Merge pull request kubernetes-sigs#5012 from hrbasic/issue_4930

Update managed vnet check logic

Author: k8s-ci-robot

azure/scope/cluster.go

@@ -582,9 +582,21 @@ func (s *ClusterScope) IsVnetManaged() bool {
 	if s.cache.isVnetManaged != nil {
 		return ptr.Deref(s.cache.isVnetManaged, false)
 	}
-	isVnetManaged := s.Vnet().ID == "" || s.Vnet().Tags.HasOwned(s.ClusterName())
-	s.cache.isVnetManaged = ptr.To(isVnetManaged)
-	return isVnetManaged
+	ctx := context.Background()
+	ctx, log, done := tele.StartSpanWithLogger(ctx, "scope.ClusterScope.IsVnetManaged")
+	defer done()
+
+	vnet := s.VNetSpec().ResourceRef()
+	vnet.SetNamespace(s.ASOOwner().GetNamespace())
+	err := s.Client.Get(ctx, client.ObjectKeyFromObject(vnet), vnet)
+	if err != nil {
+		log.Error(err, "Unable to determine if ClusterScope VNET is managed by capz, assuming unmanaged", "AzureCluster", s.ClusterName())
+		return false
+	}
+
+	isManaged := infrav1.Tags(vnet.Status.Tags).HasOwned(s.ClusterName())
+	s.cache.isVnetManaged = ptr.To(isManaged)
+	return isManaged
 }
 
 // IsIPv6Enabled returns true if IPv6 is enabled.

azure/scope/cluster_test.go

@@ -930,9 +930,15 @@ func TestRouteTableSpecs(t *testing.T) {
 }
 
 func TestNatGatewaySpecs(t *testing.T) {
+	scheme := runtime.NewScheme()
+	_ = asonetworkv1api20201101.AddToScheme(scheme)
+	_ = corev1.AddToScheme(scheme)
+	_ = infrav1.AddToScheme(scheme)
+
 	tests := []struct {
 		name         string
 		clusterScope ClusterScope
+		vnet         asonetworkv1api20201101.VirtualNetwork
 		want         []azure.ASOResourceSpecGetter[*asonetworkv1api20220701.NatGateway]
 	}{
 		{
@@ -993,11 +999,24 @@ func TestNatGatewaySpecs(t *testing.T) {
 									},
 								},
 							},
+							Vnet: infrav1.VnetSpec{
+								Name: "fake-vnet-1",
+							},
 						},
 					},
 				},
 				cache: &ClusterCache{},
 			},
+			vnet: asonetworkv1api20201101.VirtualNetwork{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fake-vnet-1",
+				},
+				Status: asonetworkv1api20201101.VirtualNetwork_STATUS{
+					Tags: map[string]string{
+						"sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned",
+					},
+				},
+			},
 			want: []azure.ASOResourceSpecGetter[*asonetworkv1api20220701.NatGateway]{
 				&natgateways.NatGatewaySpec{
 					Name:           "fake-nat-gateway-1",
@@ -1075,11 +1094,24 @@ func TestNatGatewaySpecs(t *testing.T) {
 									},
 								},
 							},
+							Vnet: infrav1.VnetSpec{
+								Name: "fake-vnet-1",
+							},
 						},
 					},
 				},
 				cache: &ClusterCache{},
 			},
+			vnet: asonetworkv1api20201101.VirtualNetwork{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fake-vnet-1",
+				},
+				Status: asonetworkv1api20201101.VirtualNetwork_STATUS{
+					Tags: map[string]string{
+						"sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned",
+					},
+				},
+			},
 			want: []azure.ASOResourceSpecGetter[*asonetworkv1api20220701.NatGateway]{
 				&natgateways.NatGatewaySpec{
 					Name:           "fake-nat-gateway-1",
@@ -1156,11 +1188,24 @@ func TestNatGatewaySpecs(t *testing.T) {
 									},
 								},
 							},
+							Vnet: infrav1.VnetSpec{
+								Name: "fake-vnet-1",
+							},
 						},
 					},
 				},
 				cache: &ClusterCache{},
 			},
+			vnet: asonetworkv1api20201101.VirtualNetwork{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fake-vnet-1",
+				},
+				Status: asonetworkv1api20201101.VirtualNetwork_STATUS{
+					Tags: map[string]string{
+						"sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned",
+					},
+				},
+			},
 			want: []azure.ASOResourceSpecGetter[*asonetworkv1api20220701.NatGateway]{
 				&natgateways.NatGatewaySpec{
 					Name:           "fake-nat-gateway-1",
@@ -1182,6 +1227,23 @@ func TestNatGatewaySpecs(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
+			fakeIdentity := &infrav1.AzureClusterIdentity{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "fake-identity",
+					Namespace: "default",
+				},
+				Spec: infrav1.AzureClusterIdentitySpec{
+					Type:     infrav1.ServicePrincipal,
+					ClientID: fakeClientID,
+					TenantID: fakeTenantID,
+				},
+			}
+			fakeSecret := &corev1.Secret{Data: map[string][]byte{"clientSecret": []byte("fooSecret")}}
+
+			initObjects := []runtime.Object{&tt.vnet, fakeIdentity, fakeSecret}
+			fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build()
+			tt.clusterScope.Client = fakeClient
+
 			if got := tt.clusterScope.NatGatewaySpecs(); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("NatGatewaySpecs() = %s, want %s", specArrayToString(got), specArrayToString(tt.want))
 			}
@@ -1349,9 +1411,15 @@ func TestNSGSpecs(t *testing.T) {
 }
 
