Merge pull request #1824 from stgraber/main

incusd/networks: Validate configuration on join too

Author: hallyn

cmd/incusd/networks.go

@@ -797,25 +797,34 @@ func doNetworksCreate(ctx context.Context, s *state.State, n network.Network, cl
 	revert := revert.New()
 	defer revert.Fail()
 
-	// Don't validate network config during pre-cluster-join phase, as if network has ACLs they won't exist
-	// in the local database yet. Once cluster join is completed, network will be restarted to give chance for
-	// ACL firewall config to be applied.
-	if clientType != clusterRequest.ClientTypeJoiner {
-		// Validate so that when run on a cluster node the full config (including node specific config)
-		// is checked.
-		err := n.Validate(n.Config())
-		if err != nil {
-			return err
+	validateConfig := n.Config()
+
+	// Skip the ACLs during validation on cluster join as those aren't yet available in the database.
+	if clientType == clusterRequest.ClientTypeJoiner {
+		validateConfig = map[string]string{}
+
+		for k, v := range n.Config() {
+			if k == "security.acls" || strings.HasPrefix(k, "security.acls.") {
+				continue
+			}
+
+			validateConfig[k] = v
 		}
 	}
 
+	// Validate so that when run on a cluster node the full config (including node specific config) is checked.
+	err := n.Validate(validateConfig)
+	if err != nil {
+		return err
+	}
+
 	if n.LocalStatus() == api.NetworkStatusCreated {
 		logger.Debug("Skipping local network create as already created", logger.Ctx{"project": n.Project(), "network": n.Name()})
 		return nil
 	}
 
 	// Run initial creation setup for the network driver.
-	err := n.Create(clientType)
+	err = n.Create(clientType)
 	if err != nil {
 		return err
 	}