IP ranges are not considered valid using new configuration system
jtuttle opened this issue · comments
Summary
IP ranges are not considered valid when setting trusted proxies through the new file-based configuration system. i.e. this configuration file:
trusted_proxies:
- 192.0.2.1 - 192.0.2.2
will fail validation.
Steps to Reproduce
Steps to reproduce the behavior:
- Start a Conjur container
- Create a configuration file with an IP range
- Run
conjurctl configuration show
(orevoke configuration show
for Enterprise) - Observe that config validation files
Expected Results
Validation succeeds and the configuration show
command displays configuration.
Actual Results (including error logs, if applicable)
root@297c94030698:/# cat /etc/conjur/config/conjur.yml
trusted_proxies:
- 192.0.2.1 - 192.0.2.2
root@297c94030698:/# evoke configuration show
Invalid values for configured attributes: trusted_proxies
Reproducible
- Always
- Sometimes
- Non-Reproducible
Version/Tag number
root@297c94030698:/# cat /opt/conjur/possum/VERSION
1.11.7
Environment setup
Tested this by running a Conjur Enterprise container using cyberark/conjur-intro
.
Additional Information
May have something to do with YAML using dash as a delimiter.
This was a misunderstanding with the docs. Dashes are not supported, CIDR ranges are used instead.