Class: Pangea::Kubernetes::Types::VpnConfig

Inherits:
Resources::BaseAttributes
  • Object
show all
Defined in:
lib/pangea/kubernetes/types/vpn_config.rb

Overview

Top-level VPN configuration for a cluster.

Instance Method Summary collapse

Instance Method Details

#to_hObject 



84
85
86
87
88
89
90
 
# File 'lib/pangea/kubernetes/types/vpn_config.rb', line 84

def to_h
  return {} if links.empty?

  hash = { links: links.map(&:to_h) }
  hash[:require_liveness] = true if require_liveness
  hash
end

#validate!Object

Validate VPN configuration — mirrors kindling’s structural checks. Raises ArgumentError with all violations if any are found.

Raises:

  • (ArgumentError) 


94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'lib/pangea/kubernetes/types/vpn_config.rb', line 94

def validate!
  return if links.empty?

  errors = []
  links.each_with_index do |link, i|
    ctx = "vpn.links[#{i}] (#{link.name})"

    errors << "#{ctx}: address is not a valid CIDR" if link.address && !valid_cidr?(link.address)
    errors << "#{ctx}: profile '#{link.profile}' is not valid" if link.profile && !VALID_VPN_PROFILES.include?(link.profile)

    if link.listen_port && link.listen_port != 0 && (link.listen_port < 1024 || link.listen_port > 65_535)
      errors << "#{ctx}: listen_port #{link.listen_port} outside valid range (0 or 1024-65535)"
    end

    if link.mtu && (link.mtu < 1280 || link.mtu > 9000)
      errors << "#{ctx}: mtu #{link.mtu} outside valid range (1280-9000)"
    end

    link.peers.each_with_index do |peer, j|
      pctx = "#{ctx}.peers[#{j}]"
      errors << "#{pctx}: public_key does not look like a valid WireGuard key" if peer.public_key && !valid_wg_key?(peer.public_key)

      peer.allowed_ips.each do |ip|
        errors << "#{pctx}: allowed_ips entry '#{ip}' is not a valid CIDR" unless valid_cidr?(ip)
      end

      if peer.endpoint && !valid_endpoint?(peer.endpoint)
        errors << "#{pctx}: endpoint '#{peer.endpoint}' is not valid (expected host:port)"
      end
    end
  end

  return if errors.empty?

  raise ArgumentError,
        "VPN validation failed (#{errors.length} violation(s)):\n  - #{errors.join("\n  - ")}"
end