feat: add methods to manage CIDR list, check for non-local IPv6

These functions were extracted from various places in bootkube-plugin. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
siderolabs · Jan 21, 2021 · 005a94f · 005a94f
1 parent 8b56890
commit 005a94f
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 10 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -1,7 +1,7 @@
 ---
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2020-09-16T20:23:27Z by kres 7e146df-dirty.
+# Generated on 2021-01-20T20:56:40Z by kres latest.
 
 kind: pipeline
 type: kubernetes
@@ -132,7 +132,6 @@ services:
   - --dns=8.8.4.4
   - --mtu=1500
   - --log-level=error
-  - --insecure-registry=http://registry.ci.svc:5000
   privileged: true
   volumes:
   - name: outer-docker-socket

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2020-08-13T21:29:34Z by kres 3d35a96-dirty.
+# Generated on 2021-01-20T20:56:40Z by kres latest.
 
 
 # options for analysis running
@@ -125,6 +125,9 @@ linters:
     - gomnd
     - goerr113
     - nestif
+    - wrapcheck
+    - paralleltest
+    - exhaustivestruct
   disable-all: false
   fast: false
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
-# syntax = docker/dockerfile-upstream:1.1.7-experimental
+# syntax = docker/dockerfile-upstream:1.2.0-labs
 
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2020-09-16T20:23:27Z by kres 7e146df-dirty.
+# Generated on 2021-01-20T20:56:40Z by kres latest.
 
 ARG TOOLCHAIN
 
@@ -24,7 +24,7 @@ FROM toolchain AS tools
 ENV GO111MODULE on
 ENV CGO_ENABLED 0
 ENV GOPATH /go
-RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b /bin v1.30.0
+RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b /bin v1.33.0
 ARG GOFUMPT_VERSION
 RUN cd $(mktemp -d) \
 	&& go mod init tmp \

diff --git a/Makefile b/Makefile
@@ -1,20 +1,20 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2020-09-16T20:23:27Z by kres 7e146df-dirty.
+# Generated on 2021-01-20T20:56:40Z by kres latest.
 
 # common variables
 
 SHA := $(shell git describe --match=none --always --abbrev=8 --dirty)
 TAG := $(shell git describe --tag --always --dirty)
 BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
 ARTIFACTS := _out
-REGISTRY ?= docker.io
-USERNAME ?= autonomy
+REGISTRY ?= ghcr.io
+USERNAME ?= talos-systems
 REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME)
 GOFUMPT_VERSION ?= abc0db2c416aca0f60ea33c23c76665f6e7ba0b6
 GO_VERSION ?= 1.14
 TESTPKGS ?= ./...
-KRES_IMAGE ?= autonomy/kres:latest
+KRES_IMAGE ?= ghcr.io/talos-systems/kres:latest
 
 # docker build settings
 

diff --git a/net.go b/net.go
@@ -110,6 +110,34 @@ func NthIPInNetwork(network *net.IPNet, n int) (net.IP, error) {
 	return nil, errors.New("network does not contain enough IPs")
 }
 
+// SplitCIDRs parses list of CIDRs in a string separated by commas.
+func SplitCIDRs(cidrList string) (out []*net.IPNet, err error) {
+	for _, podCIDR := range strings.Split(cidrList, ",") {
+		_, cidr, err := net.ParseCIDR(podCIDR)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse %q as a CIDR: %w", podCIDR, err)
+		}
+
+		out = append(out, cidr)
+	}
+
+	return out, nil
+}
+
+// NthIPInCIDRSet returns nth IP for each CIDR in the list.
+func NthIPInCIDRSet(cidrList []*net.IPNet, offset int) (out []net.IP, err error) {
+	for _, cidr := range cidrList {
+		ip, err := NthIPInNetwork(cidr, offset)
+		if err != nil {
+			return nil, fmt.Errorf("failed to calculate offset %d from CIDR %s: %w", offset, cidr, err)
+		}
+
+		out = append(out, ip)
+	}
+
+	return out, nil
+}
+
 // DNSNames returns a default set of machine names. It includes the hostname,
 // and FQDN if the kernel domain name is set. If the kernel domain name is not
 // set, only the hostname is included in the set.
@@ -176,6 +204,19 @@ func IsIPv6(addrs ...net.IP) bool {
 	return false
 }
 
+// IsNonLocalIPv6 indicates whether provided address is non-local IPv6 address.
+func IsNonLocalIPv6(in net.IP) bool {
+	if in == nil || in.IsLoopback() || in.IsUnspecified() {
+		return false
+	}
+
+	if in.To4() == nil && in.To16() != nil {
+		return true
+	}
+
+	return false
+}
+
 // ValidateEndpointURI checks that an endpoint is valid.
 // This is a more strict check that merely `url.Parse`, in that it requires such things as properly-ranged numeric ports and bracket-enclosed IPv6 addresses.
 func ValidateEndpointURI(ep string) error {