{ + ManagedOutboundIPs: &ManagedOutboundIPs{ + Count: 1, + }, + EffectiveOutboundIPs: []EffectiveOutboundIP{ + { + ID: "someId", + }, + }, + } + }, + wantErr: "400: InvalidParameter: properties.networkProfile.loadBalancerProfile.effectiveOutboundIps: The field effectiveOutboundIps is read only.", + }, + } + runTests(t, testModeCreate, createTests) runTests(t, testModeCreate, tests) runTests(t, testModeUpdate, tests) } @@ -1156,7 +1175,7 @@ func TestOpenShiftClusterStaticValidateDelta(t *testing.T) { }, } }, - wantErr: "400: PropertyChangeNotAllowed: properties.networkProfile.loadBalancerProfile.effectiveOutboundIps: Changing property 'properties.networkProfile.loadBalancerProfile.effectiveOutboundIps' is not allowed.", + wantErr: "400: PropertyChangeNotAllowed: properties.networkProfile.loadBalancerProfile.effectiveOutboundIps[0].id: Changing property 'properties.networkProfile.loadBalancerProfile.effectiveOutboundIps[0].id' is not allowed.", }, }