kubernetes-sigs
diff --git a/‎api/v1alpha5/conversion.go
Lines changed: 54 additions & 2 deletions b/‎api/v1alpha5/conversion.go
Lines changed: 54 additions & 2 deletions
diff --git a/‎api/v1alpha5/zz_generated.conversion.go
Lines changed: 2 additions & 2 deletions b/‎api/v1alpha5/zz_generated.conversion.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎api/v1alpha6/conversion.go
Lines changed: 49 additions & 1 deletion b/‎api/v1alpha6/conversion.go
Lines changed: 49 additions & 1 deletion
diff --git a/‎api/v1alpha6/conversion_test.go
Lines changed: 12 additions & 0 deletions b/‎api/v1alpha6/conversion_test.go
Lines changed: 12 additions & 0 deletions
diff --git a/‎api/v1alpha6/zz_generated.conversion.go
Lines changed: 2 additions & 2 deletions b/‎api/v1alpha6/zz_generated.conversion.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎api/v1alpha7/types.go
Lines changed: 13 additions & 4 deletions b/‎api/v1alpha7/types.go
Lines changed: 13 additions & 4 deletions
diff --git a/‎api/v1alpha7/zz_generated.deepcopy.go
Lines changed: 16 additions & 7 deletions b/‎api/v1alpha7/zz_generated.deepcopy.go
Lines changed: 16 additions & 7 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml
Lines changed: 15 additions & 6 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml
Lines changed: 15 additions & 6 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml
Lines changed: 15 additions & 6 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml
Lines changed: 15 additions & 6 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml
Lines changed: 14 additions & 5 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml
Lines changed: 14 additions & 5 deletions
@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha5
 
 import (
+	"strings"
+
 	conversion "k8s.io/apimachinery/pkg/conversion"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	ctrlconversion "sigs.k8s.io/controller-runtime/pkg/conversion"
@@ -26,6 +28,8 @@ import (
 
 var _ ctrlconversion.Convertible = &OpenStackCluster{}
 
+const trueString = "true"
+
 func (r *OpenStackCluster) ConvertTo(dstRaw ctrlconversion.Hub) error {
 	dst := dstRaw.(*infrav1.OpenStackCluster)
 
@@ -193,7 +197,19 @@ func Convert_v1alpha7_LoadBalancer_To_v1alpha5_LoadBalancer(in *infrav1.LoadBala
 
 func Convert_v1alpha7_PortOpts_To_v1alpha5_PortOpts(in *infrav1.PortOpts, out *PortOpts, s conversion.Scope) error {
 	// value specs and propagate uplink status have been added in v1alpha7 but have no equivalent in v1alpha5
-	return autoConvert_v1alpha7_PortOpts_To_v1alpha5_PortOpts(in, out, s)
+	err := autoConvert_v1alpha7_PortOpts_To_v1alpha5_PortOpts(in, out, s)
+	if err != nil {
+		return err
+	}
+
+	out.Profile = make(map[string]string)
+	if in.Profile.OVSHWOffload {
+		(out.Profile)["capabilities"] = "[\"switchdev\"]"
+	}
+	if in.Profile.TrustedVF {
+		(out.Profile)["trusted"] = trueString
+	}
+	return nil
 }
 
 func Convert_Slice_v1alpha5_Network_To_Slice_v1alpha7_Network(in *[]Network, out *[]infrav1.Network, s conversion.Scope) error {
@@ -227,7 +243,19 @@ func Convert_v1alpha7_APIServerLoadBalancer_To_v1alpha5_APIServerLoadBalancer(in
 
 func Convert_v1alpha5_PortOpts_To_v1alpha7_PortOpts(in *PortOpts, out *infrav1.PortOpts, s conversion.Scope) error {
 	// SecurityGroups have been removed in v1alpha7.
-	return autoConvert_v1alpha5_PortOpts_To_v1alpha7_PortOpts(in, out, s)
+	err := autoConvert_v1alpha5_PortOpts_To_v1alpha7_PortOpts(in, out, s)
+	if err != nil {
+		return err
+	}
+
+	// Profile is now a struct in v1alpha7.
+	if strings.Contains(in.Profile["capabilities"], "switchdev") {
+		out.Profile.OVSHWOffload = true
+	}
+	if in.Profile["trusted"] == trueString {
+		out.Profile.TrustedVF = true
+	}
+	return nil
 }
 
 func Convert_v1alpha5_Instance_To_v1alpha7_BastionStatus(in *Instance, out *infrav1.BastionStatus, _ conversion.Scope) error {
@@ -333,3 +361,27 @@ func Convert_v1alpha7_SubnetFilter_To_v1alpha5_SubnetParam(in *infrav1.SubnetFil
 
