jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-04-07 12:02:04 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
c99f5972dee6f62eaaf96ba74ab3cd4e71d19caa
opentf/website/docs/language/functions/cidrsubnets.html.md
Martin Atkins c23a7fce4e lang/funcs: Preserve IP address leading zero behavior from Go 1.16 
Go 1.17 includes a breaking change to both net.ParseIP and net.ParseCIDR
functions to reject IPv4 address octets written with leading zeros.

Our use of these functions as part of the various CIDR functions in the
Terraform language doesn't have the same security concerns that the Go
team had in evaluating this change to the standard library, and so we
can't justify an exception to our v1.0 compatibility promises on the same
sort of security grounds that the Go team used to justify their
compatibility exception.

For that reason, we'll now use our own fork of the Go library functions
which has the new check disabled in order to preserve the prior behavior.
We're taking this path, rather than pre-normalizing the IP address before
calling into the standard library, because an additional normalization
layer would be entirely new code and additional complexity, whereas this
fork is relatively minor in terms of code size and avoids any significant
changes to our own calls to these functions.

Thanks to the Kubernetes team for their prior work on carving out a subset
of the "net" package for their similar backward-compatibility concern.
Our "ipaddr" package here is a lightly-modified fork of their fork, with
only the comments changed to talk about Terraform instead of Kubernetes.

This fork is not intended for use in any other future feature
implementations, because they wouldn't be subject to the same
compatibility constraints as our existing functions. We will use these
forked implementations for new callers only if consistency with the
behavior of the existing functions is a key requirement.
2021-08-17 15:20:05 -07:00

3.5 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
language cidrsubnets - Functions - Configuration Language docs-funcs-ipnet-cidrsubnets The cidrsubnets function calculates a sequence of consecutive IP address ranges within a particular CIDR prefix.

cidrsubnets Function

cidrsubnets calculates a sequence of consecutive IP address ranges within a particular CIDR prefix.

cidrsubnets(prefix, newbits...)

prefix must be given in CIDR notation, as defined in RFC 4632 section 3.1.

The remaining arguments, indicated as newbits above, each specify the number of additional network prefix bits for one returned address range. The return value is therefore a list with one element per newbits argument, each a string containing an address range in CIDR notation.

For more information on IP addressing concepts, see the documentation for the related function cidrsubnet. cidrsubnet calculates a single subnet address within a prefix while allowing you to specify its subnet number, while cidrsubnets can calculate many at once, potentially of different sizes, and assigns subnet numbers automatically.

When using this function to partition an address space as part of a network address plan, you must not change any of the existing arguments once network addresses have been assigned to real infrastructure, or else later address assignments will be invalidated. However, you can append new arguments to existing calls safely, as long as there is sufficient address space available.

This function accepts both IPv6 and IPv4 prefixes, and the result always uses the same addressing scheme as the given prefix.

-> Note: As a historical accident, this function interprets IPv4 address octets that have leading zeros as decimal numbers, which is contrary to some other systems which interpret them as octal. We have preserved this behavior for backward compatibility, but recommend against relying on this behavior.

-> Note: The Terraform module hashicorp/subnets/cidr wraps cidrsubnets to provide additional functionality for assigning symbolic names to your networks and skipping prefixes for obsolete allocations. Its documentation includes usage examples for several popular cloud virtual network platforms.

Examples

> cidrsubnets("10.1.0.0/16", 4, 4, 8, 4)
[
  "10.1.0.0/20",
  "10.1.16.0/20",
  "10.1.32.0/24",
  "10.1.48.0/20",
]

> cidrsubnets("fd00:fd12:3456:7890::/56", 16, 16, 16, 32)
[
  "fd00:fd12:3456:7800::/72",
  "fd00:fd12:3456:7800:100::/72",
  "fd00:fd12:3456:7800:200::/72",
  "fd00:fd12:3456:7800:300::/88",
]

You can use nested cidrsubnets calls with for expressions to concisely allocate groups of network address blocks:

> [for cidr_block in cidrsubnets("10.0.0.0/8", 8, 8, 8, 8) : cidrsubnets(cidr_block, 4, 4)]
[
  [
    "10.0.0.0/20",
    "10.0.16.0/20",
  ],
  [
    "10.1.0.0/20",
    "10.1.16.0/20",
  ],
  [
    "10.2.0.0/20",
    "10.2.16.0/20",
  ],
  [
    "10.3.0.0/20",
    "10.3.16.0/20",
  ],
]

Related Functions

  • cidrhost calculates the IP address for a single host within a given network address prefix.
  • cidrnetmask converts an IPv4 network prefix in CIDR notation into netmask notation.
  • cidrsubnet calculates a single subnet address, allowing you to specify its network number.
Reference in New Issue View Git Blame Copy Permalink