-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate fields in IPPool objects upon creation and updates #18
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. thanks.
The recent commits address invalid user inputs not only limited to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks.
If a user tries to configure the embedded DHCP server with a designated IP address, the IPPool validator will validate the input. The create/ update request will be rejected if: - The server IP is not within the defined subnet - The server IP is the same as the network IP or broadcast IP of the subnet - The server IP is the same as the router IP (if exists) - The server IP collides with any already-allocated IPs Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Adding validations against most of the fields. Also, change the way loading CRDs at controller start-up. This is because CRD manifests are now generated using controller-gen, not Wrangler codegen. The reason behind it is that, currently only controller-gen supports CRD validation using CEL. Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Merge conflict resolved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. thanks.
IMPORTANT: Please do not create a Pull Request without creating an issue first.
Problem:
Solution:
If a user tries to configure the embedded DHCP server with a designated IP address, the IPPool validator will validate the input. The create/update requests will be rejected if:
Related Issue:
harvester/harvester#5065
Test plan:
Install the vm-dhcp-controller chart with the version containing the fix
harvester-vm-dhcp-controller
add-on with the following value content and enable itCreate a VM Network (NAD) before creating any IPPool objects
Create an IPPool object with the server IP outside of the subnet (should be rejected by the webhook)
Modify the
.spec.serverIP
to the same IP as the network IP, broadcast IP, and router IP, then try to create it with the manifest (all should be rejected by the webhook)Modify the
.spec.serverIP
to a sane IP address, i.e., within the subnet, but not collide with the network IP, broadcast IP, or router IP, then create it with the manifest (this should be successful)Create a VM attaching to the VM Network, which should have the vmnetcfg object created under the hood
Check the IPPool object to see which IP address is allocated to the VM's interface (under
.status.ipv4.allocated
)Modify the
.spec.serverIP
of the IPPool object, updating it to the VM's IP (should be rejected by the webhook)