Filter fixed IP addresses with CIDR notation

This allows filtering the fixed IP addresses returned by the OpenStack compute API with a filter defined as CIDR notation. When specifying the filter then the first fixed IP address matching the CIDR notation will be returned. If no filter is specified then the first found IP will be returned.
kubernetes-retired · Aug 8, 2022 · 71c0731 · 71c0731
1 parent ef56432
commit 71c0731
Show file tree

Hide file tree

Showing 8 changed files with 337 additions and 13 deletions.
diff --git a/etcd-manager/cmd/etcd-manager/BUILD.bazel b/etcd-manager/cmd/etcd-manager/BUILD.bazel
@@ -1,4 +1,4 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test")
 
 go_library(
     name = "etcd-manager_lib",
@@ -39,3 +39,9 @@ go_binary(
     embed = [":etcd-manager_lib"],
     visibility = ["//visibility:public"],
 )
+
+go_test(
+    name = "etcd-manager_test",
+    srcs = ["main_test.go"],
+    embed = [":etcd-manager_lib"],
+)
diff --git a/etcd-manager/cmd/etcd-manager/main.go b/etcd-manager/cmd/etcd-manager/main.go
@@ -100,6 +100,8 @@ func main() {
 	var volumeTags stringSliceFlag
 	flag.Var(&volumeTags, "volume-tag", "tag which volume is required to have")
 
+	flag.StringVar(&o.NetworkCIDR, "network-cidr", o.NetworkCIDR, "filtering for IP addresses by defining a comma separated list of CIDRs.")
+
 	flag.Parse()
 
 	o.VolumeTags = volumeTags
@@ -161,6 +163,11 @@ type EtcdManagerOptions struct {
 
 	// EtcdManagerMetricsPort allows exposing statistics from etcd-manager
 	EtcdManagerMetricsPort int
+
+	// NetworkCIDR allows filtering for IP addresses by defining a comma separated list of CIDRs.
+	// When defining multiple CIDRs then etcd-manager uses the IP first matching the CIDR with the highest priority.
+	// The order of which the CIRRs are in define the priority, where the first item having the highest.
+	NetworkCIDR string
 }
 
 // InitDefaults populates the default flag values
@@ -189,6 +196,32 @@ func (o *EtcdManagerOptions) InitDefaults() {
 	o.Insecure = false
 	o.EtcdInsecure = false
 	o.EtcdManagerMetricsPort = 0
+
+	o.NetworkCIDR = os.Getenv("ETCD_MANAGER_NETWORK_CIDR")
+}
+
+func parseNetworkCIDR(o *EtcdManagerOptions) ([]*net.IPNet, error) {
+	if o.NetworkCIDR == "" {
+		return nil, nil
+	}
+
+	if o.VolumeProviderID != "openstack" {
+		return nil, fmt.Errorf("is only supported with provider 'openstack'")
+	}
+
+	var networkCIDRs []*net.IPNet
+
+	for _, cidr := range strings.Split(o.NetworkCIDR, ",") {
+		cidr = strings.TrimSpace(cidr)
+		_, parsedCIDR, err := net.ParseCIDR(cidr)
+		if err != nil {
+			return nil, err
+		}
+
+		networkCIDRs = append(networkCIDRs, parsedCIDR)
+	}
+
+	return networkCIDRs, nil
 }
 
 // RunEtcdManager runs the etcd-manager, returning only we should exit.
@@ -201,6 +234,11 @@ func RunEtcdManager(o *EtcdManagerOptions) error {
 		return fmt.Errorf("backup-store is required")
 	}
 
+	networkCIDRs, err := parseNetworkCIDR(o)
+	if err != nil {
+		return fmt.Errorf("network-cidr %s", err)
+	}
+
 	backupInterval, err := time.ParseDuration(o.BackupInterval)
 	if err != nil {
 		return fmt.Errorf("invalid backup-interval duration %q", o.BackupInterval)
@@ -243,7 +281,7 @@ func RunEtcdManager(o *EtcdManagerOptions) error {
 			discoveryProvider = gceVolumeProvider
 
 		case "openstack":
-			osVolumeProvider, err := openstack.NewOpenstackVolumes(o.ClusterName, o.VolumeTags, o.NameTag)
+			osVolumeProvider, err := openstack.NewOpenstackVolumes(o.ClusterName, o.VolumeTags, o.NameTag, networkCIDRs)
 			if err != nil {
 				fmt.Fprintf(os.Stderr, "%v\n", err)
 				os.Exit(1)

