-(Appears on: -MachineImageVersion) -
--
CapabilitySet groups all RegionAMIMappings for a specific et of capabilities.
- -| Field | -Description | -
|---|---|
-regions
-
-
-[]RegionAMIMapping
-
-
- |
-
- Regions is a mapping to the correct AMI for the machine image in the supported regions. - |
-
-capabilities
-
-github.com/gardener/gardener/pkg/apis/core/v1beta1.Capabilities
-
- |
-
- Capabilities that are supported by the AMIs in this set. - |
-
@@ -1337,6 +1294,49 @@ github.com/gardener/gardener/pkg/apis/core/v1beta1.Capabilities +
+(Appears on: +MachineImageVersion) +
++
MachineImageFlavor groups all RegionAMIMappings for a specific set of capabilities.
+ +| Field | +Description | +
|---|---|
+regions
+
+
+[]RegionAMIMapping
+
+
+ |
+
+ Regions is a mapping to the correct AMI for the machine image in the supported regions. + |
+
+capabilities
+
+github.com/gardener/gardener/pkg/apis/core/v1beta1.Capabilities
+
+ |
+
+ Capabilities that are supported by the AMIs in this set. + |
+
@@ -1380,15 +1380,15 @@ string
capabilitySets
+capabilityFlavors
-
-[]CapabilitySet
+
+[]MachineImageFlavor
CapabilitySets is grouping of region AMIs by capabilities.
+CapabilityFlavors is grouping of region AMIs by capabilities.
(Appears on: -CapabilitySet, +MachineImageFlavor, MachineImageVersion)
diff --git a/pkg/admission/mutator/cloudprofile.go b/pkg/admission/mutator/cloudprofile.go new file mode 100644 index 000000000..311ae1c2e --- /dev/null +++ b/pkg/admission/mutator/cloudprofile.go @@ -0,0 +1,91 @@ +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package mutator + +import ( + "context" + "fmt" + "slices" + + extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook" + gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1" +) + +// NewCloudProfileMutator returns a new instance of a CloudProfile mutator. +func NewCloudProfileMutator(mgr manager.Manager) extensionswebhook.Mutator { + return &cloudProfile{ + client: mgr.GetClient(), + decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), + } +} + +type cloudProfile struct { + client client.Client + decoder runtime.Decoder +} + +// Mutate mutates the given CloudProfile object. +func (p *cloudProfile) Mutate(_ context.Context, newObj, _ client.Object) error { + profile, ok := newObj.(*gardencorev1beta1.CloudProfile) + if !ok { + return fmt.Errorf("wrong object type %T", newObj) + } + + // Skip mutation if CloudProfile is being deleted or when no capabilities used in that profile + if profile.DeletionTimestamp != nil || profile.Spec.ProviderConfig == nil || len(profile.Spec.MachineCapabilities) == 0 { + return nil + } + + specConfig := &v1alpha1.CloudProfileConfig{} + if _, _, err := p.decoder.Decode(profile.Spec.ProviderConfig.Raw, nil, specConfig); err != nil { + return fmt.Errorf("could not decode providerConfig of cloudProfile for '%s': %w", profile.Name, err) + } + + overwriteMachineImageCapabilityFlavors(profile, specConfig) + return nil +} + +// overwriteMachineImageCapabilityFlavors updates the capability flavors of machine images in the CloudProfile +func overwriteMachineImageCapabilityFlavors(profile *gardencorev1beta1.CloudProfile, config *v1alpha1.CloudProfileConfig) { + for _, providerMachineImage := range config.MachineImages { + // Find the corresponding machine image in the CloudProfile + imageIdx := slices.IndexFunc(profile.Spec.MachineImages, func(mi gardencorev1beta1.MachineImage) bool { + return mi.Name == providerMachineImage.Name + }) + if imageIdx == -1 { + continue + } + + // Iterate over versions in the provider's machine image + for _, providerVersion := range providerMachineImage.Versions { + // Find the corresponding version in the CloudProfile's machine image + versionIdx := slices.IndexFunc(profile.Spec.MachineImages[imageIdx].Versions, func(miv gardencorev1beta1.MachineImageVersion) bool { + return miv.Version == providerVersion.Version + }) + if versionIdx == -1 { + continue + } + + profile.Spec.MachineImages[imageIdx].Versions[versionIdx].CapabilityFlavors = convertCapabilityFlavors(providerVersion.CapabilityFlavors) + } + } +} + +// convertCapabilityFlavors converts provider capability flavors to CloudProfile capability flavors +func convertCapabilityFlavors(providerFlavors []v1alpha1.MachineImageFlavor) []gardencorev1beta1.MachineImageFlavor { + capabilityFlavors := make([]gardencorev1beta1.MachineImageFlavor, 0, len(providerFlavors)) + for _, providerFlavor := range providerFlavors { + capabilityFlavors = append(capabilityFlavors, gardencorev1beta1.MachineImageFlavor{ + Capabilities: providerFlavor.GetCapabilities(), + }) + } + return capabilityFlavors +} diff --git a/pkg/admission/mutator/cloudprofile_test.go b/pkg/admission/mutator/cloudprofile_test.go new file mode 100644 index 000000000..3564b5f90 --- /dev/null +++ b/pkg/admission/mutator/cloudprofile_test.go @@ -0,0 +1,266 @@ +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package mutator_test + +import ( + "context" + "fmt" + + extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook" + "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "github.com/gardener/gardener/pkg/utils/test" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" + fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" + "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/gardener/gardener-extension-provider-aws/pkg/admission/mutator" + "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/install" +) + +var _ = Describe("CloudProfile Mutator", func() { + var ( + fakeClient client.Client + fakeManager manager.Manager + ctx = context.Background() + + cloudProfileMutator extensionswebhook.Mutator + cloudProfile *v1beta1.CloudProfile + ) + + BeforeEach(func() { + scheme := runtime.NewScheme() + utilruntime.Must(install.AddToScheme(scheme)) + utilruntime.Must(v1beta1.AddToScheme(scheme)) + fakeClient = fakeclient.NewClientBuilder().WithScheme(scheme).Build() + fakeManager = &test.FakeManager{ + Client: fakeClient, + Scheme: scheme, + } + + cloudProfileMutator = mutator.NewCloudProfileMutator(fakeManager) + + imageVersion := "1.0.0" + latestImageVersion := "1.0.1" + imageName := "os-1" + + machineImages := []v1beta1.MachineImage{ + { + Name: imageName, + Versions: []v1beta1.MachineImageVersion{{ + ExpirableVersion: v1beta1.ExpirableVersion{ + Version: imageVersion, + }, + }, { + ExpirableVersion: v1beta1.ExpirableVersion{ + Version: latestImageVersion, + }, + }, + }, + }, + } + + cloudProfile = &v1beta1.CloudProfile{ + ObjectMeta: metav1.ObjectMeta{ + Name: "aws", + }, + Spec: v1beta1.CloudProfileSpec{ + MachineImages: machineImages, + }, + } + }) + + Describe("#Mutate", func() { + Context("CloudProfile without machineCapabilities", func() { + BeforeEach(func() { + cloudProfile.Spec.ProviderConfig = nil + }) + + It("should succeed and not modify the CloudProfile", func() { + cloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(`{ +"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1", +"kind":"CloudProfileConfig", +"machineImages":[ + {"name":"image-1","versions":[{"version":"1.1","regions":[{"name":"eu2","ami":"ami-124","architecture":"armhf"}]}]} +]}`)} + expectedProfileSpec := cloudProfile.Spec.DeepCopy() + Expect(cloudProfileMutator.Mutate(ctx, cloudProfile, nil)).To(Succeed()) + + Expect(cloudProfile.Spec.MachineImages).To(Equal(expectedProfileSpec.MachineImages)) + }) + }) + + Context("CloudProfile with machineCapabilities", func() { + BeforeEach(func() { + cloudProfile.Spec.MachineCapabilities = []v1beta1.CapabilityDefinition{{ + Name: "architecture", + Values: []string{"amd64", "arm64", "armhf"}, + }, { + Name: "gpu", + Values: []string{"true", "false"}, + }} + }) + It("should succeed for CloudProfile without provider config", func() { + expectedProfile := cloudProfile.DeepCopy() + Expect(cloudProfileMutator.Mutate(ctx, cloudProfile, nil)).To(Succeed()) + Expect(cloudProfile).To(Equal(expectedProfile)) + + }) + + It("should skip if CloudProfile is in deletion phase", func() { + cloudProfile.DeletionTimestamp = ptr.To(metav1.Now()) + expectedProfile := cloudProfile.DeepCopy() + + Expect(cloudProfileMutator.Mutate(ctx, cloudProfile, nil)).To(Succeed()) + + Expect(cloudProfile).To(Equal(expectedProfile)) + }) + + It("should fill capabilityFlavors based on provider config", func() { + image1AmiMappings := `"capabilityFlavors":[ +{"capabilities":{"architecture":["arm64"]},"regions":[{"name":"image-region-1","ami":"id-img-reg-1"}]}, +{"capabilities":{"architecture":["amd64"]},"regions":[{"name":"image-region-2","ami":"id-img-reg-2"}]} +]` + image1FallbackMappings := `"capabilityFlavors":[ +{"capabilities":{"architecture":["amd64"]},"regions":[{"name":"image-region-2","ami":"id-img-reg-2"}]} +]` + + cloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(fmt.Sprintf(`{ +"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1", +"kind":"CloudProfileConfig", +"machineImages":[ + {"name":"os-1","versions":[ + {"version":"1.0.0",%s}, + {"version":"1.0.1",%s} + ]} +]}`, image1AmiMappings, image1FallbackMappings))} + Expect(cloudProfileMutator.Mutate(ctx, cloudProfile, nil)).To(Succeed()) + Expect(cloudProfile.Spec.MachineImages).To(Equal([]v1beta1.MachineImage{ + { + Name: "os-1", + Versions: []v1beta1.MachineImageVersion{ + { + ExpirableVersion: v1beta1.ExpirableVersion{Version: "1.0.0"}, + CapabilityFlavors: []v1beta1.MachineImageFlavor{ + {Capabilities: v1beta1.Capabilities{"architecture": []string{"arm64"}}}, + {Capabilities: v1beta1.Capabilities{"architecture": []string{"amd64"}}}, + }, + }, + { + ExpirableVersion: v1beta1.ExpirableVersion{Version: "1.0.1"}, + CapabilityFlavors: []v1beta1.MachineImageFlavor{ + {Capabilities: v1beta1.Capabilities{"architecture": []string{"amd64"}}}, + }, + }, + }, + }, + })) + }) + + It("should overwrite capabilityFlavors when some versions already have them", func() { + twoFlavors := `"capabilityFlavors":[ +{"capabilities":{"architecture":["arm64"]},"regions":[{"name":"image-region-1","ami":"id-img-reg-1"}]}, +{"capabilities":{"architecture":["amd64"]},"regions":[{"name":"image-region-2","ami":"id-img-reg-2"}]} +]` + oneFlavors := `"capabilityFlavors":[ +{"capabilities":{"architecture":["amd64"]},"regions":[{"name":"image-region-2","ami":"id-img-reg-2"}]} +]` + cloudProfile.Spec.MachineImages = []v1beta1.MachineImage{ + { + Name: "os-1", + Versions: []v1beta1.MachineImageVersion{ + { + ExpirableVersion: v1beta1.ExpirableVersion{Version: "1.0.0"}, + CapabilityFlavors: []v1beta1.MachineImageFlavor{ + {Capabilities: v1beta1.Capabilities{"architecture": []string{"not-existing"}}}, + {Capabilities: v1beta1.Capabilities{"architecture": []string{"amd64"}}}, + }, + }, + {ExpirableVersion: v1beta1.ExpirableVersion{Version: "1.0.1"}}, + }, + }, + { + Name: "os-2", + Versions: []v1beta1.MachineImageVersion{ + {ExpirableVersion: v1beta1.ExpirableVersion{Version: "1.0.0"}}, + {ExpirableVersion: v1beta1.ExpirableVersion{Version: "1.0.1"}}, + }, + }, + } + cloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(fmt.Sprintf(`{ +"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1", +"kind":"CloudProfileConfig", +"machineImages":[ + {"name":"os-1","versions":[ + {"version":"1.0.0",%s}, + {"version":"1.0.1",%s} + ]}, + {"name":"os-2","versions":[ + {"version":"1.0.0",%s}, + {"version":"1.0.1",%s} + ]} +]}`, twoFlavors, oneFlavors, oneFlavors, twoFlavors))} + Expect(cloudProfileMutator.Mutate(ctx, cloudProfile, nil)).To(Succeed()) + Expect(cloudProfile.Spec.MachineImages).To(ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Name": Equal("os-1"), + "Versions": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "ExpirableVersion": MatchFields(IgnoreExtras, Fields{"Version": Equal("1.0.0")}), + "CapabilityFlavors": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Capabilities": Equal(v1beta1.Capabilities{"architecture": []string{"arm64"}}), + }), + MatchFields(IgnoreExtras, Fields{ + "Capabilities": Equal(v1beta1.Capabilities{"architecture": []string{"amd64"}}), + }), + ), + }), + MatchFields(IgnoreExtras, Fields{ + "ExpirableVersion": MatchFields(IgnoreExtras, Fields{"Version": Equal("1.0.1")}), + "CapabilityFlavors": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Capabilities": Equal(v1beta1.Capabilities{"architecture": []string{"amd64"}}), + }), + ), + }), + ), + }), + MatchFields(IgnoreExtras, Fields{ + "Name": Equal("os-2"), + "Versions": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "ExpirableVersion": MatchFields(IgnoreExtras, Fields{"Version": Equal("1.0.0")}), + "CapabilityFlavors": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Capabilities": Equal(v1beta1.Capabilities{"architecture": []string{"amd64"}}), + }), + ), + }), + MatchFields(IgnoreExtras, Fields{ + "ExpirableVersion": MatchFields(IgnoreExtras, Fields{"Version": Equal("1.0.1")}), + "CapabilityFlavors": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Capabilities": Equal(v1beta1.Capabilities{"architecture": []string{"arm64"}}), + }), + MatchFields(IgnoreExtras, Fields{ + "Capabilities": Equal(v1beta1.Capabilities{"architecture": []string{"amd64"}}), + }), + ), + }), + ), + }), + )) + }) + }) + + }) +}) diff --git a/pkg/admission/mutator/namespacedcloudprofile_test.go b/pkg/admission/mutator/namespacedcloudprofile_test.go index 42a8ecd46..5d39a02fa 100644 --- a/pkg/admission/mutator/namespacedcloudprofile_test.go +++ b/pkg/admission/mutator/namespacedcloudprofile_test.go @@ -110,6 +110,65 @@ var _ = Describe("NamespacedCloudProfile Mutator", func() { }), )) }) + It("should correctly merge extended machineImages using capabilities ", func() { + namespacedCloudProfile.Status.CloudProfileSpec.MachineCapabilities = []v1beta1.CapabilityDefinition{{ + Name: "architecture", + Values: []string{"amd64", "armhf"}, + }} + namespacedCloudProfile.Status.CloudProfileSpec.ProviderConfig = &runtime.RawExtension{Raw: []byte(`{ +"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1", +"kind":"CloudProfileConfig", +"machineImages":[ + {"name":"image-1","versions":[{"version":"1.0","capabilityFlavors":[ +{"capabilities":{"architecture":["amd64"]},"regions":[{"name":"eu1","ami":"ami-123"}]} +]}]} +]}`)} + namespacedCloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(`{ +"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1", +"kind":"CloudProfileConfig", +"machineImages":[ + {"name":"image-1","versions":[{"version":"1.1","capabilityFlavors":[ +{"capabilities":{"architecture":["armhf"]},"regions":[{"name":"eu2","ami":"ami-124"}]} +]}]}, + {"name":"image-2","versions":[{"version":"2.0","capabilityFlavors":[ +{"capabilities":{"architecture":["amd64"]},"regions":[{"name":"eu3","ami":"ami-125"}]} +]}]} +]}`)} + + Expect(namespacedCloudProfileMutator.Mutate(ctx, namespacedCloudProfile, nil)).To(Succeed()) + + mergedConfig, err := decodeCloudProfileConfig(decoder, namespacedCloudProfile.Status.CloudProfileSpec.ProviderConfig) + Expect(err).ToNot(HaveOccurred()) + Expect(mergedConfig.MachineImages).To(ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Name": Equal("image-1"), + "Versions": ContainElements( + api.MachineImageVersion{Version: "1.0", + CapabilityFlavors: []api.MachineImageFlavor{{ + Capabilities: v1beta1.Capabilities{"architecture": []string{"amd64"}}, + Regions: []api.RegionAMIMapping{{Name: "eu1", AMI: "ami-123", Architecture: ptr.To("ignore")}}, + }}, + }, + api.MachineImageVersion{Version: "1.1", + CapabilityFlavors: []api.MachineImageFlavor{{ + Capabilities: v1beta1.Capabilities{"architecture": []string{"armhf"}}, + Regions: []api.RegionAMIMapping{{Name: "eu2", AMI: "ami-124", Architecture: ptr.To("ignore")}}, + }}, + }, + ), + }), + MatchFields(IgnoreExtras, Fields{ + "Name": Equal("image-2"), + "Versions": ContainElements( + api.MachineImageVersion{Version: "2.0", + CapabilityFlavors: []api.MachineImageFlavor{{ + Capabilities: v1beta1.Capabilities{"architecture": []string{"amd64"}}, + Regions: []api.RegionAMIMapping{{Name: "eu3", AMI: "ami-125", Architecture: ptr.To("ignore")}}, + }}, + }), + }), + )) + }) }) }) }) diff --git a/pkg/admission/mutator/webhook.go b/pkg/admission/mutator/webhook.go index dd8c1382e..41fd74000 100644 --- a/pkg/admission/mutator/webhook.go +++ b/pkg/admission/mutator/webhook.go @@ -33,6 +33,7 @@ func New(mgr manager.Manager) (*extensionswebhook.Webhook, error) { Mutators: map[extensionswebhook.Mutator][]extensionswebhook.Type{ NewShootMutator(mgr): {{Obj: &gardencorev1beta1.Shoot{}}}, NewNamespacedCloudProfileMutator(mgr): {{Obj: &gardencorev1beta1.NamespacedCloudProfile{}, Subresource: ptr.To("status")}}, + NewCloudProfileMutator(mgr): {{Obj: &gardencorev1beta1.CloudProfile{}}}, }, Target: extensionswebhook.TargetSeed, ObjectSelector: &metav1.LabelSelector{ diff --git a/pkg/admission/validator/cloudprofile.go b/pkg/admission/validator/cloudprofile.go index ad424a566..50dd67e27 100644 --- a/pkg/admission/validator/cloudprofile.go +++ b/pkg/admission/validator/cloudprofile.go @@ -10,29 +10,29 @@ import ( extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook" "github.com/gardener/gardener/pkg/apis/core" + gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/util/validation/field" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/helper" awsvalidation "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/validation" ) // NewCloudProfileValidator returns a new instance of a cloud profile validator. func NewCloudProfileValidator(mgr manager.Manager) extensionswebhook.Validator { - return &cloudProfile{ + return &cloudProfileValidator{ decoder: serializer.NewCodecFactory(mgr.GetScheme(), serializer.EnableStrict).UniversalDecoder(), } } -type cloudProfile struct { +type cloudProfileValidator struct { decoder runtime.Decoder } // Validate validates the given cloud profile objects. -func (cp *cloudProfile) Validate(_ context.Context, newObj, _ client.Object) error { +func (cp *cloudProfileValidator) Validate(_ context.Context, newObj, _ client.Object) error { cloudProfile, ok := newObj.(*core.CloudProfile) if !ok { return fmt.Errorf("wrong object type %T", newObj) @@ -45,13 +45,13 @@ func (cp *cloudProfile) Validate(_ context.Context, newObj, _ client.Object) err cpConfig, err := decodeCloudProfileConfig(cp.decoder, cloudProfile.Spec.ProviderConfig) if err != nil { - return err + return fmt.Errorf("could not decode providerConfig of CloudProfile %q: %w", cloudProfile.Name, err) } - capabilitiesDefinition, err := helper.ConvertV1beta1CapabilitiesDefinitions(cloudProfile.Spec.Capabilities) + capabilityDefinitions, err := gardencorev1beta1helper.ConvertV1beta1CapabilityDefinitions(cloudProfile.Spec.MachineCapabilities) if err != nil { - return field.InternalError(field.NewPath("spec").Child("capabilities"), err) + return field.InternalError(field.NewPath("spec").Child("machineCapabilities"), err) } - return awsvalidation.ValidateCloudProfileConfig(cpConfig, cloudProfile.Spec.MachineImages, capabilitiesDefinition, providerConfigPath).ToAggregate() + return awsvalidation.ValidateCloudProfileConfig(cpConfig, cloudProfile.Spec.MachineImages, capabilityDefinitions, providerConfigPath).ToAggregate() } diff --git a/pkg/admission/validator/namespacedcloudprofile.go b/pkg/admission/validator/namespacedcloudprofile.go index e4271398e..701fac00a 100644 --- a/pkg/admission/validator/namespacedcloudprofile.go +++ b/pkg/admission/validator/namespacedcloudprofile.go @@ -24,7 +24,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/manager" api "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws" - "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/helper" "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/validation" ) @@ -43,25 +42,25 @@ type namespacedCloudProfile struct { // Validate validates the given NamespacedCloudProfile objects. func (p *namespacedCloudProfile) Validate(ctx context.Context, newObj, _ client.Object) error { - profile, ok := newObj.(*core.NamespacedCloudProfile) + cloudProfile, ok := newObj.(*core.NamespacedCloudProfile) if !ok { return fmt.Errorf("wrong object type %T", newObj) } - if profile.DeletionTimestamp != nil { + if cloudProfile.DeletionTimestamp != nil { return nil } - cpConfig := &api.CloudProfileConfig{} - if profile.Spec.ProviderConfig != nil { + cloudProfileConfig := &api.CloudProfileConfig{} + if cloudProfile.Spec.ProviderConfig != nil { var err error - cpConfig, err = decodeCloudProfileConfig(p.decoder, profile.Spec.ProviderConfig) + cloudProfileConfig, err = decodeCloudProfileConfig(p.decoder, cloudProfile.Spec.ProviderConfig) if err != nil { - return err + return fmt.Errorf("could not decode providerConfig of NamespacedCloudProfile for '%s': %w", cloudProfile.Name, err) } } - parentCloudProfile := profile.Spec.Parent + parentCloudProfile := cloudProfile.Spec.Parent if parentCloudProfile.Kind != constants.CloudProfileReferenceKindCloudProfile { return fmt.Errorf("parent reference must be of kind CloudProfile (unsupported kind: %s)", parentCloudProfile.Kind) } @@ -70,16 +69,7 @@ func (p *namespacedCloudProfile) Validate(ctx context.Context, newObj, _ client. return err } - return p.validateNamespacedCloudProfileProviderConfig(cpConfig, profile.Spec, parentProfile.Spec).ToAggregate() -} - -// validateNamespacedCloudProfileProviderConfig validates the CloudProfileConfig passed with a NamespacedCloudProfile. -func (p *namespacedCloudProfile) validateNamespacedCloudProfileProviderConfig(providerConfig *api.CloudProfileConfig, profileSpec core.NamespacedCloudProfileSpec, parentSpec gardencorev1beta1.CloudProfileSpec) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, p.validateMachineImages(providerConfig, profileSpec.MachineImages, parentSpec)...) - - return allErrs + return p.validateMachineImages(cloudProfileConfig, cloudProfile.Spec.MachineImages, parentProfile.Spec).ToAggregate() } func (p *namespacedCloudProfile) validateMachineImages(providerConfig *api.CloudProfileConfig, machineImages []core.MachineImage, parentSpec gardencorev1beta1.CloudProfileSpec) field.ErrorList { @@ -88,7 +78,7 @@ func (p *namespacedCloudProfile) validateMachineImages(providerConfig *api.Cloud machineImagesPath := field.NewPath("spec.providerConfig.machineImages") for i, machineImage := range providerConfig.MachineImages { idxPath := machineImagesPath.Index(i) - allErrs = append(allErrs, validation.ValidateProviderMachineImage(idxPath, machineImage, parentSpec.Capabilities)...) + allErrs = append(allErrs, validation.ValidateProviderMachineImage(machineImage, parentSpec.MachineCapabilities, idxPath)...) } profileImages := gutil.NewCoreImagesContext(machineImages) @@ -115,14 +105,14 @@ func (p *namespacedCloudProfile) validateMachineImages(providerConfig *api.Cloud continue } - if len(parentSpec.Capabilities) == 0 { + if len(parentSpec.MachineCapabilities) == 0 { allErrs = append(allErrs, validateMachineImageArchitectures(machineImage, version, providerImageVersion)...) } else { var v1betaVersion gardencorev1beta1.MachineImageVersion if err := gardencoreapi.Scheme.Convert(&version, &v1betaVersion, nil); err != nil { return append(allErrs, field.InternalError(machineImagesPath, err)) } - allErrs = append(allErrs, validateMachineImageCapabilities(machineImage, v1betaVersion, providerImageVersion, parentSpec.Capabilities)...) + allErrs = append(allErrs, validateMachineImageCapabilities(machineImage, v1betaVersion, providerImageVersion, parentSpec.MachineCapabilities)...) } } } @@ -161,62 +151,62 @@ func (p *namespacedCloudProfile) validateMachineImages(providerConfig *api.Cloud return allErrs } -func validateMachineImageCapabilities(machineImage core.MachineImage, version gardencorev1beta1.MachineImageVersion, providerImageVersion api.MachineImageVersion, capabilitiesDefinition []gardencorev1beta1.CapabilityDefinition) field.ErrorList { +func validateMachineImageCapabilities(machineImage core.MachineImage, version gardencorev1beta1.MachineImageVersion, providerImageVersion api.MachineImageVersion, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition) field.ErrorList { allErrs := field.ErrorList{} path := field.NewPath("spec.providerConfig.machineImages") - defaultedCapabilitySets := gardencorev1beta1helper.GetCapabilitySetsWithAppliedDefaults(version.CapabilitySets, capabilitiesDefinition) + defaultedCapabilityFlavors := gardencorev1beta1helper.GetImageFlavorsWithAppliedDefaults(version.CapabilityFlavors, capabilityDefinitions) regionsCapabilitiesMap := map[string][]gardencorev1beta1.Capabilities{} - // 1. Create an error for each capabilitySet in the providerConfig that is not defined in the core machine image version - for _, capabilitySet := range providerImageVersion.CapabilitySets { + // 1. Create an error for each capabilityFlavor in the providerConfig that is not defined in the core machine image version + for _, capabilityFlavor := range providerImageVersion.CapabilityFlavors { isFound := false - for _, coreDefaultedCapabilitySet := range defaultedCapabilitySets { - defaultedProviderCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilitySet.Capabilities, capabilitiesDefinition) - if helper.AreCapabilitiesEqual(coreDefaultedCapabilitySet.Capabilities, defaultedProviderCapabilities) { + for _, coreDefaultedCapabilitySet := range defaultedCapabilityFlavors { + defaultedProviderCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilityFlavor.Capabilities, capabilityDefinitions) + if gardencorev1beta1helper.AreCapabilitiesEqual(coreDefaultedCapabilitySet.Capabilities, defaultedProviderCapabilities) { isFound = true } } if !isFound { allErrs = append(allErrs, field.Forbidden(path, - fmt.Sprintf("machine image version %s@%s has an excess capabilitySet %v, which is not defined in the machineImages spec", - machineImage.Name, version.Version, capabilitySet.Capabilities))) + fmt.Sprintf("machine image version %s@%s has an excess capabilityFlavor %v, which is not defined in the machineImages spec", + machineImage.Name, version.Version, capabilityFlavor.Capabilities))) } - for _, regionMapping := range capabilitySet.Regions { - regionsCapabilitiesMap[regionMapping.Name] = append(regionsCapabilitiesMap[regionMapping.Name], capabilitySet.Capabilities) + for _, regionMapping := range capabilityFlavor.Regions { + regionsCapabilitiesMap[regionMapping.Name] = append(regionsCapabilitiesMap[regionMapping.Name], capabilityFlavor.Capabilities) } } - // 2. Create an error for each capabilitySet in the core machine image version that is not defined in the providerConfig - for _, coreDefaultedCapabilitySet := range defaultedCapabilitySets { + // 2. Create an error for each capabilityFlavor in the core machine image version that is not defined in the providerConfig + for _, coreDefaultedCapabilityFlavor := range defaultedCapabilityFlavors { isFound := false - for _, capabilitySet := range providerImageVersion.CapabilitySets { - defaultedProviderCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilitySet.Capabilities, capabilitiesDefinition) - if helper.AreCapabilitiesEqual(coreDefaultedCapabilitySet.Capabilities, defaultedProviderCapabilities) { + for _, capabilityFlavor := range providerImageVersion.CapabilityFlavors { + defaultedProviderCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilityFlavor.Capabilities, capabilityDefinitions) + if gardencorev1beta1helper.AreCapabilitiesEqual(coreDefaultedCapabilityFlavor.Capabilities, defaultedProviderCapabilities) { isFound = true } } if !isFound { allErrs = append(allErrs, field.Required(path, - fmt.Sprintf("machine image version %s@%s has a capabilitySet %v not defined in the NamespacedCloudProfile providerConfig", - machineImage.Name, version.Version, coreDefaultedCapabilitySet.Capabilities))) - // no need to check the regions if the capabilitySet is not defined in the providerConfig + fmt.Sprintf("machine image version %s@%s has a capabilityFlavor %v not defined in the NamespacedCloudProfile providerConfig", + machineImage.Name, version.Version, coreDefaultedCapabilityFlavor.Capabilities))) + // no need to check the regions if the capabilityFlavor is not defined in the providerConfig continue } - // 3. Create an error for each region that is not part of every capabilitySet + // 3. Create an error for each region that is not part of every capabilityFlavor for region, regionCapabilities := range regionsCapabilitiesMap { isFound := false for _, capabilities := range regionCapabilities { - regionDefaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilities, capabilitiesDefinition) - if helper.AreCapabilitiesEqual(regionDefaultedCapabilities, coreDefaultedCapabilitySet.Capabilities) { + regionDefaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilities, capabilityDefinitions) + if gardencorev1beta1helper.AreCapabilitiesEqual(regionDefaultedCapabilities, coreDefaultedCapabilityFlavor.Capabilities) { isFound = true } } if !isFound { allErrs = append(allErrs, field.Required(path, - fmt.Sprintf("machine image version %s@%s is missing region %q in capabilitySet %v in the NamespacedCloudProfile providerConfig", - machineImage.Name, version.Version, region, coreDefaultedCapabilitySet.Capabilities))) + fmt.Sprintf("machine image version %s@%s is missing region %q in capabilityFlavor %v in the NamespacedCloudProfile providerConfig", + machineImage.Name, version.Version, region, coreDefaultedCapabilityFlavor.Capabilities))) } } } diff --git a/pkg/admission/validator/namespacedcloudprofile_test.go b/pkg/admission/validator/namespacedcloudprofile_test.go index 6ae1cc672..3b4b98b39 100644 --- a/pkg/admission/validator/namespacedcloudprofile_test.go +++ b/pkg/admission/validator/namespacedcloudprofile_test.go @@ -40,13 +40,13 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili namespacedCloudProfileValidator extensionswebhook.Validator namespacedCloudProfile *core.NamespacedCloudProfile