diff --git a/pkg/endpoints/discovery/addresses_test.go b/pkg/endpoints/discovery/addresses_test.go index 4c811ffac..79540795e 100644 --- a/pkg/endpoints/discovery/addresses_test.go +++ b/pkg/endpoints/discovery/addresses_test.go @@ -17,13 +17,13 @@ limitations under the License. package discovery import ( - "net" "net/http" "reflect" "testing" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilnet "k8s.io/apimachinery/pkg/util/net" + netutils "k8s.io/utils/net" ) func TestGetServerAddressByClientCIDRs(t *testing.T) { @@ -103,7 +103,7 @@ func TestGetServerAddressByClientCIDRs(t *testing.T) { }, } - _, ipRange, _ := net.ParseCIDR("10.0.0.0/24") + _, ipRange, _ := netutils.ParseCIDRSloppy("10.0.0.0/24") discoveryAddresses := DefaultAddresses{DefaultAddress: "ExternalAddress"} discoveryAddresses.CIDRRules = append(discoveryAddresses.CIDRRules, CIDRRule{IPRange: *ipRange, Address: "serviceIP"}) diff --git a/pkg/server/config_selfclient_test.go b/pkg/server/config_selfclient_test.go index 4d811c641..5e646d735 100644 --- a/pkg/server/config_selfclient_test.go +++ b/pkg/server/config_selfclient_test.go @@ -47,7 +47,7 @@ func TestLoopbackHostPortIPv4(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - if ip := net.ParseIP(host); ip == nil || !ip.IsLoopback() { + if ip := netutils.ParseIPSloppy(host); ip == nil || !ip.IsLoopback() { t.Fatalf("expected host to be loopback, got %q", host) } if port != "443" { @@ -78,7 +78,7 @@ func TestLoopbackHostPortIPv6(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - if ip := net.ParseIP(host); ip == nil || !ip.IsLoopback() || ip.To4() != nil { + if ip := netutils.ParseIPSloppy(host); ip == nil || !ip.IsLoopback() || ip.To4() != nil { t.Fatalf("expected IPv6 host to be loopback, got %q", host) } if port != "443" { diff --git a/pkg/server/config_test.go b/pkg/server/config_test.go index 6982f95ce..283b915fe 100644 --- a/pkg/server/config_test.go +++ b/pkg/server/config_test.go @@ -19,7 +19,6 @@ package server import ( "fmt" "io/ioutil" - "net" "net/http" "net/http/httptest" "net/http/httputil" @@ -43,6 +42,7 @@ import ( "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/rest" + netutils "k8s.io/utils/net" ) func TestAuthorizeClientBearerTokenNoops(t *testing.T) { @@ -81,7 +81,7 @@ func TestAuthorizeClientBearerTokenNoops(t *testing.T) { func TestNewWithDelegate(t *testing.T) { delegateConfig := NewConfig(codecs) delegateConfig.ExternalAddress = "192.168.10.4:443" - delegateConfig.PublicAddress = net.ParseIP("192.168.10.4") + delegateConfig.PublicAddress = netutils.ParseIPSloppy("192.168.10.4") delegateConfig.LegacyAPIGroupPrefixes = sets.NewString("/api") delegateConfig.LoopbackClientConfig = &rest.Config{} clientset := fake.NewSimpleClientset() @@ -113,7 +113,7 @@ func TestNewWithDelegate(t *testing.T) { wrappingConfig := NewConfig(codecs) wrappingConfig.ExternalAddress = "192.168.10.4:443" - wrappingConfig.PublicAddress = net.ParseIP("192.168.10.4") + wrappingConfig.PublicAddress = netutils.ParseIPSloppy("192.168.10.4") wrappingConfig.LegacyAPIGroupPrefixes = sets.NewString("/api") wrappingConfig.LoopbackClientConfig = &rest.Config{} diff --git a/pkg/server/dynamiccertificates/named_certificates.go b/pkg/server/dynamiccertificates/named_certificates.go index ee0aa8de0..e8be133c0 100644 --- a/pkg/server/dynamiccertificates/named_certificates.go +++ b/pkg/server/dynamiccertificates/named_certificates.go @@ -20,12 +20,12 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "net" "strings" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/validation" "k8s.io/klog/v2" + netutils "k8s.io/utils/net" ) // BuildNamedCertificates returns a map of *tls.Certificate by name. It's @@ -77,7 +77,7 @@ func getCertificateNames(cert *x509.Certificate) []string { var