Skip to content

[Declarative Validation] Add k8s-cidr format to +k8s:format tag#138201

Open
sAchin-680 wants to merge 4 commits into
kubernetes:masterfrom
sAchin-680:declarative-validation-k8s-cidr-format
Open

[Declarative Validation] Add k8s-cidr format to +k8s:format tag#138201
sAchin-680 wants to merge 4 commits into
kubernetes:masterfrom
sAchin-680:declarative-validation-k8s-cidr-format

Conversation

@sAchin-680
Copy link
Copy Markdown
Contributor

@sAchin-680 sAchin-680 commented Apr 3, 2026

What type of PR is this?

/kind feature

What this PR does / why we need it:

Adds three new format values to the +k8s:format declarative validation tag: k8s-cidr, k8s-cidrv4, and k8s-cidrv6.

These use sloppy CIDR parsing (netutils.ParseCIDRSloppy) to match historical Kubernetes behavior — tolerating leading zeros in IPv4 octets and interface-address–form CIDRs (e.g. 192.168.1.5/24). The v4 and v6 variants additionally enforce address-family.

Three runtime functions are added to k8s.io/apimachinery/pkg/api/validate: CIDRSloppy, CIDRv4Sloppy, and CIDRv6Sloppy. Output integration tests follow the same pattern as all existing format output tests.

Which issue(s) this PR is related to:

Fixes: #138113

Special notes for your reviewer:

  • Sloppy parsing is intentional — it mirrors what existing Kubernetes CIDR fields accept today. A strict variant can follow separately if needed.
  • The analogous k8s-ip format is still commented out in format.go due to ratcheting concerns; that decision is unaffected by this PR.
  • Output tests live under output_tests/tags/format/k8s-cidr{,v4,v6}/ and are structured identically to k8s-uuid, k8s-label-key, etc.

Does this PR introduce a user-facing change?

Added `k8s-cidr`, `k8s-cidrv4`, and `k8s-cidrv6` as valid values for the `+k8s:format` declarative validation tag. Fields annotated with these tags will be validated as CIDR strings (IPv4+IPv6, IPv4-only, or IPv6-only respectively) using sloppy parsing consistent with existing Kubernetes behavior.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

N/A

@sAchin-680
validation-gen: add +k8s:maxProperties declarative validation tag
0bafcc2 
Add a new +k8s:maxProperties=<N> declarative validation tag that enforces
a maximum number of entries in a map field. This corresponds to the
OpenAPI/JSON Schema maxProperties keyword.

Changes:
- Add MaxProperties[K comparable, V any] runtime validation function to
  k8s.io/apimachinery/pkg/api/validate with 'maxProperties' origin.
- Add TestMaxProperties to limits_test.go covering 0/1/2-item maps and
  negative max boundary cases.
- Add maxPropertiesTagValidator to validation-gen validators/limits.go:
  - Restricted to map types only (mirrors +k8s:maxItems for slices)
  - Uses ShortCircuit flag to prevent DoS via oversized-map validation
  - Parses value via util.ParseInt, rejects negative values
  - Stability level: Alpha
- Annotate StorageClass.Parameters with +k8s:maxProperties=512 as the
  first consumer, replacing the hand-written len(params) > 512 guard.
- Add CHANGELOG entry.

Fixes: kubernetes#138112
Signed-off-by: sAchin-680 <mrmister680@gmail.com>
@sAchin-680
declarative-validation: Add k8s-cidr, k8s-cidrv4, k8s-cidrv6 formats …
892c9d6 
…to +k8s:format DV tag

Implements kubernetes#138113. Adds CIDRSloppy, CIDRv4Sloppy, CIDRv6Sloppy validators in
k8s.io/apimachinery/pkg/api/validate using netutils.ParseCIDRSloppy for
backwards-compatible (sloppy) CIDR parsing that tolerates leading zeros and
interface-address-form CIDRs.

Registers k8s-cidr, k8s-cidrv4, and k8s-cidrv6 in the +k8s:format declarative
validation tag switch in the validation-gen code generator.

Output integration tests are added for all three new format values following
the same pattern as existing format output tests.

Signed-off-by: sAchin-680 <mrmister680@gmail.com>
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 3, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 3, 2026

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 3, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 3, 2026

Hi @sAchin-680. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 3, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sAchin-680
Once this PR has been reviewed and has the lgtm label, please assign justaugustus, liggitt for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added area/code-generation area/release-eng Issues or PRs related to the Release Engineering subproject kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/release Categorizes an issue or PR as relevant to SIG Release. sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 3, 2026
@k8s-ci-robot k8s-ci-robot requested review from deads2k and gracenng April 3, 2026 16:02
@k8s-triage-robot
Copy link
Copy Markdown

k8s-triage-robot commented Apr 3, 2026

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 1, 2026
@k8s-ci-robot k8s-ci-robot added do-not-merge/contains-merge-commits Indicates a PR which contains merge commits. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels May 4, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 4, 2026

Adding label do-not-merge/contains-merge-commits because PR contains merge commits, which are not allowed in this repository.
Use git rebase to reapply your commits on top of the target branch. Detailed instructions for doing so can be found here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 6, 2026
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deads2k deads2k Awaiting requested review from deads2k

@gracenng gracenng Awaiting requested review from gracenng

Assignees

No one assigned

Labels

area/code-generation area/release-eng Issues or PRs related to the Release Engineering subproject cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/contains-merge-commits Indicates a PR which contains merge commits. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/release Categorizes an issue or PR as relevant to SIG Release. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Declarative Validation] Add k8s-cidr format to +k8s:format declarative validation tag

3 participants

@sAchin-680 @k8s-ci-robot @k8s-triage-robot