Merge pull request #4015 from k8s-infra-cherrypick-robot/cherry-pick-…

…4014-to-release-1.11

[release-1.11] fix privateendpoints panic and diff

azure/services/privateendpoints/spec.go

@@ -84,21 +84,17 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface
 		},
 	}
 
-	if s.CustomNetworkInterfaceName != "" {
-		privateEndpointProperties.CustomNetworkInterfaceName = ptr.To(s.CustomNetworkInterfaceName)
-	}
+	privateEndpointProperties.CustomNetworkInterfaceName = ptr.To(s.CustomNetworkInterfaceName)
 
-	if len(s.PrivateIPAddresses) > 0 {
-		privateIPAddresses := make([]*armnetwork.PrivateEndpointIPConfiguration, 0, len(s.PrivateIPAddresses))
-		for _, address := range s.PrivateIPAddresses {
-			ipConfig := &armnetwork.PrivateEndpointIPConfigurationProperties{PrivateIPAddress: ptr.To(address)}
+	privateIPAddresses := make([]*armnetwork.PrivateEndpointIPConfiguration, 0, len(s.PrivateIPAddresses))
+	for _, address := range s.PrivateIPAddresses {
+		ipConfig := &armnetwork.PrivateEndpointIPConfigurationProperties{PrivateIPAddress: ptr.To(address)}
 
-			privateIPAddresses = append(privateIPAddresses, &armnetwork.PrivateEndpointIPConfiguration{
-				Properties: ipConfig,
-			})
-		}
-		privateEndpointProperties.IPConfigurations = privateIPAddresses
+		privateIPAddresses = append(privateIPAddresses, &armnetwork.PrivateEndpointIPConfiguration{
+			Properties: ipConfig,
+		})
 	}
+	privateEndpointProperties.IPConfigurations = privateIPAddresses
 
 	privateLinkServiceConnections := make([]*armnetwork.PrivateLinkServiceConnection, 0, len(s.PrivateLinkServiceConnections))
 	for _, privateLinkServiceConnection := range s.PrivateLinkServiceConnections {
@@ -127,15 +123,15 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface
 		privateEndpointProperties.ManualPrivateLinkServiceConnections = []*armnetwork.PrivateLinkServiceConnection{}
 	}
 
-	applicationSecurityGroups := make([]*armnetwork.ApplicationSecurityGroup, 0, len(s.ApplicationSecurityGroups))
+	applicationSecurityGroups := make([]armnetwork.ApplicationSecurityGroup, 0, len(s.ApplicationSecurityGroups))
 
 	for _, applicationSecurityGroup := range s.ApplicationSecurityGroups {
-		applicationSecurityGroups = append(applicationSecurityGroups, &armnetwork.ApplicationSecurityGroup{
+		applicationSecurityGroups = append(applicationSecurityGroups, armnetwork.ApplicationSecurityGroup{
 			ID: ptr.To(applicationSecurityGroup),
 		})
 	}
 
-	privateEndpointProperties.ApplicationSecurityGroups = applicationSecurityGroups
+	privateEndpointProperties.ApplicationSecurityGroups = azure.PtrSlice(&applicationSecurityGroups)
 
 	newPrivateEndpoint := armnetwork.PrivateEndpoint{
 		Name:       ptr.To(s.Name),
@@ -163,7 +159,7 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface
 			return nil, azure.WithTransientError(errors.Errorf("Unable to update existing private endpoint in non-terminal state. Service Endpoint must be in one of the following provisioning states: Canceled, Failed, or Succeeded. Actual state: %s", ps), 20*time.Second)
 		}
 
-		normalizedExistingPE := normalizePrivateEndpoint(existingPE)
+		normalizedExistingPE := normalizePrivateEndpoint(existingPE, newPrivateEndpoint)
 		normalizedExistingPE = sortSlicesPrivateEndpoint(normalizedExistingPE)
 
 		newPrivateEndpoint = sortSlicesPrivateEndpoint(newPrivateEndpoint)
@@ -180,16 +176,16 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface
 	return newPrivateEndpoint, nil
 }
 
-func normalizePrivateEndpoint(existingPE armnetwork.PrivateEndpoint) armnetwork.PrivateEndpoint {
+func normalizePrivateEndpoint(existingPE, newPrivateEndpoint armnetwork.PrivateEndpoint) armnetwork.PrivateEndpoint {
 	normalizedExistingPE := armnetwork.PrivateEndpoint{
 		Name:     existingPE.Name,
 		Location: existingPE.Location,
 		Properties: &armnetwork.PrivateEndpointProperties{
 			Subnet: &armnetwork.Subnet{
 				ID: existingPE.Properties.Subnet.ID,
 				Properties: &armnetwork.SubnetPropertiesFormat{
-					PrivateEndpointNetworkPolicies:    existingPE.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies,
-					PrivateLinkServiceNetworkPolicies: existingPE.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies,
+					PrivateEndpointNetworkPolicies:    newPrivateEndpoint.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies,
+					PrivateLinkServiceNetworkPolicies: newPrivateEndpoint.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies,
 				},
 			},
 			ApplicationSecurityGroups:  existingPE.Properties.ApplicationSecurityGroups,
@@ -198,6 +194,10 @@ func normalizePrivateEndpoint(existingPE armnetwork.PrivateEndpoint) armnetwork.
 		},
 		Tags: existingPE.Tags,
 	}
+	if existingPE.Properties != nil && existingPE.Properties.Subnet != nil && existingPE.Properties.Subnet.Properties != nil {
+		normalizedExistingPE.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies = existingPE.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies
+		normalizedExistingPE.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies = existingPE.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies
+	}
 
