Add support for network interface alternative names

[cgoncalves]

Add support for network interface alternative names

Overview

This PR adds support for network interface alternative names (altnames) throughout the SR-IOV Network Operator. Interface alternative names provide additional flexibility when selecting network interfaces in policies, particularly useful in environments where interfaces may have predictable alternative naming schemes.

This change is backward compatible. Existing policies using primary interface names will continue to work without modification.

How to Use

Alternative names are automatically discovered and stored in the SriovNetworkNodeState CR. When defining a SriovNetworkNodePolicy, you can now reference interfaces using either their primary name or any of their alternative names in the nicSelector.pfNames field.

Example:

apiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetworkNodePolicy
metadata:
  name: policy-using-altname
  namespace: sriov-network-operator
spec:
  deviceType: netdevice
  nicSelector:
    pfNames: ["sriov1"]  # Can use altname instead of primary interface name
    vendor: "8086"
  nodeSelector:
    feature.node.kubernetes.io/network-sriov.capable: "true"

Summary by CodeRabbit

Release Notes

• New Features

  • Policy-level support for matching network interfaces by primary or alternative names
  • Automatic discovery of alternative interface names for physical functions

• Documentation

  • Added guide for discovering and viewing alternative interface names in SriovNetworkNodeState
  • Added documentation for using primary and alternative names in SR-IOV network policies

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

Thanks for your PR,
To run vendors CIs, Maintainers can use one of:

• /test-all: To run all tests for all vendors.
• /test-e2e-all: To run all E2E tests for all vendors.
• /test-e2e-nvidia-all: To run all E2E tests for NVIDIA vendor.

To skip the vendors CIs, Maintainers can use one of:

• /skip-all: To skip all tests for all vendors.
• /skip-e2e-all: To skip all E2E tests for all vendors.
• /skip-e2e-nvidia-all: To skip all E2E tests for NVIDIA vendor.
  Best regards.

[coveralls]

Pull Request Test Coverage Report for Build 19855289298

Details

• 70 of 91 (76.92%) changed or added relevant lines in 7 files are covered.
• 21 unchanged lines in 6 files lost coverage.
• Overall coverage decreased (-0.02%) to 62.126%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
controllers/sriovnetworknodepolicy_controller.go	19	21	90.48%
pkg/host/internal/sriov/sriov.go	3	5	60.0%
pkg/webhook/validate.go	12	15	80.0%
api/v1/zz_generated.deepcopy.go	1	5	20.0%
pkg/host/internal/lib/netlink/netlink.go	0	10	0.0%

Files with Coverage Reduction	New Missed Lines	%
controllers/sriovnetworknodepolicy_controller.go	1	69.25%
pkg/daemon/config.go	2	93.75%
pkg/webhook/validate.go	2	66.0%
controllers/helper.go	3	70.23%
pkg/daemon/daemon.go	5	44.99%
pkg/daemon/status.go	8	60.42%

Totals
Change from base Build 19828301445:	-0.02%
Covered Lines:	8820
Relevant Lines:	14197

---

💛 - Coveralls

[zeeke]

LGTM

Thanks for this work!

[SchSeba]

LGTM

just a small comment :)

[coderabbitai]

Walkthrough

Introduces support for alternative interface names (altNames) in SR-IOV networking. Changes include discovering altNames via netlink during SR-IOV discovery, storing them in node state, adding helper functions for name resolution and matching, updating webhook validation to resolve interface names using both primary and alternative names, and updating device plugin resource creation with resolved names.

