Add IPv6 and dual-stack support for SubnetIPReservation

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

Author: wenqiq

Makefile

@@ -5,8 +5,6 @@ ENVTEST_K8S_VERSION = 1.22
 LDFLAGS            :=
 GOFLAGS            :=
 BINDIR             ?= $(CURDIR)/bin
-GO_FILES           := $(shell find . -type d -name '.cache' -prune -o -type f -name '*.go' -print)
-
 GOLANGCI_LINT_VERSION := v2.11.4
 GOLANGCI_LINT_BINDIR  := $(CURDIR)/.golangci-bin
 GOLANGCI_LINT_BIN     := $(GOLANGCI_LINT_BINDIR)/$(GOLANGCI_LINT_VERSION)/golangci-lint
@@ -56,7 +54,7 @@ generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and
 fmt: ## Run go fmt against code.
 	@echo
 	@echo "===> Formatting Go files <==="
-	@gofmt -s -l -w $(GO_FILES)
+	@go fmt ./...
 
 .PHONY: vet
 vet: ## Run go vet against code.

build/yaml/crd/vpc/crd.nsx.vmware.com_subnetipreservations.yaml

@@ -145,8 +145,9 @@ spec:
                 type: array
               ips:
                 description: |-
-                  List of reserved IPs.
-                  Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28"]
+                  List of reserved IPs for both IPv4 and IPv6.
+                  Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28",
+                  "2001:db8::1", "2001:db8::1-2001:db8::ff", "2001:db8::/64"]
                 items:
                   type: string
                 type: array

build/yaml/samples/nsx_v1alpha1_subnetipreservation.yaml

@@ -1,7 +1,53 @@
+---
+# Example 1: Dynamic IPv4 reservation (numberOfIPs mode, default)
 apiVersion: crd.nsx.vmware.com/v1alpha1
 kind: SubnetIPReservation
 metadata:
-  name: subnet-ipa-1
+  name: subnet-ipr-ipv4
 spec:
   subnet: subnet-1
   numberOfIPs: 10
+---
+# Example 2: Dynamic IPv6 reservation (numberOfIPs mode)
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-ipr-ipv6
+spec:
+  subnet: subnet-1-ipv6
+  numberOfIPs: 10
+  ipAddressType: IPV6
+---
+# Example 3: Dynamic dual-stack reservation — reserves 5 IPv4 IPs and 5 IPv6 IPs
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-ipr-dualstack
+spec:
+  subnet: subnet-1-dualstack
+  numberOfIPs: 5
+  ipAddressType: IPV4IPV6
+---
+# Example 4: Static IPv4 reservation (reservedIPs mode)
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-sipr-ipv4
+spec:
+  subnet: subnet-1
+  reservedIPs:
+    - "192.168.1.1"
+    - "192.168.1.3-192.168.1.100"
+    - "192.168.2.0/28"
+---
+# Example 5: Static IPv6 reservation (reservedIPs mode)
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-sipr-ipv6
+spec:
+  subnet: subnet-1-ipv6
+  reservedIPs:
+    - "2001:db8::1"
+    - "2001:db8::10-2001:db8::ff"
+    - "2001:db8:1::/64"

pkg/apis/vpc/v1alpha1/subnetipreservation_types.go

@@ -45,8 +45,9 @@ type SubnetIPReservationStatus struct {
 	// Conditions described if the SubnetIPReservation is configured on NSX or not.
 	// Condition type ""
 	Conditions []Condition `json:"conditions,omitempty"`
-	// List of reserved IPs.
-	// Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28"]
+	// List of reserved IPs for both IPv4 and IPv6.
+	// Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28",
+	// "2001:db8::1", "2001:db8::1-2001:db8::ff", "2001:db8::/64"]
 	IPs []string `json:"ips,omitempty"`
 }
 

pkg/controllers/subnetipreservation/subnetipreservation_controller.go

@@ -239,6 +239,15 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		return common.ResultNormal, nil
 	}
 
+	// For dynamic reservations (numberOfIPs), validate that the requested IP address family is
+	// supported by the parent Subnet.
+	if ipReservationCR.Spec.NumberOfIPs > 0 {
+		if err := validateIPAddressTypeCompatibility(subnetCR.Spec.IPAddressType, ipReservationCR.Spec.IPAddressType); err != nil {
+			r.StatusUpdater.UpdateFail(ctx, ipReservationCR, err, err.Error(), setReadyStatusFalse)
+			return common.ResultNormal, nil
+		}
+	}
+
 	nsxSubnet, err := r.SubnetService.GetSubnetByCR(subnetCR)
 	if err != nil {
 		log.Error(err, "failed to get NSX Subnet", "Namespace", subnetCR.Namespace, "Subnet", subnetCR.Name)
@@ -301,6 +310,20 @@ func (r *Reconciler) validateSubnet(ctx context.Context, ns, name string) (*v1al
 	return subnetCR, nil
 }
 
