Bug 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
Summary: at least one of these parameters (Vendor, DeviceID or PfNames) has to be defi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: 4.7.0
Assignee: zenghui.shi
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-15 17:33 UTC by Andreas Karis
Modified: 2021-07-30 08:43 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:26:23 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift sriov-network-operator pull 374 0 None closed Bug 1888763: webhook: validate rootDevices in network policy 2020-12-31 16:08:58 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:26:53 UTC

Description Andreas Karis 2020-10-15 17:33:49 UTC
Description of problem:

I just ran into this here from the admission controller:
https://github.com/openshift/sriov-network-operator/blame/e4a71862d8687a057b48810b44eaedc0ebe7c8bd/pkg/webhook/validate.go#L76

"at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR"

Doesn't the rootDevices hint specify an unambiguous way of specifying a PF? So shouldn't the admission controller also check for the presence of 'rootDevices'?

~~~
[root@openshift-jumpserver-0 ~]# oc apply -f test.yaml
Error from server (at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR sriov-enp5s0f1-akaris2): error when creating "test.yaml": admission webhook "operator-webhook.sriovnetwork.openshift.io" denied the request: at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR sriov-enp5s0f1-akaris2
[root@openshift-jumpserver-0 ~]# cat test.yaml 
apiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetworkNodePolicy
metadata:
  name: sriov-enp5s0f1-akaris2
  namespace: openshift-sriov-network-operator
spec:
  resourceName: enp5s0f1NetdevAkaris2
  priority: 99
  numVfs: 40
  nicSelector:
     rootDevices:
      - '0000:05:00.1'
  deviceType: "netdevice"
  isRdma: false
  nodeSelector:
    kubernetes.io/hostname: openshift-worker-0.example.com
~~~

IMO this:
~~~
	if cr.Spec.NicSelector.Vendor == "" && cr.Spec.NicSelector.DeviceID == "" && len(cr.Spec.NicSelector.PfNames) == 0 {
		return false, fmt.Errorf("at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName())
	}
~~~

Should be:
~~~
	if cr.Spec.NicSelector.Vendor == "" && cr.Spec.NicSelector.DeviceID == "" && len(cr.Spec.NicSelector.PfNames) == 0 && len(cr.Spec.NicSelector.RootDevices) == 0 {
		return false, fmt.Errorf("at least one of these parameters (vendor, deviceID, pfNames or rootDevices) has to be defined in nicSelector in CR %s", cr.GetName())
	}
~~~

While we are at it, I would also change the case of that Error message to match the case in the CRD which seems to start with lower case for vendor, deviceID, pfNames, rootDevices:
~~~
[root@openshift-jumpserver-0 ~]# oc explain SriovNetworkNodePolicy.spec.nicSelector
KIND:     SriovNetworkNodePolicy
VERSION:  sriovnetwork.openshift.io/v1

RESOURCE: nicSelector <Object>

DESCRIPTION:
     NicSelector selects the NICs to be configured

FIELDS:
   deviceID	<string>
     The device hex code of SR-IoV device. Allowed value "1583", "158b", "10fb",
     "1015", "1017".

   pfNames	<[]string>
     Name of SR-IoV PF.

   rootDevices	<[]string>
     PCI address of SR-IoV PF.

   vendor	<string>
     The vendor hex code of SR-IoV device. Allowed value "8086", "15b3".
~~~

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 5 errata-xmlrpc 2021-02-24 15:26:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.