Remove proxyutil.IsProxyableIP / IsProxyableHostname
These don't belong in pkg/proxy/util; they involve a completely unrelated definition of proxying. Since each is only used from one place, just inline them at the callers.
This commit is contained in:
Dan Winship
@@ -19,7 +19,6 @@ package util
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"strconv"
|
||||
@@ -45,14 +44,6 @@ const (
|
||||
IPv6ZeroCIDR = "::/0"
|
||||
)
|
||||
|
||||
var (
|
||||
// ErrAddressNotAllowed indicates the address is not allowed
|
||||
ErrAddressNotAllowed = errors.New("address not allowed")
|
||||
|
||||
// ErrNoAddresses indicates there are no addresses for the hostname
|
||||
ErrNoAddresses = errors.New("no addresses for hostname")
|
||||
)
|
||||
|
||||
// isValidEndpoint checks that the given host / port pair are valid endpoint
|
||||
func isValidEndpoint(host string, port int) bool {
|
||||
return host != "" && port > 0
|
||||
@@ -95,46 +86,11 @@ func IsLoopBack(ip string) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// IsProxyableIP checks if a given IP address is permitted to be proxied
|
||||
func IsProxyableIP(ip string) error {
|
||||
netIP := netutils.ParseIPSloppy(ip)
|
||||
if netIP == nil {
|
||||
return ErrAddressNotAllowed
|
||||
}
|
||||
return isProxyableIP(netIP)
|
||||
}
|
||||
|
||||
func isProxyableIP(ip net.IP) error {
|
||||
if !ip.IsGlobalUnicast() {
|
||||
return ErrAddressNotAllowed
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Resolver is an interface for net.Resolver
|
||||
type Resolver interface {
|
||||
LookupIPAddr(ctx context.Context, host string) ([]net.IPAddr, error)
|
||||
}
|
||||
|
||||
// IsProxyableHostname checks if the IP addresses for a given hostname are permitted to be proxied
|
||||
func IsProxyableHostname(ctx context.Context, resolv Resolver, hostname string) error {
|
||||
resp, err := resolv.LookupIPAddr(ctx, hostname)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if len(resp) == 0 {
|
||||
return ErrNoAddresses
|
||||
}
|
||||
|
||||
for _, host := range resp {
|
||||
if err := isProxyableIP(host.IP); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetLocalAddrs returns a list of all network addresses on the local system
|
||||
func GetLocalAddrs() ([]net.IP, error) {
|
||||
var localAddrs []net.IP
|
||||
|
||||
@@ -17,7 +17,6 @@ limitations under the License.
|
||||
package util
|
||||
|
||||
import (
|
||||
"context"
|
||||
"math/rand"
|
||||
"net"
|
||||
"reflect"
|
||||
@@ -96,76 +95,6 @@ func TestBuildPortsToEndpointsMap(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsProxyableIP(t *testing.T) {
|
||||
testCases := []struct {
|
||||
ip string
|
||||
want error
|
||||
}{
|
||||
{"0.0.0.0", ErrAddressNotAllowed},
|
||||
{"127.0.0.1", ErrAddressNotAllowed},
|
||||
{"127.0.0.2", ErrAddressNotAllowed},
|
||||
{"169.254.169.254", ErrAddressNotAllowed},
|
||||
{"169.254.1.1", ErrAddressNotAllowed},
|
||||
{"224.0.0.0", ErrAddressNotAllowed},
|
||||
{"10.0.0.1", nil},
|
||||
{"192.168.0.1", nil},
|
||||
{"172.16.0.1", nil},
|
||||
{"8.8.8.8", nil},
|
||||
{"::", ErrAddressNotAllowed},
|
||||
{"::1", ErrAddressNotAllowed},
|
||||
{"fe80::", ErrAddressNotAllowed},
|
||||
{"ff02::", ErrAddressNotAllowed},
|
||||
{"ff01::", ErrAddressNotAllowed},
|
||||
{"2600::", nil},
|
||||
{"1", ErrAddressNotAllowed},
|
||||
{"", ErrAddressNotAllowed},
|
||||
}
|
||||
|
||||
for i := range testCases {
|
||||
got := IsProxyableIP(testCases[i].ip)
|
||||
if testCases[i].want != got {
|
||||
t.Errorf("case %d: expected %v, got %v", i, testCases[i].want, got)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
type dummyResolver struct {
|
||||
ips []string
|
||||
err error
|
||||
}
|
||||
|
||||
func (r *dummyResolver) LookupIPAddr(ctx context.Context, host string) ([]net.IPAddr, error) {
|
||||
if r.err != nil {
|
||||
return nil, r.err
|
||||
}
|
||||
resp := []net.IPAddr{}
|
||||
for _, ipString := range r.ips {
|
||||
resp = append(resp, net.IPAddr{IP: netutils.ParseIPSloppy(ipString)})
|
||||
}
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
func TestIsProxyableHostname(t *testing.T) {
|
||||
testCases := []struct {
|
||||
hostname string
|
||||
ips []string
|
||||
want error
|
||||
}{
|
||||
{"k8s.io", []string{}, ErrNoAddresses},
|
||||
{"k8s.io", []string{"8.8.8.8"}, nil},
|
||||
{"k8s.io", []string{"169.254.169.254"}, ErrAddressNotAllowed},
|
||||
{"k8s.io", []string{"127.0.0.1", "8.8.8.8"}, ErrAddressNotAllowed},
|
||||
}
|
||||
|
||||
for i := range testCases {
|
||||
resolv := dummyResolver{ips: testCases[i].ips}
|
||||
got := IsProxyableHostname(context.Background(), &resolv, testCases[i].hostname)
|
||||
if testCases[i].want != got {
|
||||
t.Errorf("case %d: expected %v, got %v", i, testCases[i].want, got)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestShouldSkipService(t *testing.T) {
|
||||
testCases := []struct {
|
||||
service *v1.Service
|
||||
|
||||
Reference in New Issue
Block a user