gcp: Add validation for Network Project Data

pkg/types/gcp/validation/platform.go

@@ -7,8 +7,8 @@ import (
 
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
+	"github.com/openshift/installer/pkg/types"
 	"github.com/openshift/installer/pkg/types/gcp"
-
 	"github.com/openshift/installer/pkg/validate"
 )
 
@@ -60,7 +60,7 @@ var (
 )
 
 // ValidatePlatform checks that the specified platform is valid.
-func ValidatePlatform(p *gcp.Platform, fldPath *field.Path) field.ErrorList {
+func ValidatePlatform(p *gcp.Platform, fldPath *field.Path, ic *types.InstallConfig) field.ErrorList {
 	allErrs := field.ErrorList{}
 	if p.Region == "" {
 		allErrs = append(allErrs, field.Required(fldPath.Child("region"), "must provide a region"))
@@ -69,6 +69,15 @@ func ValidatePlatform(p *gcp.Platform, fldPath *field.Path) field.ErrorList {
 		allErrs = append(allErrs, ValidateMachinePool(p, p.DefaultMachinePlatform, fldPath.Child("defaultMachinePlatform"))...)
 		allErrs = append(allErrs, ValidateDefaultDiskType(p.DefaultMachinePlatform, fldPath.Child("defaultMachinePlatform"))...)
 	}
+	if p.NetworkProjectID != "" {
+		if p.Network == "" {
+			allErrs = append(allErrs, field.Required(fldPath.Child("network"), "must provide a network when a networkProjectID is specified"))
+		}
+		if ic.CredentialsMode != types.ManualCredentialsMode && ic.CredentialsMode != types.PassthroughCredentialsMode {
+			allErrs = append(allErrs, field.NotSupported(fldPath.Child("credentialsMode"),
+				ic.CredentialsMode, []string{string(types.ManualCredentialsMode), string(types.PassthroughCredentialsMode)}))
+		}
+	}
 	if p.Network != "" {
 		if p.ComputeSubnet == "" {
 			allErrs = append(allErrs, field.Required(fldPath.Child("computeSubnet"), "must provide a compute subnet when a network is specified"))

pkg/types/gcp/validation/platform_test.go

@@ -6,14 +6,16 @@ import (
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
+	"github.com/openshift/installer/pkg/types"
 	"github.com/openshift/installer/pkg/types/gcp"
 )
 
 func TestValidatePlatform(t *testing.T) {
 	cases := []struct {
-		name     string
-		platform *gcp.Platform
-		valid    bool
+		name            string
+		platform        *gcp.Platform
+		credentialsMode types.CredentialsMode
+		valid           bool
 	}{
 		{
 			name: "minimal",
@@ -88,10 +90,83 @@ func TestValidatePlatform(t *testing.T) {
 			},
 			valid: true,
 		},
+		{
+			name: "GCP valid network project data",
+			platform: &gcp.Platform{
+				Region:             "us-east1",
+				NetworkProjectID:   "valid-network-project",
+				ProjectID:          "valid-project",
+				Network:            "valid-vpc",
+				ComputeSubnet:      "valid-compute-subnet",
+				ControlPlaneSubnet: "valid-cp-subnet",
+			},
+			credentialsMode: types.PassthroughCredentialsMode,
+			valid:           true,
+		},
+		{
+			name: "GCP invalid network project missing network",
+			platform: &gcp.Platform{
+				Region:             "us-east1",
+				NetworkProjectID:   "valid-network-project",
+				ProjectID:          "valid-project",
+				ComputeSubnet:      "valid-compute-subnet",
+				ControlPlaneSubnet: "valid-cp-subnet",
+			},
+			credentialsMode: types.PassthroughCredentialsMode,
+			valid:           false,
+		},
+		{
+			name: "GCP invalid network project missing compute subnet",
+			platform: &gcp.Platform{
+				Region:             "us-east1",
+				NetworkProjectID:   "valid-network-project",
+				ProjectID:          "valid-project",
+				Network:            "valid-vpc",
+				ControlPlaneSubnet: "valid-cp-subnet",
+			},
+			credentialsMode: types.PassthroughCredentialsMode,
+			valid:           false,
+		},
+		{
+			name: "GCP invalid network project missing control plane subnet",
+			platform: &gcp.Platform{
+				Region:           "us-east1",
+				NetworkProjectID: "valid-network-project",
+				ProjectID:        "valid-project",
+				Network:          "valid-vpc",
+				ComputeSubnet:    "valid-compute-subnet",
+			},
+			credentialsMode: types.PassthroughCredentialsMode,
+			valid:           false,
+		},
+		{
+			name: "GCP invalid network project bad credentials mode",
+			platform: &gcp.Platform{
+				Region:             "us-east1",
+				NetworkProjectID:   "valid-network-project",
+				ProjectID:          "valid-project",
+				Network:            "valid-vpc",
+				ComputeSubnet:      "valid-compute-subnet",
+				ControlPlaneSubnet: "valid-cp-subnet",
+			},
+			credentialsMode: types.MintCredentialsMode,
+			valid:           false,
+		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
-			err := ValidatePlatform(tc.platform, field.NewPath("test-path")).ToAggregate()
+
+			credentialsMode := tc.credentialsMode
+			if credentialsMode == "" {
+				credentialsMode = types.MintCredentialsMode
+			}
+
+			// the only item currently used is the credentialsMode
+			ic := types.InstallConfig{
+				CredentialsMode: credentialsMode,
+			}
+
+			err := ValidatePlatform(tc.platform, field.NewPath("test-path"), &ic).ToAggregate()
 			if tc.valid {
 				assert.NoError(t, err)
 			} else {

pkg/types/validation/installconfig.go

@@ -489,7 +489,7 @@ func validatePlatform(platform *types.Platform, fldPath *field.Path, network *ty
 		})
 	}
 	if platform.GCP != nil {
-		validate(gcp.Name, platform.GCP, func(f *field.Path) field.ErrorList { return gcpvalidation.ValidatePlatform(platform.GCP, f) })
+		validate(gcp.Name, platform.GCP, func(f *field.Path) field.ErrorList { return gcpvalidation.ValidatePlatform(platform.GCP, f, c) })
 	}
 	if platform.IBMCloud != nil {
 		validate(ibmcloud.Name, platform.IBMCloud, func(f *field.Path) field.ErrorList { return ibmcloudvalidation.ValidatePlatform(platform.IBMCloud, f) })