diff --git a/azure/services/privateendpoints/spec.go b/azure/services/privateendpoints/spec.go index 8e4cfb88936..bc7dd558de3 100644 --- a/azure/services/privateendpoints/spec.go +++ b/azure/services/privateendpoints/spec.go @@ -84,21 +84,17 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface }, } - if s.CustomNetworkInterfaceName != "" { - privateEndpointProperties.CustomNetworkInterfaceName = ptr.To(s.CustomNetworkInterfaceName) - } + privateEndpointProperties.CustomNetworkInterfaceName = ptr.To(s.CustomNetworkInterfaceName) - if len(s.PrivateIPAddresses) > 0 { - privateIPAddresses := make([]*armnetwork.PrivateEndpointIPConfiguration, 0, len(s.PrivateIPAddresses)) - for _, address := range s.PrivateIPAddresses { - ipConfig := &armnetwork.PrivateEndpointIPConfigurationProperties{PrivateIPAddress: ptr.To(address)} + privateIPAddresses := make([]*armnetwork.PrivateEndpointIPConfiguration, 0, len(s.PrivateIPAddresses)) + for _, address := range s.PrivateIPAddresses { + ipConfig := &armnetwork.PrivateEndpointIPConfigurationProperties{PrivateIPAddress: ptr.To(address)} - privateIPAddresses = append(privateIPAddresses, &armnetwork.PrivateEndpointIPConfiguration{ - Properties: ipConfig, - }) - } - privateEndpointProperties.IPConfigurations = privateIPAddresses + privateIPAddresses = append(privateIPAddresses, &armnetwork.PrivateEndpointIPConfiguration{ + Properties: ipConfig, + }) } + privateEndpointProperties.IPConfigurations = privateIPAddresses privateLinkServiceConnections := make([]*armnetwork.PrivateLinkServiceConnection, 0, len(s.PrivateLinkServiceConnections)) for _, privateLinkServiceConnection := range s.PrivateLinkServiceConnections { @@ -127,15 +123,15 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface privateEndpointProperties.ManualPrivateLinkServiceConnections = []*armnetwork.PrivateLinkServiceConnection{} } - applicationSecurityGroups := make([]*armnetwork.ApplicationSecurityGroup, 0, len(s.ApplicationSecurityGroups)) + applicationSecurityGroups := make([]armnetwork.ApplicationSecurityGroup, 0, len(s.ApplicationSecurityGroups)) for _, applicationSecurityGroup := range s.ApplicationSecurityGroups { - applicationSecurityGroups = append(applicationSecurityGroups, &armnetwork.ApplicationSecurityGroup{ + applicationSecurityGroups = append(applicationSecurityGroups, armnetwork.ApplicationSecurityGroup{ ID: ptr.To(applicationSecurityGroup), }) } - privateEndpointProperties.ApplicationSecurityGroups = applicationSecurityGroups + privateEndpointProperties.ApplicationSecurityGroups = azure.PtrSlice(&applicationSecurityGroups) newPrivateEndpoint := armnetwork.PrivateEndpoint{ Name: ptr.To(s.Name), @@ -163,7 +159,7 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface return nil, azure.WithTransientError(errors.Errorf("Unable to update existing private endpoint in non-terminal state. Service Endpoint must be in one of the following provisioning states: Canceled, Failed, or Succeeded. Actual state: %s", ps), 20*time.Second) } - normalizedExistingPE := normalizePrivateEndpoint(existingPE) + normalizedExistingPE := normalizePrivateEndpoint(existingPE, newPrivateEndpoint) normalizedExistingPE = sortSlicesPrivateEndpoint(normalizedExistingPE) newPrivateEndpoint = sortSlicesPrivateEndpoint(newPrivateEndpoint) @@ -180,7 +176,7 @@ func (s *PrivateEndpointSpec) Parameters(ctx context.Context, existing interface return newPrivateEndpoint, nil } -func normalizePrivateEndpoint(existingPE armnetwork.PrivateEndpoint) armnetwork.PrivateEndpoint { +func normalizePrivateEndpoint(existingPE, newPrivateEndpoint armnetwork.PrivateEndpoint) armnetwork.PrivateEndpoint { normalizedExistingPE := armnetwork.PrivateEndpoint{ Name: existingPE.Name, Location: existingPE.Location, @@ -188,8 +184,8 @@ func normalizePrivateEndpoint(existingPE armnetwork.PrivateEndpoint) armnetwork. Subnet: &armnetwork.Subnet{ ID: existingPE.Properties.Subnet.ID, Properties: &armnetwork.SubnetPropertiesFormat{ - PrivateEndpointNetworkPolicies: existingPE.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies, - PrivateLinkServiceNetworkPolicies: existingPE.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies, + PrivateEndpointNetworkPolicies: newPrivateEndpoint.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies, + PrivateLinkServiceNetworkPolicies: newPrivateEndpoint.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies, }, }, ApplicationSecurityGroups: existingPE.Properties.ApplicationSecurityGroups, @@ -198,6 +194,10 @@ func normalizePrivateEndpoint(existingPE armnetwork.PrivateEndpoint) armnetwork. }, Tags: existingPE.Tags, } + if existingPE.Properties != nil && existingPE.Properties.Subnet != nil && existingPE.Properties.Subnet.Properties != nil { + normalizedExistingPE.