Refactor frontend VPC annotation precedence and validation logic

- Change annotation precedence order: subnet-id first, then vpc-name/subnet-name, then optional IP ranges
- Consolidate IPv4/IPv6 validation into single validateNodeBalancerFrontendIPRange function
- Simplify getFrontendVPCCreateOptions to reduce code duplication and improve readability
- Make IP range annotations optional when subnet is specified
- Add error when IP ranges are provided without subnet selector
- Update tests to cover more senarios

Author: komer3

cloud/linode/loadbalancers.go

@@ -850,86 +850,55 @@ func (l *loadbalancers) getVPCCreateOptions(ctx context.Context, service *v1.Ser
 
 // getFrontendVPCCreateOptions returns the VPC options for the NodeBalancer frontend VPC creation.
 // Order of precedence:
-// 1. Frontend IPv4/IPv6 Range Annotations - Explicit CIDR ranges
+// 1. Frontend Subnet ID Annotation - Direct subnet ID
 // 2. Frontend VPC/Subnet Name Annotations - Resolve by name
-// 3. Frontend Subnet ID Annotation - Direct subnet ID
+// 3. Frontend IPv4/IPv6 Range Annotations - Optional CIDR ranges
 func (l *loadbalancers) getFrontendVPCCreateOptions(ctx context.Context, service *v1.Service) ([]linodego.NodeBalancerVPCOptions, error) {
 	frontendIPv4Range, hasIPv4Range := service.GetAnnotations()[annotations.NodeBalancerFrontendIPv4Range]
 	frontendIPv6Range, hasIPv6Range := service.GetAnnotations()[annotations.NodeBalancerFrontendIPv6Range]
 	_, hasVPCName := service.GetAnnotations()[annotations.NodeBalancerFrontendVPCName]
 	_, hasSubnetName := service.GetAnnotations()[annotations.NodeBalancerFrontendSubnetName]
 	_, hasSubnetID := service.GetAnnotations()[annotations.NodeBalancerFrontendSubnetID]
 
-	// If no frontend VPC annotations are present, return empty slice
+	// If no frontend VPC annotations are present, do not configure a frontend VPC.
 	if !hasIPv4Range && !hasIPv6Range && !hasVPCName && !hasSubnetName && !hasSubnetID {
 		return nil, nil
 	}
 
-	var subnetID int
-	var err error
-
-	// Precedence 1: IPv4/IPv6 Range Annotations - Explicit CIDR ranges
-	if hasIPv4Range || hasIPv6Range {
-		if err = validateNodeBalancerFrontendIPv4Range(frontendIPv4Range); err != nil {
-			return nil, err
-		}
-		if err = validateNodeBalancerFrontendIPv6Range(frontendIPv6Range); err != nil {
-			return nil, err
-		}
-		if frontendSubnetID, ok := service.GetAnnotations()[annotations.NodeBalancerFrontendSubnetID]; ok {
-			subnetID, err = strconv.Atoi(frontendSubnetID)
-			if err != nil {
-				return nil, fmt.Errorf("invalid frontend subnet ID: %w", err)
-			}
-		} else {
-			subnetID, err = l.getFrontendSubnetIDForSVC(ctx, service)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		vpcCreateOpts := []linodego.NodeBalancerVPCOptions{
-			{
-				SubnetID:  subnetID,
-				IPv4Range: frontendIPv4Range,
-				IPv6Range: frontendIPv6Range,
-			},
-		}
-		return vpcCreateOpts, nil
+	if err := validateNodeBalancerFrontendIPRange(frontendIPv4Range, "IPv4"); err != nil {
+		return nil, err
 	}
-
-	// Precedence 2: VPC/Subnet Name Annotations - Resolve by name
-	if hasVPCName || hasSubnetName {
-		subnetID, err = l.getFrontendSubnetIDForSVC(ctx, service)
-		if err != nil {
-			return nil, err
-		}
-
-		vpcCreateOpts := []linodego.NodeBalancerVPCOptions{
-			{
-				SubnetID: subnetID,
-			},
-		}
-		return vpcCreateOpts, nil
+	if err := validateNodeBalancerFrontendIPRange(frontendIPv6Range, "IPv6"); err != nil {
+		return nil, err
 	}
 
-	// Precedence 3: Subnet ID Annotation - Direct subnet ID
+	var subnetID int
+	var err error
+
 	if hasSubnetID {
 		frontendSubnetID := service.GetAnnotations()[annotations.NodeBalancerFrontendSubnetID]
 		subnetID, err = strconv.Atoi(frontendSubnetID)
 		if err != nil {
 			return nil, fmt.Errorf("invalid frontend subnet ID: %w", err)
 		}
-
-		vpcCreateOpts := []linodego.NodeBalancerVPCOptions{
-			{
-				SubnetID: subnetID,
-			},
+	} else if hasVPCName || hasSubnetName {
+		subnetID, err = l.getFrontendSubnetIDForSVC(ctx, service)
+		if err != nil {
+			return nil, err
 		}
-		return vpcCreateOpts, nil
+	} else {
+		// Ranges are optional but still require a subnet to target.
+		return nil, fmt.Errorf("frontend VPC configuration requires either subnet-id or both vpc-name and subnet-name annotations")
 	}
 
