Validate additionalNetworkCIDRs only set on AWS

2023-01-22 11:24:28 -08:00 · 2023-01-22 11:24:28 -08:00 · f16c807f09
parent bd265c1f41
commit f16c807f09
1 changed files with 12 additions and 5 deletions
--- a/pkg/apis/kops/validation/validation.go
+++ b/pkg/apis/kops/validation/validation.go
@ -294,6 +294,7 @@ type cloudProviderConstraints struct {
 	requiresSubnets                                 bool
 	requiresNetworkCIDR                             bool
 	prohibitsNetworkCIDR                            bool
+	prohibitsMultipleNetworkCIDRs                   bool
 	requiresNonMasqueradeCIDR                       bool
 	requiresServiceClusterSubnetOfNonMasqueradeCIDR bool
 	requiresSubnetCIDR                              bool
@ -303,6 +304,7 @@ func validateCloudProvider(c *kops.Cluster, provider *kops.CloudProviderSpec, fi
 	constraints = &cloudProviderConstraints{
 		requiresSubnets:                                 true,
 		requiresNetworkCIDR:                             true,
+		prohibitsMultipleNetworkCIDRs:                   true,
 		requiresNonMasqueradeCIDR:                       true,
 		requiresServiceClusterSubnetOfNonMasqueradeCIDR: true,
 		requiresSubnetCIDR:                              true,
@ -312,6 +314,7 @@ func validateCloudProvider(c *kops.Cluster, provider *kops.CloudProviderSpec, fi
 	if c.Spec.CloudProvider.AWS != nil {
 		optionTaken = true
 		allErrs = append(allErrs, validateAWS(c, provider.AWS, fieldSpec.Child("aws"))...)
+		constraints.prohibitsMultipleNetworkCIDRs = false
 	}
 	if c.Spec.CloudProvider.Azure != nil {
 		if optionTaken {
@ -950,6 +953,9 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
 		}
 	}

+	if len(v.AdditionalNetworkCIDRs) > 0 && providerConstraints.prohibitsMultipleNetworkCIDRs {
+		allErrs = append(allErrs, field.Forbidden(fldPath.Child("additionalNetworkCIDRs"), fmt.Sprintf("%s doesn't support additionalNetworkCIDRs", c.GetCloudProvider())))
+	} else {
 		for i, cidr := range v.AdditionalNetworkCIDRs {
 			networkCIDR, errs := parseCIDR(fldPath.Child("additionalNetworkCIDRs").Index(i), cidr)
 			allErrs = append(allErrs, errs...)
@ -957,6 +963,7 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
 				networkCIDRs = append(networkCIDRs, networkCIDR)
 			}
 		}
+	}

 	var nonMasqueradeCIDRs []*net.IPNet
 	{