Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-01 22:06:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

terraform-provider: validate pod ip cidr only on gcp (#2838)

Browse source
This commit is contained in:
Moritz Sanft 2024-01-23 09:08:23 +01:00 committed by GitHub
parent 4db0662b06
commit 5faa374ede
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 45 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
terraform-provider-constellation/internal/provider/cluster_resource.go
View file

@ -215,9 +215,6 @@ func (r *ClusterResource) Schema(_ context.Context, _ resource.SchemaRequest, re
MarkdownDescription: "CIDR range of the cluster's pod network. Only required for clusters running on GCP.", MarkdownDescription: "CIDR range of the cluster's pod network. Only required for clusters running on GCP.",
Description: "CIDR range of the cluster's pod network. Only required for clusters running on GCP.", Description: "CIDR range of the cluster's pod network. Only required for clusters running on GCP.",
Optional: true, Optional: true,
Validators: []validator.String{
stringvalidator.RegexMatches(cidrRegex, "Pod IP CIDR must be a valid CIDR range."),
},
}, },
"ip_cidr_service": schema.StringAttribute{ "ip_cidr_service": schema.StringAttribute{
MarkdownDescription: "CIDR range of the cluster's service network.", MarkdownDescription: "CIDR range of the cluster's service network.",
@ -673,6 +670,16 @@ func (r *ClusterResource) validateGCPNetworkConfig(ctx context.Context, data *Cl
"Pod IP CIDR not allowed", "When csp is not set to 'gcp', setting 'ip_cidr_pod' has no effect.", "Pod IP CIDR not allowed", "When csp is not set to 'gcp', setting 'ip_cidr_pod' has no effect.",
) )
} }
// Pod IP CIDR should be a valid CIDR on GCP
if strings.EqualFold(data.CSP.ValueString(), cloudprovider.GCP.String()) &&
!cidrRegex.MatchString(networkCfg.IPCidrPod.ValueString()) {
diags.AddAttributeError(
path.Root("network_config").AtName("ip_pod_cidr"),
"Invalid CIDR range", "Pod IP CIDR must be a valid CIDR range.",
)
}
return diags return diags
} }

35
terraform-provider-constellation/internal/provider/cluster_resource_test.go
View file

@ -453,6 +453,41 @@ func TestAccClusterResource(t *testing.T) {
}, },
}, },
}, },
"gcp pod ip cidr not a valid cidr": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck,
Steps: []resource.TestStep{
{
Config: fullClusterTestingConfig(t, "gcp") + fmt.Sprintf(`
resource "constellation_cluster" "test" {
csp = "gcp"
name = "constell"
uid = "test"
image = data.constellation_image.bar.image
attestation = data.constellation_attestation.foo.attestation
init_secret = "deadbeef"
master_secret = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
master_secret_salt = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
measurement_salt = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
out_of_cluster_endpoint = "192.0.2.1"
in_cluster_endpoint = "192.0.2.1"
network_config = {
ip_cidr_node = "0.0.0.0/24"
ip_cidr_service = "0.0.0.0/24"
ip_cidr_pod = "0.0.0.0/xxxx"
}
gcp = {
project_id = "test"
service_account_key = "eyJ0ZXN0IjogInRlc3QifQ=="
}
kubernetes_version = "%s"
constellation_microservice_version = "%s"
}
`, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(`.*Pod IP CIDR must be a valid CIDR range.*`),
},
},
},
} }
for name, tc := range testCases { for name, tc := range testCases {