Skip to content

Commit ecf9886

Browse files
peppi-lottapeppi-lotta
committed
Imporove ip address validation
Signed-off-by: peppi-lotta <[email protected]>
1 parent a71e3c3 commit ecf9886

File tree

7 files changed

+429
-30
lines changed

7 files changed

+429
-30
lines changed

internal/webhooks/v1alpha1/ipaddress_webhook.go

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,37 @@ func (webhook *IPAddress) ValidateCreate(_ context.Context, obj runtime.Object)
8686
"cannot be empty",
8787
),
8888
)
89+
} else if validateIP(c.Spec.Address) != nil {
90+
allErrs = append(allErrs,
91+
field.Invalid(
92+
field.NewPath("spec", "address"),
93+
c.Spec.Address,
94+
"is not a valid IP address",
95+
),
96+
)
97+
}
98+
99+
// Validate requested IP address if present in annotations (for CAPI claims)
100+
if requestedIP, ok := c.ObjectMeta.Annotations["ipAddress"]; ok && requestedIP != "" {
101+
if validateIP(ipamv1.IPAddressStr(requestedIP)) != nil {
102+
allErrs = append(allErrs,
103+
field.Invalid(
104+
field.NewPath("metadata", "annotations", "ipAddress"),
105+
requestedIP,
106+
"is not a valid IP address",
107+
),
108+
)
109+
}
110+
}
111+
112+
if err := validateIP(c.Spec.Address); err != nil {
113+
allErrs = append(allErrs,
114+
field.Invalid(
115+
field.NewPath("spec", "address"),
116+
c.Spec.Address,
117+
"invalid IP address",
118+
),
119+
)
89120
}
90121

91122
if len(allErrs) == 0 {

internal/webhooks/v1alpha1/ipaddress_webhook_test.go

Lines changed: 32 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,19 @@ func TestIPAddressCreateValidation(t *testing.T) {
5858
claim: corev1.ObjectReference{
5959
Name: "abc",
6060
},
61-
address: "abcd",
61+
address: "192.168.1.10",
62+
},
63+
{
64+
name: "should fail with invalid IP address",
65+
expectErr: true,
66+
addressName: "abc-3",
67+
ipPool: corev1.ObjectReference{
68+
Name: "abc",
69+
},
70+
claim: corev1.ObjectReference{
71+
Name: "abc",
72+
},
73+
address: "not-an-ip-address",
6274
},
6375
{
6476
name: "should fail without address",
@@ -81,7 +93,7 @@ func TestIPAddressCreateValidation(t *testing.T) {
8193
claim: corev1.ObjectReference{
8294
Name: "abc",
8395
},
84-
address: "abcd",
96+
address: "192.168.1.10",
8597
},
8698
{
8799
name: "should fail without claim name",
@@ -93,7 +105,7 @@ func TestIPAddressCreateValidation(t *testing.T) {
93105
claim: corev1.ObjectReference{
94106
Namespace: "abc",
95107
},
96-
address: "abcd",
108+
address: "192.168.1.10",
97109
},
98110
}
99111

