Adds new condition to expose state of guestinfo

srm09 · srm09 · commit 36ab117789e2 · 2023-06-23T17:25:36.000-07:00
Signed-off-by: Sagar Muchhal &lt;muchhals@vmware.com&gt;
diff --git a/api/v1alpha1/condition_consts.go b/api/v1alpha1/condition_consts.go
@@ -11,6 +11,28 @@ const (
 
 // Conditions and condition Reasons for the VirtualMachine object.
 
+const (
+	// VirtualMachineMetadataReadyCondition documents the state of the metadata passed to the VirtualMachine.
+	VirtualMachineMetadataReadyCondition ConditionType = "VirtualMachineMetadataReady"
+
+	// VirtualMachineMetadataDuplicatedReason (Severity=Error) documents that the mutually exclusive Secret and ConfigMap are
+	// specified in the VirtualMachineMetadata.
+	//
+	// This validation is performed by the validation webhook, defensively adding the reason.
+	VirtualMachineMetadataDuplicatedReason = "VirtualMachineMetadataDuplicated"
+
+	// VirtualMachineMetadataNotFoundReason (Severity=Error) documents that the Secret or ConfigMap specified in the VirtualMachineSpec
+	// cannot be found.
+	VirtualMachineMetadataNotFoundReason = "VirtualMachineMetadataNotFound"
+
+	// VirtualMachineMetadataInvalidReason (Severity=Error) documents that the supplied Cloud Init metadata is invalid.
+	VirtualMachineMetadataInvalidReason = "VirtualMachineMetadataInvalid"
+
+	// VirtualMachineGuestInfoSizeExceededReason (Severity=Error) documents that the supplied Cloud Init metadata exceeds the
+	// maximum allowed capacity.
+	VirtualMachineGuestInfoSizeExceededReason = "VirtualMachineGuestInfoSizeExceeded"
+)
+
 const (
 	// VirtualMachinePrereqReadyCondition documents that all of a VirtualMachine's prerequisites declared in the spec
 	// (e.g. VirtualMachineClass) are satisfied.
diff --git a/api/v1alpha2/virtualmachine_types.go b/api/v1alpha2/virtualmachine_types.go
@@ -10,6 +10,28 @@ import (
 	"github.com/vmware-tanzu/vm-operator/api/v1alpha2/common"
 )
 
+const (
+	// VirtualMachineMetadataReadyCondition documents the state of the metadata passed to the VirtualMachine.
+	VirtualMachineMetadataReadyCondition = "VirtualMachineMetadataReady"
+
+	// VirtualMachineMetadataDuplicatedReason (Severity=Error) documents that the mutually exclusive Secret and ConfigMap are
+	// specified in the VirtualMachineMetadata.
+	//
+	// This validation is performed by the validation webhook, defensively adding the reason.
+	VirtualMachineMetadataDuplicatedReason = "VirtualMachineMetadataDuplicated"
+
+	// VirtualMachineMetadataNotFoundReason (Severity=Error) documents that the Secret or ConfigMap specified in the VirtualMachineSpec
+	// cannot be found.
+	VirtualMachineMetadataNotFoundReason = "VirtualMachineMetadataNotFound"
+
+	// VirtualMachineMetadataInvalidReason (Severity=Error) documents that the supplied Cloud Init metadata is invalid.
+	VirtualMachineMetadataInvalidReason = "VirtualMachineMetadataInvalid"
+
+	// VirtualMachineGuestInfoSizeExceededReason (Severity=Error) documents that the supplied Cloud Init metadata exceeds the
+	// maximum allowed capacity.
+	VirtualMachineGuestInfoSizeExceededReason = "VirtualMachineGuestInfoSizeExceeded"
+)
+
 const (
 	// VirtualMachineConditionClassReady indicates that a referenced
 	// VirtualMachineClass is ready.
diff --git a/pkg/vmprovider/providers/vsphere/constants/constants.go b/pkg/vmprovider/providers/vsphere/constants/constants.go
@@ -72,6 +72,9 @@ const (
 	CloudInitGuestInfoUserdata         = "guestinfo.userdata"
 	CloudInitGuestInfoUserdataEncoding = "guestinfo.userdata.encoding"
 
