worked on PR comments: change in logic validation

bnallapeta · bnallapeta · commit 332165567bac · 2025-08-04T20:01:41.000+05:30
Signed-off-by: Bharath Nallapeta &lt;bnallapeta@mirantis.com&gt;
diff --git a/controllers/openstackcluster_controller.go b/controllers/openstackcluster_controller.go
@@ -497,7 +497,10 @@ func (r *OpenStackClusterReconciler) reconcileBastionServer(ctx context.Context,
 	}
 
 	// If the bastion is found but the spec has changed, we need to delete it and reconcile.
-	bastionServerSpec := bastionToOpenStackServerSpec(openStackCluster)
+	bastionServerSpec, err := bastionToOpenStackServerSpec(openStackCluster)
+	if err != nil {
+		return nil, true, err
+	}
 	if !bastionNotFound && server != nil && !apiequality.Semantic.DeepEqual(bastionServerSpec, &server.Spec) {
 		scope.Logger().Info("Bastion spec has changed, re-creating the OpenStackServer object")
 		if err := r.deleteBastion(ctx, scope, cluster, openStackCluster); err != nil {
@@ -543,7 +546,10 @@ func (r *OpenStackClusterReconciler) getBastionServer(ctx context.Context, openS
 // createBastionServer creates the OpenStackServer object for the bastion server.
 // It returns the OpenStackServer object and an error if any.
 func (r *OpenStackClusterReconciler) createBastionServer(ctx context.Context, openStackCluster *infrav1.OpenStackCluster, cluster *clusterv1.Cluster) (*infrav1alpha1.OpenStackServer, error) {
-	bastionServerSpec := bastionToOpenStackServerSpec(openStackCluster)
+	bastionServerSpec, err := bastionToOpenStackServerSpec(openStackCluster)
+	if err != nil {
+		return nil, err
+	}
 	bastionServer := &infrav1alpha1.OpenStackServer{
 		ObjectMeta: metav1.ObjectMeta{
 			Labels: map[string]string{
@@ -571,7 +577,7 @@ func (r *OpenStackClusterReconciler) createBastionServer(ctx context.Context, op
 
 // bastionToOpenStackServerSpec converts the OpenStackMachineSpec for the bastion to an OpenStackServerSpec.
 // It returns the OpenStackServerSpec and an error if any.
-func bastionToOpenStackServerSpec(openStackCluster *infrav1.OpenStackCluster) *infrav1alpha1.OpenStackServerSpec {
+func bastionToOpenStackServerSpec(openStackCluster *infrav1.OpenStackCluster) (*infrav1alpha1.OpenStackServerSpec, error) {
 	bastion := openStackCluster.Spec.Bastion
 	if bastion == nil {
 		bastion = &infrav1.Bastion{}
@@ -586,9 +592,12 @@ func bastionToOpenStackServerSpec(openStackCluster *infrav1.OpenStackCluster) *i
 	if bastion.AvailabilityZone != nil {
 		az = *bastion.AvailabilityZone
 	}
-	openStackServerSpec := openStackMachineSpecToOpenStackServerSpec(bastion.Spec, openStackCluster.Spec.IdentityRef, compute.InstanceTags(bastion.Spec, openStackCluster), az, nil, getBastionSecurityGroupID(openStackCluster), openStackCluster.Status.Network.ID)
+	openStackServerSpec, err := openStackMachineSpecToOpenStackServerSpec(bastion.Spec, openStackCluster.Spec.IdentityRef, compute.InstanceTags(bastion.Spec, openStackCluster), az, nil, getBastionSecurityGroupID(openStackCluster), openStackCluster.Status.Network)
+	if err != nil {
+		return nil, err
+	}
 
-	return openStackServerSpec
+	return openStackServerSpec, nil
 }
 
 func bastionName(clusterResourceName string) string {
diff --git a/controllers/openstackmachine_controller.go b/controllers/openstackmachine_controller.go
@@ -479,7 +479,18 @@ func (r *OpenStackMachineReconciler) getMachineServer(ctx context.Context, openS
 
