github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Update IP address validation message to include IPv6

Browse Source 
Adds unit test

Change-Id: I08c46f68b164e1ea82bf40f8a1316dfc1e95a6fb
This commit is contained in:
Bowei Du 2021-04-06 09:58:55 -07:00
parent b0abe89ae2
commit 89ebf47640
2 changed files with 48 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/apis/core/validation/validation.go
View File

@ -5764,6 +5764,10 @@ func validateNonSpecialIP(ipAddress string, fldPath *field.Path) field.ErrorList
// unspecified and loopback addresses are nonsensical and link-local // unspecified and loopback addresses are nonsensical and link-local
// addresses tend to be used for node-centric purposes (e.g. metadata // addresses tend to be used for node-centric purposes (e.g. metadata
// service). // service).
//
// IPv6 references
// - https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
// - https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
ip := net.ParseIP(ipAddress) ip := net.ParseIP(ipAddress)
if ip == nil { if ip == nil {
@ -5771,16 +5775,16 @@ func validateNonSpecialIP(ipAddress string, fldPath *field.Path) field.ErrorList
return allErrs return allErrs
} }
if ip.IsUnspecified() { if ip.IsUnspecified() {
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be unspecified (0.0.0.0)")) allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, fmt.Sprintf("may not be unspecified (%v)", ipAddress)))
} }
if ip.IsLoopback() { if ip.IsLoopback() {
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the loopback range (127.0.0.0/8)")) allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the loopback range (127.0.0.0/8, ::1/128)"))
} }
if ip.IsLinkLocalUnicast() { if ip.IsLinkLocalUnicast() {
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the link-local range (169.254.0.0/16)")) allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the link-local range (169.254.0.0/16, fe80::/10)"))
} }
if ip.IsLinkLocalMulticast() { if ip.IsLinkLocalMulticast() {
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the link-local multicast range (224.0.0.0/24)")) allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the link-local multicast range (224.0.0.0/24, ff02::/10)"))
} }
return allErrs return allErrs
} }

40
pkg/apis/core/validation/validation_test.go
View File

@ -17366,3 +17366,43 @@ func TestValidateResourceRequirements(t *testing.T) {
}) })
} }
} }
func TestValidateNonSpecialIP(t *testing.T) {
fp := field.NewPath("ip")
// Valid values.
for _, tc := range []struct {
desc string
ip string
}{
{"ipv4", "10.1.2.3"},
{"ipv6", "2000::1"},
} {
t.Run(tc.desc, func(t *testing.T) {
errs := validateNonSpecialIP(tc.ip, fp)
if len(errs) != 0 {
t.Errorf("validateNonSpecialIP(%q, ...) = %v; want nil", tc.ip, errs)
}
})
}
// Invalid cases
for _, tc := range []struct {
desc string
ip string
}{
{"ipv4 unspecified", "0.0.0.0"},
{"ipv6 unspecified", "::0"},
{"ipv4 localhost", "127.0.0.0"},
{"ipv4 localhost", "127.255.255.255"},
{"ipv6 localhost", "::1"},
{"ipv6 link local", "fe80::"},
{"ipv6 local multicast", "ff02::"},
} {
t.Run(tc.desc, func(t *testing.T) {
errs := validateNonSpecialIP(tc.ip, fp)
if len(errs) == 0 {
t.Errorf("validateNonSpecialIP(%q, ...) = nil; want non-nil (errors)", tc.ip)
}
})
}
}