Merge pull request #1444 from vr4manta/SPLAT-2573

SPLAT-2573: Update AWS dedicated hook logic with new API changes

Author: openshift-merge-bot[bot]

go.mod

@@ -19,8 +19,8 @@ require (
 	github.com/onsi/ginkgo/v2 v2.27.2
 	github.com/onsi/gomega v1.38.2
 	github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7
-	github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42
-	github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235
+	github.com/openshift/api v0.0.0-20251205114208-5eb46a7b4ce8
+	github.com/openshift/client-go v0.0.0-20251202151200-fb4471581cf8
 	github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d
 	github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20251029084908-344babe6a957
 	github.com/openshift/library-go v0.0.0-20251107090138-0de9712313a5

go.sum

@@ -449,10 +449,10 @@ github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jD
 github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7 h1:Z1swlS6b3Adm6RPhjqefs3DWnNFLDxRX+WC8GMXhja4=
 github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M=
-github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42 h1:Mo2FlDdoCZ+BE2W4C0lNcxEDeIIhfsYFP6vj4Sggp8w=
-github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
-github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 h1:9JBeIXmnHlpXTQPi7LPmu1jdxznBhAE7bb1K+3D8gxY=
-github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235/go.mod h1:L49W6pfrZkfOE5iC1PqEkuLkXG4W0BX4w8b+L2Bv7fM=
+github.com/openshift/api v0.0.0-20251205114208-5eb46a7b4ce8 h1:kF1HhMhHSpipdHjHm92WngUCxhNC4Iy7wbF6RL739w0=
+github.com/openshift/api v0.0.0-20251205114208-5eb46a7b4ce8/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
+github.com/openshift/client-go v0.0.0-20251202151200-fb4471581cf8 h1:97rgISdT4IOmXlmEUV5Wr6d8BzzjPclzAjCARLbSlT0=
+github.com/openshift/client-go v0.0.0-20251202151200-fb4471581cf8/go.mod h1:WVJnsrbSO1J8x8KceOmv1d5CpoN34Uzsaz1O4MIOKJI=
 github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d h1:+sqUThLi/lmgT5/scmmjnS6+RZFtbdxRAscNfCPyLPI=
 github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d/go.mod h1:9+FWWWLkVrnBo1eYhA/0Ehlq5JMgIAHtcB0IF+qV1AA=
 github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20251029084908-344babe6a957 h1:eVnkMTFnirnoUOlAUT3Hy8WriIi1JoSrilWym3Dl8Q4=

pkg/webhooks/machine_webhook.go

@@ -831,19 +831,7 @@ func validateAWS(m *machinev1beta1.Machine, config *admissionConfig) (bool, []st
 		}
 	}
 
-	switch providerSpec.Placement.Tenancy {
-	case "", machinev1beta1.DefaultTenancy, machinev1beta1.DedicatedTenancy, machinev1beta1.HostTenancy:
-		// Do nothing, valid values
-	default:
-		errs = append(
-			errs,
-			field.Invalid(
-				field.NewPath("providerSpec", "tenancy"),
-				providerSpec.Placement.Tenancy,
-				fmt.Sprintf("Invalid providerSpec.tenancy, the only allowed options are: %s, %s, %s", machinev1beta1.DefaultTenancy, machinev1beta1.DedicatedTenancy, machinev1beta1.HostTenancy),
-			),
-		)
-	}
+	errs = append(errs, processAWSPlacementTenancy(providerSpec.Placement)...)
 
 	if providerSpec.PlacementGroupPartition != nil {
 		partition := *providerSpec.PlacementGroupPartition
@@ -933,43 +921,66 @@ func validateAWS(m *machinev1beta1.Machine, config *admissionConfig) (bool, []st
 		}
 	}
 
