chore: gw validation unit tests

edipascale · Frostman · commit 1b079419e204 · 2025-10-12T20:42:46.000-07:00
Signed-off-by: Emanuele Di Pascale &lt;emanuele@githedgehog.com&gt;
diff --git a/api/gateway/v1alpha1/gateway_types.go b/api/gateway/v1alpha1/gateway_types.go
@@ -5,6 +5,7 @@ package v1alpha1
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net"
 	"net/netip"
@@ -13,6 +14,8 @@ import (
 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
+var ErrInvalidGW = errors.New("invalid gateway")
+
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
 // GatewaySpec defines the desired state of Gateway.
@@ -88,92 +91,92 @@ func (gw *Gateway) Default() {
 func (gw *Gateway) Validate(ctx context.Context, kube kclient.Reader) error {
 	protoIP, err := netip.ParsePrefix(gw.Spec.ProtocolIP)
 	if err != nil {
-		return fmt.Errorf("invalid ProtocolIP %s: %w", gw.Spec.ProtocolIP, err)
+		return fmt.Errorf("invalid ProtocolIP %s: %w", gw.Spec.ProtocolIP, errors.Join(err, ErrInvalidGW))
 	}
 	if protoIP.Bits() != 32 {
-		return fmt.Errorf("ProtocolIP %s must be a /32 prefix", gw.Spec.ProtocolIP) //nolint:goerr113
+		return fmt.Errorf("ProtocolIP %s must be a /32 prefix: %w", gw.Spec.ProtocolIP, ErrInvalidGW)
 	}
 	if !protoIP.Addr().Is4() {
-		return fmt.Errorf("ProtocolIP %s must be an IPv4 address", gw.Spec.ProtocolIP) //nolint:goerr113
+		return fmt.Errorf("ProtocolIP %s must be an IPv4 address: %w", gw.Spec.ProtocolIP, ErrInvalidGW)
 	}
 
 	vtepIP, err := netip.ParsePrefix(gw.Spec.VTEPIP)
 	if err != nil {
-		return fmt.Errorf("invalid VTEPIP %s: %w", gw.Spec.VTEPIP, err)
+		return fmt.Errorf("invalid VTEPIP %s: %w", gw.Spec.VTEPIP, errors.Join(err, ErrInvalidGW))
 	}
 	if vtepIP.Bits() != 32 {
-		return fmt.Errorf("VTEPIP %s must be a /32 prefix", gw.Spec.VTEPIP) //nolint:goerr113
+		return fmt.Errorf("VTEPIP %s must be a /32 prefix: %w", gw.Spec.VTEPIP, ErrInvalidGW)
 	}
 	if !vtepIP.Addr().Is4() {
-		return fmt.Errorf("VTEPIP %s must be an IPv4 address", gw.Spec.VTEPIP) //nolint:goerr113
+		return fmt.Errorf("VTEPIP %s must be an IPv4 address: %w", gw.Spec.VTEPIP, ErrInvalidGW)
 	}
 	if vtepIP.Addr().IsMulticast() || vtepIP.Addr().IsLoopback() || vtepIP.Addr().IsUnspecified() {
-		return fmt.Errorf("VTEPIP %s must be a unicast IPv4 address", gw.Spec.VTEPIP) //nolint:goerr113
+		return fmt.Errorf("VTEPIP %s must be a unicast IPv4 address: %w", gw.Spec.VTEPIP, ErrInvalidGW)
 	}
 	localhostNet, err := netip.ParsePrefix("127.0.0.0/8")
 	if err != nil {
 		return fmt.Errorf("internal error: cannot parse localhost network: %w", err)
 	}
 	if localhostNet.Contains(vtepIP.Addr()) {
-		return fmt.Errorf("VTEPIP %s must not be in the localhost range", gw.Spec.VTEPIP) //nolint:goerr113
+		return fmt.Errorf("VTEPIP %s must not be in the localhost range: %w", gw.Spec.VTEPIP, ErrInvalidGW)
 	}
 
 	if gw.Spec.VTEPMAC == "" {
-		return fmt.Errorf("VTEPMAC must be set") //nolint:goerr113
+		return fmt.Errorf("VTEPMAC must be set: %w", ErrInvalidGW)
 	}
 	vtepMAC, err := net.ParseMAC(gw.Spec.VTEPMAC)
 	if err != nil {
-		return fmt.Errorf("invalid VTEPMAC %s: %w", gw.Spec.VTEPMAC, err)
+		return fmt.Errorf("invalid VTEPMAC %s: %w", gw.Spec.VTEPMAC, errors.Join(err, ErrInvalidGW))
 	}
 	if vtepMAC.String() == "00:00:00:00:00:00" {
-		return fmt.Errorf("VTEPMAC must not be all zeros") //nolint:goerr113
+		return fmt.Errorf("VTEPMAC must not be all zeros: %w", ErrInvalidGW)
 	}
 	if (vtepMAC[0] & 1) == 1 {
-		return fmt.Errorf("VTEPMAC %s must be a unicast MAC address", gw.Spec.VTEPMAC) //nolint:goerr113
+		return fmt.Errorf("VTEPMAC %s must be a unicast MAC address: %w", gw.Spec.VTEPMAC, ErrInvalidGW)
 	}
 
 	if gw.Spec.ASN == 0 {
-		return fmt.Errorf("ASN must be set") //nolint:goerr113
+		return fmt.Errorf("ASN must be set: %w", ErrInvalidGW)
 	}
 
 	if len(gw.Spec.Interfaces) == 0 {
-		return fmt.Errorf("at least one interface must be defined") //nolint:goerr113
+		return fmt.Errorf("at least one interface must be defined: %w", ErrInvalidGW)
 	}
