[release-1.29] fix: VirtualNetworkRule match issue during account search

pkg/provider/azure_storageaccount.go

@@ -839,17 +839,18 @@
 			return false
 		}
 
-		found := false
 		for _, subnetID := range accountOptions.VirtualNetworkResourceIDs {
+			found := false
 			for _, rule := range *account.AccountProperties.NetworkRuleSet.VirtualNetworkRules {
 				if strings.EqualFold(pointer.StringDeref(rule.VirtualNetworkResourceID, ""), subnetID) && rule.Action == storage.ActionAllow {
 					found = true
 					break
 				}
 			}
-		}
-		if !found {
-			return false
+			if !found {
+				klog.V(2).Infof("subnetID(%s) not found in account(%s) virtual network rules", subnetID, ptr.Deref(account.Name, ""))
+				return false
+			}
 		}
 	}
 	return true
@@ -869,7 +870,7 @@
 	if account.Tags != nil {
 		// skip account with SkipMatchingTag tag
 		if _, ok := account.Tags[SkipMatchingTag]; ok {
-			klog.V(2).Infof("found %s tag for account %s, skip matching", SkipMatchingTag, *account.Name)
+			klog.V(2).Infof("found %s tag for account %s, skip matching", SkipMatchingTag, ptr.Deref(account.Name, ""))
 			return false
 		}
 	}
@@ -960,7 +961,7 @@
 		return false, nil
 	}
 
-	prop, err := az.getFileServicePropertiesCache(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, *account.Name)
+	prop, err := az.getFileServicePropertiesCache(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, ptr.Deref(account.Name, ""))
 	if err != nil {
 		return false, err
 	}
@@ -985,7 +986,7 @@
 		return false, nil
 	}
 
-	prop, err := az.FileClient.WithSubscriptionID(accountOptions.SubscriptionID).GetServiceProperties(ctx, accountOptions.ResourceGroup, *account.Name)
+	prop, err := az.FileClient.WithSubscriptionID(accountOptions.SubscriptionID).GetServiceProperties(ctx, accountOptions.ResourceGroup, ptr.Deref(account.Name, ""))
 	if err != nil {
 		return false, err
 	}
@@ -1007,7 +1008,7 @@
 		return true, nil
 	}
 
-	property, err := az.BlobClient.GetServiceProperties(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, *account.Name)
+	property, err := az.BlobClient.GetServiceProperties(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, ptr.Deref(account.Name, ""))
 	if err != nil {
 		return false, err
 	}

pkg/provider/azure_storageaccount_test.go

@@ -1842,7 +1842,7 @@ func TestIsDisableFileServiceDeleteRetentionPolicyEqual(t *testing.T) {
 	}
 }
 
-func Test_isSoftDeleteBlobsEqual(t *testing.T) {
+func TestIsSoftDeleteBlobsEqual(t *testing.T) {
 	type args struct {
 		property       storage.BlobServiceProperties
 		accountOptions *AccountOptions
@@ -2092,3 +2092,105 @@ func TestParseServiceAccountToken(t *testing.T) {
 		t.Errorf("ParseServiceAccountToken(%s) = %s, want %s", saTokens, token, expectedToken)
 	}
 }
+
+func TestAreVNetRulesEqual(t *testing.T) {
+	type args struct {
+		account       storage.Account
+		accountOption *AccountOptions
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "account option is empty",
+			args: args{
+				account: storage.Account{
+					AccountProperties: &storage.AccountProperties{},
+				},
+				accountOption: &AccountOptions{
+					VirtualNetworkResourceIDs: []string{},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "VirtualNetworkRules are equal",
+			args: args{
+				account: storage.Account{
+					AccountProperties: &storage.AccountProperties{
+						NetworkRuleSet: &storage.NetworkRuleSet{
+							VirtualNetworkRules: &[]storage.VirtualNetworkRule{
+								{
+									VirtualNetworkResourceID: ptr.To("id"),
+									Action:                   storage.ActionAllow,
+									State:                    "state",
+								},
+							},
+						},
+					},
+				},
+				accountOption: &AccountOptions{
+					VirtualNetworkResourceIDs: []string{"id"},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "VirtualNetworkRules are equal with multiple NetworkRules",
+			args: args{
+				account: storage.Account{
+					AccountProperties: &storage.AccountProperties{
+						NetworkRuleSet: &storage.NetworkRuleSet{
+							VirtualNetworkRules: &[]storage.VirtualNetworkRule{
+								{
+									VirtualNetworkResourceID: ptr.To("id1"),
+									Action:                   storage.ActionAllow,
+								},
+								{
+									VirtualNetworkResourceID: ptr.To("id2"),
+									Action:                   storage.ActionAllow,
+								},
+							},
+						},
+					},
+				},
+				accountOption: &AccountOptions{
+					VirtualNetworkResourceIDs: []string{"id2"},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "VirtualNetworkRules not equal",
+			args: args{
+				account: storage.Account{
+					AccountProperties: &storage.AccountProperties{
+						NetworkRuleSet: &storage.NetworkRuleSet{
+							VirtualNetworkRules: &[]storage.VirtualNetworkRule{
+								{
+									VirtualNetworkResourceID: ptr.To("id1"),
+									Action:                   storage.ActionAllow,
+									State:                    "state",
+								},
+							},
+						},
+					},
+				},
+				accountOption: &AccountOptions{
+					VirtualNetworkResourceIDs: []string{"id2"},
+				},
+			},
+			want: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := AreVNetRulesEqual(tt.args.account, tt.args.accountOption); got != tt.want {
+				t.Errorf("areVNetRulesEqual() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}