 // openStackMachineSpecToOpenStackServerSpec converts an OpenStackMachineSpec to an OpenStackServerSpec.
 // It returns the OpenStackServerSpec object and an error if there is any.
-func openStackMachineSpecToOpenStackServerSpec(openStackMachineSpec *infrav1.OpenStackMachineSpec, identityRef infrav1.OpenStackIdentityReference, tags []string, failureDomain string, userDataRef *corev1.LocalObjectReference, defaultSecGroup *string, defaultNetworkID string) *infrav1alpha1.OpenStackServerSpec {
+func openStackMachineSpecToOpenStackServerSpec(openStackMachineSpec *infrav1.OpenStackMachineSpec, identityRef infrav1.OpenStackIdentityReference, tags []string, failureDomain string, userDataRef *corev1.LocalObjectReference, defaultSecGroup *string, clusterNetwork *infrav1.NetworkStatusWithSubnets) (*infrav1alpha1.OpenStackServerSpec, error) {
+	// Determine default network ID if the cluster status exposes one.
+	var defaultNetworkID string
+	if clusterNetwork != nil {
+		defaultNetworkID = clusterNetwork.ID
+	}
+
+	// If no cluster network is available AND the machine spec did not define any ports with a network, we cannot choose a network.
+	if defaultNetworkID == "" && len(openStackMachineSpec.Ports) == 0 {
+		return nil, capoerrors.Terminal(infrav1.InvalidMachineSpecReason, "no network configured: cluster network is missing and machine spec does not define ports with a network")
+	}
+
 	openStackServerSpec := &infrav1alpha1.OpenStackServerSpec{
 		AdditionalBlockDevices:            openStackMachineSpec.AdditionalBlockDevices,
 		ConfigDrive:                       openStackMachineSpec.ConfigDrive,
@@ -535,7 +546,7 @@ func openStackMachineSpecToOpenStackServerSpec(openStackMachineSpec *infrav1.Ope
 	}
 	openStackServerSpec.Ports = serverPorts
 
