Rename SriovResourceFilter to SriovResourcePolicy

[rollandf]

Changes API naming to better reflect the opt-in policy-based approach
where devices are only advertised when explicitly defined in a policy.

• Rename API types and CRD
• Update controller: resourcefiltercontroller.go → resourcepolicycontroller.go
• Update RBAC, demo examples, and tests
• Update documentation with opt-in model terminology

Part of #23

[gemini-code-assist]

Summary of Changes

Hello @rollandf, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a fundamental shift in how SR-IOV devices are exposed within Kubernetes by transitioning from an implicit advertisement model to an explicit opt-in policy-based approach. This change enhances security, improves resource management by preventing the advertisement of unintended devices, and aligns the driver's operational model with the SR-IOV Network Operator ecosystem. The core SriovResourceFilter API has been renamed to SriovResourcePolicy to accurately reflect its role in defining which devices are advertised, necessitating comprehensive updates across the codebase, including the controller, RBAC, examples, and documentation.

Highlights

• API Renaming: The core API resource SriovResourceFilter has been renamed to SriovResourcePolicy to better reflect its purpose of defining policies for device advertisement rather than just filtering. This change impacts CRD definitions, API types, and all related code references.
• Opt-In Device Advertisement Model: The driver's behavior has shifted from advertising all discovered SR-IOV devices by default to an explicit opt-in model. Devices are now only advertised as Kubernetes resources if they explicitly match a defined SriovResourcePolicy.
• Controller and Documentation Updates: The Kubernetes controller, RBAC rules, demo examples, and all relevant documentation have been updated to align with the new SriovResourcePolicy naming and the opt-in advertisement model. A new design document detailing this change has also been added.
• Periodic Sync Mechanism: A periodic synchronization mechanism has been introduced in the driver to detect hardware changes (e.g., hotplug, removal) and out-of-band modifications, ensuring that the advertised ResourceSlices remain consistent with the current device state and applied policies.

Changelog

• README.md
  • Updated feature descriptions to reflect opt-in device advertisement and SriovResourcePolicy.
  • Changed references from 'resource filtering' to 'resource policies' and 'node-targeted filtering' to 'node-targeted policies'.
  • Updated the Helm chart configuration section to reference SriovResourcePolicy resources.
• cmd/dra-driver-sriov/main.go
  • Updated the usage string for the namespace CLI flag to refer to SriovResourcePolicy.
  • Modified the cache configuration to watch for SriovResourcePolicy objects instead of SriovResourceFilter.
  • Updated the controller initialization to use NewSriovResourcePolicyReconciler.
• demo/resource-filtering/README.md
  • Renamed the demo from 'Resource Filtering Demo' to 'Resource Policy Demo'.
  • Updated all mentions of SriovResourceFilter to SriovResourcePolicy and clarified the opt-in advertisement model.
• demo/resource-filtering/resource-filter.yaml
  • Renamed the kind from SriovResourceFilter to SriovResourcePolicy.
  • Updated the name from example-resource-filter to example-resource-policy.
• deployments/helm/dra-driver-sriov/templates/clusterrole.yaml
  • Updated RBAC rules to grant permissions for sriovresourcepolicies instead of sriovresourcefilters.
• deployments/helm/dra-driver-sriov/templates/sriovnetwork.k8snetworkplumbingwg.io_sriovresourcefilters.yaml
  • Renamed the file to sriovnetwork.k8snetworkplumbingwg.io_sriovresourcepolicies.yaml.
  • Updated the CRD definition to reflect the SriovResourcePolicy kind, listKind, plural, and singular names.
  • Modified the CRD description to define SriovResourcePolicy as a policy for advertising SR-IOV devices.
• docs/design/opt-in-device-advertisement.md
  • Added a new design document outlining the rationale, goals, and implementation details for the opt-in device advertisement model via SriovResourcePolicy.
• pkg/api/sriovdra/v1alpha1/api.go
  • Renamed SriovResourceFilter struct to SriovResourcePolicy.
  • Renamed SriovResourceFilterSpec struct to SriovResourcePolicySpec.
  • Renamed SriovResourceFilterList struct to SriovResourcePolicyList.
  • Updated descriptions for the renamed API types to reflect their new policy-based purpose.
• pkg/api/sriovdra/v1alpha1/zz_generated.deepcopy.go
  • Updated generated deepcopy functions to use the new SriovResourcePolicy type names.
  • Removed outdated copyright header comments.
• pkg/api/virtualfunction/v1alpha1/zz_generated.deepcopy.go
  • Removed outdated copyright header comments.
• pkg/controller/controller_test.go
  • Updated the test suite to use SriovResourcePolicyReconciler and the new CRD path.
  • Modified test descriptions and variable names to reflect SriovResourcePolicy.
• pkg/controller/resourcefiltercontroller.go
  • Renamed the file to pkg/controller/resourcepolicycontroller.go.
  • Renamed SriovResourceFilterReconciler to SriovResourcePolicyReconciler and updated all internal references.
  • Adjusted reconciliation logic to apply resource policies to devices, reflecting the opt-in model.
  • Updated logging messages to refer to 'resource policy' instead of 'resource filter'.
• pkg/controller/resourcefiltercontroller_test.go
  • Renamed the file to pkg/controller/resourcepolicycontroller_test.go.
  • Updated test suite and function names to reflect SriovResourcePolicy.

