fix privateendpoints panic and diff

[nojnhuh]

What type of PR is this?
/kind bug

What this PR does / why we need it:

This PR fixes four neighboring issues with how private endpoints are constructed:

1. The Azure API does not populate properties.subnet.properties when GET-ing an existing private endpoints resource, which was assumed to be populated and would cause CAPZ to panic (Creating a cluster with a privateLink (ACR) will lead capz-controller-manager to crash loop on AzureCluster reconcile #4013)
2. The Azure API populates properties.customNetworkInterfaceName as the non-nil empty string "" in GETs after passing nil in an initial PUT. This was causing the Parameters method to always log a diff (but not reconcile forever since CreateOrUpdateAsync was finishing more-or-less immediately and successfully).
3. Similarly, the Azure API populates properties.ipConfigurations as the non-nil empty array [] in GETs when created as nil, causing the same issue as 2.
4. The inverse of 2. and 3. but causing the same issue, the Azure API nulls out properties.applicationSecurityGroups when created as the non-nil empty array [].

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #4013

Special notes for your reviewer:

• cherry-pick candidate

/cherry-pick release-1.11

TODOs:

• squashed commits
• includes documentation
• adds unit tests

Release note:

Fix panic when reconciling private endpoints resources

[nojnhuh]

/cherry-pick release-1.11

[k8s-infra-cherrypick-robot]

@nojnhuh: once the present PR merges, I will cherry-pick it on top of release-1.11 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov]

Codecov Report

Patch coverage: 78.94% and project coverage change: -0.02% ⚠️

Comparison is base (e21844c) 56.59% compared to head (8e3bcea) 56.57%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4014      +/-   ##
==========================================
- Coverage   56.59%   56.57%   -0.02%     
==========================================
  Files         187      187              
  Lines       19124    19126       +2     
==========================================
- Hits        10823    10821       -2     
- Misses       7671     7674       +3     
- Partials      630      631       +1     

Files Changed	Coverage Δ
azure/services/privateendpoints/spec.go	85.11% <78.94%> (-2.24%)	⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nawazkh]

🚀
/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 5d2a78c6b486b03bd3dce4e2a3d83f2c9de823a6

[nawazkh]

Just curious, could we add a guardrail to this scenario via e2e tests?

[nojnhuh]

Just curious, could we add a guardrail to this scenario via e2e tests?

I suppose we could add at least one private endpoint somewhere in the e2e templates, but I'm not exactly sure where that would fit best or what we could really have it link to.

[mboersma]

/lgtm
/test pull-cluster-api-provider-azure-e2e-optional

[CecileRobertMichon]

/lgtm
/approve
/hold in case we want to contemplate adding an e2e test

if not an e2e test, is there a specific unit test that could validate the scenarios described in the PR description?

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: CecileRobertMichon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [CecileRobertMichon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nojnhuh]

if not an e2e test, is there a specific unit test that could validate the scenarios described in the PR description?

I already updated the unit tests to account for the first 3 issues I listed above. Just pushed a change to cover the fourth.

[CecileRobertMichon]

/hold cancel
/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 1c4cfea85a68cb48e3f743b6ad81aeef4f8da9bc

[k8s-infra-cherrypick-robot]

@nojnhuh: new pull request created: #4015

In response to this:

/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.