Description of problem: Currently, when users want to config a NIC selector with vendorID, deviceID, those fields in the `nicSelector` are only validated individually against the CRD, which is not sufficient. Users bypass the validation by 1) only specifying the pfName, or 2) using the combination of Intel vendorID plus a mellanox NIC deviceID, or vice versa. We need to let the operator admission controller validate the NIC models with venderID/deviceID tuple, in order to block users from configuring unsupported NIC models. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: With sriov operator admission controller enable, policy CR which configures the unsupported NIC model will be rejected. Additional info:
Verified this bug on 4.5.0-202005161517 oc create -f non-vondor Error from server (vendor 15b4 is not supported): error when creating "non-vondor": admission webhook "operator-webhook.sriovnetwork.openshift.io" denied the request: vendor 15b4 is not supported [root@hp-dl388g9-03 wrong-yaml]# oc create -f non-deviceid Error from server (no matched NIC is selected by the nicSelector in CR without-netdevice): error when creating "non-deviceid": admission webhook "operator-webhook.sriovnetwork.openshift.io" denied the request: no matched NIC is selected by the nicSelector in CR without-netdevice
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409