 	for name, iface := range gw.Spec.Interfaces {
 		if len(iface.IPs) == 0 {
-			return fmt.Errorf("interface %s must have at least one IP address", name) //nolint:goerr113
+			return fmt.Errorf("interface %s must have at least one IP address: %w", name, ErrInvalidGW)
 		}
 		for _, ifaceIP := range iface.IPs {
 			ifaceIP, err := netip.ParsePrefix(ifaceIP)
 			if err != nil {
-				return fmt.Errorf("invalid interface %s IP %s: %w", name, ifaceIP, err)
+				return fmt.Errorf("invalid interface %s IP %s: %w", name, ifaceIP, errors.Join(err, ErrInvalidGW))
 			}
 			if !ifaceIP.Addr().Is4() {
-				return fmt.Errorf("interface %s IP %s must be an IPv4 address", name, ifaceIP) //nolint:goerr113
+				return fmt.Errorf("interface %s IP %s must be an IPv4 address: %w", name, ifaceIP, ErrInvalidGW)
 			}
 		}
 	}
 
 	if len(gw.Spec.Neighbors) == 0 {
-		return fmt.Errorf("at least one BGP neighbor must be defined") //nolint:goerr113
+		return fmt.Errorf("at least one BGP neighbor must be defined: %w", ErrInvalidGW)
 	}
 	for _, neigh := range gw.Spec.Neighbors {
 		if neigh.IP == "" {
-			return fmt.Errorf("BGP neighbor must have an IP address") //nolint:goerr113
+			return fmt.Errorf("BGP neighbor must have an IP address: %w", ErrInvalidGW)
 		}
 		neighIP, err := netip.ParseAddr(neigh.IP)
 		if err != nil {
-			return fmt.Errorf("invalid neighbor IP %s: %w", neigh.IP, err)
+			return fmt.Errorf("invalid neighbor IP %s: %w", neigh.IP, errors.Join(err, ErrInvalidGW))
 		}
 		if !neighIP.Is4() {
-			return fmt.Errorf("BGP neighbor IP %s must be an IPv4 address", neigh.IP) //nolint:goerr113
+			return fmt.Errorf("BGP neighbor IP %s must be an IPv4 address: %w", neigh.IP, ErrInvalidGW)
 		}
 		if neighIP.IsMulticast() || neighIP.IsUnspecified() {
-			return fmt.Errorf("BGP neighbor IP %s must be a unicast IPv4 address", neigh.IP) //nolint:goerr113
+			return fmt.Errorf("BGP neighbor IP %s must be a unicast IPv4 address: %w", neigh.IP, ErrInvalidGW)
 		}
 
 		if neigh.ASN == 0 {
-			return fmt.Errorf("BGP neighbor %s must have an ASN", neigh.IP) //nolint:goerr113
+			return fmt.Errorf("BGP neighbor %s must have an ASN: %w", neigh.IP, ErrInvalidGW)
 		}
 	}
 
@@ -202,10 +205,10 @@ func (gw *Gateway) Validate(ctx context.Context, kube kclient.Reader) error {
 			}
 		}
 		if _, exist := protocolIPs[protoIP.Addr()]; exist {
-			return fmt.Errorf("gateway %s protocol IP %s is already in use", gw.Name, protoIP) //nolint:goerr113
+			return fmt.Errorf("gateway %s protocol IP %s is already in use: %w", gw.Name, protoIP, ErrInvalidGW)
 		}
 		if _, exist := vtepIPs[vtepIP.Addr()]; exist {
-			return fmt.Errorf("gateway %s VTEP IP %s is already in use", gw.Name, vtepIP) //nolint:goerr113
+			return fmt.Errorf("gateway %s VTEP IP %s is already in use: %w", gw.Name, vtepIP, ErrInvalidGW)
 		}
 	}
 
diff --git a/api/gateway/v1alpha1/gateway_types_test.go b/api/gateway/v1alpha1/gateway_types_test.go
@@ -0,0 +1,226 @@
+// Copyright 2025 Hedgehog
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1_test
+
+import (
+	"slices"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.githedgehog.com/gateway/api/gateway/v1alpha1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	kclient "sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+func withName[T kclient.Object](name string, obj T) T {
+	obj.SetName(name)
+	obj.SetNamespace("fab") // FIXME: do not hardcode
+
+	return obj
+}
+
+func gwa(name string, f ...func(gw *v1alpha1.Gateway)) *v1alpha1.Gateway {
+	gw := withName(name, &v1alpha1.Gateway{
+		Spec: v1alpha1.GatewaySpec{
+			ProtocolIP: "172.30.8.3/32",
+			VTEPIP:     "172.30.12.1/32",
+			ASN:        65101,
+			VTEPMAC:    "ca:fe:ba:be:00:01",
+			VTEPMTU:    1500,
+			Interfaces: map[string]v1alpha1.GatewayInterface{
+				"eth0": {
+					IPs: []string{"172.30.128.3/31"},
+					MTU: 1500,
+				},
+			},
+			Neighbors: []v1alpha1.GatewayBGPNeighbor{
+				{
+					Source: "eth0",
+					IP:     "172.30.128.1",
+					ASN:    65100,
+				},
+			},
+		},
+	})
+
+	for _, fn := range f {
+		fn(gw)
