resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
terraform/internal/lang/funcs/cidr_test.go

396 lines
9.5 KiB
Go
Raw Normal View History

port cidr functions
2018-05-24 00:42:04 +02:00
package funcs
import (
"fmt"
"testing"
"github.com/zclconf/go-cty/cty"
)
func TestCidrHost(t *testing.T) {
tests := []struct {
Prefix cty.Value
Hostnum cty.Value
Want cty.Value
Err bool
}{
{
cty.StringVal("192.168.1.0/24"),
cty.NumberIntVal(5),
cty.StringVal("192.168.1.5"),
false,
},
{
cty.StringVal("192.168.1.0/24"),
cty.NumberIntVal(-5),
cty.StringVal("192.168.1.251"),
false,
},
{
cty.StringVal("192.168.1.0/24"),
cty.NumberIntVal(-256),
cty.StringVal("192.168.1.0"),
false,
},
lang/funcs: Preserve IP address leading zero behavior from Go 1.16 Go 1.17 includes a breaking change to both net.ParseIP and net.ParseCIDR functions to reject IPv4 address octets written with leading zeros. Our use of these functions as part of the various CIDR functions in the Terraform language doesn't have the same security concerns that the Go team had in evaluating this change to the standard library, and so we can't justify an exception to our v1.0 compatibility promises on the same sort of security grounds that the Go team used to justify their compatibility exception. For that reason, we'll now use our own fork of the Go library functions which has the new check disabled in order to preserve the prior behavior. We're taking this path, rather than pre-normalizing the IP address before calling into the standard library, because an additional normalization layer would be entirely new code and additional complexity, whereas this fork is relatively minor in terms of code size and avoids any significant changes to our own calls to these functions. Thanks to the Kubernetes team for their prior work on carving out a subset of the "net" package for their similar backward-compatibility concern. Our "ipaddr" package here is a lightly-modified fork of their fork, with only the comments changed to talk about Terraform instead of Kubernetes. This fork is not intended for use in any other future feature implementations, because they wouldn't be subject to the same compatibility constraints as our existing functions. We will use these forked implementations for new callers only if consistency with the behavior of the existing functions is a key requirement.
2021-08-17 20:30:18 +02:00
{
// We inadvertently inherited a pre-Go1.17 standard library quirk
// if parsing zero-prefix parts as decimal rather than octal.
// Go 1.17 resolved that quirk by making zero-prefix invalid, but
// we've preserved our existing behavior for backward compatibility,
// on the grounds that these functions are for generating addresses
// rather than validating or processing them. We do always generate
// a canonical result regardless of the input, though.
cty.StringVal("010.001.0.0/24"),
cty.NumberIntVal(6),
cty.StringVal("10.1.0.6"),
false,
},
port cidr functions
2018-05-24 00:42:04 +02:00
{
cty.StringVal("192.168.1.0/30"),
cty.NumberIntVal(255),
cty.UnknownVal(cty.String),
true, // 255 doesn't fit in two bits
},
{
cty.StringVal("192.168.1.0/30"),
cty.NumberIntVal(-255),
cty.UnknownVal(cty.String),
true, // 255 doesn't fit in two bits
},
{
cty.StringVal("not-a-cidr"),
cty.NumberIntVal(6),
cty.UnknownVal(cty.String),
true, // not a valid CIDR mask
},
{
cty.StringVal("10.256.0.0/8"),
cty.NumberIntVal(6),
cty.UnknownVal(cty.String),
true, // can't have an octet >255
},
add test cases and remove no-longer-needed validation
2020-07-08 19:14:15 +02:00
{ // fractions are Not Ok
cty.StringVal("10.256.0.0/8"),
cty.NumberFloatVal(.75),
cty.UnknownVal(cty.String),
true,
},
port cidr functions
2018-05-24 00:42:04 +02:00
}
for _, test := range tests {
t.Run(fmt.Sprintf("cidrhost(%#v, %#v)", test.Prefix, test.Hostnum), func(t *testing.T) {
got, err := CidrHost(test.Prefix, test.Hostnum)
if test.Err {
if err == nil {
t.Fatal("succeeded; want error")
}
return
} else if err != nil {
t.Fatalf("unexpected error: %s", err)
}
if !got.RawEquals(test.Want) {
t.Errorf("wrong result\ngot: %#v\nwant: %#v", got, test.Want)
}
})
}
}
func TestCidrNetmask(t *testing.T) {
tests := []struct {
Prefix cty.Value
Want cty.Value
Err bool
}{
{
cty.StringVal("192.168.1.0/24"),
cty.StringVal("255.255.255.0"),
false,
},
{
cty.StringVal("192.168.1.0/32"),
cty.StringVal("255.255.255.255"),
false,
},
{
cty.StringVal("0.0.0.0/0"),
cty.StringVal("0.0.0.0"),
false,
},
{
cty.StringVal("1::/64"),
cty.StringVal("ffff:ffff:ffff:ffff::"),
false,
},
