OCPBUGS-69399: Allow ProvisioningCIDR for unmanaged network

[hroyrh]

As provisioningCIDR was used only for managed network, it caused broken networking for unmanaged provisioning networking scenarios because all routes were not created. To fix the issue, this pr allows provisioningCIDR for both managed and unmanaged networks.

Summary by CodeRabbit

• Bug Fixes

  • Unmanaged provisioning configurations now perform validation to ensure provisioning IP addresses fall within the defined CIDR range.
  • Provisioning IP addresses for unmanaged configurations are now consistently formatted with CIDR notation for proper network handling.

• Tests

  • Added test coverage validating IP CIDR range enforcement and CIDR formatting for unmanaged provisioning configurations.

[openshift-ci-robot]

@hroyrh: This pull request references Jira Issue OCPBUGS-69399, which is invalid:

• expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

As provisioningCIDR was used only for managed network, it caused broken networking for unmanaged provisioning networking scenarios because all routes were not created. To fix the issue, this pr allows provisioningCIDR for both managed and unmanaged networks.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[hroyrh]

/jira refresh

[openshift-ci-robot]

@hroyrh: This pull request references Jira Issue OCPBUGS-69399, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jadhaj

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[hroyrh]

/test unit

[MahnoorAsghar]

/test unit

[MahnoorAsghar]

/test unit

[dtantsur]

nit: if provisioningNetworkMode == ProvisioningNetworkDisabled

[hroyrh]

Done

[dtantsur]

We aren't making the CIDR mandatory by reaching this code, are we?

[hroyrh]

That shouldn't happen since we already return early for disabled provisioning network and we require CIDR for other cases, right ? I don't think we should allow empty CIDR for unmanaged network.

[dtantsur]

nit: if provisioningNetworkMode != ProvisioningNetworkDisabled

[hroyrh]

Done

[coderabbitai]

Walkthrough

The changes enable CIDR validation and formatting for unmanaged provisioning configurations. Previously, validation logic was skipped for non-Managed modes; now it runs for Unmanaged mode (while remaining skipped for Disabled). Provisioning IP is formatted with CIDR prefix for unmanaged networks, alongside corresponding test updates.

Changes

Cohort / File(s)	Summary
Validation Logic api/v1alpha1/provisioning_validation.go, api/v1alpha1/provisioning_validation_test.go	Modified early-return condition to only bypass validation when provisioning network is Disabled, allowing validation to proceed for Unmanaged mode. Added test case verifying rejection of unmanaged config with ProvisioningIP outside CIDR range.
Provisioning IP Configuration provisioning/baremetal_config.go, provisioning/baremetal_config_test.go	Updated getProvisioningIP to use CIDR prefix formatting for non-Disabled provisioning networks (previously Managed only). Added test case verifying unmanaged provisioning uses CIDR-formatted IP.
Pod Configuration Tests provisioning/baremetal_pod_test.go	Added test case for unmanaged provisioning with CIDR-formatted IP. Updated TestNewMetal3Containers expectations to use CIDR format ("172.30.20.3/24") for metal3-httpd, metal3-ironic, and metal3-static-ip-manager containers in UnmanagedSpec scenario.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: allowing ProvisioningCIDR for unmanaged networks, which matches the primary objective of extending CIDR support beyond managed-only networks.
Stable And Deterministic Test Names	✅ Passed	Test names are stable and deterministic: InvalidUnmanagedProvisioningIPCIDR, Unmanaged ProvisioningIPCIDR, Unanaged ProvisioningIPCIDR contain no IP addresses, timestamps, or dynamic data.
Test Structure And Quality	✅ Passed	Test code uses standard Go testing package with table-driven patterns, following good quality practices with meaningful assertions and builder fixture setup.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@hroyrh: This pull request references Jira Issue OCPBUGS-69399, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jadhaj

Details

In response to this:

As provisioningCIDR was used only for managed network, it caused broken networking for unmanaged provisioning networking scenarios because all routes were not created. To fix the issue, this pr allows provisioningCIDR for both managed and unmanaged networks.

Summary by CodeRabbit

• Bug Fixes

• Unmanaged provisioning configurations now perform validation to ensure provisioning IP addresses fall within the defined CIDR range.

• Provisioning IP addresses for unmanaged configurations are now consistently formatted with CIDR notation for proper network handling.

• Tests

• Added test coverage validating IP CIDR range enforcement and CIDR formatting for unmanaged provisioning configurations.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

♻️ Duplicate comments (1)

api/v1alpha1/provisioning_validation.go (1)

162-169: ⚠️ Potential issue | 🟠 Major

Don't turn provisioningNetworkCIDR into a hard requirement for unmanaged mode.

