Skip to content

Commit

Permalink
Custom networking subnet validation (#496)
Browse files Browse the repository at this point in the history 
* adding cidr checking

Signed-off-by: Gordonby <[email protected]>

* better regex

Signed-off-by: Gordonby <[email protected]>

Signed-off-by: Gordonby <[email protected]>
  • Loading branch information
Gordon Byers authored Jan 20, 2023
1 parent 366608f commit 2098f62
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 13 deletions.
55 changes: 42 additions & 13 deletions helper/src/components/networkTab.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ export default function NetworkTab ({ defaults, tabValues, updateFn, invalidArra
onChange={(ev, v) => updateFn("afw", v)}
label="Implement Azure Firewall & UDR next hop" />

{net.azureFirewallsSku=='Basic' &&
{net.azureFirewallsSku==='Basic' &&
<MessageBar styles={{ root: { marginLeft: '50px', width:'500px', marginTop: '10px !important'}}} messageBarType={MessageBarType.warning}>Basic SKU is currently a preview service <Link href="https://learn.microsoft.com/en-gb/azure/firewall/deploy-firewall-basic-portal-policy#prerequisites">(*preview)</Link></MessageBar>
}
<Dropdown
Expand Down Expand Up @@ -345,27 +345,41 @@ export default function NetworkTab ({ defaults, tabValues, updateFn, invalidArra
</Stack.Item>

{net.vnet_opt === 'custom' ?
<CustomVNET addons={addons} net={net} updateFn={updateFn} />
<CustomVNET addons={addons} net={net} updateFn={updateFn} invalidArray={invalidArray} />
: net.vnet_opt === 'byo' &&
<BYOVNET addons={addons} net={net} updateFn={updateFn} invalidArray={invalidArray} />
}
</Stack>
)
}

function PodServiceNetwork({ net, updateFn }) {
function PodServiceNetwork({ net, updateFn, invalidArray }) {
return (
<Stack {...columnProps}>
<Label>Kubernetes Networking Configuration</Label>
<Stack.Item styles={{root: {width: '380px'}}} align="start">
<TextField prefix="Cidr" label="POD Network" disabled={net.networkPlugin !== 'kubenet' && !net.cniDynamicIpAllocation && !net.networkPluginMode} onChange={(ev, val) => updateFn("podCidr", val)} value={net.networkPlugin === 'kubenet' || net.cniDynamicIpAllocation || net.networkPluginMode ? net.podCidr : "Using CNI, POD IPs from subnet"} />
<TextField
prefix="Cidr" label="POD Network"
disabled={net.networkPlugin !== 'kubenet' && !net.cniDynamicIpAllocation && !net.networkPluginMode}
onChange={(ev, val) => updateFn("podCidr", val)}
value={net.networkPlugin === 'kubenet' || net.cniDynamicIpAllocation || net.networkPluginMode ? net.podCidr : "Using CNI, POD IPs from subnet"}
maxLength={18}
errorMessage={net.networkPlugin === 'kubenet' || net.cniDynamicIpAllocation || net.networkPluginMode ? getError(invalidArray, 'podCidr') : ''} />
</Stack.Item>
<Stack.Item styles={{root: {width: '380px'}}} align="start">
<TextField prefix="Cidr" label="Service Network" onChange={(ev, val) => updateFn("serviceCidr", val)} value={net.serviceCidr} />
<TextField
prefix="Cidr" label="Service Network"
onChange={(ev, val) => updateFn("serviceCidr", val)}
value={net.serviceCidr}
errorMessage={getError(invalidArray, 'serviceCidr')} />
<MessageBar messageBarType={MessageBarType.warning}>Address space that isn't in use elsewhere in your network environment <a target="_target" href="https://docs.microsoft.com/en-us/azure/aks/configure-kubenet#create-an-aks-cluster-in-the-virtual-network">docs</a></MessageBar>
</Stack.Item>
<Stack.Item styles={{root: {width: '380px'}}} align="start">
<TextField prefix="IP" label="DNS Service IP" onChange={(ev, val) => updateFn("dnsServiceIP", val)} value={net.dnsServiceIP} />
<TextField
prefix="IP" label="DNS Service IP"
onChange={(ev, val) => updateFn("dnsServiceIP", val)}
value={net.dnsServiceIP}
errorMessage={getError(invalidArray, 'dnsServiceIP')} />
<MessageBar messageBarType={MessageBarType.warning}>Ensure its an address within the Service CIDR above <a target="_target" href="https://docs.microsoft.com/en-us/azure/aks/configure-kubenet#create-an-aks-cluster-in-the-virtual-network">docs</a></MessageBar>
</Stack.Item>

