chore: use proper naming of 'netblock' instead of 'prefix'

To avoid confusion, we now use 'netblock' to talk about 10.0.0.0/8, with 10.0.0.0 being the 'prefix' and '8' being the 'prefix size' or 'netblock size'. Use these words everywhere in the code and documentation for clarity
ovh · Dec 19, 2024 · 75793d5 · 75793d5
1 parent 29aa8ad
commit 75793d5
Show file tree

Hide file tree

Showing 27 changed files with 185 additions and 185 deletions.
diff --git a/bin/plugin/group-aclkeeper/groupAddServer b/bin/plugin/group-aclkeeper/groupAddServer
@@ -34,8 +34,8 @@ Add an IP or IP block to a group's servers list
 Usage: --osh SCRIPT_NAME --group GROUP --host HOST --user USER|* --port PORT|* [OPTIONS]
 
   --group GROUP            Specify which group this machine should be added to
-  --host HOST|IP|NET/CIDR  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/plugin/group-aclkeeper/groupDelServer b/bin/plugin/group-aclkeeper/groupDelServer
@@ -30,8 +30,8 @@ Remove an IP or IP block from a group's server list
 Usage: --osh SCRIPT_NAME --group GROUP --host HOST --user USER --port PORT [OPTIONS]
 
   --group GROUP            Specify which group this machine should be removed from
-  --host HOST|IP|NET/CIDR  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/plugin/group-aclkeeper/groupSetServers b/bin/plugin/group-aclkeeper/groupSetServers
@@ -115,9 +115,9 @@ while (my $line = <STDIN>) {
         $acl_user = $fnret->value;
     }
 
-    # resolve host, unless it looks like a prefix
+    # resolve host, unless it looks like a netblock
     if ($acl_host =~ m{/}) {
-        $fnret = OVH::Bastion::is_valid_ip(ip => $acl_host, allowPrefixes => 1);
+        $fnret = OVH::Bastion::is_valid_ip(ip => $acl_host, allowNetblocks => 1);
     }
     else {
         $fnret = OVH::Bastion::get_ip(host => $acl_host);

diff --git a/bin/plugin/group-gatekeeper/groupAddGuestAccess b/bin/plugin/group-gatekeeper/groupAddGuestAccess
@@ -35,8 +35,8 @@ Usage: --osh SCRIPT_NAME --group GROUP --account ACCOUNT [OPTIONS]
   --account ACCOUNT        Name of the other bastion account to add access to, they'll be given access to the GROUP key
   --group GROUP            Group to add the guest access to, note that this group should already have access
                              to the USER/HOST/PORT tuple you'll specify with the options below.
-  --host HOST|IP|NET/CIDR  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/plugin/group-gatekeeper/groupDelGuestAccess b/bin/plugin/group-gatekeeper/groupDelGuestAccess
@@ -32,8 +32,8 @@ Usage: --osh SCRIPT_NAME --group GROUP --account ACCOUNT [OPTIONS]
 
   --account ACCOUNT        Bastion account remove the guest access from
   --group GROUP            Specify which group to remove the guest access to ACCOUNT from
-  --host HOST|IP|NET/CIDR  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/plugin/restricted/accountAddPersonalAccess b/bin/plugin/restricted/accountAddPersonalAccess
@@ -34,8 +34,8 @@ Add a personal server access to an account
 Usage: --osh SCRIPT_NAME --account ACCOUNT --host HOST --user USER --port PORT [OPTIONS]
 
   --account                Bastion account to add the access to
-  --host HOST|IP|NET/CIDR  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/plugin/restricted/accountDelPersonalAccess b/bin/plugin/restricted/accountDelPersonalAccess
@@ -29,8 +29,8 @@ Remove a personal server access from an account
 Usage: --osh SCRIPT_NAME --account ACCOUNT --host HOST --user USER --port PORT [OPTIONS]
 