Activity

• The pull request was created by rollandf, initiating the proposed changes.
• The changes involve a significant refactoring of API naming and core logic, as detailed in the new design document.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coveralls]

Pull Request Test Coverage Report for Build 22070645004

Details

• 59 of 87 (67.82%) changed or added relevant lines in 4 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage remained the same at 43.907%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/api/sriovdra/v1alpha1/api.go	0	1	0.0%
cmd/dra-driver-sriov/main.go	0	6	0.0%
pkg/controller/resourcepolicycontroller.go	59	68	86.76%
pkg/api/sriovdra/v1alpha1/zz_generated.deepcopy.go	0	12	0.0%

Files with Coverage Reduction	New Missed Lines	%
cmd/dra-driver-sriov/main.go	1	0.0%

Totals
Change from base Build 21945906041:	0.0%
Covered Lines:	1362
Relevant Lines:	3102

---

💛 - Coveralls

[gemini-code-assist]

Code Review

This pull request primarily renames SriovResourceFilter to SriovResourcePolicy throughout the codebase to better align with the new opt-in device advertisement model. However, a security audit identified several critical issues that need immediate attention: a data race on the shared device state map that can lead to driver crashes (DoS), a logic error in the reconciler that leaves stale attributes on devices when multiple policies conflict, and an incomplete implementation of the opt-in model where the driver still advertises all devices regardless of policy matching. Additionally, some old naming conventions persist in directory and file names, there's a potential tooling version downgrade in the CRD definition, and a copyright header was removed in a generated file. Addressing these issues is crucial for the driver's stability and to meet security objectives.

[rollandf]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a significant and valuable renaming of SriovResourceFilter to SriovResourcePolicy, which more accurately reflects the opt-in nature of the device advertisement policy. The changes are comprehensive, touching API types, the controller, RBAC, documentation, and tests. The renaming has been executed consistently throughout the codebase. I've made a couple of suggestions to rename a demo directory and a file to align with these changes, which will improve overall consistency and user experience. Great work on improving the clarity of the API.

[rollandf]

/gemini review

[gemini-code-assist]

Code Review

This pull request primarily focuses on renaming SriovResourceFilter to SriovResourcePolicy across the codebase to better align with the opt-in policy model. The changes are extensive, touching documentation, API definitions, controller logic, CRDs, Helm charts, and example manifests. The renaming has been applied consistently and correctly. Additionally, the demo example for resource policies has been significantly expanded to provide a more comprehensive usage scenario.