Skip to content

Commit

Permalink
[AKS] az aks create/az aks nodepool add: Emit error message when usin…
Browse files Browse the repository at this point in the history 
…g --asg-ids alone without --allowed-host-ports (#30768)
  • Loading branch information
@zarvd
zarvd authored Feb 6, 2025
1 parent 05f1412 commit f7123d6
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 0 deletions.
14 changes: 14 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -783,13 +783,27 @@ def validate_allowed_host_ports(namespace):


def validate_application_security_groups(namespace):
is_nodepool_operation = False
if hasattr((namespace), "nodepool_asg_ids"):
is_nodepool_operation = True
asg_ids = namespace.nodepool_asg_ids
host_ports = namespace.nodepool_allowed_host_ports
else:
asg_ids = namespace.asg_ids
host_ports = namespace.allowed_host_ports

if not asg_ids:
return

if not host_ports:
if is_nodepool_operation:
raise ArgumentUsageError(
'--nodepool-asg-ids must be used with --nodepool-allowed-host-ports'
)
raise ArgumentUsageError(
'--asg-ids must be used with --allowed-host-ports'
)

from azure.mgmt.core.tools import is_valid_resource_id
for asg in asg_ids:
if not is_valid_resource_id(asg):
Expand Down
59 changes: 59 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -725,17 +725,60 @@ def test_invalid_application_security_groups(self):
namespace = SimpleNamespace(
**{
"asg_ids": "invalid",
"allowed_host_ports": ["80/tcp", "443/tcp", "8080-8090/tcp", "53/udp"],
}
)
with self.assertRaises(InvalidArgumentValueError):
validators.validate_application_security_groups(
namespace
)

def test_application_security_groups_without_allowed_host_ports(self):
asg_ids = [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
]
namespace = SimpleNamespace(
**{
"asg_ids": asg_ids,
"allowed_host_ports": [],
}
)
with self.assertRaises(ArgumentUsageError):
validators.validate_application_security_groups(
namespace
)

def test_nodepool_application_security_groups_without_allowed_host_ports(self):
asg_ids = [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
]
namespace = SimpleNamespace(
**{
"nodepool_asg_ids": asg_ids,
"nodepool_allowed_host_ports": [],
}
)
with self.assertRaises(ArgumentUsageError):
validators.validate_application_security_groups(
namespace
)

def test_empty_application_security_groups(self):
namespace = SimpleNamespace(
**{
"asg_ids": "",
"allowed_host_ports": [],
}
)
validators.validate_application_security_groups(
namespace
)

def test_empty_nodepool_application_security_groups(self):
namespace = SimpleNamespace(
**{
"nodepool_asg_ids": "",
"nodepool_allowed_host_ports": [],
}
)
validators.validate_application_security_groups(
Expand All @@ -750,6 +793,22 @@ def test_multiple_application_security_groups(self):
namespace = SimpleNamespace(
**{
"asg_ids": asg_ids,
"allowed_host_ports": ["80/tcp", "443/tcp", "8080-8090/tcp", "53/udp"],
}
)
validators.validate_application_security_groups(
namespace
)

def test_multiple_nodepool_application_security_groups(self):
asg_ids = [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/applicationSecurityGroups/asg1",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg2/providers/Microsoft.Network/applicationSecurityGroups/asg2",
]
namespace = SimpleNamespace(
**{
"nodepool_asg_ids": asg_ids,
"nodepool_allowed_host_ports": ["80/tcp", "443/tcp", "8080-8090/tcp", "53/udp"],
}
)
validators.validate_application_security_groups(
Expand Down

0 comments on commit f7123d6

Please sign in to comment.