Extend validation pattern of allowedSourceRanges to allow for IPv6 ranges

[exciler]

first part of #2787

[zalando-robot]

Cannot start a pipeline due to:

No accountable user for this pipeline: no Zalando employee associated to this GitHub username

Click on pipeline status check Details link below for more information.

[mikkeloscar]

I'm not sure if the current e2e setup allows for testing this pattern in a meaningful way, but it would be good to have a test that shows this works for IPv6 and IPv4 as it's hard to reason about such a huge regex. If we can't do it as part of e2e, then at least let's add a unit test which shows the regex works for some cases of IPv4 and IPv6 ranges.

[exciler]

Besides that I have manually tested this regex against some valid and invalid IPv4 and IPv6 addresses to, it would of course be very beneficial to have some sort of automated testing for this.

Unfortunately I am not a "Go" expert and not really sure where I should add those tests in this quite large project. Would you mind giving me a hint where to start?

[mikkeloscar]

The only place the pattern is defined in go is in pkg/apis/acid.zalan.do/v1/crds.go so maybe it makes sense to add it as a const and then add a test file crds_test.go which has a test case validating it. That would be a unit test which would just show the pattern is correct.

For e2e test, even better, it would be something like adding a test case similar to this one:

postgres-operator/e2e/tests/test_e2e.py

Lines 867 to 919 in add9912

	@timeout_decorator.timeout(TEST_TIMEOUT_SEC)
	def test_enable_load_balancer(self):
	'''
	Test if services are updated when enabling/disabling load balancers in Postgres manifest
	'''
	k8s = self.k8s
	cluster_label = 'application=spilo,cluster-name=acid-minimal-cluster,spilo-role={}'
	self.eventuallyEqual(lambda: k8s.get_service_type(cluster_label.format("master")),
	'ClusterIP',
	"Expected ClusterIP type initially, found {}")
	try:
	# enable load balancer services
	pg_patch_enable_lbs = {
	"spec": {
	"enableMasterLoadBalancer": True,
	"enableReplicaLoadBalancer": True
	}
	}
	k8s.api.custom_objects_api.patch_namespaced_custom_object(
	"acid.zalan.do", "v1", "default", "postgresqls", "acid-minimal-cluster", pg_patch_enable_lbs)
	self.eventuallyEqual(lambda: k8s.get_service_type(cluster_label.format("master")),
	'LoadBalancer',
	"Expected LoadBalancer service type for master, found {}")
	self.eventuallyEqual(lambda: k8s.get_service_type(cluster_label.format("replica")),
	'LoadBalancer',
	"Expected LoadBalancer service type for master, found {}")
	# disable load balancer services again
	pg_patch_disable_lbs = {
	"spec": {
	"enableMasterLoadBalancer": False,
	"enableReplicaLoadBalancer": False
	}
	}
	k8s.api.custom_objects_api.patch_namespaced_custom_object(
	"acid.zalan.do", "v1", "default", "postgresqls", "acid-minimal-cluster", pg_patch_disable_lbs)
	self.eventuallyEqual(lambda: k8s.get_service_type(cluster_label.format("master")),
	'ClusterIP',
	"Expected LoadBalancer service type for master, found {}")
	self.eventuallyEqual(lambda: k8s.get_service_type(cluster_label.format("replica")),
	'ClusterIP',
	"Expected LoadBalancer service type for master, found {}")
	except timeout_decorator.TimeoutError:
	print('Operator log: {}'.format(k8s.get_operator_log()))
	raise

but add allowedSourceRanges and check that it succeeds on a valid IPv6/IPv4 and fails on an invalid one. I can't 100% reason if this works in the e2e environment but I believe it does.