Skip to content

Commit 784ff41

Browse files
qJkeeqJkee
committed
Add cloud credential capability validation
Add validation to the installer for CloudCredential capability in order to make it available only for baremetal installs or properly configured cloud credentials mode
1 parent 7feda29 commit 784ff41

File tree

2 files changed

+79
-4
lines changed

2 files changed

+79
-4
lines changed

pkg/types/validation/installconfig.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,13 @@ func ValidateInstallConfig(c *types.InstallConfig, usingAgentMethod bool) field.
190190
}
191191

192192
if c.Capabilities != nil {
193+
capSet := c.Capabilities.BaselineCapabilitySet
194+
if capSet == "" {
195+
capSet = configv1.ClusterVersionCapabilitySetCurrent
196+
}
197+
enabledCaps := sets.New[configv1.ClusterVersionCapability](configv1.ClusterVersionCapabilitySets[capSet]...)
198+
enabledCaps.Insert(c.Capabilities.AdditionalEnabledCapabilities...)
199+
193200
if c.Capabilities.BaselineCapabilitySet == configv1.ClusterVersionCapabilitySetNone {
194201
enabledCaps := sets.New[configv1.ClusterVersionCapability](c.Capabilities.AdditionalEnabledCapabilities...)
195202
if enabledCaps.Has(configv1.ClusterVersionCapabilityBaremetal) && !enabledCaps.Has(configv1.ClusterVersionCapabilityMachineAPI) {
@@ -201,6 +208,16 @@ func ValidateInstallConfig(c *types.InstallConfig, usingAgentMethod bool) field.
201208
"the marketplace capability requires the OperatorLifecycleManager capability"))
202209
}
203210
}
211+
212+
if !enabledCaps.Has(configv1.ClusterVersionCapabilityCloudCredential) {
213+
// check if platform is cloud
214+
if c.None == nil && c.BareMetal == nil {
215+
if c.CredentialsMode != types.ManualCredentialsMode {
216+
allErrs = append(allErrs, field.Invalid(field.NewPath("credentialsMode"), c.CredentialsMode,
217+
"credentialsMode must be set to Manual when CloudCredentials capability is disabled on a cloud platform"))
218+
}
219+
}
220+
}
204221
}
205222

206223
allErrs = append(allErrs, ValidateFeatureSet(c)...)

pkg/types/validation/installconfig_test.go

Lines changed: 62 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1590,6 +1590,7 @@ func TestValidateInstallConfig(t *testing.T) {
15901590
installConfig: func() *types.InstallConfig {
15911591
c := validInstallConfig()
15921592
c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11"}
1593+
c.Capabilities.AdditionalEnabledCapabilities = append(c.Capabilities.AdditionalEnabledCapabilities, configv1.ClusterVersionCapabilityCloudCredential)
15931594
return c
15941595
}(),
15951596
},
@@ -1635,8 +1636,8 @@ func TestValidateInstallConfig(t *testing.T) {
16351636
name: "valid additional enabled capability specified",
16361637
installConfig: func() *types.InstallConfig {
16371638
c := validInstallConfig()
1638-
c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11",
1639-
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{"openshift-samples"}}
1639+
c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11"}
1640+
c.Capabilities.AdditionalEnabledCapabilities = append(c.Capabilities.AdditionalEnabledCapabilities, configv1.ClusterVersionCapabilityCloudCredential, configv1.ClusterVersionCapabilityOpenShiftSamples)
16401641
return c
16411642
}(),
16421643
},
@@ -2280,6 +2281,7 @@ func TestValidateInstallConfig(t *testing.T) {
22802281
c.Capabilities = &types.Capabilities{
22812282
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
22822283
}
2284+
c.Capabilities.AdditionalEnabledCapabilities = append(c.Capabilities.AdditionalEnabledCapabilities, configv1.ClusterVersionCapabilityCloudCredential)
22832285
return c
22842286
}(),
22852287
},
@@ -2289,7 +2291,7 @@ func TestValidateInstallConfig(t *testing.T) {
22892291
c := validInstallConfig()
22902292
c.Capabilities = &types.Capabilities{
22912293
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2292-
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityBaremetal, configv1.ClusterVersionCapabilityMachineAPI},
2294+
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityBaremetal, configv1.ClusterVersionCapabilityMachineAPI, configv1.ClusterVersionCapabilityCloudCredential},
22932295
}
22942296
return c
22952297
}(),
@@ -2300,7 +2302,63 @@ func TestValidateInstallConfig(t *testing.T) {
23002302
c := validInstallConfig()
23012303
c.Capabilities = &types.Capabilities{
23022304
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2303-
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityMachineAPI},
2305+
AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{configv1.ClusterVersionCapabilityMachineAPI, configv1.ClusterVersionCapabilityCloudCredential},
2306+
}
2307+
return c
2308+
}(),
2309+
},
2310+
{
2311+
name: "CloudCredential is enabled in cloud",
2312+
installConfig: func() *types.InstallConfig {
2313+
c := validInstallConfig()
2314+
c.Capabilities = &types.Capabilities{
2315+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetCurrent,
2316+
}
2317+
return c
2318+
}(),
2319+
},
2320+
{
2321+
name: "CloudCredential is disabled in cloud",
2322+
installConfig: func() *types.InstallConfig {
2323+
c := validInstallConfig()
2324+
c.Capabilities = &types.Capabilities{
2325+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2326+
}
2327+
return c
2328+
}(),
2329+
expectedError: "credentialsMode must be set to Manual when CloudCredentials capability is disabled on a cloud platform",
2330+
},
2331+
{
2332+
name: "CloudCredential is disabled in cloud,but CredentialsMode is set to Manual",
2333+
installConfig: func() *types.InstallConfig {
2334+
c := validInstallConfig()
2335+
c.CredentialsMode = types.ManualCredentialsMode
2336+
c.Capabilities = &types.Capabilities{
2337+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
2338+
}
2339+
return c
2340+
}(),
2341+
},
2342+
{
2343+
name: "CloudCredential is enabled in baremetal",
2344+
installConfig: func() *types.InstallConfig {
2345+
c := validInstallConfig()
2346+
c.BareMetal = validBareMetalPlatform()
2347+
c.AWS = nil
2348+
c.Capabilities = &types.Capabilities{
2349+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetCurrent,
2350+
}
2351+
return c
2352+
}(),
2353+
},
2354+
{
2355+
name: "CloudCredential is disabled in baremetal",
2356+
installConfig: func() *types.InstallConfig {
2357+
c := validInstallConfig()
2358+
c.BareMetal = validBareMetalPlatform()
2359+
c.AWS = nil
2360+
c.Capabilities = &types.Capabilities{
2361+
BaselineCapabilitySet: configv1.ClusterVersionCapabilitySetNone,
23042362
}
23052363
return c
23062364
}(),

0 commit comments

Comments
 (0)