network regex validation for powervscluster

carmal891 · Jan 26, 2025 · 8b63957 · 8b63957
1 parent 0e4a327
commit 8b63957
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 22 deletions.
diff --git a/api/v1beta2/common.go b/api/v1beta2/common.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta2
 
 import (
+	"regexp"
 	"strconv"
 
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -43,28 +44,23 @@ func validateIBMPowerVSResourceReference(res IBMPowerVSResourceReference, resTyp
 		return false, field.Invalid(field.NewPath("spec", resType), res, "Only one of "+resType+" - ID or Name may be specified")
 	}
 
-
 	return true, nil
 }
 
-// TODO need to pass the DHCP server and cluster name for the new validation logic
-
 func validateIBMPowerVSNetworkReference(res IBMPowerVSResourceReference) (bool, *field.Error) {
+	// Ensure only one of ID, Name, or RegEx is specified
 	if (res.ID != nil && res.Name != nil) || (res.ID != nil && res.RegEx != nil) || (res.Name != nil && res.RegEx != nil) {
 		return false, field.Invalid(field.NewPath("spec", "Network"), res, "Only one of Network - ID, Name or RegEx can be specified")
 	}
-
-
-	//check if res.RegEx not nil then check if it matches to the required pattern. If not return false ,error
-
-	// check if DHCP server name is present. Then validate expression to check it matches the DHCP server name
-
-	// else DHCP server name is present not present then check it matches the cluster name
-
-
 	return true, nil
 }
 
+// regexMatches validates if a given regex matches the target string
+func regexMatches(pattern, target string) bool {
+	matched, err := regexp.MatchString(pattern, target)
+	return err == nil && matched
+}
+
 func validateIBMPowerVSMemoryValues(resValue int32) bool {
 	if val := float64(resValue); val < 2 {
 		return false

diff --git a/api/v1beta2/ibmpowervscluster_webhook.go b/api/v1beta2/ibmpowervscluster_webhook.go
@@ -77,8 +77,6 @@ func (r *IBMPowerVSCluster) ValidateDelete() (admission.Warnings, error) {
 }
 
 func (r *IBMPowerVSCluster) validateIBMPowerVSCluster() (admission.Warnings, error) {
-
-
 	var allErrs field.ErrorList
 	if err := r.validateIBMPowerVSClusterNetwork(); err != nil {
 		allErrs = append(allErrs, err)
@@ -97,10 +95,44 @@ func (r *IBMPowerVSCluster) validateIBMPowerVSCluster() (admission.Warnings, err
 		r.Name, allErrs)
 }
 
+func (r *IBMPowerVSCluster) validateNetworkRegex() (bool, *field.Error) {
+	if r.Spec.Network.RegEx != nil {
+		var targetName string
+		var validationMessage string
+
+		if *r.Spec.DHCPServer.Name != "" {
+			targetName = *r.Spec.DHCPServer.Name
+			validationMessage = "The RegEx should match the DHCP server name when the DHCP server is set"
+		} else {
+			if r.GetObjectMeta().GetName() == "" {
+				return false, field.Required(
+					field.NewPath("metadata", "name"),
+					"Cluster name must be set when Network.RegEx is provided and DHCP server name is not set",
+				)
+			}
+			targetName = r.GetObjectMeta().GetName()
+			validationMessage = "The RegEx should match the cluster name when the DHCP server is not set"
+		}
+
+		if !regexMatches(*r.Spec.Network.RegEx, targetName) {
+			return false, field.Invalid(
+				field.NewPath("spec", "Network", "RegEx"),
+				r.Spec.Network.RegEx,
+				validationMessage,
+			)
+		}
+	}
+
+	return true, nil
+}
+
 func (r *IBMPowerVSCluster) validateIBMPowerVSClusterNetwork() *field.Error {
 	if res, err := validateIBMPowerVSNetworkReference(r.Spec.Network); !res {
 		return err
 	}
+	if res, err := r.validateNetworkRegex(); !res {
+		return err
+	}
 	return nil
 }
 

diff --git a/api/v1beta2/ibmpowervscluster_webhook_test.go b/api/v1beta2/ibmpowervscluster_webhook_test.go
@@ -68,6 +68,36 @@ func TestIBMPowerVSCluster_create(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "Should error network regex and dhcp server name is set but does not match dhcp server name",
+			powervsCluster: &IBMPowerVSCluster{
+				Spec: IBMPowerVSClusterSpec{
+					ServiceInstanceID: "capi-si-id",
+					Network: IBMPowerVSResourceReference{
+						RegEx: ptr.To("^capi$"),
+					},
+					DHCPServer: &DHCPServer{
+						Name: ptr.To("test"),
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "Should error if only network regex is set, dhcp server name is not set and does not match cluster name",
+			powervsCluster: &IBMPowerVSCluster{
+				Spec: IBMPowerVSClusterSpec{
+					ServiceInstanceID: "capi-si-id",
+					Network: IBMPowerVSResourceReference{
+						RegEx: ptr.To("^capi$"),
+					},
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test",
+				},
+			},
+			wantErr: true,
+		},
 	}
 
 	for _, tc := range tests {
@@ -141,6 +171,9 @@ func TestIBMPowerVSCluster_update(t *testing.T) {
 					Network: IBMPowerVSResourceReference{
 						RegEx: ptr.To("^capi-net-id$"),
 					},
+					DHCPServer: &DHCPServer{
+						Name: ptr.To("capi-net-id"),
+					},
 				},
 			},
 			newPowervsCluster: &IBMPowerVSCluster{
@@ -149,6 +182,9 @@ func TestIBMPowerVSCluster_update(t *testing.T) {
 					Network: IBMPowerVSResourceReference{
 						RegEx: ptr.To("^capi-net-id$"),
 					},
+					DHCPServer: &DHCPServer{
+						Name: ptr.To("capi-net-id"),
+					},
 				},
 			},
 			wantErr: false,
@@ -175,6 +211,58 @@ func TestIBMPowerVSCluster_update(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "Should error if network regex and dhcp server name is set but network regex does not match dhcp server name",
+			oldPowervsCluster: &IBMPowerVSCluster{
+				Spec: IBMPowerVSClusterSpec{
+					ServiceInstanceID: "capi-si-id",
+					Network: IBMPowerVSResourceReference{
+						RegEx: ptr.To("^capi$"),
+					},
+					DHCPServer: &DHCPServer{
+						Name: ptr.To("capi"),
+					},
+				},
+			},
+			newPowervsCluster: &IBMPowerVSCluster{
+				Spec: IBMPowerVSClusterSpec{
+					ServiceInstanceID: "capi-si-id",
+					Network: IBMPowerVSResourceReference{
+						RegEx: ptr.To("^capi$"),
+					},
+					DHCPServer: &DHCPServer{
+						Name: ptr.To("test"),
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "Should error if network regex is set, dhcp server name is not set and network regex does not match cluster name",
+			oldPowervsCluster: &IBMPowerVSCluster{
+				Spec: IBMPowerVSClusterSpec{
+					ServiceInstanceID: "capi-si-id",
+					Network: IBMPowerVSResourceReference{
+						RegEx: ptr.To("^capi$"),
+					},
+					DHCPServer: &DHCPServer{
+						Name: ptr.To("capi"),
+					},
+				},
+			},
+			newPowervsCluster: &IBMPowerVSCluster{
+				Spec: IBMPowerVSClusterSpec{
+					ServiceInstanceID: "capi-si-id",
+					Network: IBMPowerVSResourceReference{
+						RegEx: ptr.To("^capi$"),
+					},
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "capi",
+				},
+			},
+			wantErr: true,
+		},
 	}
 
 	for _, tc := range tests {

diff --git a/api/v1beta2/ibmpowervsmachine_webhook.go b/api/v1beta2/ibmpowervsmachine_webhook.go
@@ -26,7 +26,6 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
-	"sigs.k8s.io/cluster-api/util"
 )
 
 // log is for logging in this package.
@@ -71,11 +70,6 @@ func (r *IBMPowerVSMachine) ValidateDelete() (admission.Warnings, error) {
 }
 
 func (r *IBMPowerVSMachine) validateIBMPowerVSMachine() (admission.Warnings, error) {
-
-	//	cluster, err := util.GetClusterFromMetadata(ctx, r.Client, ibmPowerVSMachine.ObjectMeta)
-
-
-
 	var allErrs field.ErrorList
 	if err := r.validateIBMPowerVSMachineNetwork(); err != nil {
 		allErrs = append(allErrs, err)
@@ -99,11 +93,9 @@ func (r *IBMPowerVSMachine) validateIBMPowerVSMachine() (admission.Warnings, err
 }
 
 func (r *IBMPowerVSMachine) validateIBMPowerVSMachineNetwork() *field.Error {
-
 	if res, err := validateIBMPowerVSNetworkReference(r.Spec.Network); !res {
 		return err
 	}
-
 	return nil
 }