Add AllMuticast mode support

The sriov cni has a new option to enable allmulticast mode on the VF.
These changes allows users to enable this mode via the SriovNetwork object.

Signed-off-by: Marcelo Guerrero <[email protected]>

api/v1/helper.go

@@ -601,6 +601,16 @@ func (cr *SriovNetwork) RenderNetAttDef() (*uns.Unstructured, error) {
 		data.Data["TrustConfigured"] = false
 	}
 
+	data.Data["AllMulticastConfigured"] = true
+	switch cr.Spec.AllMulticast {
+	case SriovCniStateOn:
+		data.Data["SriovCniAllMulticast"] = SriovCniStateOn
+	case SriovCniStateOff:
+		data.Data["SriovCniAllMulticast"] = SriovCniStateOff
+	default:
+		data.Data["AllMulticastConfigured"] = false
+	}
+
 	data.Data["StateConfigured"] = true
 	switch cr.Spec.LinkState {
 	case SriovCniStateEnable:

api/v1/sriovnetwork_types.go

@@ -48,6 +48,9 @@ type SriovNetworkSpec struct {
 	// VF trust mode (on|off)
 	// +kubebuilder:validation:Enum={"on","off"}
 	Trust string `json:"trust,omitempty"`
+	// AllMulticast mode (on|off)
+	// +kubebuilder:validation:Enum={"on","off"}
+	AllMulticast string `json:"allMulticast,omitempty"`
 	// VF link state (enable|disable|auto)
 	// +kubebuilder:validation:Enum={"auto","enable","disable"}
 	LinkState string `json:"linkState,omitempty"`

bindata/manifests/cni-config/sriov-cni-config.yaml

@@ -22,6 +22,9 @@ spec:
 {{- if .TrustConfigured -}}
   "trust":"{{.SriovCniTrust}}",
 {{- end -}}
+{{- if .AllMulticastConfigured -}}
+  "all_multicast":"{{.SriovCniAllMulticast}}",
+{{- end -}}
 {{- if .VlanQoSConfigured -}}
   "vlanQoS":{{.SriovCniVlanQoS}},
 {{- end -}}

bindata/manifests/operator-webhook/003-webhook.yaml

@@ -57,3 +57,7 @@ webhooks:
         apiGroups: ["sriovnetwork.openshift.io"]
         apiVersions: ["v1"]
         resources: ["sriovnetworknodepolicies"]
+      - operations: [ "CREATE", "UPDATE" ]
+        apiGroups: [ "sriovnetwork.openshift.io" ]
+        apiVersions: [ "v1" ]
+        resources: [ "sriovnetworks" ]

config/crd/bases/sriovnetwork.openshift.io_sriovnetworks.yaml

@@ -35,6 +35,12 @@ spec:
           spec:
             description: SriovNetworkSpec defines the desired state of SriovNetwork
             properties:
+              allMulticast:
+                description: AllMulticast mode (on|off)
+                enum:
+                - "on"
+                - "off"
+                type: string
               capabilities:
                 description: 'Capabilities to be configured for this network. Capabilities
                   supported: (mac|ips), e.g. ''{"mac": true}'''

controllers/sriovnetwork_controller_test.go

@@ -48,6 +48,7 @@ var _ = Describe("SriovNetwork Controller", func() {
 				ResourceName: "resource_1",
 				IPAM:         `{"type":"host-local","subnet":"10.56.217.0/24","rangeStart":"10.56.217.171","rangeEnd":"10.56.217.181","routes":[{"dst":"0.0.0.0/0"}],"gateway":"10.56.217.1"}`,
 				Trust:        on,
+				AllMulticast: on,
 			},
 			"test-4": {
 				ResourceName: "resource_1",
@@ -90,7 +91,7 @@ var _ = Describe("SriovNetwork Controller", func() {
 			Entry("with vlan flag", sriovnets["test-0"]),
 			Entry("with networkNamespace flag", sriovnets["test-1"]),
 			Entry("with SpoofChk flag on", sriovnets["test-2"]),
-			Entry("with Trust flag on", sriovnets["test-3"]),
+			Entry("with Trust and AllMulticast on", sriovnets["test-3"]),
 		)
 
 		newSpecs := map[string]sriovnetworkv1.SriovNetworkSpec{
@@ -220,6 +221,7 @@ var _ = Describe("SriovNetwork Controller", func() {
 func generateExpectedNetConfig(cr *sriovnetworkv1.SriovNetwork) string {
 	spoofchk := ""
 	trust := ""
+	allMulticast := ""
 	ipam := emptyCurls
 
 	if cr.Spec.Trust == sriovnetworkv1.SriovCniStateOn {
@@ -228,6 +230,12 @@ func generateExpectedNetConfig(cr *sriovnetworkv1.SriovNetwork) string {
 		trust = `"trust":"off",`
 	}
 