cloudProfile *v1beta1.CloudProfile - capabilitiesDefinitions []v1beta1.CapabilityDefinition + capabilityDefinitions []v1beta1.CapabilityDefinition ) BeforeEach(func() { if isCapabilitiesCloudProfile { - capabilitiesDefinitions = []v1beta1.CapabilityDefinition{ - {Name: v1beta1constants.ArchitectureName, Values: []string{v1beta1constants.ArchitectureAMD64}}, + capabilityDefinitions = []v1beta1.CapabilityDefinition{ + {Name: v1beta1constants.ArchitectureName, Values: []string{"amd64"}}, } } scheme := runtime.NewScheme() @@ -77,7 +77,7 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili Name: "cloud-profile", }, Spec: v1beta1.CloudProfileSpec{ - Capabilities: capabilitiesDefinitions, + MachineCapabilities: capabilityDefinitions, }, } }) @@ -99,9 +99,9 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili namespacedAmiMappings := `{"name":"image-1","versions":[{"version":"1.1","regions":[{"name":"eu1","ami":"ami-123"}]}]}, {"name":"image-2","versions":[{"version":"2.0","regions":[{"name":"eu1","ami":"ami-123"}]}]}` if isCapabilitiesCloudProfile { - amiMappings = `"capabilitySets":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]` - namespacedAmiMappings = `{"name":"image-1","versions":[{"version":"1.1","capabilitySets":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]}]}, - {"name":"image-2","versions":[{"version":"2.0","capabilitySets":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]}]}` + amiMappings = `"capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]` + namespacedAmiMappings = `{"name":"image-1","versions":[{"version":"1.1","capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]}]}, + {"name":"image-2","versions":[{"version":"2.0","capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]}]}` } cloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(fmt.Sprintf(`{ @@ -149,7 +149,7 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili amiMappings := `"regions":[{"name":"eu1","ami":"ami-123"}]` if isCapabilitiesCloudProfile { - amiMappings = `"capabilitySets":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]` + amiMappings = `"capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]` } cloudProfile.Spec.MachineImages = []v1beta1.MachineImage{ @@ -187,7 +187,7 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili It("should fail for NamespacedCloudProfile specifying provider config without the according version in the spec.machineImages", func() { amiMappings := `"regions":[{"name":"eu1","ami":"ami-123"}]` if isCapabilitiesCloudProfile { - amiMappings = `"capabilitySets":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]` + amiMappings = `"capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]` } namespacedCloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(fmt.Sprintf(`{ @@ -228,14 +228,14 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili ]` image1FallbackMappings := `"regions":[{"name":"image-region-2","ami":"id-img-reg-2"}]` if isCapabilitiesCloudProfile { - image1AmiMappings = `"capabilitySets":[ + image1AmiMappings = `"capabilityFlavors":[ {"capabilities":{"architecture":["arm64"]},"regions":[{"name":"image-region-1","ami":"id-img-reg-1"}]}, {"capabilities":{"architecture":["amd64"]},"regions":[{"name":"image-region-2","ami":"id-img-reg-2"}]} ]` - image1FallbackMappings = `"capabilitySets":[ + image1FallbackMappings = `"capabilityFlavors":[ {"capabilities":{"architecture":["amd64"]},"regions":[{"name":"image-region-2","ami":"id-img-reg-2"}]} ]` - cloudProfile.Spec.Capabilities[0].Values = []string{v1beta1constants.ArchitectureAMD64, v1beta1constants.ArchitectureARM64} + cloudProfile.Spec.MachineCapabilities[0].Values = []string{"amd64", "arm64"} } namespacedCloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(fmt.Sprintf(`{ "apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1", @@ -251,16 +251,16 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili Name: "image-1", Versions: []core.MachineImageVersion{ {ExpirableVersion: core.ExpirableVersion{Version: "1.1-regions"}, Architectures: []string{"amd64", "arm64"}, - CapabilitySets: []core.CapabilitySet{ + CapabilityFlavors: []core.MachineImageFlavor{ {Capabilities: core.Capabilities{v1beta1constants.ArchitectureName: []string{"amd64"}}}, {Capabilities: core.Capabilities{v1beta1constants.ArchitectureName: []string{"arm64"}}}, }}, {ExpirableVersion: core.ExpirableVersion{Version: "1.1-fallback"}, Architectures: []string{"arm64"}, - CapabilitySets: []core.CapabilitySet{ + CapabilityFlavors: []core.MachineImageFlavor{ {Capabilities: core.Capabilities{v1beta1constants.ArchitectureName: []string{"arm64"}}}, }}, {ExpirableVersion: core.ExpirableVersion{Version: "1.1-missing"}, Architectures: []string{"arm64"}, - CapabilitySets: []core.CapabilitySet{ + CapabilityFlavors: []core.MachineImageFlavor{ {Capabilities: core.Capabilities{v1beta1constants.ArchitectureName: []string{"arm64"}}}, }}, }, @@ -275,19 +275,19 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili Expect(err).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), "Field": fieldMatcher, - "Detail": Equal("machine image version image-1@1.1-regions is missing region \"image-region-1\" in capabilitySet map[architecture:[amd64]] in the NamespacedCloudProfile providerConfig"), + "Detail": Equal("machine image version image-1@1.1-regions is missing region \"image-region-1\" in capabilityFlavor map[architecture:[amd64]] in the NamespacedCloudProfile providerConfig"), })), PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), "Field": fieldMatcher, - "Detail": Equal("machine image version image-1@1.1-regions is missing region \"image-region-2\" in capabilitySet map[architecture:[arm64]] in the NamespacedCloudProfile providerConfig"), + "Detail": Equal("machine image version image-1@1.1-regions is missing region \"image-region-2\" in capabilityFlavor map[architecture:[arm64]] in the NamespacedCloudProfile providerConfig"), })), PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeForbidden), "Field": fieldMatcher, - "Detail": Equal("machine image version image-1@1.1-fallback has an excess capabilitySet map[architecture:[amd64]], which is not defined in the machineImages spec"), + "Detail": Equal("machine image version image-1@1.1-fallback has an excess capabilityFlavor map[architecture:[amd64]], which is not defined in the machineImages spec"), })), PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), "Field": fieldMatcher, - "Detail": Equal("machine image version image-1@1.1-fallback has a capabilitySet map[architecture:[arm64]] not defined in the NamespacedCloudProfile providerConfig"), + "Detail": Equal("machine image version image-1@1.1-fallback has a capabilityFlavor map[architecture:[arm64]] not defined in the NamespacedCloudProfile providerConfig"), })), PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), "Field": fieldMatcher, diff --git a/pkg/admission/validator/shoot.go b/pkg/admission/validator/shoot.go index 36f191aa5..bc2941bcd 100644 --- a/pkg/admission/validator/shoot.go +++ b/pkg/admission/validator/shoot.go @@ -166,7 +166,7 @@ func (s *shoot) validateShootUpdate(ctx context.Context, oldShoot, shoot *core.S if shoot.DeletionTimestamp == nil { // If the Shoot is being deleted, we do not validate the workers against the cloud // profile, as the workers will be deleted anyway. - if errList := awsvalidation.ValidateWorkersAgainstCloudProfileOnUpdate(oldShoot.Spec.Provider.Workers, shoot.Spec.Provider.Workers, shoot.Spec.Region, awsCloudProfile, cloudProfileSpec.MachineTypes, cloudProfileSpec.Capabilities, fldPath.Child("workers")); len(errList) != 0 { + if errList := awsvalidation.ValidateWorkersAgainstCloudProfileOnUpdate(oldShoot.Spec.Provider.Workers, shoot.Spec.Provider.Workers, shoot.Spec.Region, awsCloudProfile, cloudProfileSpec.MachineTypes, cloudProfileSpec.MachineCapabilities, fldPath.Child("workers")); len(errList) != 0 { return errList.ToAggregate() } } @@ -184,7 +184,7 @@ func (s *shoot) validateShootCreation(ctx context.Context, shoot *core.Shoot, cl return err } - if errList := awsvalidation.ValidateWorkersAgainstCloudProfileOnCreation(shoot.Spec.Provider.Workers, shoot.Spec.Region, awsCloudProfile, cloudProfileSpec.MachineTypes, cloudProfileSpec.Capabilities, fldPath.Child("workers")); len(errList) != 0 { + if errList := awsvalidation.ValidateWorkersAgainstCloudProfileOnCreation(shoot.Spec.Provider.Workers, shoot.Spec.Region, awsCloudProfile, cloudProfileSpec.MachineTypes, cloudProfileSpec.MachineCapabilities, fldPath.Child("workers")); len(errList) != 0 { return errList.ToAggregate() } diff --git a/pkg/apis/aws/helper/capabilities.go b/pkg/apis/aws/helper/capabilities.go deleted file mode 100644 index fd54320a5..000000000 --- a/pkg/apis/aws/helper/capabilities.go +++ /dev/null @@ -1,248 +0,0 @@ -// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors -// -// SPDX-License-Identifier: Apache-2.0 - -package helper - -// This file contains helper functions for capabilities handling, e.g. conversion, comparison, validation. -// These functions can be used by different providers and should not contain any provider-specific logic. -// All functions in this file should be transitioned into the Gardener core repository over time once the -// implementation is stable. - -import ( - "fmt" - "maps" - "slices" - - gardencoreapi "github.com/gardener/gardener/pkg/api" - gardencore "github.com/gardener/gardener/pkg/apis/core" - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// ConvertV1beta1CapabilitiesDefinitions converts core.CapabilityDefinition objects to v1beta1.CapabilityDefinition objects. -func ConvertV1beta1CapabilitiesDefinitions(capabilitiesDefinitions []gardencore.CapabilityDefinition) ([]gardencorev1beta1.CapabilityDefinition, error) { - var v1beta1CapabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition - for _, capabilityDefinition := range capabilitiesDefinitions { - var v1beta1CapabilityDefinition gardencorev1beta1.CapabilityDefinition - err := gardencoreapi.Scheme.Convert(&capabilityDefinition, &v1beta1CapabilityDefinition, nil) - if err != nil { - return nil, fmt.Errorf("failed to convert capability definition: %w", err) - } - v1beta1CapabilitiesDefinitions = append(v1beta1CapabilitiesDefinitions, v1beta1CapabilityDefinition) - } - return v1beta1CapabilitiesDefinitions, nil -} - -// AreCapabilitiesEqual checks if two capabilities are semantically equal. -func AreCapabilitiesEqual(a, b gardencorev1beta1.Capabilities) bool { - return areCapabilitiesSubsetOf(a, b) && areCapabilitiesSubsetOf(b, a) -} - -// areCapabilitiesSubsetOf verifies if all keys and values in `source` exist in `target`. -func areCapabilitiesSubsetOf(source, target gardencorev1beta1.Capabilities) bool { - for key, valuesSource := range source { - valuesTarget, exists := target[key] - if !exists { - return false - } - for _, value := range valuesSource { - if !slices.Contains(valuesTarget, value) { - return false - } - } - } - return true -} - -// ValidateCapabilities validates the capabilities of a machine type or machine image against the capabilitiesDefinition located in a cloud profile at spec.capabilities. -// It checks if the capabilities are supported by the cloud profile and if the architecture is defined correctly. -// It returns a list of field errors if any validation fails. -func ValidateCapabilities(capabilities gardencorev1beta1.Capabilities, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - // create map from capabilitiesDefinitions - capabilitiesDefinition := make(map[string][]string) - for _, capabilityDefinition := range capabilitiesDefinitions { - capabilitiesDefinition[capabilityDefinition.Name] = capabilityDefinition.Values - } - supportedCapabilityKeys := slices.Collect(maps.Keys(capabilitiesDefinition)) - - // Check if all capabilities are supported by the cloud profile - for capabilityKey, capability := range capabilities { - supportedValues, keyExists := capabilitiesDefinition[capabilityKey] - if !keyExists { - allErrs = append(allErrs, field.NotSupported(fldPath, capabilityKey, supportedCapabilityKeys)) - continue - } - for i, value := range capability { - if !slices.Contains(supportedValues, value) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child(capabilityKey).Index(i), value, supportedValues)) - } - } - } - - // Check additional requirements for architecture - // - must be defined when multiple architectures are supported by the cloud profile - supportedArchitectures := capabilitiesDefinition[v1beta1constants.ArchitectureName] - architectures := capabilities[v1beta1constants.ArchitectureName] - if len(supportedArchitectures) > 1 && len(architectures) != 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child(v1beta1constants.ArchitectureName), architectures, "must define exactly one architecture when multiple architectures are supported by the cloud profile")) - } - - return allErrs -} - -// AreCapabilitiesCompatible checks if two sets of capabilities are compatible. -// It applies defaults from the capability definitions to both sets before checking compatibility. -func AreCapabilitiesCompatible(capabilities1, capabilities2 gardencorev1beta1.Capabilities, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition) bool { - defaultedCapabilities1 := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilities1, capabilitiesDefinitions) - defaultedCapabilities2 := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(capabilities2, capabilitiesDefinitions) - - isSupported := true - commonCapabilities := getCapabilitiesIntersection(defaultedCapabilities1, defaultedCapabilities2) - // If the intersection has at least one value for each capability, the capabilities are supported. - for _, values := range commonCapabilities { - if len(values) == 0 { - isSupported = false - break - } - } - - return isSupported -} - -// getCapabilitiesIntersection returns the intersection of multiple capabilities objects. -func getCapabilitiesIntersection(capabilitiesList ...gardencorev1beta1.Capabilities) gardencorev1beta1.Capabilities { - intersection := make(gardencorev1beta1.Capabilities) - - if len(capabilitiesList) == 0 { - return intersection - } - - // Initialize intersection with the first capabilities object - maps.Copy(intersection, capabilitiesList[0]) - - intersect := func(slice1, slice2 []string) []string { - elementSet1 := sets.New(slice1...) - elementSet2 := sets.New(slice2...) - - return elementSet1.Intersection(elementSet2).UnsortedList() - } - - // Iterate through the remaining capabilities objects and refine the intersection - for _, capabilities := range capabilitiesList[1:] { - for key, values := range intersection { - intersection[key] = intersect(values, capabilities[key]) - } - } - - return intersection -} - -// HasCapabilities defines an interface for types that contain Capabilities -type HasCapabilities interface { - GetCapabilities() gardencorev1beta1.Capabilities - SetCapabilities(gardencorev1beta1.Capabilities) -} - -// FindBestCapabilitySet finds the most appropriate capability set from the provided capability sets -// based on the requested machine capabilities and the definitions of capabilities. -func FindBestCapabilitySet[T HasCapabilities]( - capabilitySets []T, - machineCapabilities gardencorev1beta1.Capabilities, - capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, -) (T, error) { - var zeroValue T - compatibleCapabilitySets := findCompatibleCapabilitySets(capabilitySets, machineCapabilities, capabilitiesDefinitions) - - if len(compatibleCapabilitySets) == 0 { - return zeroValue, fmt.Errorf("no compatible capability set found") - } - - bestMatch, err := selectBestCapabilitySet(compatibleCapabilitySets, capabilitiesDefinitions) - if err != nil { - return zeroValue, err - } - return bestMatch, nil -} - -// findCompatibleCapabilitySets returns all capability sets that are compatible with the given machine capabilities. -func findCompatibleCapabilitySets[T HasCapabilities]( - capabilitySets []T, machineCapabilities gardencorev1beta1.Capabilities, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, -) []T { - var compatibleSets []T - for _, capabilitySet := range capabilitySets { - if AreCapabilitiesCompatible(capabilitySet.GetCapabilities(), machineCapabilities, capabilitiesDefinitions) { - compatibleSets = append(compatibleSets, capabilitySet) - } - } - return compatibleSets -} - -// selectBestCapabilitySet selects the most appropriate capability set based on the priority -// of capabilities and their values as defined in capabilitiesDefinitions. -// -// Selection follows a priority-based approach: -// 1. Capabilities are ordered by priority in the definitions list (highest priority first) -// 2. Within each capability, values are ordered by preference (most preferred first) -// 3. Selection is determined by the first capability value difference found -func selectBestCapabilitySet[T HasCapabilities]( - compatibleSets []T, - capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, -) (T, error) { - var zeroValue T - if len(compatibleSets) == 1 { - return compatibleSets[0], nil - } - - // Apply capability defaults for better comparison - normalizedSets := make([]T, len(compatibleSets)) - copy(normalizedSets, compatibleSets) - - // Normalize capability sets by applying defaults - for i := range normalizedSets { - normalizedSets[i].SetCapabilities(gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults( - normalizedSets[i].GetCapabilities(), - capabilitiesDefinitions, - )) - } - - // Evaluate capability sets based on capability definitions priority - remainingSets := normalizedSets - - // For each capability (in priority order) - for _, capabilityDef := range capabilitiesDefinitions { - // For each preferred value (in preference order) - for _, capabilityValue := range capabilityDef.Values { - var setsWithPreferredValue []T - - // Find sets that support this capability value - for _, set := range remainingSets { - if slices.Contains(set.GetCapabilities()[capabilityDef.Name], capabilityValue) { - setsWithPreferredValue = append(setsWithPreferredValue, set) - } - } - - // If we found sets with this value, narrow down our selection - if len(setsWithPreferredValue) > 0 { - remainingSets = setsWithPreferredValue - - // If only one set remains, we've found our match - if len(remainingSets) == 1 { - return remainingSets[0], nil - } - } - } - } - - // If we couldn't determine a single best match, this indicates a problem with the cloud profile - if len(remainingSets) != 1 { - return zeroValue, fmt.Errorf("found multiple capability sets with identical capabilities; this indicates an invalid cloudprofile was admitted. Please open a bug report at https://github.com/gardener/gardener/issues") - } - - return remainingSets[0], nil -} diff --git a/pkg/apis/aws/helper/helper.go b/pkg/apis/aws/helper/helper.go index 7d1a7f0a0..9e9546159 100644 --- a/pkg/apis/aws/helper/helper.go +++ b/pkg/apis/aws/helper/helper.go @@ -7,9 +7,11 @@ package helper import ( "fmt" + "github.com/gardener/gardener/extensions/pkg/controller/worker" "github.com/gardener/gardener/extensions/pkg/util" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/ptr" @@ -85,14 +87,14 @@ func FindImageInCloudProfile( name, version, region string, arch *string, machineCapabilities gardencorev1beta1.Capabilities, - capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, -) (*api.CapabilitySet, error) { + capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, +) (*api.MachineImageFlavor, error) { if cloudProfileConfig == nil { return nil, fmt.Errorf("cloud profile config is nil") } machineImages := cloudProfileConfig.MachineImages - capabilitySet, err := findCapabilitySetFromMachineImages(machineImages, name, version, region, arch, machineCapabilities, capabilitiesDefinitions) + capabilitySet, err := findMachineImageFlavor(machineImages, name, version, region, arch, machineCapabilities, capabilityDefinitions) if err != nil { return nil, fmt.Errorf("could not find an AMI for region %q, image %q, version %q that supports %v: %w", region, name, version, machineCapabilities, err) } @@ -106,9 +108,9 @@ func FindImageInCloudProfile( // FindImageInWorkerStatus takes a list of machine images from the worker status and tries to find the first entry // whose name, version, architecture, capabilities and zone matches with the given ones. If no such entry is // found then an error will be returned. -func FindImageInWorkerStatus(machineImages []api.MachineImage, name string, version string, architecture *string, machineCapabilities gardencorev1beta1.Capabilities, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition) (*api.MachineImage, error) { - // If no capabilitiesDefinitions are specified, return the (legacy) architecture format field as no Capabilities are used. - if len(capabilitiesDefinitions) == 0 { +func FindImageInWorkerStatus(machineImages []api.MachineImage, name string, version string, architecture *string, machineCapabilities gardencorev1beta1.Capabilities, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition) (*api.MachineImage, error) { + // If no capabilityDefinitions are specified, return the (legacy) architecture format field as no Capabilities are used. + if len(capabilityDefinitions) == 0 { for _, statusMachineImage := range machineImages { if statusMachineImage.Architecture == nil { statusMachineImage.Architecture = ptr.To(v1beta1constants.ArchitectureAMD64) @@ -120,26 +122,26 @@ func FindImageInWorkerStatus(machineImages []api.MachineImage, name string, vers return nil, fmt.Errorf("no machine image found for image %q with version %q and architecture %q", name, version, *architecture) } - // If capabilitiesDefinitions are specified, we need to find the best matching capability set. + // If capabilityDefinitions are specified, we need to find the best matching capability set. for _, statusMachineImage := range machineImages { var statusMachineImageV1alpha1 v1alpha1.MachineImage if err := v1alpha1.Convert_aws_MachineImage_To_v1alpha1_MachineImage(&statusMachineImage, &statusMachineImageV1alpha1, nil); err != nil { return nil, fmt.Errorf("failed to convert machine image: %w", err) } - if statusMachineImage.Name == name && statusMachineImage.Version == version && AreCapabilitiesCompatible(statusMachineImageV1alpha1.Capabilities, machineCapabilities, capabilitiesDefinitions) { + if statusMachineImage.Name == name && statusMachineImage.Version == version && gardencorev1beta1helper.AreCapabilitiesCompatible(statusMachineImageV1alpha1.Capabilities, machineCapabilities, capabilityDefinitions) { return &statusMachineImage, nil } } return nil, fmt.Errorf("no machine image found for image %q with version %q and capabilities %v", name, version, machineCapabilities) } -func findCapabilitySetFromMachineImages( +func findMachineImageFlavor( machineImages []api.MachineImages, imageName, imageVersion, region string, arch *string, machineCapabilities gardencorev1beta1.Capabilities, - capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, -) (*api.CapabilitySet, error) { + capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, +) (*api.MachineImageFlavor, error) { for _, machineImage := range machineImages { if machineImage.Name != imageName { continue @@ -149,10 +151,10 @@ func findCapabilitySetFromMachineImages( continue } - if len(capabilitiesDefinitions) == 0 { + if len(capabilityDefinitions) == 0 { for _, mapping := range version.Regions { if region == mapping.Name && ptr.Equal(arch, mapping.Architecture) { - return &api.CapabilitySet{ + return &api.MachineImageFlavor{ Regions: []api.RegionAMIMapping{mapping}, Capabilities: gardencorev1beta1.Capabilities{}, }, nil @@ -161,10 +163,10 @@ func findCapabilitySetFromMachineImages( continue } - filteredCapabilitySets := filterCapabilitySetsByRegion(version.CapabilitySets, region) - bestMatch, err := FindBestCapabilitySet(filteredCapabilitySets, machineCapabilities, capabilitiesDefinitions) + filteredCapabilityFlavors := filterCapabilityFlavorsByRegion(version.CapabilityFlavors, region) + bestMatch, err := worker.FindBestImageFlavor(filteredCapabilityFlavors, machineCapabilities, capabilityDefinitions) if err != nil { - return nil, fmt.Errorf("could not determine best capabilitySet %w", err) + return nil, fmt.Errorf("could not determine best flavor %w", err) } return bestMatch, nil @@ -173,26 +175,26 @@ func findCapabilitySetFromMachineImages( return nil, nil } -// filterCapabilitySetsByRegion returns a new list with capabilitySets that only contain RegionAMIMappings +// filterCapabilityFlavorsByRegion returns a new list with capabilityFlavors that only contain RegionAMIMappings // of the region to filter for. -func filterCapabilitySetsByRegion(capabilitySets []api.CapabilitySet, regionName string) []*api.CapabilitySet { - var compatibleSets []*api.CapabilitySet +func filterCapabilityFlavorsByRegion(capabilityFlavors []api.MachineImageFlavor, regionName string) []*api.MachineImageFlavor { + var compatibleFlavors []*api.MachineImageFlavor - for _, capabilitySet := range capabilitySets { + for _, capabilityFlavor := range capabilityFlavors { var regionAMIMapping *api.RegionAMIMapping - for _, region := range capabilitySet.Regions { + for _, region := range capabilityFlavor.Regions { if region.Name == regionName { regionAMIMapping = ®ion } } if regionAMIMapping != nil { - compatibleSets = append(compatibleSets, &api.CapabilitySet{ + compatibleFlavors = append(compatibleFlavors, &api.MachineImageFlavor{ Regions: []api.RegionAMIMapping{*regionAMIMapping}, - Capabilities: capabilitySet.Capabilities, + Capabilities: capabilityFlavor.Capabilities, }) } } - return compatibleSets + return compatibleFlavors } // FindDataVolumeByName takes a list of data volumes and a data volume name. It tries to find the data volume entry for diff --git a/pkg/apis/aws/helper/helper_test.go b/pkg/apis/aws/helper/helper_test.go index a0a84fb84..538aa055b 100644 --- a/pkg/apis/aws/helper/helper_test.go +++ b/pkg/apis/aws/helper/helper_test.go @@ -73,13 +73,13 @@ var _ = Describe("Helper", func() { ) DescribeTableSubtree("Select Worker Images", func(hasCapabilities bool) { - var capabilitiesDefinitions []v1beta1.CapabilityDefinition + var capabilityDefinitions []v1beta1.CapabilityDefinition var machineCapabilities v1beta1.Capabilities var imageCapabilities v1beta1.Capabilities region := "europe" if hasCapabilities { - capabilitiesDefinitions = []v1beta1.CapabilityDefinition{ + capabilityDefinitions = []v1beta1.CapabilityDefinition{ {Name: "architecture", Values: []string{"amd64", "arm64"}}, {Name: "capability1", Values: []string{"value1", "value2", "value3"}}, } @@ -102,7 +102,7 @@ var _ = Describe("Helper", func() { expectedMachineImage.Architecture = nil } } - machineImage, err := FindImageInWorkerStatus(machineImages, name, version, arch, machineCapabilities, capabilitiesDefinitions) + machineImage, err := FindImageInWorkerStatus(machineImages, name, version, arch, machineCapabilities, capabilityDefinitions) expectResults(machineImage, expectedMachineImage, err, expectErr) }, @@ -123,7 +123,7 @@ var _ = Describe("Helper", func() { cfg := &api.CloudProfileConfig{} cfg.MachineImages = profileImages - capabilitySet, err := FindImageInCloudProfile(cfg, imageName, version, regionName, arch, machineCapabilities, capabilitiesDefinitions) + capabilitySet, err := FindImageInCloudProfile(cfg, imageName, version, regionName, arch, machineCapabilities, capabilityDefinitions) if expectedAMI != "" { Expect(err).NotTo(HaveOccurred()) @@ -236,7 +236,7 @@ func makeProfileMachineImages(name, version, region, ami string, arch *string, c Architecture: arch, }} } else { - versions[0].CapabilitySets = []api.CapabilitySet{{ + versions[0].CapabilityFlavors = []api.MachineImageFlavor{{ Capabilities: capabilities, Regions: []api.RegionAMIMapping{{ Name: region, diff --git a/pkg/apis/aws/types_cloudprofile.go b/pkg/apis/aws/types_cloudprofile.go index 473ad7d6d..9e85eac5b 100644 --- a/pkg/apis/aws/types_cloudprofile.go +++ b/pkg/apis/aws/types_cloudprofile.go @@ -32,39 +32,34 @@ type MachineImages struct { type MachineImageVersion struct { // Version is the version of the image. Version string - // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilitySets + // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilityFlavors // Regions is a mapping to the correct AMI for the machine image in the supported regions. Regions []RegionAMIMapping - // CapabilitySets is grouping of region AMIs by capabilities. - CapabilitySets []CapabilitySet + // CapabilityFlavors is grouping of region AMIs by capabilities. + CapabilityFlavors []MachineImageFlavor } -// CapabilitySet groups all RegionAMIMappings for a specific et of capabilities. -type CapabilitySet struct { +// MachineImageFlavor groups all RegionAMIMappings for a specific set of capabilities. +type MachineImageFlavor struct { // Regions is a mapping to the correct AMI for the machine image in the supported regions. Regions []RegionAMIMapping // Capabilities that are supported by the AMIs in this set. Capabilities gardencorev1beta1.Capabilities } -// GetCapabilities returns the Capabilities of a CapabilitySet -func (cs *CapabilitySet) GetCapabilities() gardencorev1beta1.Capabilities { +// GetCapabilities returns the Capabilities of a MachineImageFlavor +func (cs MachineImageFlavor) GetCapabilities() gardencorev1beta1.Capabilities { return cs.Capabilities } -// SetCapabilities sets the Capabilities on a CapabilitySet -func (cs *CapabilitySet) SetCapabilities(capabilities gardencorev1beta1.Capabilities) { - cs.Capabilities = capabilities -} - // RegionAMIMapping is a mapping to the correct AMI for the machine image in the given region. type RegionAMIMapping