fix: 修复阿里云同步安全组规则异常问题

go.mod

@@ -134,7 +134,7 @@ require (
 	yunion.io/x/jsonutils v0.0.0-20200710080709-7ca71cdb9383
 	yunion.io/x/log v0.0.0-20200313080802-57a4ce5966b3
 	yunion.io/x/ovsdb v0.0.0-20200526071744-27bf0940cbc7
-	yunion.io/x/pkg v0.0.0-20200708071451-a663dc94e16b
+	yunion.io/x/pkg v0.0.0-20200713121502-18154120c49b
 	yunion.io/x/s3cli v0.0.0-20190917004522-13ac36d8687e
 	yunion.io/x/sqlchemy v0.0.0-20200702064124-195445bc4b11
 	yunion.io/x/structarg v0.0.0-20200708124353-ea9a441ecaf8

go.sum

@@ -1135,6 +1135,8 @@ yunion.io/x/pkg v0.0.0-20190620104149-945c25821dbf/go.mod h1:t6rEGG2sQ4J7DhFxSZV
 yunion.io/x/pkg v0.0.0-20190628082551-f4033ba2ea30/go.mod h1:t6rEGG2sQ4J7DhFxSZVOTjNd0YO/KlfWQyK1W4tog+E=
 yunion.io/x/pkg v0.0.0-20200708071451-a663dc94e16b h1:wwPzH8iMRYjtaSM2pBN7nOqeZxR4XW5wdz2VE1KH/Ug=
 yunion.io/x/pkg v0.0.0-20200708071451-a663dc94e16b/go.mod h1:t6rEGG2sQ4J7DhFxSZVOTjNd0YO/KlfWQyK1W4tog+E=
+yunion.io/x/pkg v0.0.0-20200713121502-18154120c49b h1:Ov/eKwwNeQje7SggkopExzcCW/GfaUouvXkcY6RUEcM=
+yunion.io/x/pkg v0.0.0-20200713121502-18154120c49b/go.mod h1:t6rEGG2sQ4J7DhFxSZVOTjNd0YO/KlfWQyK1W4tog+E=
 yunion.io/x/s3cli v0.0.0-20190917004522-13ac36d8687e h1:v+EzIadodSwkdZ/7bremd7J8J50Cise/HCylsOJngmo=
 yunion.io/x/s3cli v0.0.0-20190917004522-13ac36d8687e/go.mod h1:0iFKpOs1y4lbCxeOmq3Xx/0AcQoewVPwj62eRluioEo=
 yunion.io/x/sqlchemy v0.0.0-20200702064124-195445bc4b11 h1:srrssomGJLh4OaDaY/1so+2FUBjZxdwQx/1pZ6403YU=

pkg/multicloud/aliyun/securitygroup.go

@@ -16,7 +16,6 @@ package aliyun
 
 import (
 	"fmt"
-	"net"
 	"strings"
 	"time"
 
@@ -418,7 +417,7 @@ func (self *SPermission) toRule() (cloudprovider.SecurityRule, error) {
 		cidr = self.DestCidrIp
 	}
 
-	_, rule.IPNet, _ = net.ParseCIDR(cidr)
+	rule.ParseCIDR(cidr)
 
 	switch strings.ToLower(self.IpProtocol) {
 	case "tcp", "udp", "icmp":

pkg/multicloud/google/securitygroup.go

@@ -16,14 +16,12 @@ package google
 
 import (
 	"fmt"
-	"net"
 	"strconv"
 	"strings"
 	"time"
 
 	"yunion.io/x/jsonutils"
 	"yunion.io/x/pkg/errors"
-	"yunion.io/x/pkg/util/regutils"
 	"yunion.io/x/pkg/util/secrules"
 	"yunion.io/x/pkg/utils"
 
@@ -114,14 +112,7 @@ func (firewall *SFirewall) _toRules(action secrules.TSecurityRuleAction) ([]clou
 			ipRanges = firewall.DestinationRanges
 		}
 		for _, ipRange := range ipRanges {
-			if regutils.MatchCIDR(ipRange) {
-				_, rule.IPNet, _ = net.ParseCIDR(ipRange)
-			} else {
-				rule.IPNet = &net.IPNet{
-					IP:   net.ParseIP(ipRange),
-					Mask: net.CIDRMask(32, 32),
-				}
-			}
+			rule.ParseCIDR(ipRange)
 			ports := []int{}
 			for _, port := range allow.Ports {
 				if strings.Index(port, "-") > 0 {

pkg/multicloud/openstack/securitygroup.go

@@ -16,7 +16,6 @@ package openstack
 
 import (
 	"fmt"
-	"net"
 	"time"
 