+	}
+
+	return gw
+}
+
+func withObjs(base []kclient.Object, objs ...kclient.Object) []kclient.Object {
+	return append(slices.Clone(base), objs...)
+}
+
+func TestGatewayValidate(t *testing.T) {
+	base := []kclient.Object{
+		withName("gw-2", &v1alpha1.Gateway{
+			Spec: v1alpha1.GatewaySpec{
+				ProtocolIP: "172.30.8.2/32",
+				VTEPIP:     "172.30.12.0/32",
+				ASN:        65101,
+				VTEPMAC:    "ca:fe:ba:be:00:01",
+				VTEPMTU:    1500,
+				Interfaces: map[string]v1alpha1.GatewayInterface{
+					"eth0": {
+						IPs: []string{"172.30.128.1/31"},
+						MTU: 1500,
+					},
+				},
+				Neighbors: []v1alpha1.GatewayBGPNeighbor{
+					{
+						Source: "eth0",
+						IP:     "172.30.128.0",
+						ASN:    65100,
+					},
+				},
+			},
+		}),
+	}
+
+	tests := []struct {
+		name string
+		gw   v1alpha1.Gateway
+		objs []kclient.Object
+		err  error
+	}{
+		{
+			name: "test-no-overlap",
+			gw:   *gwa("gw-1"),
+			objs: base,
+		},
+		{
+			name: "test-proto-ip-overlap",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.ProtocolIP = "172.30.8.2/32" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-vtep-ip-overlap",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPIP = "172.30.12.0/32" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-invalid-proto-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.ProtocolIP = "172.30.12.0.1/32" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-non-32-proto-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.ProtocolIP = "172.30.12.0/24" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-non-v4-proto-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.ProtocolIP = "2001:db8::1/32" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-invalid-vtep-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPIP = "172.30.12.0.1/32" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-non-32-vtep-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPIP = "172.30.12.0/24" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-non-v4-vtep-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPIP = "2001:db8::1/32" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-localhost-vtep-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPIP = "127.0.1.2/32" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-invalid-mac",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPMAC = "00:11:22:33:44:55:66" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-all-zeros-mac",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPMAC = "00:00:00:00:00:00" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-multicast-mac",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.VTEPMAC = "01:00:5E:00:00:00" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-no-asn",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.ASN = 0 }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-no-interfaces",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.Interfaces = map[string]v1alpha1.GatewayInterface{} }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-interface-invalid-ip",
+			gw: *gwa("gw-1", func(gw *v1alpha1.Gateway) {
+				gw.Spec.Interfaces["eth0"] = v1alpha1.GatewayInterface{IPs: []string{"172.30.128.256/31"}, MTU: 1500}
+			}),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-no-neighbors",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.Neighbors = []v1alpha1.GatewayBGPNeighbor{} }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-neighbor-invalid-ip",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.Neighbors[0].IP = "172.30.128.256" }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+		{
+			name: "test-neighbor-no-asn",
+			gw:   *gwa("gw-1", func(gw *v1alpha1.Gateway) { gw.Spec.Neighbors[0].ASN = 0 }),
+			objs: base,
+			err:  v1alpha1.ErrInvalidGW,
+		},
+	}
+
+	scheme := runtime.NewScheme()
+	require.NoError(t, v1alpha1.AddToScheme(scheme), "should add gateway API to scheme")
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := t.Context()
+
+			kube := fake.NewClientBuilder().