+	// CloudInitGuestInfoMaxSize the maximum allowed size for cloud init metadata.
+	CloudInitGuestInfoMaxSize = 64 * 1024
+
 	// InstanceStoragePVCNamePrefix prefix of auto-generated PVC names.
 	InstanceStoragePVCNamePrefix = "instance-pvc-"
 	// InstanceStorageLabelKey identifies resources related to instance storage.
diff --git a/pkg/vmprovider/providers/vsphere/session/session_vm_customization.go b/pkg/vmprovider/providers/vsphere/session/session_vm_customization.go
@@ -17,6 +17,7 @@ import (
 	apiEquality "k8s.io/apimachinery/pkg/api/equality"
 
 	vmopv1 "github.com/vmware-tanzu/vm-operator/api/v1alpha1"
+	"github.com/vmware-tanzu/vm-operator/pkg/conditions"
 	"github.com/vmware-tanzu/vm-operator/pkg/context"
 	"github.com/vmware-tanzu/vm-operator/pkg/lib"
 	"github.com/vmware-tanzu/vm-operator/pkg/util"
@@ -114,17 +115,25 @@ func GetCloudInitMetadata(vm *vmopv1.VirtualMachine,
 	return string(metadataBytes), nil
 }
 
+type ErrWithReason struct {
+	error
+	conditionReason string
+}
+
 func GetCloudInitPrepCustSpec(
 	cloudInitMetadata string,
-	updateArgs VMUpdateArgs) (*vimTypes.VirtualMachineConfigSpec, *vimTypes.CustomizationSpec, error) {
+	updateArgs VMUpdateArgs) (*vimTypes.VirtualMachineConfigSpec, *vimTypes.CustomizationSpec, *ErrWithReason) {
 
 	userdata := updateArgs.VMMetadata.Data["user-data"]
 
 	if userdata != "" {
 		// Ensure the data is normalized first to plain-text.
 		plainText, err := util.TryToDecodeBase64Gzip([]byte(userdata))
 		if err != nil {
-			return nil, nil, fmt.Errorf("decoding cloud-init prep userdata failed %v", err)
+			return nil, nil, &ErrWithReason{
+				error:           fmt.Errorf("decoding cloud-init prep userdata failed %v", err),
+				conditionReason: vmopv1.VirtualMachineMetadataInvalidReason,
+			}
 		}
 		userdata = plainText
 	}
@@ -147,17 +156,27 @@ func GetCloudInitPrepCustSpec(
 func GetCloudInitGuestInfoCustSpec(
 	cloudInitMetadata string,
 	config *vimTypes.VirtualMachineConfigInfo,
-	updateArgs VMUpdateArgs) (*vimTypes.VirtualMachineConfigSpec, error) {
+	updateArgs VMUpdateArgs) (*vimTypes.VirtualMachineConfigSpec, *ErrWithReason) {
 
 	extraConfig := map[string]string{}
 
 	encodedMetadata, err := EncodeGzipBase64(cloudInitMetadata)
 	if err != nil {
-		return nil, fmt.Errorf("encoding cloud-init metadata failed %v", err)
+		return nil, &ErrWithReason{
+			error:           fmt.Errorf("encoding cloud-init metadata failed %v", err),
+			conditionReason: vmopv1.VirtualMachineMetadataInvalidReason,
+		}
 	}
 	extraConfig[constants.CloudInitGuestInfoMetadata] = encodedMetadata
 	extraConfig[constants.CloudInitGuestInfoMetadataEncoding] = "gzip+base64"
 
+	if len(encodedMetadata) > constants.CloudInitGuestInfoMaxSize {
+		return nil, &ErrWithReason{
+			error:           fmt.Errorf("size of cloud-init guest info exceeds the maximum allowed size of 64KiB"),
+			conditionReason: vmopv1.VirtualMachineGuestInfoSizeExceededReason,
+		}
+	}
+
 	var data string
 	// Check for the 'user-data' key as per official contract and API documentation.
 	// Additionally, To support the cluster bootstrap data supplied by CAPBK's secret,
@@ -173,16 +192,30 @@ func GetCloudInitGuestInfoCustSpec(
 		// Ensure the data is normalized first to plain-text.
 		plainText, err := util.TryToDecodeBase64Gzip([]byte(data))
 		if err != nil {
-			return nil, fmt.Errorf("decoding cloud-init userdata failed %v", err)
+			return nil, &ErrWithReason{
+				error:           fmt.Errorf("decoding cloud-init userdata failed %v", err),
+				conditionReason: vmopv1.VirtualMachineMetadataInvalidReason,
+			}
 		}
 