 func TestSubnetSpecs(t *testing.T) {
+	scheme := runtime.NewScheme()
+	_ = asonetworkv1api20201101.AddToScheme(scheme)
+	_ = corev1.AddToScheme(scheme)
+	_ = infrav1.AddToScheme(scheme)
+
 	tests := []struct {
 		name         string
 		clusterScope ClusterScope
+		vnet         asonetworkv1api20201101.VirtualNetwork
 		want         []azure.ASOResourceSpecGetter[*asonetworkv1api20201101.VirtualNetworksSubnet]
 	}{
 		{
@@ -1431,6 +1499,11 @@ func TestSubnetSpecs(t *testing.T) {
 				},
 				cache: &ClusterCache{},
 			},
+			vnet: asonetworkv1api20201101.VirtualNetwork{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fake-vnet-1",
+				},
+			},
 			want: []azure.ASOResourceSpecGetter[*asonetworkv1api20201101.VirtualNetworksSubnet]{
 				&subnets.SubnetSpec{
 					Name:              "fake-subnet-1",
@@ -1536,6 +1609,11 @@ func TestSubnetSpecs(t *testing.T) {
 				},
 				cache: &ClusterCache{},
 			},
+			vnet: asonetworkv1api20201101.VirtualNetwork{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fake-vnet-1",
+				},
+			},
 			want: []azure.ASOResourceSpecGetter[*asonetworkv1api20201101.VirtualNetworksSubnet]{
 				&subnets.SubnetSpec{
 					Name:              "fake-subnet-1",
@@ -1568,6 +1646,23 @@ func TestSubnetSpecs(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
+			fakeIdentity := &infrav1.AzureClusterIdentity{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "fake-identity",
+					Namespace: "default",
+				},
+				Spec: infrav1.AzureClusterIdentitySpec{
+					Type:     infrav1.ServicePrincipal,
+					ClientID: fakeClientID,
+					TenantID: fakeTenantID,
+				},
+			}
+			fakeSecret := &corev1.Secret{Data: map[string][]byte{"clientSecret": []byte("fooSecret")}}
+
+			initObjects := []runtime.Object{&tt.vnet, fakeIdentity, fakeSecret}
+			fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build()
+			tt.clusterScope.Client = fakeClient
+
 			if got := tt.clusterScope.SubnetSpecs(); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("SubnetSpecs() = \n%s, want \n%s", specArrayToString(got), specArrayToString(tt.want))
 			}
@@ -1576,13 +1671,19 @@ func TestSubnetSpecs(t *testing.T) {
 }
 