   --account                Bastion account to remove access from
-  --host HOST|IP|NET/CIDR  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/plugin/restricted/assetForgetHostKey b/bin/plugin/restricted/assetForgetHostKey
@@ -27,10 +27,10 @@ if (!$ip) {
     osh_exit 'ERR_MISSING_PARAMETER', "Missing mandatory parameter --host (or host didn't resolve correctly)";
 }
 
-# IP can't be a prefix
+# IP can't be a netblock
 if ($ip =~ m{/}) {
     help();
-    osh_exit 'ERR_INVALID_PARAMETER', "Specified IP must not be a prefix ($ip)";
+    osh_exit 'ERR_INVALID_PARAMETER', "Specified IP must not be a netblock ($ip)";
 }
 
 osh_info "Removing $ip host key from accounts...";

diff --git a/bin/plugin/restricted/selfAddPersonalAccess b/bin/plugin/restricted/selfAddPersonalAccess
@@ -33,8 +33,8 @@ Add a personal server access to your account
 
 Usage: --osh SCRIPT_NAME --host HOST --user USER --port PORT [OPTIONS]
 
-  --host HOST|IP|NET/CIDR  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/plugin/restricted/selfDelPersonalAccess b/bin/plugin/restricted/selfDelPersonalAccess
@@ -27,8 +27,8 @@ Remove a personal server access from your account
 
 Usage: --osh SCRIPT_NAME --host HOST --user USER --port PORT [OPTIONS]
 
-  --host HOST|IP|NET/CIDR  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
-                             or an IP, or a whole network using the NET/CIDR notation
+  --host HOST|IP|PREFIX/SIZE  Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/bin/shell/osh.pl b/bin/shell/osh.pl
@@ -601,7 +601,7 @@ sub main_exit {
     main_exit OVH::Bastion::EXIT_INVALID_REMOTE_USER, 'invalid_remote_user', "Remote user name '$user' seems invalid";
 }
 if ($host && $host !~ m{^\[?[a-zA-Z0-9._/:-]+\]?$}) {
-    # can be an IP (v4 or v6), hostname, or prefix (with a /)
+    # can be an IP (v4 or v6), hostname, or netblock (with a /)
     main_exit OVH::Bastion::EXIT_INVALID_REMOTE_HOST, 'invalid_remote_host', "Remote host name '$host' seems invalid";
 }
 

diff --git a/doc/sphinx/administration/configuration/bastion_conf.rst b/doc/sphinx/administration/configuration/bastion_conf.rst
@@ -366,7 +366,7 @@ If set to 0, The Bastion will never attempt to do DNS or reverse-DNS resolutions
 allowedNetworks
 ***************
 
-:Type: ``array of strings (IPs and/or prefixes)``
+:Type: ``array of strings (IPs and/or netblocks)``
 
 :Default: ``[]``
 
@@ -379,13 +379,13 @@ Restricts egress connection attempts to those listed networks only. This is enfo
 forbiddenNetworks
 *****************
 
-:Type: ``array of strings (IPs and/or prefixes)``
+:Type: ``array of strings (IPs and/or netblocks)``
 
 :Default: ``[]``
 
 :Example: ``["10.42.42.0/24"]``
 
-Prevents egress connection to the listed networks, this takes precedence over ``allowedNetworks``. This can be used to prevent connection to some hosts or subnets in a broadly allowed prefix. This is enforced at all times and can NOT be overridden by users.
+Prevents egress connection to the listed networks, this takes precedence over ``allowedNetworks``. This can be used to prevent connection to some hosts or subnets in a broadly allowed netblock. This is enforced at all times and can NOT be overridden by users.
 
 .. _ingressToEgressRules:
 
@@ -575,11 +575,11 @@ Other ingress policies
 ingressKeysFrom
 ***************
 
-:Type: ``array of strings (list of IPs and/or prefixes)``
+:Type: ``array of strings (list of IPs and/or netblocks)``
 
 :Default: ``[]``
 
-This array of IPs (or prefixes, such as ``10.20.30.0/24``) will be used to build the ``from="..."`` in front of the ingress account public keys used to connect to the bastion (in ``accountCreate`` or ``selfAddIngressKey``). If the array is empty, then **NO** ``from="..."`` is added (this lowers the security).
+This array of IPs (or netblocks, such as ``10.20.30.0/24``) will be used to build the ``from="..."`` in front of the ingress account public keys used to connect to the bastion (in ``accountCreate`` or ``selfAddIngressKey``). If the array is empty, then **NO** ``from="..."`` is added (this lowers the security).
 
