@@ -29,20 +29,12 @@ def validate(record)
2929
3030 add_rule_error ( "protocol must be 'tcp', 'udp', 'icmp', 'icmpv6' or 'all'" , record , index ) unless valid_protocol ( rule [ :protocol ] )
3131
32- if rule [ :protocol ] == 'icmp'
33- allowed_ip_version = NetAddr ::IPv4Net
34- elsif rule [ :protocol ] == 'icmpv6'
35- allowed_ip_version = NetAddr ::IPv6Net
36- else
37- allowed_ip_version = nil
38- end
39-
4032 if valid_destination_type ( rule [ :destination ] , record , index )
4133 destinations = rule [ :destination ] . split ( ',' , -1 )
4234 add_rule_error ( "maximum destinations per rule exceeded - must be under #{ MAX_DESTINATIONS_PER_RULE } , record , index ) unless destinations . length <= MAX_DESTINATIONS_PER_RULE
4335
4436 destinations . each do |d |
45- validate_destination ( d , rule [ :protocol ] , allowed_ip_version , record , index )
37+ validate_destination ( d , rule [ :protocol ] , get_allowed_ip_version ( rule ) , record , index )
4638 end
4739 end
4840
@@ -55,14 +47,22 @@ def validate(record)
5547 when 'icmp'
5648 validate_icmp_protocol ( rule , record , index )
5749 when 'icmpv6'
58- add_rule_error ( " icmpv6 cannot be used if enable_ipv6 is false" , record , index ) unless CloudController ::RuleValidator . ipv6_enabled?
50+ add_rule_error ( ' icmpv6 cannot be used if enable_ipv6 is false' , record , index ) unless CloudController ::RuleValidator . ipv6_enabled?
5951 validate_icmp_protocol ( rule , record , index )
6052 when 'all'
6153 add_rule_error ( 'ports are not allowed for protocols of type all' , record , index ) if rule [ :ports ]
6254 end
6355 end
6456 end
6557
58+ def get_allowed_ip_version ( rule )
59+ if rule [ :protocol ] == 'icmp'
60+ NetAddr ::IPv4Net
61+ elsif rule [ :protocol ] == 'icmpv6'
62+ NetAddr ::IPv6Net
63+ end
64+ end
65+
6666 def boolean? ( value )
6767 [ true , false ] . include? value
6868 end
@@ -152,7 +152,8 @@ def validate_destination(destination, protocol, allowed_ip_version, record, inde
152152 if address_list . length == 1
153153 parsed_ip = CloudController ::RuleValidator . parse_ip ( address_list . first )
154154 add_rule_error ( error_message , record , index ) unless parsed_ip
155- add_rule_error ( "for protocol \" #{ protocol } \" you cannot use IPv#{ parsed_ip . version } , record , index ) unless parsed_ip . nil? || allowed_ip_version . nil? || parsed_ip . is_a? ( allowed_ip_version )
155+ add_rule_error ( "for protocol \" #{ protocol } \" you cannot use IPv#{ parsed_ip . version } , record , index ) \
156+ unless parsed_ip . nil? || allowed_ip_version . nil? || parsed_ip . is_a? ( allowed_ip_version )
156157 elsif address_list . length == 2
157158 ips = CloudController ::RuleValidator . parse_ip ( address_list )
158159 return add_rule_error ( 'destination IP address range is invalid' , record , index ) unless ips
@@ -165,7 +166,8 @@ def validate_destination(destination, protocol, allowed_ip_version, record, inde
165166
166167 reversed_range_error = 'beginning of IP address range is numerically greater than the end of its range (range endpoints are inverted)'
167168 add_rule_error ( reversed_range_error , record , index ) unless ips . first == sorted_ips . first
168- add_rule_error ( "for protocol \" #{ protocol } \" you cannot use IPv#{ ips . first . version } , record , index ) unless ips . first . nil? || allowed_ip_version . nil? || ips . first . is_a? ( allowed_ip_version )
169+ add_rule_error ( "for protocol \" #{ protocol } \" you cannot use IPv#{ ips . first . version } , record , index ) \
170+ unless ips . first . nil? || allowed_ip_version . nil? || ips . first . is_a? ( allowed_ip_version )
169171
170172 else
171173 add_rule_error ( error_message , record , index )
@@ -175,4 +177,7 @@ def validate_destination(destination, protocol, allowed_ip_version, record, inde
175177 def add_rule_error ( message , record , index )
176178 record . errors . add ( "Rules[#{ index } , message )
177179 end
180+
181+ private
182+
178183end
0 commit comments