Added Validation and tests

anirudhAgniRedhat · anirudhAgniRedhat · commit 7594f25261a1 · 2024-05-02T12:25:07.000+05:30
diff --git a/pkg/cloud/azure/actuators/machine/reconciler.go b/pkg/cloud/azure/actuators/machine/reconciler.go
@@ -66,7 +66,13 @@ const (
 	// MachineInstanceTypeLabelName as annotation name for a machine instance type
 	MachineInstanceTypeLabelName = "machine.openshift.io/instance-type"
 
-	MachineSetLabelName = "machine.openshift.io/cluster-api-machineset"
+	MachineSetLabelName           = "machine.openshift.io/cluster-api-machineset"
+	azureProviderIDPrefix         = "azure://"
+	azureProvidersKey             = "providers"
+	azureSubscriptionsKey         = "subscriptions"
+	azureResourceGroupsLowerKey   = "resourcegroups"
+	azureLocationsKey             = "locations"
+	azureBuiltInResourceNamespace = "Microsoft.Resources"
 )
 
 // Reconciler are list of services required by cluster actuator, easy to create a fake
@@ -681,6 +687,9 @@ func (s *Reconciler) createVirtualMachine(ctx context.Context, nicName, asName s
 		}
 
 		if s.scope.MachineConfig.CapacityReservationGroupID != "" {
+			if err = validateAzureCapacityReservationGroupID(s.scope.MachineConfig.CapacityReservationGroupID); err != nil {
+				return fmt.Errorf("failed to validate capacityReservationGroupID: %w", err)
+			}
 			vmSpec.CapacityReservationGroupID = s.scope.MachineConfig.CapacityReservationGroupID
 		}
 
@@ -860,3 +869,65 @@ func createDiagnosticsConfig(config *machinev1.AzureMachineProviderSpec) (*compu
 		)
 	}
 }
+
+func validateAzureCapacityReservationGroupID(capacityReservationGroupID string) error {
+	id := strings.TrimPrefix(capacityReservationGroupID, azureProviderIDPrefix)
+	err := parseAzureResourceID(id)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// parseAzureResourceID parses a string to an instance of ResourceID
+func parseAzureResourceID(id string) error {
+	if len(id) == 0 {
+		return fmt.Errorf("invalid resource ID: id cannot be empty")
+	}
+	if !strings.HasPrefix(id, "/") {
+		return fmt.Errorf("invalid resource ID: resource id '%s' must start with '/'", id)
+	}
+	parts := splitStringAndOmitEmpty(id, "/")
+
+	if len(parts) < 2 {
+		return fmt.Errorf("invalid resource ID: %s", id)
+	}
+	if !strings.EqualFold(parts[0], azureSubscriptionsKey) && !strings.EqualFold(parts[0], azureProvidersKey) {
+		return fmt.Errorf("invalid resource ID: %s", id)
+	}
+	return appendNextAzureResourceIDValidation(parts, id)
+}
+
+func splitStringAndOmitEmpty(v, sep string) []string {
+	r := make([]string, 0)
+	for _, s := range strings.Split(v, sep) {
+		if len(s) == 0 {
+			continue
+		}
+		r = append(r, s)
+	}
+	return r
+}
+
+func appendNextAzureResourceIDValidation(parts []string, id string) error {
+	if len(parts) == 0 {
+		return nil
+	}
+	if len(parts) == 1 {
+		// subscriptions and resourceGroups are not valid ids without their names
+		if strings.EqualFold(parts[0], azureSubscriptionsKey) || strings.EqualFold(parts[0], azureResourceGroupsLowerKey) {
+			return fmt.Errorf("invalid resource ID: %s", id)
+		}
+		return nil
+	}
+	if strings.EqualFold(parts[0], azureProvidersKey) && (len(parts) == 2 || strings.EqualFold(parts[2], azureProvidersKey)) {
+		return appendNextAzureResourceIDValidation(parts[2:], id)
+	}
+	if len(parts) > 3 && strings.EqualFold(parts[0], azureProvidersKey) {
+		return appendNextAzureResourceIDValidation(parts[4:], id)
+	}
+	if len(parts) > 1 && !strings.EqualFold(parts[0], azureProvidersKey) {
+		return appendNextAzureResourceIDValidation(parts[2:], id)
+	}
+	return fmt.Errorf("invalid resource ID: %s", id)
+}
diff --git a/pkg/cloud/azure/actuators/machine/reconciler_test.go b/pkg/cloud/azure/actuators/machine/reconciler_test.go
@@ -620,3 +620,44 @@ func TestCreateDiagnosticsConfig(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateCapacityReservationGroupID(t *testing.T) {
+	testCases := []struct {
+		name          string
+		inputID       string
+		expectedError error
+	}{
+		{
+			name:          "validation for capacityReservationGroupID should return nil error if field input is valid",
+			inputID:       "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroupName/providers/Microsoft.Compute/capacityReservationGroups/myCapacityReservationGroup",
+			expectedError: nil,
+		},
+		{
+			name:          "validation for capacityReservationGroupID should return error if field input does not start with '/'",
+			inputID:       "subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroupName/providers/Microsoft.Compute/capacityReservationGroups/myCapacityReservationGroup",
+			expectedError: errors.New("invalid resource ID: resource id 'subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroupName/providers/Microsoft.Compute/capacityReservationGroups/myCapacityReservationGroup' must start with '/'"),
+		},
+		{
+			name:          "validation for capacityReservationGroupID should return error if field input does not have field name subscriptions",
+			inputID:       "/subscripti/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroupName/providers/Microsoft.Compute/capacityReservationGroups/myCapacityReservationGroup",
+			expectedError: errors.New("invalid resource ID: /subscripti/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroupName/providers/Microsoft.Compute/capacityReservationGroups/myCapacityReservationGroup"),
+		},
+		{
+			name:          "validation for capacityReservationGroupID should return error if field input is empty",
+			inputID:       "",
+			expectedError: errors.New("invalid resource ID: id cannot be empty"),
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			g := NewWithT(t)
+			err := validateAzureCapacityReservationGroupID(tc.inputID)
+			if tc.expectedError != nil {
+				g.Expect(err).To(MatchError(tc.expectedError))
+			} else {
+				g.Expect(err).ToNot(HaveOccurred())
+			}
+		})
+	}
+}
