Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make CIDR validation consistent #123174

Merged
merged 3 commits into from Feb 16, 2024
Merged

Make CIDR validation consistent #123174

merged 3 commits into from Feb 16, 2024

Conversation

danwinship
Copy link
Contributor

What type of PR is this?

/kind cleanup
/sig network
/sig api-machinery

What this PR does / why we need it:

Followup to #122931, another subset of #122550.

This cleans up validation of CIDRs, moving the validation function from pkg/apis/core/validation to k8s.io/apimachinery/pkg/util/validation, and then rewriting the LoadBalancerSourceRanges validation to use it, rather than using a random function with crazy semantics. (Of course, we have to preserve the crazy semantics for backward-compatibility, but now they're explicit in pkg/apis/core/validation rather than being hidden in the helper function.)

As with #122931, this does not change any validation results, it just paves the way for making CIDR validation more strict later.

Does this PR introduce a user-facing change?

NONE

@danwinship
Add validation.IsValidCIDR
7a56b6e 
Move apivalidation.ValidateCIDR to apimachinery, and rename it and
change its return value to match the other functions.

Also, add unit tests.

(Also, while updating NetworkPolicy validation for the API change, fix
a variable name that implied that IPBlock.Except[] is IP-valued rather
than CIDR-valued.)
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Feb 7, 2024
@k8s-ci-robot k8s-ci-robot added the sig/apps Categorizes an issue or PR as relevant to SIG Apps. label Feb 7, 2024
@seans3
Copy link
Contributor

seans3 commented Feb 8, 2024

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 8, 2024
@danwinship
Update service.Spec.LoadBalancerSourceRanges validation tests
d930215 
In preparation for rewriting LoadBalancerSourceRanges validation,
add/update the existing unit tests to cover some of the more exciting
edge cases of the existing validation code:

  - The values in service.Spec.LoadBalancerSourceRanges are allowed to
    have arbitrary whitespace around them.

  - The annotation must be unset for non-LoadBalancer services, but
    for LoadBalancer services, "set but empty" and "whitespace-only"
    are treated the same as "unset".

  - The annotation value is only validated if the field is not set.

Also fix some of the existing tests to be more precise about what they
are testing.

Also fix the CIDR values to actually be valid. Sigh.
@danwinship
Do service.spec.LoadBalancerSourceRanges validation inline
593b1c6 
Inline the LoadBalancerSourceRanges parsing to make it more obvious
what it's requiring (and more importantly, *not* requiring), and
change it to use IsValidCIDR as well.
@k8s-ci-robot k8s-ci-robot added the kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API label Feb 9, 2024
@k8s-triage-robot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@tnqn
Copy link
Member

tnqn commented Feb 10, 2024

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 10, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 463208e40547983e42024f624e51912d9f0a3543

aojea
aojea reviewed Feb 14, 2024
View reviewed changes
staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go
in: "2001:DB8::/64",
},

// BAD VALUES WE CURRENTLY CONSIDER GOOD
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:)

@aojea
Copy link
Member

aojea commented Feb 14, 2024

/lgtm
/approve
/assign @thockin @liggitt

@thockin
Copy link
Member

thockin commented Feb 16, 2024

Epic!

/lgtm
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea, danwinship, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 16, 2024
@k8s-ci-robot k8s-ci-robot merged commit 91ee300 into kubernetes:master Feb 16, 2024
17 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.30 milestone Feb 16, 2024
@danwinship danwinship deleted the cidr-validation-cleanup branch February 16, 2024 14:08
@danwinship danwinship mentioned this pull request Feb 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnqn tnqn tnqn left review comments

@aojea aojea aojea left review comments

@caseydavenport caseydavenport Awaiting requested review from caseydavenport

@liggitt liggitt Awaiting requested review from liggitt

Assignees

@liggitt liggitt

@tnqn tnqn

@thockin thockin

@aojea aojea

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/network Categorizes an issue or PR as relevant to SIG Network. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Apps
Archived in project
Milestone
v1.30
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@danwinship @seans3 @k8s-triage-robot @tnqn @k8s-ci-robot @aojea @thockin @liggitt