From d5cb13ddbd230280dca8b5dfc7142755383363e4 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 2 Dec 2021 10:39:01 -0500 Subject: [PATCH] validate: allow netFilter to be set alone in NicSelector In `staticValidateSriovNetworkNodePolicy`, we now allow a NicSelector to only have NetFilter defined. This will be useful for the OpenStack platform, where we can request a Network Node Policy only by its Network ID. --- pkg/webhook/validate.go | 9 +++++---- pkg/webhook/validate_test.go | 27 ++++++++++++++++++++++++++- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/pkg/webhook/validate.go b/pkg/webhook/validate.go index 2c19ed0bf..1a2b6920c 100644 --- a/pkg/webhook/validate.go +++ b/pkg/webhook/validate.go @@ -3,14 +3,15 @@ package webhook import ( "context" "fmt" - "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/utils" "os" "regexp" "strconv" "strings" + "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/utils" + "github.com/golang/glog" - "k8s.io/api/admission/v1" + v1 "k8s.io/api/admission/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -91,8 +92,8 @@ func staticValidateSriovNetworkNodePolicy(cr *sriovnetworkv1.SriovNetworkNodePol return false, fmt.Errorf("resource name \"%s\" contains invalid characters, the accepted syntax of the regular expressions is: \"^[a-zA-Z0-9_]+$\"", cr.Spec.ResourceName) } - if cr.Spec.NicSelector.Vendor == "" && cr.Spec.NicSelector.DeviceID == "" && len(cr.Spec.NicSelector.PfNames) == 0 && len(cr.Spec.NicSelector.RootDevices) == 0 { - return false, fmt.Errorf("at least one of these parameters (vendor, deviceID, pfNames or rootDevices) has to be defined in nicSelector in CR %s", cr.GetName()) + if cr.Spec.NicSelector.Vendor == "" && cr.Spec.NicSelector.DeviceID == "" && len(cr.Spec.NicSelector.PfNames) == 0 && len(cr.Spec.NicSelector.RootDevices) == 0 && cr.Spec.NicSelector.NetFilter == "" { + return false, fmt.Errorf("at least one of these parameters (vendor, deviceID, pfNames, rootDevices or netFilter) has to be defined in nicSelector in CR %s", cr.GetName()) } if cr.Spec.NicSelector.Vendor != "" { diff --git a/pkg/webhook/validate_test.go b/pkg/webhook/validate_test.go index 704d55737..2de71ddbe 100644 --- a/pkg/webhook/validate_test.go +++ b/pkg/webhook/validate_test.go @@ -2,10 +2,11 @@ package webhook import ( "fmt" - corev1 "k8s.io/api/core/v1" "os" "testing" + corev1 "k8s.io/api/core/v1" + . "github.com/k8snetworkplumbingwg/sriov-network-operator/api/v1" . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -498,6 +499,30 @@ func TestStaticValidateSriovNetworkNodePolicyWithInvalidNicSelector(t *testing.T g.Expect(ok).To(Equal(false)) } +func TestValidatePolicyForNodeStateWithValidNetFilter(t *testing.T) { + interfaceSelected = false + state := newNodeState() + policy := &SriovNetworkNodePolicy{ + Spec: SriovNetworkNodePolicySpec{ + DeviceType: "netdevice", + NicSelector: SriovNetworkNicSelector{ + NetFilter: "openstack/NetworkID:ada9ec67-2c97-467c-b674-c47200e2f5da", + }, + NodeSelector: map[string]string{ + "feature.node.kubernetes.io/network-sriov.capable": "true", + }, + NumVfs: 63, + Priority: 99, + ResourceName: "p0", + }, + } + g := NewGomegaWithT(t) + ok, err := validatePolicyForNodeState(policy, state, NewNode()) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(ok).To(Equal(true)) + g.Expect(interfaceSelected).To(Equal(true)) +} + func TestValidatePolicyForNodeStateWithValidVFAndNetFilter(t *testing.T) { interfaceSelected = false state := &SriovNetworkNodeState{