diff --git a/etcd-manager/cmd/etcd-manager/main_test.go b/etcd-manager/cmd/etcd-manager/main_test.go
@@ -0,0 +1,103 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"reflect"
+	"testing"
+)
+
+func getTestData(networkCIDR string, volumeProviderID string) *EtcdManagerOptions {
+	var o EtcdManagerOptions
+	o.InitDefaults()
+
+	o.NetworkCIDR = networkCIDR
+	o.VolumeProviderID = volumeProviderID
+
+	return &o
+}
+
+func assertTestResults(t *testing.T, err error, expected interface{}, actual interface{}) {
+	if err != nil {
+		t.Fatalf("unexpected error: %s", err)
+	}
+
+	if !reflect.DeepEqual(expected, actual) {
+		t.Fatalf("expected '%+v', but got '%+v'", expected, actual)
+	}
+}
+
+func TestParseNetworkCIDRReturnsNilByDefault(t *testing.T) {
+	o := getTestData("", "")
+
+	_, actualErr := parseNetworkCIDR(o)
+
+	assertTestResults(t, nil, nil, actualErr)
+}
+
+func TestParseNetworkCIDRReturnsUnsupportedProviderError(t *testing.T) {
+	o := getTestData("192.168.0.0/16", "")
+
+	expectedErr := fmt.Errorf("is only supported with provider 'openstack'")
+
+	_, actualErr := parseNetworkCIDR(o)
+
+	assertTestResults(t, nil, expectedErr, actualErr)
+}
+
+func TestParseNetworkCIDRReturnsErrorOnInvalidCIDR(t *testing.T) {
+	o := getTestData("192.168.0.0/123, 2001:db8::/64", "openstack")
+
+	expectedErr := &net.ParseError{Type: "CIDR address", Text: "192.168.0.0/123"}
+
+	_, actualErr := parseNetworkCIDR(o)
+
+	assertTestResults(t, nil, expectedErr, actualErr)
+}
+
+func TestParseNetworkCIDRReturnsParsedCIDR(t *testing.T) {
+	o := getTestData("192.168.0.0/16, 2001:db8::/64", "openstack")
+
+	var expectedNetworkCIDRs []*net.IPNet
+	_, cidr1, _ := net.ParseCIDR("192.168.0.0/16")
+	_, cidr2, _ := net.ParseCIDR("2001:db8::/64")
+	expectedNetworkCIDRs = append(expectedNetworkCIDRs, cidr1, cidr2)
+
+	actualNetworkCIDRs, err := parseNetworkCIDR(o)
+
+	assertTestResults(t, err, expectedNetworkCIDRs, actualNetworkCIDRs)
+}
+
+func TestParseInitDefaultReturnsEmptyStringForNetworkCIDRs(t *testing.T) {
+	var o EtcdManagerOptions
+	o.InitDefaults()
+
+	assertTestResults(t, nil, "", o.NetworkCIDR)
+}
+
+func TestParseInitDefaultReturnsValueOfEnvVarForNetworkCIDRs(t *testing.T) {
+	expectedNetworkCIDR := "192.168.0.0/16, 2001:db8::/64"
+	os.Setenv("ETCD_MANAGER_NETWORK_CIDR", expectedNetworkCIDR)
+
+	var o EtcdManagerOptions
+	o.InitDefaults()
+
+	assertTestResults(t, nil, expectedNetworkCIDR, o.NetworkCIDR)
+}
diff --git a/etcd-manager/pkg/volumes/openstack/BUILD.bazel b/etcd-manager/pkg/volumes/openstack/BUILD.bazel
@@ -1,4 +1,4 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test", "go_test")
 
 go_library(
     name = "openstack",
@@ -31,7 +31,10 @@ go_library(
 
 go_test(
     name = "openstack_test",
-    srcs = ["volumes_test.go"],
+    srcs = [
+        "util_test.go",
+        "volumes_test.go",
+    ],
     data = glob(["testdata/**"]),
     embed = [":openstack"],
     deps = [

diff --git a/etcd-manager/pkg/volumes/openstack/discovery.go b/etcd-manager/pkg/volumes/openstack/discovery.go
@@ -52,7 +52,7 @@ func (os *OpenstackVolumes) Poll() (map[string]discovery.Node, error) {
 		node := discovery.Node{
 			ID: volume.EtcdName,
 		}
-		address, err := GetServerFixedIP(server.Addresses, server.Name)
+		address, err := GetServerFixedIP(server.Addresses, server.Name, os.networkCIDRs)
 		if err != nil {
 			klog.Warningf("Could not find servers fixed ip %s: %v", server.Name, err)
 			continue

diff --git a/etcd-manager/pkg/volumes/openstack/util.go b/etcd-manager/pkg/volumes/openstack/util.go
@@ -18,6 +18,7 @@ package openstack
 
 import (
 	"fmt"
+	"net"
 )
 
 const (
@@ -26,20 +27,39 @@ const (
 	openstackAddress        = "addr"
 )
 
-func GetServerFixedIP(addrs map[string]interface{}, name string) (poolAddress string, err error) {
+func getAllServerFixedIPs(addrs map[string]interface{}) []string {
+	var fixedIPs []string
 	for _, address := range addrs {
 		if addresses, ok := address.([]interface{}); ok {
 			for _, addr := range addresses {
 				addrMap := addr.(map[string]interface{})
 				if addrType, ok := addrMap[openstackExternalIPType]; ok && addrType == openstackAddressFixed {
 					if fixedIP, ok := addrMap[openstackAddress]; ok {
 						if fixedIPStr, ok := fixedIP.(string); ok {
-							return fixedIPStr, nil
+							fixedIPs = append(fixedIPs, fixedIPStr)
 						}
 					}
 				}
 			}
 		}
 	}
+	return fixedIPs
+}
+
+func GetServerFixedIP(addrs map[string]interface{}, name string, networkCIDRs []*net.IPNet) (poolAddress string, err error) {
+	fixedIPs := getAllServerFixedIPs(addrs)
+
+	if networkCIDRs != nil {
+		for _, cidr := range networkCIDRs {
+			for _, fixedIP := range fixedIPs {
+				if cidr.Contains(net.ParseIP(fixedIP)) {
+					return fixedIP, nil
+				}
+			}
+		}
+	} else if len(fixedIPs) > 0 {
+		return fixedIPs[0], nil
+	}
+
 	return "", fmt.Errorf("failed to find Fixed IP address for server %s", name)
 }