Adding validation, test and field changes.

rna-afk · rna-afk · commit e18526f41643 · 2025-08-12T17:12:20.000-04:00
diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml
@@ -5304,6 +5304,39 @@ spec:
                       This resource group must be empty with no other resources when trying to use it for creating a cluster.
                       If empty, a new resource group will created for the cluster.
                     type: string
+                  subnets:
+                    description: Subnets is the list of subnets the user can bring
+                      into the cluster to be used.
+                    items:
+                      description: SubnetSpec specifies the properties the subnet
+                        needs to be used in the cluster.
+                      properties:
+                        cidr:
+                          description: |-
+                            SubnetCIDR specifies the CIDR for the subnet if it needs to be created.
+                            Should not be mentioned if the subnet is a bring your own subnet.
+                          items:
+                            type: string
+                          type: array
+                        name:
+                          description: Name of the subnet.
+                          type: string
+                        natGateway:
+                          description: |-
+                            NatGatewayName specifies the name of the NAT gateway to be created for this subnet.
+                            Can only be used if the outbound type is set to MultiZoneNatGateway.
+                          type: string
+                        role:
+                          description: Role specifies the actual role which the subnet
+                            should be used in.
+                          type: string
+                      required:
+                      - cidr
+                      - name
+                      - natGateway
+                      - role
+                      type: object
+                    type: array
                   userProvisionedDNS:
                     default: Disabled
                     description: |-
diff --git a/pkg/asset/installconfig/azure/validation.go b/pkg/asset/installconfig/azure/validation.go
@@ -71,6 +71,7 @@ func Validate(client API, ic *types.InstallConfig) error {
 	}
 	allErrs = append(allErrs, validateMarketplaceImages(client, ic)...)
 	allErrs = append(allErrs, validateBootDiagnostics(client, ic)...)
+	// allErrs = append(allErrs, validateCustomSubnetsAndNatGateways(client, ic.Azure)...)
 	return allErrs.ToAggregate()
 }
 
@@ -995,3 +996,34 @@ func checkBootDiagnosticsURI(client API, diag *aztypes.BootDiagnostics, region s
 	}
 	return nil
 }
+
+// func validateCustomSubnetsAndNatGateways(client API, p *aztypes.Platform, fldPath *field.Path) field.ErrorList {
+// 	var allErrs field.ErrorList
+// 	ctx := context.TODO()
+// 	for index, subnet := range p.Subnets {
+// 		subnetPrefixes := subnet.SubnetCIDR
+// 		if len(subnet.SubnetCIDR) == 0 {
+// 			sub, err := client.GetControlPlaneSubnet(ctx, p.ResourceGroupName, p.VirtualNetwork, subnet.Name)
+// 			if err != nil {
+// 				allErrs = append(allErrs, field.Invalid(fldPath.Child(fmt.Sprintf("subnets[%d]", index)), subnet.Name, "unable to find subnet"))
+// 				continue
+// 			}
+// 			subnetPrefixes = to.StringSlice(sub.AddressPrefixes)
+// 		}
+// 		vnet, err := client.GetVirtualNetwork(ctx, p.ResourceGroupName, p.VirtualNetwork)
+// 		if err != nil {
+// 			continue
+// 		} else {
+// 			// check if the vnet has the subnets.
+// 			vnetSubnets := vnet.Subnets
+// 			for _, subnetcidr := range subnetPrefixes {
+// 				_, subnetRange, err := net.ParseCIDR(subnetcidr)
+// 				if err != nil {
+// 					allErrs = append(allErrs, field.Invalid(fldPath.Child(fmt.Sprintf("subnets[%d]", index)), subnetRange, "unable to translate subnet cidr"))
+// 					continue
+// 				}
+// 			}
+// 		}
+// 	}
+// 	return allErrs
+// }
diff --git a/pkg/explain/printer_test.go b/pkg/explain/printer_test.go
@@ -341,6 +341,10 @@ resource group.
 This resource group must be empty with no other resources when trying to use it for creating a cluster.
 If empty, a new resource group will created for the cluster.
 
+    subnets <[]object>
+      Subnets is the list of subnets the user can bring into the cluster to be used.
+      SubnetSpec specifies the properties the subnet needs to be used in the cluster.
+
     userProvisionedDNS <string>
       Default: "Disabled"
       Valid Values: "Enabled","Disabled"
diff --git a/pkg/types/azure/validation/platform.go b/pkg/types/azure/validation/platform.go
@@ -127,6 +127,11 @@ func ValidatePlatform(p *azure.Platform, publish types.PublishingStrategy, fldPa
 			allErrs = append(allErrs, field.Required(fldPath.Child("clusterOSImage"), fmt.Sprintf("clusterOSImage must not be set when the cloud name is %s", cloud)))
 		}
 	}
+	for index, subnet := range p.Subnets {
+		if subnet.NatGatewayName != "" && p.OutboundType != azure.NATGatewayMultiZoneOutboundType {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("subnet").Index(index), subnet.NatGatewayName, "cannot specify nat gateway if outbound type is not MultiZoneNatGateway"))
+		}
+	}
 
 	return allErrs
 }
@@ -239,6 +244,7 @@ func findDuplicateTagKeys(tagSet map[string]string) error {
 var (
 	validOutboundTypes = map[azure.OutboundType]struct{}{
 		azure.LoadbalancerOutboundType:         {},
+		azure.NATGatewayMultiZoneOutboundType:  {},
 		azure.NATGatewaySingleZoneOutboundType: {},
 		azure.UserDefinedRoutingOutboundType:   {},
 	}
diff --git a/pkg/types/azure/validation/platform_test.go b/pkg/types/azure/validation/platform_test.go
@@ -134,7 +134,7 @@ func TestValidatePlatform(t *testing.T) {
 				p.OutboundType = "random-egress"
 				return p
 			}(),
-			expected: `^test-path\.outboundType: Unsupported value: "random-egress": supported values: "Loadbalancer", "NATGatewaySingleZone", "UserDefinedRouting"$`,
+			expected: `^test-path\.outboundType: Unsupported value: "random-egress": supported values: "Loadbalancer", "MultiZoneNatGateway", "NATGatewaySingleZone", "UserDefinedRouting"$`,
 		},
 		{
 			name: "invalid user defined type",
@@ -217,6 +217,17 @@ func TestValidatePlatform(t *testing.T) {
 			}(),
 			expected: `^test-path\.customerManagedKey: Invalid value: "-": invalid user assigned identity key for encryption$`,
 		},
+		{
+			name: "mentioned nat gateway when outbound type is not multi zone",
+			platform: func() *azure.Platform {
+				p := validPlatform()
+				p.Subnets = []azure.SubnetSpec{{
+					NatGatewayName: "test-invalid",
+				}}
+				return p
+			}(),
+			expected: `^test-path\.subnet\[0\]: Invalid value: "test-invalid": cannot specify nat gateway if outbound type is not MultiZoneNatGateway$`,
+		},
 	}
 	ic := types.InstallConfig{}
 	for _, tc := range cases {

Original file line number	Diff line number	Diff line change
`@@ -127,6 +127,11 @@ func ValidatePlatform(p *azure.Platform, publish types.PublishingStrategy, fldPa`
`127`	`127`	`allErrs = append(allErrs, field.Required(fldPath.Child("clusterOSImage"), fmt.Sprintf("clusterOSImage must not be set when the cloud name is %s", cloud)))`
`128`	`128`	`}`
`129`	`129`	`}`
	`130`	`+ for index, subnet := range p.Subnets {`
	`131`	`+ if subnet.NatGatewayName != "" && p.OutboundType != azure.NATGatewayMultiZoneOutboundType {`
	`132`	`+ allErrs = append(allErrs, field.Invalid(fldPath.Child("subnet").Index(index), subnet.NatGatewayName, "cannot specify nat gateway if outbound type is not MultiZoneNatGateway"))`
	`133`	`+ }`
	`134`	`+ }`
`130`	`135`
`131`	`136`	`return allErrs`
`132`	`137`	`}`
`@@ -239,6 +244,7 @@ func findDuplicateTagKeys(tagSet map[string]string) error {`
`239`	`244`	`var (`
`240`	`245`	`validOutboundTypes = map[azure.OutboundType]struct{}{`
`241`	`246`	`azure.LoadbalancerOutboundType: {},`
	`247`	`+ azure.NATGatewayMultiZoneOutboundType: {},`
`242`	`248`	`azure.NATGatewaySingleZoneOutboundType: {},`
`243`	`249`	`azure.UserDefinedRoutingOutboundType: {},`
`244`	`250`	`}`