 .. _ingressKeysFromAllowOverride:
 
@@ -613,7 +613,7 @@ The default remote user to use for egress ssh connections where no user has been
 egressKeysFrom
 **************
 
-:Type: ``array of strings (IPs and/or prefixes)``
+:Type: ``array of strings (IPs and/or netblocks)``
 
 :Default: ``[]``
 
@@ -864,7 +864,7 @@ List of system groups to add a new account to when its created (see ``accountCre
 accountCreateDefaultPersonalAccesses
 ************************************
 
-:Type: ``array of strings (list of IPs and/or prefixes)``
+:Type: ``array of strings (list of IPs and/or netblocks)``
 
 :Default: ``[]``
 

diff --git a/doc/sphinx/plugins/group-aclkeeper/groupAddServer.rst b/doc/sphinx/plugins/group-aclkeeper/groupAddServer.rst
@@ -18,11 +18,11 @@ Add an IP or IP block to a group's servers list
 
    Specify which group this machine should be added to
 
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/doc/sphinx/plugins/group-aclkeeper/groupDelServer.rst b/doc/sphinx/plugins/group-aclkeeper/groupDelServer.rst
@@ -18,11 +18,11 @@ Remove an IP or IP block from a group's server list
 
    Specify which group this machine should be removed from
 
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/doc/sphinx/plugins/group-gatekeeper/groupAddGuestAccess.rst b/doc/sphinx/plugins/group-gatekeeper/groupAddGuestAccess.rst
@@ -23,11 +23,11 @@ Add a specific group server access to an account
    Group to add the guest access to, note that this group should already have access
 
                              to the USER/HOST/PORT tuple you'll specify with the options below.
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/doc/sphinx/plugins/group-gatekeeper/groupDelGuestAccess.rst b/doc/sphinx/plugins/group-gatekeeper/groupDelGuestAccess.rst
@@ -22,11 +22,11 @@ Remove a specific group server access from an account
 
    Specify which group to remove the guest access to ACCOUNT from
 
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/doc/sphinx/plugins/restricted/accountAddPersonalAccess.rst b/doc/sphinx/plugins/restricted/accountAddPersonalAccess.rst
@@ -18,11 +18,11 @@ Add a personal server access to an account
 
    Bastion account to add the access to
 
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/doc/sphinx/plugins/restricted/accountDelPersonalAccess.rst b/doc/sphinx/plugins/restricted/accountDelPersonalAccess.rst
@@ -18,11 +18,11 @@ Remove a personal server access from an account
 
    Bastion account to remove access from
 
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/doc/sphinx/plugins/restricted/selfAddPersonalAccess.rst b/doc/sphinx/plugins/restricted/selfAddPersonalAccess.rst
@@ -14,11 +14,11 @@ Add a personal server access to your account
 .. program:: selfAddPersonalAccess
 
 
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to add access to, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user should be allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.

diff --git a/doc/sphinx/plugins/restricted/selfDelPersonalAccess.rst b/doc/sphinx/plugins/restricted/selfDelPersonalAccess.rst
@@ -14,11 +14,11 @@ Remove a personal server access from your account
 .. program:: selfDelPersonalAccess
 
 
-.. option:: --host HOST|IP|NET/CIDR
+.. option:: --host HOST|IP|PREFIX/SIZE
 
    Host(s) to remove access from, either a HOST which will be resolved to an IP immediately,
 
-                             or an IP, or a whole network using the NET/CIDR notation
+                             or an IP, or a whole netblock using the PREFIX/SIZE notation
   --user USER|PATTERN|*    Specify which remote user was allowed to connect as.
                              Globbing characters '*' and '?' are supported, so you can specify a pattern
                              that will be matched against the actual remote user name.