-	return openStackServerSpec
+	return openStackServerSpec, nil
 }
 
 // reconcileMachineServer reconciles the OpenStackServer object for the OpenStackMachine.
@@ -584,18 +595,10 @@ func (r *OpenStackMachineReconciler) getOrCreateMachineServer(ctx context.Contex
 			}
 			return openStackCluster.Spec.IdentityRef
 		}()
-			// Determine default network ID if the cluster status exposes one.
-		var defaultNetworkID string
-		if openStackCluster.Status.Network != nil {
-			defaultNetworkID = openStackCluster.Status.Network.ID
-		}
-
-		// If no cluster network is available AND the machine spec did not define any ports with a network, we cannot choose a network.
-		if defaultNetworkID == "" && len(openStackMachine.Spec.Ports) == 0 {
-			return nil, capoerrors.Terminal(infrav1.InvalidMachineSpecReason, "no network configured: cluster network is missing and machine spec does not define ports with a network")
+		machineServerSpec, err := openStackMachineSpecToOpenStackServerSpec(&openStackMachine.Spec, identityRef, compute.InstanceTags(&openStackMachine.Spec, openStackCluster), failureDomain, userDataRef, getManagedSecurityGroup(openStackCluster, machine), openStackCluster.Status.Network)
+		if err != nil {
+			return nil, err
 		}
-
-		machineServerSpec := openStackMachineSpecToOpenStackServerSpec(&openStackMachine.Spec, identityRef, compute.InstanceTags(&openStackMachine.Spec, openStackCluster), failureDomain, userDataRef, getManagedSecurityGroup(openStackCluster, machine), defaultNetworkID)
 		machineServer = &infrav1alpha1.OpenStackServer{
 			ObjectMeta: metav1.ObjectMeta{
 				Labels: map[string]string{
diff --git a/controllers/openstackmachine_controller_test.go b/controllers/openstackmachine_controller_test.go
@@ -77,24 +77,25 @@ func TestOpenStackMachineSpecToOpenStackServerSpec(t *testing.T) {
 		},
 	}
 	portOptsWithAdditionalSecurityGroup := []infrav1.PortOpts{
-        {
-            Network: &infrav1.NetworkParam{
-                ID: ptr.To(openStackCluster.Status.Network.ID),
-            },
-            SecurityGroups: []infrav1.SecurityGroupParam{
-                {
-                    ID: ptr.To(extraSecurityGroupUUID),
-                },
-            },
-        },
-    }
+		{
+			Network: &infrav1.NetworkParam{
+				ID: ptr.To(openStackCluster.Status.Network.ID),
+			},
+			SecurityGroups: []infrav1.SecurityGroupParam{
+				{
+					ID: ptr.To(extraSecurityGroupUUID),
+				},
+			},
+		},
+	}
 	image := infrav1.ImageParam{Filter: &infrav1.ImageFilter{Name: ptr.To("my-image")}}
 	tags := []string{"tag1", "tag2"}
 	userData := &corev1.LocalObjectReference{Name: "server-data-secret"}
 	tests := []struct {
-		name string
-		spec *infrav1.OpenStackMachineSpec
-		want *infrav1alpha1.OpenStackServerSpec
+		name    string
+		spec    *infrav1.OpenStackMachineSpec
+		want    *infrav1alpha1.OpenStackServerSpec
+		wantErr bool
 	}{
 		{
 			name: "Test a minimum OpenStackMachineSpec to OpenStackServerSpec conversion",
@@ -155,68 +156,86 @@ func TestOpenStackMachineSpecToOpenStackServerSpec(t *testing.T) {
 			},
 		},
 		{
-            name: "Test an OpenStackMachineSpec to OpenStackServerSpec conversion with flavorID specified but not flavor",
-            spec: &infrav1.OpenStackMachineSpec{
-                FlavorID:   ptr.To(flavorUUID),
-                Image:      image,
-                SSHKeyName: sshKeyName,
-            },
-            want: &infrav1alpha1.OpenStackServerSpec{
-                FlavorID:    ptr.To(flavorUUID),
-                IdentityRef: identityRef,
-                Image:       image,
-                SSHKeyName:  sshKeyName,
-                Ports:       portOpts,
-                Tags:        tags,
-                UserDataRef: userData,
-            },
-        },
-        {
-            name: "Cluster network nil, machine defines port network and overrides SG",
-            spec: &infrav1.OpenStackMachineSpec{
-                Ports: []infrav1.PortOpts{{
-                    Network: &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
-                }},
-                SecurityGroups: []infrav1.SecurityGroupParam{{ID: ptr.To(extraSecurityGroupUUID)}},
-            },
-            want: &infrav1alpha1.OpenStackServerSpec{
-                IdentityRef: identityRef,
-                Ports: []infrav1.PortOpts{{
-                    Network: &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
-                    SecurityGroups: []infrav1.SecurityGroupParam{{ID: ptr.To(extraSecurityGroupUUID)}},
-                }},
-                Tags:        tags,
-                UserDataRef: userData,
-            },
-        },
-        {
-            name: "Cluster network nil, machine defines port network and falls back to cluster SG",
-            spec: &infrav1.OpenStackMachineSpec{
-                Ports: []infrav1.PortOpts{{
-                    Network: &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
-                }},
-            },
-            want: &infrav1alpha1.OpenStackServerSpec{
-                IdentityRef: identityRef,
-                Ports: []infrav1.PortOpts{{
-                    Network: &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
-                    SecurityGroups: []infrav1.SecurityGroupParam{{ID: ptr.To(workerSecurityGroupUUID)}},
-                }},
-                Tags:        tags,
-                UserDataRef: userData,
-            },
-        },
+			name: "Test an OpenStackMachineSpec to OpenStackServerSpec conversion with flavorID specified but not flavor",
+			spec: &infrav1.OpenStackMachineSpec{
+				FlavorID:   ptr.To(flavorUUID),
+				Image:      image,
+				SSHKeyName: sshKeyName,
+			},
+			want: &infrav1alpha1.OpenStackServerSpec{
+				FlavorID:    ptr.To(flavorUUID),
+				IdentityRef: identityRef,
+				Image:       image,
+				SSHKeyName:  sshKeyName,
+				Ports:       portOpts,
+				Tags:        tags,
+				UserDataRef: userData,
+			},
+		},
+		{
+			name: "Cluster network nil, machine defines port network and overrides SG",
+			spec: &infrav1.OpenStackMachineSpec{
+				Ports: []infrav1.PortOpts{{
+					Network: &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
+				}},
+				SecurityGroups: []infrav1.SecurityGroupParam{{ID: ptr.To(extraSecurityGroupUUID)}},
+			},
+			want: &infrav1alpha1.OpenStackServerSpec{
+				IdentityRef: identityRef,
+				Ports: []infrav1.PortOpts{{
+					Network:        &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
+					SecurityGroups: []infrav1.SecurityGroupParam{{ID: ptr.To(extraSecurityGroupUUID)}},
+				}},
+				Tags:        tags,
+				UserDataRef: userData,
+			},
+		},
+		{
+			name: "Cluster network nil, machine defines port network and falls back to cluster SG",
+			spec: &infrav1.OpenStackMachineSpec{
+				Ports: []infrav1.PortOpts{{
+					Network: &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
+				}},
+			},
+			want: &infrav1alpha1.OpenStackServerSpec{
+				IdentityRef: identityRef,
+				Ports: []infrav1.PortOpts{{
+					Network:        &infrav1.NetworkParam{ID: ptr.To(networkUUID)},
+					SecurityGroups: []infrav1.SecurityGroupParam{{ID: ptr.To(workerSecurityGroupUUID)}},
+				}},
+				Tags:        tags,
+				UserDataRef: userData,
+			},
+		},
+		{
+			name: "Error case: no cluster network and no machine ports",
+			spec: &infrav1.OpenStackMachineSpec{
+				Flavor:     ptr.To(flavorName),
+				Image:      image,
+				SSHKeyName: sshKeyName,
+				// No ports defined
+			},
+			want:    nil,
+			wantErr: true,
+		},
 	}
 	for i := range tests {
 		tt := tests[i]
 		t.Run(tt.name, func(t *testing.T) {
-			defaultNetID := ""
-			if openStackCluster.Status.Network != nil {
-				defaultNetID = openStackCluster.Status.Network.ID
+			// For the error test case, simulate no cluster network
+			var clusterNetwork *infrav1.NetworkStatusWithSubnets
+			if tt.wantErr && tt.name == "Error case: no cluster network and no machine ports" {
+				clusterNetwork = nil // Simulate nil cluster network for HCP scenario
+			} else {
+				clusterNetwork = openStackCluster.Status.Network
 			}
 
