Update GNP validations for NetworkAttachments

Author: synth-beat

pkg/controller/gkenetworkparamset/gkenetworkparamset_controller.go

@@ -406,6 +406,27 @@ func (c *Controller) syncGNP(ctx context.Context, params *networkv1.GKENetworkPa
 	}
 
 	addFinalizerInPlace(params)
+
+	// Validate that the fields set are a valid combination.
+	presenceValidation := c.validateFieldCombinations(ctx, params)
+	if !presenceValidation.IsValid {
+		meta.SetStatusCondition(&params.Status.Conditions, presenceValidation.toCondition())
+		return nil
+	}
+
+	// Validate specific fields once field combination is valid.
+	netAttachment := params.Spec.NetworkAttachment
+	if netAttachment != "" {
+		networkAttachmentValidation := c.validateNetworkAttachment(ctx, netAttachment)
+		meta.SetStatusCondition(&params.Status.Conditions, networkAttachmentValidation.toCondition())
+		if !networkAttachmentValidation.IsValid {
+			return nil
+		}
+
+		return c.getAndSyncNetworkForGNP(ctx, params)
+	}
+
+	// Validate params with (VPC + VPCSubnet).
 	subnet, subnetValidation := c.getAndValidateSubnet(ctx, params)
 	meta.SetStatusCondition(&params.Status.Conditions, subnetValidation.toCondition())
 	if !subnetValidation.IsValid {
@@ -436,6 +457,13 @@ func (c *Controller) syncGNP(ctx context.Context, params *networkv1.GKENetworkPa
 		CIDRBlocks: cidrs,
 	}
 
+	return c.getAndSyncNetworkForGNP(ctx, params)
+}
+
+// getAndSyncNetworkForGNP gets the network that refers to this GNP object, and
+// then does the cross sync of Network with GNP. GNP is guaranteed to have
+// minimum fields set (either NetworkAttachment or [VPC + VPCSubnet]).
+func (c *Controller) getAndSyncNetworkForGNP(ctx context.Context, params *networkv1.GKENetworkParamSet) error {
 	network, err := c.getNetworkReferringToGNP(params.Name)
 	if err != nil {
 		return err

pkg/controller/gkenetworkparamset/gkenetworkparamset_controller_test.go

@@ -498,6 +498,7 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 	gkeNetworkParamSetName := "test-paramset"
 	duplicateVPCName := "already-used-vpc"
 	duplicateSubnetName := "already-used-subnet"
+	netAttachmentName := "projects/test-project/regions/test-region/networkAttachments/testAttachment"
 
 	tests := []struct {
 		name              string
@@ -506,7 +507,7 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 		expectedCondition metav1.Condition
 	}{
 		{
-			name: "Unspecified Subnet",
+			name: "VPC with unspecified VPCSubnet",
 			paramSet: &networkv1.GKENetworkParamSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: gkeNetworkParamSetName,
@@ -518,7 +519,21 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 			expectedCondition: metav1.Condition{
 				Type:   "Ready",
 				Status: metav1.ConditionFalse,
-				Reason: "SubnetNotFound",
+				Reason: "GNPConfigInvalid",
+			},
+		},
+		{
+			name: "Unspecified - no NetworkAttachment, no VPC or VPCSubnet",
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "Ready",
+				Status: metav1.ConditionFalse,
+				Reason: "GNPConfigInvalid",
 			},
 		},
 		{
@@ -528,8 +543,9 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 					Name: gkeNetworkParamSetName,
 				},
 				Spec: networkv1.GKENetworkParamSetSpec{
-					VPC:       "test-vpc",
-					VPCSubnet: "non-existant-test-subnet",
+					VPC:        "test-vpc",
+					VPCSubnet:  "non-existant-test-subnet",
+					DeviceMode: "test-device-mode",
 				},
 			},
 			expectedCondition: metav1.Condition{
@@ -584,7 +600,7 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 			},
 		},
 		{
-			name: "Valid GKENetworkParamSet",
+			name: "Valid GKENetworkParamSet with VPC, VPCSubnet, and PodIPv4Ranges",
 			paramSet: &networkv1.GKENetworkParamSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: gkeNetworkParamSetName,
@@ -605,6 +621,38 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 				Reason: "GNPReady",
 			},
 		},
+		{
+			name: "Valid GKENetworkParamSet with NetworkAttachment",
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "Ready",
+				Status: metav1.ConditionTrue,
+				Reason: "GNPReady",
+			},
+		},
+		{
+			name: "GNP with NetworkAttachment - bad format",
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: "invalid",
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "Ready",
+				Status: metav1.ConditionFalse,
+				Reason: "NetworkAttachmentInvalid",
+			},
+		},
 		{
 			name: "GNP with deviceMode and referencing VPC is referenced in any other existing GNP",
 			paramSet: &networkv1.GKENetworkParamSet{
@@ -642,7 +690,7 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 			},
 		},
 		{
-			name: "GNP with VPC unspecified",
+			name: "GNP with VPCSubnet - VPC unspecified",
 			paramSet: &networkv1.GKENetworkParamSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: gkeNetworkParamSetName,
@@ -655,11 +703,11 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 			expectedCondition: metav1.Condition{
 				Type:   "Ready",
 				Status: metav1.ConditionFalse,
-				Reason: "VPCNotFound",
+				Reason: "GNPConfigInvalid",
 			},
 		},
 		{
-			name: "GNP with specified, but nonexistant VPC",
+			name: "GNP with VPC and VPCSubnet - specified, but nonexistant VPC",
 			paramSet: &networkv1.GKENetworkParamSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: gkeNetworkParamSetName,
@@ -677,7 +725,7 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 			},
 		},
 		{
-			name: "GNP without devicemode or secondary range specified",
+			name: "GNP with VPC and VPCSubnet - without DeviceMode or secondary range specified",
 			paramSet: &networkv1.GKENetworkParamSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: gkeNetworkParamSetName,
@@ -711,6 +759,78 @@ func TestGKENetworkParamSetValidations(t *testing.T) {
 				Reason: "DeviceModeCantUseDefaultVPC",
 			},
 		},
+		{
+			name: "GNP with NetworkAttachment - but VPC specified",
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+					VPC:               defaultTestNetworkName,
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "Ready",
+				Status: metav1.ConditionFalse,
+				Reason: "GNPConfigInvalid",
+			},
+		},
+		{
+			name: "GNP with NetworkAttachment - but VPCSubnet specified",
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+					VPCSubnet:         "test-subnet",
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "Ready",
+				Status: metav1.ConditionFalse,
+				Reason: "GNPConfigInvalid",
+			},
+		},
+		{
+			name: "GNP with NetworkAttachment - but PodIPv4Ranges specified",
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+					PodIPv4Ranges: &networkv1.SecondaryRanges{
+						RangeNames: []string{
+							"nonexistent-secondary-range",
+						},
+					},
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "Ready",
+				Status: metav1.ConditionFalse,
+				Reason: "GNPConfigInvalid",
+			},
+		},
+		{
+			name: "GNP with NetworkAttachment - but DeviceMode specified",
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+					DeviceMode:        "test-device-mode",
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "Ready",
+				Status: metav1.ConditionFalse,
+				Reason: "GNPConfigInvalid",
+			},
+		},
 	}
 
 	for _, test := range tests {
@@ -810,6 +930,7 @@ func TestCrossValidateNetworkAndGnp(t *testing.T) {
 	subnetName := "test-subnet"
 	subnetSecondaryRangeName := "test-secondary-range"
 	networkName := "network-name"
+	netAttachmentName := "projects/test-project/regions/test-region/networkAttachments/testAttachment"
 
 	tests := []struct {
 		name              string
@@ -818,7 +939,7 @@ func TestCrossValidateNetworkAndGnp(t *testing.T) {
 		expectedCondition metav1.Condition
 	}{
 		{
-			name: "L3NetworkType with missing PodIPv4Ranges",
+			name: "L3NetworkType has VPC + VPCSubnet GNP missing PodIPv4Ranges",
 			network: &networkv1.Network{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: networkName,
@@ -844,6 +965,56 @@ func TestCrossValidateNetworkAndGnp(t *testing.T) {
 				Reason: "L3SecondaryMissing",
 			},
 		},
+		{
+			name: "DeviceNetworkType with NetworkAttachment",
+			network: &networkv1.Network{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: networkName,
+				},
+				Spec: networkv1.NetworkSpec{
+					Type:          networkv1.DeviceNetworkType,
+					ParametersRef: &networkv1.NetworkParametersReference{Name: gkeNetworkParamSetName, Kind: gnpKind},
+				},
+			},
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "ParamsReady",
+				Status: metav1.ConditionFalse,
+				Reason: "NetworkAttachmentUnsupported",
+			},
+		},
+		{
+			name: "L2NetworkType with NetworkAttachment",
+			network: &networkv1.Network{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: networkName,
+				},
+				Spec: networkv1.NetworkSpec{
+					Type:          networkv1.L2NetworkType,
+					ParametersRef: &networkv1.NetworkParametersReference{Name: gkeNetworkParamSetName, Kind: gnpKind},
+				},
+			},
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "ParamsReady",
+				Status: metav1.ConditionFalse,
+				Reason: "NetworkAttachmentUnsupported",
+			},
+		},
 		{
 			name: "DeviceNetworkType with missing DeviceMode",
 			network: &networkv1.Network{
@@ -872,7 +1043,7 @@ func TestCrossValidateNetworkAndGnp(t *testing.T) {
 			},
 		},
 		{
-			name: "Valid L3NetworkType",
+			name: "Valid L3NetworkType with PodIPv4Ranges",
 			network: &networkv1.Network{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: networkName,
@@ -898,6 +1069,31 @@ func TestCrossValidateNetworkAndGnp(t *testing.T) {
 				Reason: "GNPParamsReady",
 			},
 		},
+		{
+			name: "Valid L3NetworkType with NetworkAttachment",
+			network: &networkv1.Network{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: networkName,
+				},
+				Spec: networkv1.NetworkSpec{
+					Type:          networkv1.L3NetworkType,
+					ParametersRef: &networkv1.NetworkParametersReference{Name: gkeNetworkParamSetName, Kind: gnpKind},
+				},
+			},
+			paramSet: &networkv1.GKENetworkParamSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: gkeNetworkParamSetName,
+				},
+				Spec: networkv1.GKENetworkParamSetSpec{
+					NetworkAttachment: netAttachmentName,
+				},
+			},
+			expectedCondition: metav1.Condition{
+				Type:   "ParamsReady",
+				Status: metav1.ConditionTrue,
+				Reason: "GNPParamsReady",
+			},
+		},
 		{
 			name: "Valid DeviceNetworkType",
 			network: &networkv1.Network{