lang/funcs: Preserve IP address leading zero behavior from Go 1.16 Go 1.17 includes a breaking change to both net.ParseIP and net.ParseCIDR functions to reject IPv4 address octets written with leading zeros. Our use of these functions as part of the various CIDR functions in the Terraform language doesn't have the same security concerns that the Go team had in evaluating this change to the standard library, and so we can't justify an exception to our v1.0 compatibility promises on the same sort of security grounds that the Go team used to justify their compatibility exception. For that reason, we'll now use our own fork of the Go library functions which has the new check disabled in order to preserve the prior behavior. We're taking this path, rather than pre-normalizing the IP address before calling into the standard library, because an additional normalization layer would be entirely new code and additional complexity, whereas this fork is relatively minor in terms of code size and avoids any significant changes to our own calls to these functions. Thanks to the Kubernetes team for their prior work on carving out a subset of the "net" package for their similar backward-compatibility concern. Our "ipaddr" package here is a lightly-modified fork of their fork, with only the comments changed to talk about Terraform instead of Kubernetes. This fork is not intended for use in any other future feature implementations, because they wouldn't be subject to the same compatibility constraints as our existing functions. We will use these forked implementations for new callers only if consistency with the behavior of the existing functions is a key requirement.
2021-08-17 20:30:18 +02:00
{
// We inadvertently inherited a pre-Go1.17 standard library quirk
// if parsing zero-prefix parts as decimal rather than octal.
// Go 1.17 resolved that quirk by making zero-prefix invalid, but
// we've preserved our existing behavior for backward compatibility,
// on the grounds that these functions are for generating addresses
// rather than validating or processing them.
cty.StringVal("010.001.0.0/24"),
cty.StringVal("255.255.255.0"),
false,
},
port cidr functions
2018-05-24 00:42:04 +02:00
{
cty.StringVal("not-a-cidr"),
cty.UnknownVal(cty.String),
true, // not a valid CIDR mask
},
{
cty.StringVal("110.256.0.0/8"),
cty.UnknownVal(cty.String),
true, // can't have an octet >255
},
}
for _, test := range tests {
t.Run(fmt.Sprintf("cidrnetmask(%#v)", test.Prefix), func(t *testing.T) {
got, err := CidrNetmask(test.Prefix)
if test.Err {
if err == nil {
t.Fatal("succeeded; want error")
}
return
} else if err != nil {
t.Fatalf("unexpected error: %s", err)
}
if !got.RawEquals(test.Want) {
t.Errorf("wrong result\ngot: %#v\nwant: %#v", got, test.Want)
}
})
}
}
func TestCidrSubnet(t *testing.T) {
tests := []struct {
Prefix cty.Value
Newbits cty.Value
Netnum cty.Value
Want cty.Value
Err bool
}{
{
cty.StringVal("192.168.2.0/20"),
cty.NumberIntVal(4),
cty.NumberIntVal(6),
cty.StringVal("192.168.6.0/24"),
false,
},
{
cty.StringVal("fe80::/48"),
cty.NumberIntVal(16),
cty.NumberIntVal(6),
cty.StringVal("fe80:0:0:6::/64"),
false,
},
{ // IPv4 address encoded in IPv6 syntax gets normalized
cty.StringVal("::ffff:192.168.0.0/112"),
cty.NumberIntVal(8),
cty.NumberIntVal(6),
cty.StringVal("192.168.6.0/24"),
false,
},
lang/funcs: refactor Subnet and Host functions to support 64-bit systems
2020-07-08 16:58:06 +02:00
{
cty.StringVal("fe80::/48"),
cty.NumberIntVal(33),
cty.NumberIntVal(6),
cty.StringVal("fe80::3:0:0:0/81"),
false,
},
lang/funcs: Preserve IP address leading zero behavior from Go 1.16 Go 1.17 includes a breaking change to both net.ParseIP and net.ParseCIDR functions to reject IPv4 address octets written with leading zeros. Our use of these functions as part of the various CIDR functions in the Terraform language doesn't have the same security concerns that the Go team had in evaluating this change to the standard library, and so we can't justify an exception to our v1.0 compatibility promises on the same sort of security grounds that the Go team used to justify their compatibility exception. For that reason, we'll now use our own fork of the Go library functions which has the new check disabled in order to preserve the prior behavior. We're taking this path, rather than pre-normalizing the IP address before calling into the standard library, because an additional normalization layer would be entirely new code and additional complexity, whereas this fork is relatively minor in terms of code size and avoids any significant changes to our own calls to these functions. Thanks to the Kubernetes team for their prior work on carving out a subset of the "net" package for their similar backward-compatibility concern. Our "ipaddr" package here is a lightly-modified fork of their fork, with only the comments changed to talk about Terraform instead of Kubernetes. This fork is not intended for use in any other future feature implementations, because they wouldn't be subject to the same compatibility constraints as our existing functions. We will use these forked implementations for new callers only if consistency with the behavior of the existing functions is a key requirement.