names []string cn := cert.Subject.CommonName - cnIsIP := net.ParseIP(cn) != nil + cnIsIP := netutils.ParseIPSloppy(cn) != nil cnIsValidDomain := cn == "*" || len(validation.IsDNS1123Subdomain(strings.TrimPrefix(cn, "*."))) == 0 // don't use the CN if it is a valid IP because our IP serving detection may unexpectedly use it to terminate the connection. if !cnIsIP && cnIsValidDomain { diff --git a/pkg/server/dynamiccertificates/named_certificates_test.go b/pkg/server/dynamiccertificates/named_certificates_test.go index 568487233..e24083060 100644 --- a/pkg/server/dynamiccertificates/named_certificates_test.go +++ b/pkg/server/dynamiccertificates/named_certificates_test.go @@ -31,6 +31,8 @@ import ( "testing" "time" + netutils "k8s.io/utils/net" + "github.com/stretchr/testify/assert" ) @@ -246,7 +248,7 @@ NextTest: func parseIPList(ips []string) []net.IP { var netIPs []net.IP for _, ip := range ips { - netIPs = append(netIPs, net.ParseIP(ip)) + netIPs = append(netIPs, netutils.ParseIPSloppy(ip)) } return netIPs } @@ -302,7 +304,7 @@ func generateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS IsCA: true, } - if ip := net.ParseIP(host); ip != nil { + if ip := netutils.ParseIPSloppy(host); ip != nil { template.IPAddresses = append(template.IPAddresses, ip) } else { template.DNSNames = append(template.DNSNames, host) diff --git a/pkg/server/genericapiserver_test.go b/pkg/server/genericapiserver_test.go index 7a8f2a7f9..17f8d8104 100644 --- a/pkg/server/genericapiserver_test.go +++ b/pkg/server/genericapiserver_test.go @@ -54,6 +54,7 @@ import ( restclient "k8s.io/client-go/rest" kubeopenapi "k8s.io/kube-openapi/pkg/common" "k8s.io/kube-openapi/pkg/validation/spec" + netutils "k8s.io/utils/net" ) const ( @@ -127,7 +128,7 @@ func testGetOpenAPIDefinitions(_ kubeopenapi.ReferenceCallback) map[string]kubeo func setUp(t *testing.T) (Config, *assert.Assertions) { config := NewConfig(codecs) config.ExternalAddress = "192.168.10.4:443" - config.PublicAddress = net.ParseIP("192.168.10.4") + config.PublicAddress = netutils.ParseIPSloppy("192.168.10.4") config.LegacyAPIGroupPrefixes = sets.NewString("/api") config.LoopbackClientConfig = &restclient.Config{} diff --git a/pkg/server/options/server_run_options_test.go b/pkg/server/options/server_run_options_test.go index 871af5f90..b5d0ecd8e 100644 --- a/pkg/server/options/server_run_options_test.go +++ b/pkg/server/options/server_run_options_test.go @@ -17,12 +17,12 @@ limitations under the License. package options import ( - "net" "strings" "testing" "time" utilerrors "k8s.io/apimachinery/pkg/util/errors" + netutils "k8s.io/utils/net" ) func TestServerRunOptionsValidate(t *testing.T) { @@ -34,7 +34,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when MaxRequestsInFlight is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: -400, MaxMutatingRequestsInFlight: 200, @@ -48,7 +48,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when MaxMutatingRequestsInFlight is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: 400, MaxMutatingRequestsInFlight: -200, @@ -62,7 +62,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when RequestTimeout is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: 400, MaxMutatingRequestsInFlight: 200, @@ -76,7 +76,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when MinRequestTimeout is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: 400, MaxMutatingRequestsInFlight: 200, @@ -90,7 +90,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when JSONPatchMaxCopyBytes is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: 400, MaxMutatingRequestsInFlight: 200, @@ -104,7 +104,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when MaxRequestBodyBytes is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: 