openshift
diff --git a/‎example/v1/tests/stableconfigtypes.example.openshift.io/Example.yaml
Lines changed: 52 additions & 0 deletions b/‎example/v1/tests/stableconfigtypes.example.openshift.io/Example.yaml
Lines changed: 52 additions & 0 deletions
diff --git a/‎example/v1/types_stable.go
Lines changed: 31 additions & 0 deletions b/‎example/v1/types_stable.go
Lines changed: 31 additions & 0 deletions
diff --git a/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-CustomNoUpgrade.crd.yaml
Lines changed: 50 additions & 0 deletions b/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-CustomNoUpgrade.crd.yaml
Lines changed: 50 additions & 0 deletions
diff --git a/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-Default.crd.yaml
Lines changed: 50 additions & 0 deletions b/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-Default.crd.yaml
Lines changed: 50 additions & 0 deletions
diff --git a/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-DevPreviewNoUpgrade.crd.yaml
Lines changed: 50 additions & 0 deletions b/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-DevPreviewNoUpgrade.crd.yaml
Lines changed: 50 additions & 0 deletions
diff --git a/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-TechPreviewNoUpgrade.crd.yaml
Lines changed: 50 additions & 0 deletions b/‎example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-TechPreviewNoUpgrade.crd.yaml
Lines changed: 50 additions & 0 deletions
diff --git a/‎example/v1/zz_generated.deepcopy.go
Lines changed: 27 additions & 0 deletions b/‎example/v1/zz_generated.deepcopy.go
Lines changed: 27 additions & 0 deletions
@@ -103,6 +103,58 @@ tests:
           immutableField: foo
           subdomainNameField: foo.-bar.baz
       expectedError: "spec.subdomainNameField: Invalid value: \"string\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character."
+    - name: Should allow subnets without exclusions
+      initial: |
+        apiVersion: example.openshift.io/v1
+        kind: StableConfigType
+        spec:
+          immutableField: foo
+          subnetsWithExclusions:
+            subnets:
+            - 192.168.0.0/16
+      expected: |
+        apiVersion: example.openshift.io/v1
+        kind: StableConfigType
+        spec:
+          immutableField: foo
+          nonZeroDefault: 8
+          subnetsWithExclusions:
+            subnets:
+            - 192.168.0.0/16
+    - name: Should allow subnets with exclusions within the subnet
+      initial: |
+        apiVersion: example.openshift.io/v1
+        kind: StableConfigType
+        spec:
+          immutableField: foo
+          subnetsWithExclusions:
+            subnets:
+            - 192.168.0.0/16
+            excludeSubnets:
+            - 192.168.0.0/24
+      expected: |
+        apiVersion: example.openshift.io/v1
+        kind: StableConfigType
+        spec:
+          immutableField: foo
+          nonZeroDefault: 8
+          subnetsWithExclusions:
+            subnets:
+            - 192.168.0.0/16
+            excludeSubnets:
+            - 192.168.0.0/24
+    - name: Should not allow subnets with exclusions not within the subnet
+      initial: |
+        apiVersion: example.openshift.io/v1
+        kind: StableConfigType
+        spec:
+          immutableField: foo
+          subnetsWithExclusions:
+            subnets:
+            - 192.168.0.0/16
+            excludeSubnets:
+            - 10.0.0.0/8
+      expectedError: "spec.subnetsWithExclusions.excludeSubnets: Invalid value: \"object\": excludeSubnets must be subnetworks of the networks specified in the subnets field"
   onUpdate:
     - name: Should not allow removal of a tech preview field
       initial: |
 
@@ -96,6 +96,10 @@ type StableConfigTypeSpec struct {
 	// +kubebuilder:validation:MaxLength:=253
 	// +optional
 	SubdomainNameField string `json:"subdomainNameField,omitempty"`
+
+	// subnetsWithExclusions demonstrates how to validate a list of subnets with exclusions
+	// +optional
+	SubnetsWithExclusions SubnetsWithExclusions `json:"subnetsWithExclusions,omitempty"`
 }
 
 // SetValue defines the types allowed in string set type
@@ -178,6 +182,33 @@ type StableConfigTypeStatus struct {
 	ImmutableField string `json:"immutableField,omitempty"`
 }
 
+// SubnetsWithExclusions is used to validate a list of subnets with exclusions.
+// It demonstrates how exclusions should be validated as subnetworks of the networks listed in the subnets field.
+// +kubebuilder:validation:XValidation:rule="!has(self.excludeSubnets) || self.excludeSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))",message="excludeSubnets must be subnetworks of the networks specified in the subnets field",fieldPath=".excludeSubnets"
+type SubnetsWithExclusions struct {
+	// subnets is a list of subnets.
+	// It may contain up to 2 subnets.
+	// The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.
+	// +kubebuilder:validation:XValidation:rule="size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1]) || cidr(self[0]).ip().family() != cidr(self[1]).ip().family()",message="subnets must not contain 2 subnets of the same IP family"
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=2
+	// +listType=atomic
+	// +required
+	Subnets []CIDR `json:"subnets"`
+
+	// excludeSubnets is a list of CIDR exclusions.
+	// The subnets in this list must be subnetworks of the subnets in the subnets list.
+	// +kubebuilder:validation:MaxItems=25
+	// +optional
+	ExcludeSubnets []CIDR `json:"excludeSubnets,omitempty"`
+}
+
+// CIDR is used to validate a CIDR notation network.
+// The longest CIDR notation is 43 characters.
+// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="value must be a valid CIDR"
+// +kubebuilder:validation:MaxLength:=43
+type CIDR string
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +openshift:compatibility-gen:level=1
 
 
@@ -162,6 +162,56 @@ spec:
                     alphanumeric characters, '-' or '.', and must start and end with
                     an alphanumeric character.
                   rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+              subnetsWithExclusions:
+                description: subnetsWithExclusions demonstrates how to validate a
+                  list of subnets with exclusions
+                properties:
+                  excludeSubnets:
+                    description: |-
+                      excludeSubnets is a list of CIDR exclusions.
+                      The subnets in this list must be subnetworks of the subnets in the subnets list.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 25
+                    type: array
+                  subnets:
+                    description: |-
+                      subnets is a list of subnets.
+                      It may contain up to 2 subnets.
+                      The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 2
+                    minItems: 1
+                    type: array
+                    x-kubernetes-list-type: atomic
+                    x-kubernetes-validations:
+                    - message: subnets must not contain 2 subnets of the same IP family
+                      rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
+                        || cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
+                required:
+                - subnets
+                type: object
+                x-kubernetes-validations:
+                - fieldPath: .excludeSubnets
+                  message: excludeSubnets must be subnetworks of the networks specified
+                    in the subnets field
+                  rule: '!has(self.excludeSubnets) || self.excludeSubnets.all(e, self.subnets.exists(s,
+                    cidr(s).containsCIDR(cidr(e))))'
             required:
             - immutableField
             type: object
 
@@ -157,6 +157,56 @@ spec:
                     alphanumeric characters, '-' or '.', and must start and end with
                     an alphanumeric character.
                   rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+              subnetsWithExclusions:
+                description: subnetsWithExclusions demonstrates how to validate a
+                  list of subnets with exclusions
+                properties:
+                  excludeSubnets:
+                    description: |-
+                      excludeSubnets is a list of CIDR exclusions.
+                      The subnets in this list must be subnetworks of the subnets in the subnets list.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 25
+                    type: array
+                  subnets:
+                    description: |-
+                      subnets is a list of subnets.
+                      It may contain up to 2 subnets.
+                      The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 2
+                    minItems: 1
+                    type: array
+                    x-kubernetes-list-type: atomic
+                    x-kubernetes-validations:
+                    - message: subnets must not contain 2 subnets of the same IP family
+                      rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
+                        || cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
+                required:
+                - subnets
+                type: object
+                x-kubernetes-validations:
+                - fieldPath: .excludeSubnets
+                  message: excludeSubnets must be subnetworks of the networks specified
+                    in the subnets field
+                  rule: '!has(self.excludeSubnets) || self.excludeSubnets.all(e, self.subnets.exists(s,
+                    cidr(s).containsCIDR(cidr(e))))'
             required:
             - immutableField
             type: object
 
@@ -162,6 +162,56 @@ spec:
                     alphanumeric characters, '-' or '.', and must start and end with
                     an alphanumeric character.
                   rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+              subnetsWithExclusions:
+                description: subnetsWithExclusions demonstrates how to validate a
+                  list of subnets with exclusions
+                properties:
+                  excludeSubnets:
+                    description: |-
+                      excludeSubnets is a list of CIDR exclusions.
+                      The subnets in this list must be subnetworks of the subnets in the subnets list.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 25
+                    type: array
+                  subnets:
+                    description: |-
+                      subnets is a list of subnets.
+                      It may contain up to 2 subnets.
+                      The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 2
+                    minItems: 1
+                    type: array
+                    x-kubernetes-list-type: atomic
+                    x-kubernetes-validations:
+                    - message: subnets must not contain 2 subnets of the same IP family
+                      rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
+                        || cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
+                required:
+                - subnets
+                type: object
+                x-kubernetes-validations:
+                - fieldPath: .excludeSubnets
+                  message: excludeSubnets must be subnetworks of the networks specified
+                    in the subnets field
+                  rule: '!has(self.excludeSubnets) || self.excludeSubnets.all(e, self.subnets.exists(s,
+                    cidr(s).containsCIDR(cidr(e))))'
             required:
             - immutableField
             type: object
 
@@ -162,6 +162,56 @@ spec:
                     alphanumeric characters, '-' or '.', and must start and end with
                     an alphanumeric character.
                   rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+              subnetsWithExclusions:
+                description: subnetsWithExclusions demonstrates how to validate a
+                  list of subnets with exclusions
+                properties:
+                  excludeSubnets:
+                    description: |-
+                      excludeSubnets is a list of CIDR exclusions.
+                      The subnets in this list must be subnetworks of the subnets in the subnets list.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 25
+                    type: array
+                  subnets:
+                    description: |-
+                      subnets is a list of subnets.
+                      It may contain up to 2 subnets.
+                      The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.
+                    items:
+                      description: |-
+                        CIDR is used to validate a CIDR notation network.
+                        The longest CIDR notation is 43 characters.
+                      maxLength: 43
+                      type: string
+                      x-kubernetes-validations:
+                      - message: value must be a valid CIDR
+                        rule: isCIDR(self)
+                    maxItems: 2
+                    minItems: 1
+                    type: array
+                    x-kubernetes-list-type: atomic
+                    x-kubernetes-validations:
+                    - message: subnets must not contain 2 subnets of the same IP family
+                      rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
+                        || cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
+                required:
+                - subnets
+                type: object
+                x-kubernetes-validations:
+                - fieldPath: .excludeSubnets
+                  message: excludeSubnets must be subnetworks of the networks specified
+                    in the subnets field
+                  rule: '!has(self.excludeSubnets) || self.excludeSubnets.all(e, self.subnets.exists(s,
+                    cidr(s).containsCIDR(cidr(e))))'
             required:
             - immutableField
             type: object