@@ -144,7 +156,7 @@ func TestIPAddressUpdateValidation(t *testing.T) {
144156
Claim: corev1.ObjectReference{
145157
Name: "abc",
146158
},
147-
Address: "abcd",
159+
Address: "192.168.1.10",
148160
},
149161
old: &ipamv1.IPAddressSpec{
150162
Pool: corev1.ObjectReference{
@@ -153,7 +165,7 @@ func TestIPAddressUpdateValidation(t *testing.T) {
153165
Claim: corev1.ObjectReference{
154166
Name: "abc",
155167
},
156-
Address: "abcd",
168+
Address: "192.168.1.10",
157169
},
158170
},
159171
{
@@ -163,7 +175,7 @@ func TestIPAddressUpdateValidation(t *testing.T) {
163175
Pool: corev1.ObjectReference{
164176
Name: "abc",
165177
},
166-
Address: "abcd",
178+
Address: "192.168.1.10",
167179
},
168180
old: nil,
169181
},
@@ -174,13 +186,13 @@ func TestIPAddressUpdateValidation(t *testing.T) {
174186
Pool: corev1.ObjectReference{
175187
Name: "abc",
176188
},
177-
Address: "abcd",
189+
Address: "192.168.1.10",
178190
},
179191
old: &ipamv1.IPAddressSpec{
180192
Pool: corev1.ObjectReference{
181193
Name: "abc",
182194
},
183-
Address: "abcde",
195+
Address: "192.168.1.11",
184196
},
185197
},
186198
{
@@ -190,13 +202,13 @@ func TestIPAddressUpdateValidation(t *testing.T) {
190202
Pool: corev1.ObjectReference{
191203
Name: "abc",
192204
},
193-
Address: "abcd",
205+
Address: "192.168.1.10",
194206
},
195207
old: &ipamv1.IPAddressSpec{
196208
Pool: corev1.ObjectReference{
197209
Name: "abcd",
198210
},
199-
Address: "abcd",
211+
Address: "192.168.1.10",
200212
},
201213
},
202214
{
@@ -207,14 +219,14 @@ func TestIPAddressUpdateValidation(t *testing.T) {
207219
Name: "abc",
208220
Namespace: "abc",
209221
},
210-
Address: "abcd",
222+
Address: "192.168.1.10",
211223
},
212224
old: &ipamv1.IPAddressSpec{
213225
Pool: corev1.ObjectReference{
214226
Name: "abc",
215227
Namespace: "abcd",
216228
},
217-
Address: "abcd",
229+
Address: "192.168.1.10",
218230
},
219231
},
220232
{
@@ -225,14 +237,14 @@ func TestIPAddressUpdateValidation(t *testing.T) {
225237
Name: "abc",
226238
Kind: "abc",
227239
},
228-
Address: "abcd",
240+
Address: "192.168.1.10",
229241
},
230242
old: &ipamv1.IPAddressSpec{
231243
Pool: corev1.ObjectReference{
232244
Name: "abc",
233245
Kind: "abcd",
234246
},
235-
Address: "abcd",
247+
Address: "192.168.1.10",
236248
},
237249
},
238250
{
@@ -242,13 +254,13 @@ func TestIPAddressUpdateValidation(t *testing.T) {
242254
Claim: corev1.ObjectReference{
243255
Name: "abc",
244256
},
245-
Address: "abcd",
257+
Address: "192.168.1.10",
246258
},
247259
old: &ipamv1.IPAddressSpec{
248260
Claim: corev1.ObjectReference{
249261
Name: "abcd",
250262
},
251-
Address: "abcd",
263+
Address: "192.168.1.10",
252264
},
253265
},
254266
{
@@ -259,14 +271,14 @@ func TestIPAddressUpdateValidation(t *testing.T) {
259271
Name: "abc",
260272
Namespace: "abc",
261273
},
262-
Address: "abcd",
274+
Address: "192.168.1.10",
263275
},
264276
old: &ipamv1.IPAddressSpec{
265277
Claim: corev1.ObjectReference{
266278
Name: "abc",
267279
Namespace: "abcd",
268280
},
269-
Address: "abcd",
281+
Address: "192.168.1.10",
270282
},
271283
},
272284
{
@@ -277,14 +289,14 @@ func TestIPAddressUpdateValidation(t *testing.T) {
277289
Name: "abc",
278290
Kind: "abc",
279291
},
280-
Address: "abcd",
292+
Address: "192.168.1.10",
281293
},
282294
old: &ipamv1.IPAddressSpec{
283295
Claim: corev1.ObjectReference{
284296
Name: "abc",
285297
Kind: "abcd",
286298
},
287-
Address: "abcd",
299+
Address: "192.168.1.10",
288300
},
289301
},
290302
}

internal/webhooks/v1alpha1/ipclaim_webhook.go

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,19 @@ func (webhook *IPClaim) ValidateCreate(_ context.Context, obj runtime.Object) (a
6868
)
6969
}
7070

71+
// Validate requested IP address if present in annotations
72+
if requestedIP, ok := c.ObjectMeta.Annotations["ipAddress"]; ok && requestedIP != "" {
73+
if err := validateIP(ipamv1.IPAddressStr(requestedIP)); err != nil {
74+
allErrs = append(allErrs,
75+
field.Invalid(
76+
field.NewPath("metadata", "annotations", "ipAddress"),
77+
requestedIP,
78+
"is not a valid IP address",
79+
),
80+
)
81+
}
82+
}
83+
7184
if len(allErrs) == 0 {
7285
return nil, nil
7386
}
@@ -113,6 +126,19 @@ func (webhook *IPClaim) ValidateUpdate(_ context.Context, oldObj, newObj runtime
113126
)
114127
}
115128

129+
// Validate requested IP address if present in annotations
130+
if requestedIP, ok := newIPClaim.ObjectMeta.Annotations["ipAddress"]; ok && requestedIP != "" {
131+
if validateIP(ipamv1.IPAddressStr(requestedIP)) != nil {
132+
allErrs = append(allErrs,
133+
field.Invalid(
134+
field.NewPath("metadata", "annotations", "ipAddress"),
135+
requestedIP,
136+
"is not a valid IP address",
137+
),
138+
)
139+
}
140+
}
141+
116142
if len(allErrs) == 0 {
117143
return nil, nil
118144
}

0 commit comments

Comments
 (0)