fix: add logic to skip subnet update under certain conditions

This commit addresses the need for the subnet/write permissions.  Currently, in all scenarios, the
subnet/write permission is used via the subnet.CreateOrUpdate method.  This change adds logic to
determine if the values are already set to Disabled and skips running the subnet.CreateOrUpdate
 method if it is already set appropriately.  This will save the need to make an extra API call and
also allow users to configure things like Azure policy where subnet/write permissions are not needed.

Signed-off-by: Dustin Scott <[email protected]>

pkg/cluster/deploybaseresources.go

@@ -432,10 +432,27 @@ func (m *manager) setMasterSubnetPolicies(ctx context.Context) error {
 		s.SubnetPropertiesFormat = &mgmtnetwork.SubnetPropertiesFormat{}
 	}
 
+	// we need to track whether or not we need to send an update to the AzureRM API based on whether
+	// or not our private endpoint network policies or private link service network policies
+	// already match a desired condition of 'Disabled' or not.
+	var needsUpdate bool
+
 	if m.doc.OpenShiftCluster.Properties.FeatureProfile.GatewayEnabled {
-		s.SubnetPropertiesFormat.PrivateEndpointNetworkPolicies = to.StringPtr("Disabled")
+		if s.SubnetPropertiesFormat.PrivateEndpointNetworkPolicies == nil || *s.SubnetPropertiesFormat.PrivateEndpointNetworkPolicies != "Disabled" {
+			needsUpdate = true
+			s.SubnetPropertiesFormat.PrivateEndpointNetworkPolicies = to.StringPtr("Disabled")
+		}
+	}
+
+	if s.SubnetPropertiesFormat.PrivateLinkServiceNetworkPolicies == nil || *s.SubnetPropertiesFormat.PrivateLinkServiceNetworkPolicies != "Disabled" {
+		needsUpdate = true
+		s.SubnetPropertiesFormat.PrivateLinkServiceNetworkPolicies = to.StringPtr("Disabled")
+	}
+
+	// return if we do not need to update the subnet
+	if !needsUpdate {
+		return nil
 	}
-	s.SubnetPropertiesFormat.PrivateLinkServiceNetworkPolicies = to.StringPtr("Disabled")
 
 	err = m.subnet.CreateOrUpdate(ctx, subnetId, s)