 	existingPrivateLinkServiceConnections := make([]*armnetwork.PrivateLinkServiceConnection, 0, len(existingPE.Properties.PrivateLinkServiceConnections))
 	for _, privateLinkServiceConnection := range existingPE.Properties.PrivateLinkServiceConnections {

azure/services/privateendpoints/spec_test.go

@@ -84,14 +84,54 @@ func TestParameters(t *testing.T) {
 				Properties: &armnetwork.PrivateEndpointProperties{
 					Subnet: &armnetwork.Subnet{
 						ID: ptr.To("test-subnet"),
-						Properties: &armnetwork.SubnetPropertiesFormat{
-							PrivateEndpointNetworkPolicies:    ptr.To(armnetwork.VirtualNetworkPrivateEndpointNetworkPoliciesDisabled),
-							PrivateLinkServiceNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesEnabled),
-						},
 					},
 					ApplicationSecurityGroups: []*armnetwork.ApplicationSecurityGroup{{
 						ID: ptr.To("asg1"),
 					}},
+					CustomNetworkInterfaceName: ptr.To(""),
+					IPConfigurations:           []*armnetwork.PrivateEndpointIPConfiguration{},
+					PrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{{
+						Name: ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].Name),
+						Properties: &armnetwork.PrivateLinkServiceConnectionProperties{
+							PrivateLinkServiceID: ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].PrivateLinkServiceID),
+							GroupIDs:             nil,
+							RequestMessage:       ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].RequestMessage),
+						},
+					}},
+					ManualPrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{},
+					ProvisioningState:                   ptr.To(armnetwork.ProvisioningStateSucceeded),
+				},
+				Tags: map[string]*string{"sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": ptr.To("owned"), "Name": ptr.To("test-private-endpoint1")},
+			},
+			expect: func(g *WithT, result interface{}) {
+				g.Expect(result).To(BeNil())
+			},
+		},
+		{
+			name: "PrivateEndpoint without AppplicationSecurityGroups already exists with the same config",
+			spec: &PrivateEndpointSpec{
+				Name:                      privateEndpoint1.Name,
+				ResourceGroup:             "test-group",
+				ClusterName:               "my-cluster",
+				ApplicationSecurityGroups: nil,
+				PrivateLinkServiceConnections: []PrivateLinkServiceConnection{{
+					Name:                 privateEndpoint1.PrivateLinkServiceConnections[0].Name,
+					GroupIDs:             privateEndpoint1.PrivateLinkServiceConnections[0].GroupIDs,
+					PrivateLinkServiceID: privateEndpoint1.PrivateLinkServiceConnections[0].PrivateLinkServiceID,
+					RequestMessage:       privateEndpoint1.PrivateLinkServiceConnections[0].RequestMessage,
+				}},
+				SubnetID: "test-subnet",
+			},
+			// See https://learn.microsoft.com/en-us/rest/api/virtualnetwork/private-endpoints/get?tabs=Go for more options
+			existing: armnetwork.PrivateEndpoint{
+				Name: ptr.To("test-private-endpoint1"),
+				Properties: &armnetwork.PrivateEndpointProperties{
+					Subnet: &armnetwork.Subnet{
+						ID: ptr.To("test-subnet"),
+					},
+					ApplicationSecurityGroups:  nil,
+					CustomNetworkInterfaceName: ptr.To(""),
+					IPConfigurations:           []*armnetwork.PrivateEndpointIPConfiguration{},
 					PrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{{
 						Name: ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].Name),
 						Properties: &armnetwork.PrivateLinkServiceConnectionProperties{
@@ -131,14 +171,12 @@ func TestParameters(t *testing.T) {
 				Properties: &armnetwork.PrivateEndpointProperties{
 					Subnet: &armnetwork.Subnet{
 						ID: ptr.To("test-subnet"),
-						Properties: &armnetwork.SubnetPropertiesFormat{
-							PrivateEndpointNetworkPolicies:    ptr.To(armnetwork.VirtualNetworkPrivateEndpointNetworkPoliciesDisabled),
-							PrivateLinkServiceNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesEnabled),
-						},
 					},
 					ApplicationSecurityGroups: []*armnetwork.ApplicationSecurityGroup{{
 						ID: ptr.To("asg1"),
 					}},
+					CustomNetworkInterfaceName: ptr.To(""),
+					IPConfigurations:           []*armnetwork.PrivateEndpointIPConfiguration{},
 					ManualPrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{{
 						Name: ptr.To(privateEndpoint1Manual.PrivateLinkServiceConnections[0].Name),
 						Properties: &armnetwork.PrivateLinkServiceConnectionProperties{
@@ -180,10 +218,6 @@ func TestParameters(t *testing.T) {
 				Properties: &armnetwork.PrivateEndpointProperties{
 					Subnet: &armnetwork.Subnet{
 						ID: ptr.To("test-subnet"),
-						Properties: &armnetwork.SubnetPropertiesFormat{
-							PrivateEndpointNetworkPolicies:    ptr.To(armnetwork.VirtualNetworkPrivateEndpointNetworkPoliciesDisabled),
-							PrivateLinkServiceNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesEnabled),
-						},
 					},
 					ApplicationSecurityGroups: []*armnetwork.ApplicationSecurityGroup{{
 						ID: ptr.To("asg1"),