2104642 – Add a validation webhook for Nutanix machine provider spec in Machine API Operator

Bug 2104642 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator

Summary: Add a validation webhook for Nutanix machine provider spec in Machine API Ope...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Cloud Compute
Sub Component:
Version:	4.11
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	4.12.0
Assignee:	OpenShift Cluster Infrastructure Bugs
QA Contact:	sunzhaohua
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2105382
TreeView+	depends on / blocked

Reported:	2022-07-06 18:54 UTC by Sid Shukla
Modified:	2023-01-17 19:52 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	2105382 (view as bug list)
Environment:
Last Closed:	2023-01-17 19:51:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift machine-api-operator pull 1034	None	open	Bug 2104642: Add a validation webhook for Nutanix MachineProviderConfig	2022-07-06 20:37:10 UTC
Github	openshift machine-api-operator pull 1038	None	open	Bug 2104642: fix the Machine validation webhook for nutanix providerSpec	2022-07-12 21:52:39 UTC
Red Hat Product Errata	RHSA-2022:7399	None	None	None	2023-01-17 19:52:07 UTC

Description Sid Shukla 2022-07-06 18:54:51 UTC

Nutanix is missing a validation webhook for validating the machine provider spec in the Machine API Operator.

Comment 2 Michael McCune 2022-07-12 21:51:08 UTC

there is another PR that should go along with this bug, i'm resetting to POST so we can add it.

Comment 3 Milind Yadav 2022-07-13 05:38:42 UTC

Validated on the build having both PRs
[miyadav@miyadav ~]$ oc get clusterversion
NAME      VERSION                                                   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.11.0-0.ci.test-2022-07-13-031440-ci-ln-dvxww5t-latest   True        False         49m     Cluster version is 4.11.0-0.ci.test-2022-07-13-031440-ci-ln-dvxww5t-latest
[miyadav@miyadav ~]$ 

Results :


[miyadav@miyadav ~]$ oc create -f rhv/nuatanix/ms_invalid.yaml ( removed user-data-secret Name , validation web hook worked )
Error from server (providerSpec.userDataSecret.name: Required value: name must be provided): error when creating "rhv/nuatanix/ms_invalid.yaml": admission webhook "validation.machineset.machine.openshift.io" denied the request: providerSpec.userDataSecret.name: Required value: name must be provided

[miyadav@miyadav ~]$ vi rhv/nuatanix/ms_invalid.yaml (removed the whole credential secret field , it added it , seems mutating webhook worked )
[miyadav@miyadav ~]$ oc create -f rhv/nuatanix/ms_invalid.yaml 
machineset.machine.openshift.io/miyadav-642-jvdfk-worker-in created

[miyadav@miyadav ~]$ oc get machines 
NAME                                PHASE     TYPE   REGION   ZONE   AGE
miyadav-642-jvdfk-master-0          Running                          54m
miyadav-642-jvdfk-master-1          Running                          54m
miyadav-642-jvdfk-master-2          Running                          54m
miyadav-642-jvdfk-worker-df2vh      Running                          51m
miyadav-642-jvdfk-worker-in-bl287   Running                          6m32s
miyadav-642-jvdfk-worker-in-t7drl   Running                          6m32s
miyadav-642-jvdfk-worker-szq6s      Running                          51m
[miyadav@miyadav ~]$ oc edit machineset miyadav-642-jvdfk-worker-in ( credential secret name removed)

error: machinesets.machine.openshift.io "miyadav-642-jvdfk-worker-in" could not be patched: admission webhook "validation.machineset.machine.openshift.io" denied the request: providerSpec.credentialsSecret.name: Required value: name must be provided

You can run `oc replace -f /tmp/oc-edit-835905139.yaml` to try this update again.

[miyadav@miyadav ~]$ oc get mutatingwebhookconfiguration
NAME          WEBHOOKS   AGE
machine-api   2          57m

[miyadav@miyadav ~]$ oc get ValidatingWebhookConfiguration
NAME                               WEBHOOKS   AGE
alertmanagerconfigs.openshift.io   1          56m
autoscaling.openshift.io           2          65m
machine-api                        2          66m
multus.openshift.io                1          67m
performance-addon-operator         1          68m
prometheusrules.openshift.io       1          56m
snapshot.storage.k8s.io            1          66m


Additional Info :
Looks good to me, please suggest if any other scenarios needed.

Comment 8 errata-xmlrpc 2023-01-17 19:51:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399

Note You need to log in before you can comment on or make changes to this bug.