fix nil exception

Signed-off-by: Ashutosh Kumar <[email protected]>
kubernetes-sigs · Mar 24, 2022 · b9fcc7f · b9fcc7f
1 parent 2488e92
commit b9fcc7f
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 5 deletions.
diff --git a/azure/scope/machine.go b/azure/scope/machine.go
@@ -291,7 +291,7 @@ func (m *MachineScope) DiskSpecs() []azure.ResourceSpecGetter {
 // RoleAssignmentSpecs returns the role assignment specs.
 func (m *MachineScope) RoleAssignmentSpecs(principalID *string) []azure.ResourceSpecGetter {
 	roles := make([]azure.ResourceSpecGetter, 1)
-	if m.AzureMachine.Spec.Identity == infrav1.VMIdentitySystemAssigned {
+	if m.HasSystemAssignedIdentity() {
 		roles[0] = &roleassignments.RoleAssignmentSpec{
 			Name:             m.AzureMachine.Spec.RoleAssignmentName,
 			MachineName:      m.Name(),
@@ -311,6 +311,12 @@ func (m *MachineScope) RoleAssignmentResourceType() string {
 	return azure.VirtualMachine
 }
 
+// HasSystemAssignedIdentity returns true if the azure machine has
+// system assigned identity.
+func (m *MachineScope) HasSystemAssignedIdentity() bool {
+	return m.AzureMachine.Spec.Identity == infrav1.VMIdentitySystemAssigned
+}
+
 // VMExtensionSpecs returns the vm extension specs.
 func (m *MachineScope) VMExtensionSpecs() []azure.ExtensionSpec {
 	var extensionSpecs = []azure.ExtensionSpec{}

diff --git a/azure/scope/machinepool.go b/azure/scope/machinepool.go
@@ -572,7 +572,7 @@ func (m *MachinePoolScope) SaveVMImageToStatus(image *infrav1.Image) {
 // RoleAssignmentSpecs returns the role assignment specs.
 func (m *MachinePoolScope) RoleAssignmentSpecs(principalID *string) []azure.ResourceSpecGetter {
 	roles := make([]azure.ResourceSpecGetter, 1)
-	if m.AzureMachinePool.Spec.Identity == infrav1.VMIdentitySystemAssigned {
+	if m.HasSystemAssignedIdentity() {
 		roles[0] = &roleassignments.RoleAssignmentSpec{
 			Name:          m.AzureMachinePool.Spec.RoleAssignmentName,
 			MachineName:   m.Name(),
@@ -590,6 +590,12 @@ func (m *MachinePoolScope) RoleAssignmentResourceType() string {
 	return azure.VirtualMachineScaleSet
 }
 
+// HasSystemAssignedIdentity returns true if the azure machine pool has system
+// assigned identity.
+func (m *MachinePoolScope) HasSystemAssignedIdentity() bool {
+	return m.AzureMachinePool.Spec.Identity == infrav1.VMIdentitySystemAssigned
+}
+
 // VMSSExtensionSpecs returns the vmss extension specs.
 func (m *MachinePoolScope) VMSSExtensionSpecs() []azure.ExtensionSpec {
 	var extensionSpecs = []azure.ExtensionSpec{}

diff --git a/azure/services/roleassignments/mock_roleassignments/roleassignments_mock.go b/azure/services/roleassignments/mock_roleassignments/roleassignments_mock.go
diff --git a/azure/services/roleassignments/roleassignments.go b/azure/services/roleassignments/roleassignments.go
@@ -36,6 +36,7 @@ type RoleAssignmentScope interface {
 	azure.AsyncStatusUpdater
 	azure.Authorizer
 	RoleAssignmentSpecs(principalID *string) []azure.ResourceSpecGetter
+	HasSystemAssignedIdentity() bool
 	RoleAssignmentResourceType() string
 	Name() string
 	ResourceGroup() string
@@ -73,6 +74,13 @@ func (s *Service) Reconcile(ctx context.Context) error {
 	defer cancel()
 	log.V(2).Info("reconciling role assignment")
 
+	// Return early if the identity is not system assigned as there will be no
+	// role assignment spec in this case.
+	if !s.Scope.HasSystemAssignedIdentity() {
+		log.V(2).Info("no role assignment spec to reconcile")
+		return nil
+	}
+
 	var principalID *string
 	resourceType := s.Scope.RoleAssignmentResourceType()
 	switch resourceType {

diff --git a/azure/services/roleassignments/roleassignments_test.go b/azure/services/roleassignments/roleassignments_test.go
@@ -52,7 +52,9 @@ var (
 		ResourceGroup: "my-rg",
 		ResourceType:  azure.VirtualMachineScaleSet,
 	}
-	fakeRoleAssignmentSpecs = []azure.ResourceSpecGetter{&fakeRoleAssignment1, &fakeRoleAssignment2}
+
+	emptyRoleAssignmentSpec = RoleAssignmentSpec{}
+	fakeRoleAssignmentSpecs = []azure.ResourceSpecGetter{&fakeRoleAssignment1, &fakeRoleAssignment2, &emptyRoleAssignmentSpec}
 )
 