Changes

Cohort / File(s)	Summary
Data Model Extensions api/v1/sriovnetworknodestate_types.go, api/v1/zz_generated.deepcopy.go, config/crd/bases/sriovnetwork.openshift.io_sriovnetworknodestates.yaml, deployment/.../sriovnetwork.openshift.io_sriovnetworknodestates.yaml	Added AltNames []string field to InterfaceExt struct; updated CRD schemas and deep copy logic to include alternative names.
Netlink Interface & Implementation pkg/host/internal/lib/netlink/netlink.go, pkg/host/internal/lib/netlink/mock/mock_netlink.go	Extended NetlinkLib interface with GetAltNames(name string) ([]string, error) method; implemented concrete logic in libWrapper to retrieve link alternative names via netlink LinkAttrs; added corresponding mock method.
Helper Functions api/v1/helper.go	Added NameOrAltNameMatchesPfNames() to check if name or altNames match a list; added ResolveInterfaceName() to resolve interface names from optional alternate names in node state.
SR-IOV Discovery pkg/host/internal/sriov/sriov.go	Integrated GetAltNames() calls during PF device discovery to populate AltNames in discovered interface records; skips device if altName retrieval fails.
Policy Controller controllers/sriovnetworknodepolicy_controller.go	Added resolvePfNames() helper to resolve interface names while preserving VF range suffixes; updated createDevicePluginResource() and updateDevicePluginResource() to use resolved, deduplicated names.
Webhook Validation pkg/webhook/validate.go	Updated validatePolicyForNodePolicy() and validatePfNames() to accept nodeState parameter; enhanced validatePfNames() to use ResolveInterfaceName() for name resolution; updated validateNicModel() to use NameOrAltNameMatchesPfNames() for interface matching.
Tests api/v1/helper_test.go, controllers/sriovnetworknodepolicy_controller_test.go, pkg/host/internal/sriov/sriov_test.go, pkg/webhook/validate_test.go	Added comprehensive test coverage for ResolveInterfaceName(), resolvePfNames(), and policy validation with alternative name matching; expanded test cases for PF name resolution, VF ranges, and edge cases.
Documentation README.md	Added sections documenting automatic discovery of altNames in SriovNetworkNodeState and policy-level support for matching interfaces by primary or alternative names, including YAML examples.

Sequence Diagram

sequenceDiagram
    participant Netlink
    participant Discovery as SR-IOV Discovery
    participant NodeState as Node State
    participant Webhook as Policy Validation
    participant Controller as Device Plugin Controller

    rect rgb(200, 220, 255)
    Note over Discovery,NodeState: Discovery & Storage Phase
    Discovery->>Netlink: GetAltNames(pf_name)
    Netlink-->>Discovery: altNames []
    Discovery->>NodeState: Store Interface + AltNames
    end

    rect rgb(220, 240, 220)
    Note over Webhook: Validation Phase
    Webhook->>NodeState: Get current node state
    Webhook->>Webhook: ResolveInterfaceName(name, nodeState)
    Webhook->>Webhook: NameOrAltNameMatchesPfNames(name, altNames, pfNames)
    end

    rect rgb(255, 240, 200)
    Note over Controller: Device Plugin Creation Phase
    Controller->>NodeState: Get interface names
    Controller->>Controller: resolvePfNames(pfNames, nodeState)
    Controller->>Controller: Preserve VF range suffixes
    Controller->>Controller: Create DevicePluginResource with resolved names
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25–35 minutes

• Review name resolution logic (NameOrAltNameMatchesPfNames, ResolveInterfaceName) for correctness and edge cases
• Verify resolvePfNames correctly handles and preserves VF range suffixes (e.g., "ens0#0-9")
• Validate nodeState parameter propagation through validation functions and ensure no existing validation paths are broken
• Check netlink GetAltNames error handling and nil-safety for link attributes
• Ensure discovery logic correctly skips devices on altName retrieval failures
• Review test coverage completeness, particularly for name resolution and matching edge cases

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 8.11% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add support for network interface alternative names' clearly summarizes the main change: introducing altnames support across the SR-IOV operator for discovering and referencing network interfaces by alternative names.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

README.md (1)

291-313: Shell snippet trips markdownlint MD014 (prompt char).

The bash example includes a leading $ prompt without showing output, which violates MD014. Consider dropping the $ so the block contains just the command:

kubectl get sriovnetworknodestate -n sriov-network-operator <node-name> -o yaml

pkg/host/internal/lib/netlink/netlink.go (1)

73-75: GetAltNames implementation is fine; consider adding targeted tests.

The new GetAltNames wrapper correctly handles errors, nil attrs, and empty AltNames. To avoid regressions and improve coverage, it would be good to add a small unit test that exercises:

• link not found (propagated error),
• link with nil/empty Attrs,
• link with non-empty AltNames.

You can mock via the generated NetlinkLib mock or by testing a caller that uses this method.

Also applies to: 198-210

api/v1/helper.go (1)

324-336: Alt-name–aware matching helpers are correct and integrate cleanly.

• NameOrAltNameMatchesPfNames and its use in SriovNetworkNicSelector.Selected correctly extend matching to AltNames while preserving existing behavior for primary names and VF ranges.
• ResolveInterfaceName provides the expected “best-effort” mapping from an altName to the canonical interface name and safely falls back when nodeState or matches are absent.