 		encodedUserdata, err := EncodeGzipBase64(plainText)
 		if err != nil {
-			return nil, fmt.Errorf("encoding cloud-init userdata failed %v", err)
+			return nil, &ErrWithReason{
+				error:           fmt.Errorf("encoding cloud-init userdata failed %v", err),
+				conditionReason: vmopv1.VirtualMachineMetadataInvalidReason,
+			}
 		}
 
 		extraConfig[constants.CloudInitGuestInfoUserdata] = encodedUserdata
 		extraConfig[constants.CloudInitGuestInfoUserdataEncoding] = "gzip+base64"
+
+		if len(encodedUserdata) > constants.CloudInitGuestInfoMaxSize ||
+			len(encodedUserdata)+len(encodedMetadata) > constants.CloudInitGuestInfoMaxSize {
+			return nil, &ErrWithReason{
+				error:           fmt.Errorf("size of cloud-init guest info exceeds the maximum allowed size of 64KiB"),
+				conditionReason: vmopv1.VirtualMachineGuestInfoSizeExceededReason,
+			}
+		}
 	}
 
 	configSpec := &vimTypes.VirtualMachineConfigSpec{}
@@ -245,23 +278,34 @@ func customizeCloudInit(
 
 	cloudInitMetadata, err := GetCloudInitMetadata(vmCtx.VM, netplan, updateArgs.VMMetadata.Data)
 	if err != nil {
+		conditions.MarkFalse(vmCtx.VM,
+			vmopv1.VirtualMachineMetadataReadyCondition,
+			vmopv1.VirtualMachineMetadataInvalidReason,
+			vmopv1.ConditionSeverityError,
+			err.Error())
 		return nil, nil, err
 	}
 
 	var configSpec *vimTypes.VirtualMachineConfigSpec
 	var custSpec *vimTypes.CustomizationSpec
+	var errWithReason *ErrWithReason
 
 	switch vmCtx.VM.Annotations[constants.CloudInitTypeAnnotation] {
 	case constants.CloudInitTypeValueCloudInitPrep:
-		configSpec, custSpec, err = GetCloudInitPrepCustSpec(cloudInitMetadata, updateArgs)
+		configSpec, custSpec, errWithReason = GetCloudInitPrepCustSpec(cloudInitMetadata, updateArgs)
 	case constants.CloudInitTypeValueGuestInfo, "":
 		fallthrough
 	default:
-		configSpec, err = GetCloudInitGuestInfoCustSpec(cloudInitMetadata, config, updateArgs)
+		configSpec, errWithReason = GetCloudInitGuestInfoCustSpec(cloudInitMetadata, config, updateArgs)
 	}
 
-	if err != nil {
-		return nil, nil, err
+	if errWithReason != nil {
+		conditions.MarkFalse(vmCtx.VM,
+			vmopv1.VirtualMachineMetadataReadyCondition,
+			errWithReason.conditionReason,
+			vmopv1.ConditionSeverityError,
+			errWithReason.Error())
+		return nil, nil, errWithReason
 	}
 
 	return configSpec, custSpec, nil
@@ -307,6 +351,7 @@ func (s *Session) customize(
 	if err != nil {
 		return err
 	}
+	conditions.MarkTrue(vmCtx.VM, vmopv1.VirtualMachineMetadataReadyCondition)
 
 	if configSpec != nil {
 		defaultConfigSpec := &vimTypes.VirtualMachineConfigSpec{}
diff --git a/pkg/vmprovider/providers/vsphere/session/session_vm_customization_test.go b/pkg/vmprovider/providers/vsphere/session/session_vm_customization_test.go
@@ -7,6 +7,7 @@ import (
 	goctx "context"
 	"encoding/base64"
 	"fmt"
+	"math/rand"
 	"strings"
 
 	. "github.com/onsi/ginkgo"
@@ -402,6 +403,59 @@ var _ = Describe("Cloud-Init Customization", func() {
 			})
 		})
 
