Merge pull request #1430 from jhixson74/main_aws_gp3_throughput

CORS-4280: AWS: Add throughput validation for gp3 volumes

Author: openshift-merge-bot[bot]

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.27.2
 	github.com/onsi/gomega v1.38.2
 	github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7
-	github.com/openshift/api v0.0.0-20251111193948-50e2ece149d7
+	github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42
 	github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235
 	github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d
 	github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20251029084908-344babe6a957

go.sum

@@ -449,8 +449,8 @@ github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jD
 github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7 h1:Z1swlS6b3Adm6RPhjqefs3DWnNFLDxRX+WC8GMXhja4=
 github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M=
-github.com/openshift/api v0.0.0-20251111193948-50e2ece149d7 h1:MemawsK6SpxEaE5y0NqO5sIX3yTLIIyP89w6DGKukAk=
-github.com/openshift/api v0.0.0-20251111193948-50e2ece149d7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
+github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42 h1:Mo2FlDdoCZ+BE2W4C0lNcxEDeIIhfsYFP6vj4Sggp8w=
+github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
 github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 h1:9JBeIXmnHlpXTQPi7LPmu1jdxznBhAE7bb1K+3D8gxY=
 github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235/go.mod h1:L49W6pfrZkfOE5iC1PqEkuLkXG4W0BX4w8b+L2Bv7fM=
 github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d h1:+sqUThLi/lmgT5/scmmjnS6+RZFtbdxRAscNfCPyLPI=

pkg/webhooks/machine_webhook.go

@@ -799,6 +799,32 @@ func validateAWS(m *machinev1beta1.Machine, config *admissionConfig) (bool, []st
 
 	// TODO(alberto): Validate providerSpec.BlockDevices.
 	// https://github.com/openshift/cluster-api-provider-aws/pull/299#discussion_r433920532
+	for i, blockDevice := range providerSpec.BlockDevices {
+		ebs := blockDevice.EBS
+		if ebs == nil || ebs.VolumeType == nil || ebs.ThroughputMib == nil {
+			continue
+		}
+
+		throughputPath := field.NewPath("providerSpec", "blockDevices").Index(i).Child("ebs", "throughputMib")
+		throughputValue := *ebs.ThroughputMib
+
+		if *ebs.VolumeType != "gp3" {
+			errs = append(errs, field.Invalid(
+				throughputPath,
+				throughputValue,
+				"only valid for gp3 volumes",
+			))
+			continue
+		}
+
+		if throughputValue < 125 || throughputValue > 2000 {
+			errs = append(errs, field.Invalid(
+				throughputPath,
+				throughputValue,
+				"must be a value between 125 and 2000",
+			))
+		}
+	}
 
 	switch providerSpec.Placement.Tenancy {
 	case "", machinev1beta1.DefaultTenancy, machinev1beta1.DedicatedTenancy, machinev1beta1.HostTenancy:

pkg/webhooks/machine_webhook_test.go

@@ -451,6 +451,90 @@ func TestMachineCreation(t *testing.T) {
 			},
 			expectedError: "admission webhook \"validation.machine.machine.openshift.io\" denied the request: spec.hostPlacement.dedicatedHost.id: Invalid value: \"invalid\": id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)",
 		},
+		{
+			name:         "with VolumeType set to gp3 and Throughput set under minium value",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
+						{
+							EBS: &machinev1beta1.EBSBlockDeviceSpec{
+								VolumeType:    ptr.To[string]("gp3"),
+								ThroughputMib: ptr.To[int32](124),
+							},
+						},
+					},
+				},
+			},
+			expectedError: "must be a value between 125 and 2000",
+		},
+		{
+			name:         "with VolumeType set to gp3 and Throughput set over maxium value",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
+						{
+							EBS: &machinev1beta1.EBSBlockDeviceSpec{
+								VolumeType:    ptr.To[string]("gp3"),
+								ThroughputMib: ptr.To[int32](2001),
+							},
+						},
+					},
+				},
+			},
+			expectedError: "must be a value between 125 and 2000",
+		},
+		{
+			name:         "with VolumeType set to gp3 and Throughput set within range",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
+						{
+							EBS: &machinev1beta1.EBSBlockDeviceSpec{
+								VolumeType:    ptr.To[string]("gp3"),
+								ThroughputMib: ptr.To[int32](1000),
+							},
+						},
+					},
+				},
+			},
+			expectedError: "",
+		},
+		{
+			name:         "with Throughput set on non gp3 volume",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
+						{
+							EBS: &machinev1beta1.EBSBlockDeviceSpec{
+								VolumeType:    ptr.To[string]("io1"),
+								ThroughputMib: ptr.To[int32](124),
+							},
+						},
+					},
+				},
+			},
+			expectedError: "only valid for gp3 volumes",
+		},
 		{
 			name:              "with Azure and a nil provider spec value",
 			platformType:      osconfigv1.AzurePlatformType,