Fix validation of CIDR fields

danwinship · danwinship · commit 785ec40b2443 · 2025-10-09T08:59:38.000-04:00
isCIDR() accepts both "mask-like" CIDRs and "address-like" CIDRs
diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go
@@ -134,6 +134,6 @@ type AdminNetworkPolicyIngressPeer struct {
 }
 
 // CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8").
-// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="Invalid CIDR format provided"
+// +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self) == cidr(self).masked()",message="Invalid CIDR format provided"
 // +kubebuilder:validation:MaxLength=43
 type CIDR string
diff --git a/apis/v1alpha2/clusternetworkpolicy_types.go b/apis/v1alpha2/clusternetworkpolicy_types.go
@@ -465,7 +465,7 @@ type PortRange struct {
 
 // CIDR is an IP address range in CIDR notation
 // (for example, "10.0.0.0/8" or "fd00::/8").
-// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="Invalid CIDR format provided"
+// +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self) == cidr(self).masked()",message="Invalid CIDR format provided"
 // +kubebuilder:validation:MaxLength=43
 type CIDR string
 
diff --git a/config/crd/experimental/policy.networking.k8s.io_clusternetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_clusternetworkpolicies.yaml
@@ -305,7 +305,7 @@ spec:
                               type: string
                               x-kubernetes-validations:
                               - message: Invalid CIDR format provided
-                                rule: isCIDR(self)
+                                rule: isCIDR(self) && cidr(self) == cidr(self).masked()
                             maxItems: 25
                             minItems: 1
                             type: array
diff --git a/config/crd/standard/policy.networking.k8s.io_clusternetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_clusternetworkpolicies.yaml
@@ -259,7 +259,7 @@ spec:
                               type: string
                               x-kubernetes-validations:
                               - message: Invalid CIDR format provided
-                                rule: isCIDR(self)
+                                rule: isCIDR(self) && cidr(self) == cidr(self).masked()
                             maxItems: 25
                             minItems: 1
                             type: array

Original file line number	Diff line number	Diff line change
`@@ -134,6 +134,6 @@ type AdminNetworkPolicyIngressPeer struct {`
`134`	`134`	`}`
`135`	`135`
`136`	`136`	`// CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8").`
`137`		`-// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="Invalid CIDR format provided"`
	`137`	`+// +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self) == cidr(self).masked()",message="Invalid CIDR format provided"`
`138`	`138`	`// +kubebuilder:validation:MaxLength=43`
`139`	`139`	`type CIDR string`