This branch now sends every unmanaged spec through net.ParseCIDR(cidr), so an unmanaged config that only sets ProvisioningIP starts failing validation here. The new getProvisioningIP() path also drops PROVISIONING_IP in that case, so this is a backward-incompatible regression beyond “allow CIDR when present”. Please keep the CIDR-specific checks conditional for unmanaged mode and preserve the raw-IP fallback when ProvisioningNetworkCIDR is empty.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/v1alpha1/provisioning_validation.go` around lines 162 - 169, The current
validation forces parsing provisioningNetworkCIDR for unmanaged specs and
rejects configs that only set ProvisioningIP; change the logic so CIDR-specific
validation only runs when a CIDR is actually provided: in the block that
currently calls net.ParseCIDR(cidr) (using provisioningNetworkMode,
provisioningNetworkCIDR/provisioningCIDR and err variables), wrap or gate that
parse/validation behind a check that cidr != "" (or the equivalent
provisioningNetworkCIDR presence) and skip to the existing raw-IP fallback
(getProvisioningIP / ProvisioningIP) when empty; ensure unmanaged-mode flows do
not require a CIDR and preserve existing raw IP handling.

🧹 Nitpick comments (1)

provisioning/baremetal_config_test.go (1)

49-54: Please add the unmanaged-without-CIDR case here too.

This only pins the new CIDR-present path. A companion case with ProvisioningNetworkCIDR == "" would protect the existing unmanaged behavior while still covering the new route-creation flow.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@provisioning/baremetal_config_test.go` around lines 49 - 54, Add a companion
test case for the unmanaged flow that leaves ProvisioningNetworkCIDR empty: copy
the existing "Unmanaged ProvisioningIPCIDR" case (configName provisioningIP,
spec from unmanagedProvisioning().build()) and add a new case named like
"Unmanaged ProvisioningIP without CIDR" where you set the spec's
ProvisioningNetworkCIDR to "" (e.g. via
unmanagedProvisioning().withProvisioningNetworkCIDR("").build() or by clearing
the field before build) and set expectedValue to the prior unmanaged behavior
value (the same expectedValue used by the unmanaged tests before CIDR was
introduced) so the test covers both CIDR-present and CIDR-empty code paths.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@api/v1alpha1/provisioning_validation.go`:
- Around line 162-169: The current validation forces parsing
provisioningNetworkCIDR for unmanaged specs and rejects configs that only set
ProvisioningIP; change the logic so CIDR-specific validation only runs when a
CIDR is actually provided: in the block that currently calls net.ParseCIDR(cidr)
(using provisioningNetworkMode, provisioningNetworkCIDR/provisioningCIDR and err
variables), wrap or gate that parse/validation behind a check that cidr != ""
(or the equivalent provisioningNetworkCIDR presence) and skip to the existing
raw-IP fallback (getProvisioningIP / ProvisioningIP) when empty; ensure
unmanaged-mode flows do not require a CIDR and preserve existing raw IP
handling.

---

Nitpick comments:
In `@provisioning/baremetal_config_test.go`:
- Around line 49-54: Add a companion test case for the unmanaged flow that
leaves ProvisioningNetworkCIDR empty: copy the existing "Unmanaged
ProvisioningIPCIDR" case (configName provisioningIP, spec from
unmanagedProvisioning().build()) and add a new case named like "Unmanaged
ProvisioningIP without CIDR" where you set the spec's ProvisioningNetworkCIDR to
"" (e.g. via unmanagedProvisioning().withProvisioningNetworkCIDR("").build() or
by clearing the field before build) and set expectedValue to the prior unmanaged
behavior value (the same expectedValue used by the unmanaged tests before CIDR
was introduced) so the test covers both CIDR-present and CIDR-empty code paths.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fab7d64c-3f95-4da8-837c-8d196522daef

📥 Commits

Reviewing files that changed from the base of the PR and between aff20f1 and b16f413.

📒 Files selected for processing (5)

• api/v1alpha1/provisioning_validation.go
• api/v1alpha1/provisioning_validation_test.go
• provisioning/baremetal_config.go
• provisioning/baremetal_config_test.go
• provisioning/baremetal_pod_test.go

[hroyrh]

/retest-required

[hroyrh]

/retest-required

[openshift-ci]

@hroyrh: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jadhaj]

/verified later @jadhaj

[elfosardo]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: elfosardo, hroyrh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [elfosardo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[MahnoorAsghar]

/lgtm

[zaneb]

/verified later @jadhaj

[jadhaj]

/verified later @jadhaj

[openshift-ci-robot]

@jadhaj: This PR has been marked to be verified later by @jadhaj.

Details

In response to this:

/verified later @jadhaj

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@hroyrh: Jira Issue OCPBUGS-69399: All pull requests linked via external trackers have merged:

• openshift/cluster-baremetal-operator#553

This pull request has the verified-later tag and will need to be manually moved to VERIFIED after testing. Jira Issue OCPBUGS-69399 has been moved to the MODIFIED state.

Details

In response to this:

As provisioningCIDR was used only for managed network, it caused broken networking for unmanaged provisioning networking scenarios because all routes were not created. To fix the issue, this pr allows provisioningCIDR for both managed and unmanaged networks.

Summary by CodeRabbit

• Bug Fixes

• Unmanaged provisioning configurations now perform validation to ensure provisioning IP addresses fall within the defined CIDR range.

• Provisioning IP addresses for unmanaged configurations are now consistently formatted with CIDR notation for proper network handling.

• Tests

• Added test coverage validating IP CIDR range enforcement and CIDR formatting for unmanaged provisioning configurations.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[hroyrh]

/cherrypick release-4.21

[openshift-cherrypick-robot]

@hroyrh: new pull request created: #576

Details

In response to this:

/cherry-pick release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.