Merge pull request #5508 from fgrzadkowski/validate_ips

Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
kubernetes · Mar 25, 2015 · 7085a0c · 7085a0c
2 parents cfb6f11 + 24eb1a0
commit 7085a0c
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 0 deletions.
diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go
@@ -764,6 +764,14 @@ func ValidateService(service *api.Service) errs.ValidationErrorList {
 		}
 	}
 
+	for _, ip := range service.Spec.PublicIPs {
+		if ip == "0.0.0.0" {
+			allErrs = append(allErrs, errs.NewFieldInvalid("spec.publicIPs", ip, "is not an IP address"))
+		} else if util.IsValidIP(ip) && net.ParseIP(ip).IsLoopback() {
+			allErrs = append(allErrs, errs.NewFieldInvalid("spec.publicIPs", ip, "publicIP cannot be a loopback"))
+		}
+	}
+
 	return allErrs
 }
 

diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go
@@ -1190,6 +1190,27 @@ func TestValidateService(t *testing.T) {
 			},
 			numErrs: 1,
 		},
+		{
+			name: "invalid publicIPs localhost",
+			makeSvc: func(s *api.Service) {
+				s.Spec.PublicIPs = []string{"127.0.0.1"}
+			},
+			numErrs: 1,
+		},
+		{
+			name: "invalid publicIPs",
+			makeSvc: func(s *api.Service) {
+				s.Spec.PublicIPs = []string{"0.0.0.0"}
+			},
+			numErrs: 1,
+		},
+		{
+			name: "valid publicIPs host",
+			makeSvc: func(s *api.Service) {
+				s.Spec.PublicIPs = []string{"myhost.mydomain"}
+			},
+			numErrs: 0,
+		},
 		{
 			name: "nil selector",
 			makeSvc: func(s *api.Service) {

diff --git a/pkg/util/validation.go b/pkg/util/validation.go
@@ -17,6 +17,7 @@ limitations under the License.
 package util
 
 import (
+	"net"
 	"regexp"
 )
 
@@ -89,3 +90,8 @@ func IsCIdentifier(value string) bool {
 func IsValidPortNum(port int) bool {
 	return 0 < port && port < 65536
 }
+
+// IsValidIP tests that the argument is a valid IPv4 address.
+func IsValidIP(value string) bool {
+	return net.ParseIP(value) != nil && net.ParseIP(value).To4() != nil
+}
diff --git a/pkg/util/validation_test.go b/pkg/util/validation_test.go
@@ -222,3 +222,33 @@ func TestIsValidLabelValue(t *testing.T) {
 		}
 	}
 }
+
+func TestIsValidIP(t *testing.T) {
+	goodValues := []string{
+		"1.1.1.1",
+		"1.1.1.01",
+		"255.0.0.1",
+		"1.0.0.0",
+		"0.0.0.0",
+	}
+	for _, val := range goodValues {
+		if !IsValidIP(val) {
+			t.Errorf("expected true for %q", val)
+		}
+	}
+
+	badValues := []string{
+		"2a00:79e0:2:0:f1c3:e797:93c1:df80", // This is valid IPv6
+		"a",
+		"myhost.mydomain",
+		"-1.0.0.0",
+		"1.0.0.256",
+		"1.0.0.1.1",
+		"1.0.0.1.",
+	}
+	for _, val := range badValues {
+		if IsValidIP(val) {
+			t.Errorf("expected false for %q", val)
+		}
+	}
+}