Bug 1670004 - The pattern of cidrSelector for egressnetworkpolicy cannot match 0.0.0.0/0
Summary: The pattern of cidrSelector for egressnetworkpolicy cannot match 0.0.0.0/0
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.1.0
Hardware: All
OS: All
medium
medium
Target Milestone: ---
: 4.1.0
Assignee: Dan Winship
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-01-28 10:50 UTC by zhaozhanqi
Modified: 2019-06-04 10:42 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-04 10:42:19 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 79 0 None closed Fix CIDR validation pattern 2020-05-14 07:23:32 UTC
Red Hat Product Errata RHBA-2019:0758 0 None None None 2019-06-04 10:42:25 UTC

Description zhaozhanqi 2019-01-28 10:50:47 UTC 
Description of problem:
Create egreenetworkpolicy with the following json:

----------denyall.json-----

{
"kind": "EgressNetworkPolicy",
"apiVersion": "v1",
"metadata": {
"name": "policy1"
},
"spec": {
"egress": [
{
"type": "Deny",
"to": {
"cidrSelector": "0.0.0.0/0"
}
}
]
}
}

-------------------------------

when using above json, the following errors shown:
 ' validation failure list:
spec.egress.to.cidrSelector in body should match '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([1-9]|[12][0-9]|3[0-2])$'




Version-Release number of selected component (if applicable):
payload: 4.0.0-0.nightly-2019-01-25-214846

How reproducible:
always

Steps to Reproduce:
1. using the above json to create one egressnetworkpolicy
2. oc create -f denyall.json
3.

Actual results:

The EgressNetworkPolicy "policy1" is invalid: []: Invalid value: map[string]interface {}{"spec":map[string]interface {}{"egress":[]interface {}{map[string]interface {}{"type":"Deny", "to":map[string]interface {}{"cidrSelector":"0.0.0.0/0"}}}}, "apiVersion":"network.openshift.io/v1", "kind":"EgressNetworkPolicy", "metadata":map[string]interface {}{"name":"policy1", "namespace":"z1", "creationTimestamp":"2019-01-28T10:18:42Z", "generation":1, "uid":"16af18e6-22e6-11e9-9918-024f1dbae570", "selfLink":"", "clusterName":""}}: validation failure list:
spec.egress.to.cidrSelector in body should match '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([1-9]|[12][0-9]|3[0-2])$'

Expected results:

the egressnetworkpolicy can be created.
0.0.0.0/0 should can be matched.

Additional info:
Comment 1 Dan Winship 2019-01-28 16:40:27 UTC 
https://github.com/openshift/cluster-network-operator/pull/79
Comment 3 zhaozhanqi 2019-02-19 10:06:28 UTC 
verified this bug on payload 4.0.0-0.nightly-2019-02-18-224151
Comment 6 errata-xmlrpc 2019-06-04 10:42:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758
Note You need to log in before you can comment on or make changes to this bug.