PR Review fixes

Author: b-lnimmala

pkg/frontend/encryptionathost_validation.go

@@ -15,32 +15,55 @@ import (
 	"github.com/Azure/ARO-RP/pkg/util/azureclient"
 )
 
-func validateEncryptionAtHostFeature(
-	ctx context.Context,
-	azEnv *azureclient.AROEnvironment,
-	environment env.Interface,
-	subscriptionID, tenantID string,
-) error {
-	fpCred, err := environment.FPNewClientCertificateCredential(tenantID, nil)
-	if err != nil {
-		return err
+type FeaturesClient interface {
+	Get(ctx context.Context, resourceProviderNamespace string, featureName string, options *armfeatures.ClientGetOptions) (armfeatures.ClientGetResponse, error)
+}
+
+type FeaturesValidator interface {
+	ValidateSubscriptionFeatures(ctx context.Context, azEnv *azureclient.AROEnvironment, environment env.Interface, subscriptionID, tenantID string, oc *api.OpenShiftCluster) error
+}
+
+type featuresValidator struct{}
+
+func (f featuresValidator) ValidateSubscriptionFeatures(ctx context.Context, azEnv *azureclient.AROEnvironment, environment env.Interface, subscriptionID, tenantID string, oc *api.OpenShiftCluster) error {
+	var fieldPath string
+	if oc.Properties.MasterProfile.EncryptionAtHost == api.EncryptionAtHostEnabled {
+		fieldPath = "properties.masterProfile.encryptionAtHost"
+	} else if oc.Properties.WorkerProfiles[0].EncryptionAtHost == api.EncryptionAtHostEnabled {
+		fieldPath = "properties.workerProfiles[0].encryptionAtHost"
 	}
 
-	featuresClient, err := armfeatures.NewClient(subscriptionID, fpCred, azEnv.ArmClientOptions())
-	if err != nil {
-		return err
+	if fieldPath != "" {
+		fpCred, err := environment.FPNewClientCertificateCredential(tenantID, nil)
+		if err != nil {
+			return err
+		}
+
+		featuresClient, err := armfeatures.NewClient(subscriptionID, fpCred, azEnv.ArmClientOptions())
+		if err != nil {
+			return err
+		}
+
+		return validateEncryptionAtHostFeature(ctx, featuresClient, subscriptionID, fieldPath)
 	}
+	return nil
+}
 
+func validateEncryptionAtHostFeature(
+	ctx context.Context,
+	featuresClient FeaturesClient,
+	subscriptionID, fieldPath string,
+) error {
 	resp, err := featuresClient.Get(ctx, "Microsoft.Compute", "EncryptionAtHost", nil)
 	if err != nil {
 		return err
 	}
 
 	if resp.Properties == nil || resp.Properties.State == nil {
 		return api.NewCloudError(
-			http.StatusBadRequest,
-			api.CloudErrorCodeInvalidParameter,
-			"encryptionAtHost",
+			http.StatusInternalServerError,
+			api.CloudErrorCodeInternalServerError,
+			"",
 			fmt.Sprintf(
 				"Microsoft.Compute/EncryptionAtHost"+
 					" feature has no state for"+
@@ -52,7 +75,7 @@ func validateEncryptionAtHostFeature(
 		return api.NewCloudError(
 			http.StatusBadRequest,
 			api.CloudErrorCodeInvalidParameter,
-			"encryptionAtHost",
+			fieldPath,
 			fmt.Sprintf(
 				"Microsoft.Compute/EncryptionAtHost feature is not registered on subscription %s. "+
 					"Please register the feature on your subscription before creating the cluster.",

