gardener
diff --git a/‎docs/operations/operations.md‎
Lines changed: 117 additions & 17 deletions b/‎docs/operations/operations.md‎
Lines changed: 117 additions & 17 deletions
diff --git a/‎pkg/admission/mutator/namespacedcloudprofile.go‎
Lines changed: 18 additions & 7 deletions b/‎pkg/admission/mutator/namespacedcloudprofile.go‎
Lines changed: 18 additions & 7 deletions
diff --git a/‎pkg/admission/mutator/namespacedcloudprofile_test.go‎
Lines changed: 8 additions & 8 deletions b/‎pkg/admission/mutator/namespacedcloudprofile_test.go‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎pkg/admission/validator/namespacedcloudprofile.go‎
Lines changed: 9 additions & 3 deletions b/‎pkg/admission/validator/namespacedcloudprofile.go‎
Lines changed: 9 additions & 3 deletions
diff --git a/‎pkg/admission/validator/namespacedcloudprofile_test.go‎
Lines changed: 40 additions & 0 deletions b/‎pkg/admission/validator/namespacedcloudprofile_test.go‎
Lines changed: 40 additions & 0 deletions
@@ -13,29 +13,128 @@ In this section we are describing how the configuration for `CloudProfile`s look
 ### `CloudProfileConfig`
 
 The cloud profile configuration contains information about the real machine image IDs in the AWS environment (AMIs).
+With the introduction of `spec.machineCapabilities` in Gardener *v1.131.0* you have to map every `capabilityFlavor` in `.spec.machineImages[].versions` here such that the AWS extension knows the AMI for every flavor you want to offer.
+
+If the `spec.machineCapabilities` field is not used in the `CloudProfile`, the legacy `architectures` field in `.spec.machineImages[].versions` is used.
 You have to map every version that you specify in `.spec.machineImages[].versions` here such that the AWS extension knows the AMI for every version you want to offer.
 For each AMI an `architecture` field can be specified which specifies the CPU architecture of the machine on which given machine image can be used.
 
 An example `CloudProfileConfig` for the AWS extension looks as follows:
 
 ```yaml
+## With `spec.machineCapabilities` in `CloudProfile`
+apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1
+kind: CloudProfileConfig
+machineImages:
+  - name: coreos
+    versions:
+      - version: 2135.6.0
+        capabilityFlavors:
+          - capabilities:
+              architecture: [amd64]
+            # otherCapability: [otherValue, ...] # optional
+            regions:
+              - name: eu-central-1
+                ami: ami-034fd8c3f4026eb39
+          - capabilities:
+              architecture: [arm64]
+            # otherCapability: [otherValue, ...] # optional
+            regions:
+              - name: eu-central-1
+                ami: ami-034fd8c3f4026eb38
+
+---
+## Without `spec.machineCapabilities` in `CloudProfile`
 apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1
 kind: CloudProfileConfig
 machineImages:
-- name: coreos
-  versions:
-  - version: 2135.6.0
-    regions:
-    - name: eu-central-1
-      ami: ami-034fd8c3f4026eb39
-      # architecture: amd64 # optional
+  - name: coreos
+    versions:
+      - version: 2135.6.0
+        regions:
+          - name: eu-central-1
+            ami: ami-034fd8c3f4026eb39
+            # architecture: amd64 # optional
 ```
 
 ### Example `CloudProfile` manifest
 
 Please find below an example `CloudProfile` manifest:
 
 ```yaml
+# With `spec.machineCapabilities`in ``CloudProfile`
+apiVersion: core.gardener.cloud/v1beta1
+kind: CloudProfile
+metadata:
+  name: aws
+spec:
+  machineCapabilities:
+  - name: architecture
+    values: [ amd64, arm64 ]
+#  - name: otherCapability
+#    values:
+#    - otherValue
+#    - anotherValue
+#    - yetAnotherValue
+  type: aws
+  kubernetes:
+    versions:
+    - version: 1.32.1
+    - version: 1.31.4
+      expirationDate: "2022-10-31T23:59:59Z"
+  machineImages:
+  - name: coreos
+    versions:
+    - version: 2135.6.0
+      capabilityFlavors:
+      - architecture: [amd64]
+      # otherCapability: [otherValue, ...] 
+      - architecture: [arm64]
+      # otherCapability: [otherValue, ...]
+  machineTypes:
+  - name: m5.large
+    cpu: "2"
+    gpu: "0"
+    memory: 8Gi
+    usable: true
+    capabilities:
+      architecture: [amd64]
+      # otherCapability: [otherValue, ...]
+  volumeTypes:
+  - name: gp2
+    class: standard
+    usable: true
+  - name: io1
+    class: premium
+    usable: true
+  regions:
+  - name: eu-central-1
+    zones:
+    - name: eu-central-1a
+    - name: eu-central-1b
+    - name: eu-central-1c
+  providerConfig:
+    apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1
+    kind: CloudProfileConfig
+    machineImages:
+    - name: coreos
+      versions:
+      - version: 2135.6.0
+        capabilityFlavors:
+        - capabilities:
+            architecture: [amd64]
+          # otherCapability: [otherValue, ...] # optional
+          regions:
+          - name: eu-central-1
+            ami: ami-034fd8c3f4026eb39
+        - capabilities:
+            architecture: [arm64]
+          # otherCapability: [otherValue, ...] # optional
+          regions:
+          - name: eu-central-1
+            ami: ami-034fd8c3f4026eb38
+
+# Without `spec.machineCapabilities` in `CloudProfile`
 apiVersion: core.gardener.cloud/v1beta1
 kind: CloudProfile
 metadata:
@@ -81,6 +180,7 @@ spec:
         - name: eu-central-1
           ami: ami-034fd8c3f4026eb39
           # architecture: amd64 # optional
+
 ```
 
