ARO-3837 -Add EncryptionAtHost feature flag Validation#4806
Conversation
sravyanimmala
requested review from
alcasim,
bennerv,
cadenmarchese,
hawkowl,
hlipsig,
kevinobriendotca,
kimorris27,
mociarain,
mrWinston,
rogbas,
sankur-codes,
tiguelu,
tsatam,
tuxerrante,
ventifus,
wanghaoran1988 and
yjst2012
as code owners
There was a problem hiding this comment.
Pull request overview
Adds an upfront validation to detect whether the subscription has the Microsoft.Compute/EncryptionAtHost feature enabled before attempting cluster provisioning, aiming to replace late-stage internal failures with a clear customer-facing error.
Changes:
- Calls a new
validateEncryptionAtHostFeature()check during VM SKU validation when EncryptionAtHost is enabled. - Introduces
pkg/frontend/encryptionathost_validation.goto query feature registration state via ARM and return a 400 on missing registration.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| pkg/frontend/sku_validation.go | Adds a pre-check invocation for the EncryptionAtHost feature before continuing SKU validation. |
| pkg/frontend/encryptionathost_validation.go | Implements feature registration lookup via ResourcesClient.GetByID and returns a customer-facing error when not registered. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sravyanimmala
added
hold
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
kimorris27
left a comment
kimorris27
left a comment
There was a problem hiding this comment.
Looks good broadly speaking! I made a few recommendations, with the most important among them being that we can validate this for workers as well as for masters.
One other general recommendation is that it would be good to add unit tests for validateEncryptionAtHostFeature.
kimorris27
left a comment
kimorris27
left a comment
There was a problem hiding this comment.
The changes look good - just a few more small points of feedback.
kimorris27
left a comment
kimorris27
left a comment
There was a problem hiding this comment.
LGTM, thanks for responding quickly to my comments!
|
Please rebase pull request. |
sravyanimmala
force-pushed
the
ARO-3837-fix-encryption-at-host-validation
branch
from
a1bdbd7 to
e676746
Compare
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
sravyanimmala
force-pushed
the
ARO-3837-fix-encryption-at-host-validation
branch
from
e676746 to
7b7b566
Compare
Summary
Fixes ARO-3837 - Adds upfront validation of Microsoft.Compute/EncryptionAtHost feature flag on the customer subscription before provisioning ARO clusters.
Problem
Currently, clusters with master encryption fail with a cryptic 500: InternalServerError after a long wait, giving customers no actionable feedback.
Changes
pkg/frontend/features_validation.go — created FeaturesValidator with FeaturesClient interface.check if Microsoft.Compute/EncryptionAtHost is registered on the customer subscription before cluster provisioning. If not registered, returns a 400 BadRequest with a clear error message
pkg/frontend/sku_validation.go - Removed EncryptionAtHost check, now handled by featuresValidator.
-pkg/frontend/frontend.go — Added featuresValidator field and initialization.
pkg/frontend/openshiftcluster_putorpatch.go — Added featuresValidator call in ValidateNewCluster.
-pkg/frontend/generate.go — Added go:generate directive for mock generation.
-pkg/frontend/features_validation_test.go — Added unit tests.
-pkg/util/azureclient/azuresdk/armfeatures/ -added armfeatures client wrapper following existing patterns
-pkg/util/mocks/frontend/features_validation.go — Generated mock.
-pkg/util/mocks/azureclient/azuresdk/armfeatures/armfeatures.go -New generated mock for FeaturesClient wrapper
Testing
Added unit tests covering all scenarios -feature registered, feature not registered, nil properties and nil state . All tests pass