ionos-cloud/crossplane-provider-ionoscloud

Firewall type should accept CIDRs

Closed this issue · 2 comments

ncldmg commented

What happened?

Trying to create a firewall with a CIDR leads to a validation error as specified in the following type.

type IPConfig struct {
	// Use IP to set specific IP to the resource. If both IP and IPBlockConfig are set,
	// only `ip` field will be considered.
	//
	// +kubebuilder:validation:Pattern="^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
	IP string `json:"ip,omitempty"`
	// Use IpBlockConfig to reference existing IPBlock, and to mention the index for the IP.
	// Index starts from 0 and it must be provided.
	IPBlockCfg IPBlockConfig `json:"ipBlockConfig,omitempty"`
}

How can we reproduce it?

Create a firewall with a CIDR. E.g. "192.168.254.0/23"

What environment did it happen in?

  • Crossplane Version: v0.15.1
  • Crossplane Ionos Provider: v1.0.1
  • Kubernetes version (use kubectl version): 1.24.2
  • Kubernetes distribution (e.g. Tectonic, GKE, OpenShift): kind locally
  • Kernel (e.g. uname -a) Linux pop-os 5.17.15-76051715-generic #202206141358165591911622.04~1db9e34 SMP PREEMPT Wed Jun 22 19 x86_64 x86_64 x86_64 GNU/Linux

Additional Notes

The API and DCD both allow CIDRs when creating firewall rules. Both SourceIPCfg and TargetIPCfg should allow CIDRs.

// Only traffic originating from the respective IPv4 address is allowed.
	// Value null allows traffic from any IP address.
	// SourceIP can be set directly or via reference to an IP Block and index.
	//
	// +kubebuilder:validation:Optional
	SourceIPCfg IPConfig `json:"sourceIpConfig,omitempty"`
	// If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address of the NIC is allowed.
	// Value null allows traffic to any target IP address.
	// TargetIP can be set directly or via reference to an IP Block and index.
	//
	// +kubebuilder:validation:Optional
	TargetIPCfg IPConfig `json:"targetIpConfig,omitempty"`

References

Maybe some logic that could be reused around CIDRs:
https://github.com/ionos-cloud/paas-network-provider/blob/28abe981d99b52c537adebf2670860ad615de612/apis/networking/v1alpha1/types.go#L210-L438

cristiGuranIonos commented

Reopening until release