 ## `Seed` resource
@@ -201,16 +301,16 @@ Please make sure that the provided credentials have the correct privileges. You
   <summary>Click to expand the AWS IAM policy document!</summary>
 
   ```json
-  {
-    "Version": "2012-10-17",
-    "Statement": [
-      {
-        "Effect": "Allow",
-        "Action": "s3:*",
-        "Resource": "*"
-      }
-    ]
-  }
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": "s3:*",
+      "Resource": "*"
+    }
+  ]
+}
   ```
 
 </details>
 
@@ -19,6 +19,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 
+	"github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/helper"
 	"github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1"
 )
 
@@ -42,9 +43,7 @@ func (p *namespacedCloudProfile) Mutate(_ context.Context, newObj, _ client.Obje
 		return fmt.Errorf("wrong object type %T", newObj)
 	}
 
-	// Ignore NamespacedCloudProfiles being deleted and wait for core mutator to patch the status.
-	if profile.DeletionTimestamp != nil || profile.Generation != profile.Status.ObservedGeneration ||
-		profile.Spec.ProviderConfig == nil || profile.Status.CloudProfileSpec.ProviderConfig == nil {
+	if shouldSkipMutation(profile) {
 		return nil
 	}
 
@@ -57,14 +56,26 @@ func (p *namespacedCloudProfile) Mutate(_ context.Context, newObj, _ client.Obje
 		return fmt.Errorf("could not decode providerConfig of namespacedCloudProfile status for '%s': %w", profile.Name, err)
 	}
 
-	statusConfig.MachineImages = mergeMachineImages(specConfig.MachineImages, statusConfig.MachineImages)
+	// TODO(Roncossek): Remove TransformProviderConfigToParentFormat once all CloudProfiles have been migrated to use CapabilityFlavors and the Architecture fields are effectively forbidden or have been removed.
+	uniformSpecConfig := helper.TransformProviderConfigToParentFormat(specConfig, profile.Status.CloudProfileSpec.MachineCapabilities)
+	statusConfig.MachineImages = mergeMachineImages(uniformSpecConfig.MachineImages, statusConfig.MachineImages)
 
-	modifiedStatusConfig, err := json.Marshal(statusConfig)
+	return p.updateProfileStatus(profile, statusConfig)
+}
+
+func shouldSkipMutation(profile *gardencorev1beta1.NamespacedCloudProfile) bool {
+	return profile.DeletionTimestamp != nil ||
+		profile.Generation != profile.Status.ObservedGeneration ||
+		profile.Spec.ProviderConfig == nil ||
+		profile.Status.CloudProfileSpec.ProviderConfig == nil
+}
+
+func (p *namespacedCloudProfile) updateProfileStatus(profile *gardencorev1beta1.NamespacedCloudProfile, config *v1alpha1.CloudProfileConfig) error {
+	modifiedStatusConfig, err := json.Marshal(config)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to marshal status config: %w", err)
 	}
 	profile.Status.CloudProfileSpec.ProviderConfig.Raw = modifiedStatusConfig
-
 	return nil
 }
 
 
@@ -88,7 +88,7 @@ var _ = Describe("NamespacedCloudProfile Mutator", func() {
 "apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1",
 "kind":"CloudProfileConfig",
 "machineImages":[
-  {"name":"image-1","versions":[{"version":"1.1","regions":[{"name":"eu2","ami":"ami-124","architecture":"armhf"}]}]},
+  {"name":"image-1","versions":[{"version":"1.1","regions":[{"name":"eu2","ami":"ami-124","architecture":"arm64"}]}]},
   {"name":"image-2","versions":[{"version":"2.0","regions":[{"name":"eu3","ami":"ami-125"}]}]}
 ]}`)}
 