Expand All @@ -389,25 +403,35 @@ function BYOVNET({ net, addons, updateFn, invalidArray }) {
<MessageBar messageBarType={MessageBarType.warning}>Ensure your Application Gateway subnet meets these requirements <Link href="https://docs.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet">here</Link></MessageBar>

<Separator/>
<PodServiceNetwork net={net} updateFn={updateFn} />
<PodServiceNetwork net={net} updateFn={updateFn} invalidArray={invalidArray} />

</Stack>
)
}


function CustomVNET({ net, addons, updateFn }) {
function CustomVNET({ net, addons, updateFn, invalidArray }) {
return (
<Stack styles={adv_stackstyle}>
<Label>Custom Network VNET & Kubernetes Network Configuration</Label>
<Stack horizontal tokens={{ childrenGap: 50 }} styles={{ root: { width: 650 } }}>
<Stack {...columnProps}>

<Stack.Item align="start">
<TextField prefix="Cidr" label="VNET Address space" onChange={(ev, val) => updateFn("vnetAddressPrefix", val)} value={net.vnetAddressPrefix} />
<TextField
prefix="Cidr"
label="VNET Address space"
onChange={(ev, val) => updateFn("vnetAddressPrefix", val)}
value={net.vnetAddressPrefix}
errorMessage={getError(invalidArray, 'vnetAddressPrefix')} />
</Stack.Item>
<Stack.Item style={{ marginLeft: "20px"}}>
<TextField prefix="Cidr" label="AKS Nodes subnet" onChange={(ev, val) => updateFn("vnetAksSubnetAddressPrefix", val)} value={net.vnetAksSubnetAddressPrefix} />
<TextField
prefix="Cidr"
label="AKS Nodes subnet"
onChange={(ev, val) => updateFn("vnetAksSubnetAddressPrefix", val)}
value={net.vnetAksSubnetAddressPrefix}
errorMessage={getError(invalidArray, 'vnetAksSubnetAddressPrefix')} />
</Stack.Item>
{/*
<Stack.Item align="center">
Expand All @@ -419,7 +443,7 @@ function CustomVNET({ net, addons, updateFn }) {
</Stack.Item>

<Stack.Item style={{ marginLeft: "20px"}}>
<TextField prefix="Cidr" disabled={!net.afw || net.azureFirewallsSku!=='Basic'} label="Azure Firewall management subnet" onChange={(ev, val) => updateFn("vnetFirewallManagementSubnetAddressPrefix", val)} value={net.afw ? (net.azureFirewallsSku=='Basic' ? net.vnetFirewallManagementSubnetAddressPrefix : 'Management subnet for Basic SKU') : "No Firewall requested"} />
<TextField prefix="Cidr" disabled={!net.afw || net.azureFirewallsSku!=='Basic'} label="Azure Firewall management subnet" onChange={(ev, val) => updateFn("vnetFirewallManagementSubnetAddressPrefix", val)} value={net.afw ? (net.azureFirewallsSku==='Basic' ? net.vnetFirewallManagementSubnetAddressPrefix : 'Management subnet for Basic SKU') : "No Firewall requested"} />
</Stack.Item>

<Stack.Item style={{ marginLeft: "20px"}}>
Expand All @@ -436,12 +460,17 @@ function CustomVNET({ net, addons, updateFn }) {
</Stack.Item>