If you find more call sites that need this pattern (e.g., additional validations), consider centralizing the PF-name–without-range extraction into a small helper to avoid repeating the strings.Contains(p, "#") logic, but it’s not urgent.

Also applies to: 617-630, 1028-1049

pkg/webhook/validate_test.go (1)

1330-1580: AltName-focused tests give good coverage; minor redundancy only.

The new tests around alt-name handling (TestValidatePolicyForNodeStateWithPfNameMatchingAlternativeName, VF-range + altName, and TestValidatePolicyForNodePolicyWithAltNameConflict) thoroughly cover:

• Selection via primary vs alternative names.
• Empty vs nil vs populated AltNames.
• VF-range syntax combined with altNames.
• Cross-policy conflicts when one policy uses the primary name and another uses an altName, with and without nodeState.

This is very helpful for guarding the new behavior. The only nit is that TestValidatePolicyForNodeStateWithPfNameMatchingInterfaceName largely duplicates the earlier “valid PfName” test; you could merge them in the future to reduce duplication, but it’s not blocking.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d34e85b and e779285.

📒 Files selected for processing (15)

• README.md (2 hunks)
• api/v1/helper.go (3 hunks)
• api/v1/helper_test.go (1 hunks)
• api/v1/sriovnetworknodestate_types.go (1 hunks)
• api/v1/zz_generated.deepcopy.go (1 hunks)
• config/crd/bases/sriovnetwork.openshift.io_sriovnetworknodestates.yaml (1 hunks)
• controllers/sriovnetworknodepolicy_controller.go (3 hunks)
• controllers/sriovnetworknodepolicy_controller_test.go (1 hunks)
• deployment/sriov-network-operator-chart/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml (1 hunks)
• pkg/host/internal/lib/netlink/mock/mock_netlink.go (1 hunks)
• pkg/host/internal/lib/netlink/netlink.go (2 hunks)
• pkg/host/internal/sriov/sriov.go (2 hunks)
• pkg/host/internal/sriov/sriov_test.go (2 hunks)
• pkg/webhook/validate.go (5 hunks)
• pkg/webhook/validate_test.go (9 hunks)

🧰 Additional context used

🧬 Code graph analysis (5)

api/v1/helper.go (1)

api/v1/sriovnetworknodestate_types.go (2)

• SriovNetworkNodeState (142-148)
• Interfaces (33-33)

controllers/sriovnetworknodepolicy_controller_test.go (1)

api/v1/sriovnetworknodestate_types.go (4)

• SriovNetworkNodeState (142-148)
• SriovNetworkNodeStateStatus (126-132)
• Interfaces (33-33)
• InterfaceExt (56-74)

pkg/webhook/validate.go (3)

api/v1/sriovnetworknodestate_types.go (1)

• SriovNetworkNodeState (142-148)

api/v1/sriovnetworknodepolicy_types.go (1)

• SriovNetworkNodePolicy (145-151)

api/v1/helper.go (2)

• ResolveInterfaceName (1031-1050)
• NameOrAltNameMatchesPfNames (326-336)

pkg/webhook/validate_test.go (2)

api/v1/sriovnetworknodepolicy_types.go (3)

• SriovNetworkNodePolicy (145-151)
• SriovNetworkNodePolicySpec (27-68)
• SriovNetworkNicSelector (70-81)

api/v1/sriovnetworknodestate_types.go (4)

• Interfaces (33-33)
• SriovNetworkNodeState (142-148)
• SriovNetworkNodeStateStatus (126-132)
• InterfaceExt (56-74)

controllers/sriovnetworknodepolicy_controller.go (2)

api/v1/sriovnetworknodestate_types.go (1)

• SriovNetworkNodeState (142-148)

api/v1/helper.go (2)

• ResolveInterfaceName (1031-1050)
• UniqueAppend (351-358)

🪛 markdownlint-cli2 (0.18.1)

README.md

296-296: Dollar signs used before commands without showing output

(MD014, commands-show-output)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: test
• GitHub Check: build
• GitHub Check: test-coverage
• GitHub Check: Golangci-lint
• GitHub Check: Analyze (go)

🔇 Additional comments (14)

api/v1/zz_generated.deepcopy.go (1)

120-124: LGTM! DeepCopy implementation follows the correct pattern.

