IR-367: add networkResourceGroupName to azure network access internal config

imageregistry/v1/00_imageregistry.crd.yaml

@@ -688,6 +688,12 @@ spec:
                             internal:
                               description: 'internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.'
                               properties:
+                                networkResourceGroupName:
+                                  description: networkResourceGroupName is the resource group name where the cluster's vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.
+                                  maxLength: 90
+                                  minLength: 1
+                                  pattern: ^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$
+                                  type: string
                                 privateEndpointName:
                                   description: privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.
                                   maxLength: 64
@@ -1101,6 +1107,12 @@ spec:
                             internal:
                               description: 'internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.'
                               properties:
+                                networkResourceGroupName:
+                                  description: networkResourceGroupName is the resource group name where the cluster's vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.
+                                  maxLength: 90
+                                  minLength: 1
+                                  pattern: ^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$
+                                  type: string
                                 privateEndpointName:
                                   description: privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.
                                   maxLength: 64

imageregistry/v1/stable.config.testsuite.yaml

@@ -27,6 +27,7 @@ tests:
             networkAccess:
               type: Internal
               internal:
+                networkResourceGroupName: .my.resource_group-name
                 vnetName: foo-bar
                 subnetName: bar_foo
                 privateEndpointName: my-private-endpoint
@@ -42,6 +43,7 @@ tests:
             networkAccess:
               type: Internal
               internal:
+                networkResourceGroupName: .my.resource_group-name
                 vnetName: foo-bar
                 subnetName: bar_foo
                 privateEndpointName: my-private-endpoint
@@ -92,3 +94,16 @@ tests:
               internal:
                 subnetName: .invalid
     expectedError: "spec.storage.azure.networkAccess.internal.subnetName in body should match '^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$'"
+  - name: Should reject configuration with invalid network resource group name in internal storage network access config
+    initial: |
+      apiVersion: imageregistry.operator.openshift.io/v1
+      kind: Config
+      spec:
+        replicas: 1
+        storage:
+          azure:
+            networkAccess:
+              type: Internal
+              internal:
+                networkResourceGroupName: invalid.
+    expectedError: "spec.storage.azure.networkAccess.internal.networkResourceGroupName in body should match '^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$'"

imageregistry/v1/types.go

@@ -337,6 +337,20 @@ type AzureNetworkAccess struct {
 }
 
 type AzureNetworkAccessInternal struct {
+	// networkResourceGroupName is the resource group name where the cluster's vnet
+	// and subnet are. When omitted, the registry operator will use the cluster
+	// resource group (from in the infrastructure status).
+	// If you set a networkResourceGroupName on your install-config.yaml, that
+	// value will be used automatically (for clusters configured with publish:Internal).
+	// Note that both vnet and subnet must be in the same resource group.
+	// It must be between 1 and 90 characters in length and must consist only of
+	// alphanumeric characters, hyphens (-), periods (.) and underscores (_), and
+	// not end with a period.
+	// +kubebuilder:validation:MaxLength=90
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$`
+	// +optional
+	NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"`
 	// vnetName is the name of the vnet the registry operates in. When omitted,
 	// the registry operator will discover and set this by using the `kubernetes.io_cluster.<cluster-id>`
 	// tag in the vnet resource. This tag is set automatically by the installer.