temp - merge with second

temp commit - merge with second

webhooks/virtualmachine/v1alpha2/mutation/virtualmachine_mutator.go

@@ -339,21 +339,22 @@ func SetDefaultSysprepKeys(vm *vmopv1.VirtualMachine) bool {
 	wasMutated := false
 	inlineSysprep := vm.Spec.Bootstrap.Sysprep.Sysprep
 	if inlineSysprep.GUIUnattended != nil {
-		if inlineSysprep.GUIUnattended.Password.Key == "" {
+		if inlineSysprep.GUIUnattended.Password != nil && inlineSysprep.GUIUnattended.Password.Key == "" {
 			inlineSysprep.GUIUnattended.Password.Key = "password"
 			wasMutated = true
 		}
 	}
 
 	if inlineSysprep.Identification != nil {
 		if inlineSysprep.Identification.JoinDomain != "" &&
+			inlineSysprep.Identification.DomainAdminPassword != nil &&
 			inlineSysprep.Identification.DomainAdminPassword.Key == "" {
 			inlineSysprep.Identification.DomainAdminPassword.Key = "domain_admin_password"
 			wasMutated = true
 		}
 	}
 
-	if inlineSysprep.UserData != nil {
+	if inlineSysprep.UserData != nil && inlineSysprep.UserData.ProductID != nil {
 		if inlineSysprep.UserData.ProductID.Key == "" {
 			inlineSysprep.UserData.ProductID.Key = "product_id"
 			wasMutated = true

webhooks/virtualmachine/v1alpha2/mutation/virtualmachine_mutator_unit_test.go

@@ -19,6 +19,7 @@ import (
 
 	"github.com/vmware-tanzu/vm-operator/api/v1alpha1"
 	vmopv1 "github.com/vmware-tanzu/vm-operator/api/v1alpha2"
+	"github.com/vmware-tanzu/vm-operator/api/v1alpha2/common"
 	"github.com/vmware-tanzu/vm-operator/api/v1alpha2/sysprep"
 	"github.com/vmware-tanzu/vm-operator/pkg/lib"
 	"github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere2/config"
@@ -506,8 +507,10 @@ func unitTestsMutating() {
 				ctx.vm.Spec.Bootstrap = &vmopv1.VirtualMachineBootstrapSpec{
 					Sysprep: &vmopv1.VirtualMachineBootstrapSysprepSpec{
 						Sysprep: &sysprep.Sysprep{
-							//Identification: &sysprep.Identification{},
-							GUIUnattended: &sysprep.GUIUnattended{AutoLogon: true},
+							GUIUnattended: &sysprep.GUIUnattended{
+								AutoLogon: true,
+								Password:  &common.SecretKeySelector{Name: "pwd_secret"},
+							},
 						},
 					},
 				}
@@ -524,7 +527,10 @@ func unitTestsMutating() {
 				ctx.vm.Spec.Bootstrap = &vmopv1.VirtualMachineBootstrapSpec{
 					Sysprep: &vmopv1.VirtualMachineBootstrapSysprepSpec{
 						Sysprep: &sysprep.Sysprep{
-							Identification: &sysprep.Identification{JoinDomain: "foo-domain"},
+							Identification: &sysprep.Identification{
+								JoinDomain:          "foo-domain",
+								DomainAdminPassword: &common.SecretKeySelector{Name: "pwd_secret"},
+							},
 						},
 					},
 				}
@@ -541,7 +547,10 @@ func unitTestsMutating() {
 				ctx.vm.Spec.Bootstrap = &vmopv1.VirtualMachineBootstrapSpec{
 					Sysprep: &vmopv1.VirtualMachineBootstrapSysprepSpec{
 						Sysprep: &sysprep.Sysprep{
-							UserData: &sysprep.UserData{OrgName: "foo-org"},
+							UserData: &sysprep.UserData{
+								OrgName:   "foo-org",
+								ProductID: &common.SecretKeySelector{Name: "product_id_secret"},
+							},
 						},
 					},
 				}
@@ -551,6 +560,16 @@ func unitTestsMutating() {
 				Expect(mutation.SetDefaultSysprepKeys(ctx.vm)).To(BeTrue())
 				Expect(ctx.vm.Spec.Bootstrap.Sysprep.Sysprep.UserData.ProductID.Key).To(Equal("product_id"))
 			})
+
+			Context("When ProductID selector is not set", func() {
+				BeforeEach(func() {
+					ctx.vm.Spec.Bootstrap.Sysprep.Sysprep.UserData.ProductID = nil
+				})
+
+				It("should not mutate ProductID selector key", func() {
+					Expect(mutation.SetDefaultSysprepKeys(ctx.vm)).To(BeFalse())
+				})
+			})
 		})
 	})
 }