-	// Dedicated host support.
-	// Check if host placement is configured.  If so, then we need to determine placement affinity and validate configs.
-	if providerSpec.HostPlacement != nil {
-		klog.V(4).Infof("Validating AWS Host Placement")
-		placement := *providerSpec.HostPlacement
-		if placement.Affinity == nil {
-			errs = append(errs, field.Required(field.NewPath("spec.hostPlacement.affinity"), "affinity is required and must be set to either AnyAvailable or DedicatedHost"))
-		} else {
-			switch *placement.Affinity {
-			case machinev1beta1.HostAffinityAnyAvailable:
-				// Cannot have DedicatedHost set
-				if placement.DedicatedHost != nil {
-					errs = append(errs, field.Forbidden(field.NewPath("spec.hostPlacement.dedicatedHost"), "dedicatedHost is required when affinity is DedicatedHost, and forbidden otherwise"))
-				}
-			case machinev1beta1.HostAffinityDedicatedHost:
-				// We need to make sure DedicatedHost is set with a HostID
-				if placement.DedicatedHost == nil {
-					errs = append(errs, field.Required(field.NewPath("spec.hostPlacement.dedicatedHost"), "dedicatedHost is required when affinity is DedicatedHost, and forbidden otherwise"))
-				} else {
-					// If not set, return required error.  If it does not match pattern, return pattern failure message.
-					if placement.DedicatedHost.ID == "" {
-						errs = append(errs, field.Required(field.NewPath("spec.hostPlacement.dedicatedHost.id"), "id is required and must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)"))
-					} else if awsDedicatedHostNamePattern.FindStringSubmatch(placement.DedicatedHost.ID) == nil {
-						errs = append(errs, field.Invalid(field.NewPath("spec.hostPlacement.dedicatedHost.id"), placement.DedicatedHost.ID, "id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)"))
+	if len(errs) > 0 {
+		return false, warnings, errs
+	}
+
+	return true, warnings, nil
+}
+
+// processAWSPlacement analyzes the Placement field in relation to Tenancy and host placement.  These are analyzed
+// together based based on their relations to one another.
+func processAWSPlacementTenancy(placement machinev1beta1.Placement) field.ErrorList {
+	var errs field.ErrorList
+
+	switch placement.Tenancy {
+	case "", machinev1beta1.DefaultTenancy, machinev1beta1.DedicatedTenancy:
+		// Host is not supported for these cases
+		if placement.Host != nil {
+			errs = append(errs, field.Forbidden(field.NewPath("spec.placement.host"), "host may only be specified when tenancy is 'host'"))
+		}
+	case machinev1beta1.HostTenancy:
+		if placement.Host != nil {
+			klog.V(4).Infof("Validating AWS Host Placement")
+
+			if placement.Host.Affinity == nil {
+				errs = append(errs, field.Required(field.NewPath("spec.placement.host.affinity"), "affinity is required and must be set to either AnyAvailable or DedicatedHost"))
+			} else {
+				switch *placement.Host.Affinity {
+				case machinev1beta1.HostAffinityAnyAvailable:
+					// DedicatedHost is optional.  If it is set, make sure it follows conventions
+					if placement.Host.DedicatedHost != nil && !awsDedicatedHostNamePattern.MatchString(placement.Host.DedicatedHost.ID) {
+						errs = append(errs, field.Invalid(field.NewPath("spec.placement.host.dedicatedHost.id"), placement.Host.DedicatedHost.ID, "id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)"))
 					}
+				case machinev1beta1.HostAffinityDedicatedHost:
+					// We need to make sure DedicatedHost is set with an ID
+					if placement.Host.DedicatedHost == nil {
+						errs = append(errs, field.Required(field.NewPath("spec.placement.host.dedicatedHost"), "dedicatedHost is required when hostAffinity is DedicatedHost, and optional otherwise"))
+					} else {
+						// If not set, return required error.  If it does not match pattern, return pattern failure message.
+						if placement.Host.DedicatedHost.ID == "" {
+							errs = append(errs, field.Required(field.NewPath("spec.placement.host.dedicatedHost.id"), "id is required and must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)"))
+						} else if !awsDedicatedHostNamePattern.MatchString(placement.Host.DedicatedHost.ID) {
+							errs = append(errs, field.Invalid(field.NewPath("spec.placement.host.dedicatedHost.id"), placement.Host.DedicatedHost.ID, "id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)"))
+						}
+					}
+				default:
+					errs = append(errs, field.Invalid(field.NewPath("spec.placement.host.affinity"), placement.Host.Affinity, "hostAffinity must be either AnyAvailable or DedicatedHost"))
 				}
-			default:
-				errs = append(errs, field.Invalid(field.NewPath("spec.hostPlacement.affinity"), placement.Affinity, "affinity must be either AnyAvailable or DedicatedHost"))
 			}
 		}
+	default:
+		errs = append(
+			errs,
+			field.Invalid(
+				field.NewPath("providerSpec", "tenancy"),
+				placement.Tenancy,
+				fmt.Sprintf("Invalid providerSpec.tenancy, the only allowed options are: %s, %s, %s, or omitted", machinev1beta1.DefaultTenancy, machinev1beta1.DedicatedTenancy, machinev1beta1.HostTenancy),
+			),
+		)
 	}
 
-	if len(errs) > 0 {
-		return false, warnings, errs
-	}
-
-	return true, warnings, nil
+	return errs
 }
 
 // getDuplicatedTags iterates through the AWS TagSpecifications