[release-1.18] fix AzCluster_default and AzCluster_validation webhooks (#5616)

* remove unused defaulters

* fix code

* fix tests

---------

Co-authored-by: Nawaz Hussain Khazielakha <k.nawaz.h@gmail.com>

Author: k8s-infra-cherrypick-robot

api/v1beta1/azurecluster_default.go

@@ -200,7 +200,7 @@ func (s *SubnetSpec) setClusterSubnetDefaults(clusterName string) {
 		s.SecurityGroup.Name = generateClusterSecurityGroupName(clusterName)
 	}
 	if s.RouteTable.Name == "" {
-		s.RouteTable.Name = generateClustereRouteTableName(clusterName)
+		s.RouteTable.Name = generateClusterRouteTableName(clusterName)
 	}
 	if s.NatGateway.Name == "" {
 		s.NatGateway.Name = generateClusterNatGatewayName(clusterName)
@@ -456,25 +456,6 @@ func (lb *LoadBalancerClassSpec) setOutboundLBDefaults() {
 	}
 }
 
-func setControlPlaneOutboundLBDefaults(lb *LoadBalancerClassSpec, apiserverLBType LBType) {
-	// public clusters don't need control plane outbound lb
-	if apiserverLBType == Public {
-		return
-	}
-
-	// private clusters can disable control plane outbound lb by setting it to nil.
-	if lb == nil {
-		return
-	}
-
-	lb.Type = Public
-	lb.SKU = SKUStandard
-
-	if lb.IdleTimeoutInMinutes == nil {
-		lb.IdleTimeoutInMinutes = ptr.To[int32](DefaultOutboundRuleIdleTimeoutInMinutes)
-	}
-}
-
 // generateVnetName generates a virtual network name, based on the cluster name.
 func generateVnetName(clusterName string) string {
 	return fmt.Sprintf("%s-%s", clusterName, "vnet")
@@ -520,8 +501,8 @@ func generateNodeSecurityGroupName(clusterName string) string {
 	return fmt.Sprintf("%s-%s", clusterName, "node-nsg")
 }
 
-// generateClustereRouteTableName generates a route table name, based on the cluster name.
-func generateClustereRouteTableName(clusterName string) string {
+// generateClusterRouteTableName generates a route table name, based on the cluster name.
+func generateClusterRouteTableName(clusterName string) string {
 	return fmt.Sprintf("%s-%s", clusterName, "routetable")
 }
 
@@ -555,7 +536,7 @@ func generateFrontendIPConfigName(lbName string) string {
 	return fmt.Sprintf("%s-%s", lbName, "frontEnd")
 }
 
-// generateFrontendIPConfigName generates a load balancer frontend IP config name.
+// generatePrivateIPConfigName generates a load balancer frontend private IP config name.
 func generatePrivateIPConfigName(lbName string) string {
 	return fmt.Sprintf("%s-%s", lbName, "frontEnd-internal-ip")
 }

api/v1beta1/azurecluster_validation.go

@@ -231,7 +231,6 @@ func validateSubnets(controlPlaneEnabled bool, subnets Subnets, vnet VnetSpec, f
 		requiredSubnetRoles["control-plane"] = false
 	}
 	clusterSubnet := false
-	numberofClusterSubnets := 0
 	for i, subnet := range subnets {
 		if err := validateSubnetName(subnet.Name, fldPath.Index(i).Child("name")); err != nil {
 			allErrs = append(allErrs, err)
@@ -242,7 +241,6 @@ func validateSubnets(controlPlaneEnabled bool, subnets Subnets, vnet VnetSpec, f
 		subnetNames[subnet.Name] = true
 		if subnet.Role == SubnetCluster {
 			clusterSubnet = true
-			numberofClusterSubnets++
 		} else {
 			for role := range requiredSubnetRoles {
 				if role == string(subnet.Role) {
@@ -251,10 +249,10 @@ func validateSubnets(controlPlaneEnabled bool, subnets Subnets, vnet VnetSpec, f
 			}
 		}
 