 func TestIsVnetManaged(t *testing.T) {
+	scheme := runtime.NewScheme()
+	_ = asonetworkv1api20201101.AddToScheme(scheme)
+	_ = corev1.AddToScheme(scheme)
+	_ = infrav1.AddToScheme(scheme)
+
 	tests := []struct {
 		name         string
 		clusterScope ClusterScope
+		vnet         asonetworkv1api20201101.VirtualNetwork
 		want         bool
 	}{
 		{
-			name: "VNET ID is empty",
+			name: "Wrong tags",
 			clusterScope: ClusterScope{
 				Cluster: &clusterv1.Cluster{
 					ObjectMeta: metav1.ObjectMeta{
@@ -1593,36 +1694,22 @@ func TestIsVnetManaged(t *testing.T) {
 					Spec: infrav1.AzureClusterSpec{
 						NetworkSpec: infrav1.NetworkSpec{
 							Vnet: infrav1.VnetSpec{
-								ID: "",
+								Name: "fake-vnet-1",
 							},
 						},
 					},
 				},
 				cache: &ClusterCache{},
 			},
-			want: true,
-		},
-		{
-			name: "Wrong tags",
-			clusterScope: ClusterScope{
-				Cluster: &clusterv1.Cluster{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "my-cluster",
-					},
+			vnet: asonetworkv1api20201101.VirtualNetwork{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fake-vnet-1",
 				},
-				AzureCluster: &infrav1.AzureCluster{
-					Spec: infrav1.AzureClusterSpec{
-						NetworkSpec: infrav1.NetworkSpec{
-							Vnet: infrav1.VnetSpec{
-								ID: "my-id",
-								VnetClassSpec: infrav1.VnetClassSpec{Tags: map[string]string{
-									"key": "value",
-								}},
-							},
-						},
+				Status: asonetworkv1api20201101.VirtualNetwork_STATUS{
+					Tags: map[string]string{
+						"key": "value",
 					},
 				},
-				cache: &ClusterCache{},
 			},
 			want: false,
 		},
@@ -1638,16 +1725,23 @@ func TestIsVnetManaged(t *testing.T) {
 					Spec: infrav1.AzureClusterSpec{
 						NetworkSpec: infrav1.NetworkSpec{
 							Vnet: infrav1.VnetSpec{
-								ID: "my-id",
-								VnetClassSpec: infrav1.VnetClassSpec{Tags: map[string]string{
-									"sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned",
-								}},
+								Name: "fake-vnet-1",
 							},
 						},
 					},
 				},
 				cache: &ClusterCache{},
 			},
+			vnet: asonetworkv1api20201101.VirtualNetwork{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fake-vnet-1",
+				},
+				Status: asonetworkv1api20201101.VirtualNetwork_STATUS{
+					Tags: map[string]string{
+						"sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned",
+					},
+				},
+			},
 			want: true,
 		},
 		{
@@ -1680,6 +1774,23 @@ func TestIsVnetManaged(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
+			fakeIdentity := &infrav1.AzureClusterIdentity{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "fake-identity",
+					Namespace: "default",
+				},
+				Spec: infrav1.AzureClusterIdentitySpec{
+					Type:     infrav1.ServicePrincipal,
+					ClientID: fakeClientID,
+					TenantID: fakeTenantID,
+				},
+			}
+			fakeSecret := &corev1.Secret{Data: map[string][]byte{"clientSecret": []byte("fooSecret")}}
+
+			initObjects := []runtime.Object{&tt.vnet, fakeIdentity, fakeSecret}
+			fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build()
+			tt.clusterScope.Client = fakeClient
+
 			got := tt.clusterScope.IsVnetManaged()
 			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("IsVnetManaged() = \n%t, want \n%t", got, tt.want)