Check for whitelisted IP fails for CIDR ranges other than /32

EngineerBetter / concourse-up

Deprecated - used Control Tower instead

https://github.com/EngineerBetter/control-tower

Apache License 2.0

203 stars 28 forks source link

Check for whitelisted IP fails for CIDR ranges other than /32 #79

Closed sneakybeaky closed 5 years ago

sneakybeaky commented 5 years ago

Checking that the user's IP is present in the concourse-up-xxxx-director AWS security group succeeds only if it is present as a /32 range, e.g. 89.197.181.42/32. When any other range is present the check fails, even if the IP is present in the range.

In our case we had entries in the SG in the form of 89.197.181.40/29. The check failed when we ran behind the IP 89.197.181.42

crsimmons commented 5 years ago

Thanks for raising! We have addressed this in https://github.com/EngineerBetter/concourse-up/releases/tag/0.16.3