<Stack.Item style={{ marginLeft: "20px"}}>
<TextField prefix="Cidr" disabled={!net.vnetprivateend} label="Private Endpoint subnet" onChange={(ev, val) => updateFn("privateLinkSubnetAddressPrefix", val)} value={net.vnetprivateend ? net.privateLinkSubnetAddressPrefix : "No Private Endpoints requested"} />
<TextField
prefix="Cidr" disabled={!net.vnetprivateend}
label="Private Endpoint subnet"
onChange={(ev, val) => updateFn("privateLinkSubnetAddressPrefix", val)}
value={net.vnetprivateend ? net.privateLinkSubnetAddressPrefix : "No Private Endpoints requested"}
errorMessage={net.vnetprivateend && getError(invalidArray, 'privateLinkSubnetAddressPrefix')} />
</Stack.Item>

</Stack>

<PodServiceNetwork net={net} updateFn={updateFn} />
<PodServiceNetwork net={net} updateFn={updateFn} invalidArray={invalidArray} />
</Stack>

<Separator styles={{ root: { marginTop: '20px !important' } }}/>
Expand Down
31 changes: 31 additions & 0 deletions helper/src/components/portalnav.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,31 @@ export default function PortalNav({ config }) {
}
}

function isCidrValid(cidr) {
var regex=cidr.match(/^([0-9]{1,3}\.){3}[0-9]{1,3}($|\/(1[6-9]|2[0-6]))$/)
if(regex === null || regex.length !== 4 || regex[3] === undefined) {
//cidr range not valid
return false
}
else { return true }
}
const invalidCidrMessage = "Enter a valid CIDR address (/16 - /26)"

//declare string constant variable


function isIPValid(ip) {
if(ip === undefined || ip === null || ip === '') {
return true
}
else if (ip.match(/^([0-9]{1,3}\.){3}[0-9]{1,3}$/) === null) {
return false
}
else {
return true
}
}

const { deploy, cluster, net, addons } = tabValues

console.log(`PortalNav: Evaluating configruation warnings...`)
Expand Down Expand Up @@ -354,6 +379,12 @@ export default function PortalNav({ config }) {
:
'This template can only deploy Azure Firewall in single VNET with Custom Networking')
invalidFn('net', 'aksOutboundTrafficType', (net.aksOutboundTrafficType === 'managedNATGateway' && net.vnet_opt !== "default") || (net.aksOutboundTrafficType === 'userAssignedNATGateway' && net.vnet_opt === "default"), 'When using Managed Nat Gateway, only default networking is supported. For other networking options, use Assigned NAT Gateway')
invalidFn('net', 'serviceCidr', net.vnet_opt === "custom" && !isCidrValid(net.serviceCidr), invalidCidrMessage)
invalidFn('net', 'podCidr', !isCidrValid(net.podCidr), invalidCidrMessage)
invalidFn('net', 'dnsServiceIP', !isIPValid(net.dnsServiceIP), 'Enter a valid IP')
invalidFn('net', 'podCidr', !isCidrValid(net.podCidr), invalidCidrMessage)
invalidFn('net', 'vnetAddressPrefix', !isCidrValid(net.vnetAddressPrefix), invalidCidrMessage)
invalidFn('net', 'vnetAksSubnetAddressPrefix', !isCidrValid(net.vnetAksSubnetAddressPrefix), invalidCidrMessage)
invalidFn('deploy', 'apiips', cluster.apisecurity === 'whitelist' && deploy.apiips.length < 7, 'Enter an IP/CIDR, or select \'Public IP with no IP restrictions\' in the \'Cluster API Server Security\' section of the \'Cluster Details\' tab')
invalidFn('deploy', 'clusterName', !deploy.clusterName || deploy.clusterName.match(/^[a-z0-9][_\-a-z0-9]+[a-z0-9]$/i) === null || deploy.clusterName.length > 19, 'Enter valid cluster name')

Expand Down

0 comments on commit 2098f62

Please sign in to comment.