forked from TrueCloudLab/policy-engine
[#78] iam: Don't check IP for private
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
d7ed188f68
commit
303a81cdc6
2 changed files with 6 additions and 14 deletions
|
@ -306,19 +306,11 @@ func numericConvertFunction(val string) (string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func ipConvertFunction(val string) (string, error) {
|
func ipConvertFunction(val string) (string, error) {
|
||||||
var ipAddr netip.Addr
|
if _, err := netip.ParsePrefix(val); err != nil {
|
||||||
|
if _, err = netip.ParseAddr(val); err != nil {
|
||||||
if prefix, err := netip.ParsePrefix(val); err != nil {
|
|
||||||
if ipAddr, err = netip.ParseAddr(val); err != nil {
|
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
val += "/32"
|
val += "/32"
|
||||||
} else {
|
|
||||||
ipAddr = prefix.Addr()
|
|
||||||
}
|
|
||||||
|
|
||||||
if ipAddr.IsPrivate() {
|
|
||||||
return "", fmt.Errorf("invalid ip value '%s': must be public", val)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return val, nil
|
return val, nil
|
||||||
|
|
|
@ -632,14 +632,14 @@ func TestIPConditions(t *testing.T) {
|
||||||
{ip: "203.0.113.1", expected: "203.0.113.1/32"},
|
{ip: "203.0.113.1", expected: "203.0.113.1/32"},
|
||||||
{ip: "203.0.113.1/", error: true},
|
{ip: "203.0.113.1/", error: true},
|
||||||
{ip: "203.0.113.1/33", error: true},
|
{ip: "203.0.113.1/33", error: true},
|
||||||
{ip: "192.168.0.1/24", error: true},
|
{ip: "192.168.0.1/24", expected: "192.168.0.1/24"},
|
||||||
{ip: "10.10.0.1/24", error: true},
|
{ip: "10.10.0.1/24", expected: "10.10.0.1/24"},
|
||||||
{ip: "172.16.0.1/24", error: true},
|
{ip: "172.16.0.1/24", expected: "172.16.0.1/24"},
|
||||||
{ip: "2001:DB8:1234:5678::/64", expected: "2001:DB8:1234:5678::/64"},
|
{ip: "2001:DB8:1234:5678::/64", expected: "2001:DB8:1234:5678::/64"},
|
||||||
{ip: "2001:DB8:1234:5678::", expected: "2001:DB8:1234:5678::/32"},
|
{ip: "2001:DB8:1234:5678::", expected: "2001:DB8:1234:5678::/32"},
|
||||||
{ip: "2001:DB8:1234:5678::/", error: true},
|
{ip: "2001:DB8:1234:5678::/", error: true},
|
||||||
{ip: "2001:DB8:1234:5678::/129", error: true},
|
{ip: "2001:DB8:1234:5678::/129", error: true},
|
||||||
{ip: "FC00::/64", error: true},
|
{ip: "FC00::/64", expected: "FC00::/64"},
|
||||||
} {
|
} {
|
||||||
t.Run("", func(t *testing.T) {
|
t.Run("", func(t *testing.T) {
|
||||||
actual, err := ipConvertFunction(tc.ip)
|
actual, err := ipConvertFunction(tc.ip)
|
||||||
|
|
Loading…
Reference in a new issue