Merge pull request #23 from nspcc-dev/ferm-fix

use ansible.utils.network_in_usable for ip check
nspcc-dev · Sep 25, 2024 · 7f284fa · 7f284fa
2 parents 2afbc57 + 27b3a7d
commit 7f284fa
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -180,7 +180,7 @@ neogo__ferm__dependent_rules:
     saddr: '{{ neogo__rpc_allow + neogo__rpc_group_allow + neogo__rpc_host_allow }}'
     protocol: 'tcp'
     role: 'neogo-legacy'
-    rule_state: "{{ 'present' if neogo__rpc_enabled and neogo__rpc_address not in ['localhost', '127.0.0.1', '::1'] else 'absent' }}"
+    rule_state: "{{ 'present' if neogo__rpc_enabled and not ( neogo__rpc_address == 'localhost' or '127.0.0.0/8'|ansible.utils.network_in_usable( neogo__rpc_address ) or '::1/128'|ansible.utils.network_in_usable( neogo__rpc_address ) ) else 'absent' }}"
 
   - type: 'accept'
     name: 'neogo{{ neogo__instance }}_tls'
@@ -189,7 +189,7 @@ neogo__ferm__dependent_rules:
     saddr: '{{ neogo__rpc_allow + neogo__rpc_group_allow + neogo__rpc_host_allow }}'
     protocol: 'tcp'
     role: 'neogo-legacy'
-    rule_state: "{{ 'present' if neogo__tls_enabled and neogo__tls_address not in ['localhost', '127.0.0.1', '::1'] else 'absent' }}"
+    rule_state: "{{ 'present' if neogo__tls_enabled and not ( neogo__tls_address == 'localhost' or '127.0.0.0/8'|ansible.utils.network_in_usable( neogo__tls_address ) or '::1/128'|ansible.utils.network_in_usable( neogo__tls_address ) ) else 'absent' }}"
 
   - type: 'accept'
     name: 'neogo{{ neogo__instance }}_metrics'
@@ -198,7 +198,7 @@ neogo__ferm__dependent_rules:
     saddr: '{{ neogo__metrics_allow + neogo__metrics_group_allow + neogo__metrics_host_allow }}'
     protocol: 'tcp'
     role: 'neogo-legacy'
-    rule_state: "{{ 'present' if neogo__metrics_enabled and neogo__metrics_address not in ['localhost', '127.0.0.1', '::1'] else 'absent' }}"
+    rule_state: "{{ 'present' if neogo__metrics_enabled and not ( neogo__metrics_address == 'localhost' or '127.0.0.0/8'|ansible.utils.network_in_usable( neogo__metrics_address ) or '::1/128'|ansible.utils.network_in_usable( neogo__metrics_address ) ) else 'absent' }}"
 
   - type: 'accept'
     name: 'neogo{{ neogo__instance }}_pprof'
@@ -207,4 +207,4 @@ neogo__ferm__dependent_rules:
     saddr: '{{ neogo__pprof_allow + neogo__pprof_group_allow + neogo__pprof_host_allow }}'
     protocol: 'tcp'
     role: 'neogo-legacy'
-    rule_state: "{{ 'present' if neogo__pprof_enabled and neogo__pprof_address not in ['localhost', '127.0.0.1', '::1'] else 'absent' }}"
+    rule_state: "{{ 'present' if neogo__pprof_enabled and not ( neogo__pprof_address == 'localhost' or '127.0.0.0/8'|ansible.utils.network_in_usable( neogo__pprof_address ) or '::1/128'|ansible.utils.network_in_usable( neogo__pprof_address ) ) else 'absent' }}"