feat: support subnet_cidr argument for cloud_environment (#119)

Author: jiangpengcheng

cloud/cloud_environment_network.go

@@ -26,6 +26,9 @@ func flattenCloudEnvironmentNetwork(in *cloudv1alpha1.Network) []interface{} {
 	if in.CIDR != "" {
 		att["cidr"] = in.CIDR
 	}
+	if in.SubnetCIDR != "" {
+		att["subnet_cidr"] = in.SubnetCIDR
+	}
 
 	return []interface{}{att}
 }

cloud/data_source_cloud_environment.go

@@ -17,9 +17,10 @@ package cloud
 import (
 	"context"
 	"fmt"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"strings"
 
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -77,6 +78,10 @@ func dataSourceCloudEnvironment() *schema.Resource {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
+						"subnet_cidr": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
 					},
 				},
 			},

cloud/resource_cloud_environment.go

@@ -17,6 +17,8 @@ package cloud
 import (
 	"context"
 	"fmt"
+	cloudv1alpha1 "github.com/streamnative/cloud-api-server/pkg/apis/cloud/v1alpha1"
+	cloudclient "github.com/streamnative/cloud-api-server/pkg/client/clientset_generated/clientset"
 	"strings"
 	"time"
 
@@ -25,9 +27,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	cloudv1alpha1 "github.com/streamnative/cloud-api-server/pkg/apis/cloud/v1alpha1"
-	cloudclient "github.com/streamnative/cloud-api-server/pkg/client/clientset_generated/clientset"
 )
 
 func resourceCloudEnvironment() *schema.Resource {
@@ -56,9 +55,10 @@ func resourceCloudEnvironment() *schema.Resource {
 				diff.HasChanges("cloud_connection_name") ||
 				diff.HasChanges("region") ||
 				diff.HasChanges("network_id") ||
-				diff.HasChanges("network_cidr") {
+				diff.HasChanges("network_cidr") ||
+				diff.HasChanges("network_subnet_cidr") {
 				return fmt.Errorf("ERROR_UPDATE_CLOUD_ENVIRONMENT: " +
-					"The cloud environment does not support updates on the attributes: organization, cloud_connection_name, region, network_id, network_cidr. Please recreate it")
+					"The cloud environment does not support updates on the attributes: organization, cloud_connection_name, region, network_id, network_cidr, network_subnet_cidr. Please recreate it")
 			}
 			return nil
 		},
@@ -120,6 +120,11 @@ func resourceCloudEnvironment() *schema.Resource {
 							Optional:     true,
 							ValidateFunc: validateCidrRange,
 						},
+						"subnet_cidr": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validateCidrRange,
+						},
 					},
 				},
 			},
@@ -260,12 +265,27 @@ func resourceCloudEnvironmentCreate(ctx context.Context, d *schema.ResourceData,
 				networkCidr := networkItemMap["cidr"].(string)
 				cloudEnvironment.Spec.Network.CIDR = networkCidr
 			}
+			if networkItemMap["subnet_cidr"] != nil {
+				subnetCidr := networkItemMap["subnet_cidr"].(string)
+				cloudEnvironment.Spec.Network.SubnetCIDR = subnetCidr
+			}
 		}
 	}
 
 	if cloudEnvironment.Spec.Network.ID == "" && cloudEnvironment.Spec.Network.CIDR == "" {
 		return diag.FromErr(fmt.Errorf("ERROR_CREATE_CLOUD_ENVIRONMENT: " + "One of network.id or network.cidr must be set"))
 	}
+	if cc.Spec.ConnectionType == cloudv1alpha1.ConnectionTypeAzure {
+		if cloudEnvironment.Spec.Network.CIDR != "" {
+			if cloudEnvironment.Spec.Network.SubnetCIDR == "" {
+				cloudEnvironment.Spec.Network.SubnetCIDR = cloudEnvironment.Spec.Network.CIDR
+			}
+			if validate, _ := validateSubnetCIDR(cloudEnvironment.Spec.Network.SubnetCIDR, cloudEnvironment.Spec.Network.CIDR); !validate {
+				return diag.FromErr(fmt.Errorf("ERROR_CREATE_CLOUD_ENVIRONMENT: " +
+					"Azure cloud environment requires network.subnet_cidr to be a subnet of network.cidr"))
+			}
+		}
+	}
 
