Fix over-correcting new SE CEL validation (#3320)

Adds regression test and fixes the issue

Author: howardjohn

kubernetes/customresourcedefinitions.gen.yaml

@@ -438,7 +438,7 @@ option go_package = "istio.io/api/networking/v1alpha3";
 // istiostatus-override: ServiceEntryStatus: istio.io/api/networking/v1alpha3
 // -->
 // +kubebuilder:validation:XValidation:message="only one of WorkloadSelector or Endpoints can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1"
-// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (self.resolution != 'STATIC' && self.resolution != 'NONE'))"
+// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))"
 // +kubebuilder:validation:XValidation:message="NONE mode cannot set endpoints",rule="(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true"
 // +kubebuilder:validation:XValidation:message="DNS_ROUND_ROBIN mode cannot have multiple endpoints",rule="(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
 message ServiceEntry {

networking/v1/service_entry_alias.gen.go

@@ -50,3 +50,13 @@ metadata:
   name: partial-wildcard
 spec:
   hosts: ["*x"]
+---
+# Weird case but we allow it
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: none-cidr
+spec:
+  hosts: ["example.com"]
+  addresses:
+  - 1.1.1.1/32