upcoming: [M3-9424] - Review nodebalancers validation schemas

packages/validation/.changeset/pr-11910-changed-1742903940647.md

@@ -0,0 +1,5 @@
+---
+"@linode/validation": Changed
+---
+
+Update validation schemas for the changes in POST endpoints in /v4/nodebalancers (& /v4beta/nodebalancers) for NB-VPC Integration ([#11910](https://github.com/linode/manager/pull/11910))

packages/validation/src/nodebalancers.schema.ts

@@ -1,9 +1,11 @@
-import { array, boolean, mixed, number, object, string } from 'yup';
+import { array, boolean, lazy, mixed, number, object, string } from 'yup';
+import { IP_EITHER_BOTH_NOT_NEITHER, vpcsValidateIP } from './vpcs.schema';
 
 const PORT_WARNING = 'Port must be between 1 and 65535.';
 const LABEL_WARNING = 'Label must be between 3 and 32 characters.';
 
 export const PRIVATE_IPv4_REGEX = /^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.|^fd/;
+export const PRIVATE_IPv6_REGEX = /^(fc|fd)\./;
 
 export const CHECK_ATTEMPTS = {
   MIN: 1,
@@ -40,6 +42,14 @@ export const nodeBalancerConfigNodeSchema = object({
     .required('IP address is required.')
     .matches(PRIVATE_IPv4_REGEX, 'Must be a valid private IPv4 address.'),
 
+  subnet_id: number().when('vpcs', {
+    is: (vpcs: typeof createNodeBalancerVPCsSchema) => vpcs !== undefined,
+    then: (schema) =>
+      schema
+        .required('Subnet ID is required')
+        .typeError('Subnet ID must be a number'),
+  }),
+
   port: number()
     .typeError('Port must be a number.')
     .required('Port is required.')
@@ -251,6 +261,76 @@ const client_udp_sess_throttle = number()
   )
   .typeError('UDP Session Throttle must be a number.');
 
+const createNodeBalancerVPCsSchema = object({
+  subnet_id: number()
+    .typeError('Subnet ID must be a number.')
+    .required('Subnet ID is required.'),
+  ipv4_range: string().when('ipv6_range', {
+    is: (value: unknown) =>
+      value === '' || value === null || value === undefined,
+    then: (schema) =>
+      schema
+        .required(IP_EITHER_BOTH_NOT_NEITHER)
+        .matches(PRIVATE_IPv4_REGEX, 'Must be a valid private IPv4 address.')
+        .test({
+          name: 'IPv4 CIDR format',
+          message: 'The IPv4 range must be in CIDR format.',
+          test: (value) =>
+            vpcsValidateIP({
+              value,
+              shouldHaveIPMask: true,
+              mustBeIPMask: false,
+            }),
+        }),
+    otherwise: (schema) =>
+      lazy((value: string | undefined) => {
+        switch (typeof value) {
+          case 'undefined':
+            return schema.notRequired().nullable();
+
+          case 'string':
+            return schema
+              .notRequired()
+              .matches(
+                PRIVATE_IPv4_REGEX,
+                'Must be a valid private IPv4 address.'
+              )
+              .test({
+                name: 'IPv4 CIDR format',
+                message: 'The IPv4 range must be in CIDR format.',
+                test: (value) =>
+                  vpcsValidateIP({
+                    value,
+                    shouldHaveIPMask: true,
+                    mustBeIPMask: false,
+                  }),
+              });
+
+          default:
+            return schema.notRequired().nullable();
+        }
+      }),
+  }),
+  ipv6_range: string().when('ipv6_range', {
+    is: (value: unknown) =>
+      value === '' || value === null || value === undefined,
+    then: (schema) =>
+      schema
+        .required(IP_EITHER_BOTH_NOT_NEITHER)
+        .matches(PRIVATE_IPv6_REGEX, 'Must be a valid private IPv6 address.')
+        .test({
+          name: 'valid-ipv6-range',
+          message: 'Must be a valid IPv6 range, e.g. 2001:db8:abcd:0012::0/64.',
+          test: (value) =>
+            vpcsValidateIP({
+              value,
+              shouldHaveIPMask: true,
+              mustBeIPMask: false,
+            }),
+        }),
+  }),
+});
+
 export const NodeBalancerSchema = object({
   label: string()
     .required('Label is required.')
@@ -301,6 +381,28 @@ export const NodeBalancerSchema = object({
         message: 'Port must be unique.',
       });
     }),
+
+  vpcs: array()
+    .of(createNodeBalancerVPCsSchema)
+    .test(
+      'unique subnet IDs',
+      'Subnet IDs must be unique.',
+      function (value?: any[] | null) {
+        if (!value) {
+          return true;
+        }
+        const ids: number[] = value.map((vpcs) => vpcs.subnet_id);
+        const duplicates: number[] = [];
+        ids.forEach(
+          (id, index) => ids.indexOf(id) !== index && duplicates.push(index)
+        );
+        const idStrings = ids.map((id: number) => `vpcs[${id}].subnet_id`);
+        throw this.createError({
+          path: idStrings.join('|'),
+          message: 'Subnet ID must be unique',
+        });
+      }
+    ),
 });
 
 export const UpdateNodeBalancerSchema = object({

packages/validation/src/vpcs.schema.ts

@@ -11,7 +11,7 @@ const labelTestDetails = {
   testMessage: 'Label must not contain two dashes in a row.',
 };
 
-const IP_EITHER_BOTH_NOT_NEITHER =
+export const IP_EITHER_BOTH_NOT_NEITHER =
   'A subnet must have either IPv4 or IPv6, or both, but not neither.';
 // @TODO VPC IPv6 - remove below constant when IPv6 is in GA
 const TEMPORARY_IPV4_REQUIRED_MESSAGE = 'A subnet must have an IPv4 range.';
@@ -97,6 +97,7 @@ export const vpcsValidateIP = ({
     }
 
     if (isIPv6) {
+      // @TODO NB-VPC: update the IPv6 prefix if required for NB-VPC integration
       // VPCs must be assigned an IPv6 prefix of /52, /48, or /44
       const invalidVPCIPv6Prefix = !['52', '48', '44'].includes(mask);
       if (!isIPv6Subnet && invalidVPCIPv6Prefix) {