Firewall type should accept CIDRs
Closed this issue · 2 comments
ncldmg commented
What happened?
Trying to create a firewall with a CIDR leads to a validation error as specified in the following type.
type IPConfig struct {
// Use IP to set specific IP to the resource. If both IP and IPBlockConfig are set,
// only `ip` field will be considered.
//
// +kubebuilder:validation:Pattern="^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
IP string `json:"ip,omitempty"`
// Use IpBlockConfig to reference existing IPBlock, and to mention the index for the IP.
// Index starts from 0 and it must be provided.
IPBlockCfg IPBlockConfig `json:"ipBlockConfig,omitempty"`
}
How can we reproduce it?
Create a firewall with a CIDR. E.g. "192.168.254.0/23"
What environment did it happen in?
- Crossplane Version: v0.15.1
- Crossplane Ionos Provider: v1.0.1
- Kubernetes version (use
kubectl version
): 1.24.2 - Kubernetes distribution (e.g. Tectonic, GKE, OpenShift): kind locally
- Kernel (e.g.
uname -a
) Linux pop-os 5.17.15-76051715-generic #202206141358165591911622.04~1db9e34 SMP PREEMPT Wed Jun 22 19 x86_64 x86_64 x86_64 GNU/Linux
Additional Notes
The API and DCD both allow CIDRs when creating firewall rules. Both SourceIPCfg and TargetIPCfg should allow CIDRs.
// Only traffic originating from the respective IPv4 address is allowed.
// Value null allows traffic from any IP address.
// SourceIP can be set directly or via reference to an IP Block and index.
//
// +kubebuilder:validation:Optional
SourceIPCfg IPConfig `json:"sourceIpConfig,omitempty"`
// If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address of the NIC is allowed.
// Value null allows traffic to any target IP address.
// TargetIP can be set directly or via reference to an IP Block and index.
//
// +kubebuilder:validation:Optional
TargetIPCfg IPConfig `json:"targetIpConfig,omitempty"`
References
Maybe some logic that could be reused around CIDRs:
https://github.com/ionos-cloud/paas-network-provider/blob/28abe981d99b52c537adebf2670860ad615de612/apis/networking/v1alpha1/types.go#L210-L438
cristiGuranIonos commented
Reopening until release