@@ -101,7 +101,7 @@ var _ = Describe("NamespacedCloudProfile Mutator", func() {
 						"Name": Equal("image-1"),
 						"Versions": ContainElements(
 							api.MachineImageVersion{Version: "1.0", Regions: []api.RegionAMIMapping{{Name: "eu1", AMI: "ami-123", Architecture: ptr.To("amd64")}}},
-							api.MachineImageVersion{Version: "1.1", Regions: []api.RegionAMIMapping{{Name: "eu2", AMI: "ami-124", Architecture: ptr.To("armhf")}}},
+							api.MachineImageVersion{Version: "1.1", Regions: []api.RegionAMIMapping{{Name: "eu2", AMI: "ami-124", Architecture: ptr.To("arm64")}}},
 						),
 					}),
 					MatchFields(IgnoreExtras, Fields{
@@ -113,7 +113,7 @@ var _ = Describe("NamespacedCloudProfile Mutator", func() {
 			It("should correctly merge extended machineImages using capabilities ", func() {
 				namespacedCloudProfile.Status.CloudProfileSpec.MachineCapabilities = []v1beta1.CapabilityDefinition{{
 					Name:   "architecture",
-					Values: []string{"amd64", "armhf"},
+					Values: []string{"amd64", "arm64"},
 				}}
 				namespacedCloudProfile.Status.CloudProfileSpec.ProviderConfig = &runtime.RawExtension{Raw: []byte(`{
 "apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1",
@@ -128,7 +128,7 @@ var _ = Describe("NamespacedCloudProfile Mutator", func() {
 "kind":"CloudProfileConfig",
 "machineImages":[
   {"name":"image-1","versions":[{"version":"1.1","capabilityFlavors":[
-{"capabilities":{"architecture":["armhf"]},"regions":[{"name":"eu2","ami":"ami-124"}]}
+{"capabilities":{"architecture":["arm64"]},"regions":[{"name":"eu2","ami":"ami-124"}]}
 ]}]},
   {"name":"image-2","versions":[{"version":"2.0","capabilityFlavors":[
 {"capabilities":{"architecture":["amd64"]},"regions":[{"name":"eu3","ami":"ami-125"}]}
@@ -146,13 +146,13 @@ var _ = Describe("NamespacedCloudProfile Mutator", func() {
 							api.MachineImageVersion{Version: "1.0",
 								CapabilityFlavors: []api.MachineImageFlavor{{
 									Capabilities: v1beta1.Capabilities{"architecture": []string{"amd64"}},
-									Regions:      []api.RegionAMIMapping{{Name: "eu1", AMI: "ami-123", Architecture: ptr.To("ignore")}},
+									Regions:      []api.RegionAMIMapping{{Name: "eu1", AMI: "ami-123"}},
 								}},
 							},
 							api.MachineImageVersion{Version: "1.1",
 								CapabilityFlavors: []api.MachineImageFlavor{{
-									Capabilities: v1beta1.Capabilities{"architecture": []string{"armhf"}},
-									Regions:      []api.RegionAMIMapping{{Name: "eu2", AMI: "ami-124", Architecture: ptr.To("ignore")}},
+									Capabilities: v1beta1.Capabilities{"architecture": []string{"arm64"}},
+									Regions:      []api.RegionAMIMapping{{Name: "eu2", AMI: "ami-124"}},
 								}},
 							},
 						),
@@ -163,7 +163,7 @@ var _ = Describe("NamespacedCloudProfile Mutator", func() {
 							api.MachineImageVersion{Version: "2.0",
 								CapabilityFlavors: []api.MachineImageFlavor{{
 									Capabilities: v1beta1.Capabilities{"architecture": []string{"amd64"}},
-									Regions:      []api.RegionAMIMapping{{Name: "eu3", AMI: "ami-125", Architecture: ptr.To("ignore")}},
+									Regions:      []api.RegionAMIMapping{{Name: "eu3", AMI: "ami-125"}},
 								}},
 							}),
 					}),
 
@@ -13,7 +13,7 @@ import (
 	gardencoreapi "github.com/gardener/gardener/pkg/api"
 	"github.com/gardener/gardener/pkg/apis/core"
 	gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
-	"github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
+	v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
 	gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper"
 	gutil "github.com/gardener/gardener/pkg/utils/gardener"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -24,6 +24,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 
 	api "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws"
+	"github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/helper"
 	"github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/validation"
 )
 
