network regex validation for powervscluster

Author: carmal891

.github/ISSUE_TEMPLATE/cluster_api_version_update.md

@@ -0,0 +1,48 @@
+---
+name: Cluster API version update
+about: Create an issue to track tasks for a Cluster API version update
+title: Bump cluster-api to v<>
+
+---
+
+/area provider/ibmcloud
+
+## Tasks for Cluster API major version update
+
+Update cluster-api version
+- [ ] [go.mod](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/go.mod)
+- [ ] [hack/tools/go.mod](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/tools/go.mod)
+- [ ] [E2E config files](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/tree/main/test/e2e/config)
+- [ ] [test/e2e/data/metadata.yaml](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/test/e2e/data/shared/metadata.yaml)
+- [ ] run `make generate` to update the CRDs
+
+
+Update Kubernetes version
+- [ ] [go.mod](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/go.mod)
+- [ ] [Kubebuilder version](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/Makefile#L84)
+- [ ] [scripts](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/fetch_ext_bins.sh#L29)
+
+
+If Go version is bumped, update it in the following files
+- [ ] [go.mod](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/go.mod)
+- [ ] [hack/tools/go.mod](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/tools/go.mod)
+- [ ] [ .golangci.yaml](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/.golangci.yml)
+- [ ] [hack/ensure-go.sh](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/ensure-go.sh)
+- [ ] [netlify.toml](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/netlify.toml)
+- [ ] [Makefile](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/Makefile#L66)
+- [ ] [hack/ccm/Makefile](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/ccm/Makefile#L16)
+- [ ] [Update gcb-docker-gcloud image](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/cloudbuild.yaml#L7)
+
+Previous PR: https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/pull/2069
+
+## Tasks for Cluster API minor version update
+
+Update cluster-api version
+- [ ] [go.mod](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/go.mod)
+- [ ] [hack/tools/go.mod](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/tools/go.mod)
+- [ ] [E2E config files](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/tree/main/test/e2e/config)
+
+
+**Notes**:
+* With every Cluster API release, update the version in the last two CAPIBM release branches also.
+* Update the e2e CI to use machine images with corresponding kubernetes version with every Cluster API major version release and update the e2e files accordingly.

.github/ISSUE_TEMPLATE/release.md

@@ -0,0 +1,19 @@
+---
+name: Release tracker
+about: Create an issue to track tasks for a Cluster API version update
+title: Release tracker for v<>
+
+---
+
+/area provider/ibmcloud
+
+**Tasks:**
+
+After every CAPIBM major version release:
+- [ ] Update Infrastructure Provider version in [metadata.yaml](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/metadata.yaml) and [e2e test config files](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/tree/main/test/e2e/config)
+- [ ] [Update release branch versions for weekly security scan](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/.github/workflows/weekly-security-scan.yaml#L16)
+- [ ] [Update release support data in docs](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/docs/book/src/developer/release-support-guidelines.md)
+- [ ] [Update docs with reference to latest release](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/README.md#compatibility-with-cluster-api-and-kubernetes-versions)
+- [ ] Update and add documentation link for new release branch in Netlify
+- [ ] Add new presubmit job for latest release kubernetes/test-infra for CAPIBM jobs
+- [ ] Bump machine images in CI to use relevent Kubernetes version

.github/workflows/validate-yaml-lint.yaml

@@ -0,0 +1,9 @@
+name: YamlLint
+on: [push, pull_request]
+jobs:
+  yamllint:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run yamllint make target
+        run: make yamllint

.github/workflows/weekly-security-scan.yaml

@@ -13,9 +13,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        branch: [ main, release-0.8, release-0.7 ]
+        branch: [ main, release-0.9, release-0.8 ]
     name: Trivy
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
     - name: Check out code
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4.1.7

.gitignore

@@ -41,3 +41,6 @@ vendor/sigs.k8s.io/cluster-api/docs/book/*.json
 # release
 _artifacts/
 out/
+
+#ide settings
+.vscode/

