fix vmi-create-admitter

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
kubevirt · Aug 4, 2023 · 9054d33 · 9054d33
1 parent 25249d9
commit 9054d33
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 1 deletion.
diff --git a/pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go b/pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
@@ -1896,6 +1896,13 @@ func validateAccessCredentials(field *k8sfield.Path, accessCredentials []v1.Acce
 		return causes
 	}
 
+	hasNoCloudVolume := false
+	for _, volume := range volumes {
+		if volume.CloudInitConfigDrive != nil {
+			hasNoCloudVolume = true
+			break
+		}
+	}
 	hasConfigDriveVolume := false
 	for _, volume := range volumes {
 		if volume.CloudInitConfigDrive != nil {
@@ -1917,6 +1924,18 @@ func validateAccessCredentials(field *k8sfield.Path, accessCredentials []v1.Acce
 				sourceCount++
 			}
 
+			if accessCred.SSHPublicKey.PropagationMethod.NoCloud != nil {
+				methodCount++
+				if !hasNoCloudVolume {
+					causes = append(causes, metav1.StatusCause{
+						Type:    metav1.CauseTypeFieldValueInvalid,
+						Message: fmt.Sprintf("%s requires a noCloud volume to exist when the noCloud propagationMethod is in use.", field.Index(idx).String()),
+						Field:   field.Index(idx).Child("sshPublicKey", "propagationMethod").String(),
+					})
+
+				}
+			}
+
 			if accessCred.SSHPublicKey.PropagationMethod.ConfigDrive != nil {
 				methodCount++
 				if !hasConfigDriveVolume {
@@ -1928,6 +1947,7 @@ func validateAccessCredentials(field *k8sfield.Path, accessCredentials []v1.Acce
 
 				}
 			}
+
 			if accessCred.SSHPublicKey.PropagationMethod.QemuGuestAgent != nil {
 
 				if len(accessCred.SSHPublicKey.PropagationMethod.QemuGuestAgent.Users) == 0 {

diff --git a/pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter_test.go b/pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter_test.go
@@ -2694,6 +2694,36 @@ var _ = Describe("Validating VMICreate Admitter", func() {
 			Expect(causes).To(BeEmpty())
 		})
 
+		It("should reject a noCloud ssh access credential when no noCloud volume exists", func() {
+			vmi := api.NewMinimalVMI("testvmi")
+			vmi.Spec.Domain.Devices.Disks = append(vmi.Spec.Domain.Devices.Disks, v1.Disk{
+				Name: "testdisk",
+			})
+
+			vmi.Spec.Volumes = append(vmi.Spec.Volumes, v1.Volume{
+				Name: "testdisk",
+				VolumeSource: v1.VolumeSource{
+					CloudInitNoCloud: &v1.CloudInitNoCloudSource{UserData: " "},
+				},
+			})
+
+			vmi.Spec.AccessCredentials = []v1.AccessCredential{
+				{
+					SSHPublicKey: &v1.SSHPublicKeyAccessCredential{
+						Source: v1.SSHPublicKeyAccessCredentialSource{
+							Secret: &v1.AccessCredentialSecretSource{
+								SecretName: "my-pkey",
+							},
+						},
+						PropagationMethod: v1.SSHPublicKeyAccessCredentialPropagationMethod{
+							NoCloud: &v1.NoCloudSSHPublicKeyAccessCredentialPropagation{},
+						},
+					},
+				},
+			}
+			causes := ValidateVirtualMachineInstanceSpec(k8sfield.NewPath("fake"), &vmi.Spec, config)
+			Expect(causes).To(HaveLen(1))
+		})
 		It("should reject a configDrive ssh access credential when no configDrive volume exists", func() {
 			vmi := api.NewMinimalVMI("testvmi")
 			vmi.Spec.Domain.Devices.Disks = append(vmi.Spec.Domain.Devices.Disks, v1.Disk{

diff --git a/tests/credentials_test.go b/tests/credentials_test.go
@@ -299,7 +299,7 @@ var _ = Describe("[sig-compute]Guest Access Credentials", decorators.SigCompute,
 				"#cloud-config\npassword: %s\nchpasswd: { expire: False }\n",
 				fedoraPassword,
 			)
-			vmi := tests.NewRandomVMIWithEphemeralDiskAndUserdataHighMemory(cd.ContainerDiskFor(cd.ContainerDiskFedoraTestTooling), userData)
+			vmi := tests.NewRandomVMIWithEphemeralDiskAndNoCloudUserdataHighMemory(cd.ContainerDiskFor(cd.ContainerDiskFedoraTestTooling), userData)
 			vmi.Namespace = util.NamespaceTestDefault
 			vmi.Spec.AccessCredentials = []v1.AccessCredential{
 				{

diff --git a/tests/utils.go b/tests/utils.go
@@ -685,6 +685,13 @@ func NewRandomVMIWithEphemeralDiskAndUserdataHighMemory(containerImage string, u
 	return vmi
 }
 
+func NewRandomVMIWithEphemeralDiskAndNoCloudUserdataHighMemory(containerImage string, userData string) *v1.VirtualMachineInstance {
+	vmi := NewRandomVMIWithEphemeralDiskAndNoCloudUserdata(containerImage, userData)
+
+	vmi.Spec.Domain.Resources.Requests[k8sv1.ResourceMemory] = resource.MustParse("512M")
+	return vmi
+}
+
 func NewRandomVMIWithEphemeralDiskAndConfigDriveUserdataHighMemory(containerImage string, userData string) *v1.VirtualMachineInstance {
 	vmi := NewRandomVMIWithEphemeralDiskAndConfigDriveUserdata(containerImage, userData)
 
@@ -844,6 +851,12 @@ func NewRandomVMIWithEphemeralDiskAndUserdata(containerImage string, userData st
 	return vmi
 }
 
+func NewRandomVMIWithEphemeralDiskAndNoCloudUserdata(containerImage string, userData string) *v1.VirtualMachineInstance {
+	vmi := NewRandomVMIWithEphemeralDisk(containerImage)
+	AddCloudInitNoCloudData(vmi, "disk1", userData, "", false)
+	return vmi
+}
+
 func NewRandomVMIWithEphemeralDiskAndConfigDriveUserdata(containerImage string, userData string) *v1.VirtualMachineInstance {
 	vmi := NewRandomVMIWithEphemeralDisk(containerImage)
 	AddCloudInitConfigDriveData(vmi, "disk1", userData, "", false)