github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 17:30:00 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9174 from thockin/no-link-local-endpoints

Browse Source 
Don't allow link-local Endpoints
This commit is contained in:
Brian Grant 2015-06-03 12:12:33 -07:00
commit b71e2b01bc
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/api/validation/validation.go
View File

@ -1592,11 +1592,24 @@ func validateEndpointSubsets(subsets []api.EndpointSubset) errs.ValidationErrorL
return allErrs return allErrs
} }
var linkLocalNet *net.IPNet
func validateEndpointAddress(address *api.EndpointAddress) errs.ValidationErrorList { func validateEndpointAddress(address *api.EndpointAddress) errs.ValidationErrorList {
if linkLocalNet == nil {
var err error
_, linkLocalNet, err = net.ParseCIDR("169.254.0.0/16")
if err != nil {
glog.Errorf("Failed to parse link-local CIDR: %v", err)
}
}
allErrs := errs.ValidationErrorList{} allErrs := errs.ValidationErrorList{}
if !util.IsValidIPv4(address.IP) { if !util.IsValidIPv4(address.IP) {
allErrs = append(allErrs, errs.NewFieldInvalid("ip", address.IP, "invalid IPv4 address")) allErrs = append(allErrs, errs.NewFieldInvalid("ip", address.IP, "invalid IPv4 address"))
} }
if linkLocalNet.Contains(net.ParseIP(address.IP)) {
allErrs = append(allErrs, errs.NewFieldInvalid("ip", address.IP, "may not be in the link-local range (169.254.0.0/16)"))
}
return allErrs return allErrs
} }

15
pkg/api/validation/validation_test.go
View File

@ -3350,10 +3350,23 @@ func TestValidateEndpoints(t *testing.T) {
}, },
errorType: "FieldValueRequired", errorType: "FieldValueRequired",
}, },
"Address is link-local": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "169.254.169.254"}},
Ports: []api.EndpointPort{{Name: "p", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
errorDetail: "link-local",
},
} }
for k, v := range errorCases { for k, v := range errorCases {
if errs := ValidateEndpoints(&v.endpoints); len(errs) == 0 || errs[0].(*errors.ValidationError).Type != v.errorType || errs[0].(*errors.ValidationError).Detail != v.errorDetail { if errs := ValidateEndpoints(&v.endpoints); len(errs) == 0 || errs[0].(*errors.ValidationError).Type != v.errorType || !strings.Contains(errs[0].(*errors.ValidationError).Detail, v.errorDetail) {
t.Errorf("Expected error type %s with detail %s for %s, got %v", v.errorType, v.errorDetail, k, errs) t.Errorf("Expected error type %s with detail %s for %s, got %v", v.errorType, v.errorDetail, k, errs)
} }
} }