Merge pull request #1194 from MaxRink/validate-ipaddr-a3

k8s-ci-robot · web-flow · commit 2db68bd6dc73 · 2021-06-07T09:28:19.000-07:00
add checks for network validation on update in vSphereMachine #1192 of a3
diff --git a/api/v1alpha3/vspheremachine_webhook.go b/api/v1alpha3/vspheremachine_webhook.go
@@ -83,6 +83,16 @@ func (r *VSphereMachine) ValidateUpdate(old runtime.Object) error {
 	delete(oldVSphereMachineNetwork, "devices")
 	delete(newVSphereMachineNetwork, "devices")
 
+	// validate that IPAddrs in updaterequest are valid
+	spec := r.Spec
+	for i, device := range spec.Network.Devices {
+		for j, ip := range device.IPAddrs {
+			if _, _, err := net.ParseCIDR(ip); err != nil {
+				allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "network", fmt.Sprintf("devices[%d]", i), fmt.Sprintf("ipAddrs[%d]", j)), ip, "ip addresses should be in the CIDR format"))
+			}
+		}
+	}
+
 	if !reflect.DeepEqual(oldVSphereMachineSpec, newVSphereMachineSpec) {
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "cannot be modified"))
 	}
diff --git a/api/v1alpha3/vspheremachine_webhook_test.go b/api/v1alpha3/vspheremachine_webhook_test.go
@@ -45,6 +45,11 @@ func TestVSphereMachine_ValidateCreate(t *testing.T) {
 			vsphereMachine: createVSphereMachine("foo.com", nil, "", []string{"192.168.0.1/32", "192.168.0.3"}),
 			wantErr:        true,
 		},
+		{
+			name:           "IPs are not valid IPs in CIDR format",
+			vsphereMachine: createVSphereMachine("foo.com", nil, "", []string{"<nil>/32", "192.168.0.644/33"}),
+			wantErr:        true,
+		},
 		{
 			name:           "successful VSphereMachine creation",
 			vsphereMachine: createVSphereMachine("foo.com", nil, "", []string{"192.168.0.1/32", "192.168.0.3/32"}),
@@ -86,6 +91,18 @@ func TestVSphereMachine_ValidateUpdate(t *testing.T) {
 			vsphereMachine:    createVSphereMachine("foo.com", &someProviderID, "", []string{"192.168.0.1/32", "192.168.0.10/32"}),
 			wantErr:           false,
 		},
+		{
+			name:              "updating non-existing IP with invalid ips can not be done",
+			oldVSphereMachine: createVSphereMachine("foo.com", nil, "", nil),
+			vsphereMachine:    createVSphereMachine("foo.com", &someProviderID, "", []string{"<nil>/32", "192.168.0.10/33"}),
+			wantErr:           true,
+		},
+		{
+			name:              "updating existing IP with invalid ips can not be done",
+			oldVSphereMachine: createVSphereMachine("foo.com", nil, "", []string{"192.168.0.1/32"}),
+			vsphereMachine:    createVSphereMachine("foo.com", &someProviderID, "", []string{"<nil>/32", "192.168.0.10/33"}),
+			wantErr:           true,
+		},
 		{
 			name:              "updating server cannot be done",
 			oldVSphereMachine: createVSphereMachine("foo.com", nil, "", []string{"192.168.0.1/32"}),
