IP ranges are not considered valid using new configuration system

Question

IP ranges are not considered valid using new configuration system

jtuttle opened this issue 3 years ago · comments

Summary

IP ranges are not considered valid when setting trusted proxies through the new file-based configuration system. i.e. this configuration file:

trusted_proxies:
  - 192.0.2.1 - 192.0.2.2

will fail validation.

Steps to Reproduce

Steps to reproduce the behavior:

Start a Conjur container
Create a configuration file with an IP range
Run conjurctl configuration show (or evoke configuration show for Enterprise)
Observe that config validation files

Expected Results

Validation succeeds and the configuration show command displays configuration.

Actual Results (including error logs, if applicable)

root@297c94030698:/# cat /etc/conjur/config/conjur.yml
trusted_proxies:
  - 192.0.2.1 - 192.0.2.2

root@297c94030698:/# evoke configuration show
Invalid values for configured attributes: trusted_proxies

Reproducible

Always
Sometimes
Non-Reproducible

Version/Tag number

root@297c94030698:/# cat /opt/conjur/possum/VERSION
1.11.7

Environment setup

Tested this by running a Conjur Enterprise container using cyberark/conjur-intro.

Additional Information

May have something to do with YAML using dash as a delimiter.

John Tuttle · Answer 1 · Fri Jul 09 2021 23:42:11 GMT+0800 (China Standard Time)

This was a misunderstanding with the docs. Dashes are not supported, CIDR ranges are used instead.