validate effectiveOutboundIps

Azure · Jul 13, 2023 · 721da31 · 721da31
1 parent 35d25b2
commit 721da31
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/pkg/api/v20230701preview/openshiftcluster_validatestatic.go b/pkg/api/v20230701preview/openshiftcluster_validatestatic.go
@@ -98,7 +98,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope
 	if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile, p.APIServerProfile.Visibility, p.IngressProfiles[0].Visibility); err != nil {
 		return err
 	}
-	if err := sv.validateLoadBalancerProfile(path+".networkProfile.loadBalancerProfile", p.NetworkProfile.LoadbalancerProfile); err != nil {
+	if err := sv.validateLoadBalancerProfile(path+".networkProfile.loadBalancerProfile", p.NetworkProfile.LoadbalancerProfile, isCreate); err != nil {
 		return err
 	}
 	if err := sv.validateMasterProfile(path+".masterProfile", &p.MasterProfile); err != nil {
@@ -239,7 +239,7 @@ func (sv openShiftClusterStaticValidator) validateNetworkProfile(path string, np
 	return nil
 }
 
-func (sv openShiftClusterStaticValidator) validateLoadBalancerProfile(path string, lbp *LoadbalancerProfile) error {
+func (sv openShiftClusterStaticValidator) validateLoadBalancerProfile(path string, lbp *LoadbalancerProfile, isCreate bool) error {
 	if lbp != nil {
 		var isManagedOutboundIPCount = lbp.ManagedOutboundIPs != nil
 		var isOutboundIPs = lbp.OutboundIPs != nil
@@ -261,6 +261,10 @@ func (sv openShiftClusterStaticValidator) validateLoadBalancerProfile(path strin
 			return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".allocatedOutboundPorts", "The field allocatedOutboundPorts is not implemented at this time, please check back later.")
 		}
 
+		// prevent specifying this field during creation, field is immutable afterwards.
+		if lbp.EffectiveOutboundIPs != nil && isCreate {
+			return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".effectiveOutboundIps", "The field effectiveOutboundIps is read only.")
+		}
 	}
 	return nil
 }

diff --git a/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go b/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go
@@ -657,6 +657,25 @@ func TestOpenShiftClusterStaticValidateLoadBalancerProfile(t *testing.T) {
 		},
 	}
 
+	createTests := []*validateTest{
+		{
+			name: "LoadBalancerProfile.EffectiveOutboundIPs read only",
+			current: func(oc *OpenShiftCluster) {
+				oc.Properties.NetworkProfile.LoadbalancerProfile = &LoadbalancerProfile{
+					ManagedOutboundIPs: &ManagedOutboundIPs{
+						Count: 1,
+					},
+					EffectiveOutboundIPs: []EffectiveOutboundIP{
+						{
+							ID: "someId",
+						},
+					},
+				}
+			},
+			wantErr: "400: InvalidParameter: properties.networkProfile.loadBalancerProfile.effectiveOutboundIps: The field effectiveOutboundIps is read only.",
+		},
+	}
+	runTests(t, testModeCreate, createTests)
 	runTests(t, testModeCreate, tests)
 	runTests(t, testModeUpdate, tests)
 }
@@ -1145,7 +1164,7 @@ func TestOpenShiftClusterStaticValidateDelta(t *testing.T) {
 					},
 				}
 			},
-			wantErr: "400: PropertyChangeNotAllowed: properties.networkProfile.loadBalancerProfile.effectiveOutboundIps: Changing property 'properties.networkProfile.loadBalancerProfile.effectiveOutboundIps' is not allowed.",
+			wantErr: "400: PropertyChangeNotAllowed: properties.networkProfile.loadBalancerProfile.effectiveOutboundIps[0].id: Changing property 'properties.networkProfile.loadBalancerProfile.effectiveOutboundIps[0].id' is not allowed.",
 		},
 	}