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies = existingPE.Properties.Subnet.Properties.PrivateEndpointNetworkPolicies + normalizedExistingPE.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies = existingPE.Properties.Subnet.Properties.PrivateLinkServiceNetworkPolicies + } existingPrivateLinkServiceConnections := make([]*armnetwork.PrivateLinkServiceConnection, 0, len(existingPE.Properties.PrivateLinkServiceConnections)) for _, privateLinkServiceConnection := range existingPE.Properties.PrivateLinkServiceConnections { diff --git a/azure/services/privateendpoints/spec_test.go b/azure/services/privateendpoints/spec_test.go index ccec025c143..f6aa34db0f2 100644 --- a/azure/services/privateendpoints/spec_test.go +++ b/azure/services/privateendpoints/spec_test.go @@ -84,14 +84,54 @@ func TestParameters(t *testing.T) { Properties: &armnetwork.PrivateEndpointProperties{ Subnet: &armnetwork.Subnet{ ID: ptr.To("test-subnet"), - Properties: &armnetwork.SubnetPropertiesFormat{ - PrivateEndpointNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateEndpointNetworkPoliciesDisabled), - PrivateLinkServiceNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesEnabled), - }, }, ApplicationSecurityGroups: []*armnetwork.ApplicationSecurityGroup{{ ID: ptr.To("asg1"), }}, + CustomNetworkInterfaceName: ptr.To(""), + IPConfigurations: []*armnetwork.PrivateEndpointIPConfiguration{}, + PrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{{ + Name: ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].Name), + Properties: &armnetwork.PrivateLinkServiceConnectionProperties{ + PrivateLinkServiceID: ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].PrivateLinkServiceID), + GroupIDs: nil, + RequestMessage: ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].RequestMessage), + }, + }}, + ManualPrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{}, + ProvisioningState: ptr.To(armnetwork.ProvisioningStateSucceeded), + }, + Tags: map[string]*string{"sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": ptr.To("owned"), "Name": ptr.To("test-private-endpoint1")}, + }, + expect: func(g *WithT, result interface{}) { + g.Expect(result).To(BeNil()) + }, + }, + { + name: "PrivateEndpoint without AppplicationSecurityGroups already exists with the same config", + spec: &PrivateEndpointSpec{ + Name: privateEndpoint1.Name, + ResourceGroup: "test-group", + ClusterName: "my-cluster", + ApplicationSecurityGroups: nil, + PrivateLinkServiceConnections: []PrivateLinkServiceConnection{{ + Name: privateEndpoint1.PrivateLinkServiceConnections[0].Name, + GroupIDs: privateEndpoint1.PrivateLinkServiceConnections[0].GroupIDs, + PrivateLinkServiceID: privateEndpoint1.PrivateLinkServiceConnections[0].PrivateLinkServiceID, + RequestMessage: privateEndpoint1.PrivateLinkServiceConnections[0].RequestMessage, + }}, + SubnetID: "test-subnet", + }, + // See https://learn.microsoft.com/en-us/rest/api/virtualnetwork/private-endpoints/get?tabs=Go for more options + existing: armnetwork.PrivateEndpoint{ + Name: ptr.To("test-private-endpoint1"), + Properties: &armnetwork.PrivateEndpointProperties{ + Subnet: &armnetwork.Subnet{ + ID: ptr.To("test-subnet"), + }, + ApplicationSecurityGroups: nil, + CustomNetworkInterfaceName: ptr.To(""), + IPConfigurations: []*armnetwork.PrivateEndpointIPConfiguration{}, PrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{{ Name: ptr.To(privateEndpoint1.PrivateLinkServiceConnections[0].Name), Properties: &armnetwork.PrivateLinkServiceConnectionProperties{ @@ -131,14 +171,12 @@ func TestParameters(t *testing.T) { Properties: &armnetwork.PrivateEndpointProperties{ Subnet: &armnetwork.Subnet{ ID: ptr.To("test-subnet"), - Properties: &armnetwork.SubnetPropertiesFormat{ - PrivateEndpointNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateEndpointNetworkPoliciesDisabled), - PrivateLinkServiceNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesEnabled), - }, }, ApplicationSecurityGroups: []*armnetwork.ApplicationSecurityGroup{{ ID: ptr.To("asg1"), }}, + CustomNetworkInterfaceName: ptr.To(""), + IPConfigurations: []*armnetwork.PrivateEndpointIPConfiguration{}, ManualPrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{{ Name: ptr.To(privateEndpoint1Manual.PrivateLinkServiceConnections[0].Name), Properties: &armnetwork.PrivateLinkServiceConnectionProperties{ @@ -180,10 +218,6 @@ func TestParameters(t *testing.T) { Properties: &armnetwork.PrivateEndpointProperties{ Subnet: &armnetwork.Subnet{ ID: ptr.To("test-subnet"), - Properties: &armnetwork.SubnetPropertiesFormat{ - PrivateEndpointNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateEndpointNetworkPoliciesDisabled), - PrivateLinkServiceNetworkPolicies: ptr.To(armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesEnabled), - }, }, ApplicationSecurityGroups: []*armnetwork.ApplicationSecurityGroup{{ ID: ptr.To("asg1"),