struct { // Name is the name of the region. Name string // AMI is the AMI for the machine image. AMI string - // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilitySets + // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilityFlavors // Architecture is the CPU architecture of the machine image. Architecture *string diff --git a/pkg/apis/aws/v1alpha1/defaults.go b/pkg/apis/aws/v1alpha1/defaults.go index 9ce446192..3fbc8ea07 100644 --- a/pkg/apis/aws/v1alpha1/defaults.go +++ b/pkg/apis/aws/v1alpha1/defaults.go @@ -46,9 +46,9 @@ func SetDefaults_MachineImage(obj *MachineImage) { } } -// SetDefaults_CapabilitySet sets the architecture of capability set regions to "ignore". -func SetDefaults_CapabilitySet(obj *CapabilitySet) { - // Implementation is only needed to ensure SetDefaults_RegionAMIMapping is not executed on CapabilitySet.Regions +// SetDefaults_MachineImageFlavor sets the architecture of capability set regions to "ignore". +func SetDefaults_MachineImageFlavor(obj *MachineImageFlavor) { + // Implementation is only needed to ensure SetDefaults_RegionAMIMapping is not executed on MachineImageFlavor.Regions for l := range obj.Regions { d := &obj.Regions[l] if d.Architecture == nil { diff --git a/pkg/apis/aws/v1alpha1/types_cloudprofile.go b/pkg/apis/aws/v1alpha1/types_cloudprofile.go index 61fa31f59..be5f7bf6d 100644 --- a/pkg/apis/aws/v1alpha1/types_cloudprofile.go +++ b/pkg/apis/aws/v1alpha1/types_cloudprofile.go @@ -33,29 +33,34 @@ type MachineImages struct { type MachineImageVersion struct { // Version is the version of the image. Version string `json:"version"` - // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilitySets + // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilityFlavors // Regions is a mapping to the correct AMI for the machine image in the supported regions. Regions []RegionAMIMapping `json:"regions"` - // CapabilitySets is grouping of region AMIs by capabilities. - CapabilitySets []CapabilitySet `json:"capabilitySets"` + // CapabilityFlavors is grouping of region AMIs by capabilities. + CapabilityFlavors []MachineImageFlavor `json:"capabilityFlavors"` } -// CapabilitySet groups all RegionAMIMappings for a specific et of capabilities. -type CapabilitySet struct { +// MachineImageFlavor groups all RegionAMIMappings for a specific set of capabilities. +type MachineImageFlavor struct { // Regions is a mapping to the correct AMI for the machine image in the supported regions. Regions []RegionAMIMapping `json:"regions"` // Capabilities that are supported by the AMIs in this set. Capabilities gardencorev1beta1.Capabilities `json:"capabilities,omitempty"` } +// GetCapabilities returns the Capabilities of a MachineImageFlavor +func (cs *MachineImageFlavor) GetCapabilities() gardencorev1beta1.Capabilities { + return cs.Capabilities +} + // RegionAMIMapping is a mapping to the correct AMI for the machine image in the given region. type RegionAMIMapping struct { // Name is the name of the region. Name string `json:"name"` // AMI is the AMI for the machine image. AMI string `json:"ami"` - // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilitySets + // TODO @Roncossek add "// deprecated" once aws cloudprofiles are migrated to use CapabilityFlavors // Architecture is the CPU architecture of the machine image. // +optional diff --git a/pkg/apis/aws/v1alpha1/zz_generated.conversion.go b/pkg/apis/aws/v1alpha1/zz_generated.conversion.go index a55d45612..3cc27f8ac 100644 --- a/pkg/apis/aws/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/aws/v1alpha1/zz_generated.conversion.go @@ -36,16 +36,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*CapabilitySet)(nil), (*aws.CapabilitySet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CapabilitySet_To_aws_CapabilitySet(a.(*CapabilitySet), b.(*aws.CapabilitySet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*aws.CapabilitySet)(nil), (*CapabilitySet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_aws_CapabilitySet_To_v1alpha1_CapabilitySet(a.(*aws.CapabilitySet), b.(*CapabilitySet), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*CloudControllerManagerConfig)(nil), (*aws.CloudControllerManagerConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_CloudControllerManagerConfig_To_aws_CloudControllerManagerConfig(a.(*CloudControllerManagerConfig), b.(*aws.CloudControllerManagerConfig), scope) }); err != nil { @@ -246,6 +236,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*MachineImageFlavor)(nil), (*aws.MachineImageFlavor)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_MachineImageFlavor_To_aws_MachineImageFlavor(a.(*MachineImageFlavor), b.(*aws.MachineImageFlavor), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*aws.MachineImageFlavor)(nil), (*MachineImageFlavor)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_aws_MachineImageFlavor_To_v1alpha1_MachineImageFlavor(a.(*aws.MachineImageFlavor), b.(*MachineImageFlavor), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*MachineImageVersion)(nil), (*aws.MachineImageVersion)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_MachineImageVersion_To_aws_MachineImageVersion(a.(*MachineImageVersion), b.(*aws.MachineImageVersion), scope) }); err != nil { @@ -419,28 +419,6 @@ func Convert_aws_BackupBucketConfig_To_v1alpha1_BackupBucketConfig(in *aws.Backu return autoConvert_aws_BackupBucketConfig_To_v1alpha1_BackupBucketConfig(in, out, s) } -func autoConvert_v1alpha1_CapabilitySet_To_aws_CapabilitySet(in *CapabilitySet, out *aws.CapabilitySet, s conversion.Scope) error { - out.Regions = *(*[]aws.RegionAMIMapping)(unsafe.Pointer(&in.Regions)) - out.Capabilities = *(*v1beta1.Capabilities)(unsafe.Pointer(&in.Capabilities)) - return nil -} - -// Convert_v1alpha1_CapabilitySet_To_aws_CapabilitySet is an autogenerated conversion function. -func Convert_v1alpha1_CapabilitySet_To_aws_CapabilitySet(in *CapabilitySet, out *aws.CapabilitySet, s conversion.Scope) error { - return autoConvert_v1alpha1_CapabilitySet_To_aws_CapabilitySet(in, out, s) -} - -func autoConvert_aws_CapabilitySet_To_v1alpha1_CapabilitySet(in *aws.CapabilitySet, out *CapabilitySet, s conversion.Scope) error { - out.Regions = *(*[]RegionAMIMapping)(unsafe.Pointer(&in.Regions)) - out.Capabilities = *(*v1beta1.Capabilities)(unsafe.Pointer(&in.Capabilities)) - return nil -} - -// Convert_aws_CapabilitySet_To_v1alpha1_CapabilitySet is an autogenerated conversion function. -func Convert_aws_CapabilitySet_To_v1alpha1_CapabilitySet(in *aws.CapabilitySet, out *CapabilitySet, s conversion.Scope) error { - return autoConvert_aws_CapabilitySet_To_v1alpha1_CapabilitySet(in, out, s) -} - func autoConvert_v1alpha1_CloudControllerManagerConfig_To_aws_CloudControllerManagerConfig(in *CloudControllerManagerConfig, out *aws.CloudControllerManagerConfig, s conversion.Scope) error { out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates)) out.UseCustomRouteController = (*bool)(unsafe.Pointer(in.UseCustomRouteController)) @@ -919,10 +897,32 @@ func Convert_aws_MachineImage_To_v1alpha1_MachineImage(in *aws.MachineImage, out return autoConvert_aws_MachineImage_To_v1alpha1_MachineImage(in, out, s) } +func autoConvert_v1alpha1_MachineImageFlavor_To_aws_MachineImageFlavor(in *MachineImageFlavor, out *aws.MachineImageFlavor, s conversion.Scope) error { + out.Regions = *(*[]aws.RegionAMIMapping)(unsafe.Pointer(&in.Regions)) + out.Capabilities = *(*v1beta1.Capabilities)(unsafe.Pointer(&in.Capabilities)) + return nil +} + +// Convert_v1alpha1_MachineImageFlavor_To_aws_MachineImageFlavor is an autogenerated conversion function. +func Convert_v1alpha1_MachineImageFlavor_To_aws_MachineImageFlavor(in *MachineImageFlavor, out *aws.MachineImageFlavor, s conversion.Scope) error { + return autoConvert_v1alpha1_MachineImageFlavor_To_aws_MachineImageFlavor(in, out, s) +} + +func autoConvert_aws_MachineImageFlavor_To_v1alpha1_MachineImageFlavor(in *aws.MachineImageFlavor, out *MachineImageFlavor, s conversion.Scope) error { + out.Regions = *(*[]RegionAMIMapping)(unsafe.Pointer(&in.Regions)) + out.Capabilities = *(*v1beta1.Capabilities)(unsafe.Pointer(&in.Capabilities)) + return nil +} + +// Convert_aws_MachineImageFlavor_To_v1alpha1_MachineImageFlavor is an autogenerated conversion function. +func Convert_aws_MachineImageFlavor_To_v1alpha1_MachineImageFlavor(in *aws.MachineImageFlavor, out *MachineImageFlavor, s conversion.Scope) error { + return autoConvert_aws_MachineImageFlavor_To_v1alpha1_MachineImageFlavor(in, out, s) +} + func autoConvert_v1alpha1_MachineImageVersion_To_aws_MachineImageVersion(in *MachineImageVersion, out *aws.MachineImageVersion, s conversion.Scope) error { out.Version = in.Version out.Regions = *(*[]aws.RegionAMIMapping)(unsafe.Pointer(&in.Regions)) - out.CapabilitySets = *(*[]aws.CapabilitySet)(unsafe.Pointer(&in.CapabilitySets)) + out.CapabilityFlavors = *(*[]aws.MachineImageFlavor)(unsafe.Pointer(&in.CapabilityFlavors)) return nil } @@ -934,7 +934,7 @@ func Convert_v1alpha1_MachineImageVersion_To_aws_MachineImageVersion(in *Machine func autoConvert_aws_MachineImageVersion_To_v1alpha1_MachineImageVersion(in *aws.MachineImageVersion, out *MachineImageVersion, s conversion.Scope) error { out.Version = in.Version out.Regions = *(*[]RegionAMIMapping)(unsafe.Pointer(&in.Regions)) - out.CapabilitySets = *(*[]CapabilitySet)(unsafe.Pointer(&in.CapabilitySets)) + out.CapabilityFlavors = *(*[]MachineImageFlavor)(unsafe.Pointer(&in.CapabilityFlavors)) return nil } diff --git a/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go index 5f017b2de..89aab80bb 100644 --- a/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go @@ -45,44 +45,6 @@ func (in *BackupBucketConfig) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CapabilitySet) DeepCopyInto(out *CapabilitySet) { - *out = *in - if in.Regions != nil { - in, out := &in.Regions, &out.Regions - *out = make([]RegionAMIMapping, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Capabilities != nil { - in, out := &in.Capabilities, &out.Capabilities - *out = make(v1beta1.Capabilities, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make(v1beta1.CapabilityValues, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitySet. -func (in *CapabilitySet) DeepCopy() *CapabilitySet { - if in == nil { - return nil - } - out := new(CapabilitySet) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudControllerManagerConfig) DeepCopyInto(out *CloudControllerManagerConfig) { *out = *in @@ -606,6 +568,44 @@ func (in *MachineImage) DeepCopy() *MachineImage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineImageFlavor) DeepCopyInto(out *MachineImageFlavor) { + *out = *in + if in.Regions != nil { + in, out := &in.Regions, &out.Regions + *out = make([]RegionAMIMapping, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = make(v1beta1.Capabilities, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(v1beta1.CapabilityValues, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImageFlavor. +func (in *MachineImageFlavor) DeepCopy() *MachineImageFlavor { + if in == nil { + return nil + } + out := new(MachineImageFlavor) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MachineImageVersion) DeepCopyInto(out *MachineImageVersion) { *out = *in @@ -616,9 +616,9 @@ func (in *MachineImageVersion) DeepCopyInto(out *MachineImageVersion) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.CapabilitySets != nil { - in, out := &in.CapabilitySets, &out.CapabilitySets - *out = make([]CapabilitySet, len(*in)) + if in.CapabilityFlavors != nil { + in, out := &in.CapabilityFlavors, &out.CapabilityFlavors + *out = make([]MachineImageFlavor, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/pkg/apis/aws/v1alpha1/zz_generated.defaults.go b/pkg/apis/aws/v1alpha1/zz_generated.defaults.go index 4c59cfea4..dc455a165 100644 --- a/pkg/apis/aws/v1alpha1/zz_generated.defaults.go +++ b/pkg/apis/aws/v1alpha1/zz_generated.defaults.go @@ -32,9 +32,9 @@ func SetObjectDefaults_CloudProfileConfig(in *CloudProfileConfig) { c := &b.Regions[k] SetDefaults_RegionAMIMapping(c) } - for k := range b.CapabilitySets { - c := &b.CapabilitySets[k] - SetDefaults_CapabilitySet(c) + for k := range b.CapabilityFlavors { + c := &b.CapabilityFlavors[k] + SetDefaults_MachineImageFlavor(c) for l := range c.Regions { d := &c.Regions[l] SetDefaults_RegionAMIMapping(d) diff --git a/pkg/apis/aws/validation/cloudprofile.go b/pkg/apis/aws/validation/cloudprofile.go index 28c0589da..a1fda89b7 100644 --- a/pkg/apis/aws/validation/cloudprofile.go +++ b/pkg/apis/aws/validation/cloudprofile.go @@ -20,30 +20,44 @@ import ( "k8s.io/utils/ptr" apisaws "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws" - "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/helper" ) // ValidateCloudProfileConfig validates a CloudProfileConfig object. -func ValidateCloudProfileConfig(cpConfig *apisaws.CloudProfileConfig, machineImages []core.MachineImage, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, fldPath *field.Path) field.ErrorList { +func ValidateCloudProfileConfig(cpConfig *apisaws.CloudProfileConfig, machineImages []core.MachineImage, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} - machineImagesPath := fldPath.Child("machineImages") - if len(cpConfig.MachineImages) == 0 { - allErrs = append(allErrs, field.Required(machineImagesPath, "must provide at least one machine image")) + + // Validate machine images section + allErrs = append(allErrs, validateMachineImages(cpConfig.MachineImages, capabilityDefinitions, machineImagesPath)...) + + // Validate machine image mappings + allErrs = append(allErrs, validateMachineImageMapping(machineImages, cpConfig, capabilityDefinitions, field.NewPath("spec").Child("machineImages"))...) + + return allErrs +} + +// validateMachineImages validates the machine images section of CloudProfileConfig +func validateMachineImages(machineImages []apisaws.MachineImages, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + // Ensure at least one machine image is provided + if len(machineImages) == 0 { + allErrs = append(allErrs, field.Required(fldPath, "must provide at least one machine image")) + return allErrs } - for i, machineImage := range cpConfig.MachineImages { - idxPath := machineImagesPath.Index(i) - allErrs = append(allErrs, ValidateProviderMachineImage(idxPath, machineImage, capabilitiesDefinitions)...) + + // Validate each machine image + for i, machineImage := range machineImages { + idxPath := fldPath.Index(i) + allErrs = append(allErrs, ValidateProviderMachineImage(machineImage, capabilityDefinitions, idxPath)...) } - allErrs = append(allErrs, validateMachineImageMapping(machineImages, cpConfig, capabilitiesDefinitions, field.NewPath("spec").Child("machineImages"))...) return allErrs } // ValidateProviderMachineImage validates a CloudProfileConfig MachineImages entry. -func ValidateProviderMachineImage(validationPath *field.Path, providerImage apisaws.MachineImages, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition) field.ErrorList { +func ValidateProviderMachineImage(providerImage apisaws.MachineImages, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, validationPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} - hasCloudProfileCapabilities := len(capabilitiesDefinitions) > 0 if len(providerImage.Name) == 0 { allErrs = append(allErrs, field.Required(validationPath.Child("name"), "must provide a name")) @@ -52,34 +66,55 @@ func ValidateProviderMachineImage(validationPath *field.Path, providerImage apis if len(providerImage.Versions) == 0 { allErrs = append(allErrs, field.Required(validationPath.Child("versions"), fmt.Sprintf("must provide at least one version for machine image %q", providerImage.Name))) } + + // Validate each version for j, version := range providerImage.Versions { jdxPath := validationPath.Child("versions").Index(j) + allErrs = append(allErrs, validateMachineImageVersion(providerImage, capabilityDefinitions, version, jdxPath)...) + } - if len(version.Version) == 0 { - allErrs = append(allErrs, field.Required(jdxPath.Child("version"), "must provide a version")) - } + return allErrs +} - if hasCloudProfileCapabilities { - for k, capabilitySet := range version.CapabilitySets { - kdxPath := jdxPath.Child("capabilitySets").Index(k) - allErrs = append(allErrs, helper.ValidateCapabilities(capabilitySet.Capabilities, capabilitiesDefinitions, kdxPath.Child("capabilities"))...) - allErrs = append(allErrs, validateRegions(capabilitySet.Regions, providerImage.Name, version.Version, hasCloudProfileCapabilities, kdxPath)...) - } - if len(version.Regions) > 0 { - allErrs = append(allErrs, field.Forbidden(jdxPath.Child("regions"), "must not be set as CloudProfile defines capabilities. Use capabilitySets.regions instead.")) - } - } else { - allErrs = append(allErrs, validateRegions(version.Regions, providerImage.Name, version.Version, hasCloudProfileCapabilities, jdxPath)...) - if len(version.CapabilitySets) > 0 { - allErrs = append(allErrs, field.Forbidden(jdxPath.Child("capabilitySets"), "must not be set as CloudProfile does not define capabilities. Use regions instead.")) - } +// validateMachineImageVersion validates a specific machine image version +func validateMachineImageVersion(providerImage apisaws.MachineImages, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, version apisaws.MachineImageVersion, jdxPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if len(version.Version) == 0 { + allErrs = append(allErrs, field.Required(jdxPath.Child("version"), "must provide a version")) + } + + if len(capabilityDefinitions) > 0 { + allErrs = append(allErrs, validateCapabilityFlavors(providerImage, version, capabilityDefinitions, jdxPath)...) + } else { + allErrs = append(allErrs, validateRegions(version.Regions, providerImage.Name, version.Version, capabilityDefinitions, jdxPath)...) + if len(version.CapabilityFlavors) > 0 { + allErrs = append(allErrs, field.Forbidden(jdxPath.Child("capabilityFlavors"), "must not be set as CloudProfile does not define capabilities. Use regions instead.")) } } + return allErrs +} + +// validateCapabilityFlavors validates the capability flavors of a machine image version. +func validateCapabilityFlavors(providerImage apisaws.MachineImages, version apisaws.MachineImageVersion, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, jdxPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + // When using capabilities, regions must not be set + if len(version.Regions) > 0 { + allErrs = append(allErrs, field.Forbidden(jdxPath.Child("regions"), "must not be set as CloudProfile defines capabilities. Use capabilityFlavors.regions instead.")) + } + // Validate each flavor's capabilities and regions + for k, capabilitySet := range version.CapabilityFlavors { + kdxPath := jdxPath.Child("capabilityFlavors").Index(k) + allErrs = append(allErrs, gutil.ValidateCapabilities(capabilitySet.Capabilities, capabilityDefinitions, kdxPath.Child("capabilities"))...) + allErrs = append(allErrs, validateRegions(capabilitySet.Regions, providerImage.Name, version.Version, capabilityDefinitions, kdxPath)...) + } return allErrs } -func validateRegions(regions []apisaws.RegionAMIMapping, version, name string, hasCloudProfileCapabilities bool, jdxPath *field.Path) field.ErrorList { +// validateRegions validates the regions of a machine image version or capability flavor. +func validateRegions(regions []apisaws.RegionAMIMapping, name, version string, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, jdxPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} if len(regions) == 0 { return append(allErrs, field.Required(jdxPath.Child("regions"), fmt.Sprintf("must provide at least one region for machine image %q and version %q", name, version))) @@ -95,18 +130,18 @@ func validateRegions(regions []apisaws.RegionAMIMapping, version, name string, h if len(region.AMI) == 0 { allErrs = append(allErrs, field.Required(kdxPath.Child("ami"), "must provide an ami")) } - if !hasCloudProfileCapabilities { + if len(capabilityDefinitions) == 0 { if !slices.Contains(v1beta1constants.ValidArchitectures, arch) { allErrs = append(allErrs, field.NotSupported(kdxPath.Child("architecture"), arch, v1beta1constants.ValidArchitectures)) } } // This should be commented in once the defaulting of the architecture field is implemented via mutating webhook // currently there is no way to distinguish between a user set architecture and the default one - if hasCloudProfileCapabilities { + if len(capabilityDefinitions) > 0 { // If Capabilities are defined in the CloudProfile, the architecture gets defaulted to "ignore" during runtime if not set. architecture := ptr.Deref(region.Architecture, "ignore") if architecture != "ignore" { - allErrs = append(allErrs, field.Forbidden(kdxPath.Child("architecture"), "must be defined in .capabilities.architecture"+architecture)) + allErrs = append(allErrs, field.Forbidden(kdxPath.Child("architecture"), "must be defined in .capabilities.architecture")) } } } @@ -124,7 +159,7 @@ func NewProviderImagesContext(providerImages []apisaws.MachineImages) *gutil.Ima } // validateMachineImageMapping validates that for each machine image there is a corresponding cpConfig image. -func validateMachineImageMapping(machineImages []core.MachineImage, cpConfig *apisaws.CloudProfileConfig, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, fldPath *field.Path) field.ErrorList { +func validateMachineImageMapping(machineImages []core.MachineImage, cpConfig *apisaws.CloudProfileConfig, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} providerImages := NewProviderImagesContext(cpConfig.MachineImages) @@ -136,46 +171,35 @@ func validateMachineImageMapping(machineImages []core.MachineImage, cpConfig *ap machineImagePath := fldPath.Index(idxImage) // validate that for each machine image there is a corresponding cpConfig image if _, existsInConfig := providerImages.GetImage(machineImage.Name); !existsInConfig { - allErrs = append(allErrs, field.Required(machineImagePath, - fmt.Sprintf("must provide an image mapping for image %q in providerConfig", machineImage.Name))) + allErrs = append(allErrs, field.Required(machineImagePath, fmt.Sprintf("must provide an image mapping for image %q in providerConfig", machineImage.Name))) continue } - // validate that for each machine image version entry a mapped entry in cpConfig exists - for idxVersion, version := range machineImage.Versions { - machineImageVersionPath := machineImagePath.Child("versions").Index(idxVersion) - if len(capabilitiesDefinitions) > 0 { - // check that each CapabilitySet in version.CapabilitySets has a corresponding imageVersion.CapabilitySets - imageVersion, exists := providerImages.GetImageVersion(machineImage.Name, version.Version) - if !exists { - allErrs = append(allErrs, field.Required(machineImageVersionPath, - fmt.Sprintf("machine image version %s@%s is not defined in the providerConfig", - machineImage.Name, version.Version), - )) - continue - } - var v1beta1Version gardencorev1beta1.MachineImageVersion - if err := gardencoreapi.Scheme.Convert(&version, &v1beta1Version, nil); err != nil { - return append(allErrs, field.InternalError(machineImageVersionPath, err)) - } - defaultedCapabilitySets := gardencorev1beta1helper.GetCapabilitySetsWithAppliedDefaults(v1beta1Version.CapabilitySets, capabilitiesDefinitions) - for idxCapability, defaultedCapabilitySet := range defaultedCapabilitySets { - isFound := false - // search for the corresponding imageVersion.CapabilitySet - for _, providerCapabilitySet := range imageVersion.CapabilitySets { - providerDefaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(providerCapabilitySet.Capabilities, capabilitiesDefinitions) - if helper.AreCapabilitiesEqual(defaultedCapabilitySet.Capabilities, providerDefaultedCapabilities) { - isFound = true - } - } - if !isFound { - allErrs = append(allErrs, field.Required(machineImageVersionPath.Child("capabilitySets").Index(idxCapability), - fmt.Sprintf("missing providerConfig mapping for machine image version %s@%s and capabilitySet %v", machineImage.Name, version.Version, defaultedCapabilitySet.Capabilities))) - } - } + allErrs = append(allErrs, validateMachineImageVersionMapping(machineImage, machineImagePath, capabilityDefinitions, providerImages)...) + } + + return allErrs +} + +func validateMachineImageVersionMapping(machineImage core.MachineImage, machineImagePath *field.Path, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, providerImages *gutil.ImagesContext[apisaws.MachineImages, apisaws.MachineImageVersion]) field.ErrorList { + allErrs := field.ErrorList{} + + // validate that for each machine image version entry a mapped entry in cpConfig exists + for idxVersion, version := range machineImage.Versions { + machineImageVersionPath := machineImagePath.Child("versions").Index(idxVersion) + + if len(capabilityDefinitions) > 0 { + // check that each MachineImageFlavor in version.CapabilityFlavors has a corresponding imageVersion.CapabilityFlavors + imageVersion, exists := providerImages.GetImageVersion(machineImage.Name, version.Version) + if !exists { + allErrs = append(allErrs, field.Required(machineImageVersionPath, + fmt.Sprintf("machine image version %s@%s is not defined in the providerConfig", + machineImage.Name, version.Version), + )) continue } - + allErrs = append(allErrs, validateImageFlavorMapping(machineImage, version, machineImageVersionPath, capabilityDefinitions, imageVersion)...) + } else { for _, expectedArchitecture := range version.Architectures { // validate that machine image version exists in cpConfig imageVersion, exists := providerImages.GetImageVersion(machineImage.Name, version.Version) @@ -203,6 +227,33 @@ func validateMachineImageMapping(machineImages []core.MachineImage, cpConfig *ap } } } + return allErrs +} + +// validateImageFlavorMapping validates that each flavor in a version has a corresponding mapping +func validateImageFlavorMapping(machineImage core.MachineImage, version core.MachineImageVersion, machineImageVersionPath *field.Path, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, imageVersion apisaws.MachineImageVersion) field.ErrorList { + allErrs := field.ErrorList{} + + var v1beta1Version gardencorev1beta1.MachineImageVersion + if err := gardencoreapi.Scheme.Convert(&version, &v1beta1Version, nil); err != nil { + return append(allErrs, field.InternalError(machineImageVersionPath, err)) + } + defaultedCapabilityFlavors := gardencorev1beta1helper.GetImageFlavorsWithAppliedDefaults(v1beta1Version.CapabilityFlavors, capabilityDefinitions) + for idxCapability, defaultedCapabilitySet := range defaultedCapabilityFlavors { + isFound := false + // search for the corresponding imageVersion.MachineImageFlavor + for _, providerCapabilitySet := range imageVersion.CapabilityFlavors { + providerDefaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(providerCapabilitySet.Capabilities, capabilityDefinitions) + if gardencorev1beta1helper.AreCapabilitiesEqual(defaultedCapabilitySet.Capabilities, providerDefaultedCapabilities) { + isFound = true + break + } + } + if !isFound { + allErrs = append(allErrs, field.Required(machineImageVersionPath.Child("capabilityFlavors").Index(idxCapability), + fmt.Sprintf("missing providerConfig mapping for machine image version %s@%s and capabilitySet %v", machineImage.Name, version.Version, defaultedCapabilitySet.Capabilities))) + } + } return allErrs } diff --git a/pkg/apis/aws/validation/cloudprofile_test.go b/pkg/apis/aws/validation/cloudprofile_test.go index b68fa34ea..ff3a45f3a 100644 --- a/pkg/apis/aws/validation/cloudprofile_test.go +++ b/pkg/apis/aws/validation/cloudprofile_test.go @@ -22,12 +22,12 @@ import ( var _ = Describe("CloudProfileConfig validation", func() { DescribeTableSubtree("#ValidateCloudProfileConfig", func(isCapabilitiesCloudProfile bool) { var ( - capabilitiesDefinitions []v1beta1.CapabilityDefinition - cloudProfileConfig *apisaws.CloudProfileConfig - machineImages []core.MachineImage - machineImageName string - machineImageVersion string - fldPath *field.Path + capabilityDefinitions []v1beta1.CapabilityDefinition + cloudProfileConfig *apisaws.CloudProfileConfig + machineImages []core.MachineImage + machineImageName string + machineImageVersion string + fldPath *field.Path ) BeforeEach(func() { @@ -35,21 +35,21 @@ var _ = Describe("CloudProfileConfig validation", func() { Name: "eu", AMI: "ami-1234", }} - var capabilitySets []apisaws.CapabilitySet + var capabilityFlavors []apisaws.MachineImageFlavor if isCapabilitiesCloudProfile { - capabilitiesDefinitions = []v1beta1.CapabilityDefinition{{ + capabilityDefinitions = []v1beta1.CapabilityDefinition{{ Name: v1beta1constants.ArchitectureName, - Values: []string{v1beta1constants.ArchitectureAMD64}, + Values: []string{"amd64"}, }} - capabilitySets = []apisaws.CapabilitySet{{ + capabilityFlavors = []apisaws.MachineImageFlavor{{ Regions: regions, Capabilities: v1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureAMD64}, + v1beta1constants.ArchitectureName: []string{"amd64"}, }}} regions = nil } else { - regions[0].Architecture = ptr.To(v1beta1constants.ArchitectureAMD64) + regions[0].Architecture = ptr.To("amd64") } machineImageName = "ubuntu" @@ -60,9 +60,9 @@ var _ = Describe("CloudProfileConfig validation", func() { Name: machineImageName, Versions: []apisaws.MachineImageVersion{ { - Version: machineImageVersion, - Regions: regions, - CapabilitySets: capabilitySets, + Version: machineImageVersion, + Regions: regions, + CapabilityFlavors: capabilityFlavors, }, }, }, @@ -74,7 +74,7 @@ var _ = Describe("CloudProfileConfig validation", func() { Versions: []core.MachineImageVersion{ { ExpirableVersion: core.ExpirableVersion{Version: machineImageVersion}, - Architectures: []string{v1beta1constants.ArchitectureAMD64}, + Architectures: []string{"amd64"}, }, }, }, @@ -83,14 +83,14 @@ var _ = Describe("CloudProfileConfig validation", func() { Context("machine image validation", func() { It("should pass validation with valid config", func() { - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(BeEmpty()) }) It("should enforce that at least one machine image has been defined", func() { cloudProfileConfig.MachineImages = []apisaws.MachineImages{} - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), @@ -101,10 +101,42 @@ var _ = Describe("CloudProfileConfig validation", func() { })))) }) + It("should forbid images with empty regions", func() { + var fieldMatcher string + if isCapabilitiesCloudProfile { + fieldMatcher = "machineImages[0].versions[0].capabilityFlavors[0].regions" + cloudProfileConfig.MachineImages[0].Versions[0].CapabilityFlavors[0].Regions = []apisaws.RegionAMIMapping{} + } else { + fieldMatcher = "machineImages[0].versions[0].regions" + cloudProfileConfig.MachineImages[0].Versions[0].Regions = []apisaws.RegionAMIMapping{} + } + + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) + if isCapabilitiesCloudProfile { + Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ + "Type": Equal(field.ErrorTypeRequired), + "Detail": Equal("must provide at least one region for machine image \"ubuntu\" and version \"1.2.3\""), + "Field": Equal(fieldMatcher), + })))) + } else { + Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ + "Type": Equal(field.ErrorTypeRequired), + "Detail": Equal("missing providerConfig mapping for machine image version ubuntu@1.2.3 and architecture: amd64"), + "Field": Equal("spec.machineImages[0].versions[0]"), + })), + PointTo(MatchFields(IgnoreExtras, Fields{ + "Type": Equal(field.ErrorTypeRequired), + "Detail": Equal("must provide at least one region for machine image \"ubuntu\" and version \"1.2.3\""), + "Field": Equal(fieldMatcher), + })), + )) + } + }) + It("should forbid unsupported machine image configuration", func() { cloudProfileConfig.MachineImages = []apisaws.MachineImages{{}} - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), @@ -128,13 +160,13 @@ var _ = Describe("CloudProfileConfig validation", func() { }, } if isCapabilitiesCloudProfile { - matcher = Equal("machineImages[0].versions[0].capabilitySets[0].regions") - cloudProfileConfig.MachineImages[0].Versions[0].CapabilitySets = []apisaws.CapabilitySet{{}} + matcher = Equal("machineImages[0].versions[0].capabilityFlavors[0].regions") + cloudProfileConfig.MachineImages[0].Versions[0].CapabilityFlavors = []apisaws.MachineImageFlavor{{}} } else { matcher = Equal("machineImages[0].versions[0].regions") } - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), @@ -153,13 +185,13 @@ var _ = Describe("CloudProfileConfig validation", func() { var machineImageVersion apisaws.MachineImageVersion var nameMatcher, amiMatcher types.GomegaMatcher if isCapabilitiesCloudProfile { - nameMatcher = Equal("machineImages[0].versions[0].capabilitySets[0].regions[0].name") - amiMatcher = Equal("machineImages[0].versions[0].capabilitySets[0].regions[0].ami") + nameMatcher = Equal("machineImages[0].versions[0].capabilityFlavors[0].regions[0].name") + amiMatcher = Equal("machineImages[0].versions[0].capabilityFlavors[0].regions[0].ami") machineImageVersion = apisaws.MachineImageVersion{ Version: "1.2.3", - CapabilitySets: []apisaws.CapabilitySet{{ + CapabilityFlavors: []apisaws.MachineImageFlavor{{ Regions: []apisaws.RegionAMIMapping{{}}, - Capabilities: v1beta1.Capabilities{v1beta1constants.ArchitectureName: {v1beta1constants.ArchitectureAMD64}}, + Capabilities: v1beta1.Capabilities{v1beta1constants.ArchitectureName: {"amd64"}}, }}, } } else { @@ -177,7 +209,7 @@ var _ = Describe("CloudProfileConfig validation", func() { }, } - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), @@ -196,9 +228,9 @@ var _ = Describe("CloudProfileConfig validation", func() { It("should forbid unsupported machine image architecture configuration", func() { var notSupportedField, requiredField types.GomegaMatcher if isCapabilitiesCloudProfile { - cloudProfileConfig.MachineImages[0].Versions[0].CapabilitySets[0].Capabilities[v1beta1constants.ArchitectureName] = []string{"foo"} - notSupportedField = Equal("machineImages[0].versions[0].capabilitySets[0].capabilities.architecture[0]") - requiredField = Equal("spec.machineImages[0].versions[0].capabilitySets[0]") + cloudProfileConfig.MachineImages[0].Versions[0].CapabilityFlavors[0].Capabilities[v1beta1constants.ArchitectureName] = []string{"foo"} + notSupportedField = Equal("machineImages[0].versions[0].capabilityFlavors[0].capabilities.architecture[0]") + requiredField = Equal("spec.machineImages[0].versions[0].capabilityFlavors[0]") } else { cloudProfileConfig.MachineImages[0].Versions[0].Regions[0].Architecture = ptr.To("foo") notSupportedField = Equal("machineImages[0].versions[0].regions[0].architecture") @@ -206,7 +238,7 @@ var _ = Describe("CloudProfileConfig validation", func() { } - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeNotSupported), @@ -221,45 +253,45 @@ var _ = Describe("CloudProfileConfig validation", func() { It("should forbid missing architecture or capabilitySet mapping", func() { var fieldMatcher types.GomegaMatcher if isCapabilitiesCloudProfile { - machineImages[0].Versions[0].CapabilitySets = []core.CapabilitySet{ - {Capabilities: core.Capabilities{v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureARM64}}}, + machineImages[0].Versions[0].CapabilityFlavors = []core.MachineImageFlavor{ + {Capabilities: core.Capabilities{v1beta1constants.ArchitectureName: []string{"arm64"}}}, } - fieldMatcher = Equal("spec.machineImages[0].versions[0].capabilitySets[0]") + fieldMatcher = Equal("spec.machineImages[0].versions[0].capabilityFlavors[0]") } else { - machineImages[0].Versions[0].Architectures = []string{v1beta1constants.ArchitectureARM64} + machineImages[0].Versions[0].Architectures = []string{"arm64"} fieldMatcher = Equal("spec.machineImages[0].versions[0]") } - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(ConsistOf( PointTo(MatchFields(IgnoreExtras, Fields{"Type": Equal(field.ErrorTypeRequired), "Field": fieldMatcher})), )) }) - It("should automatically use amd64 (or default to capabilitiesDefinition)", func() { + It("should automatically use amd64 (or default to capabilityDefinitions)", func() { if !isCapabilitiesCloudProfile { cloudProfileConfig.MachineImages[0].Versions[0].Regions[0].Architecture = nil } - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(BeEmpty()) }) - It("should reject when machineImage.regions and machineImage.capabilitySets is set", func() { + It("should reject when machineImage.regions and machineImage.capabilityFlavors is set", func() { var fieldMatcher types.GomegaMatcher if isCapabilitiesCloudProfile { fieldMatcher = Equal("machineImages[0].versions[0].regions") } else { - fieldMatcher = Equal("machineImages[0].versions[0].capabilitySets") + fieldMatcher = Equal("machineImages[0].versions[0].capabilityFlavors") } cloudProfileConfig.MachineImages[0].Versions[0].Regions = append(cloudProfileConfig.MachineImages[0].Versions[0].Regions, apisaws.RegionAMIMapping{ Name: "eu", AMI: "ami-1234", - Architecture: ptr.To(v1beta1constants.ArchitectureAMD64), + Architecture: ptr.To("amd64"), }) - cloudProfileConfig.MachineImages[0].Versions[0].CapabilitySets = append(cloudProfileConfig.MachineImages[0].Versions[0].CapabilitySets, apisaws.CapabilitySet{ + cloudProfileConfig.MachineImages[0].Versions[0].CapabilityFlavors = append(cloudProfileConfig.MachineImages[0].Versions[0].CapabilityFlavors, apisaws.MachineImageFlavor{ Regions: []apisaws.RegionAMIMapping{{Name: "eu", AMI: "ami-1234"}}, }) - errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilitiesDefinitions, fldPath) + errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, capabilityDefinitions, fldPath) Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeForbidden), "Field": fieldMatcher, diff --git a/pkg/apis/aws/validation/worker.go b/pkg/apis/aws/validation/worker.go index f5c997b48..b6682cd25 100644 --- a/pkg/apis/aws/validation/worker.go +++ b/pkg/apis/aws/validation/worker.go @@ -107,7 +107,7 @@ func ValidateWorkersAgainstCloudProfileOnCreation( region string, awsCloudProfile *apisaws.CloudProfileConfig, machineTypes []v1beta1.MachineType, - capabilitiesDefinitions []v1beta1.CapabilityDefinition, + capabilityDefinitions []v1beta1.CapabilityDefinition, fldPath *field.Path, ) field.ErrorList { allErrs := field.ErrorList{} @@ -119,7 +119,7 @@ func ValidateWorkersAgainstCloudProfileOnCreation( continue } - allErrs = append(allErrs, validateWorkerConfigAgainstCloudProfile(w, region, awsCloudProfile, machineType.Capabilities, capabilitiesDefinitions, fldPath.Index(i))...) + allErrs = append(allErrs, validateWorkerConfigAgainstCloudProfile(w, region, awsCloudProfile, machineType.Capabilities, capabilityDefinitions, fldPath.Index(i))...) } return allErrs } @@ -130,7 +130,7 @@ func ValidateWorkersAgainstCloudProfileOnUpdate( region string, awsCloudProfile *apisaws.CloudProfileConfig, machineTypes []v1beta1.MachineType, - capabilitiesDefinitions []v1beta1.CapabilityDefinition, + capabilityDefinitions []v1beta1.CapabilityDefinition, fldPath *field.Path, ) field.ErrorList { allErrs := field.ErrorList{} @@ -153,7 +153,7 @@ func ValidateWorkersAgainstCloudProfileOnUpdate( continue } - allErrs = append(allErrs, validateWorkerConfigAgainstCloudProfile(newWorker, region, awsCloudProfile, machineType.Capabilities, capabilitiesDefinitions, fldPath.Index(i))...) + allErrs = append(allErrs, validateWorkerConfigAgainstCloudProfile(newWorker, region, awsCloudProfile, machineType.Capabilities, capabilityDefinitions, fldPath.Index(i))...) } } @@ -165,7 +165,7 @@ func validateWorkerConfigAgainstCloudProfile( region string, awsCloudProfile *apisaws.CloudProfileConfig, machineCapabilities v1beta1.Capabilities, - capabilitiesDefinitions []v1beta1.CapabilityDefinition, + capabilityDefinitions []v1beta1.CapabilityDefinition, fldPath *field.Path, ) field.ErrorList { var ( @@ -178,7 +178,7 @@ func validateWorkerConfigAgainstCloudProfile( return allErrs } - if _, err := apisawshelper.FindImageInCloudProfile(awsCloudProfile, image.Name, image.Version, region, architecture, machineCapabilities, capabilitiesDefinitions); err != nil { + if _, err := apisawshelper.FindImageInCloudProfile(awsCloudProfile, image.Name, image.Version, region, architecture, machineCapabilities, capabilityDefinitions); err != nil { allErrs = append(allErrs, field.Invalid(fldPath.Child("machine", "image"), image, fmt.Sprint(err))) } return allErrs diff --git a/pkg/apis/aws/zz_generated.deepcopy.go b/pkg/apis/aws/zz_generated.deepcopy.go index 9001dfe61..656a43748 100644 --- a/pkg/apis/aws/zz_generated.deepcopy.go +++ b/pkg/apis/aws/zz_generated.deepcopy.go @@ -45,44 +45,6 @@ func (in *BackupBucketConfig) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CapabilitySet) DeepCopyInto(out *CapabilitySet) { - *out = *in - if in.Regions != nil { - in, out := &in.Regions, &out.Regions - *out = make([]RegionAMIMapping, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Capabilities != nil { - in, out := &in.Capabilities, &out.Capabilities - *out = make(v1beta1.Capabilities, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make(v1beta1.CapabilityValues, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitySet. -func (in *CapabilitySet) DeepCopy() *CapabilitySet { - if in == nil { - return nil - } - out := new(CapabilitySet) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudControllerManagerConfig) DeepCopyInto(out *CloudControllerManagerConfig) { *out = *in @@ -622,6 +584,44 @@ func (in *MachineImage) DeepCopy() *MachineImage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineImageFlavor) DeepCopyInto(out *MachineImageFlavor) { + *out = *in + if in.Regions != nil { + in, out := &in.Regions, &out.Regions + *out = make([]RegionAMIMapping, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = make(v1beta1.Capabilities, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(v1beta1.CapabilityValues, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImageFlavor. +func (in *MachineImageFlavor) DeepCopy() *MachineImageFlavor { + if in == nil { + return nil + } + out := new(MachineImageFlavor) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MachineImageVersion) DeepCopyInto(out *MachineImageVersion) { *out = *in @@ -632,9 +632,9 @@ func (in *MachineImageVersion) DeepCopyInto(out *MachineImageVersion) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.CapabilitySets != nil { - in, out := &in.CapabilitySets, &out.CapabilitySets - *out = make([]CapabilitySet, len(*in)) + if in.CapabilityFlavors != nil { + in, out := &in.CapabilityFlavors, &out.CapabilityFlavors + *out = make([]MachineImageFlavor, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/pkg/controller/bastion/options.go b/pkg/controller/bastion/options.go index a1c9ff1c6..7d93026da 100644 --- a/pkg/controller/bastion/options.go +++ b/pkg/controller/bastion/options.go @@ -17,7 +17,6 @@ import ( gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - api "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws" "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/helper" awsclient "github.com/gardener/gardener-extension-provider-aws/pkg/aws/client" ) @@ -99,15 +98,13 @@ func NewOpts(ctx context.Context, bastion *extensionsv1alpha1.Bastion, cluster * return Options{}, fmt.Errorf("failed to extract cloud provider config from cluster: %w", err) } - machineImageVersion, err := getProviderSpecificImage(cloudProfileConfig.MachineImages, vmDetails) + var ami string + imageFlavor, err := helper.FindImageInCloudProfile(cloudProfileConfig, vmDetails.ImageBaseName, vmDetails.ImageVersion, region, &vmDetails.Architecture, vmDetails.MachineTypeCapabilities, cluster.CloudProfile.Spec.MachineCapabilities) if err != nil { - return Options{}, fmt.Errorf("failed to extract image from provider config: %w", err) - } - - ami, err := findImageAMIByRegion(machineImageVersion, vmDetails, region) - if err != nil { - return Options{}, fmt.Errorf("failed to find image AMI by region: %w", err) + return Options{}, fmt.Errorf("failed to find machine image in CloudProfileConfig: %w", err) } + // We can safely assume that the AMI exists, because FindImageInCloudProfile would have errored otherwise. + ami = imageFlavor.Regions[0].AMI ipV6 := cluster.Shoot.Spec.Networking != nil && slices.Contains(cluster.Shoot.Spec.Networking.IPFamilies, gardencorev1beta1.IPFamilyIPv6) @@ -145,41 +142,3 @@ func resolveSubnetName(ctx context.Context, awsClient *awsclient.Client, subnetN return } - -// getProviderSpecificImage returns the provider specific MachineImageVersion that matches with the given VmDetails -func getProviderSpecificImage(images []api.MachineImages, vm extensionsbastion.MachineSpec) (api.MachineImageVersion, error) { - imageIndex := slices.IndexFunc(images, func(image api.MachineImages) bool { - return image.Name == vm.ImageBaseName - }) - - if imageIndex == -1 { - return api.MachineImageVersion{}, - fmt.Errorf("machine image with name %s not found in cloudProfileConfig", vm.ImageBaseName) - } - - versions := images[imageIndex].Versions - versionIndex := slices.IndexFunc(versions, func(version api.MachineImageVersion) bool { - return version.Version == vm.ImageVersion - }) - - if versionIndex == -1 { - return api.MachineImageVersion{}, - fmt.Errorf("version %s for arch %s of image %s not found in cloudProfileConfig", - vm.ImageVersion, vm.Architecture, vm.ImageBaseName) - } - - return versions[versionIndex], nil -} - -func findImageAMIByRegion(image api.MachineImageVersion, vmDetails extensionsbastion.MachineSpec, region string) (string, error) { - regionIndex := slices.IndexFunc(image.Regions, func(RegionAMIMapping api.RegionAMIMapping) bool { - return RegionAMIMapping.Name == region && RegionAMIMapping.Architecture != nil && *RegionAMIMapping.Architecture == vmDetails.Architecture - }) - - if regionIndex == -1 { - return "", fmt.Errorf("image '%s' with version '%s' and architecture '%s' not found in region '%s'", - vmDetails.ImageBaseName, image.Version, vmDetails.Architecture, region) - } - - return image.Regions[regionIndex].AMI, nil -} diff --git a/pkg/controller/bastion/options_test.go b/pkg/controller/bastion/options_test.go deleted file mode 100644 index 0eceb8fae..000000000 --- a/pkg/controller/bastion/options_test.go +++ /dev/null @@ -1,92 +0,0 @@ -// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors -// -// SPDX-License-Identifier: Apache-2.0 - -package bastion - -import ( - extensionsbastion "github.com/gardener/gardener/extensions/pkg/bastion" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "k8s.io/utils/ptr" - - api "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws" -) - -var _ = Describe("Bastion Options", func() { - var region = "test-region" - var image = "gardenlinux" - var version = "1.0.0" - var ami = "test-ami" - var machineName = "test-machine" - var architecture = "amd64" - var amiMapping []api.RegionAMIMapping - var machineImageVersion api.MachineImageVersion - var machineImages []api.MachineImages - var vmDetails extensionsbastion.MachineSpec - - BeforeEach(func() { - amiMapping = []api.RegionAMIMapping{ - { - Name: region, - AMI: ami, - Architecture: ptr.To(architecture), - }, - } - machineImageVersion = api.MachineImageVersion{ - Version: version, - Regions: amiMapping, - } - machineImages = []api.MachineImages{ - { - Name: image, - Versions: []api.MachineImageVersion{machineImageVersion}, - }, - } - vmDetails = extensionsbastion.MachineSpec{ - MachineTypeName: machineName, - Architecture: architecture, - ImageBaseName: image, - ImageVersion: version, - } - }) - - Context("getProviderSpecificImage", func() { - It("should succeed for existing image and version", func() { - machineImageVersion, err := getProviderSpecificImage(machineImages, vmDetails) - Expect(err).NotTo(HaveOccurred()) - Expect(machineImageVersion).To(Equal(machineImageVersion)) - }) - - It("fail if image name does not exist", func() { - vmDetails.ImageBaseName = "unknown" - _, err := getProviderSpecificImage(machineImages, vmDetails) - Expect(err).To(HaveOccurred()) - }) - - It("fail if image version does not exist", func() { - vmDetails.ImageVersion = "6.6.6" - _, err := getProviderSpecificImage(machineImages, vmDetails) - Expect(err).To(HaveOccurred()) - }) - }) - - Context("findImageAMIByRegion", func() { - It("should find image AMI by region", func() { - imageAmi, err := findImageAMIByRegion(machineImageVersion, vmDetails, region) - Expect(err).NotTo(HaveOccurred()) - Expect(imageAmi).To(Equal(ami)) - }) - - It("fail if region does not match", func() { - _, err := findImageAMIByRegion(machineImageVersion, vmDetails, "unknown") - Expect(err).To(HaveOccurred()) - }) - - It("fail if architecture does not match", func() { - vmDetails.Architecture = "x86" - _, err := findImageAMIByRegion(machineImageVersion, vmDetails, region) - Expect(err).To(HaveOccurred()) - }) - }) -}) diff --git a/pkg/controller/worker/machine_images.go b/pkg/controller/worker/machine_images.go index 4787335aa..f6ad55898 100644 --- a/pkg/controller/worker/machine_images.go +++ b/pkg/controller/worker/machine_images.go @@ -45,7 +45,7 @@ func (w *WorkerDelegate) selectMachineImageForWorkerPool(name, version string, r Version: version, } - if capabilitySet, err := helper.FindImageInCloudProfile(w.cloudProfileConfig, name, version, region, arch, machineCapabilities, w.cluster.CloudProfile.Spec.Capabilities); err == nil { + if capabilitySet, err := helper.FindImageInCloudProfile(w.cloudProfileConfig, name, version, region, arch, machineCapabilities, w.cluster.CloudProfile.Spec.MachineCapabilities); err == nil { selectedMachineImage.Capabilities = capabilitySet.Capabilities selectedMachineImage.AMI = capabilitySet.Regions[0].AMI selectedMachineImage.Architecture = capabilitySet.Regions[0].Architecture @@ -59,15 +59,15 @@ func (w *WorkerDelegate) selectMachineImageForWorkerPool(name, version string, r return nil, fmt.Errorf("could not decode worker status of worker '%s': %w", k8sclient.ObjectKeyFromObject(w.worker), err) } - return helper.FindImageInWorkerStatus(workerStatus.MachineImages, name, version, arch, machineCapabilities, w.cluster.CloudProfile.Spec.Capabilities) + return helper.FindImageInWorkerStatus(workerStatus.MachineImages, name, version, arch, machineCapabilities, w.cluster.CloudProfile.Spec.MachineCapabilities) } return nil, worker.ErrorMachineImageNotFound(name, version, *arch, region) } -func appendMachineImage(machineImages []api.MachineImage, machineImage api.MachineImage, capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition) []api.MachineImage { +func appendMachineImage(machineImages []api.MachineImage, machineImage api.MachineImage, capabilityDefinitions []gardencorev1beta1.CapabilityDefinition) []api.MachineImage { // support for cloudprofile machine images without capabilities - if len(capabilitiesDefinitions) == 0 { + if len(capabilityDefinitions) == 0 { for _, image := range machineImages { if image.Name == machineImage.Name && image.Version == machineImage.Version && machineImage.Architecture == image.Architecture { // If the image already exists without capabilities, we can just return the existing list. @@ -82,11 +82,11 @@ func appendMachineImage(machineImages []api.MachineImage, machineImage api.Machi }) } - defaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(machineImage.Capabilities, capabilitiesDefinitions) + defaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(machineImage.Capabilities, capabilityDefinitions) for _, existingMachineImage := range machineImages { - existingDefaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(existingMachineImage.Capabilities, capabilitiesDefinitions) - if existingMachineImage.Name == machineImage.Name && existingMachineImage.Version == machineImage.Version && helper.AreCapabilitiesEqual(defaultedCapabilities, existingDefaultedCapabilities) { + existingDefaultedCapabilities := gardencorev1beta1helper.GetCapabilitiesWithAppliedDefaults(existingMachineImage.Capabilities, capabilityDefinitions) + if existingMachineImage.Name == machineImage.Name && existingMachineImage.Version == machineImage.Version && gardencorev1beta1helper.AreCapabilitiesEqual(defaultedCapabilities, existingDefaultedCapabilities) { // If the image already exists with the same capabilities return the existing list. return machineImages } diff --git a/pkg/controller/worker/machines.go b/pkg/controller/worker/machines.go index 177e87b27..d3b3998ae 100644 --- a/pkg/controller/worker/machines.go +++ b/pkg/controller/worker/machines.go @@ -120,8 +120,8 @@ func (w *WorkerDelegate) generateMachineConfig(ctx context.Context) error { return err } - machineImages = EnsureUniformMachineImages(machineImages, w.cluster.CloudProfile.Spec.Capabilities) - machineImages = appendMachineImage(machineImages, *machineImage, w.cluster.CloudProfile.Spec.Capabilities) + machineImages = EnsureUniformMachineImages(machineImages, w.cluster.CloudProfile.Spec.MachineCapabilities) + machineImages = appendMachineImage(machineImages, *machineImage, w.cluster.CloudProfile.Spec.MachineCapabilities) blockDevices, err := w.computeBlockDevices(pool, workerConfig) if err != nil { @@ -533,7 +533,7 @@ func EnsureUniformMachineImages(images []awsapi.MachineImage, definitions []gard return uniformMachineImages } - // transform images that were added without Capabilities to contain a CapabilitySet with defaulted Architecture + // transform images that were added without Capabilities to contain a MachineImageFlavor with defaulted Architecture for _, img := range images { if len(img.Capabilities) > 0 { // image is already in the new format with Capabilities diff --git a/pkg/controller/worker/machines_test.go b/pkg/controller/worker/machines_test.go index 644791705..9f65dfb5b 100644 --- a/pkg/controller/worker/machines_test.go +++ b/pkg/controller/worker/machines_test.go @@ -119,7 +119,7 @@ var _ = Describe("Machines", func() { namePool2 string minPool2 int32 maxPool2 int32 - priorityPool2 int32 + priorityPool2 *int32 maxSurgePool2 intstr.IntOrString maxUnavailablePool2 intstr.IntOrString @@ -162,13 +162,13 @@ var _ = Describe("Machines", func() { if isCapabilitiesCloudProfile { capabilityDefinitions = []gardencorev1beta1.CapabilityDefinition{ {Name: "some-capability", Values: []string{"a", "b", "c"}}, - {Name: v1beta1constants.ArchitectureName, Values: []string{v1beta1constants.ArchitectureAMD64, v1beta1constants.ArchitectureARM64}}, + {Name: v1beta1constants.ArchitectureName, Values: []string{"amd64", "arm64"}}, } capabilitiesAmd = gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureAMD64}, + v1beta1constants.ArchitectureName: []string{"amd64"}, } capabilitiesArm = gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureARM64}, + v1beta1constants.ArchitectureName: []string{"arm64"}, } } namespace = "shoot--foobar--aws" @@ -222,7 +222,7 @@ var _ = Describe("Machines", func() { namePool2 = "pool-2" minPool2 = 30 maxPool2 = 45 - priorityPool2 = 100 + priorityPool2 = ptr.To(int32(100)) maxSurgePool2 = intstr.FromInt(10) maxUnavailablePool2 = intstr.FromInt(15) @@ -306,7 +306,7 @@ var _ = Describe("Machines", func() { Versions: []apiv1alpha1.MachineImageVersion{ { Version: machineImageVersion, - CapabilitySets: []apiv1alpha1.CapabilitySet{ + CapabilityFlavors: []apiv1alpha1.MachineImageFlavor{ { Capabilities: capabilitiesAmd, Regions: []apiv1alpha1.RegionAMIMapping{ @@ -379,7 +379,7 @@ var _ = Describe("Machines", func() { Name: cloudProfileName, }, Spec: gardencorev1beta1.CloudProfileSpec{ - Capabilities: capabilityDefinitions, + MachineCapabilities: capabilityDefinitions, MachineTypes: []gardencorev1beta1.MachineType{ { Name: machineType, @@ -1494,7 +1494,7 @@ var _ = Describe("Machines", func() { }) }) - DescribeTable("EnsureUniformMachineImages", func(capabilitiesDefinitions []gardencorev1beta1.CapabilityDefinition, expectedImages []api.MachineImage) { + DescribeTable("EnsureUniformMachineImages", func(capabilityDefinitions []gardencorev1beta1.CapabilityDefinition, expectedImages []api.MachineImage) { machineImages := []api.MachineImage{ // images with capability sets { @@ -1502,7 +1502,7 @@ var _ = Describe("Machines", func() { Version: "1.2.1", AMI: "ami-for-arm64", Capabilities: gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureARM64}, + v1beta1constants.ArchitectureName: []string{"arm64"}, }, }, { @@ -1510,7 +1510,7 @@ var _ = Describe("Machines", func() { Version: "1.2.2", AMI: "ami-for-amd64", Capabilities: gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureAMD64}, + v1beta1constants.ArchitectureName: []string{"amd64"}, }, }, // legacy image entry without capability sets @@ -1518,22 +1518,22 @@ var _ = Describe("Machines", func() { Name: "some-image", Version: "1.2.3", AMI: "ami-for-amd64", - Architecture: ptr.To(v1beta1constants.ArchitectureAMD64), + Architecture: ptr.To("amd64"), }, { Name: "some-image", Version: "1.2.2", AMI: "ami-for-amd64", - Architecture: ptr.To(v1beta1constants.ArchitectureAMD64), + Architecture: ptr.To("amd64"), }, { Name: "some-image", Version: "1.2.1", AMI: "ami-for-amd64", - Architecture: ptr.To(v1beta1constants.ArchitectureAMD64), + Architecture: ptr.To("amd64"), }, } - actualImages := EnsureUniformMachineImages(machineImages, capabilitiesDefinitions) + actualImages := EnsureUniformMachineImages(machineImages, capabilityDefinitions) Expect(actualImages).To(ContainElements(expectedImages)) }, @@ -1543,31 +1543,31 @@ var _ = Describe("Machines", func() { Name: "some-image", Version: "1.2.1", AMI: "ami-for-arm64", - Architecture: ptr.To(v1beta1constants.ArchitectureARM64), + Architecture: ptr.To("arm64"), }, { Name: "some-image", Version: "1.2.2", AMI: "ami-for-amd64", - Architecture: ptr.To(v1beta1constants.ArchitectureAMD64), + Architecture: ptr.To("amd64"), }, // legacy image entry without capability sets { Name: "some-image", Version: "1.2.3", AMI: "ami-for-amd64", - Architecture: ptr.To(v1beta1constants.ArchitectureAMD64), + Architecture: ptr.To("amd64"), }, { Name: "some-image", Version: "1.2.1", AMI: "ami-for-amd64", - Architecture: ptr.To(v1beta1constants.ArchitectureAMD64), + Architecture: ptr.To("amd64"), }, }), Entry("should return images with Capabilities", []gardencorev1beta1.CapabilityDefinition{{ Name: v1beta1constants.ArchitectureName, - Values: []string{v1beta1constants.ArchitectureAMD64, v1beta1constants.ArchitectureARM64}, + Values: []string{"amd64", "arm64"}, }}, []api.MachineImage{ // images with capability sets { @@ -1575,7 +1575,7 @@ var _ = Describe("Machines", func() { Version: "1.2.1", AMI: "ami-for-arm64", Capabilities: gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureARM64}, + v1beta1constants.ArchitectureName: []string{"arm64"}, }, }, { @@ -1583,7 +1583,7 @@ var _ = Describe("Machines", func() { Version: "1.2.2", AMI: "ami-for-amd64", Capabilities: gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureAMD64}, + v1beta1constants.ArchitectureName: []string{"amd64"}, }, }, // legacy image entry without capability sets @@ -1592,14 +1592,14 @@ var _ = Describe("Machines", func() { Version: "1.2.3", AMI: "ami-for-amd64", Capabilities: gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureAMD64}, + v1beta1constants.ArchitectureName: []string{"amd64"}, }}, { Name: "some-image", Version: "1.2.1", AMI: "ami-for-amd64", Capabilities: gardencorev1beta1.Capabilities{ - v1beta1constants.ArchitectureName: []string{v1beta1constants.ArchitectureAMD64}, + v1beta1constants.ArchitectureName: []string{"amd64"}, }, }, }),