webhooks/virtualmachine/v1alpha2/validation/virtualmachine_validator.go

@@ -29,6 +29,7 @@ import (
 	"github.com/pkg/errors"
 
 	vmopv1 "github.com/vmware-tanzu/vm-operator/api/v1alpha2"
+	"github.com/vmware-tanzu/vm-operator/api/v1alpha2/sysprep"
 	volume "github.com/vmware-tanzu/vm-operator/controllers/volume/v1alpha2"
 	"github.com/vmware-tanzu/vm-operator/pkg/builder"
 	"github.com/vmware-tanzu/vm-operator/pkg/context"
@@ -239,32 +240,7 @@ func (v validator) validateBootstrap(
 			}
 
 			if sysPrep.Sysprep != nil {
-				s := p.Child("sysprep")
-				if guiUnattended := sysPrep.Sysprep.GUIUnattended; guiUnattended != nil {
-					if guiUnattended.AutoLogon && guiUnattended.Password.Name == "" {
-						allErrs = append(allErrs, field.Invalid(s, "guiUnattended",
-							"autoLogon requires password selector to be set"))
-					}
-				}
-
-				if identification := sysPrep.Sysprep.Identification; identification != nil {
-					if identification.JoinDomain != "" && identification.JoinWorkgroup != "" {
-						allErrs = append(allErrs, field.Invalid(s, "identification",
-							"joinDomain and joinWorkgroup are mutually exclusive"))
-					}
-
-					if identification.JoinDomain != "" && identification.DomainAdminPassword.Name == "" {
-						allErrs = append(allErrs, field.Invalid(s, "identification",
-							"joinDomain requires domainAdminPassword selector to be set"))
-					}
-
-					if identification.JoinWorkgroup != "" {
-						if identification.DomainAdmin != "" || identification.DomainAdminPassword.Name != "" {
-							allErrs = append(allErrs, field.Invalid(s, "identification",
-								"joinWorkgroup and domainAdmin/domainAdminPassword are mutually exclusive"))
-						}
-					}
-				}
+				allErrs = append(allErrs, v.validateInlineSysprep(p, sysPrep.Sysprep)...)
 			}
 		} else {
 			allErrs = append(allErrs, field.Invalid(p, "Sysprep", fmt.Sprintf(featureNotEnabled, "Sysprep")))
@@ -300,6 +276,43 @@ func (v validator) validateBootstrap(
 	return allErrs
 }
 
+func (v validator) validateInlineSysprep(p *field.Path, sysprep *sysprep.Sysprep) field.ErrorList {
+	var allErrs field.ErrorList
+
+	s := p.Child("sysprep")
+	if guiUnattended := sysprep.GUIUnattended; guiUnattended != nil {
+		if guiUnattended.AutoLogon && guiUnattended.Password.Name == "" {
+			allErrs = append(allErrs, field.Invalid(s, "guiUnattended",
+				"autoLogon requires password selector to be set"))
+		}
+	}
+
+	if identification := sysprep.Identification; identification != nil {
+		if identification.JoinDomain != "" && identification.JoinWorkgroup != "" {
+			allErrs = append(allErrs, field.Invalid(s, "identification",
+				"joinDomain and joinWorkgroup are mutually exclusive"))
+		}
+
+		if identification.JoinDomain != "" {
+			if identification.DomainAdmin == "" ||
+				identification.DomainAdminPassword == nil ||
+				identification.DomainAdminPassword.Name == "" {
+				allErrs = append(allErrs, field.Invalid(s, "identification",
+					"joinDomain requires domainAdmin and domainAdminPassword selector to be set"))
+			}
+		}
+
+		if identification.JoinWorkgroup != "" {
+			if identification.DomainAdmin != "" || identification.DomainAdminPassword != nil {
+				allErrs = append(allErrs, field.Invalid(s, "identification",
+					"joinWorkgroup and domainAdmin/domainAdminPassword are mutually exclusive"))
+			}
+		}
+	}
+
+	return allErrs
+}
+
 func (v validator) validateImage(ctx *context.WebhookRequestContext, vm *vmopv1.VirtualMachine) field.ErrorList {
 	var allErrs field.ErrorList
 

webhooks/virtualmachine/v1alpha2/validation/virtualmachine_validator_unit_test.go

@@ -555,7 +555,7 @@ func unitTestsValidateCreate() {
 					},
 					validate: doValidateWithMsg(
 						`spec.bootstrap.sysprep.sysprep: Invalid value: "identification": joinDomain and joinWorkgroup are mutually exclusive`,
-						`spec.bootstrap.sysprep.sysprep: Invalid value: "identification": joinDomain requires domainAdminPassword selector to be set`,
+						`spec.bootstrap.sysprep.sysprep: Invalid value: "identification": joinDomain requires domainAdmin and domainAdminPassword selector to be set`,
 					),
 				},
 			),