 	return nil
 }
+
+func Convert_Map_string_To_Interface_To_v1alpha7_BindingProfile(in map[string]string, out *infrav1.BindingProfile, _ conversion.Scope) error {
+	for k, v := range in {
+		if k == "capabilities" {
+			if strings.Contains(v, "switchdev") {
+				out.OVSHWOffload = true
+			}
+		}
+		if k == "trusted" && v == trueString {
+			out.TrustedVF = true
+		}
+	}
+	return nil
+}
+
+func Convert_v1alpha7_BindingProfile_To_Map_string_To_Interface(in *infrav1.BindingProfile, out map[string]string, _ conversion.Scope) error {
+	if in.OVSHWOffload {
+		(out)["capabilities"] = "[\"switchdev\"]"
+	}
+	if in.TrustedVF {
+		(out)["trusted"] = trueString
+	}
+	return nil
+}
@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha6
 
 import (
+	"strings"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	conversion "k8s.io/apimachinery/pkg/conversion"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
@@ -25,6 +27,8 @@ import (
 	infrav1 "sigs.k8s.io/cluster-api-provider-openstack/api/v1alpha7"
 )
 
+const trueString = "true"
+
 /*
  * HOW THIS WORKS
  *
@@ -401,6 +405,14 @@ func Convert_v1alpha6_PortOpts_To_v1alpha7_PortOpts(in *PortOpts, out *infrav1.P
 	for i := range in.SecurityGroups {
 		out.SecurityGroupFilters = append(out.SecurityGroupFilters, infrav1.SecurityGroupFilter{ID: in.SecurityGroups[i]})
 	}
+
+	// Profile is now a struct in v1alpha7.
+	if strings.Contains(in.Profile["capabilities"], "switchdev") {
+		out.Profile.OVSHWOffload = true
+	}
+	if in.Profile["trusted"] == trueString {
+		out.Profile.TrustedVF = true
+	}
 	return nil
 }
 
@@ -426,7 +438,19 @@ func Convert_Slice_v1alpha7_Network_To_Slice_v1alpha6_Network(in *[]infrav1.Netw
 
 func Convert_v1alpha7_PortOpts_To_v1alpha6_PortOpts(in *infrav1.PortOpts, out *PortOpts, s conversion.Scope) error {
 	// value specs and propagate uplink status have been added in v1alpha7 but have no equivalent in v1alpha5
-	return autoConvert_v1alpha7_PortOpts_To_v1alpha6_PortOpts(in, out, s)
+	err := autoConvert_v1alpha7_PortOpts_To_v1alpha6_PortOpts(in, out, s)
+	if err != nil {
+		return err
+	}
+
+	out.Profile = make(map[string]string)
+	if in.Profile.OVSHWOffload {
+		(out.Profile)["capabilities"] = "[\"switchdev\"]"
+	}
+	if in.Profile.TrustedVF {
+		(out.Profile)["trusted"] = trueString
+	}
+	return nil
 }
 
 func Convert_v1alpha6_Instance_To_v1alpha7_BastionStatus(in *Instance, out *infrav1.BastionStatus, _ conversion.Scope) error {
@@ -532,3 +556,27 @@ func Convert_v1alpha7_SubnetFilter_To_v1alpha6_SubnetParam(in *infrav1.SubnetFil
 
 	return nil
 }
+
+func Convert_Map_string_To_Interface_To_v1alpha7_BindingProfile(in map[string]string, out *infrav1.BindingProfile, _ conversion.Scope) error {
+	for k, v := range in {
+		if k == "capabilities" {
+			if strings.Contains(v, "switchdev") {
+				out.OVSHWOffload = true
+			}
+		}
+		if k == "trusted" && v == trueString {
+			out.TrustedVF = true
+		}
+	}
+	return nil
+}
+
+func Convert_v1alpha7_BindingProfile_To_Map_string_To_Interface(in *infrav1.BindingProfile, out map[string]string, _ conversion.Scope) error {
+	if in.OVSHWOffload {
+		(out)["capabilities"] = "[\"switchdev\"]"
+	}
+	if in.TrustedVF {
+		(out)["trusted"] = trueString
+	}
+	return nil
+}
@@ -418,6 +418,14 @@ func TestPortOptsConvertTo(t *testing.T) {
 		{ID: uuids[0]},
 		{ID: uuids[1]},
 	}
+	legacyPortProfile := map[string]string{
+		"capabilities": "[\"switchdev\"]",
+		"trusted":      "true",
+	}
+	convertedPortProfile := infrav1.BindingProfile{
+		OVSHWOffload: true,
+		TrustedVF:    true,
+	}
 
 	tests := []struct {
 		name string
@@ -430,19 +438,23 @@ func TestPortOptsConvertTo(t *testing.T) {
 			// The list of security group UUIDs should be translated to proper SecurityGroupParams
 			name: "SecurityGroups to SecurityGroupFilters",
 			spokePortOpts: []PortOpts{{
+				Profile:        legacyPortProfile,
 				SecurityGroups: uuids,
 			}},
 			hubPortOpts: []infrav1.PortOpts{{
+				Profile:              convertedPortProfile,
 				SecurityGroupFilters: securityGroupsUuids,
 			}},
 		},
 		{
 			name: "Merge SecurityGroups and SecurityGroupFilters",
 			spokePortOpts: []PortOpts{{
+				Profile:              legacyPortProfile,
 				SecurityGroups:       uuids,
 				SecurityGroupFilters: securityGroupFilter,
 			}},
 			hubPortOpts: []infrav1.PortOpts{{
+				Profile:              convertedPortProfile,
 				SecurityGroupFilters: securityGroupFilterMerged,
 			}},
 		},
 