.yamllint

@@ -0,0 +1,43 @@
+extends: default
+
+ignore:
+  - config       # Skip autogenerated config dir from liniting
+
+rules:
+  # Rules to control the number of spaces around operators
+  braces:
+    min-spaces-inside: 0    # No spaces required inside braces
+    max-spaces-inside: 1    # Maximum one space inside braces
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  hyphens:
+    max-spaces-after: 1
+
+  # Rules to control indentation
+  indentation:
+    spaces: consistent              # Spaces should be consistently used for indentation
+    indent-sequences: whatever      # Either indenting or not indenting individual block sequences is OK
+  comments-indentation: enable      # Comments should be indented the same as the content
+
+  # Rules to control lines
+  line-length:
+    max: 200                                       # Maximum 150 characters per line
+    allow-non-breakable-words: true                # Allow long words without breaks
+    allow-non-breakable-inline-mappings: true      # Allow long inline mappings without breaks
+  empty-lines:
+    max: 2                                         # Maximum two consecutive empty lines allowed
+  trailing-spaces: enable                          # Ensure no trailing spaces at the end of lines
+
+  # Other rules
+  comments:
+    min-spaces-from-content: 1                        # At least one space required between content and comment
+  key-duplicates: enable                              # Ensure no duplicate keys in mappings
+  truthy:
+    allowed-values: ['true', 'false', 'on', 'off']    # Allow only these values for boolean scalars

Makefile

@@ -63,7 +63,7 @@ RELEASE_DIR := out
 OUTPUT_TYPE ?= type=registry
 
 # Go
-GO_VERSION ?=1.22.8
+GO_VERSION ?=1.22.10
 GO_CONTAINER_IMAGE ?= golang:$(GO_VERSION)
 
 # kind
@@ -81,7 +81,7 @@ PULL_POLICY ?= Always
 # Set build time variables including version details
 LDFLAGS := $(shell ./hack/version.sh)
 
-KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.29.3
+KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.30.0
 
 # main controller
 CORE_IMAGE_NAME ?= cluster-api-ibmcloud-controller
@@ -546,6 +546,11 @@ else
 	echo "Versions are different across Makefiles. Please ensure to keep them uniform."
 endif
 
+
+.PHONY: yamllint
+yamllint:
+	@docker run --rm $$(tty -s && echo "-it" || echo) -v $(PWD):/data cytopia/yamllint:latest /data --config-file /data/.yamllint --no-warnings
+
 ## --------------------------------------
 ## Cleanup / Verification
 ## --------------------------------------

README.md

@@ -49,7 +49,7 @@ This provider's versions are compatible with the following versions of Cluster A
 |:----------------------------------------|:---------------:|:--------------:|
 | CAPIBM v1alpha4 (v0.1.x)                  | ✓               |                |
 | CAPIBM v1beta1 (v0.2.x, v0.3.x)           |                 | ✓              |
-| CAPIBM v1beta2 (v0.[4-8].x, main)         |                 | ✓              |
+| CAPIBM v1beta2 (v0.[4-9].x, main)         |                 | ✓              |
 
 
 (See [Kubernetes support matrix][cluster-api-supported-v] of Cluster API versions).

api/v1beta1/ibmpowervsmachine_types.go

@@ -21,7 +21,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	capiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1"
-	"sigs.k8s.io/cluster-api/errors"
 )
 
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
@@ -142,7 +141,7 @@ type IBMPowerVSMachineStatus struct {
 	// can be added as events to the Machine object and/or logged in the
 	// controller's output.
 	// +optional
-	FailureReason *errors.MachineStatusError `json:"failureReason,omitempty"`
+	FailureReason *string `json:"failureReason,omitempty"`
 
 	// FailureMessage will be set in the event that there is a terminal problem
 	// reconciling the Machine and will contain a more verbose string suitable

api/v1beta1/zz_generated.conversion.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta2
 
 import (
+	"regexp"
 	"strconv"
 
