diff --git a/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp b/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp index 1997bdefe..bb5f53720 100644 --- a/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp +++ b/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp @@ -316,7 +316,7 @@ model PlatformProfile { outboundType?: OutboundType = OutboundType.loadBalancer; /** ResourceId for the network security group attached to the cluster subnet */ - networkSecurityGroupId: NetworkSecurityGroupResourceId; + networkSecurityGroupId?: NetworkSecurityGroupResourceId; /** The id of the disk encryption set to be used for etcd. * Configure this when `etcdEncryption` is set to true diff --git a/api/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json b/api/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json index f02e82be3..0e9e1d90c 100644 --- a/api/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json +++ b/api/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json @@ -1952,8 +1952,7 @@ } }, "required": [ - "subnetId", - "networkSecurityGroupId" + "subnetId" ] }, "ProvisioningState": { diff --git a/frontend/pkg/frontend/ocm.go b/frontend/pkg/frontend/ocm.go index 29e1c5b97..23a298b39 100644 --- a/frontend/pkg/frontend/ocm.go +++ b/frontend/pkg/frontend/ocm.go @@ -149,14 +149,6 @@ func (f *Frontend) BuildCSCluster(resourceID *arm.ResourceID, tenantID string, h ID(f.location)). CloudProvider(cmv1.NewCloudProvider(). ID(csCloudProvider)). - Azure(cmv1.NewAzure(). - TenantID(tenantID). - SubscriptionID(resourceID.SubscriptionID). - ResourceGroupName(resourceID.ResourceGroupName). - ResourceName(hcpCluster.Name). - ManagedResourceGroupName(ensureManagedResourceGroupName(hcpCluster)). - SubnetResourceID(hcpCluster.Properties.Spec.Platform.SubnetID). - NetworkSecurityGroupResourceID(hcpCluster.Properties.Spec.Platform.NetworkSecurityGroupID)). Product(cmv1.NewProduct(). ID(csProductId)). Hypershift(cmv1.NewHypershift(). @@ -177,6 +169,22 @@ func (f *Frontend) BuildCSCluster(resourceID *arm.ResourceID, tenantID string, h FIPS(hcpCluster.Properties.Spec.FIPS). EtcdEncryption(hcpCluster.Properties.Spec.EtcdEncryption) + azureBuilder := cmv1.NewAzure(). + TenantID(tenantID). + SubscriptionID(resourceID.SubscriptionID). + ResourceGroupName(resourceID.ResourceGroupName). + ResourceName(hcpCluster.Name). + ManagedResourceGroupName(ensureManagedResourceGroupName(hcpCluster)). + SubnetResourceID(hcpCluster.Properties.Spec.Platform.SubnetID) + + // Cluster Service rejects an empty NetworkSecurityGroupResourceID string. + if hcpCluster.Properties.Spec.Platform.NetworkSecurityGroupID != "" { + azureBuilder = azureBuilder. + NetworkSecurityGroupResourceID(hcpCluster.Properties.Spec.Platform.NetworkSecurityGroupID) + } + + clusterBuilder = clusterBuilder.Azure(azureBuilder) + // Cluster Service rejects an empty DomainPrefix string. if hcpCluster.Properties.Spec.DNS.BaseDomainPrefix != "" { clusterBuilder = clusterBuilder. diff --git a/internal/api/hcpopenshiftcluster.go b/internal/api/hcpopenshiftcluster.go index 0bc56c1a7..f163d5605 100644 --- a/internal/api/hcpopenshiftcluster.go +++ b/internal/api/hcpopenshiftcluster.go @@ -84,12 +84,11 @@ type ProxyProfile struct { // PlatformProfile represents the Azure platform configuration. // Visibility for the entire struct is "read create". type PlatformProfile struct { - ManagedResourceGroup string `json:"managedResourceGroup,omitempty"` - SubnetID string `json:"subnetId,omitempty" validate:"required_for_put"` - OutboundType OutboundType `json:"outboundType,omitempty" validate:"omitempty,enum_outboundtype"` - //TODO: Is nsg required for PUT, or will we create if not specified? - NetworkSecurityGroupID string `json:"networkSecurityGroupId,omitempty" validate:"required_for_put"` - EtcdEncryptionSetID string `json:"etcdEncryptionSetId,omitempty"` + ManagedResourceGroup string `json:"managedResourceGroup,omitempty"` + SubnetID string `json:"subnetId,omitempty" validate:"required_for_put"` + OutboundType OutboundType `json:"outboundType,omitempty" validate:"omitempty,enum_outboundtype"` + NetworkSecurityGroupID string `json:"networkSecurityGroupId,omitempty"` + EtcdEncryptionSetID string `json:"etcdEncryptionSetId,omitempty"` } // ExternalAuthConfigProfile represents the external authentication configuration. diff --git a/internal/api/hcpopenshiftcluster_test.go b/internal/api/hcpopenshiftcluster_test.go index 925e3c158..ad1b39db1 100644 --- a/internal/api/hcpopenshiftcluster_test.go +++ b/internal/api/hcpopenshiftcluster_test.go @@ -48,8 +48,7 @@ func minimumValidCluster() *HCPOpenShiftCluster { Visibility: "public", }, Platform: PlatformProfile{ - SubnetID: "/something/something/virtualNetworks/subnets", - NetworkSecurityGroupID: "/something/something/networkSecurityGroups", + SubnetID: "/something/something/virtualNetworks/subnets", }, }, }, @@ -104,10 +103,6 @@ func TestClusterRequiredForPut(t *testing.T) { Message: "Missing required field 'subnetId'", Target: "properties.spec.platform.subnetId", }, - { - Message: "Missing required field 'networkSecurityGroupId'", - Target: "properties.spec.platform.networkSecurityGroupId", - }, }, }, { diff --git a/internal/api/v20240610preview/generated/models.go b/internal/api/v20240610preview/generated/models.go index dcc721a97..825c63037 100644 --- a/internal/api/v20240610preview/generated/models.go +++ b/internal/api/v20240610preview/generated/models.go @@ -574,9 +574,6 @@ type OperationListResult struct { // PlatformProfile - Azure specific configuration type PlatformProfile struct { - // REQUIRED; ResourceId for the network security group attached to the cluster subnet - NetworkSecurityGroupID *string - // REQUIRED; ResourceId for the subnet used by the control plane SubnetID *string @@ -587,6 +584,9 @@ type PlatformProfile struct { // Resource group to put cluster resources ManagedResourceGroup *string + // ResourceId for the network security group attached to the cluster subnet + NetworkSecurityGroupID *string + // The core outgoing configuration OutboundType *OutboundType }