Fix outboundType validation and add more checks

Issue: #709 (cherry picked from commit 0023e6b)
rancher · Dec 20, 2024 · b1a43e4 · b1a43e4
1 parent f8f04c6
commit b1a43e4
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 8 deletions.
diff --git a/controller/aks-cluster-config-handler.go b/controller/aks-cluster-config-handler.go
@@ -448,6 +448,17 @@ func (h *Handler) validateConfig(config *aksv1.AKSClusterConfig) error {
 	if aks.String(config.Spec.NetworkPolicy) == string(armcontainerservice.NetworkPolicyAzure) && aks.String(config.Spec.NetworkPlugin) != string(armcontainerservice.NetworkPluginAzure) {
 		return fmt.Errorf("azure network policy can be used only with Azure CNI network plugin for [%s (id: %s)] cluster", config.Spec.ClusterName, config.Name)
 	}
+
+	outboundType := strings.ToLower(aks.String(config.Spec.OutboundType))
+	if outboundType != "" {
+		if outboundType != strings.ToLower(string(armcontainerservice.OutboundTypeLoadBalancer)) &&
+			outboundType != strings.ToLower(string(armcontainerservice.OutboundTypeUserDefinedRouting)) &&
+			outboundType != strings.ToLower(string(armcontainerservice.OutboundTypeManagedNATGateway)) &&
+			outboundType != strings.ToLower(string(armcontainerservice.OutboundTypeUserAssignedNATGateway)) {
+			return fmt.Errorf("invalid outbound type value [%s] for [%s (id: %s)] cluster config", outboundType, config.Spec.ClusterName, config.Name)
+		}
+	}
+
 	cannotBeNilErrorAzurePlugin := "field [%s] must be provided for cluster [%s (id: %s)] config when Azure CNI network plugin is used"
 	if aks.String(config.Spec.NetworkPlugin) == string(armcontainerservice.NetworkPluginAzure) {
 		if config.Spec.VirtualNetwork == nil {

diff --git a/pkg/aks/create.go b/pkg/aks/create.go
@@ -80,16 +80,18 @@ func createManagedCluster(ctx context.Context, cred *Credentials, workplacesClie
 
 	networkProfile := &armcontainerservice.NetworkProfile{}
 
-	switch String(spec.OutboundType) {
-	case string(armcontainerservice.OutboundTypeLoadBalancer):
+	switch strings.ToLower(String(spec.OutboundType)) {
+	case strings.ToLower(string(armcontainerservice.OutboundTypeLoadBalancer)):
 		networkProfile.OutboundType = to.Ptr(armcontainerservice.OutboundTypeLoadBalancer)
-	case string(armcontainerservice.OutboundTypeUserDefinedRouting):
+	case strings.ToLower(string(armcontainerservice.OutboundTypeUserDefinedRouting)):
 		networkProfile.OutboundType = to.Ptr(armcontainerservice.OutboundTypeUserDefinedRouting)
+	case strings.ToLower(string(armcontainerservice.OutboundTypeManagedNATGateway)):
+		networkProfile.OutboundType = to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway)
 	case "":
 		networkProfile.OutboundType = to.Ptr(armcontainerservice.OutboundTypeLoadBalancer)
 	}
 
-	switch String(spec.NetworkPolicy) {
+	switch strings.ToLower(String(spec.NetworkPolicy)) {
 	case string(armcontainerservice.NetworkPolicyAzure):
 		networkProfile.NetworkPolicy = to.Ptr(armcontainerservice.NetworkPolicyAzure)
 	case string(armcontainerservice.NetworkPolicyCalico):
@@ -100,7 +102,7 @@ func createManagedCluster(ctx context.Context, cred *Credentials, workplacesClie
 		return nil, fmt.Errorf("networkPolicy '%s' is not supported", String(spec.NetworkPolicy))
 	}
 
-	switch String(spec.NetworkPlugin) {
+	switch strings.ToLower(String(spec.NetworkPlugin)) {
 	case string(armcontainerservice.NetworkPluginAzure):
 		networkProfile.NetworkPlugin = to.Ptr(armcontainerservice.NetworkPluginAzure)
 	case string(armcontainerservice.NetworkPluginKubenet):
@@ -117,13 +119,13 @@ func createManagedCluster(ctx context.Context, cred *Credentials, workplacesClie
 
 	networkProfile.LoadBalancerSKU = to.Ptr(armcontainerservice.LoadBalancerSKUStandard)
 
-	if String(spec.LoadBalancerSKU) == string(armcontainerservice.LoadBalancerSKUBasic) {
+	if strings.EqualFold(String(spec.LoadBalancerSKU), string(armcontainerservice.LoadBalancerSKUBasic)) {
 		logrus.Warnf("LoadBalancerSKU 'basic' is not supported")
 		networkProfile.LoadBalancerSKU = to.Ptr(armcontainerservice.LoadBalancerSKUBasic)
 	}
 
 	// Disable standard loadbalancer for UserDefinedRouting and use routing created by user pre-defined table for egress
-	if String(spec.OutboundType) == string(armcontainerservice.OutboundTypeUserDefinedRouting) {
+	if strings.EqualFold(String(spec.OutboundType), string(armcontainerservice.OutboundTypeUserDefinedRouting)) {
 		networkProfile.LoadBalancerSKU = nil
 	}
 

diff --git a/pkg/aks/create_test.go b/pkg/aks/create_test.go
@@ -176,7 +176,20 @@ var _ = Describe("newManagedCluster", func() {
 					ID: to.Ptr("test-workspace-id"),
 				},
 			}, nil)
-		clusterSpec.OutboundType = to.Ptr("userDefinedRouting")
+		clusterSpec.OutboundType = to.Ptr("userdefinedrouting")
+		managedCluster, err := createManagedCluster(ctx, cred, workplacesClientMock, clusterSpec, "test-phase")
+		Expect(err).ToNot(HaveOccurred())
+		Expect(*managedCluster.Properties.NetworkProfile.OutboundType).To(Equal(armcontainerservice.OutboundTypeUserDefinedRouting))
+	})
+
+	It("should successfully create managed cluster with outboundtype UserDefinedRouting", func() {
+		workplacesClientMock.EXPECT().Get(ctx, String(clusterSpec.LogAnalyticsWorkspaceGroup), String(clusterSpec.LogAnalyticsWorkspaceName), nil).
+			Return(armoperationalinsights.WorkspacesClientGetResponse{
+				Workspace: armoperationalinsights.Workspace{
+					ID: to.Ptr("test-workspace-id"),
+				},
+			}, nil)
+		clusterSpec.OutboundType = to.Ptr("UserDefinedRouting")
 		managedCluster, err := createManagedCluster(ctx, cred, workplacesClientMock, clusterSpec, "test-phase")
 		Expect(err).ToNot(HaveOccurred())
 		Expect(*managedCluster.Properties.NetworkProfile.OutboundType).To(Equal(armcontainerservice.OutboundTypeUserDefinedRouting))