-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add guards against using distinct subscriptions between owner and child resources #3546
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
However, looks like Test_ConvertResourceToARMResource
is failing in CI and I suspect that's related to this change. I'll review again once that's passing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some naming comments/minor refactoring suggestions, but LGTM overall
@@ -809,7 +810,7 @@ func (r *azureDeploymentReconcilerInstance) deleteResource( | |||
return ctrl.Result{}, nil | |||
} | |||
|
|||
err := checkSubscription(resourceID, r.ARMConnection.SubscriptionID()) // TODO: Possibly we should pass this in as a parameter? | |||
err := r.checkSubscription(resourceID) // TODO: Possibly we should pass this in as a parameter? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: Probably can remove this TODO? I am not sure what it was referencing but the code seems OK to me now
@@ -261,6 +274,18 @@ func (h ResourceHierarchy) fullyQualifiedARMIDImpl(subscriptionID string, origin | |||
} | |||
} | |||
|
|||
func (h ResourceHierarchy) matchOwnerSubscription(subscriptionID string, ownerRID *arm.ResourceID) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor:
- This method doesn't need to be on
ResourceHierarchy
, as it doesn't seem to useh
at all. It could just be a package scoped function. - The name
matchOwnerSubscription
seems too specific to me. In reality this is just checking if the provided subscription matches the passed in ResourceID, so possibly we could rename to something likecheckARMIDHasSubscription
orcheckARMIDMatchesSubscription
or similar?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I like it. Considering to move the method into genruntime/arm_id.go
for re-usability.
@@ -202,13 +219,9 @@ func (h ResourceHierarchy) fullyQualifiedARMIDImpl(subscriptionID string, origin | |||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you take the checkARMIDHasSubscription
suggestion below, also consider renaming this armID
variable to ownerARMID
so the check reads: checkARMIDHasSubscription(subscriptionID, ownerARMID)
Closes #3244
What this PR does / why we need it:
Adding check to match resource credential subscription with owner's subscription.