Skip to content

Commit

Permalink
Merge pull request openshift#5284 from ardaguclu/baremetal-invalid-du…
Browse files Browse the repository at this point in the history
…alstack

Bug 2009253: Add validation to check APIVIP is IPv4 in dual-stack for Bare Metal
  • Loading branch information
openshift-merge-robot authored Oct 21, 2021
2 parents 6bab2c0 + 32f0530 commit c653122
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 0 deletions.
17 changes: 17 additions & 0 deletions pkg/types/validation/installconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,23 @@ func validateNetworkingIPVersion(n *types.Networking, p *types.Platform) field.E
case p.Azure != nil && experimentalDualStackEnabled:
logrus.Warnf("Using experimental Azure dual-stack support")
case p.BareMetal != nil:
apiVIPIPFamily := corev1.IPv6Protocol
if net.ParseIP(p.BareMetal.APIVIP).To4() != nil {
apiVIPIPFamily = corev1.IPv4Protocol
}

if apiVIPIPFamily != presence["machineNetwork"].Primary {
allErrs = append(allErrs, field.Invalid(field.NewPath("networking", "baremetal", "apiVIP"), p.BareMetal.APIVIP, "VIP for the API must be of the same IP family with machine network's primary IP Family for dual-stack IPv4/IPv6"))
}

ingressVIPIPFamily := corev1.IPv6Protocol
if net.ParseIP(p.BareMetal.IngressVIP).To4() != nil {
ingressVIPIPFamily = corev1.IPv4Protocol
}

if ingressVIPIPFamily != presence["machineNetwork"].Primary {
allErrs = append(allErrs, field.Invalid(field.NewPath("networking", "baremetal", "ingressVIP"), p.BareMetal.IngressVIP, "VIP for the Ingress must be of the same IP family with machine network's primary IP Family for dual-stack IPv4/IPv6"))
}
case p.None != nil:
default:
allErrs = append(allErrs, field.Invalid(field.NewPath("networking"), "DualStack", "dual-stack IPv4/IPv6 is not supported for this platform, specify only one type of address"))
Expand Down
26 changes: 26 additions & 0 deletions pkg/types/validation/installconfig_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -637,6 +637,19 @@ func TestValidateInstallConfig(t *testing.T) {
}(),
expectedError: `^platform\.baremetal\.apiVIP: Invalid value: "10\.1\.0\.5": IP expected to be in one of the machine networks: 10.0.0.0/16$`,
},
{
name: "baremetal API VIP set to an incorrect IP Family",
installConfig: func() *types.InstallConfig {
c := validInstallConfig()
c.Networking = validDualStackNetworkingConfig()
c.Platform = types.Platform{
BareMetal: validBareMetalPlatform(),
}
c.Platform.BareMetal.APIVIP = "ffd0::"
return c
}(),
expectedError: `networking.baremetal.apiVIP: Invalid value: "ffd0::": VIP for the API must be of the same IP family with machine network's primary IP Family for dual-stack IPv4/IPv6`,
},
{
name: "baremetal Ingress VIP not an IP",
installConfig: func() *types.InstallConfig {
Expand All @@ -649,6 +662,19 @@ func TestValidateInstallConfig(t *testing.T) {
}(),
expectedError: `^\[platform\.baremetal\.ingressVIP: Invalid value: "test": "test" is not a valid IP, platform\.baremetal\.ingressVIP: Invalid value: "test": IP expected to be in one of the machine networks: 10.0.0.0/16]$`,
},
{
name: "baremetal Ingress VIP set to an incorrect IP Family",
installConfig: func() *types.InstallConfig {
c := validInstallConfig()
c.Networking = validDualStackNetworkingConfig()
c.Platform = types.Platform{
BareMetal: validBareMetalPlatform(),
}
c.Platform.BareMetal.IngressVIP = "ffd0::"
return c
}(),
expectedError: `networking.baremetal.ingressVIP: Invalid value: "ffd0::": VIP for the Ingress must be of the same IP family with machine network's primary IP Family for dual-stack IPv4/IPv6`,
},
{
name: "baremetal Ingress VIP set to an incorrect value",
installConfig: func() *types.InstallConfig {
Expand Down

0 comments on commit c653122

Please sign in to comment.