feat(vpcpeering): Implement validation for VpcManifest

qmonnet · Fredi-raspall · commit 31b64efc4d51 · 2025-05-08T15:56:09.000+02:00
We already have validation for VpcExpose, VpcPeering, and expose or
peering addition to lists and tables; we're only missing some basic
checks for the VpcManifest objects.

There's not much to do this time, because most of the work consists in
validating the VpcExpose objects and preventing prefix overlap between
them, which we have implemented in previous commits. Make sure the name
is not empty, make sure the lists of VpcExpose objects are not empty,
and use the resulting validation function for each VpcManifest when
validating a VpcPeering object.

Add relevant enum variants to ApiError.

Fix some tests that would use manifests with empty VpcExpose lists.

Signed-off-by: Quentin Monnet &lt;qmo@qmon.net&gt;
diff --git a/mgmt/src/models/external/overlay/tests.rs b/mgmt/src/models/external/overlay/tests.rs
@@ -142,23 +142,71 @@ pub mod test {
     fn test_peering_iter() {
         let mut peering_table = VpcPeeringTable::new();
 
-        let m1 = VpcManifest::new("VPC-1");
-        let m2 = VpcManifest::new("VPC-2");
+        let mut m1 = VpcManifest::new("VPC-1");
+        m1.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("1.1.1.0", 24)))
+                .as_range(Prefix::from(("1.1.2.0", 24))),
+        )
+        .expect("Failed to add expose");
+        let mut m2 = VpcManifest::new("VPC-2");
+        m2.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("1.2.1.0", 24)))
+                .as_range(Prefix::from(("1.2.2.0", 24))),
+        )
+        .expect("Failed to add expose");
         let peering = VpcPeering::new("Peering-1", m1, m2);
         peering_table.add(peering).unwrap();
 
-        let m1 = VpcManifest::new("VPC-1");
-        let m2 = VpcManifest::new("VPC-3");
+        let mut m1 = VpcManifest::new("VPC-1");
+        m1.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("2.1.1.0", 24)))
+                .as_range(Prefix::from(("2.2.2.0", 24))),
+        )
+        .expect("Failed to add expose");
+        let mut m2 = VpcManifest::new("VPC-3");
+        m2.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("2.2.1.0", 24)))
+                .as_range(Prefix::from(("2.2.2.0", 24))),
+        )
+        .expect("Failed to add expose");
         let peering = VpcPeering::new("Peering-2", m1, m2);
         peering_table.add(peering).unwrap();
 
-        let m1 = VpcManifest::new("VPC-2");
-        let m2 = VpcManifest::new("VPC-4");
+        let mut m1 = VpcManifest::new("VPC-2");
+        m1.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("3.1.1.0", 24)))
+                .as_range(Prefix::from(("3.1.2.0", 24))),
+        )
+        .expect("Failed to add expose");
+        let mut m2 = VpcManifest::new("VPC-4");
+        m2.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("3.2.1.0", 24)))
+                .as_range(Prefix::from(("3.2.2.0", 24))),
+        )
+        .expect("Failed to add expose");
         let peering = VpcPeering::new("Peering-3", m1, m2);
         peering_table.add(peering).unwrap();
 
-        let m1 = VpcManifest::new("VPC-1");
-        let m2 = VpcManifest::new("VPC-4");
+        let mut m1 = VpcManifest::new("VPC-1");
+        m1.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("4.1.1.0", 24)))
+                .as_range(Prefix::from(("4.1.2.0", 24))),
+        )
+        .expect("Failed to add expose");
+        let mut m2 = VpcManifest::new("VPC-4");
+        m2.add_expose(
+            VpcExpose::empty()
+                .ip(Prefix::from(("4.2.1.0", 24)))
+                .as_range(Prefix::from(("4.2.2.0", 24))),
+        )
+        .expect("Failed to add expose");
         let peering = VpcPeering::new("Peering-4", m1, m2);
         peering_table.add(peering).unwrap();
 
diff --git a/mgmt/src/models/external/overlay/vpcpeering.rs b/mgmt/src/models/external/overlay/vpcpeering.rs
@@ -36,7 +36,6 @@ impl VpcExpose {
         self.not_as.insert(prefix);
         self
     }
-    #[allow(unused)]
     fn fixup(mut self) -> Result<Self, ConfigError> {
         // Add a root prefix to the list of private prefixes if the list is empty
         if self.ips.is_empty() {
@@ -233,6 +232,15 @@ impl VpcManifest {
         self.exposes.push(expose);
         Ok(())
     }
+    pub fn validate(&self) -> ConfigResult {
+        if self.name.is_empty() {
+            return Err(ConfigError::MissingIdentifier("Manifest name"));
+        }
+        if self.exposes.is_empty() {
+            return Err(ConfigError::IncompleteConfig("Empty manifest".to_string()));
+        }
+        Ok(())
+    }
 }
 
 #[derive(Clone, Debug)]
@@ -253,6 +261,8 @@ impl VpcPeering {
         if self.name.is_empty() {
             return Err(ConfigError::MissingIdentifier("Peering name"));
         }
+        self.left.validate()?;
+        self.right.validate()?;
         Ok(())
     }
     /// Given a peering fetch the manifests, orderly depending on the provided vpc name
@@ -315,7 +325,7 @@ impl VpcPeeringTable {
 
         // First look for an existing entry, to avoid inserting a duplicate peering
         if self.0.contains_key(&peering.name) {
-            return Err(ApiError::DuplicateVpcPeeringId(peering.name.clone()));
+            return Err(ConfigError::DuplicateVpcPeeringId(peering.name.clone()));
         }
 
         if let Some(peering) = self.0.insert(peering.name.to_owned(), peering) {