-			spec := openStackMachineSpecToOpenStackServerSpec(tt.spec, identityRef, tags, "", userData, &openStackCluster.Status.WorkerSecurityGroup.ID, defaultNetID)
-			if !reflect.DeepEqual(spec, tt.want) {
+			spec, err := openStackMachineSpecToOpenStackServerSpec(tt.spec, identityRef, tags, "", userData, &openStackCluster.Status.WorkerSecurityGroup.ID, clusterNetwork)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("openStackMachineSpecToOpenStackServerSpec() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !tt.wantErr && !reflect.DeepEqual(spec, tt.want) {
 				t.Errorf("openStackMachineSpecToOpenStackServerSpec() got = %+v, want %+v", spec, tt.want)
 			}
 		})
@@ -332,82 +351,23 @@ func TestOpenStackMachineSpecToOpenStackServerSpec_NilNetworkCases(t *testing.T)
 				managedSecurityGroupID = &tt.openStackCluster.Status.WorkerSecurityGroup.ID
 			}
 
-			spec := openStackMachineSpecToOpenStackServerSpec(
+			spec, err := openStackMachineSpecToOpenStackServerSpec(
 				tt.spec,
 				identityRef,
 				tags,
 				"", // failureDomain
 				userData,
 				managedSecurityGroupID,
-				defaultNetworkID,
+				tt.openStackCluster.Status.Network,
 			)
+			if err != nil {
+				t.Errorf("Unexpected error: %v", err)
+				return
+			}
 
 			if !reflect.DeepEqual(spec.Ports, tt.expectedPorts) {
 				t.Errorf("Expected ports = %+v, got %+v", tt.expectedPorts, spec.Ports)
 			}
 		})
 	}
 }
-
-func TestValidateNetworkConfiguration(t *testing.T) {
-	tests := []struct {
-		name              string
-		clusterNetworkID  string
-		machinePortsCount int
-		expectError       bool
-		expectedErrorMsg  string
-		description       string
-	}{
-		{
-			name:              "Valid: cluster has network, machine has no explicit ports",
-			clusterNetworkID:  networkUUID,
-			machinePortsCount: 0,
-			expectError:       false,
-			description:       "Should succeed when cluster provides default network",
-		},
-		{
-			name:              "Valid: no cluster network, machine defines explicit ports",
-			clusterNetworkID:  "",
-			machinePortsCount: 1,
-			expectError:       false,
-			description:       "Should succeed when machine defines its own networking",
-		},
-		{
-			name:              "Invalid: no cluster network, no machine ports",
-			clusterNetworkID:  "",
-			machinePortsCount: 0,
-			expectError:       true,
-			expectedErrorMsg:  "no network configured: cluster network is missing and machine spec does not define ports with a network",
-			description:       "Should fail with terminal error when no networking is configured anywhere",
-		},
-		{
-			name:              "Valid: cluster network and machine ports both defined",
-			clusterNetworkID:  networkUUID,
-			machinePortsCount: 2,
-			expectError:       false,
-			description:       "Should succeed when both cluster and machine define networking",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			// Simulate the validation logic from the controller
-			hasClusterNetwork := tt.clusterNetworkID != ""
-			hasMachinePorts := tt.machinePortsCount > 0
-
-			shouldFail := !hasClusterNetwork && !hasMachinePorts
-
-			if shouldFail != tt.expectError {
-				t.Errorf("Expected error: %v, but validation result: %v", tt.expectError, shouldFail)
-			}
-
-			if tt.expectError && shouldFail {
-				// In the real controller, this would be a terminal error
-				actualError := "no network configured: cluster network is missing and machine spec does not define ports with a network"
-				if actualError != tt.expectedErrorMsg {
-					t.Errorf("Expected error message: %q, got: %q", tt.expectedErrorMsg, actualError)
-				}
-			}
-		})
-	}
-}
diff --git a/docs/book/src/development/development.md b/docs/book/src/development/development.md
@@ -562,5 +562,3 @@ kubectl get openstackservers
 ```
 
 This object is immutable and is created by the controller when a machine or a bastion is created. The `OpenStackServer` object is deleted when the machine or the bastion is deleted.
-
-

-Original file line number
+Diff line change
 ```
 This object is immutable and is created by the controller when a machine or a bastion is created. The `OpenStackServer` object is deleted when the machine or the bastion is deleted.
+-
+-