MGMT-17618: NMStateConfig interfaces presence should be validated

[ori-amizur]

In case there is static networking configuration without mac-interface mapping, it is created but the configuration is not applied.

This change validates that for every ethernet interface there is a corresponding mac-interface mapping when the static network configuration is set during infa-env registration or during infra-env update.

List all the issues related to this PR

• New Feature
• Enhancement
• Bug fix
• Tests
• Documentation
• CI/CD

What environments does this code impact?

• Automation (CI, tools, etc)
• Cloud
• Operator Managed Deployments
• None

How was this code tested?

• assisted-test-infra environment
• dev-scripts environment
• Reviewer's test appreciated
• Waiting for CI to do a full test run
• Manual (Elaborate on how it was tested)
• No tests needed

Checklist

• Title and description added to both, commit and PR.
• Relevant issues have been associated (see CONTRIBUTING guide)
• This change does not require a documentation update (docstring, docs, README, etc)
• Does this change include unit-tests (note that code changes require unit-tests)

Reviewers Checklist

• Are the title and description (in both PR and commit) meaningful and clear?
• Is there a bug required (and linked) for this change?
• Should this PR be backported?

/cc @gamli75

[openshift-ci-robot]

@ori-amizur: This pull request references MGMT-17618 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.

In response to this:

In case there is static networking configuration without mac-interface mapping, it is created but the configuration is not applied.

This change validates that for every ethernet interface there is a corresponding mac-interface mapping when the static network configuration is set during infa-env registration or during infra-env update.

List all the issues related to this PR

• New Feature
• Enhancement
• Bug fix
• Tests
• Documentation
• CI/CD

What environments does this code impact?

• Automation (CI, tools, etc)
• Cloud
• Operator Managed Deployments
• None

How was this code tested?

• assisted-test-infra environment
• dev-scripts environment
• Reviewer's test appreciated
• Waiting for CI to do a full test run
• Manual (Elaborate on how it was tested)
• No tests needed

Checklist

• Title and description added to both, commit and PR.
• Relevant issues have been associated (see CONTRIBUTING guide)
• This change does not require a documentation update (docstring, docs, README, etc)
• Does this change include unit-tests (note that code changes require unit-tests)

Reviewers Checklist

• Are the title and description (in both PR and commit) meaningful and clear?
• Is there a bug required (and linked) for this change?
• Should this PR be backported?

/cc @gamli75

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ori-amizur]

/test?

[openshift-ci]

@ori-amizur: The following commands are available to trigger required jobs:

• /test e2e-agent-compact-ipv4
• /test edge-assisted-operator-catalog-publish-verify
• /test edge-ci-index
• /test edge-e2e-ai-operator-ztp
• /test edge-e2e-ai-operator-ztp-sno-day2-workers
• /test edge-e2e-ai-operator-ztp-sno-day2-workers-late-binding
• /test edge-e2e-metal-assisted
• /test edge-e2e-metal-assisted-4-11
• /test edge-e2e-metal-assisted-4-12
• /test edge-e2e-metal-assisted-cnv
• /test edge-e2e-metal-assisted-lvm
• /test edge-e2e-metal-assisted-odf
• /test edge-images
• /test edge-lint
• /test edge-subsystem-aws
• /test edge-subsystem-kubeapi-aws
• /test edge-unit-test
• /test edge-verify-generated-code
• /test images
• /test mce-images

The following commands are available to trigger optional jobs:

