Skip to content

Commit fe1e319

Browse files
RobertLucianRobertLucian
authored
Validate VPC CIDR network size (#2353)
1 parent e76db5b commit fe1e319

File tree

2 files changed

+19
-1
lines changed

2 files changed

+19
-1
lines changed

pkg/types/clusterconfig/cluster_config.go

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,9 @@ var (
8686
_maxIOPSToVolumeSizeRatioForGP3 = int64(500)
8787
_minIOPSToThroughputRatioForGP3 = int64(4)
8888

89+
_minSubnetMask = 16
90+
_maxSubnetMask = 24
91+
8992
// This regex is stricter than the actual S3 rules
9093
_strictS3BucketRegex = regexp.MustCompile(`^([a-z0-9])+(-[a-z0-9]+)*$`)
9194
)
@@ -1467,11 +1470,18 @@ func (ng *NodeGroup) FillEmptySpotFields(region string) {
14671470
}
14681471

14691472
func validateCIDR(cidr string) (string, error) {
1470-
_, _, err := net.ParseCIDR(cidr)
1473+
_, network, err := net.ParseCIDR(cidr)
14711474
if err != nil {
14721475
return "", errors.WithStack(err)
14731476
}
14741477

1478+
if network != nil {
1479+
maskSize, _ := network.Mask.Size()
1480+
if maskSize < _minSubnetMask || maskSize > _maxSubnetMask {
1481+
return "", ErrorSubnetMaskOutOfRange(maskSize, _minSubnetMask, _maxSubnetMask)
1482+
}
1483+
}
1484+
14751485
return cidr, nil
14761486
}
14771487

pkg/types/clusterconfig/errors.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,7 @@ const (
6060
ErrUnsupportedAvailabilityZone = "clusterconfig.unsupported_availability_zone"
6161
ErrNotEnoughValidDefaultAvailibilityZones = "clusterconfig.not_enough_valid_default_availability_zones"
6262
ErrNoNATGatewayWithSubnets = "clusterconfig.no_nat_gateway_with_subnets"
63+
ErrSubnetMaskOutOfRange = "clusterconfig.subnet_mask_out_of_range"
6364
ErrConfigCannotBeChangedOnConfigure = "clusterconfig.config_cannot_be_changed_on_configure"
6465
ErrNodeGroupCanOnlyBeScaled = "clusterconfig.node_group_can_only_be_scaled"
6566
ErrSpecifyOneOrNone = "clusterconfig.specify_one_or_none"
@@ -309,6 +310,13 @@ func ErrorNoNATGatewayWithSubnets() error {
309310
})
310311
}
311312

313+
func ErrorSubnetMaskOutOfRange(requestedMaskSize, minMaskSize, maxMaskSize int) error {
314+
return errors.WithStack(&errors.Error{
315+
Kind: ErrSubnetMaskOutOfRange,
316+
Message: fmt.Sprintf("invalid network size /%d; the network size must be between /%d and /%d", requestedMaskSize, minMaskSize, maxMaskSize),
317+
})
318+
}
319+
312320
func ErrorConfigCannotBeChangedOnConfigure() error {
313321
return errors.WithStack(&errors.Error{
314322
Kind: ErrConfigCannotBeChangedOnConfigure,

0 commit comments

Comments
 (0)