The AltNames deep copy logic correctly mirrors the existing VFs handling, with proper nil checks and slice allocation.

deployment/sriov-network-operator-chart/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml (1)

331-334: LGTM! CRD schema correctly defines altNames.

The altNames field is properly defined as an array of strings under the interface properties.

config/crd/bases/sriovnetwork.openshift.io_sriovnetworknodestates.yaml (1)

331-334: LGTM! CRD schema matches deployment chart.

The altNames definition is consistent across both CRD locations.

pkg/host/internal/sriov/sriov.go (2)

286-286: AltNames correctly included in InterfaceExt.

The AltNames field is properly populated in the InterfaceExt structure, assuming the discovery succeeds.

---

263-267: Verify error handling strategy for GetAltNames.

Skipping the entire device when GetAltNames fails seems overly strict for a new, potentially optional feature. If the system doesn't support alternative names or encounters a transient error, valid SR-IOV devices would be excluded from discovery.

Consider one of these approaches:

1. Log the error but continue with empty AltNames: altNames = []string{}
2. Only skip if the error indicates a critical issue (not just "feature not supported")

This ensures backward compatibility and graceful degradation on systems without alternative name support.

api/v1/sriovnetworknodestate_types.go (1)

73-73: LGTM! AltNames field properly defined.

The field is correctly added with appropriate JSON tags for backward compatibility.

pkg/host/internal/sriov/sriov_test.go (1)

78-78: LGTM! Test correctly validates AltNames discovery.

The mock setup and assertion properly verify that AltNames are retrieved and stored in the InterfaceExt structure.

Also applies to: 135-135

api/v1/helper_test.go (1)

1536-1647: LGTM! Comprehensive test coverage for ResolveInterfaceName.

The test suite thoroughly covers all scenarios including:

• Nil and empty states
• Primary and alternative name matching
• Multiple interfaces with different AltNames
• Edge cases with empty AltNames

pkg/host/internal/lib/netlink/mock/mock_netlink.go (1)

155-168: LGTM! Mock implementation follows standard gomock pattern.

The auto-generated mock correctly implements the GetAltNames method with proper controller integration.

controllers/sriovnetworknodepolicy_controller_test.go (1)

50-148: resolvePfNames test matrix looks solid.

The table-driven TestResolvePfNames covers empty input, nil nodeState, direct name hits, alt-name resolution, mixed names, “not found” passthrough, and VF-range preservation. This gives good confidence in the helper’s behavior.

controllers/sriovnetworknodepolicy_controller.go (1)

543-567: PF-name resolution logic is correct and VF-range–safe.

resolvePfNames + the changes in createDevicePluginResource/updateDevicePluginResource do the right thing:

• Strip any #range, resolve via ResolveInterfaceName, then re-attach the original suffix.
• Handle nil or interface-missing nodeState by returning the original names.
• Feed resolved names through UniqueAppend, avoiding duplicate entries in the device-plugin selectors.

This should let users write policies using altnames while still emitting canonical PF names to the device plugin.

Also applies to: 596-599, 665-668

pkg/webhook/validate_test.go (1)

441-443: validatePolicyForNodePolicy signature updates are consistent.

All existing tests now pass nil as the new nodeState parameter, preserving the previous behavior for those scenarios while allowing newer tests to opt into state-aware validation. This keeps backward-compat coverage intact.

Also applies to: 467-469, 614-616, 640-642, 661-665, 688-692, 736-740

pkg/webhook/validate.go (2)

285-308: State-aware PF-name conflict detection is correctly wired.

• validatePolicyForNodeStateAndPolicy now passes the node’s SriovNetworkNodeState into validatePolicyForNodePolicy, and that flows into validatePfNames.
• validatePfNames resolves both current and previous PF names through ResolveInterfaceName when nodeState is non-nil, so policies using different names (primary vs altName) for the same PF are treated as conflicting, including VF-range overlaps.
• The nil checks around nodeState keep behavior unchanged when node state is missing.

This matches the new tests and gives the expected stricter conflict detection when node state is available.

Also applies to: 360-420

---

456-478: NIC selection now properly considers AltNames.

The change in validateNicModel to use NameOrAltNameMatchesPfNames(iface.Name, iface.AltNames, pfNames) means:

• PF selection works when policies specify either the primary interface name or any of its alternative names.
• The updated error message (“(and alternative names) not found…”) more accurately reflects what’s being checked.

This keeps NIC model validation aligned with the selector logic in api/v1 and the controller.