From 97d0d4489cf69ef794f11a6c86b9bb5032b1d7a9 Mon Sep 17 00:00:00 2001 From: Miskiewicz Date: Tue, 18 Jun 2024 10:11:56 +0200 Subject: [PATCH] wip --- cmd/broker/provisioning_test.go | 36 ++++++++++++++++++++++++++++++ internal/broker/instance_create.go | 28 ++++++++++++++--------- internal/broker/plans_schema.go | 12 +++++++--- 3 files changed, 62 insertions(+), 14 deletions(-) diff --git a/cmd/broker/provisioning_test.go b/cmd/broker/provisioning_test.go index ed7489ea66..9545f249aa 100644 --- a/cmd/broker/provisioning_test.go +++ b/cmd/broker/provisioning_test.go @@ -294,6 +294,42 @@ func TestProvisioning_NetworkingParametersForAWS(t *testing.T) { suite.WaitForOperationState(opID, domain.Succeeded) } +func TestProvisioning_AllNetworkingParametersForAWS(t *testing.T) { + // given + suite := NewBrokerSuiteTest(t) + defer suite.TearDown() + iid := uuid.New().String() + + // when + resp := suite.CallAPI("PUT", fmt.Sprintf("oauth/v2/service_instances/%s?accepts_incomplete=true", iid), + `{ + "service_id": "47c9dcbf-ff30-448e-ab36-d3bad66ba281", + "plan_id": "361c511f-f939-4621-b228-d0fb79a1fe15", + + "context": { + "globalaccount_id": "e449f875-b5b2-4485-b7c0-98725c0571bf", + "subaccount_id": "test", + "user_id": "piotr.miskiewicz@sap.com" + + }, + "parameters": { + "name": "test", + "region": "eu-central-1", + "networking": { + "nodes": "192.168.48.0/20", + "pods": "10.104.0.0/24", + "services": "10.105.0.0/24" + } + } + } + }`) + opID := suite.DecodeOperationID(resp) + + suite.processProvisioningByOperationID(opID) + + suite.WaitForOperationState(opID, domain.Succeeded) +} + func TestProvisioning_AWSWithEURestrictedAccessBadRequest(t *testing.T) { // given suite := NewBrokerSuiteTest(t) diff --git a/internal/broker/instance_create.go b/internal/broker/instance_create.go index 878c8e19f3..eca1f231c5 100644 --- a/internal/broker/instance_create.go +++ b/internal/broker/instance_create.go @@ -534,17 +534,6 @@ func (b *ProvisionEndpoint) validateNetworking(parameters internal.ProvisioningP err = multierror.Append(err, fmt.Errorf("the suffix of the node CIDR must not be greater than 26")) } - if err != nil { - return err - } - - for _, seed := range networking.GardenerSeedCIDRs { - _, seedCidr, _ := net.ParseCIDR(seed) - if e := validateOverlapping(*nodes, *seedCidr); e != nil { - err = multierror.Append(err, fmt.Errorf("nodes CIDR must not overlap %s", seed)) - } - } - if parameters.Networking.PodsCidr != nil { if pods, e = validateCidr(*parameters.Networking.PodsCidr); e != nil { err = multierror.Append(err, fmt.Errorf("while parsing pods CIDR: %w", e)) @@ -563,6 +552,23 @@ func (b *ProvisionEndpoint) validateNetworking(parameters internal.ProvisioningP return err } + for _, seed := range networking.GardenerSeedCIDRs { + _, seedCidr, _ := net.ParseCIDR(seed) + if e := validateOverlapping(*nodes, *seedCidr); e != nil { + err = multierror.Append(err, fmt.Errorf("nodes CIDR must not overlap %s", seed)) + } + if e := validateOverlapping(*services, *seedCidr); e != nil { + err = multierror.Append(err, fmt.Errorf("nodes CIDR must not overlap %s", seed)) + } + if e := validateOverlapping(*pods, *seedCidr); e != nil { + err = multierror.Append(err, fmt.Errorf("nodes CIDR must not overlap %s", seed)) + } + } + + if err != nil { + return err + } + if e := validateOverlapping(*nodes, *pods); e != nil { err = multierror.Append(err, fmt.Errorf("nodes CIDR must not overlap %s", pods.String())) } diff --git a/internal/broker/plans_schema.go b/internal/broker/plans_schema.go index 89f2a8ec37..21aee915b3 100644 --- a/internal/broker/plans_schema.go +++ b/internal/broker/plans_schema.go @@ -47,7 +47,9 @@ func (up *UpdateProperties) IncludeAdditional() { } type NetworkingProperties struct { - Nodes Type `json:"nodes"` + Nodes Type `json:"nodes"` + Services Type `json:"services"` + Pods Type `json:"pods"` } type NetworkingType struct { @@ -320,9 +322,13 @@ func NewProvisioningProperties(machineTypesDisplay, regionsDisplay map[string]st func NewNetworkingSchema() *NetworkingType { seedCIDRs := strings.Join(networking.GardenerSeedCIDRs, ", ") return &NetworkingType{ - Type: Type{Type: "object", Description: "Networking configuration. These values are immutable and cannot be updated later."}, + Type: Type{Type: "object", Description: "Networking configuration. These values are immutable and cannot be updated later. All provided CIDR ranges must not overlap one another."}, Properties: NetworkingProperties{ - Nodes: Type{Type: "string", Title: "CIDR range for nodes", Description: fmt.Sprintf("CIDR range for nodes, must not overlap with the following CIDRs: %s, %s, %s", networking.DefaultPodsCIDR, networking.DefaultServicesCIDR, seedCIDRs), + Services: Type{Type: "string", Title: "CIDR range for services", Description: fmt.Sprintf("CIDR range for services, must not overlap with the following CIDRs: %s", seedCIDRs), + Default: networking.DefaultServicesCIDR}, + Pods: Type{Type: "string", Title: "CIDR range for pods", Description: fmt.Sprintf("CIDR range for pods, must not overlap with the following CIDRs: %s", seedCIDRs), + Default: networking.DefaultPodsCIDR}, + Nodes: Type{Type: "string", Title: "CIDR range for nodes", Description: fmt.Sprintf("CIDR range for nodes, must not overlap with the following CIDRs: %s", seedCIDRs), Default: networking.DefaultNodesCIDR}, }, Required: []string{"nodes"},