Validate CloudConfiguration values

pkg/apis/kops/validation/validation.go

@@ -242,6 +242,10 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 		}
 	}
 
+	if spec.CloudConfig != nil {
+		allErrs = append(allErrs, validateCloudConfiguration(spec.CloudConfig, fieldPath.Child("cloudConfig"))...)
+	}
+
 	return allErrs
 }
 
@@ -1302,3 +1306,14 @@ func validateAWSLoadBalancerController(cluster *kops.Cluster, spec *kops.AWSLoad
 	}
 	return allErrs
 }
+
+func validateCloudConfiguration(cloudConfig *kops.CloudConfiguration, fldPath *field.Path) (allErrs field.ErrorList) {
+	if cloudConfig.ManageStorageClasses != nil && cloudConfig.Openstack != nil &&
+		cloudConfig.Openstack.BlockStorage != nil && cloudConfig.Openstack.BlockStorage.CreateStorageClass != nil {
+		if *cloudConfig.Openstack.BlockStorage.CreateStorageClass != *cloudConfig.ManageStorageClasses {
+			allErrs = append(allErrs, field.Forbidden(fldPath.Child("manageStorageClasses"),
+				"Management of storage classes and OpenStack block storage classes are both specified but disagree"))
+		}
+	}
+	return allErrs
+}

pkg/apis/kops/validation/validation_test.go

@@ -1033,3 +1033,96 @@ func Test_Validate_NodeLocalDNS(t *testing.T) {
 		testErrors(t, g.Input, errs, g.ExpectedErrors)
 	}
 }
+
+func Test_Validate_CloudConfiguration(t *testing.T) {
+	grid := []struct {
+		Description    string
+		Input          kops.CloudConfiguration
+		ExpectedErrors []string
+	}{
+		{
+			Description: "neither",
+			Input:       kops.CloudConfiguration{},
+		},
+		{
+			Description: "all false",
+			Input: kops.CloudConfiguration{
+				ManageStorageClasses: fi.Bool(false),
+			},
+		},
+		{
+			Description: "all true",
+			Input: kops.CloudConfiguration{
+				ManageStorageClasses: fi.Bool(true),
+			},
+		},
+		{
+			Description: "os false",
+			Input: kops.CloudConfiguration{
+				Openstack: &kops.OpenstackConfiguration{
+					BlockStorage: &kops.OpenstackBlockStorageConfig{
+						CreateStorageClass: fi.Bool(false),
+					},
+				}},
+		},
+		{
+			Description: "os false",
+			Input: kops.CloudConfiguration{
+				Openstack: &kops.OpenstackConfiguration{
+					BlockStorage: &kops.OpenstackBlockStorageConfig{
+						CreateStorageClass: fi.Bool(true),
+					},
+				}},
+		},
+		{
+			Description: "all false, os false",
+			Input: kops.CloudConfiguration{
+				ManageStorageClasses: fi.Bool(false),
+				Openstack: &kops.OpenstackConfiguration{
+					BlockStorage: &kops.OpenstackBlockStorageConfig{
+						CreateStorageClass: fi.Bool(false),
+					},
+				}},
+		},
+		{
+			Description: "all false, os true",
+			Input: kops.CloudConfiguration{
+				ManageStorageClasses: fi.Bool(false),
+				Openstack: &kops.OpenstackConfiguration{
+					BlockStorage: &kops.OpenstackBlockStorageConfig{
+						CreateStorageClass: fi.Bool(true),
+					},
+				}},
+			ExpectedErrors: []string{"Forbidden::cloudConfig.manageStorageClasses"},
+		},
+		{
+			Description: "all true, os false",
+			Input: kops.CloudConfiguration{
+				ManageStorageClasses: fi.Bool(true),
+				Openstack: &kops.OpenstackConfiguration{
+					BlockStorage: &kops.OpenstackBlockStorageConfig{
+						CreateStorageClass: fi.Bool(false),
+					},
+				}},
+			ExpectedErrors: []string{"Forbidden::cloudConfig.manageStorageClasses"},
+		},
+		{
+			Description: "all true, os true",
+			Input: kops.CloudConfiguration{
+				ManageStorageClasses: fi.Bool(true),
+				Openstack: &kops.OpenstackConfiguration{
+					BlockStorage: &kops.OpenstackBlockStorageConfig{
+						CreateStorageClass: fi.Bool(true),
+					},
+				}},
+		},
+	}
+
+	for _, g := range grid {
+		fldPath := field.NewPath("cloudConfig")
+		t.Run(g.Description, func(t *testing.T) {
+			errs := validateCloudConfiguration(&g.Input, fldPath)
+			testErrors(t, g.Input, errs, g.ExpectedErrors)
+		})
+	}
+}