From 51df910118333d88604849a5d93da847a90265e1 Mon Sep 17 00:00:00 2001
From: Kipp Morris <117932707+kimorris27@users.noreply.github.com>
Date: Mon, 2 Dec 2024 07:32:58 -0800
Subject: [PATCH] MIWI bug fix - deny assignment (#3977)

* Augment unit tests to cover the case we missed

* Fix pointer-related bug
---
 pkg/cluster/deploybaseresources_additional.go      | 2 +-
 pkg/cluster/deploybaseresources_additional_test.go | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkg/cluster/deploybaseresources_additional.go b/pkg/cluster/deploybaseresources_additional.go
index b9dcff04343..99bfb91d66b 100644
--- a/pkg/cluster/deploybaseresources_additional.go
+++ b/pkg/cluster/deploybaseresources_additional.go
@@ -26,7 +26,7 @@ func (m *manager) denyAssignment() *arm.Resource {
 	if m.doc.OpenShiftCluster.UsesWorkloadIdentity() {
 		for _, identity := range m.doc.OpenShiftCluster.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities {
 			excludePrincipals = append(excludePrincipals, mgmtauthorization.Principal{
-				ID:   &identity.ObjectID,
+				ID:   ptr.To(identity.ObjectID),
 				Type: to.StringPtr(string(mgmtauthorization.ServicePrincipal)),
 			})
 		}
diff --git a/pkg/cluster/deploybaseresources_additional_test.go b/pkg/cluster/deploybaseresources_additional_test.go
index 9f10fce826d..534db505ade 100644
--- a/pkg/cluster/deploybaseresources_additional_test.go
+++ b/pkg/cluster/deploybaseresources_additional_test.go
@@ -67,6 +67,11 @@ func TestDenyAssignment(t *testing.T) {
 									ClientID:   "11111111-1111-1111-1111-111111111111",
 									ResourceID: "/subscriptions/22222222-2222-2222-2222-222222222222/resourceGroups/something/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity-name",
 								},
+								"something other than anything": {
+									ObjectID:   "88888888-8888-8888-8888-888888888888",
+									ClientID:   "99999999-9999-9999-9999-999999999999",
+									ResourceID: "/subscriptions/22222222-2222-2222-2222-222222222222/resourceGroups/something/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity-name",
+								},
 							},
 						},
 					},
@@ -77,6 +82,10 @@ func TestDenyAssignment(t *testing.T) {
 					ID:   to.StringPtr("00000000-0000-0000-0000-000000000000"),
 					Type: to.StringPtr(string(mgmtauthorization.ServicePrincipal)),
 				},
+				{
+					ID:   to.StringPtr("88888888-8888-8888-8888-888888888888"),
+					Type: to.StringPtr(string(mgmtauthorization.ServicePrincipal)),
+				},
 			},
 		},
 	}