From cba30b0e0586fb048adc5a9a3b7d30404d89353a Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Mon, 5 Aug 2024 09:38:23 +0000
Subject: [PATCH] fix: VirtualNetworkRule match issue during account search

---
 go.mod                                          |  2 +-
 go.sum                                          |  4 ++--
 vendor/modules.txt                              |  2 +-
 .../pkg/provider/azure_storageaccount.go        | 17 +++++++++--------
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index a304c8e7a..2b7cdd734 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	k8s.io/kubernetes v1.29.7
 	k8s.io/mount-utils v0.29.7
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
-	sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240801140416-3942a9757a9e
+	sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240805092258-2fb862d99f46
 	sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.0.18
 	sigs.k8s.io/yaml v1.4.0
 )
diff --git a/go.sum b/go.sum
index 5fdd07139..44a31e2e7 100644
--- a/go.sum
+++ b/go.sum
@@ -453,8 +453,8 @@ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4=
-sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240801140416-3942a9757a9e h1:SP+/SugnBxy8kfeolQ0lIE7B/TATsYOhrHCLK8Q6V84=
-sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240801140416-3942a9757a9e/go.mod h1:lQvP3CccouEXTBu56sCNxPOPyeNwM8PlfL4+ms2C4sE=
+sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240805092258-2fb862d99f46 h1:OQjpxxDhQM2xW/mmCKh8k6/BuiqXDmWMNstX7OQgu8o=
+sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240805092258-2fb862d99f46/go.mod h1:lQvP3CccouEXTBu56sCNxPOPyeNwM8PlfL4+ms2C4sE=
 sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.0.33 h1:tCVZx6xMGJWXyqVtR9UE5y8O3BAOBYNrpsojcN17Wrw=
 sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.0.33/go.mod h1:Fih1ZXhUc/ZeBjDTukeQMXpaXmaVhtiQstsPYWGrdVE=
 sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.0.18 h1:PhXbmp06mdagpcavRWc/bAF7aNAEknuuzioI+NJgE3E=
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 300e73149..9cf8ba66f 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1554,7 +1554,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
-# sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240801140416-3942a9757a9e
+# sigs.k8s.io/cloud-provider-azure v1.27.1-0.20240805092258-2fb862d99f46
 ## explicit; go 1.22.5
 sigs.k8s.io/cloud-provider-azure/pkg/azureclients
 sigs.k8s.io/cloud-provider-azure/pkg/azureclients/armauth
diff --git a/vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_storageaccount.go b/vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_storageaccount.go
index fa75f00a6..13c72390e 100644
--- a/vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_storageaccount.go
+++ b/vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_storageaccount.go
@@ -842,17 +842,18 @@ func AreVNetRulesEqual(account storage.Account, accountOptions *AccountOptions)
 			return false
 		}
 
-		found := false
 		for _, subnetID := range accountOptions.VirtualNetworkResourceIDs {
+			found := false
 			for _, rule := range *account.AccountProperties.NetworkRuleSet.VirtualNetworkRules {
 				if strings.EqualFold(ptr.Deref(rule.VirtualNetworkResourceID, ""), subnetID) && rule.Action == storage.ActionAllow {
 					found = true
 					break
 				}
 			}
-		}
-		if !found {
-			return false
+			if !found {
+				klog.V(2).Infof("subnetID(%s) not found in account(%s) virtual network rules", subnetID, ptr.Deref(account.Name, ""))
+				return false
+			}
 		}
 	}
 	return true
@@ -872,7 +873,7 @@ func isTaggedWithSkip(account storage.Account) bool {
 	if account.Tags != nil {
 		// skip account with SkipMatchingTag tag
 		if _, ok := account.Tags[SkipMatchingTag]; ok {
-			klog.V(2).Infof("found %s tag for account %s, skip matching", SkipMatchingTag, *account.Name)
+			klog.V(2).Infof("found %s tag for account %s, skip matching", SkipMatchingTag, ptr.Deref(account.Name, ""))
 			return false
 		}
 	}
@@ -963,7 +964,7 @@ func (az *Cloud) isMultichannelEnabledEqual(ctx context.Context, account storage
 		return false, nil
 	}
 
-	prop, err := az.getFileServicePropertiesCache(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, *account.Name)
+	prop, err := az.getFileServicePropertiesCache(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, ptr.Deref(account.Name, ""))
 	if err != nil {
 		return false, err
 	}
@@ -988,7 +989,7 @@ func (az *Cloud) isDisableFileServiceDeleteRetentionPolicyEqual(ctx context.Cont
 		return false, nil
 	}
 
-	prop, err := az.FileClient.WithSubscriptionID(accountOptions.SubscriptionID).GetServiceProperties(ctx, accountOptions.ResourceGroup, *account.Name)
+	prop, err := az.FileClient.WithSubscriptionID(accountOptions.SubscriptionID).GetServiceProperties(ctx, accountOptions.ResourceGroup, ptr.Deref(account.Name, ""))
 	if err != nil {
 		return false, err
 	}
@@ -1010,7 +1011,7 @@ func (az *Cloud) isEnableBlobDataProtectionEqual(ctx context.Context, account st
 		return true, nil
 	}
 
-	property, err := az.BlobClient.GetServiceProperties(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, *account.Name)
+	property, err := az.BlobClient.GetServiceProperties(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, ptr.Deref(account.Name, ""))
 	if err != nil {
 		return false, err
 	}