Merge pull request #5508 from fgrzadkowski/validate_ips

Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2025-09-09 05:01:46 +00:00 · 2015-03-25 12:11:29 +01:00
parent cfb6f1199b 24eb1a08f3
commit 7085a0cb44
4 changed files with 65 additions and 0 deletions
--- a/pkg/api/validation/validation.go
+++ b/pkg/api/validation/validation.go
@@ -764,6 +764,14 @@ func ValidateService(service *api.Service) errs.ValidationErrorList {
 		}
 	}

+	for _, ip := range service.Spec.PublicIPs {
+		if ip == "0.0.0.0" {
+			allErrs = append(allErrs, errs.NewFieldInvalid("spec.publicIPs", ip, "is not an IP address"))
+		} else if util.IsValidIP(ip) && net.ParseIP(ip).IsLoopback() {
+			allErrs = append(allErrs, errs.NewFieldInvalid("spec.publicIPs", ip, "publicIP cannot be a loopback"))
+		}
+	}
+
 	return allErrs
 }

--- a/pkg/api/validation/validation_test.go
+++ b/pkg/api/validation/validation_test.go
@@ -1190,6 +1190,27 @@ func TestValidateService(t *testing.T) {
 			},
 			numErrs: 1,
 		},
+		{
+			name: "invalid publicIPs localhost",
+			makeSvc: func(s *api.Service) {
+				s.Spec.PublicIPs = []string{"127.0.0.1"}
+			},
+			numErrs: 1,
+		},
+		{
+			name: "invalid publicIPs",
+			makeSvc: func(s *api.Service) {
+				s.Spec.PublicIPs = []string{"0.0.0.0"}
+			},
+			numErrs: 1,
+		},
+		{
+			name: "valid publicIPs host",
+			makeSvc: func(s *api.Service) {
+				s.Spec.PublicIPs = []string{"myhost.mydomain"}
+			},
+			numErrs: 0,
+		},
 		{
 			name: "nil selector",
 			makeSvc: func(s *api.Service) {