feat(controller): add carveGroupCIDRs pure function for network group CIDR allocation

Author: syscod3

internal/controller/group_cidr.go

@@ -0,0 +1,83 @@
+package controller
+
+import (
+	"encoding/binary"
+	"fmt"
+	"net"
+	"sort"
+
+	impdevv1alpha1 "github.com/syscode-labs/imp/api/v1alpha1"
+)
+
+// carveGroupCIDRs derives one subnet per group from parentCIDR.
+// Groups are sorted alphabetically for deterministic output.
+// Each group gets the smallest subnet that fits ExpectedSize hosts
+// (minimum /30 for 0 or 1 host). Subnets are placed consecutively,
+// aligned to their natural block boundary.
+// Returns an error if the parent subnet is exhausted.
+func carveGroupCIDRs(parentCIDR string, groups []impdevv1alpha1.NetworkGroupSpec) ([]impdevv1alpha1.GroupCIDR, error) {
+	if len(groups) == 0 {
+		return nil, nil
+	}
+
+	_, parent, err := net.ParseCIDR(parentCIDR)
+	if err != nil {
+		return nil, fmt.Errorf("parse subnet %q: %w", parentCIDR, err)
+	}
+	parentStart := ipToUint32(parent.IP.To4())
+	parentPrefix, _ := parent.Mask.Size()
+	parentSize := uint32(1) << (32 - parentPrefix)
+
+	// Sort groups by name for determinism.
+	sorted := make([]impdevv1alpha1.NetworkGroupSpec, len(groups))
+	copy(sorted, groups)
+	sort.Slice(sorted, func(i, j int) bool { return sorted[i].Name < sorted[j].Name })
+
+	result := make([]impdevv1alpha1.GroupCIDR, 0, len(sorted))
+	cursor := parentStart
+
+	for _, g := range sorted {
+		prefix := groupPrefixLen(g.ExpectedSize)
+		blockSize := uint32(1) << (32 - prefix)
+
+		// Align cursor to block boundary.
+		aligned := (cursor + blockSize - 1) &^ (blockSize - 1)
+		if aligned < parentStart || aligned-parentStart+blockSize > parentSize {
+			return nil, fmt.Errorf("group %q: no space left in %s", g.Name, parentCIDR)
+		}
+
+		ip := uint32ToIP(aligned)
+		result = append(result, impdevv1alpha1.GroupCIDR{
+			Name: g.Name,
+			CIDR: fmt.Sprintf("%s/%d", ip.String(), prefix),
+		})
+		cursor = aligned + blockSize
+	}
+	return result, nil
+}
+
+// groupPrefixLen returns the smallest CIDR prefix that fits n hosts.
+// Minimum is /30 (2 usable addresses). Identical semantics to
+// network.sizeToCIDRPrefix in the agent package.
+func groupPrefixLen(n int32) int {
+	if n <= 2 {
+		return 30
+	}
+	needed := int(n) + 2 // +2 for network and broadcast
+	prefix := 30
+	for (1 << (32 - prefix)) < needed {
+		prefix--
+	}
+	return prefix
+}
+
+func ipToUint32(ip net.IP) uint32 {
+	ip = ip.To4()
+	return binary.BigEndian.Uint32(ip)
+}
+
+func uint32ToIP(n uint32) net.IP {
+	ip := make(net.IP, 4)
+	binary.BigEndian.PutUint32(ip, n)
+	return ip
+}

internal/controller/group_cidr_test.go

@@ -0,0 +1,75 @@
+package controller
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	impdevv1alpha1 "github.com/syscode-labs/imp/api/v1alpha1"
+)
+
+func TestCarveGroupCIDRs_TwoGroups(t *testing.T) {
+	groups := []impdevv1alpha1.NetworkGroupSpec{
+		{Name: "workers", ExpectedSize: 14},    // → /28 (16 addresses)
+		{Name: "controllers", ExpectedSize: 4}, // → /29 (8 addresses)
+	}
+	// controllers < workers alphabetically; controllers gets the first block.
+	result, err := carveGroupCIDRs("10.44.0.0/24", groups)
+	require.NoError(t, err)
+	require.Len(t, result, 2)
+
+	// Map by name for order-independent assertions.
+	byName := make(map[string]string, len(result))
+	for _, gc := range result {
+		byName[gc.Name] = gc.CIDR
+	}
+
+	// controllers (sorted first): /29 aligned at 0 → 10.44.0.0/29
+	assert.Equal(t, "10.44.0.0/29", byName["controllers"])
+	// workers: /28 must start at a 16-address aligned boundary after controllers' block (ends at .8)
+	// Next /28-aligned address ≥ 10.44.0.8 is 10.44.0.16.
+	assert.Equal(t, "10.44.0.16/28", byName["workers"])
+}
+
+func TestCarveGroupCIDRs_SingleGroup(t *testing.T) {
+	groups := []impdevv1alpha1.NetworkGroupSpec{
+		{Name: "all", ExpectedSize: 30}, // → /27 (32 addresses)
+	}
+	result, err := carveGroupCIDRs("10.44.0.0/24", groups)
+	require.NoError(t, err)
+	require.Len(t, result, 1)
+	assert.Equal(t, "10.44.0.0/27", result[0].CIDR)
+}
+
+func TestCarveGroupCIDRs_NoGroups(t *testing.T) {
+	result, err := carveGroupCIDRs("10.44.0.0/24", nil)
+	require.NoError(t, err)
+	assert.Empty(t, result)
+}
+
+func TestCarveGroupCIDRs_Overflow(t *testing.T) {
+	// /30 parent (4 addresses = 2 usable) cannot fit a /28 (16 addresses).
+	groups := []impdevv1alpha1.NetworkGroupSpec{
+		{Name: "big", ExpectedSize: 14}, // → /28
+	}
+	_, err := carveGroupCIDRs("10.44.0.0/30", groups)
+	require.Error(t, err)
+}
+
+func TestCarveGroupCIDRs_Deterministic(t *testing.T) {
+	// Same groups in different order should produce identical output (sorted by name).
+	groups1 := []impdevv1alpha1.NetworkGroupSpec{
+		{Name: "z", ExpectedSize: 2},
+		{Name: "a", ExpectedSize: 2},
+	}
+	groups2 := []impdevv1alpha1.NetworkGroupSpec{
+		{Name: "a", ExpectedSize: 2},
+		{Name: "z", ExpectedSize: 2},
+	}
+	r1, err1 := carveGroupCIDRs("10.0.0.0/24", groups1)
+	r2, err2 := carveGroupCIDRs("10.0.0.0/24", groups2)
+	require.NoError(t, err1)
+	require.NoError(t, err2)
+	assert.Equal(t, r1[0].CIDR, r2[0].CIDR) // "a" gets same CIDR regardless of input order
+}