mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
terraform-provider: validate pod ip cidr only on gcp (#2838)
This commit is contained in:
parent
4db0662b06
commit
5faa374ede
@ -215,9 +215,6 @@ func (r *ClusterResource) Schema(_ context.Context, _ resource.SchemaRequest, re
|
||||
MarkdownDescription: "CIDR range of the cluster's pod network. Only required for clusters running on GCP.",
|
||||
Description: "CIDR range of the cluster's pod network. Only required for clusters running on GCP.",
|
||||
Optional: true,
|
||||
Validators: []validator.String{
|
||||
stringvalidator.RegexMatches(cidrRegex, "Pod IP CIDR must be a valid CIDR range."),
|
||||
},
|
||||
},
|
||||
"ip_cidr_service": schema.StringAttribute{
|
||||
MarkdownDescription: "CIDR range of the cluster's service network.",
|
||||
@ -673,6 +670,16 @@ func (r *ClusterResource) validateGCPNetworkConfig(ctx context.Context, data *Cl
|
||||
"Pod IP CIDR not allowed", "When csp is not set to 'gcp', setting 'ip_cidr_pod' has no effect.",
|
||||
)
|
||||
}
|
||||
|
||||
// Pod IP CIDR should be a valid CIDR on GCP
|
||||
if strings.EqualFold(data.CSP.ValueString(), cloudprovider.GCP.String()) &&
|
||||
!cidrRegex.MatchString(networkCfg.IPCidrPod.ValueString()) {
|
||||
diags.AddAttributeError(
|
||||
path.Root("network_config").AtName("ip_pod_cidr"),
|
||||
"Invalid CIDR range", "Pod IP CIDR must be a valid CIDR range.",
|
||||
)
|
||||
}
|
||||
|
||||
return diags
|
||||
}
|
||||
|
||||
|
@ -453,6 +453,41 @@ func TestAccClusterResource(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
"gcp pod ip cidr not a valid cidr": {
|
||||
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
|
||||
PreCheck: bazelPreCheck,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: fullClusterTestingConfig(t, "gcp") + fmt.Sprintf(`
|
||||
resource "constellation_cluster" "test" {
|
||||
csp = "gcp"
|
||||
name = "constell"
|
||||
uid = "test"
|
||||
image = data.constellation_image.bar.image
|
||||
attestation = data.constellation_attestation.foo.attestation
|
||||
init_secret = "deadbeef"
|
||||
master_secret = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
|
||||
master_secret_salt = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
|
||||
measurement_salt = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
|
||||
out_of_cluster_endpoint = "192.0.2.1"
|
||||
in_cluster_endpoint = "192.0.2.1"
|
||||
network_config = {
|
||||
ip_cidr_node = "0.0.0.0/24"
|
||||
ip_cidr_service = "0.0.0.0/24"
|
||||
ip_cidr_pod = "0.0.0.0/xxxx"
|
||||
}
|
||||
gcp = {
|
||||
project_id = "test"
|
||||
service_account_key = "eyJ0ZXN0IjogInRlc3QifQ=="
|
||||
}
|
||||
kubernetes_version = "%s"
|
||||
constellation_microservice_version = "%s"
|
||||
}
|
||||
`, versions.Default, providerVersion),
|
||||
ExpectError: regexp.MustCompile(`.*Pod IP CIDR must be a valid CIDR range.*`),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, tc := range testCases {
|
||||
|
Loading…
Reference in New Issue
Block a user