Skip to content

Commit 4c55f23

Browse files
samanthajayasinghesamanthajayasinghe
authored
SREP-1739 fix : Add 182 prefix proxy IP to allowlist (#858)
1 parent 2cd31f2 commit 4c55f23

File tree

2 files changed

+40
-0
lines changed

2 files changed

+40
-0
lines changed

cmd/ocm-backplane/cloud/common.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -518,6 +518,7 @@ func getTrustedIPList(connection *ocmsdk.Connection) (awsutil.IPAddress, error)
518518

519519
// Proxy IPs
520520
if strings.HasPrefix(ip.ID(), "209.") ||
521+
strings.HasPrefix(ip.ID(), "182.") ||
521522
strings.HasPrefix(ip.ID(), "66.") ||
522523
strings.HasPrefix(ip.ID(), "91.") {
523524
sourceIPList = append(sourceIPList, fmt.Sprintf("%s/32", ip.ID()))

cmd/ocm-backplane/cloud/common_test.go

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -494,6 +494,45 @@ var _ = Describe("getIsolatedCredentials", func() {
494494
Expect(policy).NotTo(ContainSubstring("200.20.20.20"))
495495
Expect(err).To(BeNil())
496496
})
497+
498+
It("should include 182.x proxy IPs in the inline policy", func() {
499+
ip1 := cmv1.NewTrustedIp().ID("182.50.100.200").Enabled(true)
500+
ip2 := cmv1.NewTrustedIp().ID("182.100.50.25").Enabled(true)
501+
ip3 := cmv1.NewTrustedIp().ID("200.20.20.20").Enabled(true) // Non-proxy IP
502+
expectedIPList, err := cmv1.NewTrustedIpList().Items(ip1, ip2, ip3).Build()
503+
Expect(err).To(BeNil())
504+
mockOcmInterface.EXPECT().GetTrustedIPList(gomock.Any()).Return(expectedIPList, nil)
505+
IPList, _ := getTrustedIPList(testQueryConfig.OcmConnection)
506+
policy, _ := getTrustedIPInlinePolicy(IPList)
507+
// Check 182.x proxy IPs are included
508+
Expect(policy).To(ContainSubstring("182.50.100.200"))
509+
Expect(policy).To(ContainSubstring("182.100.50.25"))
510+
// Check non-proxy IP is not included
511+
Expect(policy).NotTo(ContainSubstring("200.20.20.20"))
512+
Expect(err).To(BeNil())
513+
})
514+
515+
It("should include all proxy IP prefixes in the inline policy", func() {
516+
// Test all proxy IP prefixes: 209., 182., 66., 91.
517+
ip1 := cmv1.NewTrustedIp().ID("209.10.10.10").Enabled(true)
518+
ip2 := cmv1.NewTrustedIp().ID("182.50.100.200").Enabled(true)
519+
ip3 := cmv1.NewTrustedIp().ID("66.20.30.40").Enabled(true)
520+
ip4 := cmv1.NewTrustedIp().ID("91.100.200.50").Enabled(true)
521+
ip5 := cmv1.NewTrustedIp().ID("192.168.1.1").Enabled(true) // Non-proxy IP
522+
expectedIPList, err := cmv1.NewTrustedIpList().Items(ip1, ip2, ip3, ip4, ip5).Build()
523+
Expect(err).To(BeNil())
524+
mockOcmInterface.EXPECT().GetTrustedIPList(gomock.Any()).Return(expectedIPList, nil)
525+
IPList, _ := getTrustedIPList(testQueryConfig.OcmConnection)
526+
policy, _ := getTrustedIPInlinePolicy(IPList)
527+
// Verify all proxy IPs are included
528+
Expect(policy).To(ContainSubstring("209.10.10.10"))
529+
Expect(policy).To(ContainSubstring("182.50.100.200"))
530+
Expect(policy).To(ContainSubstring("66.20.30.40"))
531+
Expect(policy).To(ContainSubstring("91.100.200.50"))
532+
// Verify non-proxy IP is not included
533+
Expect(policy).NotTo(ContainSubstring("192.168.1.1"))
534+
Expect(err).To(BeNil())
535+
})
497536
})
498537

499538
Context("Execute verifyTrustedIPAndGetPolicy", func() {

0 commit comments

Comments
 (0)