Skip to content

Commit 2afdf16

Browse files
matthchrmatthchr
authored
Fix bug where owner.armId could be changed (#4193)
It was never intended to allow changes to owner.armId, this protection was missed when adding owner.armId support. Even though this is technically a breaking change in the strictest sense, it's unlikely to break users as updating ARM ID, while not explicitly rejected, didn't actually work upstream in Azure for most cases. Fixes #4181
1 parent 1c9a80c commit 2afdf16

File tree

3 files changed

+729
-6
lines changed

3 files changed

+729
-6
lines changed

v2/internal/controllers/edge_case_test.go

Lines changed: 37 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -218,7 +218,42 @@ func Test_Owner_IsImmutableOnceSuccessfullyCreated(t *testing.T) {
218218
acct.Spec.Owner = testcommon.AsOwner(rg2)
219219
err := tc.PatchAndExpectError(old, acct)
220220

221-
tc.Expect(err).ToNot(BeNil())
221+
tc.Expect(err).To(MatchError(ContainSubstring("updating 'spec.owner.name' is not allowed")))
222+
tc.Expect(old.Owner().Name).ToNot(BeIdenticalTo(rg2.Name))
223+
224+
// Delete the account
225+
tc.DeleteResourceAndWait(acct)
226+
}
227+
228+
func Test_OwnerARMID_IsImmutableOnceSuccessfullyCreated(t *testing.T) {
229+
t.Parallel()
230+
231+
tc := globalTestContext.ForTest(t)
232+
233+
rg := tc.CreateTestResourceGroupAndWait()
234+
235+
// Ensure that the RG has an ARM ID set
236+
tc.Expect(rg.Status.Id).ToNot(BeNil())
237+
tc.Expect(to.Value(rg.Status.Id)).ToNot(BeEmpty())
238+
239+
acct := newStorageAccount(tc, rg)
240+
// Manually set the ARM ID of the owner:
241+
acct.Spec.Owner.Name = ""
242+
acct.Spec.Owner.ARMID = to.Value(rg.Status.Id)
243+
tc.CreateResourcesAndWait(acct)
244+
245+
rg2 := tc.CreateTestResourceGroupAndWait()
246+
247+
// Ensure that the RG has an ARM ID set
248+
tc.Expect(rg2.Status.Id).ToNot(BeNil())
249+
tc.Expect(to.Value(rg2.Status.Id)).ToNot(BeEmpty())
250+
251+
// Patch the account to change Owner
252+
old := acct.DeepCopy()
253+
acct.Spec.Owner.ARMID = to.Value(rg2.Status.Id)
254+
err := tc.PatchAndExpectError(old, acct)
255+
256+
tc.Expect(err).To(MatchError(ContainSubstring("updating 'spec.owner.armId' is not allowed")))
222257
tc.Expect(old.Owner().Name).ToNot(BeIdenticalTo(rg2.Name))
223258

224259
// Delete the account
@@ -242,7 +277,7 @@ func Test_AzureName_IsImmutable_IfAzureHasBeenCommunicatedWith(t *testing.T) {
242277
acct.Spec.AzureName = tc.NoSpaceNamer.GenerateName("stor")
243278
err := tc.PatchAndExpectError(old, acct)
244279
tc.Expect(err).To(HaveOccurred())
245-
tc.Expect(err.Error()).To(ContainSubstring("updating 'AzureName' is not allowed"))
280+
tc.Expect(err.Error()).To(ContainSubstring("updating 'spec.azureName' is not allowed"))
246281

247282
// Delete the account
248283
tc.DeleteResourceAndWait(acct)

0 commit comments

Comments
 (0)