Description of problem: I just ran into this here from the admission controller: https://github.com/openshift/sriov-network-operator/blame/e4a71862d8687a057b48810b44eaedc0ebe7c8bd/pkg/webhook/validate.go#L76 "at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR" Doesn't the rootDevices hint specify an unambiguous way of specifying a PF? So shouldn't the admission controller also check for the presence of 'rootDevices'? ~~~ [root@openshift-jumpserver-0 ~]# oc apply -f test.yaml Error from server (at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR sriov-enp5s0f1-akaris2): error when creating "test.yaml": admission webhook "operator-webhook.sriovnetwork.openshift.io" denied the request: at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR sriov-enp5s0f1-akaris2 [root@openshift-jumpserver-0 ~]# cat test.yaml apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: sriov-enp5s0f1-akaris2 namespace: openshift-sriov-network-operator spec: resourceName: enp5s0f1NetdevAkaris2 priority: 99 numVfs: 40 nicSelector: rootDevices: - '0000:05:00.1' deviceType: "netdevice" isRdma: false nodeSelector: kubernetes.io/hostname: openshift-worker-0.example.com ~~~ IMO this: ~~~ if cr.Spec.NicSelector.Vendor == "" && cr.Spec.NicSelector.DeviceID == "" && len(cr.Spec.NicSelector.PfNames) == 0 { return false, fmt.Errorf("at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()) } ~~~ Should be: ~~~ if cr.Spec.NicSelector.Vendor == "" && cr.Spec.NicSelector.DeviceID == "" && len(cr.Spec.NicSelector.PfNames) == 0 && len(cr.Spec.NicSelector.RootDevices) == 0 { return false, fmt.Errorf("at least one of these parameters (vendor, deviceID, pfNames or rootDevices) has to be defined in nicSelector in CR %s", cr.GetName()) } ~~~ While we are at it, I would also change the case of that Error message to match the case in the CRD which seems to start with lower case for vendor, deviceID, pfNames, rootDevices: ~~~ [root@openshift-jumpserver-0 ~]# oc explain SriovNetworkNodePolicy.spec.nicSelector KIND: SriovNetworkNodePolicy VERSION: sriovnetwork.openshift.io/v1 RESOURCE: nicSelector <Object> DESCRIPTION: NicSelector selects the NICs to be configured FIELDS: deviceID <string> The device hex code of SR-IoV device. Allowed value "1583", "158b", "10fb", "1015", "1017". pfNames <[]string> Name of SR-IoV PF. rootDevices <[]string> PCI address of SR-IoV PF. vendor <string> The vendor hex code of SR-IoV device. Allowed value "8086", "15b3". ~~~ Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633