scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-03 03:38:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Require canonicalization of NetworkDeviceData IPs

Browse Source 
There's no reason to allow non-standard or non-canonical IP values in
new APIs.
This commit is contained in:
Dan Winship
2024-12-14 09:14:07 -05:00
parent 21525f39e0
commit 2636aa35e3
2 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
pkg/apis/resource/validation/validation.go
View File

@@ -802,17 +802,24 @@ func validateNetworkDeviceData(networkDeviceData *resource.NetworkDeviceData, fl
allErrs = append(allErrs, validateSet(networkDeviceData.IPs, maxIPs,
func(address string, fldPath *field.Path) field.ErrorList {
return validation.IsValidCIDR(fldPath, address)
},
func(address string) (string, string) {
// reformat CIDR to handle different ways IPs can be written
// (e.g. 2001:db8::1/64 == 2001:0db8::1/64)
ip, ipNet, err := netutils.ParseCIDRSloppy(address)
if err != nil {
return "", "" // will fail at IsValidCIDR
// must fail
return validation.IsValidCIDR(fldPath, address)
}
maskSize, _ := ipNet.Mask.Size()
return fmt.Sprintf("%s/%d", ip.String(), maskSize), ""
canonical := fmt.Sprintf("%s/%d", ip.String(), maskSize)
if address != canonical {
return field.ErrorList{
field.Invalid(fldPath, address, fmt.Sprintf("must be in canonical form (%s)", canonical)),
}
}
return nil
},
func(address string) (string, string) {
return address, ""
},
fldPath.Child("ips"))...)
return allErrs