400, MaxMutatingRequestsInFlight: 200, @@ -118,7 +118,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when LivezGracePeriod is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: 400, MaxMutatingRequestsInFlight: 200, @@ -133,7 +133,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when MinimalShutdownDuration is negative value", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, MaxRequestsInFlight: 400, MaxMutatingRequestsInFlight: 200, @@ -148,7 +148,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when HSTSHeaders is valid", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, HSTSDirectives: []string{"fakevalue", "includeSubDomains", "preload"}, MaxRequestsInFlight: 400, @@ -163,7 +163,7 @@ func TestServerRunOptionsValidate(t *testing.T) { { name: "Test when ServerRunOptions is valid", testOptions: &ServerRunOptions{ - AdvertiseAddress: net.ParseIP("192.168.10.10"), + AdvertiseAddress: netutils.ParseIPSloppy("192.168.10.10"), CorsAllowedOriginList: []string{"10.10.10.100", "10.10.10.200"}, HSTSDirectives: []string{"max-age=31536000", "includeSubDomains", "preload"}, MaxRequestsInFlight: 400, diff --git a/pkg/server/options/serving.go b/pkg/server/options/serving.go index f435ba5b8..c64798b4f 100644 --- a/pkg/server/options/serving.go +++ b/pkg/server/options/serving.go @@ -27,6 +27,7 @@ import ( "github.com/spf13/pflag" "k8s.io/klog/v2" + netutils "k8s.io/utils/net" utilnet "k8s.io/apimachinery/pkg/util/net" "k8s.io/apiserver/pkg/server" @@ -108,7 +109,7 @@ type GeneratableKeyCert struct { func NewSecureServingOptions() *SecureServingOptions { return &SecureServingOptions{ - BindAddress: net.ParseIP("0.0.0.0"), + BindAddress: netutils.ParseIPSloppy("0.0.0.0"), BindPort: 443, ServerCert: GeneratableKeyCert{ PairName: "apiserver", diff --git a/pkg/server/options/serving_test.go b/pkg/server/options/serving_test.go index 2e811653d..f1ca80cb2 100644 --- a/pkg/server/options/serving_test.go +++ b/pkg/server/options/serving_test.go @@ -44,6 +44,7 @@ import ( "k8s.io/client-go/discovery" restclient "k8s.io/client-go/rest" cliflag "k8s.io/component-base/cli/flag" + netutils "k8s.io/utils/net" ) func setUp(t *testing.T) server.Config { @@ -277,7 +278,7 @@ func TestServerRunWithSNI(t *testing.T) { config.EnableIndex = true secureOptions := (&SecureServingOptions{ - BindAddress: net.ParseIP("127.0.0.1"), + BindAddress: netutils.ParseIPSloppy("127.0.0.1"), BindPort: 6443, ServerCert: GeneratableKeyCert{ CertKey: CertKey{ @@ -381,7 +382,7 @@ func TestServerRunWithSNI(t *testing.T) { func parseIPList(ips []string) []net.IP { var netIPs []net.IP for _, ip := range ips { - netIPs = append(netIPs, net.ParseIP(ip)) + netIPs = append(netIPs, netutils.ParseIPSloppy(ip)) } return netIPs } @@ -488,7 +489,7 @@ func generateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS IsCA: true, } - if ip := net.ParseIP(host); ip != nil { + if ip := netutils.ParseIPSloppy(host); ip != nil { template.IPAddresses = append(template.IPAddresses, ip) } else { template.DNSNames = append(template.DNSNames, host) diff --git a/pkg/server/options/serving_with_loopback_test.go b/pkg/server/options/serving_with_loopback_test.go index f87b2fafe..c4b0c57b5 100644 --- a/pkg/server/options/serving_with_loopback_test.go +++ b/pkg/server/options/serving_with_loopback_test.go @@ -22,6 +22,7 @@ import ( "k8s.io/apiserver/pkg/server" "k8s.io/client-go/rest" + netutils "k8s.io/utils/net" ) func TestEmptyMainCert(t *testing.T) { @@ -29,7 +30,7 @@ func TestEmptyMainCert(t *testing.T) { var loopbackClientConfig *rest.Config s := (&SecureServingOptions{ - BindAddress: net.ParseIP("127.0.0.1"), + BindAddress: netutils.ParseIPSloppy("127.0.0.1"), }).WithLoopback() ln, err := net.Listen("tcp", "127.0.0.1:0") if err != nil {