Validate BGPPeerSpec selector fields

lib/apis/v3/bgppeer.go

@@ -48,12 +48,12 @@ type BGPPeerSpec struct {
 	PeerIP string `json:"peerIP" validate:"omitempty,ip"`
 	// The AS Number of the peer.
 	ASNumber numorstring.ASNumber `json:"asNumber"`
-	// Selector for the nodes that should have this peering.  When this is set, it
-	// overrides the Node field.
+	// Selector for the nodes that should have this peering.  When this is set, the Node
+	// field must be empty.
 	NodeSelector string `json:"nodeSelector,omitempty"`
-	// Selector for the remote nodes to peer with.  When this is set, it overrides the
-	// PeerIP and ASNumber fields.  For each peering between the local node and selected
-	// remote nodes, we configure an IPv4 peering if both ends have
+	// Selector for the remote nodes to peer with.  When this is set, the PeerIP and
+	// ASNumber fields must be empty.  For each peering between the local node and
+	// selected remote nodes, we configure an IPv4 peering if both ends have
 	// NodeBGPSpec.IPv4Address specified, and an IPv6 peering if both ends have
 	// NodeBGPSpec.IPv6Address specified.  The remote AS number comes from the remote
 	// node’s NodeBGPSpec.ASNumber, or the global default if that is not set.

lib/validator/v3/validator.go

@@ -179,6 +179,7 @@ func init() {
 	registerStructValidator(validatorSecondary, validateWorkloadEndpointSpec, api.WorkloadEndpointSpec{})
 	registerStructValidator(validatorSecondary, validateHostEndpointSpec, api.HostEndpointSpec{})
 	registerStructValidator(validatorSecondary, validateRule, api.Rule{})
+	registerStructValidator(validatorSecondary, validateBGPPeerSpec, api.BGPPeerSpec{})
 
 	// Register structs that have two level of additional structs to validate.
 	registerStructValidator(validatorTertiary, validateNetworkPolicy, api.NetworkPolicy{})
@@ -828,6 +829,23 @@ func validateNodeSpec(v *validator.Validate, structLevel *validator.StructLevel)
 	}
 }
 
+func validateBGPPeerSpec(v *validator.Validate, structLevel *validator.StructLevel) {
+	ps := structLevel.CurrentStruct.Interface().(api.BGPPeerSpec)
+
+	if ps.Node != "" && ps.NodeSelector != "" {
+		structLevel.ReportError(reflect.ValueOf(ps.Node), "Node", "",
+			reason("Node field must be empty when NodeSelector is specified"))
+	}
+	if ps.PeerIP != "" && ps.PeerSelector != "" {
+		structLevel.ReportError(reflect.ValueOf(ps.PeerIP), "PeerIP", "",
+			reason("PeerIP field must be empty when PeerSelector is specified"))
+	}
+	if uint32(ps.ASNumber) != 0 && ps.PeerSelector != "" {
+		structLevel.ReportError(reflect.ValueOf(ps.ASNumber), "ASNumber", "",
+			reason("ASNumber field must be empty when PeerSelector is specified"))
+	}
+}
+
 func validateEndpointPort(v *validator.Validate, structLevel *validator.StructLevel) {
 	port := structLevel.CurrentStruct.Interface().(api.EndpointPort)
 

lib/validator/v3/validator_test.go

@@ -58,6 +58,8 @@ func init() {
 	protoUDP := numorstring.ProtocolFromString("UDP")
 	protoNumeric := numorstring.ProtocolFromInt(123)
 
+	as61234, _ := numorstring.ASNumberFromString("61234")
+
 	// longLabelsValue is 63 and 64 chars long
 	maxAnnotationsLength := 256 * (1 << 10)
 	longValue := make([]byte, maxAnnotationsLength)
@@ -1131,6 +1133,22 @@ func init() {
 		Entry("should accept valid BGPPeerSpec", api.BGPPeerSpec{PeerIP: ipv4_1}, true),
 		Entry("should reject invalid BGPPeerSpec (IPv4)", api.BGPPeerSpec{PeerIP: bad_ipv4_1}, false),
 		Entry("should reject invalid BGPPeerSpec (IPv6)", api.BGPPeerSpec{PeerIP: bad_ipv6_1}, false),
+		Entry("should reject BGPPeerSpec with both Node and NodeSelector", api.BGPPeerSpec{
+			Node:         "my-node",
+			NodeSelector: "has(mylabel)",
+		}, false),
+		Entry("should reject BGPPeerSpec with both PeerIP and PeerSelector", api.BGPPeerSpec{
+			PeerIP:       ipv4_1,
+			PeerSelector: "has(mylabel)",
+		}, false),
+		Entry("should reject BGPPeerSpec with both ASNumber and PeerSelector", api.BGPPeerSpec{
+			ASNumber:     as61234,
+			PeerSelector: "has(mylabel)",
+		}, false),
+		Entry("should accept BGPPeerSpec with NodeSelector and PeerSelector", api.BGPPeerSpec{
+			NodeSelector: "has(mylabel)",
+			PeerSelector: "has(mylabel)",
+		}, true),
 
 		// (API) NodeSpec
 		Entry("should accept node with IPv4 BGP", api.NodeSpec{BGP: &api.NodeBGPSpec{IPv4Address: netv4_1}}, true),