resolve system-acls IPs (2600hz#6480)

* resolve system-acls IPs allow the cidr to be a dns name instead of IPs * add is_cidr/2 to network utils * simplify cidr list handling * address pr review
copelandd · Apr 22, 2020 · 587686f · 587686f
1 parent c7cad53
commit 587686f
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 3 deletions.
diff --git a/applications/ecallmgr/src/ecallmgr_fs_acls.erl b/applications/ecallmgr/src/ecallmgr_fs_acls.erl
@@ -145,9 +145,39 @@ system_config_acls(Node) ->
         {'error', Error} ->
             lager:warning("error getting system acls : ~p", [Error]),
             kz_json:new();
-        JObj -> JObj
+        JObj -> resolve_system_config_acls(JObj)
     end.
 
+resolve_system_config_acls(JObj) ->
+    kz_json:map(fun resolve_system_config_acls/2, JObj).
+
+resolve_system_config_acls(K, JObj) ->
+    CIDR = kz_json:get_value(<<"cidr">>, JObj),
+    {K, kz_json:set_value(<<"cidr">>, maybe_resolve_cidr(CIDR), JObj)}.
+
+maybe_resolve_cidr(CIDRS)
+  when is_list(CIDRS) ->
+    [maybe_resolve_cidr(CIDR) || CIDR <- CIDRS];
+maybe_resolve_cidr(CIDR)
+  when is_binary(CIDR) ->
+    case is_cidr(CIDR) of
+        'true' -> CIDR;
+        'false' -> resolve_cidr(CIDR)
+    end.
+
+resolve_cidr(CIDR) ->
+    case kz_network_utils:is_ipv4(CIDR) of
+        true ->
+            kz_network_utils:to_cidr(CIDR);
+        false ->
+            IPs = kz_network_utils:resolve(CIDR),
+            [kz_network_utils:to_cidr(IP) || IP <- IPs]
+    end.
+
+-spec is_cidr(kz_term:text()) -> boolean().
+is_cidr(Address) ->
+    kz_network_utils:is_cidr(Address, true).
+
 -spec authoritative_acls(atom() | kz_term:ne_binary()) -> acls().
 authoritative_acls(Node) ->
     case kapps_config:fetch_current(?APP_NAME, <<"acls">>, kz_json:new(), Node) of

diff --git a/core/kazoo_stdlib/src/kz_network_utils.erl b/core/kazoo_stdlib/src/kz_network_utils.erl
@@ -20,7 +20,7 @@
         ,is_ipv6/1
         ,is_ip/1
         ,is_protocol_family_supported/1
-        ,is_cidr/1
+        ,is_cidr/1, is_cidr/2
         ]).
 -export([to_cidr/1
         ,to_cidr/2
@@ -122,7 +122,11 @@ is_ip(Address) ->
 
 -spec is_cidr(kz_term:text()) -> boolean().
 is_cidr(Address) ->
-    try inet_cidr:parse(Address) of
+    is_cidr(Address, false).
+
+-spec is_cidr(kz_term:text(), boolean()) -> boolean().
+is_cidr(Address, Adjust) ->
+    try inet_cidr:parse(Address, Adjust) of
         {_Start, _End, _Len} -> 'true'
     catch
         'error':{'badmatch', _} -> 'false';