Prohibit bastion images of classification preview

gardener · Oct 31, 2024 · a83538e · a83538e
1 parent 62a688d
commit a83538e
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 24 deletions.
diff --git a/pkg/controller/bastion/options.go b/pkg/controller/bastion/options.go
@@ -11,13 +11,14 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
-	awsv1alpha1 "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1"
-	awsclient "github.com/gardener/gardener-extension-provider-aws/pkg/aws/client"
 	"github.com/gardener/gardener/extensions/pkg/controller"
 	gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
 	"github.com/gardener/gardener/pkg/client/kubernetes"
 	"github.com/gardener/gardener/pkg/extensions"
+
+	awsv1alpha1 "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1"
+	awsclient "github.com/gardener/gardener-extension-provider-aws/pkg/aws/client"
 )
 
 // Options contains provider-related information required for setting up
@@ -82,6 +83,9 @@ func DetermineOptions(ctx context.Context, bastion *extensionsv1alpha1.Bastion,
 	}
 
 	ami, err := findImageAMIByRegion(machineImageVersion, vmDetails, region)
+	if err != nil {
+		return nil, fmt.Errorf("failed to find image AMI by region: %w", err)
+	}
 
 	return &Options{
 		Shoot:                    cluster.Shoot,

diff --git a/pkg/controller/bastion/options_test.go b/pkg/controller/bastion/options_test.go
@@ -5,10 +5,11 @@
 package bastion
 
 import (
-	apisaws "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"k8s.io/utils/ptr"
+
+	apisaws "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1"
 )
 
 var _ = Describe("Bastion Options", func() {

diff --git a/pkg/controller/bastion/vmdetails.go b/pkg/controller/bastion/vmdetails.go
@@ -12,6 +12,7 @@ import (
 
 // This file should be exactly identical for all providers
 
+// VmDetails define all bastion vm details derived from the CloudProfile
 type VmDetails struct {
 	MachineName   string
 	Architecture  string
@@ -169,6 +170,10 @@ func getImageVersion(imageName, machineArch string, bastion *core.Bastion, image
 			return "", fmt.Errorf("image version %s not found not found in cloudProfile", *bastion.MachineImage.Version)
 		}
 
+		if image.Versions[versionIndex].Classification != nil && *image.Versions[versionIndex].Classification != core.ClassificationSupported {
+			return "", fmt.Errorf("specified image %s in version %s is not classified supported", imageName, *bastion.MachineImage.Version)
+		}
+
 		return *bastion.MachineImage.Version, nil
 	}
 

diff --git a/pkg/controller/bastion/vmdetails_test.go b/pkg/controller/bastion/vmdetails_test.go
@@ -3,14 +3,14 @@ package bastion_test
 import (
 	"slices"
 
-	"github.com/gardener/gardener-extension-provider-aws/pkg/controller/bastion"
-	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	core "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	. "github.com/gardener/gardener/pkg/utils/test/matchers"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/utils/ptr"
+
+	"github.com/gardener/gardener-extension-provider-aws/pkg/controller/bastion"
 )
 
 var _ = Describe("Bastion VM Details", func() {
@@ -25,24 +25,24 @@ var _ = Describe("Bastion VM Details", func() {
 			ImageVersion:  "1.2.3",
 		}
 		spec = core.CloudProfileSpec{
-			Bastion: &v1beta1.Bastion{
-				MachineImage: &v1beta1.BastionMachineImage{
+			Bastion: &core.Bastion{
+				MachineImage: &core.BastionMachineImage{
 					Name: desired.ImageBaseName,
 				},
-				MachineType: &v1beta1.BastionMachineType{
+				MachineType: &core.BastionMachineType{
 					Name: desired.MachineName,
 				},
 			},
-			MachineTypes: []v1beta1.MachineType{{
+			MachineTypes: []core.MachineType{{
 				CPU:          resource.MustParse("4"),
 				Name:         desired.MachineName,
 				Architecture: ptr.To(desired.Architecture),
 			}},
-			MachineImages: []v1beta1.MachineImage{{
+			MachineImages: []core.MachineImage{{
 				Name: desired.ImageBaseName,
-				Versions: []v1beta1.MachineImageVersion{
+				Versions: []core.MachineImageVersion{
 					{
-						ExpirableVersion: v1beta1.ExpirableVersion{
+						ExpirableVersion: core.ExpirableVersion{
 							Version:        desired.ImageVersion,
 							Classification: ptr.To(core.ClassificationSupported),
 						},
@@ -57,8 +57,8 @@ var _ = Describe("Bastion VM Details", func() {
 			return image.Name == imageName
 		})
 
-		newVersion := v1beta1.MachineImageVersion{
-			ExpirableVersion: v1beta1.ExpirableVersion{
+		newVersion := core.MachineImageVersion{
+			ExpirableVersion: core.ExpirableVersion{
 				Version:        version,
 				Classification: ptr.To(classification),
 			},
@@ -67,9 +67,9 @@ var _ = Describe("Bastion VM Details", func() {
 
 		// append new machine image
 		if machineIndex == -1 {
-			spec.MachineImages = append(spec.MachineImages, v1beta1.MachineImage{
+			spec.MachineImages = append(spec.MachineImages, core.MachineImage{
 				Name:     imageName,
-				Versions: []v1beta1.MachineImageVersion{newVersion},
+				Versions: []core.MachineImageVersion{newVersion},
 			})
 		}
 
@@ -85,7 +85,7 @@ var _ = Describe("Bastion VM Details", func() {
 		})
 
 		It("should succeed with empty bastion section", func() {
-			spec.Bastion = &v1beta1.Bastion{}
+			spec.Bastion = &core.Bastion{}
 			details, err := bastion.DetermineVmDetails(spec)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(details).To(DeepEqual(desired))
@@ -140,7 +140,7 @@ var _ = Describe("Bastion VM Details", func() {
 
 		It("should find smallest machine", func() {
 			spec.Bastion.MachineType = nil
-			spec.MachineTypes = append(spec.MachineTypes, v1beta1.MachineType{
+			spec.MachineTypes = append(spec.MachineTypes, core.MachineType{
 				CPU:          resource.MustParse("1"),
 				GPU:          resource.MustParse("1"),
 				Name:         "smallerMachine",
@@ -166,13 +166,11 @@ var _ = Describe("Bastion VM Details", func() {
 			Expect(details).To(DeepEqual(desired))
 		})
 
-		It("allow preview image if version is specified", func() {
+		It("should not allow preview image even if version is specified", func() {
 			addImageToCloudProfile(desired.ImageBaseName, "1.2.4", core.ClassificationPreview, []string{"amd64"})
 			spec.Bastion.MachineImage.Version = ptr.To("1.2.4")
-			desired.ImageVersion = "1.2.4"
-			details, err := bastion.DetermineVmDetails(spec)
-			Expect(err).NotTo(HaveOccurred())
-			Expect(details).To(DeepEqual(desired))
+			_, err := bastion.DetermineVmDetails(spec)
+			Expect(err).To(HaveOccurred())
 		})
 
 		It("only use images for matching machineType architecture", func() {

diff --git a/test/integration/route.go b/test/integration/route.go
@@ -6,8 +6,9 @@ import (
 
 	awssdk "github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
-	awsclient "github.com/gardener/gardener-extension-provider-aws/pkg/aws/client"
 	"k8s.io/utils/ptr"
+
+	awsclient "github.com/gardener/gardener-extension-provider-aws/pkg/aws/client"
 )
 
 // AddRoute adds a route for the default vpc route table with myIpCidr as destination