pkg/frontend/encryptionathost_validation_test.go

@@ -0,0 +1,104 @@
+package frontend
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"go.uber.org/mock/gomock"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armfeatures"
+
+	mock_frontend "github.com/Azure/ARO-RP/pkg/util/mocks/frontend"
+	"github.com/Azure/ARO-RP/pkg/util/pointerutils"
+)
+
+func TestValidateEncryptionAtHostFeature(t *testing.T) {
+	ctx := context.Background()
+
+	for _, tt := range []struct {
+		name              string
+		fieldPath         string
+		mockFeatureState  *string
+		mockPropertiesNil bool
+		mockStateNil      bool
+		mockGetErr        error
+		wantErr           string
+	}{
+		{
+			name:             "feature is registered - should return nil",
+			fieldPath:        "properties.masterProfile.encryptionAtHost",
+			mockFeatureState: pointerutils.ToPtr("Registered"),
+			wantErr:          "",
+		},
+		{
+			name:             "feature is not registered - should return 400 BadRequest",
+			fieldPath:        "properties.masterProfile.encryptionAtHost",
+			mockFeatureState: pointerutils.ToPtr("NotRegistered"),
+			wantErr:          "400: InvalidParameter: properties.masterProfile.encryptionAtHost: Microsoft.Compute/EncryptionAtHost feature is not registered on subscription test-subscription. Please register the feature on your subscription before creating the cluster.",
+		},
+		{
+			name:              "resp.Properties is nil - should return internal server error",
+			fieldPath:         "properties.workerProfiles[0].encryptionAtHost",
+			mockPropertiesNil: true,
+			wantErr:           "500: InternalServerError: : Microsoft.Compute/EncryptionAtHost feature has no state for subscription test-subscription.",
+		},
+		{
+			name:         "resp.Properties.State is nil - should return internal server error",
+			fieldPath:    "properties.masterProfile.encryptionAtHost",
+			mockStateNil: true,
+			wantErr:      "500: InternalServerError: : Microsoft.Compute/EncryptionAtHost feature has no state for subscription test-subscription.",
+		},
+		{
+			name:       "Get returns error",
+			fieldPath:  "properties.masterProfile.encryptionAtHost",
+			mockGetErr: errors.New("random error"),
+			wantErr:    "random error",
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			controller := gomock.NewController(t)
+			defer controller.Finish()
+
+			featuresClient := mock_frontend.NewMockFeaturesClient(controller)
+
+			var mockResponse armfeatures.ClientGetResponse
+			if tt.mockPropertiesNil {
+				mockResponse = armfeatures.ClientGetResponse{
+					FeatureResult: armfeatures.FeatureResult{
+						Properties: nil,
+					},
+				}
+			} else if tt.mockStateNil {
+				mockResponse = armfeatures.ClientGetResponse{
+					FeatureResult: armfeatures.FeatureResult{
+						Properties: &armfeatures.FeatureProperties{
+							State: nil,
+						},
+					},
+				}
+			} else if tt.mockFeatureState != nil {
+				mockResponse = armfeatures.ClientGetResponse{
+					FeatureResult: armfeatures.FeatureResult{
+						Properties: &armfeatures.FeatureProperties{
+							State: tt.mockFeatureState,
+						},
+					},
+				}
+			}
+
+			featuresClient.EXPECT().
+				Get(ctx, "Microsoft.Compute", "EncryptionAtHost", nil).
+				Return(mockResponse, tt.mockGetErr)
+
+			err := validateEncryptionAtHostFeature(ctx, featuresClient, "test-subscription", tt.fieldPath)
+			if err != nil && err.Error() != tt.wantErr ||
+				err == nil && tt.wantErr != "" {
+				t.Errorf("expected error %q, got %q", tt.wantErr, err)
+			}
+		})
+	}
+}

pkg/frontend/frontend.go

@@ -101,6 +101,7 @@ type frontend struct {
 	skuValidator       SkuValidator
 	quotaValidator     QuotaValidator
 	providersValidator ProvidersValidator
+	featuresValidator  FeaturesValidator
 
 	clusterEnricher clusterdata.BestEffortEnricher
 
@@ -185,6 +186,7 @@ func NewFrontend(ctx context.Context,
 		quotaValidator:     quotaValidator{},
 		skuValidator:       skuValidator{},
 		providersValidator: providersValidator{},
+		featuresValidator:  featuresValidator{},
 
 		clusterEnricher: enricher,
 

pkg/frontend/generate.go

@@ -7,4 +7,5 @@ package frontend
 //go:generate mockgen -source quota_validation.go -destination=../util/mocks/$GOPACKAGE/quota_validation.go github.com/Azure/ARO-RP/pkg/frontend QuotaValidator
 //go:generate mockgen -source providers_validation.go -destination=../util/mocks/$GOPACKAGE/providers_validation.go github.com/Azure/ARO-RP/pkg/frontend ProvidersValidator
 //go:generate mockgen -source sku_validation.go -destination=../util/mocks/$GOPACKAGE/sku_validation.go github.com/Azure/ARO-RP/pkg/frontend SkuValidator
+//go:generate mockgen -source encryptionathost_validation.go -destination=../util/mocks/$GOPACKAGE/encryptionathost_validation.go github.com/Azure/ARO-RP/pkg/frontend FeaturesClient,FeaturesValidator
 //go:generate mockgen -source adminreplies.go -destination=../util/mocks/$GOPACKAGE/adminreplies.go github.com/Azure/ARO-RP/pkg/frontend StreamResponder

pkg/frontend/openshiftcluster_putorpatch.go

@@ -455,6 +455,11 @@ func (f *frontend) ValidateNewCluster(ctx context.Context, subscription *api.Sub
 		return err
 	}
 
+	err = f.featuresValidator.ValidateSubscriptionFeatures(ctx, f.env.Environment(), f.env, subscription.ID, subscription.Subscription.Properties.TenantID, cluster)
+	if err != nil {
+		return err
+	}
+
 	err = f.quotaValidator.ValidateQuota(ctx, f.env.Environment(), f.env, subscription.ID, subscription.Subscription.Properties.TenantID, cluster)
 	if err != nil {
 		return err

pkg/frontend/sku_validation.go

@@ -34,13 +34,6 @@ func (s skuValidator) ValidateVMSku(ctx context.Context, azEnv *azureclient.AROE
 		return err
 	}
 
-	if oc.Properties.MasterProfile.EncryptionAtHost == api.EncryptionAtHostEnabled {
-		err = validateEncryptionAtHostFeature(ctx, azEnv, environment, subscriptionID, tenantID)
-		if err != nil {
-			return err
-		}
-	}
-
 	return validateVMSku(ctx, oc, armResourceSKUsClient)
 }