@@ -102,10 +102,11 @@ type PortOpts struct {
 	// The virtual network interface card (vNIC) type that is bound to the neutron port.
 	VNICType string `json:"vnicType,omitempty"`
 
-	// A dictionary that enables the application running on the specified
-	// host to pass and receive virtual network interface (VIF) port-specific
-	// information to the plug-in.
-	Profile map[string]string `json:"profile,omitempty"`
+	// Profile is a set of key-value pairs that are used for binding details.
+	// We intentionally don't expose this as a map[string]string because we only want to enable
+	// the users to set the values of the keys that are known to work in OpenStack Networking API.
+	// See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+	Profile BindingProfile `json:"profile,omitempty"`
 
 	// DisablePortSecurity enables or disables the port security when set.
 	// When not set, it takes the value of the corresponding field at the network level.
@@ -128,6 +129,14 @@ type PortOpts struct {
 	ValueSpecs []ValueSpec `json:"valueSpecs,omitempty"`
 }
 
+type BindingProfile struct {
+	// OVSHWOffload enables or disables the OVS hardware offload feature.
+	OVSHWOffload bool `json:"ovsHWOffload,omitempty"`
+
+	// TrustedVF enables or disables the “trusted mode” for the VF.
+	TrustedVF bool `json:"trustedVF,omitempty"`
+}
+
 type FixedIP struct {
 	// Subnet is an openstack subnet query that will return the id of a subnet to create
 	// the fixed IP of a port in. This query must not return more than one subnet.
 
@@ -3928,12 +3928,21 @@ spec:
                                   type: string
                               type: object
                             profile:
-                              additionalProperties:
-                                type: string
-                              description: A dictionary that enables the application
-                                running on the specified host to pass and receive
-                                virtual network interface (VIF) port-specific information
-                                to the plug-in.
+                              description: Profile is a set of key-value pairs that
+                                are used for binding details. We intentionally don't
+                                expose this as a map[string]string because we only
+                                want to enable the users to set the values of the
+                                keys that are known to work in OpenStack Networking
+                                API. See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+                              properties:
+                                ovsHWOffload:
+                                  description: OVSHWOffload enables or disables the
+                                    OVS hardware offload feature.
+                                  type: boolean
+                                trustedVF:
+                                  description: TrustedVF enables or disables the “trusted
+                                    mode” for the VF.
+                                  type: boolean
                               type: object
                             projectId:
                               type: string
 
@@ -1768,12 +1768,21 @@ spec:
                                           type: string
                                       type: object
                                     profile:
-                                      additionalProperties:
-                                        type: string
-                                      description: A dictionary that enables the application
-                                        running on the specified host to pass and
-                                        receive virtual network interface (VIF) port-specific
-                                        information to the plug-in.
+                                      description: Profile is a set of key-value pairs
+                                        that are used for binding details. We intentionally
+                                        don't expose this as a map[string]string because
+                                        we only want to enable the users to set the
+                                        values of the keys that are known to work
+                                        in OpenStack Networking API. See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+                                      properties:
+                                        ovsHWOffload:
+                                          description: OVSHWOffload enables or disables
+                                            the OVS hardware offload feature.
+                                          type: boolean
+                                        trustedVF:
+                                          description: TrustedVF enables or disables
+                                            the “trusted mode” for the VF.
+                                          type: boolean
                                       type: object
                                     projectId:
                                       type: string
 
@@ -1305,11 +1305,20 @@ spec:
                           type: string
                       type: object
                     profile:
-                      additionalProperties:
-                        type: string
-                      description: A dictionary that enables the application running
-                        on the specified host to pass and receive virtual network
-                        interface (VIF) port-specific information to the plug-in.
+                      description: Profile is a set of key-value pairs that are used
+                        for binding details. We intentionally don't expose this as
+                        a map[string]string because we only want to enable the users
+                        to set the values of the keys that are known to work in OpenStack
+                        Networking API. See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+                      properties:
+                        ovsHWOffload:
+                          description: OVSHWOffload enables or disables the OVS hardware
+                            offload feature.
+                          type: boolean
+                        trustedVF:
+                          description: TrustedVF enables or disables the “trusted
+                            mode” for the VF.
+                          type: boolean
                       type: object
                     projectId:
                       type: string