-		for _, rule := range subnet.SecurityGroup.SecurityRules {
+		for j, rule := range subnet.SecurityGroup.SecurityRules {
 			if err := validateSecurityRule(
 				rule,
-				fldPath.Index(i).Child("securityGroup").Child("securityRules").Index(i),
+				fldPath.Index(i).Child("securityGroup").Child("securityRules").Index(j),
 			); err != nil {
 				allErrs = append(allErrs, err...)
 			}
@@ -596,7 +594,7 @@ func validateClassSpecForAPIServerLB(lb LoadBalancerClassSpec, old *LoadBalancer
 
 	if lb.IdleTimeoutInMinutes != nil && (*lb.IdleTimeoutInMinutes < MinLBIdleTimeoutInMinutes || *lb.IdleTimeoutInMinutes > MaxLBIdleTimeoutInMinutes) {
 		allErrs = append(allErrs, field.Invalid(apiServerLBPath.Child("idleTimeoutInMinutes"), *lb.IdleTimeoutInMinutes,
-			fmt.Sprintf("Node outbound idle timeout should be between %d and %d minutes", MinLBIdleTimeoutInMinutes, MaxLoadBalancerOutboundIPs)))
+			fmt.Sprintf("API Server load balancer idle timeout should be between %d and %d minutes", MinLBIdleTimeoutInMinutes, MaxLBIdleTimeoutInMinutes)))
 	}
 
 	return allErrs
@@ -629,7 +627,7 @@ func validateClassSpecForNodeOutboundLB(lb *LoadBalancerClassSpec, old *LoadBala
 
 	if lb.IdleTimeoutInMinutes != nil && (*lb.IdleTimeoutInMinutes < MinLBIdleTimeoutInMinutes || *lb.IdleTimeoutInMinutes > MaxLBIdleTimeoutInMinutes) {
 		allErrs = append(allErrs, field.Invalid(fldPath.Child("idleTimeoutInMinutes"), *lb.IdleTimeoutInMinutes,
-			fmt.Sprintf("Node outbound idle timeout should be between %d and %d minutes", MinLBIdleTimeoutInMinutes, MaxLoadBalancerOutboundIPs)))
+			fmt.Sprintf("Node outbound idle timeout should be between %d and %d minutes", MinLBIdleTimeoutInMinutes, MaxLBIdleTimeoutInMinutes)))
 	}
 
 	return allErrs
@@ -651,7 +649,7 @@ func validateClassSpecForControlPlaneOutboundLB(lb *LoadBalancerClassSpec, apise
 
 		if lb.IdleTimeoutInMinutes != nil && (*lb.IdleTimeoutInMinutes < MinLBIdleTimeoutInMinutes || *lb.IdleTimeoutInMinutes > MaxLBIdleTimeoutInMinutes) {
 			allErrs = append(allErrs, field.Invalid(fldPath.Child("idleTimeoutInMinutes"), *lb.IdleTimeoutInMinutes,
-				fmt.Sprintf("Control plane outbound idle timeout should be between %d and %d minutes", MinLBIdleTimeoutInMinutes, MaxLoadBalancerOutboundIPs)))
+				fmt.Sprintf("Control plane outbound idle timeout should be between %d and %d minutes", MinLBIdleTimeoutInMinutes, MaxLBIdleTimeoutInMinutes)))
 		}
 	}
 

api/v1beta1/azurecluster_validation_test.go

@@ -131,29 +131,40 @@ func TestClusterWithPreexistingVnetValid(t *testing.T) {
 }
 
 func TestClusterWithPreexistingVnetInvalid(t *testing.T) {
-	type test struct {
+	tests := []struct {
 		name    string
 		cluster *AzureCluster
-	}
-
-	testCase := test{
-		name:    "azurecluster with pre-existing vnet - invalid",
-		cluster: createValidCluster(),
-	}
-
-	// invalid because it doesn't specify a controlplane subnet
-	testCase.cluster.Spec.NetworkSpec.Subnets[0] = SubnetSpec{
-		SubnetClassSpec: SubnetClassSpec{
-			Role: "random",
-			Name: "random-subnet",
+		wantErr bool
+	}{
+		{
+			name: "azurecluster with pre-existing vnet - invalid",
+			cluster: func() *AzureCluster {
+				cluster := createValidCluster()
+				// invalid because it doesn't specify a controlplane subnet
+				cluster.Spec.NetworkSpec.Subnets[0] = SubnetSpec{
+					SubnetClassSpec: SubnetClassSpec{
+						Role: "random",
+						Name: "random-subnet",
+					},
+				}
+				return cluster
+			}(),
+			wantErr: true,
 		},
 	}
 
