raise error if using UserDefinedRouting incorrectly

Azure · Jul 19, 2023 · bb08bf7 · bb08bf7
1 parent 38c886f
commit bb08bf7
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 7 deletions.
diff --git a/python/az/aro/azext_aro/_validators.py b/python/az/aro/azext_aro/_validators.py
@@ -120,9 +120,21 @@ def validate_pull_secret(namespace):
 
 def validate_outbound_type(namespace):
     outbound_type = getattr(namespace, 'outbound_type')
-    if outbound_type in {'UserDefinedRouting', 'Loadbalancer', None}:
-        return
-    raise InvalidArgumentValueError('Outbound type must be "UserDefinedRouting" or "Loadbalancer"')
+    if outbound_type not in {'UserDefinedRouting', 'Loadbalancer', None}:
+        raise InvalidArgumentValueError('Invalid --outbound-type: must be "UserDefinedRouting" or "Loadbalancer"')
+
+    ingress_visibility = getattr(namespace, 'ingress_visibility')
+    apiserver_visibility = getattr(namespace, 'apiserver_visibility')
+
+    if (outbound_type == 'UserDefinedRouting' and
+            (is_visibility_public(ingress_visibility) or is_visibility_public(apiserver_visibility))):
+        raise InvalidArgumentValueError('Invalid --outbound-type: cannot use UserDefinedRouting when ' +
+                                        'either --apiserver-visibility or --ingress-visibility is set ' +
+                                        'to Public or not defined')
+
+
+def is_visibility_public(visibility):
+    return visibility == 'Public' or visibility is None
 
 
 def validate_subnet(key):

diff --git a/python/az/aro/azext_aro/tests/latest/unit/test_validators.py b/python/az/aro/azext_aro/tests/latest/unit/test_validators.py
@@ -784,15 +784,37 @@ def test_validate_refresh_cluster_credentials(test_description, namespace, expec
         None
     ),
     (
-        "Should not raise exception when key is UserDefinedRouting.",
-        Mock(outbound_type='UserDefinedRouting'),
+        "Should not raise exception when key is empty.",
+        Mock(outbound_type=None),
         None
     ),
     (
-        "Should not raise exception when key is empty.",
-        Mock(outbound_type=None),
+        "Should not raise exception with UDR and ingress/apiserver visibility private",
+        Mock(
+            outbound_type="UserDefinedRouting",
+            apiserver_visibility="Private",
+            ingress_visibility="Private"
+        ),
         None
     ),
+    (
+        "Should raise exception with UDR and either ingress or apiserver visibility is public",
+        Mock(
+            outbound_type="UserDefinedRouting",
+            apiserver_visibility="Private",
+            ingress_visibility="Public"
+        ),
+        InvalidArgumentValueError
+    ),
+    (
+        "Should raise exception when key is UserDefinedRouting and apiserver/ingress visibilities are not defined.",
+        Mock(
+            outbound_type="UserDefinedRouting",
+            apiserver_visibility=None,
+            ingress_visibility=None
+        ),
+        InvalidArgumentValueError
+    ),
     (
         "Should raise exception when key is a different value.",
         Mock(outbound_type='testFail'),