aks-preview: Fix V2 NAT gateway params rejected on update without --outbound-type#9769
Conversation
…utbound-type The validate_nat_gateway_v2_params validator required --outbound-type managedNATGatewayV2 to be explicitly passed even on updates where the cluster is already V2. Users had to re-specify --outbound-type on every update that used V2-only params like --nat-gateway-managed-outbound-ipv6-count. Fix: Only reject V2 params when --outbound-type is explicitly set to a non-V2 value. When --outbound-type is not specified (None), allow the request through and let the RP validate.
️✔️Azure CLI Extensions Breaking Change Test
|
|
Hi @christine33-creator, |
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
FumingZhang,
yanzhudd,
yonzhan and
zhoxing-ms
CodeGen Tools Feedback CollectionThank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey |
Release SuggestionsModule: aks-preview
Notes
|
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adjusts the NAT Gateway V2 cross-parameter validation so AKS updates on already-V2 clusters don’t require re-specifying --outbound-type, while still preventing V2-only parameters from being used with explicitly non-V2 outbound types.
Changes:
- Relax
validate_nat_gateway_v2_paramsto only reject V2-only params when--outbound-typeis explicitly set and non-V2. - Add unit tests covering allowed/rejected combinations for V2-only params vs outbound type.
- Document the behavior change in
HISTORY.rst.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/aks-preview/azext_aks_preview/_validators.py | Updates the validator logic and clarifies behavior in the docstring. |
| src/aks-preview/azext_aks_preview/tests/latest/test_natgateway.py | Adds unit tests for the updated validator behavior. |
| src/aks-preview/HISTORY.rst | Notes the fix in the changelog. |
| def _make_namespace(self, **kwargs): | ||
| from types import SimpleNamespace | ||
| defaults = { | ||
| 'nat_gateway_managed_outbound_ipv6_count': None, | ||
| 'nat_gateway_outbound_ip_ids': None, | ||
| 'nat_gateway_outbound_ip_prefix_ids': None, | ||
| 'outbound_type': None, | ||
| } |
There was a problem hiding this comment.
Given the validator likely sees list-typed args from CLI parsing, add test cases where nat_gateway_outbound_ip_ids / nat_gateway_outbound_ip_prefix_ids are empty lists (and possibly empty strings) to ensure they are not treated as “set” and do not trigger the V2-only validation accidentally.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
FumingZhang
left a comment
FumingZhang
left a comment
There was a problem hiding this comment.
lgtm, please resolve comments about history notes
| 20.0.0b1 | ||
| +++++++ | ||
| * [Breaking Change] `az aks create/update`: Change `--nat-gateway-outbound-ips` and `--nat-gateway-outbound-ip-prefixes` to use comma-separated values, consistent with load balancer outbound IP parameters. | ||
| * `az aks update`: Fix V2-only NAT gateway params (e.g. `--nat-gateway-managed-outbound-ipv6-count`) being rejected on update when `--outbound-type` is not re-specified for an already-V2 cluster. |
There was a problem hiding this comment.
Please create a new version or move this to the Pending section. Do not append changes to a released version.
The validate_nat_gateway_v2_params validator required --outbound-type managedNATGatewayV2 to be explicitly passed even on updates where the cluster is already V2. Users had to re-specify --outbound-type on every update that used V2-only params like --nat-gateway-managed-outbound-ipv6-count.
Fix: Only reject V2 params when --outbound-type is explicitly set to a non-V2 value. When --outbound-type is not specified (None), allow the request through and let the RP validate.
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.