-	t.Run(testCase.name, func(t *testing.T) {
-		g := NewWithT(t)
-		_, err := testCase.cluster.validateCluster(nil)
-		g.Expect(err).To(HaveOccurred())
-	})
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			g := NewWithT(t)
+			_, err := tc.cluster.validateCluster(nil)
+			if tc.wantErr {
+				g.Expect(err).To(HaveOccurred())
+			} else {
+				g.Expect(err).NotTo(HaveOccurred())
+			}
+		})
+	}
 }
 
 func TestClusterWithoutPreexistingVnetValid(t *testing.T) {
@@ -1975,24 +1986,35 @@ func TestServiceEndpointsLackRequiredFieldLocations(t *testing.T) {
 }
 
 func TestClusterWithExtendedLocationInvalid(t *testing.T) {
-	type test struct {
+	tests := []struct {
 		name    string
 		cluster *AzureCluster
+		wantErr bool
+	}{
+		{
+			name: "azurecluster spec with extended location but not enable EdgeZone feature gate flag",
+			cluster: func() *AzureCluster {
+				cluster := createValidCluster()
+				cluster.Spec.ExtendedLocation = &ExtendedLocationSpec{
+					Name: "rr4",
+					Type: "EdgeZone",
+				}
+				return cluster
+			}(),
+			wantErr: true,
+		},
 	}
 
-	testCase := test{
-		name:    "azurecluster spec with extended location but not enable EdgeZone feature gate flag",
-		cluster: createValidCluster(),
-	}
-
-	testCase.cluster.Spec.ExtendedLocation = &ExtendedLocationSpec{
-		Name: "rr4",
-		Type: "EdgeZone",
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			g := NewWithT(t)
+			err := tc.cluster.validateClusterSpec(nil)
+			if tc.wantErr {
+				g.Expect(err).NotTo(BeNil())
+			} else {
+				g.Expect(err).To(BeNil())
+			}
+		})
 	}
-
-	t.Run(testCase.name, func(t *testing.T) {
-		g := NewWithT(t)
-		err := testCase.cluster.validateClusterSpec(nil)
-		g.Expect(err).NotTo(BeNil())
-	})
 }

api/v1beta1/azureclustertemplate_default_test.go

@@ -1169,93 +1169,6 @@ func TestNodeOutboundLBClassDefaults(t *testing.T) {
 	}
 }
 
-func TestControlPlaneOutboundLBTemplateDefaults(t *testing.T) {
-	cases := []struct {
-		name            string
-		clusterTemplate *AzureClusterTemplate
-		outputTemplate  *AzureClusterTemplate
-	}{
-		{
-			name: "no cp lb for public clusters",
-			clusterTemplate: &AzureClusterTemplate{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "test-cluster-template",
-				},
-				Spec: AzureClusterTemplateSpec{
-					Template: AzureClusterTemplateResource{
-						Spec: AzureClusterTemplateResourceSpec{
-							NetworkSpec: NetworkTemplateSpec{
-								APIServerLB: LoadBalancerClassSpec{Type: Public},
-							},
-						},
-					},
-				},
-			},
-			outputTemplate: &AzureClusterTemplate{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "test-cluster-template",
-				},
-				Spec: AzureClusterTemplateSpec{
-					Template: AzureClusterTemplateResource{
-						Spec: AzureClusterTemplateResourceSpec{
-							NetworkSpec: NetworkTemplateSpec{
-								APIServerLB: LoadBalancerClassSpec{Type: Public},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "no cp lb for private clusters",
-			clusterTemplate: &AzureClusterTemplate{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "test-cluster-template",
-				},
-				Spec: AzureClusterTemplateSpec{
-					Template: AzureClusterTemplateResource{
-						Spec: AzureClusterTemplateResourceSpec{
-							NetworkSpec: NetworkTemplateSpec{
-								APIServerLB: LoadBalancerClassSpec{Type: Internal},
-							},
-						},
-					},
-				},
-			},
-			outputTemplate: &AzureClusterTemplate{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "test-cluster-template",
-				},
-				Spec: AzureClusterTemplateSpec{
-					Template: AzureClusterTemplateResource{
-						Spec: AzureClusterTemplateResourceSpec{
-							NetworkSpec: NetworkTemplateSpec{
-								APIServerLB: LoadBalancerClassSpec{Type: Internal},
-							},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		tc := c
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-			setControlPlaneOutboundLBDefaults(
-				tc.clusterTemplate.Spec.Template.Spec.NetworkSpec.ControlPlaneOutboundLB,
-				tc.clusterTemplate.Spec.Template.Spec.NetworkSpec.APIServerLB.Type,
-			)
-			if !reflect.DeepEqual(tc.clusterTemplate, tc.outputTemplate) {
-				expected, _ := json.MarshalIndent(tc.outputTemplate, "", "\t")
-				actual, _ := json.MarshalIndent(tc.clusterTemplate, "", "\t")
-				t.Errorf("Expected %s, got %s", string(expected), string(actual))
-			}
-		})
-	}
-}
-
 func TestBastionTemplateDefaults(t *testing.T) {
 	cases := []struct {
 		name            string