Skip to content

Commit 0b0271a

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #7875 from qJkee/OCPBUGS-24956
OCPBUGS-24956: Add cloud credential capability validation
2 parents 5fe186c + 784ff41 commit 0b0271a

File tree

2 files changed

+79
-4
lines changed

2 files changed

+79
-4
lines changed

pkg/types/validation/installconfig.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,13 @@ func ValidateInstallConfig(c *types.InstallConfig, usingAgentMethod bool) field.
190190
}
191191

192192
if c.Capabilities != nil {
193+
capSet := c.Capabilities.BaselineCapabilitySet
194+
if capSet == "" {
195+
capSet = configv1.ClusterVersionCapabilitySetCurrent
196+
}
197+
enabledCaps := sets.New[configv1.ClusterVersionCapability](configv1.ClusterVersionCapabilitySets[capSet]...)
198+
enabledCaps.Insert(c.Capabilities.AdditionalEnabledCapabilities...)
199+
193200
if c.Capabilities.BaselineCapabilitySet == configv1.ClusterVersionCapabilitySetNone {
194201
enabledCaps := sets.New[configv1.ClusterVersionCapability](c.Capabilities.AdditionalEnabledCapabilities...)
195202
if enabledCaps.Has(configv1.ClusterVersionCapabilityBaremetal) && !enabledCaps.Has(configv1.ClusterVersionCapabilityMachineAPI) {
@@ -201,6 +208,16 @@ func ValidateInstallConfig(c *types.InstallConfig, usingAgentMethod bool) field.
201208
"the marketplace capability requires the OperatorLifecycleManager capability"))
202209
}
203210
}
211+
212+
if !enabledCaps.Has(configv1.ClusterVersionCapabilityCloudCredential) {
213+
// check if platform is cloud
214+
if c.None == nil && c.BareMetal == nil {
215+
if c.CredentialsMode != types.ManualCredentialsMode {
216+
allErrs = append(allErrs, field.Invalid(field.NewPath("credentialsMode"), c.CredentialsMode,
217+
"credentialsMode must be set to Manual when CloudCredentials capability is disabled on a cloud platform"))
218+
}
219+
}
220+
}
204221
}
205222

206223
allErrs = append(allErrs, ValidateFeatureSet(c)...)

pkg/types/validation/installconfig_test.go

Lines changed: 62 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1590,6 +1590,7 @@ func TestValidateInstallConfig(t *testing.T) {
15901590
installConfig: func() *types.InstallConfig {
15911591
c := validInstallConfig()
15921592
c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11"}
1593+
c.Capabilities.AdditionalEnabledCapabilities = append(c.Capabilities.AdditionalEnabledCapabilities, configv1.ClusterVersionCapabilityCloudCredential)
15931594
return c
15941595
}(),
15951596
},
@@ -1635,8 +1636,8 @@ func TestValidateInstallConfig(t *testing.T) {
16351636
name: "valid additional enabled capability specified",
16361637
installConfig: func() *types.InstallConfig {
16371638
c := validInstallConfig()
1638-
c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11",
1639-
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{"openshift-samples"}}
1639+
c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11"}
1640+
c.Capabilities.AdditionalEnabledCapabilities = append(c.Capabilities.AdditionalEnabledCapabilities, configv1.ClusterVersionCapabilityCloudCredential, configv1.ClusterVersionCapabilityOpenShiftSamples)
16401641
return c
16411642
}(),
16421643
},
@@ -2280,6 +2281,7 @@ func TestValidateInstallConfig(t *testing.T) {
22802281
c.Capabilities = &types.Capabilities{
22812282
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
22822283
}
2284+
c.Capabilities.AdditionalEnabledCapabilities = append(c.Capabilities.AdditionalEnabledCapabilities, configv1.ClusterVersionCapabilityCloudCredential)
22832285
return c
22842286
}(),
22852287
},
@@ -2289,7 +2291,7 @@ func TestValidateInstallConfig(t *testing.T) {
22892291
c := validInstallConfig()
22902292
c.Capabilities = &types.Capabilities{
22912293
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2292-
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityBaremetal, configv1.ClusterVersionCapabilityMachineAPI},
2294+
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityBaremetal, configv1.ClusterVersionCapabilityMachineAPI, configv1.ClusterVersionCapabilityCloudCredential},
22932295
}
22942296
return c
22952297
}(),
@@ -2300,7 +2302,63 @@ func TestValidateInstallConfig(t *testing.T) {
23002302
c := validInstallConfig()
23012303
c.Capabilities = &types.Capabilities{
23022304
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2303-
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityMachineAPI},
2305+
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityMachineAPI, configv1.ClusterVersionCapabilityCloudCredential},
2306+
}
2307+
return c
2308+
}(),
2309+
},
2310+
{
2311+
name: "CloudCredential is enabled in cloud",
2312+
installConfig: func() *types.InstallConfig {
2313+
c := validInstallConfig()
2314+
c.Capabilities = &types.Capabilities{
2315+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetCurrent,
2316+
}
2317+
return c
2318+
}(),
2319+
},
2320+
{
2321+
name: "CloudCredential is disabled in cloud",
2322+
installConfig: func() *types.InstallConfig {
2323+
c := validInstallConfig()
2324+
c.Capabilities = &types.Capabilities{
2325+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2326+
}
2327+
return c
2328+
}(),
2329+
expectedError: "credentialsMode must be set to Manual when CloudCredentials capability is disabled on a cloud platform",
2330+
},
2331+
{
2332+
name: "CloudCredential is disabled in cloud,but CredentialsMode is set to Manual",
2333+
installConfig: func() *types.InstallConfig {
2334+
c := validInstallConfig()
2335+
c.CredentialsMode = types.ManualCredentialsMode
2336+
c.Capabilities = &types.Capabilities{
2337+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2338+
}
2339+
return c
2340+
}(),
2341+
},
2342+
{
2343+
name: "CloudCredential is enabled in baremetal",
2344+
installConfig: func() *types.InstallConfig {
2345+
c := validInstallConfig()
2346+
c.BareMetal = validBareMetalPlatform()
2347+
c.AWS = nil
2348+
c.Capabilities = &types.Capabilities{
2349+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetCurrent,
2350+
}
2351+
return c
2352+
}(),
2353+
},
2354+
{
2355+
name: "CloudCredential is disabled in baremetal",
2356+
installConfig: func() *types.InstallConfig {
2357+
c := validInstallConfig()
2358+
c.BareMetal = validBareMetalPlatform()
2359+
c.AWS = nil
2360+
c.Capabilities = &types.Capabilities{
2361+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
23042362
}
23052363
return c
23062364
}(),

0 commit comments

Comments
 (0)