diff --git a/iam/converter.go b/iam/converter.go index 3910c45..f8205e3 100644 --- a/iam/converter.go +++ b/iam/converter.go @@ -306,19 +306,11 @@ func numericConvertFunction(val string) (string, error) { } func ipConvertFunction(val string) (string, error) { - var ipAddr netip.Addr - - if prefix, err := netip.ParsePrefix(val); err != nil { - if ipAddr, err = netip.ParseAddr(val); err != nil { + if _, err := netip.ParsePrefix(val); err != nil { + if _, err = netip.ParseAddr(val); err != nil { return "", err } val += "/32" - } else { - ipAddr = prefix.Addr() - } - - if ipAddr.IsPrivate() { - return "", fmt.Errorf("invalid ip value '%s': must be public", val) } return val, nil diff --git a/iam/converter_test.go b/iam/converter_test.go index b716a4b..1841d80 100644 --- a/iam/converter_test.go +++ b/iam/converter_test.go @@ -632,14 +632,14 @@ func TestIPConditions(t *testing.T) { {ip: "203.0.113.1", expected: "203.0.113.1/32"}, {ip: "203.0.113.1/", error: true}, {ip: "203.0.113.1/33", error: true}, - {ip: "192.168.0.1/24", error: true}, - {ip: "10.10.0.1/24", error: true}, - {ip: "172.16.0.1/24", error: true}, + {ip: "192.168.0.1/24", expected: "192.168.0.1/24"}, + {ip: "10.10.0.1/24", expected: "10.10.0.1/24"}, + {ip: "172.16.0.1/24", expected: "172.16.0.1/24"}, {ip: "2001:DB8:1234:5678::/64", expected: "2001:DB8:1234:5678::/64"}, {ip: "2001:DB8:1234:5678::", expected: "2001:DB8:1234:5678::/32"}, {ip: "2001:DB8:1234:5678::/", error: true}, {ip: "2001:DB8:1234:5678::/129", error: true}, - {ip: "FC00::/64", error: true}, + {ip: "FC00::/64", expected: "FC00::/64"}, } { t.Run("", func(t *testing.T) { actual, err := ipConvertFunction(tc.ip)