 func TestReconcileRoleAssignmentsVM(t *testing.T) {
@@ -71,8 +73,9 @@ func TestReconcileRoleAssignmentsVM(t *testing.T) {
 				s.SubscriptionID().AnyTimes().Return("12345")
 				s.ResourceGroup().Return("my-rg")
 				s.Name().Return(fakeRoleAssignment1.MachineName)
+				s.HasSystemAssignedIdentity().Return(true)
 				s.RoleAssignmentResourceType().Return("VirtualMachine")
-				s.RoleAssignmentSpecs(&fakePrincipalID).AnyTimes().Return(fakeRoleAssignmentSpecs[:1])
+				s.RoleAssignmentSpecs(&fakePrincipalID).Return(fakeRoleAssignmentSpecs[:1])
 				m.Get(gomockinternal.AContext(), &fakeVMSpec).Return(compute.VirtualMachine{
 					Identity: &compute.VirtualMachineIdentity{
 						PrincipalID: &fakePrincipalID,
@@ -90,8 +93,8 @@ func TestReconcileRoleAssignmentsVM(t *testing.T) {
 				s.SubscriptionID().AnyTimes().Return("12345")
 				s.ResourceGroup().Return("my-rg")
 				s.Name().Return(fakeRoleAssignment1.MachineName)
+				s.HasSystemAssignedIdentity().Return(true)
 				s.RoleAssignmentResourceType().Return("VirtualMachine")
-				s.RoleAssignmentSpecs(&fakePrincipalID).AnyTimes().Return(fakeRoleAssignmentSpecs[:1])
 				m.Get(gomockinternal.AContext(), &fakeVMSpec).Return(compute.VirtualMachine{}, autorest.NewErrorWithResponse("", "", &http.Response{StatusCode: 500}, "Internal Server Error"))
 			},
 		},
@@ -105,6 +108,7 @@ func TestReconcileRoleAssignmentsVM(t *testing.T) {
 				s.ResourceGroup().Return("my-rg")
 				s.Name().Return(fakeRoleAssignment1.MachineName)
 				s.RoleAssignmentResourceType().Return("VirtualMachine")
+				s.HasSystemAssignedIdentity().Return(true)
 				s.RoleAssignmentSpecs(&fakePrincipalID).Return(fakeRoleAssignmentSpecs[0:1])
 				m.Get(gomockinternal.AContext(), &fakeVMSpec).Return(compute.VirtualMachine{
 					Identity: &compute.VirtualMachineIdentity{
@@ -160,6 +164,7 @@ func TestReconcileRoleAssignmentsVMSS(t *testing.T) {
 			expect: func(s *mock_roleassignments.MockRoleAssignmentScopeMockRecorder,
 				r *mock_async.MockReconcilerMockRecorder,
 				mvmss *mock_scalesets.MockClientMockRecorder) {
+				s.HasSystemAssignedIdentity().Return(true)
 				s.RoleAssignmentSpecs(&fakePrincipalID).Return(fakeRoleAssignmentSpecs[1:2])
 				s.RoleAssignmentResourceType().Return(azure.VirtualMachineScaleSet)
 				s.ResourceGroup().Return("my-rg")
@@ -181,6 +186,7 @@ func TestReconcileRoleAssignmentsVMSS(t *testing.T) {
 				s.RoleAssignmentResourceType().Return(azure.VirtualMachineScaleSet)
 				s.ResourceGroup().Return("my-rg")
 				s.Name().Return("test-vmss")
+				s.HasSystemAssignedIdentity().Return(true)
 				mvmss.Get(gomockinternal.AContext(), "my-rg", "test-vmss").Return(compute.VirtualMachineScaleSet{},
 					autorest.NewErrorWithResponse("", "", &http.Response{StatusCode: 500}, "Internal Server Error"))
 			},
@@ -191,6 +197,7 @@ func TestReconcileRoleAssignmentsVMSS(t *testing.T) {
 			expect: func(s *mock_roleassignments.MockRoleAssignmentScopeMockRecorder,
 				r *mock_async.MockReconcilerMockRecorder,
 				mvmss *mock_scalesets.MockClientMockRecorder) {
+				s.HasSystemAssignedIdentity().Return(true)
 				s.RoleAssignmentSpecs(&fakePrincipalID).Return(fakeRoleAssignmentSpecs[1:2])
 				s.RoleAssignmentResourceType().Return(azure.VirtualMachineScaleSet)
 				s.ResourceGroup().Return("my-rg")