+// validateIPAddressTypeCompatibility checks that the SubnetIPReservation's IPAddressType is
+// compatible with the parent Subnet's IPAddressType. This validation only applies to dynamic
+// reservations (numberOfIPs mode); static reservations (reservedIPs mode) specify IPs directly.
+func validateIPAddressTypeCompatibility(subnetIPAddressType, reservationIPAddressType v1alpha1.IPAddressType) error {
+	// A dual-stack Subnet supports all reservation IP families.
+	if subnetIPAddressType == v1alpha1.IPAddressTypeIPv4IPv6 {
+		return nil
+	}
+	if subnetIPAddressType != reservationIPAddressType {
+		return fmt.Errorf("SubnetIPReservation IPAddressType %q is incompatible with Subnet IPAddressType %q", reservationIPAddressType, subnetIPAddressType)
+	}
+	return nil
+}
+
 func setReadyStatusTrue(client client.Client, ctx context.Context, obj client.Object, transitionTime metav1.Time, _ ...interface{}) {
 	ipReservationCR := obj.(*v1alpha1.SubnetIPReservation)
 	newConditions := []v1alpha1.Condition{

pkg/controllers/subnetipreservation/subnetipreservation_controller_test.go

@@ -398,6 +398,32 @@ func TestReconciler_Reconcile(t *testing.T) {
 			},
 			expectedResult: common.ResultNormal,
 		},
+		{
+			name: "IPAddressType incompatible with Subnet",
+			objects: []client.Object{&v1alpha1.SubnetIPReservation{
+				ObjectMeta: metav1.ObjectMeta{Name: "ipr-1", Namespace: "ns-1"},
+				Spec: v1alpha1.SubnetIPReservationSpec{
+					Subnet:      "subnet-1",
+					NumberOfIPs: 5,
+					// Use the CRD enum value ("IPV6") that Kubernetes actually stores,
+					// not the Go constant IPAddressTypeIPv6 = "IPv6".
+					IPAddressType: "IPV6",
+				},
+			}},
+			preparedFunc: func(r *Reconciler) *gomonkey.Patches {
+				patches := gomonkey.ApplyPrivateMethod(reflect.TypeOf(r), "validateSubnet", func(_ *Reconciler, ctx context.Context, ns string, name string) (*v1alpha1.Subnet, *errorWithRetry) {
+					return &v1alpha1.Subnet{
+						// Use the CRD enum value ("IPV4") that Kubernetes actually stores.
+						Spec: v1alpha1.SubnetSpec{IPAddressType: "IPV4"},
+					}, nil
+				})
+				patches.ApplyMethod(reflect.TypeOf(r.IPReservationService.NSXClient), "NSXCheckVersion", func(_ *nsx.Client, feature int) bool {
+					return true
+				})
+				return patches
+			},
+			expectedResult: common.ResultNormal,
+		},
 	}
 	for _, tc := range tests {
 		r := createFakeReconciler(tc.objects...)
@@ -508,6 +534,111 @@ func TestReconcile_validateSubnet(t *testing.T) {
 	}
 }
 