• /test e2e-agent-ha-dualstack
• /test e2e-agent-sno-ipv6
• /test edge-e2e-ai-operator-disconnected-capi
• /test edge-e2e-ai-operator-ztp-3masters
• /test edge-e2e-ai-operator-ztp-capi
• /test edge-e2e-ai-operator-ztp-compact-day2-masters
• /test edge-e2e-ai-operator-ztp-compact-day2-workers
• /test edge-e2e-ai-operator-ztp-disconnected
• /test edge-e2e-ai-operator-ztp-hypershift-zero-nodes
• /test edge-e2e-ai-operator-ztp-multiarch-3masters-ocp
• /test edge-e2e-ai-operator-ztp-multiarch-sno-ocp
• /test edge-e2e-ai-operator-ztp-node-labels
• /test edge-e2e-ai-operator-ztp-sno-day2-masters
• /test edge-e2e-ai-operator-ztp-sno-day2-workers-ignitionoverride
• /test edge-e2e-metal-assisted-4-13
• /test edge-e2e-metal-assisted-4-14
• /test edge-e2e-metal-assisted-4-15
• /test edge-e2e-metal-assisted-bond
• /test edge-e2e-metal-assisted-bond-4-14
• /test edge-e2e-metal-assisted-day2
• /test edge-e2e-metal-assisted-day2-arm-workers
• /test edge-e2e-metal-assisted-day2-single-node
• /test edge-e2e-metal-assisted-external
• /test edge-e2e-metal-assisted-external-4-14
• /test edge-e2e-metal-assisted-ipv4v6
• /test edge-e2e-metal-assisted-ipv6
• /test edge-e2e-metal-assisted-kube-api-late-binding-single-node
• /test edge-e2e-metal-assisted-kube-api-late-unbinding-ipv4-single-node
• /test edge-e2e-metal-assisted-kube-api-net-suite
• /test edge-e2e-metal-assisted-mce-4-11
• /test edge-e2e-metal-assisted-mce-4-12
• /test edge-e2e-metal-assisted-mce-4-13
• /test edge-e2e-metal-assisted-mce-4-14
• /test edge-e2e-metal-assisted-mce-4-15
• /test edge-e2e-metal-assisted-mce-sno
• /test edge-e2e-metal-assisted-metallb
• /test edge-e2e-metal-assisted-none
• /test edge-e2e-metal-assisted-onprem
• /test edge-e2e-metal-assisted-single-node
• /test edge-e2e-metal-assisted-static-ip-suite
• /test edge-e2e-metal-assisted-static-ip-suite-4-14
• /test edge-e2e-metal-assisted-tang
• /test edge-e2e-metal-assisted-tpmv2
• /test edge-e2e-metal-assisted-upgrade-agent
• /test edge-e2e-nutanix-assisted
• /test edge-e2e-nutanix-assisted-2workers
• /test edge-e2e-nutanix-assisted-4-14
• /test edge-e2e-oci-assisted
• /test edge-e2e-oci-assisted-4-14
• /test edge-e2e-oci-assisted-iscsi
• /test edge-e2e-vsphere-assisted
• /test edge-e2e-vsphere-assisted-4-12
• /test edge-e2e-vsphere-assisted-4-13
• /test edge-e2e-vsphere-assisted-4-14
• /test edge-e2e-vsphere-assisted-umn
• /test okd-scos-images
• /test push-pr-image

Use /test all to run the following jobs that were automatically triggered:

• pull-ci-openshift-assisted-service-master-e2e-agent-compact-ipv4
• pull-ci-openshift-assisted-service-master-edge-ci-index
• pull-ci-openshift-assisted-service-master-edge-e2e-ai-operator-ztp
• pull-ci-openshift-assisted-service-master-edge-e2e-metal-assisted
• pull-ci-openshift-assisted-service-master-edge-images
• pull-ci-openshift-assisted-service-master-edge-lint
• pull-ci-openshift-assisted-service-master-edge-subsystem-aws
• pull-ci-openshift-assisted-service-master-edge-subsystem-kubeapi-aws
• pull-ci-openshift-assisted-service-master-edge-unit-test
• pull-ci-openshift-assisted-service-master-edge-verify-generated-code
• pull-ci-openshift-assisted-service-master-images
• pull-ci-openshift-assisted-service-master-mce-images

In response to this:

/test?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ori-amizur]

/test edge-e2e-metal-assisted-static-ip-suite
/test edge-e2e-metal-assisted-bond

[codecov]

Codecov Report

Attention: Patch coverage is 53.57143% with 13 lines in your changes are missing coverage. Please review.