+				WithScheme(scheme).
+				WithObjects(tt.objs...).
+				Build()
+
+			tt.gw.Default()
+			actual := tt.gw.Validate(ctx, kube)
+			assert.ErrorIs(t, actual, tt.err, "validate should return expected error")
+		})
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ package v1alpha1`
`5`	`5`
`6`	`6`	`import (`
`7`	`7`	`"context"`
	`8`	`+ "errors"`
`8`	`9`	`"fmt"`
`9`	`10`	`"net"`
`10`	`11`	`"net/netip"`
`@@ -13,6 +14,8 @@ import (`
`13`	`14`	`kclient "sigs.k8s.io/controller-runtime/pkg/client"`
`14`	`15`	`)`
`15`	`16`
	`17`	`+var ErrInvalidGW = errors.New("invalid gateway")`
	`18`	`+`
`16`	`19`	`// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.`
`17`	`20`
`18`	`21`	`// GatewaySpec defines the desired state of Gateway.`
`@@ -88,92 +91,92 @@ func (gw *Gateway) Default() {`
`88`	`91`	`func (gw *Gateway) Validate(ctx context.Context, kube kclient.Reader) error {`
`89`	`92`	`protoIP, err := netip.ParsePrefix(gw.Spec.ProtocolIP)`
`90`	`93`	`if err != nil {`
`91`		`- return fmt.Errorf("invalid ProtocolIP %s: %w", gw.Spec.ProtocolIP, err)`
	`94`	`+ return fmt.Errorf("invalid ProtocolIP %s: %w", gw.Spec.ProtocolIP, errors.Join(err, ErrInvalidGW))`
`92`	`95`	`}`
`93`	`96`	`if protoIP.Bits() != 32 {`
`94`		`- return fmt.Errorf("ProtocolIP %s must be a /32 prefix", gw.Spec.ProtocolIP) //nolint:goerr113`
	`97`	`+ return fmt.Errorf("ProtocolIP %s must be a /32 prefix: %w", gw.Spec.ProtocolIP, ErrInvalidGW)`
`95`	`98`	`}`
`96`	`99`	`if !protoIP.Addr().Is4() {`
`97`		`- return fmt.Errorf("ProtocolIP %s must be an IPv4 address", gw.Spec.ProtocolIP) //nolint:goerr113`
	`100`	`+ return fmt.Errorf("ProtocolIP %s must be an IPv4 address: %w", gw.Spec.ProtocolIP, ErrInvalidGW)`
`98`	`101`	`}`
`99`	`102`
`100`	`103`	`vtepIP, err := netip.ParsePrefix(gw.Spec.VTEPIP)`
`101`	`104`	`if err != nil {`
`102`		`- return fmt.Errorf("invalid VTEPIP %s: %w", gw.Spec.VTEPIP, err)`
	`105`	`+ return fmt.Errorf("invalid VTEPIP %s: %w", gw.Spec.VTEPIP, errors.Join(err, ErrInvalidGW))`
`103`	`106`	`}`
`104`	`107`	`if vtepIP.Bits() != 32 {`
`105`		`- return fmt.Errorf("VTEPIP %s must be a /32 prefix", gw.Spec.VTEPIP) //nolint:goerr113`
	`108`	`+ return fmt.Errorf("VTEPIP %s must be a /32 prefix: %w", gw.Spec.VTEPIP, ErrInvalidGW)`
`106`	`109`	`}`
`107`	`110`	`if !vtepIP.Addr().Is4() {`
`108`		`- return fmt.Errorf("VTEPIP %s must be an IPv4 address", gw.Spec.VTEPIP) //nolint:goerr113`
	`111`	`+ return fmt.Errorf("VTEPIP %s must be an IPv4 address: %w", gw.Spec.VTEPIP, ErrInvalidGW)`
`109`	`112`	`}`
`110`	`113`	`if vtepIP.Addr().IsMulticast() \|\| vtepIP.Addr().IsLoopback() \|\| vtepIP.Addr().IsUnspecified() {`
`111`		`- return fmt.Errorf("VTEPIP %s must be a unicast IPv4 address", gw.Spec.VTEPIP) //nolint:goerr113`