-	return nil, nil
+	vpcCreateOpts := []linodego.NodeBalancerVPCOptions{
+		{
+			SubnetID:  subnetID,
+			IPv4Range: frontendIPv4Range,
+			IPv6Range: frontendIPv6Range,
+		},
+	}
+	return vpcCreateOpts, nil
 }
 
 // getFrontendSubnetIDForSVC returns the subnet ID for the frontend VPC configuration.
@@ -1540,28 +1509,13 @@ func validateNodeBalancerBackendIPv4Range(backendIPv4Range string) error {
 	return nil
 }
 
-// validateNodeBalancerFrontendIPv4Range validates the frontend IPv4 range annotation.
-// Performs basic CIDR format validation.
-func validateNodeBalancerFrontendIPv4Range(frontendIPv4Range string) error {
-	if frontendIPv4Range == "" {
-		return nil
-	}
-	_, _, err := net.ParseCIDR(frontendIPv4Range)
-	if err != nil {
-		return fmt.Errorf("invalid frontend IPv4 range '%s': %w", frontendIPv4Range, err)
-	}
-	return nil
-}
-
-// validateNodeBalancerFrontendIPv6Range validates the frontend IPv6 range annotation.
-// Performs basic CIDR format validation.
-func validateNodeBalancerFrontendIPv6Range(frontendIPv6Range string) error {
-	if frontendIPv6Range == "" {
+func validateNodeBalancerFrontendIPRange(frontendIPRange, ipVersion string) error {
+	if frontendIPRange == "" {
 		return nil
 	}
-	_, _, err := net.ParseCIDR(frontendIPv6Range)
+	_, _, err := net.ParseCIDR(frontendIPRange)
 	if err != nil {
-		return fmt.Errorf("invalid frontend IPv6 range '%s': %w", frontendIPv6Range, err)
+		return fmt.Errorf("invalid frontend %s range '%s': %w", ipVersion, frontendIPRange, err)
 	}
 	return nil
 }

cloud/linode/loadbalancers_test.go

@@ -5433,9 +5433,10 @@ func Test_validateNodeBalancerBackendIPv4Range(t *testing.T) {
 	}
 }
 