+	if cr.Spec.AllMulticast == sriovnetworkv1.SriovCniStateOn {
+		trust = `"all_multicast":"on",`
+	} else if cr.Spec.AllMulticast == sriovnetworkv1.SriovCniStateOff {
+		trust = `"all_multicast":"off",`
+	}
+
 	if cr.Spec.SpoofChk == sriovnetworkv1.SriovCniStateOn {
 		spoofchk = `"spoofchk":"on",`
 	} else if cr.Spec.SpoofChk == sriovnetworkv1.SriovCniStateOff {
@@ -241,7 +249,7 @@ func generateExpectedNetConfig(cr *sriovnetworkv1.SriovNetwork) string {
 	}
 	vlanQoS := cr.Spec.VlanQoS
 
-	configStr, err := formatJSON(fmt.Sprintf(`{ "cniVersion":"0.3.1", "name":"%s","type":"sriov","vlan":%d,%s%s%s"vlanQoS":%d,"ipam":%s }`, cr.GetName(), cr.Spec.Vlan, spoofchk, trust, state, vlanQoS, ipam))
+	configStr, err := formatJSON(fmt.Sprintf(`{ "cniVersion":"0.3.1", "name":"%s","type":"sriov","vlan":%d,%s%s%s"vlanQoS":%d,%s"ipam":%s }`, cr.GetName(), cr.Spec.Vlan, spoofchk, trust, allMulticast, vlanQoS, state, ipam))
 	if err != nil {
 		panic(err)
 	}

deployment/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworks.yaml

@@ -35,6 +35,12 @@ spec:
           spec:
             description: SriovNetworkSpec defines the desired state of SriovNetwork
             properties:
+              allMulticast:
+                description: AllMulticast mode (on|off)
+                enum:
+                - "on"
+                - "off"
+                type: string
               capabilities:
                 description: 'Capabilities to be configured for this network. Capabilities
                   supported: (mac|ips), e.g. ''{"mac": true}'''

pkg/webhook/validate.go

@@ -48,6 +48,19 @@ func validateSriovOperatorConfig(cr *sriovnetworkv1.SriovOperatorConfig, operati
 	return false, warnings, fmt.Errorf("only default SriovOperatorConfig is used")
 }
 
+func validateSriovNetwork(cr *sriovnetworkv1.SriovNetwork, operation v1.Operation) (bool, []string, error) {
+	glog.V(2).Infof("validateSriovNetwork: %v", cr)
+	var warnings []string
+
+	if operation == v1.Create || operation == v1.Update {
+		if cr.Spec.AllMulticast == sriovnetworkv1.SriovCniStateOn && cr.Spec.Trust != sriovnetworkv1.SriovCniStateOn {
+			return false, warnings, fmt.Errorf("trust must be enabled in order to set allMulticast on")
+		}
+	}
+
+	return true, warnings, nil
+}
+
 func validateSriovNetworkNodePolicy(cr *sriovnetworkv1.SriovNetworkNodePolicy, operation v1.Operation) (bool, []string, error) {
 	glog.V(2).Infof("validateSriovNetworkNodePolicy: %v", cr)
 	var warnings []string

pkg/webhook/validate_test.go

@@ -164,6 +164,40 @@ func TestValidateSriovOperatorConfigWithDefaultOperatorConfig(t *testing.T) {
 	g.Expect(ok).To(Equal(true))
 }
 
+func TestValidateSriovNetworkAllMulticast(t *testing.T) {
+	var err error
+	var ok bool
+
+	network := &SriovNetwork{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test",
+		},
+		Spec: SriovNetworkSpec{
+			AllMulticast: "on",
+			Trust:        "on",
+		},
+	}
+
+	g := NewGomegaWithT(t)
+	ok, _, err = validateSriovNetwork(network, "CREATE")
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(ok).To(Equal(true))
+
+	ok, _, err = validateSriovNetwork(network, "UPDATE")
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(ok).To(Equal(true))
+
+	network.Spec.Trust = "off"
+
+	ok, _, err = validateSriovNetwork(network, "CREATE")
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(ok).To(Equal(false))
+
+	ok, _, err = validateSriovNetwork(network, "UPDATE")
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(ok).To(Equal(false))
+}
+
 func TestValidateSriovNetworkNodePolicyWithDefaultPolicy(t *testing.T) {
 	var err error
 	var ok bool

pkg/webhook/webhook.go

@@ -68,6 +68,20 @@ func ValidateCustomResource(ar v1.AdmissionReview) *v1.AdmissionResponse {
 				Reason: metav1.StatusReason(err.Error()),
 			}
 		}
+	case "SriovNetwork":
+		network := sriovnetworkv1.SriovNetwork{}
+
+		err = json.Unmarshal(raw, &network)
+		if err != nil {
+			glog.Error(err)
+			return toV1AdmissionResponse(err)
+		}
+
+		if reviewResponse.Allowed, reviewResponse.Warnings, err = validateSriovNetwork(&network, ar.Request.Operation); err != nil {
+			reviewResponse.Result = &metav1.Status{
+				Reason: metav1.StatusReason(err.Error()),
+			}
+		}
 	case "SriovOperatorConfig":
 		config := sriovnetworkv1.SriovOperatorConfig{}