Uploaded image for project: 'OCMUI - OpenShift Cluster Manager UI'
  1. OCMUI - OpenShift Cluster Manager UI
  2. OCMUI-1543

[OSD WIZARD][ROSA WIZARD] CIDR validation can fail for singlezone private+privatelink network

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • A-Team
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • ACM Console Sprint 251

      Description of the issue

      An edge case for CIDR ranges configuration makes wrong settings pass the CIDR validation.

      In particular the validation fails when the number of subnets is 1, which can happen only if the user select "singlezone" availability, "Cluster privacy" to "private" and "private link" to true, in fact in this case there is only a single private subnet available for the cluster.

      Let's have a VPC having a private subnet with the following CIDR range: 10.0.32.0/22, which has the following network range: 10.0.32.0 - 10.0.35.255.

      In "Machine CIDR" you can enter also a sub network of this network, in other words a CIDR block with a greater prefix: let's say 10.0.32.0/24, in this case the network range will be smaller.

      Take into account another sub network of our private subnet: let's say 10.0.34.0/24. This network doesn't overlap 10.0.32.0/24 which is our "Machine CIDR", so let's use it for "Service CIDR".

      In this situation the UI validation passes because "Machine CIDR" contains the starting IP of the only subnet and Machine CIDR doesn't overlap "Service CIDR" and "Service CIDR" doesn't contain the starting ip of the subnet. But both "Machine CIDR" and "Service CIDR" are pieces of the subnet.

      The user can proceed and create the cluster using the UI but then an error message from backend stops the cluster creation and states that subnet overlaps "Service CIDR".

      So we have two different validations in UI and backend and, probably, the UI one is wrong. 

      Steps to Reproduce:

      1. Launch OCM UI staging.
      2. Open OSD/ROSA wizard.
      3. In step "Cluster settings > details" leave the availability to "single zone".
      4. Reach "Networking > Configuration" step.
      5. Select "Cluster privacy" to "Private".
      6. Enable "Install into an existing VPC" and "Use a PrivateLink" (both are mandatory for ROSA classic)
      7. Click next to reach "Networking > VPC settings" step.
      8. Select a VPC and a private subnet.
      9. Click next to reach "Networking > CIDR ranges" step.
      10. Prepate two CIDR blocks not overlapping with each other, but both contained in the selected subnet.
      11. Enter one of the prepared CIDR block to "Machine CIDR" and the other one to "Service CIDR".
      12. Click "Next" and notice that the provided CIDR configuration passes the validation.
      13. Reach the "Review and create" step and click on "Create cluster".

      Actual results:

      An error message from backend doesn't allow the cluster to be created. The error message is like in the image below:

      Expected results:

      A validation error should stop the user at the step 11.

       

       

      cidr_singlesubnet_bug.webm

        1. cidr_edge_case_fixed.webm
          498 kB
          Vitor Graziano
        2. cidr_singlesubnet_bug.webm
          1.99 MB
          Vitor Graziano
        3. image-2024-03-14-17-25-39-307.png
          71 kB
          Vitor Graziano

              rh-ee-dcooper Dylan Cooper
              rhn-support-vgrazian Vitor Graziano (Inactive)
              Vitor Graziano Vitor Graziano (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: