Preserve image plan metadata in VMSS model conversion to prevent false model drift

[stelucz]

What type of PR is this?

/kind bug

What this PR does / why we need it:

This PR fixes a VMSS model comparison issue in CAPZ where plan metadata was lost during Azure SDK → CAPZ image conversion.
As a result, CAPZ could detect a model mismatch even when AzureMachinePool spec was unchanged, and repeatedly roll MachinePool instances.

Root Cause

• LatestModelApplied for AzureMachinePoolMachine depends on comparing:
  • desired image from MachinePoolScope.GetVMImage(...)
  • observed VM/VMSS instance image from Azure APIs.
• For Compute/Shared Gallery images that include a marketplace-like plan, CAPZ expected plan data in desired model.
• Before this change, converter logic SDKImageToImage did not carry Plan fields for gallery-based image references.
• This produced structurally different image objects (desired had plan metadata, observed often did not), leading to persistent LatestModelApplied=false.

Actual State Before Change

• No user-visible spec mutation on MachinePool/AzureMachinePool.
• CAPZ logs repeatedly showed model-change predicates firing and ongoing reconciles/deletes:
  • MachinePoolModelHasChanged ... shouldUpdate=true
  • repeated Deleting AzureMachinePoolMachine ...
• Node/VM churn continued despite stable target configuration.

Change Introduced

• Added plan-aware conversion path in VMSS converter:
  • SDKImageToImageWithPlan(imageRef, isThirdParty, sdkPlan)
  • Existing SDKImageToImage(imageRef, isThirdParty) preserved as compatibility wrapper.
• Updated VM/VMSS conversion call sites to pass both:
  • existing isThirdParty signal (sdkPlan != nil)
  • full sdkPlan object when available.
• Added plan propagation for gallery images:
  • Compute Gallery: map Plan into ComputeGallery.Plan
  • Shared Gallery: map Plan into Publisher/Offer/SKU fields
• Updated/extended unit tests in converter package to cover the plan-carrying behavior.

Expected Result

• Observed image model now preserves relevant plan metadata, reducing false differences against desired model.
• LatestModelApplied is evaluated against a more faithful observed state.
• Prevents unnecessary VMSS instance replacement loops caused by plan metadata loss.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

TODOs:

• squashed commits
• includes documentation
• adds unit tests
• cherry-pick candidate

Release note:

Preserve image plan metadata in VMSS model conversion to prevent false model drift

[k8s-ci-robot]

Hi @stelucz. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[stelucz]

/assign vincepri

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.94%. Comparing base (012443d) to head (86b42fe).
⚠️ Report is 129 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6129      +/-   ##
==========================================
- Coverage   44.41%   43.94%   -0.48%     
==========================================
  Files         280      289       +9     
  Lines       25379    25357      -22     
==========================================
- Hits        11273    11144     -129     
- Misses      13293    13433     +140     
+ Partials      813      780      -33     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from vincepri. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[stelucz]

added missing test

[stelucz]

Hi @jackfrancis may i ask you to have a look at change? Thanks

[mboersma]

There's a subtle regression possible here: if the user specifies the image via image.ID (a raw string), then the desired image from GetVMImage has ID set and ComputeGallery is nil. The spec has no plan data.

The whole purpose of the IDImageRefToImage comparison is to handle the case where the user wrote a raw gallery resource ID instead of using the structured ComputeGallery field. In that case, the user has no way to express plan metadata in their spec.

Maybe the fix is to strip the plan from the observed image when comparing via this code path, since the "desired" side can never have one. We could add this to machinepoolmachine.go:

if newImage.ComputeGallery != nil {
    instanceImageCopy := s.instance.Image
    instanceImageCopy.ComputeGallery.Plan = nil
    return reflect.DeepEqual(instanceImageCopy, newImage), nil
}