	`114`	`+ return fmt.Errorf("VTEPIP %s must be a unicast IPv4 address: %w", gw.Spec.VTEPIP, ErrInvalidGW)`
`112`	`115`	`}`
`113`	`116`	`localhostNet, err := netip.ParsePrefix("127.0.0.0/8")`
`114`	`117`	`if err != nil {`
`115`	`118`	`return fmt.Errorf("internal error: cannot parse localhost network: %w", err)`
`116`	`119`	`}`
`117`	`120`	`if localhostNet.Contains(vtepIP.Addr()) {`
`118`		`- return fmt.Errorf("VTEPIP %s must not be in the localhost range", gw.Spec.VTEPIP) //nolint:goerr113`
	`121`	`+ return fmt.Errorf("VTEPIP %s must not be in the localhost range: %w", gw.Spec.VTEPIP, ErrInvalidGW)`
`119`	`122`	`}`
`120`	`123`
`121`	`124`	`if gw.Spec.VTEPMAC == "" {`
`122`		`- return fmt.Errorf("VTEPMAC must be set") //nolint:goerr113`
	`125`	`+ return fmt.Errorf("VTEPMAC must be set: %w", ErrInvalidGW)`
`123`	`126`	`}`
`124`	`127`	`vtepMAC, err := net.ParseMAC(gw.Spec.VTEPMAC)`
`125`	`128`	`if err != nil {`
`126`		`- return fmt.Errorf("invalid VTEPMAC %s: %w", gw.Spec.VTEPMAC, err)`
	`129`	`+ return fmt.Errorf("invalid VTEPMAC %s: %w", gw.Spec.VTEPMAC, errors.Join(err, ErrInvalidGW))`
`127`	`130`	`}`
`128`	`131`	`if vtepMAC.String() == "00:00:00:00:00:00" {`
`129`		`- return fmt.Errorf("VTEPMAC must not be all zeros") //nolint:goerr113`
	`132`	`+ return fmt.Errorf("VTEPMAC must not be all zeros: %w", ErrInvalidGW)`
`130`	`133`	`}`
`131`	`134`	`if (vtepMAC[0] & 1) == 1 {`
`132`		`- return fmt.Errorf("VTEPMAC %s must be a unicast MAC address", gw.Spec.VTEPMAC) //nolint:goerr113`
	`135`	`+ return fmt.Errorf("VTEPMAC %s must be a unicast MAC address: %w", gw.Spec.VTEPMAC, ErrInvalidGW)`
`133`	`136`	`}`
`134`	`137`
`135`	`138`	`if gw.Spec.ASN == 0 {`
`136`		`- return fmt.Errorf("ASN must be set") //nolint:goerr113`
	`139`	`+ return fmt.Errorf("ASN must be set: %w", ErrInvalidGW)`
`137`	`140`	`}`
`138`	`141`
`139`	`142`	`if len(gw.Spec.Interfaces) == 0 {`
`140`		`- return fmt.Errorf("at least one interface must be defined") //nolint:goerr113`
	`143`	`+ return fmt.Errorf("at least one interface must be defined: %w", ErrInvalidGW)`
`141`	`144`	`}`
`142`	`145`	`for name, iface := range gw.Spec.Interfaces {`
`143`	`146`	`if len(iface.IPs) == 0 {`
`144`		`- return fmt.Errorf("interface %s must have at least one IP address", name) //nolint:goerr113`
	`147`	`+ return fmt.Errorf("interface %s must have at least one IP address: %w", name, ErrInvalidGW)`
`145`	`148`	`}`
`146`	`149`	`for _, ifaceIP := range iface.IPs {`
`147`	`150`	`ifaceIP, err := netip.ParsePrefix(ifaceIP)`
`148`	`151`	`if err != nil {`
`149`		`- return fmt.Errorf("invalid interface %s IP %s: %w", name, ifaceIP, err)`
	`152`	`+ return fmt.Errorf("invalid interface %s IP %s: %w", name, ifaceIP, errors.Join(err, ErrInvalidGW))`