+		Context("With cloud init guest info exceeding the maximum size", func() {
+			generateDataFunc := func(length int) string {
+				charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+				sb := strings.Builder{}
+				sb.Grow(length)
+				for i := 0; i < length; i++ {
+					sb.WriteByte(charset[rand.Intn(len(charset))]) //nolint:gosec
+				}
+				return sb.String()
+			}
+
+			Context("With cloud init user data exceeding the maximum size", func() {
+				BeforeEach(func() {
+					// Doubling the input to the max allowed size to make sure the compressed and encoded
+					// output is still above the allowed limit.
+					data, err := session.EncodeGzipBase64(generateDataFunc(128 * 1000))
+					Expect(err).ToNot(HaveOccurred())
+					updateArgs.VMMetadata.Data["user-data"] = data
+				})
+				It("will return a limit exceeded error", func() {
+					Expect(err).To(HaveOccurred())
+					Expect(err.Error()).To(ContainSubstring("exceeds the maximum allowed size"))
+				})
+			})
+
+			Context("With cloud init metadata exceeding the maximum size", func() {
+				BeforeEach(func() {
+					// Doubling the input to the max allowed size to make sure the compressed and encoded
+					// output is still above the allowed limit.
+					data, err := session.EncodeGzipBase64(generateDataFunc(128 * 1000))
+					Expect(err).ToNot(HaveOccurred())
+					cloudInitMetadata = data
+				})
+				It("will return a limit exceeded error", func() {
+					Expect(err).To(HaveOccurred())
+					Expect(err.Error()).To(ContainSubstring("exceeds the maximum allowed size"))
+				})
+			})
+
+			Context("With cloud init metadata + userdata exceeding the maximum size", func() {
+				BeforeEach(func() {
+					data, err := session.EncodeGzipBase64(generateDataFunc(64 * 1000))
+					Expect(err).ToNot(HaveOccurred())
+					cloudInitMetadata = data
+					updateArgs.VMMetadata.Data["user-data"] = data
+				})
+				It("will return a limit exceeded error", func() {
+					Expect(err).To(HaveOccurred())
+					Expect(err.Error()).To(ContainSubstring("exceeds the maximum allowed size"))
+				})
+			})
+		})
 	})
 
 	Context("GetCloudInitPrepCustSpec", func() {
diff --git a/pkg/vmprovider/providers/vsphere/vmprovider_vm_utils.go b/pkg/vmprovider/providers/vsphere/vmprovider_vm_utils.go
@@ -228,14 +228,25 @@ func GetVMMetadata(
 	// The VM's MetaData ConfigMapName and SecretName are mutually exclusive. Validation webhook checks
 	// this during create/update but double check it here.
 	if metadata.ConfigMapName != "" && metadata.SecretName != "" {
+		conditions.MarkFalse(vmCtx.VM,
+			vmopv1.VirtualMachineMetadataReadyCondition,
+			vmopv1.VirtualMachineMetadataDuplicatedReason,
+			vmopv1.ConditionSeverityError,
+			"Both ConfigMapName %s/%s and SecretName %s/%s are specified",
+			metadata.ConfigMapName, vmCtx.VM.Namespace,
+			metadata.SecretName, vmCtx.VM.Namespace)
 		return vmMD, errors.New("invalid VM Metadata: both ConfigMapName and SecretName are specified")
 	}
 
 	if metadata.ConfigMapName != "" {
 		cm := &corev1.ConfigMap{}
 		err := k8sClient.Get(vmCtx, ctrlclient.ObjectKey{Name: metadata.ConfigMapName, Namespace: vmCtx.VM.Namespace}, cm)
 		if err != nil {
-			// TODO: Condition
+			conditions.MarkFalse(vmCtx.VM,
+				vmopv1.VirtualMachineMetadataReadyCondition,
+				vmopv1.VirtualMachineMetadataNotFoundReason,
+				vmopv1.ConditionSeverityError,
+				"Unable to get metadata ConfigMap %s/%s", metadata.ConfigMapName, vmCtx.VM.Namespace)
 			return vmMD, errors.Wrap(err, "Failed to get VM Metadata ConfigMap")
 		}
 
@@ -245,7 +256,11 @@ func GetVMMetadata(
 		secret := &corev1.Secret{}
 		err := k8sClient.Get(vmCtx, ctrlclient.ObjectKey{Name: metadata.SecretName, Namespace: vmCtx.VM.Namespace}, secret)
 		if err != nil {
-			// TODO: Condition
+			conditions.MarkFalse(vmCtx.VM,
+				vmopv1.VirtualMachineMetadataReadyCondition,
+				vmopv1.VirtualMachineMetadataNotFoundReason,
+				vmopv1.ConditionSeverityError,
+				"Unable to get metadata Secret %s/%s", metadata.ConfigMapName, vmCtx.VM.Namespace)
 			return vmMD, errors.Wrap(err, "Failed to get VM Metadata Secret")
 		}
 
