Skip to content
This repository was archived by the owner on May 28, 2021. It is now read-only.

CIDR fixes and kops support #184

Merged
merged 2 commits into from
Jul 16, 2018
Merged

CIDR fixes and kops support #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
505a796
Better validation for private address ranges.
gianlucaborello Jul 13, 2018
88990c2
Support RFC 6598 addresses, improperly used by kops.
gianlucaborello Jul 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 18 additions & 9 deletions pkg/cluster/instance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,16 +129,25 @@ func (i *Instance) PodName() string {

// WhitelistCIDR returns the CIDR range to whitelist for GR based on the Pod's IP.
func (i *Instance) WhitelistCIDR() (string, error) {
switch i.IP.To4()[0] {
case 10:
return "10.0.0.0/8", nil
case 172:
return "172.16.0.0/12", nil
case 192:
return "192.168.0.0/16", nil
default:
return "", errors.Errorf("pod IP %q is not a private IPv4 address", i.IP.String())
var privateRanges []*net.IPNet

for _, addrRange := range []string{
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
"100.64.0.0/10", // IPv4 shared address space (RFC 6598), improperly used by kops
} {
_, block, _ := net.ParseCIDR(addrRange)
privateRanges = append(privateRanges, block)
}

for _, block := range privateRanges {
if block.Contains(i.IP) {
return block.String(), nil
}
}

return "", errors.Errorf("pod IP %q is not a private IPv4 address", i.IP.String())
}

// statefulPodRegex is a regular expression that extracts the parent StatefulSet
Expand Down
27 changes: 27 additions & 0 deletions pkg/cluster/instance_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
package cluster

import (
"net"
"testing"

"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -75,3 +76,29 @@ func TestGetPodName(t *testing.T) {
})
}
}

func TestWhitelistCIDR(t *testing.T) {
testCases := []struct {
ip string
expected string
}{
{ip: "192.168.0.1", expected: "192.168.0.0/16"},
{ip: "192.167.0.1", expected: ""},
{ip: "10.1.1.1", expected: "10.0.0.0/8"},
{ip: "172.15.0.1", expected: ""},
{ip: "172.16.0.1", expected: "172.16.0.0/12"},
{ip: "172.17.0.1", expected: "172.16.0.0/12"},
{ip: "100.64.0.1", expected: "100.64.0.0/10"},
{ip: "100.63.0.1", expected: ""},
{ip: "1.2.3.4", expected: ""},
}

for _, tt := range testCases {
i := Instance{IP: net.ParseIP(tt.ip)}

cidr, _ := i.WhitelistCIDR()
if cidr != tt.expected {
t.Errorf("ip: %v, cidr: %v, expected: %v", tt.ip, cidr, tt.expected)
}
}
}