Merge pull request openshift#8592 from shiftstack/OCPBUGS-35420

openshift-merge-bot[bot] · web-flow · commit e9c454889b63 · 2024-06-24T05:37:41.000Z
OCPBUGS-35420: OSASINFRA-1962: openstack: Validate additionalNetworkIDs and additionalSecurityGroupIDs
diff --git a/pkg/asset/installconfig/openstack/validation/cloudinfo.go b/pkg/asset/installconfig/openstack/validation/cloudinfo.go
@@ -17,6 +17,7 @@ import (
 	"github.com/gophercloud/gophercloud/v2/openstack/image/v2/images"
 	"github.com/gophercloud/gophercloud/v2/openstack/networking/v2/extensions/layer3/floatingips"
 	networkquotasets "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/extensions/quotas"
+	"github.com/gophercloud/gophercloud/v2/openstack/networking/v2/extensions/security/groups"
 	"github.com/gophercloud/gophercloud/v2/openstack/networking/v2/networks"
 	"github.com/gophercloud/gophercloud/v2/openstack/networking/v2/subnets"
 	azutils "github.com/gophercloud/utils/v2/openstack/compute/v2/availabilityzones"
@@ -46,6 +47,8 @@ type CloudInfo struct {
 	VolumeTypes             []string
 	NetworkExtensions       []extensions.Extension
 	Quotas                  []quota.Quota
+	Networks                []string
+	SecurityGroups          []string
 
 	clients *clients
 }
@@ -238,6 +241,16 @@ func (ci *CloudInfo) collectInfo(ctx context.Context, ic *types.InstallConfig) e
 		return fmt.Errorf("failed to fetch network extensions: %w", err)
 	}
 
+	ci.Networks, err = ci.getNetworks(ctx)
+	if err != nil {
+		return err
+	}
+
+	ci.SecurityGroups, err = ci.getSecurityGroups(ctx)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -295,6 +308,46 @@ func (ci *CloudInfo) getFlavor(ctx context.Context, flavorName string) (Flavor,
 	}, nil
 }
 
+// getNetworks returns all the network IDs available on the cloud.
+func (ci *CloudInfo) getNetworks(ctx context.Context) ([]string, error) {
+	pages, err := networks.List(ci.clients.networkClient, nil).AllPages(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	networks, err := networks.ExtractNetworks(pages)
+	if err != nil {
+		return nil, err
+	}
+
+	networkIDs := make([]string, len(networks))
+	for i := range networks {
+		networkIDs[i] = networks[i].ID
+	}
+
+	return networkIDs, nil
+}
+
+// getSecurityGroups returns all the security group IDs available on the cloud.
+func (ci *CloudInfo) getSecurityGroups(ctx context.Context) ([]string, error) {
+	pages, err := groups.List(ci.clients.networkClient, groups.ListOpts{}).AllPages(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	groups, err := groups.ExtractGroups(pages)
+	if err != nil {
+		return nil, err
+	}
+
+	sgIDs := make([]string, len(groups))
+	for i := range groups {
+		sgIDs[i] = groups[i].ID
+	}
+
+	return sgIDs, nil
+}
+
 func (ci *CloudInfo) getNetworkByName(ctx context.Context, networkName string) (*networks.Network, error) {
 	if networkName == "" {
 		return nil, nil
diff --git a/pkg/asset/installconfig/openstack/validation/machinepool.go b/pkg/asset/installconfig/openstack/validation/machinepool.go
@@ -68,10 +68,40 @@ func ValidateMachinePool(p *openstack.MachinePool, ci *CloudInfo, controlPlane b
 	allErrs = append(allErrs, validateZones(p.Zones, ci.ComputeZones, fldPath.Child("zones"))...)
 	allErrs = append(allErrs, validateUUIDV4s(p.AdditionalNetworkIDs, fldPath.Child("additionalNetworkIDs"))...)
 	allErrs = append(allErrs, validateUUIDV4s(p.AdditionalSecurityGroupIDs, fldPath.Child("additionalSecurityGroupIDs"))...)
+	allErrs = append(allErrs, validateAdditionalNetworks(p.AdditionalNetworkIDs, ci.Networks, fldPath.Child("additionalNetworkIDs"))...)
+	allErrs = append(allErrs, validateAdditionalSecurityGroups(p.AdditionalSecurityGroupIDs, ci.SecurityGroups, fldPath.Child("additionalSecurityGroupIDs"))...)
 
 	return allErrs
 }
 
+func validateAdditionalNetworks(additionalNetworkIDs, availableNetworks []string, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+	networkSet := make(map[string]struct{}, len(availableNetworks))
+	for i := range availableNetworks {
+		networkSet[availableNetworks[i]] = struct{}{}
+	}
+	for i, n := range additionalNetworkIDs {
+		if _, ok := networkSet[n]; !ok {
+			allErrs = append(allErrs, field.Invalid(fldPath.Index(i), n, "Network either does not exist in this cloud, or is not available"))
+		}
+	}
+	return allErrs
+}
+
+func validateAdditionalSecurityGroups(additionalSecurityGroupIDs, availableSecurityGroups []string, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+	sgSet := make(map[string]struct{}, len(availableSecurityGroups))
+	for i := range availableSecurityGroups {
+		sgSet[availableSecurityGroups[i]] = struct{}{}
+	}
+	for i, n := range additionalSecurityGroupIDs {
+		if _, ok := sgSet[n]; !ok {
+			allErrs = append(allErrs, field.Invalid(fldPath.Index(i), n, "Security group either does not exist in this cloud, or is not available"))
+		}
+	}
+	return allErrs
+}
+
 func validateZones(input []string, available []string, fldPath *field.Path) field.ErrorList {
 	// check if machinepool default
 	if len(input) == 1 && input[0] == "" {
