Validate MachineController/OperatingSystemManager and cloudProvider N…

…one are mutually exclusive

Signed-off-by: Artiom Diomin <artiom@kubermatic.com>

pkg/apis/kubeone/validation/validation.go

@@ -51,7 +51,7 @@ func ValidateKubeOneCluster(c kubeoneapi.KubeOneCluster) field.ErrorList {
 	allErrs = append(allErrs, ValidateName(c.Name, field.NewPath("name"))...)
 	allErrs = append(allErrs, ValidateControlPlaneConfig(c.ControlPlane, c.ClusterNetwork, field.NewPath("controlPlane"))...)
 	allErrs = append(allErrs, ValidateAPIEndpoint(c.APIEndpoint, field.NewPath("apiEndpoint"))...)
-	allErrs = append(allErrs, ValidateCloudProviderSpec(c.CloudProvider, c.ClusterNetwork, field.NewPath("provider"))...)
+	allErrs = append(allErrs, ValidateCloudProviderSpec(c, field.NewPath("provider"))...)
 	allErrs = append(allErrs, ValidateVersionConfig(c.Versions, field.NewPath("versions"))...)
 	allErrs = append(allErrs, ValidateKubernetesSupport(c, field.NewPath(""))...)
 	allErrs = append(allErrs, ValidateContainerRuntimeConfig(c.ContainerRuntime, c.Versions, field.NewPath("containerRuntime"))...)
@@ -163,8 +163,10 @@ func ValidateAPIEndpoint(a kubeoneapi.APIEndpoint, fldPath *field.Path) field.Er
 // ValidateCloudProviderSpec validates the CloudProviderSpec structure
 //
 //nolint:gocyclo
-func ValidateCloudProviderSpec(providerSpec kubeoneapi.CloudProviderSpec, networkConfig kubeoneapi.ClusterNetworkConfig, fldPath *field.Path) field.ErrorList {
+func ValidateCloudProviderSpec(cluster kubeoneapi.KubeOneCluster, fldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
+	providerSpec := cluster.CloudProvider
+	networkConfig := cluster.ClusterNetwork
 
 	providerFound := false
 	if providerSpec.AWS != nil {
@@ -246,6 +248,12 @@ func ValidateCloudProviderSpec(providerSpec kubeoneapi.CloudProviderSpec, networ
 		if providerFound {
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("none"), "only one provider can be used at the same time"))
 		}
+		if cluster.MachineController != nil && cluster.MachineController.Deploy {
+			allErrs = append(allErrs, field.Forbidden(fldPath.Child("none"), "machine-controller requires a cloud provider"))
+		}
+		if cluster.OperatingSystemManager != nil && cluster.OperatingSystemManager.Deploy {
+			allErrs = append(allErrs, field.Forbidden(fldPath.Child("none"), "operating-system-manager requires a cloud provider"))
+		}
 		providerFound = true
 	}
 

pkg/apis/kubeone/validation/validation_test.go

@@ -471,6 +471,8 @@ func TestValidateCloudProviderSpec(t *testing.T) {
 		name           string
 		providerConfig kubeoneapi.CloudProviderSpec
 		networkConfig  kubeoneapi.ClusterNetworkConfig
+		mc             *kubeoneapi.MachineControllerConfig
+		osm            *kubeoneapi.OperatingSystemManagerConfig
 		expectedError  bool
 	}{
 		{
@@ -774,10 +776,36 @@ func TestValidateCloudProviderSpec(t *testing.T) {
 			},
 			expectedError: false,
 		},
+		{
+			name: "cloudProvider.none and machine-controller is mutually exclusive",
+			providerConfig: kubeoneapi.CloudProviderSpec{
+				None: &kubeoneapi.NoneSpec{},
+			},
+			mc: &kubeoneapi.MachineControllerConfig{
+				Deploy: true,
+			},
+			expectedError: true,
+		},
+		{
+			name: "cloudProvider.none and OSM is mutually exclusive",
+			providerConfig: kubeoneapi.CloudProviderSpec{
+				None: &kubeoneapi.NoneSpec{},
+			},
+			osm: &kubeoneapi.OperatingSystemManagerConfig{
+				Deploy: true,
+			},
+			expectedError: true,
+		},
 	}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-			errs := ValidateCloudProviderSpec(tc.providerConfig, tc.networkConfig, nil)
+			cluster := kubeoneapi.KubeOneCluster{
+				CloudProvider:          tc.providerConfig,
+				ClusterNetwork:         tc.networkConfig,
+				MachineController:      tc.mc,
+				OperatingSystemManager: tc.osm,
+			}
+			errs := ValidateCloudProviderSpec(cluster, nil)
 			if (len(errs) == 0) == tc.expectedError {
 				t.Errorf("test case failed: expected %v, but got %v", tc.expectedError, (len(errs) != 0))
 			}