@@ -61,14 +62,19 @@ func (p *namespacedCloudProfile) Validate(ctx context.Context, newObj, _ client.
 	}
 
 	parentCloudProfile := cloudProfile.Spec.Parent
-	if parentCloudProfile.Kind != constants.CloudProfileReferenceKindCloudProfile {
+	if parentCloudProfile.Kind != v1beta1constants.CloudProfileReferenceKindCloudProfile {
 		return fmt.Errorf("parent reference must be of kind CloudProfile (unsupported kind: %s)", parentCloudProfile.Kind)
 	}
 	parentProfile := &gardencorev1beta1.CloudProfile{}
 	if err := p.client.Get(ctx, client.ObjectKey{Name: parentCloudProfile.Name}, parentProfile); err != nil {
 		return err
 	}
 
+	// TODO(Roncossek): Remove TransformSpecToParentFormat once all CloudProfiles have been migrated to use CapabilityFlavors and the Architecture fields are effectively forbidden or have been removed.
+	if err := helper.SimulateTransformToParentFormat(cloudProfileConfig, cloudProfile, parentProfile.Spec.MachineCapabilities); err != nil {
+		return err
+	}
+
 	return p.validateMachineImages(cloudProfileConfig, cloudProfile.Spec.MachineImages, parentProfile.Spec).ToAggregate()
 }
 
@@ -219,7 +225,7 @@ func validateMachineImageArchitectures(machineImage core.MachineImage, version c
 	regionsArchitectureMap := map[string][]string{}
 
 	for _, regionMapping := range providerImageVersion.Regions {
-		providerConfigArchitecture := ptr.Deref(regionMapping.Architecture, constants.ArchitectureAMD64)
+		providerConfigArchitecture := ptr.Deref(regionMapping.Architecture, v1beta1constants.ArchitectureAMD64)
 		if !slices.Contains(version.Architectures, providerConfigArchitecture) {
 			allErrs = append(allErrs, field.Forbidden(
 				field.NewPath("spec.providerConfig.machineImages"),
 
@@ -342,6 +342,46 @@ var _ = DescribeTableSubtree("NamespacedCloudProfile Validator", func(isCapabili
 				"Detail": Equal("machine image image-3 is not defined in the NamespacedCloudProfile providerConfig"),
 			}))))
 		})
+
+		It("should succeed if parent and NamespacedCloudProfile use different format regarding architecture and capabilities", func() {
+			// parent cloudprofile uses regions only & namespaced cloudprofile uses capabilities
+			amiMappings := `"regions":[{"name":"eu1","ami":"ami-123"}]`
+			namespacedAmiMappings := `{"name":"image-1","versions":[{"version":"1.1","capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]}]},
+  {"name":"image-2","versions":[{"version":"2.0","capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]}]}`
+			if isCapabilitiesCloudProfile {
+				// parent cloudprofile uses capabilities & namespaced cloudprofile uses regions only
+				amiMappings = `"capabilityFlavors":[{"regions":[{"name":"eu1","ami":"ami-123"}]}]`
+				namespacedAmiMappings = `{"name":"image-1","versions":[{"version":"1.1","regions":[{"name":"eu1","ami":"ami-123"}]}]},
+  {"name":"image-2","versions":[{"version":"2.0","regions":[{"name":"eu1","ami":"ami-123"}]}]}`
+			}
+
+			cloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(fmt.Sprintf(`{
+"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1",
+"kind":"CloudProfileConfig",
+"machineImages":[{"name":"image-1","versions":[{"version":"1.0",%s}]}]
+}`, amiMappings))}
+			namespacedCloudProfile.Spec.ProviderConfig = &runtime.RawExtension{Raw: []byte(fmt.Sprintf(`{
+"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1",
+"kind":"CloudProfileConfig",
+"machineImages":[%s]
+}`, namespacedAmiMappings))}
+			namespacedCloudProfile.Spec.MachineImages = []core.MachineImage{
+				{
+					Name:     "image-1",
+					Versions: []core.MachineImageVersion{{ExpirableVersion: core.ExpirableVersion{Version: "1.1"}, Architectures: []string{"amd64"}}},
+				},
+				{
+					Name:     "image-2",
+					Versions: []core.MachineImageVersion{{ExpirableVersion: core.ExpirableVersion{Version: "2.0"}, Architectures: []string{"amd64"}}},
+				},
+			}
+			namespacedCloudProfile.Spec.MachineTypes = []core.MachineType{
+				{Name: "type-2"},
+			}
+			Expect(fakeClient.Create(ctx, cloudProfile)).To(Succeed())
+
+			Expect(namespacedCloudProfileValidator.Validate(ctx, namespacedCloudProfile, nil)).To(Succeed())
+		})
 	})
 },
 	Entry("CloudProfile uses regions only", false),