2021-08-17 20:30:18 +02:00
{
// We inadvertently inherited a pre-Go1.17 standard library quirk
// if parsing zero-prefix parts as decimal rather than octal.
// Go 1.17 resolved that quirk by making zero-prefix invalid, but
// we've preserved our existing behavior for backward compatibility,
// on the grounds that these functions are for generating addresses
// rather than validating or processing them. We do always generate
// a canonical result regardless of the input, though.
cty.StringVal("010.001.0.0/24"),
cty.NumberIntVal(4),
cty.NumberIntVal(1),
cty.StringVal("10.1.0.16/28"),
false,
},
port cidr functions
2018-05-24 00:42:04 +02:00
{ // not enough bits left
cty.StringVal("192.168.0.0/30"),
cty.NumberIntVal(4),
cty.NumberIntVal(6),
cty.UnknownVal(cty.String),
true,
},
{ // can't encode 16 in 2 bits
cty.StringVal("192.168.0.0/168"),
cty.NumberIntVal(2),
cty.NumberIntVal(16),
add test cases and remove no-longer-needed validation
2020-07-08 19:14:15 +02:00
cty.UnknownVal(cty.String),
port cidr functions
2018-05-24 00:42:04 +02:00
true,
},
{ // not a valid CIDR mask
cty.StringVal("not-a-cidr"),
cty.NumberIntVal(4),
cty.NumberIntVal(6),
add test cases and remove no-longer-needed validation
2020-07-08 19:14:15 +02:00
cty.UnknownVal(cty.String),
port cidr functions
2018-05-24 00:42:04 +02:00
true,
},
{ // can't have an octet >255
cty.StringVal("10.256.0.0/8"),
cty.NumberIntVal(4),
cty.NumberIntVal(6),
add test cases and remove no-longer-needed validation
2020-07-08 19:14:15 +02:00
cty.UnknownVal(cty.String),
true,
},
{ // fractions are Not Ok
cty.StringVal("10.256.0.0/8"),
cty.NumberFloatVal(2 / 3),
cty.NumberFloatVal(.75),
cty.UnknownVal(cty.String),
port cidr functions
2018-05-24 00:42:04 +02:00
true,
},
}
for _, test := range tests {
t.Run(fmt.Sprintf("cidrsubnet(%#v, %#v, %#v)", test.Prefix, test.Newbits, test.Netnum), func(t *testing.T) {
got, err := CidrSubnet(test.Prefix, test.Newbits, test.Netnum)
if test.Err {
if err == nil {
t.Fatal("succeeded; want error")
}
return
} else if err != nil {
t.Fatalf("unexpected error: %s", err)
}
if !got.RawEquals(test.Want) {
t.Errorf("wrong result\ngot: %#v\nwant: %#v", got, test.Want)
}
})
}
}
lang/funcs: cidrsubnets function This is a companion to cidrsubnet that allows bulk-allocation of multiple subnet addresses at once, with automatic numbering. Unlike cidrsubnet, cidrsubnets allows each of the allocations to have a different prefix length, and will pack the networks consecutively into the given address space. cidrsubnets can potentially create more complicated addressing schemes than cidrsubnet alone can, because it's able to take into account the full set of requested prefix lengths rather than just one at a time.