`150`	`153`	`}`
`151`	`154`	`if !ifaceIP.Addr().Is4() {`
`152`		`- return fmt.Errorf("interface %s IP %s must be an IPv4 address", name, ifaceIP) //nolint:goerr113`
	`155`	`+ return fmt.Errorf("interface %s IP %s must be an IPv4 address: %w", name, ifaceIP, ErrInvalidGW)`
`153`	`156`	`}`
`154`	`157`	`}`
`155`	`158`	`}`
`156`	`159`
`157`	`160`	`if len(gw.Spec.Neighbors) == 0 {`
`158`		`- return fmt.Errorf("at least one BGP neighbor must be defined") //nolint:goerr113`
	`161`	`+ return fmt.Errorf("at least one BGP neighbor must be defined: %w", ErrInvalidGW)`
`159`	`162`	`}`
`160`	`163`	`for _, neigh := range gw.Spec.Neighbors {`
`161`	`164`	`if neigh.IP == "" {`
`162`		`- return fmt.Errorf("BGP neighbor must have an IP address") //nolint:goerr113`
	`165`	`+ return fmt.Errorf("BGP neighbor must have an IP address: %w", ErrInvalidGW)`
`163`	`166`	`}`
`164`	`167`	`neighIP, err := netip.ParseAddr(neigh.IP)`
`165`	`168`	`if err != nil {`
`166`		`- return fmt.Errorf("invalid neighbor IP %s: %w", neigh.IP, err)`
	`169`	`+ return fmt.Errorf("invalid neighbor IP %s: %w", neigh.IP, errors.Join(err, ErrInvalidGW))`
`167`	`170`	`}`
`168`	`171`	`if !neighIP.Is4() {`
`169`		`- return fmt.Errorf("BGP neighbor IP %s must be an IPv4 address", neigh.IP) //nolint:goerr113`
	`172`	`+ return fmt.Errorf("BGP neighbor IP %s must be an IPv4 address: %w", neigh.IP, ErrInvalidGW)`
`170`	`173`	`}`
`171`	`174`	`if neighIP.IsMulticast() \|\| neighIP.IsUnspecified() {`
`172`		`- return fmt.Errorf("BGP neighbor IP %s must be a unicast IPv4 address", neigh.IP) //nolint:goerr113`
	`175`	`+ return fmt.Errorf("BGP neighbor IP %s must be a unicast IPv4 address: %w", neigh.IP, ErrInvalidGW)`
`173`	`176`	`}`
`174`	`177`
`175`	`178`	`if neigh.ASN == 0 {`
`176`		`- return fmt.Errorf("BGP neighbor %s must have an ASN", neigh.IP) //nolint:goerr113`
	`179`	`+ return fmt.Errorf("BGP neighbor %s must have an ASN: %w", neigh.IP, ErrInvalidGW)`
`177`	`180`	`}`
`178`	`181`	`}`
`179`	`182`
`@@ -202,10 +205,10 @@ func (gw *Gateway) Validate(ctx context.Context, kube kclient.Reader) error {`
`202`	`205`	`}`
`203`	`206`	`}`
`204`	`207`	`if _, exist := protocolIPs[protoIP.Addr()]; exist {`
`205`		`- return fmt.Errorf("gateway %s protocol IP %s is already in use", gw.Name, protoIP) //nolint:goerr113`
	`208`	`+ return fmt.Errorf("gateway %s protocol IP %s is already in use: %w", gw.Name, protoIP, ErrInvalidGW)`
`206`	`209`	`}`
`207`	`210`	`if _, exist := vtepIPs[vtepIP.Addr()]; exist {`
`208`		`- return fmt.Errorf("gateway %s VTEP IP %s is already in use", gw.Name, vtepIP) //nolint:goerr113`
	`211`	`+ return fmt.Errorf("gateway %s VTEP IP %s is already in use: %w", gw.Name, vtepIP, ErrInvalidGW)`
`209`	`212`	`}`
`210`	`213`	`}`
`211`	`214`