From 6e9cb9713daf3eba552cafe437eab532157852ca Mon Sep 17 00:00:00 2001
From: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Date: Sun, 18 Feb 2024 16:11:11 +0100
Subject: [PATCH] temp2

---
 apis/v1alpha1/baselineadminnetworkpolicy_types.go      |  4 ++--
 apis/v1alpha1/shared_types.go                          | 10 +++++++---
 apis/v1alpha1/zz_generated.deepcopy.go                 |  2 +-
 .../policy.networking.k8s.io_adminnetworkpolicies.yaml | 10 ++++++----
 ...networking.k8s.io_baselineadminnetworkpolicies.yaml | 10 ++++++----
 hack/crd-e2e.sh                                        |  8 ++++++--
 6 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/apis/v1alpha1/baselineadminnetworkpolicy_types.go b/apis/v1alpha1/baselineadminnetworkpolicy_types.go
index 91b032a2..06891682 100644
--- a/apis/v1alpha1/baselineadminnetworkpolicy_types.go
+++ b/apis/v1alpha1/baselineadminnetworkpolicy_types.go
@@ -163,11 +163,11 @@ type BaselineAdminNetworkPolicyEgressRule struct {
 	// If any AdminNetworkPolicyEgressPeer matches the destination of outgoing
 	// traffic then the specified action is applied.
 	// This field must be defined and contain at least one item.
-	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=100
 	//
 	// Support: Core
 	//
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=100
 	To []AdminNetworkPolicyEgressPeer `json:"to"`
 
 	// Ports allows for matching traffic based on port and protocols.
diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go
index e10ecbe9..88b7c4f9 100644
--- a/apis/v1alpha1/shared_types.go
+++ b/apis/v1alpha1/shared_types.go
@@ -191,9 +191,8 @@ type AdminNetworkPolicyEgressPeer struct {
 	// <network-policy-api:experimental>
 	// +optional
 	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=100
-	// +kubebuilder:validation:XValidation:rule="self.all(x, isCIDR(x))",message="Invalid CIDR provided"
-	Networks []string `json:"networks,omitempty"`
+	// +kubebuilder:validation:MaxItems=45
+	Networks []CIDR `json:"networks,omitempty"`
 }
 
 // NamespacedPeer defines a flexible way to select Namespaces in a cluster.
@@ -256,3 +255,8 @@ type NamespacedPodPeer struct {
 	//
 	PodSelector metav1.LabelSelector `json:"podSelector"`
 }
+
+// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="Invalid CIDR provided"
+// +kubebuilder:validation:MaxLength=48
+// Length 48 is taken from: https://elixir.bootlin.com/linux/latest/source/include/linux/inet.h#L50
+type CIDR string
diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
index befb231e..82b1b61d 100644
--- a/apis/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/v1alpha1/zz_generated.deepcopy.go
@@ -72,7 +72,7 @@ func (in *AdminNetworkPolicyEgressPeer) DeepCopyInto(out *AdminNetworkPolicyEgre
 	}
 	if in.Networks != nil {
 		in, out := &in.Networks, &out.Networks
-		*out = make([]string, len(*in))
+		*out = make([]CIDR, len(*in))
 		copy(*out, *in)
 	}
 }
diff --git a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
index 68d96da1..69958fdb 100644
--- a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
+++ b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
@@ -265,13 +265,15 @@ spec:
                               format and should be IPv4 or IPv6, for example \"10.0.0.0/8\"
                               or \"fd00::/8\". \n Support: Extended \n <network-policy-api:experimental>"
                             items:
+                              description: 'Length 48 is taken from: https://elixir.bootlin.com/linux/latest/source/include/linux/inet.h#L50'
+                              maxLength: 48
                               type: string
-                            maxItems: 100
+                              x-kubernetes-validations:
+                              - message: Invalid CIDR provided
+                                rule: isCIDR(self)
+                            maxItems: 45
                             minItems: 1
                             type: array
-                            x-kubernetes-validations:
-                            - message: Invalid CIDR provided
-                              rule: self.all(x, isCIDR(x))
                           nodes:
                             description: "Nodes defines a way to select a set of nodes
                               in the cluster. This field follows standard label selector
diff --git a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
index d4246437..2b6b8d5d 100644
--- a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
+++ b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
@@ -257,13 +257,15 @@ spec:
                               format and should be IPv4 or IPv6, for example \"10.0.0.0/8\"
                               or \"fd00::/8\". \n Support: Extended \n <network-policy-api:experimental>"
                             items:
+                              description: 'Length 48 is taken from: https://elixir.bootlin.com/linux/latest/source/include/linux/inet.h#L50'
+                              maxLength: 48
                               type: string
-                            maxItems: 100
+                              x-kubernetes-validations:
+                              - message: Invalid CIDR provided
+                                rule: isCIDR(self)
+                            maxItems: 45
                             minItems: 1
                             type: array
-                            x-kubernetes-validations:
-                            - message: Invalid CIDR provided
-                              rule: self.all(x, isCIDR(x))
                           nodes:
                             description: "Nodes defines a way to select a set of nodes
                               in the cluster. This field follows standard label selector
diff --git a/hack/crd-e2e.sh b/hack/crd-e2e.sh
index f8a00a30..620993d7 100755
--- a/hack/crd-e2e.sh
+++ b/hack/crd-e2e.sh
@@ -44,11 +44,11 @@ trap cleanup INT TERM
 res=0
 
 # Install kind
-(go install sigs.k8s.io/kind@v0.21.0) || res=$?
+(go install sigs.k8s.io/kind@v0.22.0) || res=$?
 
 # Create cluster
 KIND_CREATE_ATTEMPTED=true
-kind create cluster --name "${CLUSTER_NAME}" || res=$?
+kind create cluster --name "${CLUSTER_NAME}" --image "quay.io/itssurya/dev-images:kindest-node-v1.30.0-alpha.2" || res=$?
 
 for KUST_FOLDER in bases patches; do
   go run sigs.k8s.io/controller-tools/cmd/controller-gen rbac:roleName=manager-role crd paths=./apis/... output:crd:dir=./config/crd/bases output:stdout || res=$?
@@ -59,6 +59,10 @@ for KUST_FOLDER in bases patches; do
 
 done
 
+# Only for testing purposes, directly install experimental CRDs as well in the CI cluster
+kubectl apply -f ./config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
+kubectl apply -f ./config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
+
 # Clean up and exit
 cleanup || res=$?
 exit $res