2019-09-20 04:06:15 +02:00
func TestCidrSubnets(t *testing.T) {
tests := []struct {
Prefix cty.Value
Newbits []cty.Value
Want cty.Value
Err string
}{
{
cty.StringVal("10.0.0.0/21"),
[]cty.Value{
cty.NumberIntVal(3),
cty.NumberIntVal(3),
cty.NumberIntVal(3),
cty.NumberIntVal(4),
cty.NumberIntVal(4),
cty.NumberIntVal(4),
cty.NumberIntVal(7),
cty.NumberIntVal(7),
cty.NumberIntVal(7),
},
cty.ListVal([]cty.Value{
cty.StringVal("10.0.0.0/24"),
cty.StringVal("10.0.1.0/24"),
cty.StringVal("10.0.2.0/24"),
cty.StringVal("10.0.3.0/25"),
cty.StringVal("10.0.3.128/25"),
cty.StringVal("10.0.4.0/25"),
cty.StringVal("10.0.4.128/28"),
cty.StringVal("10.0.4.144/28"),
cty.StringVal("10.0.4.160/28"),
}),
``,
},
lang/funcs: Preserve IP address leading zero behavior from Go 1.16 Go 1.17 includes a breaking change to both net.ParseIP and net.ParseCIDR functions to reject IPv4 address octets written with leading zeros. Our use of these functions as part of the various CIDR functions in the Terraform language doesn't have the same security concerns that the Go team had in evaluating this change to the standard library, and so we can't justify an exception to our v1.0 compatibility promises on the same sort of security grounds that the Go team used to justify their compatibility exception. For that reason, we'll now use our own fork of the Go library functions which has the new check disabled in order to preserve the prior behavior. We're taking this path, rather than pre-normalizing the IP address before calling into the standard library, because an additional normalization layer would be entirely new code and additional complexity, whereas this fork is relatively minor in terms of code size and avoids any significant changes to our own calls to these functions. Thanks to the Kubernetes team for their prior work on carving out a subset of the "net" package for their similar backward-compatibility concern. Our "ipaddr" package here is a lightly-modified fork of their fork, with only the comments changed to talk about Terraform instead of Kubernetes. This fork is not intended for use in any other future feature implementations, because they wouldn't be subject to the same compatibility constraints as our existing functions. We will use these forked implementations for new callers only if consistency with the behavior of the existing functions is a key requirement.
2021-08-17 20:30:18 +02:00
{
// We inadvertently inherited a pre-Go1.17 standard library quirk
// if parsing zero-prefix parts as decimal rather than octal.
// Go 1.17 resolved that quirk by making zero-prefix invalid, but
// we've preserved our existing behavior for backward compatibility,
// on the grounds that these functions are for generating addresses
// rather than validating or processing them. We do always generate
// a canonical result regardless of the input, though.
cty.StringVal("010.0.0.0/21"),
[]cty.Value{
cty.NumberIntVal(3),
},
cty.ListVal([]cty.Value{
cty.StringVal("10.0.0.0/24"),
}),
``,
},
lang/funcs: cidrsubnets function This is a companion to cidrsubnet that allows bulk-allocation of multiple subnet addresses at once, with automatic numbering. Unlike cidrsubnet, cidrsubnets allows each of the allocations to have a different prefix length, and will pack the networks consecutively into the given address space. cidrsubnets can potentially create more complicated addressing schemes than cidrsubnet alone can, because it's able to take into account the full set of requested prefix lengths rather than just one at a time.
2019-09-20 04:06:15 +02:00
{
cty.StringVal("10.0.0.0/30"),
[]cty.Value{
cty.NumberIntVal(1),
cty.NumberIntVal(3),
},
cty.UnknownVal(cty.List(cty.String)),
`would extend prefix to 33 bits, which is too long for an IPv4 address`,
},
{
cty.StringVal("10.0.0.0/8"),
[]cty.Value{
cty.NumberIntVal(1),
cty.NumberIntVal(1),
cty.NumberIntVal(1),
},
cty.UnknownVal(cty.List(cty.String)),
`not enough remaining address space for a subnet with a prefix of 9 bits after 10.128.0.0/9`,
},
{
cty.StringVal("10.0.0.0/8"),
[]cty.Value{
cty.NumberIntVal(1),
cty.NumberIntVal(0),
},
cty.UnknownVal(cty.List(cty.String)),
`must extend prefix by at least one bit`,
},
{
cty.StringVal("10.0.0.0/8"),
[]cty.Value{
cty.NumberIntVal(1),
cty.NumberIntVal(-1),
},
cty.UnknownVal(cty.List(cty.String)),
`must extend prefix by at least one bit`,
},
{
cty.StringVal("fe80::/48"),
[]cty.Value{
cty.NumberIntVal(1),
cty.NumberIntVal(33),
},
cty.UnknownVal(cty.List(cty.String)),
`may not extend prefix by more than 32 bits`,
},
}
for _, test := range tests {
t.Run(fmt.Sprintf("cidrsubnets(%#v, %#v)", test.Prefix, test.Newbits), func(t *testing.T) {
got, err := CidrSubnets(test.Prefix, test.Newbits...)
wantErr := test.Err != ""
if wantErr {
if err == nil {
t.Fatal("succeeded; want error")
}
if err.Error() != test.Err {
t.Fatalf("wrong error\ngot: %s\nwant: %s", err.Error(), test.Err)
}
return
} else if err != nil {
t.Fatalf("unexpected error: %s", err)
}
if !got.RawEquals(test.Want) {
t.Errorf("wrong result\ngot: %#v\nwant: %#v", got, test.Want)
}
})
}
}