 	"yunion.io/x/jsonutils"
@@ -176,11 +175,8 @@ func (secgrouprule *SSecurityGroupRule) toRules() ([]cloudprovider.SecurityRule,
 	if len(secgrouprule.RemoteIpPrefix) == 0 {
 		secgrouprule.RemoteIpPrefix = "0.0.0.0/0"
 	}
-	_, ipnet, err := net.ParseCIDR(secgrouprule.RemoteIpPrefix)
-	if err != nil {
-		return rules, errors.Wrapf(err, "net.ParseCIDR(%s)", secgrouprule.RemoteIpPrefix)
-	}
-	rule.IPNet = ipnet
+
+	rule.ParseCIDR(secgrouprule.RemoteIpPrefix)
 	if secgrouprule.PortRangeMax > 0 && secgrouprule.PortRangeMin > 0 {
 		if secgrouprule.PortRangeMax == secgrouprule.PortRangeMin {
 			rule.Ports = []int{secgrouprule.PortRangeMax}
@@ -189,7 +185,7 @@ func (secgrouprule *SSecurityGroupRule) toRules() ([]cloudprovider.SecurityRule,
 			rule.PortEnd = secgrouprule.PortRangeMax
 		}
 	}
-	err = rule.ValidateRule()
+	err := rule.ValidateRule()
 	if err != nil && err != secrules.ErrInvalidPriority {
 		return rules, errors.Wrap(err, "rule.ValidateRule")
 	}

pkg/multicloud/qcloud/securitygroup.go

@@ -16,7 +16,6 @@ package qcloud
 
 import (
 	"fmt"
-	"net"
 	"strconv"
 	"strings"
 	"time"
@@ -139,18 +138,6 @@ func (self *SecurityGroupPolicy) String() string {
 	return strings.Join(result, ";")
 }
 
-func parseCIDR(cidr string) (*net.IPNet, error) {
-	if strings.Index(cidr, "/") > 0 {
-		_, ipnet, err := net.ParseCIDR(cidr)
-		return ipnet, err
-	}
-	ip := net.ParseIP(cidr)
-	if ip == nil {
-		return nil, fmt.Errorf("Parse ip %s error", cidr)
-	}
-	return &net.IPNet{IP: ip, Mask: net.CIDRMask(32, 32)}, nil
-}
-
 func (self *SecurityGroupPolicy) toRules() []cloudprovider.SecurityRule {
 	result := []cloudprovider.SecurityRule{}
 	rule := cloudprovider.SecurityRule{
@@ -228,11 +215,7 @@ func (self *SecurityGroupPolicy) toRules() []cloudprovider.SecurityRule {
 		}
 		result = append(result, rules...)
 	} else if len(self.CidrBlock) > 0 {
-		ipnet, err := parseCIDR(self.CidrBlock)
-		if err != nil {
-			return nil
-		}
-		rule.IPNet = ipnet
+		rule.ParseCIDR(self.CidrBlock)
 		result = append(result, rule)
 	}
 	return result
@@ -249,11 +232,7 @@ func (self *SecurityGroupPolicy) getAddressRules(rule cloudprovider.SecurityRule
 		return nil, fmt.Errorf("failed to find address %s", addressId)
 	}
 	for _, ip := range address[0].AddressSet {
-		ipnet, err := parseCIDR(ip)
-		if err != nil {
-			return nil, nil
-		}
-		rule.IPNet = ipnet
+		rule.ParseCIDR(ip)
 		result = append(result, rule)
 	}
 	return result, nil

pkg/multicloud/ucloud/securitygroup.go

@@ -17,7 +17,6 @@ package ucloud
 import (
 	"fmt"
 	"math/rand"
-	"net"
 	"strings"
 	"time"
 
@@ -123,15 +122,10 @@ func (self *SSecurityGroup) UcloudSecRuleToOnecloud(rule Rule) (cloudprovider.Se
 		secrule.Action = secrules.SecurityRuleDeny
 	}
 
-	_, ipNet, err := net.ParseCIDR(rule.SrcIP)
-	if err != nil {
-		return secrule, errors.Wrapf(err, "net.ParseCIDR(%s)", rule.SrcIP)
-	}
-
-	secrule.IPNet = ipNet
+	secrule.ParseCIDR(rule.SrcIP)
 	secrule.Protocol = strings.ToLower(rule.ProtocolType)
 	secrule.Direction = secrules.SecurityRuleIngress
-	err = secrule.ParsePorts(rule.DstPort)
+	err := secrule.ParsePorts(rule.DstPort)
 	if err != nil {
 		return secrule, errors.Wrapf(err, "ParsePorts(%s)", rule.DstPort)
 	}

pkg/multicloud/zstack/securitygroup.go

@@ -16,7 +16,6 @@ package zstack
 
 import (
 	"fmt"
-	"net"
 	"net/url"
 	"strings"
 
@@ -116,17 +115,17 @@ func (rule *SSecurityGroupRule) toRule() (cloudprovider.SecurityRule, error) {
 			PortEnd:   rule.EndPort,
 		},
 	}
-	_, ipNet, err := net.ParseCIDR(rule.AllowedCIDR)
-	if err != nil {
-		return r, err
-	}
-	r.IPNet = ipNet
+	r.ParseCIDR(rule.AllowedCIDR)
 	if rule.Type == "Egress" {
 		r.Direction = secrules.DIR_OUT
 	}
 	if rule.Protocol != "ALL" {
 		r.Protocol = strings.ToLower(rule.Protocol)
 	}
+	err := r.ValidateRule()
+	if err != nil {
+		return r, errors.Wrap(err, "invalid rule")
+	}
 	return r, nil
 }
 

vendor/modules.txt

@@ -1016,7 +1016,7 @@ yunion.io/x/log/hooks
 yunion.io/x/ovsdb/cli_util
 yunion.io/x/ovsdb/schema/ovn_nb
 yunion.io/x/ovsdb/types
-# yunion.io/x/pkg v0.0.0-20200708071451-a663dc94e16b
+# yunion.io/x/pkg v0.0.0-20200713121502-18154120c49b
 yunion.io/x/pkg/errors
 yunion.io/x/pkg/gotypes
 yunion.io/x/pkg/prettytable