Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 fix bug when using CloudInit without userdata to bootstrap VM #211

Merged
merged 2 commits into from
Sep 14, 2023

Conversation

zyiyi11
Copy link
Contributor

@zyiyi11 zyiyi11 commented Aug 30, 2023

What does this PR do, and why is it needed?
This change fixes the bug when using CloudInit transport to bootstrap a VM, not passing user data actually results VM customized with GOSC (LinuxPrep). This patch introduced an annotation to set Cloudinit metadata instance-id and also introduced a webhook to prevent SSO users from setting the annotation manually.

Which issue(s) is/are addressed by this PR? (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Fixes 221

Are there any special notes for your reviewer:

Testing done:

  1. gce2e vmservice passed.
  2. Greenfield: Manually deployed a VM using Cloud-init sans userdata. guestinfo.metadata got set successfully.
  3. SSO User setting annotation is forbidden while VI Admin can annotate.
$ k apply -f vm1.yaml
Error from server (metadata.annotations.vmoperator.vmware.com/cloud-init-instance-id: Forbidden: adding this annotation is not allowed): error when creating "vm1.yaml": admission webhook "default.validating.virtualmachine.vmoperator.vmware.com" denied the request: metadata.annotations.vmoperator.vmware.com/cloud-init-instance-id: Forbidden: adding this annotation is not allowed

$ k annotate virtualmachine devops-test-vm-3 -n test-ns vmoperator.vmware.com/cloud-init-instance-id=iid-datasource-none
Error from server (metadata.annotations.vmoperator.vmware.com/cloud-init-instance-id: Forbidden: adding this annotation is not allowed): admission webhook "default.validating.virtualmachine.vmoperator.vmware.com" denied the request: metadata.annotations.vmoperator.vmware.com/cloud-init-instance-id: Forbidden: adding this annotation is not allowed

$ root@42001ff0a8e16406567b1f085e82d958 [ ~ ]# k annotate virtualmachine vm-sans-payload -n test-ns vmoperator.vmware.com/cloud-init-instance-id=iid-datasource-none
virtualmachine.vmoperator.vmware.com/vm-sans-payload annotated

brownfield scenario change in cayman_vm-operator:
upgrade logic to:

  • apply the annotation with the value iid-datasource-none to all VMs that use Cloud-Init sans payload
  • only apply the above if the source version being upgraded is less than the first version that has the patch to correct empty Cloud-Init payloads
  • this will ensure this is only ever applied to brownfield VMs that meet these conditions prior to the patch being introduced

Please add a release note if necessary:

Bootstrap VM using CloudInit without specifying user data now gets customized with CloudInit instead of LinuxPrep

@github-actions github-actions bot added testing-needed-e2e-fast size/L Denotes a PR that changes 100-499 lines. labels Aug 30, 2023
@zyiyi11 zyiyi11 added the testing-done-e2e-full Indicates the complete e2e testing has been used to validate a PR label Aug 30, 2023
@zyiyi11 zyiyi11 force-pushed the zyiyi/cloudinit-sans-userdata branch from bf143fb to c182c2c Compare August 30, 2023 20:26
@zyiyi11 zyiyi11 added the testing-done-e2e-fast Indicates the fast, low-cost e2e testing has been used to validate a PR label Aug 30, 2023
@zyiyi11 zyiyi11 force-pushed the zyiyi/cloudinit-sans-userdata branch from c182c2c to d6a76ed Compare August 30, 2023 23:14
@zyiyi11 zyiyi11 force-pushed the zyiyi/cloudinit-sans-userdata branch 3 times, most recently from 475ef29 to fb0fa62 Compare September 11, 2023 22:03
Copy link
Member

@dilyar85 dilyar85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments mostly for suggestions. Overall looks good to me.

@zyiyi11 zyiyi11 force-pushed the zyiyi/cloudinit-sans-userdata branch 2 times, most recently from a35e8c5 to e62c64b Compare September 12, 2023 16:29
@zyiyi11 zyiyi11 force-pushed the zyiyi/cloudinit-sans-userdata branch from e62c64b to 4c2198d Compare September 14, 2023 16:53
@github-actions
Copy link