 	expandDns := func() error {
 		for _, l := range dns {
@@ -393,9 +413,10 @@ func resourceCloudEnvironmentUpdate(ctx context.Context, d *schema.ResourceData,
 		d.HasChanges("cloud_connection_name") ||
 		d.HasChanges("region") ||
 		d.HasChanges("network_id") ||
-		d.HasChanges("network_cidr") {
+		d.HasChanges("network_cidr") ||
+		d.HasChanges("network_subnet_cidr") {
 		return diag.FromErr(fmt.Errorf("ERROR_UPDATE_CLOUD_ENVIRONMENT: " +
-			"The cloud environment does not support updates on the attributes: organization, cloud_connection_name, region, network_id, network_cidr. Please recreate it"))
+			"The cloud environment does not support updates on the attributes: organization, cloud_connection_name, region, network_id, network_cidr, network_subnet_cidr. Please recreate it"))
 	}
 
 	cloudEnvironment, err := clientSet.CloudV1alpha1().CloudEnvironments(namespace).Get(ctx, name, metav1.GetOptions{})

cloud/validate_helpers.go

@@ -16,6 +16,7 @@ package cloud
 
 import (
 	"fmt"
+	"net"
 	"strconv"
 	"strings"
 
@@ -127,6 +128,31 @@ func validateCidrRange(val interface{}, key string) (warns []string, errs []erro
 	return
 }
 
+func validateSubnetCIDR(subnetStr, parentStr string) (bool, error) {
+	subnetIP, subnetNet, err := net.ParseCIDR(subnetStr)
+	if err != nil {
+		return false, fmt.Errorf("invalid subnet CIDR: %v", err)
+	}
+	_, parentNet, err := net.ParseCIDR(parentStr)
+	if err != nil {
+		return false, fmt.Errorf("invalid parent CIDR: %v", err)
+	}
+
+	// Check if the subnet IP is within the parent network
+	if !parentNet.Contains(subnetIP) {
+		return false, nil
+	}
+
+	// Ensure the subnet is not broader than the parent (i.e., subnet mask >= parent mask)
+	subnetMaskSize, _ := subnetNet.Mask.Size()
+	parentMaskSize, _ := parentNet.Mask.Size()
+	if subnetMaskSize < parentMaskSize {
+		return false, nil
+	}
+
+	return true, nil
+}
+
 func validateAnnotations(value interface{}, key string) (ws []string, es []error) {
 	m := value.(map[string]interface{})
 	for k := range m {

cloud/validate_helpers_test.go

@@ -0,0 +1,65 @@
+// Copyright 2024 StreamNative, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cloud
+
+import (
+	"testing"
+)
+
+func Test_validateSubnetCIDR(t *testing.T) {
+	tests := []struct {
+		subnet    string
+		parent    string
+		expect    bool
+		expectErr bool
+	}{
+		// Valid subnets
+		{"10.0.1.0/24", "10.0.0.0/16", true, false},
+		{"192.168.1.0/25", "192.168.1.0/24", true, false},
+		{"172.16.5.128/26", "172.16.0.0/16", true, false},
+
+		// Subnet not contained in parent
+		{"192.168.2.0/24", "192.168.1.0/24", false, false},
+		{"10.1.0.0/16", "10.0.0.0/16", false, false},
+
+		// Subnet broader than parent (mask too small)
+		{"10.0.0.0/8", "10.0.0.0/16", false, false},
+		{"172.16.0.0/12", "172.16.0.0/16", false, false},
+
+		// Equal subnet and parent
+		{"192.168.1.0/24", "192.168.1.0/24", true, false},
+
+		// Invalid input
+		{"invalid", "192.168.1.0/24", false, true},
+		{"192.168.1.0/24", "invalid", false, true},
+	}
+
+	for _, tt := range tests {
+		ok, err := validateSubnetCIDR(tt.subnet, tt.parent)
+		if tt.expectErr {
+			if err == nil {
+				t.Errorf("Expected error for input (%s, %s), got none", tt.subnet, tt.parent)
+			}
+			continue
+		}
+		if err != nil {
+			t.Errorf("Unexpected error for input (%s, %s): %v", tt.subnet, tt.parent, err)
+			continue
+		}
+		if ok != tt.expect {
+			t.Errorf("For (%s, %s), expected %v, got %v", tt.subnet, tt.parent, tt.expect, ok)
+		}
+	}
+}

docs/data-sources/cloud_environment.md

@@ -53,3 +53,4 @@ Read-Only:
 
 - `cidr` (String)
 - `id` (String)
+- `subnet_cidr` (String)

docs/resources/cloud_environment.md

@@ -43,6 +43,7 @@ Optional:
 
 - `cidr` (String)
 - `id` (String)
+- `subnet_cidr` (String)
 
 
 <a id="nestedblock--default_gateway"></a>