From 3834fe2b2d582f9071e1a1bcdd21444bb5312a0d Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Fri, 20 Oct 2023 12:27:31 -0700 Subject: [PATCH] reject ipv6 Signed-off-by: Arko Dasgupta --- .../validation/envoyproxy_validate.go | 4 ++-- .../validation/envoyproxy_validate_test.go | 22 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/api/v1alpha1/validation/envoyproxy_validate.go b/api/v1alpha1/validation/envoyproxy_validate.go index c5f8d6becbe..73f8a5e7aaf 100644 --- a/api/v1alpha1/validation/envoyproxy_validate.go +++ b/api/v1alpha1/validation/envoyproxy_validate.go @@ -101,8 +101,8 @@ func validateService(spec *egv1a1.EnvoyProxySpec) []error { errs = append(errs, fmt.Errorf("loadBalancerIP can only be set for %v type", egv1a1.ServiceTypeLoadBalancer)) } - if net.ParseIP(*serviceLoadBalancerIP) == nil { - errs = append(errs, fmt.Errorf("loadBalancerIP:%s is an invalid IP address", *serviceLoadBalancerIP)) + if ip := net.ParseIP(*serviceLoadBalancerIP); ip == nil || ip.To4() == nil { + errs = append(errs, fmt.Errorf("loadBalancerIP:%s is an invalid IPv4 address", *serviceLoadBalancerIP)) } } } diff --git a/api/v1alpha1/validation/envoyproxy_validate_test.go b/api/v1alpha1/validation/envoyproxy_validate_test.go index c2b3bde71e6..a692c0caba0 100644 --- a/api/v1alpha1/validation/envoyproxy_validate_test.go +++ b/api/v1alpha1/validation/envoyproxy_validate_test.go @@ -255,6 +255,28 @@ func TestValidateEnvoyProxy(t *testing.T) { }, expected: false, }, + { + name: "envoy service type 'LoadBalancer' with ipv6 loadBalancerIP", + proxy: &egv1a1.EnvoyProxy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + Name: "test", + }, + Spec: egv1a1.EnvoyProxySpec{ + Provider: &egv1a1.EnvoyProxyProvider{ + Type: egv1a1.ProviderTypeKubernetes, + Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{ + EnvoyService: &egv1a1.KubernetesServiceSpec{ + Type: egv1a1.GetKubernetesServiceType(egv1a1.ServiceTypeLoadBalancer), + LoadBalancerIP: ptr.To("2001:db8::68"), + }, + }, + }, + }, + }, + expected: false, + }, + { name: "valid user bootstrap replace type", proxy: &egv1a1.EnvoyProxy{