Project coverage is 68.04%. Comparing base (904ee71) to head (bc3981e).
Report is 8 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6305      +/-   ##
==========================================
- Coverage   68.29%   68.04%   -0.25%     
==========================================
  Files         241      244       +3     
  Lines       35863    37024    +1161     
==========================================
+ Hits        24491    25193     +702     
- Misses       9212     9560     +348     
- Partials     2160     2271     +111     

Files	Coverage Δ
pkg/staticnetworkconfig/generator.go	32.32% <53.57%> (+4.32%)	⬆️

... and 11 files with indirect coverage changes

[ori-amizur]

/test edge-e2e-metal-assisted-static-ip-suite
/test edge-e2e-metal-assisted-bond

[ori-amizur]

/test edge-e2e-metal-assisted-static-ip-suite
/test edge-e2e-metal-assisted-bond

[ori-amizur]

/test edge-e2e-metal-assisted-static-ip-suite

[gamli75]

/cc @carbonin

[carbonin]

I'm a bit worried that parsing out the nmconnection file is a bit fragile.

I was imagining that we just ensure there is something in the HostStaticNetworkConfig.MacInterfaceMap. Is there a use case for that being empty?

[ori-amizur]

I'm a bit worried that parsing out the nmconnection file is a bit fragile.

We are already doing it here:

assisted-service/pkg/staticnetworkconfig/generator.go

Lines 139 to 165 in 904ee71

	func (s *StaticNetworkConfigGenerator) formatNMConnection(nmConnection string) (string, error) {
	ini.PrettyFormat = false
	cfg, err := ini.LoadSources(ini.LoadOptions{IgnoreInlineComment: true}, []byte(nmConnection))
	if err != nil {
	s.log.WithError(err).Errorf("Failed to load the ini format string %s", nmConnection)
	return "", err
	}
	connectionSection := cfg.Section("connection")
	_, err = connectionSection.NewKey("autoconnect", "true")
	if err != nil {
	s.log.WithError(err).Errorf("Failed to add autoconnect key to section connection")
	return "", err
	}
	_, err = connectionSection.NewKey("autoconnect-priority", "1")
	if err != nil {
	s.log.WithError(err).Errorf("Failed to add autoconnect-priority key to section connection")
	return "", err
	}
	buf := new(bytes.Buffer)
	_, err = cfg.WriteTo(buf)
	if err != nil {
	s.log.WithError(err).Errorf("Failed to output nmconnection ini file to buffer")
	return "", err
	}
	return buf.String(), nil
	}

- so it isn't very different. So if it was OK there, then it is OK here.

I was imagining that we just ensure there is something in the HostStaticNetworkConfig.MacInterfaceMap. Is there a use case for that being empty?

I don't think there is use case for being empty - but this is a stronger validation. It validates that for every ethernet interface there is a corresponding mac-mapping. So typos and ignored interfaces can be detected.

[carbonin]

so it isn't very different. So if it was OK there, then it is OK here

Fair enough.

Are you sure that this isn't going to cause issues for bonds/vlans? Do we have a test anywhere for this?
Are those files formatted differently such that this would fail or not validate them?

[ori-amizur]

Are you sure that this isn't going to cause issues for bonds/vlans?

It should be tested - like any other change.

Do we have a test anywhere for this?

We have a test for bond. We don't have a test for vlan yet.

Are those files formatted differently such that this would fail or not validate them?

They all look similar. They all have a connection section with interface-name and type.
The unit-test already contain bond tests. I can add also vlan tests.

[ori-amizur]

/test edge-e2e-metal-assisted-static-ip-suite
/test edge-e2e-metal-assisted-bond

[ori-amizur]

/retest-required

[ori-amizur]

/test edge-e2e-metal-assisted-static-ip-suite
/test edge-e2e-metal-assisted-bond

[openshift-ci]

@ori-amizur: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[paul-maidment]

/lgtm

[paul-maidment]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ori-amizur, paul-maidment

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ori-amizur,paul-maidment]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment