fix: add CEL validation rule to require one of volume configs

Author: dkoshkin

api/v1alpha1/aws_node_types.go

@@ -114,6 +114,7 @@ type AMILookup struct {
 	BaseOS string `json:"baseOS,omitempty"`
 }
 
+// +kubebuilder:validation:XValidation:rule="has(self.root) || size(self.nonroot) > 0",message="either root or nonroot must be specified"
 type AWSVolumes struct {
 	// Configuration options for the root storage volume.
 	// +kubebuilder:validation:Optional

api/v1alpha1/crds/caren.nutanix.com_awsclusterconfigs.yaml

@@ -498,6 +498,9 @@ spec:
                                   type: string
                               type: object
                           type: object
+                          x-kubernetes-validations:
+                            - message: either root or nonroot must be specified
+                              rule: has(self.root) || size(self.nonroot) > 0
                       type: object
                     nodeRegistration:
                       default: {}

api/v1alpha1/crds/caren.nutanix.com_awsworkernodeconfigs.yaml

@@ -200,6 +200,9 @@ spec:
                             type: string
                         type: object
                     type: object
+                    x-kubernetes-validations:
+                    - message: either root or nonroot must be specified
+                      rule: has(self.root) || size(self.nonroot) > 0
                 type: object
               nodeRegistration:
                 default: {}

api/v1alpha1/crds/caren.nutanix.com_eksworkernodeconfigs.yaml

@@ -200,6 +200,9 @@ spec:
                             type: string
                         type: object
                     type: object
+                    x-kubernetes-validations:
+                    - message: either root or nonroot must be specified
+                      rule: has(self.root) || size(self.nonroot) > 0
                 type: object
               taints:
                 description: Taints specifies the taints the Node API object should

pkg/handlers/aws/mutation/volumes/variables_test.go

@@ -53,5 +53,72 @@ func TestVariableValidation(t *testing.T) {
 				},
 			},
 		},
+		capitest.VariableTestDef{
+			Name: "Root volume only",
+			Vals: v1alpha1.AWSClusterConfigSpec{
+				ControlPlane: &v1alpha1.AWSControlPlaneSpec{
+					AWS: &v1alpha1.AWSControlPlaneNodeSpec{
+						AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+							Volumes: &v1alpha1.AWSVolumes{
+								Root: &v1alpha1.AWSVolume{
+									Size: 100,
+									Type: capav1.VolumeTypeGP3,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		capitest.VariableTestDef{
+			Name: "Non-root volumes only",
+			Vals: v1alpha1.AWSClusterConfigSpec{
+				ControlPlane: &v1alpha1.AWSControlPlaneSpec{
+					AWS: &v1alpha1.AWSControlPlaneNodeSpec{
+						AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+							Volumes: &v1alpha1.AWSVolumes{
+								NonRoot: []v1alpha1.AWSVolume{
+									{
+										DeviceName: "/dev/sdf",
+										Size:       200,
+										Type:       capav1.VolumeTypeGP3,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		capitest.VariableTestDef{
+			Name: "Error when neither root nor non-root volumes",
+			Vals: v1alpha1.AWSClusterConfigSpec{
+				ControlPlane: &v1alpha1.AWSControlPlaneSpec{
+					AWS: &v1alpha1.AWSControlPlaneNodeSpec{
+						AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+							Volumes: &v1alpha1.AWSVolumes{
+								// Both Root and NonRoot are nil/empty
+							},
+						},
+					},
+				},
+			},
+			ExpectError: true,
+		},
+		capitest.VariableTestDef{
+			Name: "Error when empty non-root volumes array",
+			Vals: v1alpha1.AWSClusterConfigSpec{
+				ControlPlane: &v1alpha1.AWSControlPlaneSpec{
+					AWS: &v1alpha1.AWSControlPlaneNodeSpec{
+						AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+							Volumes: &v1alpha1.AWSVolumes{
+								NonRoot: []v1alpha1.AWSVolume{},
+							},
+						},
+					},
+				},
+			},
+			ExpectError: true,
+		},
 	)
 }

pkg/handlers/eks/mutation/volumes/variables_test.go

@@ -51,5 +51,64 @@ func TestVariableValidation(t *testing.T) {
 				},
 			},
 		},
+		capitest.VariableTestDef{
+			Name: "Root volume only",
+			Vals: v1alpha1.EKSWorkerNodeConfigSpec{
+				EKS: &v1alpha1.AWSWorkerNodeSpec{
+					AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+						Volumes: &v1alpha1.AWSVolumes{
+							Root: &v1alpha1.AWSVolume{
+								Size: 100,
+								Type: capav1.VolumeTypeGP3,
+							},
+						},
+					},
+				},
+			},
+		},
+		capitest.VariableTestDef{
+			Name: "Non-root volumes only",
+			Vals: v1alpha1.EKSWorkerNodeConfigSpec{
+				EKS: &v1alpha1.AWSWorkerNodeSpec{
+					AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+						Volumes: &v1alpha1.AWSVolumes{
+							NonRoot: []v1alpha1.AWSVolume{
+								{
+									DeviceName: "/dev/sdf",
+									Size:       200,
+									Type:       capav1.VolumeTypeGP3,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		capitest.VariableTestDef{
+			Name: "Error when neither root nor non-root volumes",
+			Vals: v1alpha1.EKSWorkerNodeConfigSpec{
+				EKS: &v1alpha1.AWSWorkerNodeSpec{
+					AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+						Volumes: &v1alpha1.AWSVolumes{
+							// Both Root and NonRoot are nil/empty
+						},
+					},
+				},
+			},
+			ExpectError: true,
+		},
+		capitest.VariableTestDef{
+			Name: "Error when empty non-root volumes array",
+			Vals: v1alpha1.EKSWorkerNodeConfigSpec{
+				EKS: &v1alpha1.AWSWorkerNodeSpec{
+					AWSGenericNodeSpec: v1alpha1.AWSGenericNodeSpec{
+						Volumes: &v1alpha1.AWSVolumes{
+							NonRoot: []v1alpha1.AWSVolume{},
+						},
+					},
+				},
+			},
+			ExpectError: true,
+		},
 	)
 }