fix: do not allow using static infra providers in the machine classes

Auto-provision mode should be disabled for them. This change has two parts: 1. Filter the static providers in the UI. 2. Block creating machine classes which reference infra provider with the `is-static-infra-provider` label set. Signed-off-by: Artem Chernyshev <[email protected]>
siderolabs · Jan 13, 2025 · d5e1f85 · d5e1f85
1 parent d1b3dff
commit d5e1f85
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 2 deletions.
diff --git a/client/pkg/omni/resources/omni/labels.go b/client/pkg/omni/resources/omni/labels.go
@@ -60,6 +60,7 @@ const (
 
 	// LabelIsStaticInfraProvider is set on the infra.ProviderStatus resources to mark them as static providers - they do not work with MachineRequests to
 	// allocate and de-allocate machines, but rather work with a static set of machines (e.g., bare-metal machines).
+	// tsgen:LabelIsStaticInfraProvider
 	LabelIsStaticInfraProvider = SystemLabelPrefix + "is-static-infra-provider"
 
 	// LabelMachineClassName is the name of the machine class.

diff --git a/frontend/src/api/resources.ts b/frontend/src/api/resources.ts
@@ -126,6 +126,7 @@ export const LabelMachine = "omni.sidero.dev/machine";
 export const LabelSystemPatch = "omni.sidero.dev/system-patch";
 export const LabelExposedServiceAlias = "omni.sidero.dev/exposed-service-alias";
 export const LabelInfraProviderID = "omni.sidero.dev/infra-provider-id";
+export const LabelIsStaticInfraProvider = "omni.sidero.dev/is-static-infra-provider";
 export const LabelMachineRequest = "omni.sidero.dev/machine-request";
 export const LabelMachineRequestSet = "omni.sidero.dev/machine-request-set";
 export const LabelNoManualAllocation = "omni.sidero.dev/no-manual-allocation";

diff --git a/frontend/src/views/omni/MachineClasses/ProviderConfig.vue b/frontend/src/views/omni/MachineClasses/ProviderConfig.vue
@@ -6,7 +6,7 @@ included in the LICENSE file.
 -->
 <template>
   <div class="text-naturals-N13">Infrastructure Provider</div>
-  <t-list :opts="{resource: { type: InfraProviderStatusType, namespace: InfraProviderNamespace }, runtime: Runtime.Omni}" :key="infraProvider" :search="showAllProviders" class="mb-1">
+  <t-list :opts="infraProviderResources" :key="infraProvider" :search="showAllProviders" class="mb-1">
     <template #default="{ items, searchQuery }">
       <div class="flex md:flex-col gap-2 max-md:flex-wrap">
         <div v-for="item in filterProviders(items)"
@@ -43,13 +43,20 @@ included in the LICENSE file.
 import { Runtime } from '@/api/common/omni.pb';
 import { Resource } from '@/api/grpc';
 import { InfraProviderStatusSpec } from '@/api/omni/specs/infra.pb';
-import { InfraProviderNamespace, InfraProviderStatusType } from '@/api/resources';
+import { InfraProviderNamespace, InfraProviderStatusType, LabelIsStaticInfraProvider } from '@/api/resources';
 import { computed, ref, toRefs } from 'vue';
 
 import TIcon from '@/components/common/Icon/TIcon.vue';
 import WordHighlighter from "vue-word-highlighter";
 import IconButton from '@/components/common/Button/IconButton.vue';
 import TList from '@/components/common/List/TList.vue';
+import { WatchOptions } from '@/api/watch';
+
+const infraProviderResources: WatchOptions = {
+  resource: { type: InfraProviderStatusType, namespace: InfraProviderNamespace },
+  runtime: Runtime.Omni,
+  selectors: [`!${LabelIsStaticInfraProvider}`],
+};
 
 const props = defineProps<{
   infraProvider?: string

diff --git a/internal/backend/runtime/omni/state_validation.go b/internal/backend/runtime/omni/state_validation.go
@@ -1072,6 +1072,10 @@ func validateProviderData(ctx context.Context, st state.State, providerID, provi
 		return fmt.Errorf("failed to get provider: %w", err)
 	}
 
+	if _, static := providerStatus.Metadata().Labels().Get(omni.LabelIsStaticInfraProvider); static {
+		return fmt.Errorf("cannot use static provider in the auto-provisioned machine class")
+	}
+
 	return validateSchema(providerStatus)
 }
 

diff --git a/internal/backend/runtime/omni/state_validation_test.go b/internal/backend/runtime/omni/state_validation_test.go
@@ -973,8 +973,12 @@ func TestMachineClassValidation(t *testing.T) {
 	providerStatus := infra.NewProviderStatus("exists")
 	providerStatus.TypedSpec().Value.Schema = string(schema)
 
+	staticProvider := infra.NewProviderStatus("static")
+	staticProvider.Metadata().Labels().Set(omnires.LabelIsStaticInfraProvider, "")
+
 	require.NoError(t, st.Create(ctx, talosVersion))
 	require.NoError(t, st.Create(ctx, providerStatus))
+	require.NoError(t, st.Create(ctx, staticProvider))
 
 	// no provider id
 
@@ -1029,8 +1033,20 @@ disk: 1TB
 
 	require.True(t, validated.IsValidationError(err), "expected validation error")
 
+	// static infra provider usage is not allowed
+
+	machineClass.TypedSpec().Value.AutoProvision.ProviderId = staticProvider.Metadata().ID()
+
+	err = st.Create(ctx, machineClass)
+
+	require.Error(t, err)
+
+	require.True(t, validated.IsValidationError(err), "expected validation error")
+
 	// valid
 
+	machineClass.TypedSpec().Value.AutoProvision.ProviderId = providerStatus.Metadata().ID()
+
 	machineClass.TypedSpec().Value.AutoProvision.ProviderData = `
 size: t2.small
 `