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -42,16 +43,24 @@ func validateIBMPowerVSResourceReference(res IBMPowerVSResourceReference, resTyp
 	if res.ID != nil && res.Name != nil {
 		return false, field.Invalid(field.NewPath("spec", resType), res, "Only one of "+resType+" - ID or Name may be specified")
 	}
+
 	return true, nil
 }
 
 func validateIBMPowerVSNetworkReference(res IBMPowerVSResourceReference) (bool, *field.Error) {
+	// Ensure only one of ID, Name, or RegEx is specified
 	if (res.ID != nil && res.Name != nil) || (res.ID != nil && res.RegEx != nil) || (res.Name != nil && res.RegEx != nil) {
 		return false, field.Invalid(field.NewPath("spec", "Network"), res, "Only one of Network - ID, Name or RegEx can be specified")
 	}
 	return true, nil
 }
 
+// regexMatches validates if a given regex matches the target string
+func regexMatches(pattern, target string) bool {
+	matched, err := regexp.MatchString(pattern, target)
+	return err == nil && matched
+}
+
 func validateIBMPowerVSMemoryValues(resValue int32) bool {
 	if val := float64(resValue); val < 2 {
 		return false

api/v1beta1/zz_generated.deepcopy.go

@@ -95,10 +95,44 @@ func (r *IBMPowerVSCluster) validateIBMPowerVSCluster() (admission.Warnings, err
 		r.Name, allErrs)
 }
 
+func (r *IBMPowerVSCluster) validateNetworkRegex() (bool, *field.Error) {
+	if r.Spec.Network.RegEx != nil {
+		var targetName string
+		var validationMessage string
+
+		if *r.Spec.DHCPServer.Name != "" {
+			targetName = *r.Spec.DHCPServer.Name
+			validationMessage = "The RegEx should match the DHCP server name when the DHCP server is set"
+		} else {
+			if r.GetObjectMeta().GetName() == "" {
+				return false, field.Required(
+					field.NewPath("metadata", "name"),
+					"Cluster name must be set when Network.RegEx is provided and DHCP server name is not set",
+				)
+			}
+			targetName = r.GetObjectMeta().GetName()
+			validationMessage = "The RegEx should match the cluster name when the DHCP server is not set"
+		}
+
+		if !regexMatches(*r.Spec.Network.RegEx, targetName) {
+			return false, field.Invalid(
+				field.NewPath("spec", "Network", "RegEx"),
+				r.Spec.Network.RegEx,
+				validationMessage,
+			)
+		}
+	}
+
+	return true, nil
+}
+
 func (r *IBMPowerVSCluster) validateIBMPowerVSClusterNetwork() *field.Error {
 	if res, err := validateIBMPowerVSNetworkReference(r.Spec.Network); !res {
 		return err
 	}
+	if res, err := r.validateNetworkRegex(); !res {
+		return err
+	}
 	return nil
 }
 
@@ -198,11 +232,11 @@ func (r *IBMPowerVSCluster) validateIBMPowerVSClusterCreateInfraPrereq() (allErr
 		allErrs = append(allErrs, field.Invalid(field.NewPath("spec.vpc"), r.Spec.VPC, "value of VPC is empty"))
 	}
 
-	if r.Spec.VPC.Region == nil {
+	if r.Spec.VPC != nil && r.Spec.VPC.Region == nil {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("spec.vpc.region"), r.Spec.VPC.Region, "value of VPC region is empty"))
 	}
 
-	if r.Spec.VPC.Region != nil && !regionUtil.ValidateVPCRegion(*r.Spec.VPC.Region) {
+	if r.Spec.VPC != nil && r.Spec.VPC.Region != nil && !regionUtil.ValidateVPCRegion(*r.Spec.VPC.Region) {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("spec.vpc.region"), r.Spec.VPC.Region, fmt.Sprintf("vpc region '%s' is not supported", *r.Spec.VPC.Region)))
 	}