-func Test_validateNodeBalancerFrontendIPv4Range(t *testing.T) {
+func Test_validateNodeBalancerFrontendIPRange(t *testing.T) {
 	type args struct {
-		frontendIPv4Range string
+		frontendIPRange string
+		ipVersion       string
 	}
 	tests := []struct {
 		name    string
@@ -5444,70 +5445,50 @@ func Test_validateNodeBalancerFrontendIPv4Range(t *testing.T) {
 	}{
 		{
 			name:    "Valid IPv4 range",
-			args:    args{frontendIPv4Range: "10.100.5.0/24"},
+			args:    args{frontendIPRange: "10.100.5.0/24", ipVersion: "IPv4"},
 			wantErr: false,
 		},
 		{
 			name:    "Invalid IPv4 range - no CIDR",
-			args:    args{frontendIPv4Range: "10.100.5.0"},
+			args:    args{frontendIPRange: "10.100.5.0", ipVersion: "IPv4"},
 			wantErr: true,
 		},
 		{
 			name:    "Invalid IPv4 range - malformed",
-			args:    args{frontendIPv4Range: "not-an-ip"},
+			args:    args{frontendIPRange: "not-an-ip", ipVersion: "IPv4"},
 			wantErr: true,
 		},
 		{
-			name:    "Empty range should pass",
-			args:    args{frontendIPv4Range: ""},
+			name:    "Empty IPv4 range should pass",
+			args:    args{frontendIPRange: "", ipVersion: "IPv4"},
 			wantErr: false,
 		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if err := validateNodeBalancerFrontendIPv4Range(tt.args.frontendIPv4Range); (err != nil) != tt.wantErr {
-				t.Errorf("validateNodeBalancerFrontendIPv4Range() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}
-
-func Test_validateNodeBalancerFrontendIPv6Range(t *testing.T) {
-	type args struct {
-		frontendIPv6Range string
-	}
-	tests := []struct {
-		name    string
-		args    args
-		wantErr bool
-	}{
 		{
 			name:    "Valid IPv6 range",
-			args:    args{frontendIPv6Range: "2001:db80:1005::/48"},
+			args:    args{frontendIPRange: "2001:db80:1005::/48", ipVersion: "IPv6"},
 			wantErr: false,
 		},
 		{
 			name:    "Invalid IPv6 range - no CIDR",
-			args:    args{frontendIPv6Range: "2001:db80:1005::"},
+			args:    args{frontendIPRange: "2001:db80:1005::", ipVersion: "IPv6"},
 			wantErr: true,
 		},
 		{
 			name:    "Invalid IPv6 range - malformed",
-			args:    args{frontendIPv6Range: "not-an-ipv6"},
+			args:    args{frontendIPRange: "not-an-ipv6", ipVersion: "IPv6"},
 			wantErr: true,
 		},
 		{
-			name:    "Empty range should pass",
-			args:    args{frontendIPv6Range: ""},
+			name:    "Empty IPv6 range should pass",
+			args:    args{frontendIPRange: "", ipVersion: "IPv6"},
 			wantErr: false,
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := validateNodeBalancerFrontendIPv6Range(tt.args.frontendIPv6Range); (err != nil) != tt.wantErr {
-				t.Errorf("validateNodeBalancerFrontendIPv6Range() error = %v, wantErr %v", err, tt.wantErr)
+			if err := validateNodeBalancerFrontendIPRange(tt.args.frontendIPRange, tt.args.ipVersion); (err != nil) != tt.wantErr {
+				t.Errorf("validateNodeBalancerFrontendIPRange() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
 	}
@@ -5615,7 +5596,25 @@ func Test_getFrontendVPCCreateOptions(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "Frontend IPv4 range annotation",
+			name: "Frontend subnet id only",
+			args: args{
+				service: &v1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							annotations.NodeBalancerFrontendSubnetID: "123",
+						},
+					},
+				},
+			},
+			want: []linodego.NodeBalancerVPCOptions{
+				{
+					SubnetID: 123,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "Frontend IPv4 range + subnet id",
 			args: args{
 				service: &v1.Service{
 					ObjectMeta: metav1.ObjectMeta{
@@ -5635,7 +5634,7 @@ func Test_getFrontendVPCCreateOptions(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "Frontend IPv6 range annotation",
+			name: "Frontend IPv6 range + subnet id",
 			args: args{
 				service: &v1.Service{
 					ObjectMeta: metav1.ObjectMeta{
@@ -5654,6 +5653,62 @@ func Test_getFrontendVPCCreateOptions(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "Frontend ranges without subnet selector should error",
+			args: args{
+				service: &v1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							annotations.NodeBalancerFrontendIPv4Range: "10.100.5.0/24",
+						},
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+		{
+			name: "Frontend vpc-name only should error",
+			args: args{
+				service: &v1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							annotations.NodeBalancerFrontendVPCName: "my-vpc",
+						},
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+		{
+			name: "Frontend subnet-name only should error",
+			args: args{
+				service: &v1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							annotations.NodeBalancerFrontendSubnetName: "frontend-subnet",
+						},
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+		{
+			name: "Frontend invalid subnet-id should error",
+			args: args{
+				service: &v1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							annotations.NodeBalancerFrontendSubnetID: "abc",
+						},
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
 		{
 			name: "Frontend VPC and subnet names",
 			args: args{
@@ -5666,11 +5721,36 @@ func Test_getFrontendVPCCreateOptions(t *testing.T) {
 					},
 				},
 			},
-			want:    nil, // Will return error due to missing client setup
-			wantErr: true,
+			want: []linodego.NodeBalancerVPCOptions{
+				{
+					SubnetID: 456,
+				},
+			},
+			wantErr: false,
 			prepareMock: func(m *mocks.MockClient) {
-				m.EXPECT().ListVPCs(gomock.Any(), gomock.Any()).Return(nil, stderrors.New("mock error"))
+				m.EXPECT().ListVPCs(gomock.Any(), gomock.Any()).Return([]linodego.VPC{{ID: 111, Label: "my-vpc"}}, nil)
+				m.EXPECT().ListVPCSubnets(gomock.Any(), 111, gomock.Any()).Return([]linodego.VPCSubnet{{ID: 456, Label: "frontend-subnet"}}, nil)
+			},
+		},
+		{
+			name: "Frontend subnet-id should take precedence over names",
+			args: args{
+				service: &v1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							annotations.NodeBalancerFrontendSubnetID:   "123",
+							annotations.NodeBalancerFrontendVPCName:    "my-vpc",
+							annotations.NodeBalancerFrontendSubnetName: "frontend-subnet",
+						},
+					},
+				},
+			},
+			want: []linodego.NodeBalancerVPCOptions{
+				{
+					SubnetID: 123,
+				},
 			},
+			wantErr: false,
 		},
 	}