OCPBUGS-48089: validate hostPrefix to be the same when multiple clusternetwork CIDRs are present

pkg/types/validation/installconfig.go

@@ -502,13 +502,22 @@ func validateClusterNetwork(n *types.Networking, cn *types.ClusterNetworkEntry,
 			allErrs = append(allErrs, field.Invalid(fldPath.Child("cidr"), cn.CIDR.String(), fmt.Sprintf("cluster network must not overlap with cluster network %d", i)))
 		}
 	}
-	if cn.HostPrefix < 0 {
-		allErrs = append(allErrs, field.Invalid(fldPath.Child("hostPrefix"), cn.HostPrefix, "hostPrefix must be positive"))
-	}
+
 	// ignore hostPrefix if the plugin does not use it and has it unset
 	if pluginsUsingHostPrefix.Has(n.NetworkType) || (cn.HostPrefix != 0) {
-		if ones, bits := cn.CIDR.Mask.Size(); cn.HostPrefix < int32(ones) {
+		if cn.HostPrefix < 0 {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("hostPrefix"), cn.HostPrefix, "hostPrefix must be positive"))
+		} else if ones, bits := cn.CIDR.Mask.Size(); cn.HostPrefix < int32(ones) {
 			allErrs = append(allErrs, field.Invalid(fldPath.Child("hostPrefix"), cn.HostPrefix, "cluster network host subnetwork prefix must not be larger size than CIDR "+cn.CIDR.String()))
+		} else if bits == 32 {
+			// setting different value for clusternetwork CIDR host prefix is not allowed
+			// we only need to check IPv4 as IPv6 prefix must be 64
+			for _, acn := range n.ClusterNetwork[0:idx] {
+				if acn.CIDR.IP.To4() != nil && cn.HostPrefix != acn.HostPrefix {
+					allErrs = append(allErrs, field.Invalid(fldPath.Child("hostPrefix"), cn.HostPrefix, "cluster network host subnetwork prefix must be the same value for IPv4 networks"))
+					break
+				}
+			}
 		} else if bits == 128 && cn.HostPrefix != 64 {
 			allErrs = append(allErrs, field.Invalid(fldPath.Child("hostPrefix"), cn.HostPrefix, "cluster network host subnetwork prefix must be 64 for IPv6 networks"))
 		}

pkg/types/validation/installconfig_test.go

@@ -516,8 +516,8 @@ func TestValidateInstallConfig(t *testing.T) {
 			installConfig: func() *types.InstallConfig {
 				c := validInstallConfig()
 				c.Networking.ClusterNetwork = []types.ClusterNetworkEntry{
-					{CIDR: *ipnet.MustParseCIDR("12.0.0.0/16"), HostPrefix: 23},
-					{CIDR: *ipnet.MustParseCIDR("12.0.3.0/24"), HostPrefix: 25},
+					{CIDR: *ipnet.MustParseCIDR("12.0.0.0/16"), HostPrefix: 28},
+					{CIDR: *ipnet.MustParseCIDR("12.0.3.0/24"), HostPrefix: 28},
 				}
 				return c
 			}(),
@@ -554,6 +554,33 @@ func TestValidateInstallConfig(t *testing.T) {
 			}(),
 			expectedError: ``,
 		},
+		{
+			name: "cluster network host prefix negative",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Networking.ClusterNetwork[0].HostPrefix = -23
+				return c
+			}(),
+			expectedError: `^networking\.clusterNetwork\[0]\.hostPrefix: Invalid value: -23: hostPrefix must be positive$`,
+		},
+		{
+			name: "multiple cluster network host prefix different",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Networking.ClusterNetwork = append(c.Networking.ClusterNetwork,
+					types.ClusterNetworkEntry{
+						CIDR:       *ipnet.MustParseCIDR("192.168.2.0/24"),
+						HostPrefix: 30,
+					},
+					types.ClusterNetworkEntry{
+						CIDR:       *ipnet.MustParseCIDR("ffd2::/48"),
+						HostPrefix: 64,
+					},
+				)
+				return c
+			}(),
+			expectedError: `^networking\.clusterNetwork\[1]\.hostPrefix: Invalid value: 30: cluster network host subnetwork prefix must be the same value for IPv4 networks$`,
+		},
 		{
 			name: "networking clusterNetworkMTU - valid high limit ovn",
 			installConfig: func() *types.InstallConfig {