diff --git a/README.md b/README.md index 24a41390..2d62fd8e 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ brew install vitobotta/tap/hetzner_k3s #### Binary installation (Intel) ```bash -wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.8/hetzner-k3s-mac-amd64 +wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.9/hetzner-k3s-mac-amd64 chmod +x hetzner-k3s-mac-x64 sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s ``` @@ -72,7 +72,7 @@ sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s #### Binary installation (Apple Silicon/M1) ```bash -wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.8/hetzner-k3s-mac-arm64 +wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.9/hetzner-k3s-mac-arm64 chmod +x hetzner-k3s-mac-arm sudo mv hetzner-k3s-mac-arm /usr/local/bin/hetzner-k3s ``` @@ -80,7 +80,7 @@ sudo mv hetzner-k3s-mac-arm /usr/local/bin/hetzner-k3s ### Linux ```bash -wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.8/hetzner-k3s-linux-x86_64 +wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.9/hetzner-k3s-linux-x86_64 chmod +x hetzner-k3s-linux-x86_64 sudo mv hetzner-k3s-linux-x86_64 /usr/local/bin/hetzner-k3s ``` diff --git a/src/configuration/loader.cr b/src/configuration/loader.cr index 76037e50..5659c67b 100644 --- a/src/configuration/loader.cr +++ b/src/configuration/loader.cr @@ -98,8 +98,8 @@ class Configuration::Loader Settings::PublicSSHKeyPath.new(errors, public_ssh_key_path).validate Settings::PrivateSSHKeyPath.new(errors, private_ssh_key_path).validate Settings::ExistingNetworkName.new(errors, hetzner_client, settings.existing_network).validate - Settings::Networks.new(errors, settings.ssh_allowed_networks).validate("SSH") - Settings::Networks.new(errors, settings.api_allowed_networks).validate("API") + Settings::Networks.new(errors, settings.ssh_allowed_networks, "SSH").validate + Settings::Networks.new(errors, settings.api_allowed_networks, "API").validate validate_masters_pool validate_worker_node_pools when :delete diff --git a/src/configuration/settings/networks.cr b/src/configuration/settings/networks.cr index 2b1fa7fa..283cf5e2 100644 --- a/src/configuration/settings/networks.cr +++ b/src/configuration/settings/networks.cr @@ -1,25 +1,67 @@ -require "../../network" +require "ipaddress" +require "crest" class Configuration::Settings::Networks getter errors : Array(String) getter networks : Array(String) + getter network_type : String - def initialize(@errors, @networks) + def initialize(@errors, @networks, @network_type) end - def validate(network_type : String) + def validate if networks if networks.empty? errors << "#{network_type} allowed networks are required" else - networks.each do |network| - Network.new(network, network_type).validate.each do |error| - errors << error - end - end + validate_networks + validate_current_ip_must_be_included_in_at_least_one_network end else errors << "#{network_type} allowed networks are required" end end + + private def validate_networks + networks.each do |cidr| + begin + IPAddress.new(cidr).network? + rescue ArgumentError + errors << "#{network_type} allowed network #{cidr} is not a valid network in CIDR notation" + end + end + end + + private def validate_current_ip_must_be_included_in_at_least_one_network + current_ip = IPAddress.new("127.0.0.1") + + begin + current_ip = IPAddress.new(Crest.get("http://whatismyip.akamai.com").body) + rescue ex : Crest::RequestFailed + errors << "Unable to determine your current IP (necessary to validate allowed networks for SSH and API)" + return + end + + included = false + + networks.each do |cidr| + begin + network = IPAddress.new(cidr).network + + if network.includes? current_ip + included = true + end + rescue ex: ArgumentError + if ex.message =~ /Invalid netmask/ + errors << "#{network_type} allowed network #{cidr} has an invalid netmark" + else + errors << "#{network_type} allowed network #{cidr} is not a valid network in CIDR notation" + end + end + end + + unless included + errors << "Your current IP #{current_ip} must belong to at least one of the #{network_type} allowed networks" + end + end end diff --git a/src/hetzner-k3s.cr b/src/hetzner-k3s.cr index 86ccd27c..363878c2 100644 --- a/src/hetzner-k3s.cr +++ b/src/hetzner-k3s.cr @@ -8,7 +8,7 @@ require "./cluster/upgrade" module Hetzner::K3s class CLI < Admiral::Command - VERSION = "0.6.8" + VERSION = "0.6.9" class Create < Admiral::Command define_help description: "create - Create a cluster" diff --git a/src/network.cr b/src/network.cr deleted file mode 100644 index 9a0f83b7..00000000 --- a/src/network.cr +++ /dev/null @@ -1,50 +0,0 @@ -require "ipaddress" -require "crest" - -class Network - getter cidr : String - getter errors : Array(String) - getter network_type : String - - def initialize(cidr : String, network_type : String) - @cidr = cidr - @network_type = network_type - @errors = [] of String - end - - def validate - begin - IPAddress.new(cidr).network? - rescue ArgumentError - errors << "#{network_type} allowed network #{cidr} is not a valid network in CIDR notation" - return errors - end - - current_ip = IPAddress.new("127.0.0.1") - - begin - current_ip = IPAddress.new(Crest.get("http://whatismyip.akamai.com").body) - rescue ex : Crest::RequestFailed - errors << "Unable to verify if your current IP belongs to the #{network_type} allowed network #{cidr}" - return errors - end - - begin - network = IPAddress.new(cidr).network - - unless network.includes? current_ip - errors << "Your current IP #{current_ip} does not belong to the #{network_type} allowed network #{cidr}" - return errors - end - rescue ex: ArgumentError - if ex.message =~ /Invalid netmask/ - errors << "#{network_type} allowed network #{cidr} has an invalid netmark" - else - errors << "#{network_type} allowed network #{cidr} is not a valid network in CIDR notation" - end - return errors - end - - errors - end -end