Code Coverage

Package Line Rate Health
github.com/vmware-tanzu/vm-operator/controllers 0%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary 0%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha1 0%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha1/clustercontentlibraryitem 83%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha1/contentlibraryitem 82%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha1/contentsource 83%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha1/utils 97%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha2 0%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha2/clustercontentlibraryitem 86%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha2/contentlibraryitem 85%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/v1alpha2/utils 91%
github.com/vmware-tanzu/vm-operator/controllers/infracluster 75%
github.com/vmware-tanzu/vm-operator/controllers/infraprovider 75%
github.com/vmware-tanzu/vm-operator/controllers/providerconfigmap 74%
github.com/vmware-tanzu/vm-operator/controllers/util/encoding 73%
github.com/vmware-tanzu/vm-operator/controllers/util/remote 41%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine 0%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/v1alpha1 46%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/v1alpha2 70%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineclass 0%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineclass/v1alpha1 31%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineclass/v1alpha2 71%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinepublishrequest 0%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinepublishrequest/v1alpha1 83%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinepublishrequest/v1alpha2 81%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice 0%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha1 82%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha1/providers 96%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha1/providers/simplelb 66%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha1/utils 83%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha2 82%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha2/providers 96%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha2/providers/simplelb 66%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/v1alpha2/utils 84%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinesetresourcepolicy 0%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinesetresourcepolicy/v1alpha1 80%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinesetresourcepolicy/v1alpha2 80%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest 0%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha1 72%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha2 72%
github.com/vmware-tanzu/vm-operator/controllers/volume 0%
github.com/vmware-tanzu/vm-operator/controllers/volume/v1alpha1 86%
github.com/vmware-tanzu/vm-operator/controllers/volume/v1alpha2 87%
github.com/vmware-tanzu/vm-operator/pkg/builder 70%
github.com/vmware-tanzu/vm-operator/pkg/conditions 90%
github.com/vmware-tanzu/vm-operator/pkg/conditions2 89%
github.com/vmware-tanzu/vm-operator/pkg/context 0%
github.com/vmware-tanzu/vm-operator/pkg/context/fake 100%
github.com/vmware-tanzu/vm-operator/pkg/lib 80%
github.com/vmware-tanzu/vm-operator/pkg/manager 81%
github.com/vmware-tanzu/vm-operator/pkg/metrics 89%
github.com/vmware-tanzu/vm-operator/pkg/metrics2 85%
github.com/vmware-tanzu/vm-operator/pkg/patch 78%
github.com/vmware-tanzu/vm-operator/pkg/patch2 78%
github.com/vmware-tanzu/vm-operator/pkg/prober 92%
github.com/vmware-tanzu/vm-operator/pkg/prober/context 100%
github.com/vmware-tanzu/vm-operator/pkg/prober/fake 85%
github.com/vmware-tanzu/vm-operator/pkg/prober/fake/probe 83%
github.com/vmware-tanzu/vm-operator/pkg/prober/fake/worker 88%
github.com/vmware-tanzu/vm-operator/pkg/prober/probe 83%
github.com/vmware-tanzu/vm-operator/pkg/prober/worker 86%
github.com/vmware-tanzu/vm-operator/pkg/prober2 94%
github.com/vmware-tanzu/vm-operator/pkg/prober2/context 100%
github.com/vmware-tanzu/vm-operator/pkg/prober2/fake 85%
github.com/vmware-tanzu/vm-operator/pkg/prober2/fake/probe 83%
github.com/vmware-tanzu/vm-operator/pkg/prober2/fake/worker 89%
github.com/vmware-tanzu/vm-operator/pkg/prober2/probe 89%
github.com/vmware-tanzu/vm-operator/pkg/prober2/worker 85%
github.com/vmware-tanzu/vm-operator/pkg/record 89%
github.com/vmware-tanzu/vm-operator/pkg/topology 85%
github.com/vmware-tanzu/vm-operator/pkg/util 83%
github.com/vmware-tanzu/vm-operator/pkg/util/kube 89%
github.com/vmware-tanzu/vm-operator/pkg/util/vsphere/vm 74%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/fake 76%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere 72%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/client 74%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/clustermodules 85%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/config 85%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/contentlibrary 71%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/credentials 100%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/instancestorage 92%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/internal 0%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/network 88%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/placement 83%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/resources 47%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/session 84%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/storage 77%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/test 98%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/vcenter 80%
github.com/vmware-tanzu/vm-operator/pkg/vmprovider/providers/vsphere/virtualmachine 87%
github.com/vmware-tanzu/vm-operator/pkg/webconsolevalidation 53%
github.com/vmware-tanzu/vm-operator/webhooks 0%
github.com/vmware-tanzu/vm-operator/webhooks/common 100%
github.com/vmware-tanzu/vm-operator/webhooks/persistentvolumeclaim 0%
github.com/vmware-tanzu/vm-operator/webhooks/persistentvolumeclaim/validation 95%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/v1alpha1 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/v1alpha1/mutation 86%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/v1alpha1/validation 94%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/v1alpha2 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/v1alpha2/mutation 83%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/v1alpha2/validation 88%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/v1alpha1 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/v1alpha1/mutation 59%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/v1alpha1/validation 89%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/v1alpha2 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/v1alpha2/mutation 59%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/v1alpha2/validation 89%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinepublishrequest 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinepublishrequest/v1alpha1 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinepublishrequest/v1alpha1/validation 92%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinepublishrequest/v1alpha2 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinepublishrequest/v1alpha2/validation 92%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/v1alpha1 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/v1alpha1/mutation 62%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/v1alpha1/validation 91%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/v1alpha2 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/v1alpha2/mutation 62%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/v1alpha2/validation 91%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy/v1alpha1 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy/v1alpha1/mutation 62%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy/v1alpha1/validation 89%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy/v1alpha2 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy/v1alpha2/validation 89%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinewebconsolerequest 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinewebconsolerequest/v1alpha1 0%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinewebconsolerequest/v1alpha1/validation 92%
Summary 80% (8738 / 10941)

Minimum allowed line rate is 60%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla-not-required size/L Denotes a PR that changes 100-499 lines. testing-done-e2e-fast Indicates the fast, low-cost e2e testing has been used to validate a PR testing-done-e2e-full Indicates the complete e2e testing has been used to validate a PR testing-needed-e2e-fast
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants