Merge pull request openshift#7076 from jhixson74/master_azure_ocpbugs_8449

openshift-merge-robot · web-flow · commit 978b35e0c735 · 2023-04-14T00:34:11.000-04:00
OCPBUGS-8449: Azure: don't set default subscriptionID for disk encryption sets
diff --git a/pkg/asset/machines/master.go b/pkg/asset/machines/master.go
@@ -351,11 +351,6 @@ func (m *Master) Generate(dependencies asset.Parents) error {
 			return errors.Wrap(err, "failed to fetch session")
 		}
 
-		// Default to current subscription if one was not specified
-		if mpool.OSDisk.DiskEncryptionSet != nil && mpool.OSDisk.DiskEncryptionSet.SubscriptionID == "" {
-			mpool.OSDisk.DiskEncryptionSet.SubscriptionID = session.Credentials.SubscriptionID
-		}
-
 		client := icazure.NewClient(session)
 		if len(mpool.Zones) == 0 {
 			azs, err := client.GetAvailabilityZones(context.TODO(), ic.Platform.Azure.Region, mpool.InstanceType)
diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go
@@ -436,11 +436,6 @@ func (w *Worker) Generate(dependencies asset.Parents) error {
 				return errors.Wrap(err, "failed to fetch session")
 			}
 
-			// Default to current subscription if one was not specified
-			if mpool.OSDisk.DiskEncryptionSet != nil && mpool.OSDisk.DiskEncryptionSet.SubscriptionID == "" {
-				mpool.OSDisk.DiskEncryptionSet.SubscriptionID = session.Credentials.SubscriptionID
-			}
-
 			client := icazure.NewClient(session)
 			if len(mpool.Zones) == 0 {
 				azs, err := client.GetAvailabilityZones(context.TODO(), ic.Platform.Azure.Region, mpool.InstanceType)
diff --git a/pkg/types/azure/validation/disk.go b/pkg/types/azure/validation/disk.go
@@ -31,7 +31,10 @@ func ValidateDiskEncryption(p *azure.MachinePool, cloudName azure.CloudEnvironme
 	if diskEncryptionSet != nil && cloudName == azure.StackCloud {
 		return append(allErrs, field.Invalid(childFldPath.Child("diskEncryptionSet"), diskEncryptionSet, "disk encryption sets are not supported on this platform"))
 	}
-	if diskEncryptionSet.SubscriptionID != "" && !RxSubscriptionID.MatchString(diskEncryptionSet.SubscriptionID) {
+	if diskEncryptionSet.SubscriptionID == "" {
+		return append(allErrs, field.Required(childFldPath.Child("subscriptionID"), "subscription ID is required"))
+	}
+	if !RxSubscriptionID.MatchString(diskEncryptionSet.SubscriptionID) {
 		return append(allErrs, field.Invalid(childFldPath.Child("subscriptionID"), diskEncryptionSet.SubscriptionID, "invalid subscription ID format"))
 	}
 	if !RxResourceGroup.MatchString(diskEncryptionSet.ResourceGroup) {

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,10 @@ func ValidateDiskEncryption(p *azure.MachinePool, cloudName azure.CloudEnvironme`
`31`	`31`	`if diskEncryptionSet != nil && cloudName == azure.StackCloud {`
`32`	`32`	`return append(allErrs, field.Invalid(childFldPath.Child("diskEncryptionSet"), diskEncryptionSet, "disk encryption sets are not supported on this platform"))`
`33`	`33`	`}`
`34`		`- if diskEncryptionSet.SubscriptionID != "" && !RxSubscriptionID.MatchString(diskEncryptionSet.SubscriptionID) {`
	`34`	`+ if diskEncryptionSet.SubscriptionID == "" {`
	`35`	`+ return append(allErrs, field.Required(childFldPath.Child("subscriptionID"), "subscription ID is required"))`
	`36`	`+ }`
	`37`	`+ if !RxSubscriptionID.MatchString(diskEncryptionSet.SubscriptionID) {`
`35`	`38`	`return append(allErrs, field.Invalid(childFldPath.Child("subscriptionID"), diskEncryptionSet.SubscriptionID, "invalid subscription ID format"))`
`36`	`39`	`}`
`37`	`40`	`if !RxResourceGroup.MatchString(diskEncryptionSet.ResourceGroup) {`