+func TestValidateIPAddressTypeCompatibility(t *testing.T) {
+	// All inputs use the CRD enum values ("IPV4"/"IPV6"/"IPV4IPV6", all-caps) that Kubernetes
+	// actually stores — NOT the v1alpha1 Go constants which use a different casing ("IPv4", etc.).
+	tests := []struct {
+		name              string
+		subnetType        v1alpha1.IPAddressType
+		reservationType   v1alpha1.IPAddressType
+		expectedErrSubstr string
+	}{
+		{
+			name:            "IPv4 subnet with IPv4 reservation",
+			subnetType:      "IPV4",
+			reservationType: "IPV4",
+		},
+		{
+			name:            "IPv4 subnet with empty reservation defaults to IPv4",
+			subnetType:      "IPV4",
+			reservationType: "",
+		},
+		{
+			name:              "IPv4 subnet with IPv6 reservation - incompatible",
+			subnetType:        "IPV4",
+			reservationType:   "IPV6",
+			expectedErrSubstr: "incompatible",
+		},
+		{
+			name:              "IPv4 subnet with dual-stack reservation - incompatible",
+			subnetType:        "IPV4",
+			reservationType:   "IPV4IPV6",
+			expectedErrSubstr: "incompatible",
+		},
+		{
+			name:            "IPv6 subnet with IPv6 reservation",
+			subnetType:      "IPV6",
+			reservationType: "IPV6",
+		},
+		{
+			name:              "IPv6 subnet with IPv4 reservation - incompatible",
+			subnetType:        "IPV6",
+			reservationType:   "IPV4",
+			expectedErrSubstr: "incompatible",
+		},
+		{
+			name:            "Dual-stack subnet with IPv4 reservation",
+			subnetType:      "IPV4IPV6",
+			reservationType: "IPV4",
+		},
+		{
+			name:            "Dual-stack subnet with IPv6 reservation",
+			subnetType:      "IPV4IPV6",
+			reservationType: "IPV6",
+		},
+		{
+			name:            "Dual-stack subnet with dual-stack reservation",
+			subnetType:      "IPV4IPV6",
+			reservationType: "IPV4IPV6",
+		},
+		{
+			name:            "Empty subnet type defaults to IPv4, IPv4 reservation",
+			subnetType:      "",
+			reservationType: "IPV4",
+		},
+		{
+			name:              "Empty subnet type defaults to IPv4, IPv6 reservation - incompatible",
+			subnetType:        "",
+			reservationType:   "IPV6",
+			expectedErrSubstr: "incompatible",
+		},
+		// Cross-casing: legacy all-caps Subnet vs mixed-case SubnetIPReservation (the real-world bug).
+		{
+			name:            "Legacy IPV6 subnet (all-caps) with mixed-case IPv6 reservation",
+			subnetType:      "IPV6",
+			reservationType: "IPv6",
+		},
+		{
+			name:            "Legacy IPV4 subnet (all-caps) with mixed-case IPv4 reservation",
+			subnetType:      "IPV4",
+			reservationType: "IPv4",
+		},
+		{
+			name:              "Legacy IPV4 subnet (all-caps) with mixed-case IPv6 reservation - incompatible",
+			subnetType:        "IPV4",
+			reservationType:   "IPv6",
+			expectedErrSubstr: "incompatible",
+		},
+		{
+			name:            "Legacy IPV4IPV6 subnet (all-caps) with mixed-case IPv6 reservation",
+			subnetType:      "IPV4IPV6",
+			reservationType: "IPv6",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			err := validateIPAddressTypeCompatibility(tc.subnetType, tc.reservationType)
+			if tc.expectedErrSubstr != "" {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tc.expectedErrSubstr)
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
+
 func TestReconcile_CollectGarbage(t *testing.T) {
 	ipr1 := &v1alpha1.SubnetIPReservation{
 		ObjectMeta: metav1.ObjectMeta{

pkg/nsx/services/subnetipreservation/builder.go

@@ -10,13 +10,36 @@ import (
 	"github.com/vmware-tanzu/nsx-operator/pkg/util"
 )
 
+// NSX DynamicIpAddressReservation IP address type values.
+// The CRD uses "IPV4IPV6" (no underscore) while NSX uses "IPV4_IPV6" (with underscore).
+const (
+	nsxIPAddressTypeIPv4     = "IPV4"
+	nsxIPAddressTypeIPv6     = "IPV6"
+	nsxIPAddressTypeIPv4IPv6 = "IPV4_IPV6"
+)
+
+// ipAddressTypeToNSX maps an IPAddressType to the NSX DynamicIpAddressReservation IpAddressType.
+// The CRD uses "IPV4IPV6" (no underscore) while NSX uses "IPV4_IPV6" (with underscore).
+func ipAddressTypeToNSX(ipAddressType v1alpha1.IPAddressType) string {
+	switch ipAddressType {
+	case v1alpha1.IPAddressTypeIPv6:
+		return nsxIPAddressTypeIPv6
+	case v1alpha1.IPAddressTypeIPv4IPv6:
+		return nsxIPAddressTypeIPv4IPv6
+	default:
+		return nsxIPAddressTypeIPv4
+	}
+}
+
 func (s *IPReservationService) buildDynamicIPReservation(ipReservation *v1alpha1.SubnetIPReservation, subnetPath string) *model.DynamicIpAddressReservation {
 	tags := util.BuildBasicTags(getCluster(s), ipReservation, "")
+	ipAddressType := ipAddressTypeToNSX(ipReservation.Spec.IPAddressType)
 	nsxIPReservation := &model.DynamicIpAddressReservation{
-		NumberOfIps: common.Int64(int64(ipReservation.Spec.NumberOfIPs)),
-		Tags:        tags,
-		Id:          common.String(s.buildIPReservationID(ipReservation, subnetPath)),
-		DisplayName: common.String(ipReservation.Name),
+		NumberOfIps:   common.Int64(int64(ipReservation.Spec.NumberOfIPs)),
+		Tags:          tags,
+		Id:            common.String(s.buildIPReservationID(ipReservation, subnetPath)),
+		DisplayName:   common.String(ipReservation.Name),
+		IpAddressType: &ipAddressType,
 	}
 	return nsxIPReservation
 }