Skip to content

Commit f99333d

Browse files
committed
Do not allow negative prefix
1 parent b25ee84 commit f99333d

File tree

5 files changed

+19
-0
lines changed

5 files changed

+19
-0
lines changed

api/v1alpha2/inclusterippool_types.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ type InClusterIPPoolSpec struct {
2828

2929
// Prefix is the network prefix to use.
3030
// +kubebuilder:validation:Maximum=128
31+
// +kubebuilder:validation:Minimum=0
3132
Prefix int `json:"prefix"`
3233

3334
// Gateway

config/crd/bases/ipam.cluster.x-k8s.io_globalinclusterippools.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,7 @@ spec:
217217
prefix:
218218
description: Prefix is the network prefix to use.
219219
maximum: 128
220+
minimum: 0
220221
type: integer
221222
required:
222223
- addresses

config/crd/bases/ipam.cluster.x-k8s.io_inclusterippools.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,7 @@ spec:
215215
prefix:
216216
description: Prefix is the network prefix to use.
217217
maximum: 128
218+
minimum: 0
218219
type: integer
219220
required:
220221
- addresses

internal/webhooks/inclusterippool.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,10 @@ func (webhook *InClusterIPPool) validate(_, newPool types.GenericInClusterPool)
185185
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "addresses"), newPool.PoolSpec().Addresses, "addresses is required"))
186186
}
187187

188+
if newPool.PoolSpec().Prefix < 0 {
189+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "prefix"), newPool.PoolSpec().Addresses, "a valid prefix is required"))
190+
}
191+
188192
var hasIPv4Addr, hasIPv6Addr bool
189193
for _, address := range newPool.PoolSpec().Addresses {
190194
ipSet, err := poolutil.AddressToIPSet(address)

internal/webhooks/inclusterippool_test.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -418,6 +418,18 @@ func TestInvalidScenarios(t *testing.T) {
418418
},
419419
expectedError: "provided address is not a valid IP, range, nor CIDR",
420420
},
421+
{
422+
testcase: "negative prefix not allowed",
423+
spec: v1alpha2.InClusterIPPoolSpec{
424+
Addresses: []string{
425+
"10.0.0.25",
426+
"10.0.0.26",
427+
},
428+
Prefix: -1,
429+
Gateway: "10.0.0.1",
430+
},
431+
expectedError: "a valid prefix is required",
432+
},
421433
{
422434
testcase: "specifying an invalid prefix",
423435
spec: v1alpha2.InClusterIPPoolSpec{

0 commit comments

Comments
 (0)