aks-preview: Fix V2 NAT gateway params rejected on update without --outbound-type

The validate_nat_gateway_v2_params validator required --outbound-type
managedNATGatewayV2 to be explicitly passed even on updates where the
cluster is already V2. Users had to re-specify --outbound-type on every
update that used V2-only params like --nat-gateway-managed-outbound-ipv6-count.

Fix: Only reject V2 params when --outbound-type is explicitly set to a
non-V2 value. When --outbound-type is not specified (None), allow the
request through and let the RP validate.

Author: christine33-creator

src/aks-preview/HISTORY.rst

@@ -12,6 +12,10 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 
+20.0.0b2
++++++++
+* `az aks update`: Fix V2-only NAT gateway params (e.g. `--nat-gateway-managed-outbound-ipv6-count`) being rejected on update when `--outbound-type` is not re-specified for an already-V2 cluster.
+
 20.0.0b1
 +++++++
 * [Breaking Change] `az aks create/update`: Change `--nat-gateway-outbound-ips` and `--nat-gateway-outbound-ip-prefixes` to use comma-separated values, consistent with load balancer outbound IP parameters.

src/aks-preview/azext_aks_preview/_validators.py

@@ -1168,15 +1168,19 @@ def validate_nat_gateway_managed_outbound_ipv6_count(namespace):
 
 
 def validate_nat_gateway_v2_params(namespace):
-    """Validate that V2-only NAT gateway params require managedNATGatewayV2."""
+    """Validate that V2-only NAT gateway params require managedNATGatewayV2.
+
+    On update, --outbound-type may not be specified if the cluster is already V2.
+    Only reject when --outbound-type is explicitly set to a non-V2 value.
+    """
     v2_params = [
         getattr(namespace, 'nat_gateway_managed_outbound_ipv6_count', None),
         getattr(namespace, 'nat_gateway_outbound_ip_ids', None),
         getattr(namespace, 'nat_gateway_outbound_ip_prefix_ids', None),
     ]
     if any(p is not None for p in v2_params):
         outbound_type = getattr(namespace, 'outbound_type', None)
-        if outbound_type != 'managedNATGatewayV2':
+        if outbound_type is not None and outbound_type != 'managedNATGatewayV2':
             raise InvalidArgumentValueError(
                 "--nat-gateway-managed-outbound-ipv6-count, "
                 "--nat-gateway-outbound-ips, and "

src/aks-preview/azext_aks_preview/tests/latest/test_natgateway.py

@@ -235,5 +235,55 @@ def test_all_none(self):
         self.assertFalse(result)
 
 
+class TestValidateNatGatewayV2Params(unittest.TestCase):
+    """Test the cross-parameter validator for V2-only params."""
+
+    def _make_namespace(self, **kwargs):
+        from types import SimpleNamespace
+        defaults = {
+            'nat_gateway_managed_outbound_ipv6_count': None,
+            'nat_gateway_outbound_ip_ids': None,
+            'nat_gateway_outbound_ip_prefix_ids': None,
+            'outbound_type': None,
+        }
+        defaults.update(kwargs)
+        return SimpleNamespace(**defaults)
+
+    def test_v2_params_allowed_when_outbound_type_is_v2(self):
+        from azext_aks_preview._validators import validate_nat_gateway_v2_params
+        ns = self._make_namespace(
+            nat_gateway_managed_outbound_ipv6_count=4,
+            outbound_type='managedNATGatewayV2',
+        )
+        # Should not raise
+        validate_nat_gateway_v2_params(ns)
+
+    def test_v2_params_allowed_when_outbound_type_not_specified(self):
+        """On update, outbound_type may be None if cluster is already V2."""
+        from azext_aks_preview._validators import validate_nat_gateway_v2_params
+        ns = self._make_namespace(
+            nat_gateway_managed_outbound_ipv6_count=3,
+            outbound_type=None,
+        )
+        # Should not raise — let RP validate
+        validate_nat_gateway_v2_params(ns)
+
+    def test_v2_params_rejected_when_outbound_type_is_non_v2(self):
+        from azure.cli.core.azclierror import InvalidArgumentValueError
+        from azext_aks_preview._validators import validate_nat_gateway_v2_params
+        ns = self._make_namespace(
+            nat_gateway_managed_outbound_ipv6_count=4,
+            outbound_type='loadBalancer',
+        )
+        with self.assertRaises(InvalidArgumentValueError):
+            validate_nat_gateway_v2_params(ns)
+
+    def test_no_v2_params_passes_always(self):
+        from azext_aks_preview._validators import validate_nat_gateway_v2_params
+        ns = self._make_namespace(outbound_type='loadBalancer')
+        # No V2 params set, should not raise
+        validate_nat_gateway_v2_params(ns)
+
+
 if __name__ == '__main__':
     unittest.main()

src/aks-preview/setup.py

@@ -9,7 +9,7 @@
 
 from setuptools import find_packages, setup
 
-VERSION = "20.0.0b1"
+VERSION = "20.0.0b2"
 
 CLASSIFIERS = [
     "Development Status :: 4 - Beta",